Comments
5 Black Hat Security Lessons For CIOs
Newest First  |  Oldest First  |  Threaded View
RichardGorman
50%
50%
RichardGorman,
User Rank: Apprentice
8/2/2012 | 5:37:14 PM
re: 5 Black Hat Security Lessons For CIOs
Andy, the intrinsic value of stolen usernames, passwords and email addresses from an online gaming site like Gamingo may not be apparent at first blush. However, as you point out, since many people reuse the same passwords on multiple sites including sensitive banking and financial applications G«Ű the fallout from this and other apparently innocuous data breaches is being underestimated. Any company that gathers and stores customer information needs to make sure the data is unusable if it is stolen.

@a_greenberg
@Forbes
jrandels342
50%
50%
jrandels342,
User Rank: Apprentice
7/31/2012 | 7:50:20 PM
re: 5 Black Hat Security Lessons For CIOs
You make several salient points here. Considering the mountains of data on enterprise networks today it is crucial to understand the value of data and the necessary safeguards required to protect your critical assets.

Generating internal buy-in and agreement on priorities and acceptable risk are key in securing assets and funding for protecting them.

A little forethought and planning goes a long way in security!

Joy Randels, CISM,CIPP,CWSP
pcalento011
50%
50%
pcalento011,
User Rank: Apprentice
7/31/2012 | 7:24:30 PM
re: 5 Black Hat Security Lessons For CIOs
Eric, what role does TRANSPARENCY play? All to often, we may have a predisposition to "hide" what's going on. Is this what you mean by, "... Developers and security professionals don't need to party together, but they sure do need to work together". --Paul Calento http://bit.ly/paul_calento
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
7/28/2012 | 8:02:42 PM
re: 5 Black Hat Security Lessons For CIOs
If the end of point 2 is accurate, and I really hope it is, that's a great thing.

While I really like the idea of cloud computing, organizations absolutely MUST sit down and look at the risks associated with adopting this technology in it's currentl state. The push to make data and applications available to anyone authorized from any authorized device has the fallout of only being a secure as the authorization methods used.

Weak password here, lack of proper encryption there, a little social engineering and you'll see your confidential business data on the e-reader screen of your neighbor on the train tomorrow (if it's not in the headlines of the newspaper already).

Andrew Hornback
InformationWeek Contributor


The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 20, 2014
CIOs need people who know the ins and outs of cloud software stacks and security, and, most of all, can break through cultural resistance.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.