What are the critical steps that IT security professionals should take in the aftermath of a breach? CEO Micky Tripathi of The Massachusetts eHealth Collaborative offers eight practical lessons based on his breach resolution experience.
"It's a crime like no other crime," says James Ratley, president of the ACFE, describing fraud. "There was not a gun involved, there was not a knife; there was in many cases a ballpoint pen or a computer."
Bringing Your Own Device raises jitters among employers, who worry about exposing or losing sensitive data, and employees, who fret about their bosses spying on them. Despite these anxieties, the trend will continue because that's what people want.
Identifying the insider who could pose a threat to your organization's IT assets must be a team effort among non-technology, IT and information security managers, Carnegie Mellon University's Dawn Cappelli and Mike Hanley say.
For individuals looking to hone their skills in business continuity/disaster recovery, it's important to note: Organizations want specialists who can hit the ground running, says Alan Berman of DRI International.
"You need a CISO today to manage not only the IT risks, but understand and influence the business risks that are imposed on the company by the decisions and strategies it takes," says John South, CISO at Heartland Payment Systems.
Security leaders will need to tackle the top technology trends of big data, consumerization and mobile growth in 2012. Robert Stroud from ISACA offers tips to help manage the risks presented by these trends.
Malcolm Harkins, CISO of Intel was quick to embrace BYOD as a means to cut costs and improve employee productivity. His advice to leaders struggling with the trend: "Don't shy away from the risk issues."