Keeping the Barbarians Out: How CIOs Can Secure Their Department and Company

There are a lot of bad guys out there. For some odd reason, a lot of them seem to want to break into your company's networks and applications. As the CIO, it's your job to make sure that this does not happen. Got any thoughts on how to go about doing that? What You'll Find Inside: CIO’S NEED TO LEARN HOW TO DEFEND AGAINST THE INSIDER THREAT WHY BYOD SPELLS DOOM FOR CIOS DO WE REALLY NEED TO ENCRYPT OUR CUSTOMER DATA? As much as we like to spend our time looking outwards in order to detect the next threat that our company may be facing, perhaps we're looking in the wrong direction. Just as big of a deal may be the insider threat that lurks within the company. No matter where it comes from, cybercrime is your problem to deal with. CIOs have to deal with trends as they come and go. Right now the Bring Your Own Device To Work (BYOD) phase is in full swing and if you aren't careful could cause a lot of problems for the IT department. At the same time, it's the code that your teams create that will secure your applications. Do you know if they are writing secure code or are they leaving doors wide open? In order to measure where the threats are coming from and how big of deal they are, CIOs need to become comfortable with measuring the level of risk that they are dealing with. A big part of measuring risk is getting information about threats from other CIOs. This can be difficult to do because CIOs really don't like to share information like this. Since we can't always be certain that we can keep the bad guys out, we need to make sure that we've taken the needed steps to secure our networks. Should they happen to get inside of the company, we need to take extra steps to make sure that they can't get what they came for. This brings up the interesting question of whether or not we should go to the effort and expense of encrypting our customer data. No matter what our final decision on encrypting the company's digital assets is, we still have a responsibly as CIO to make sure that the company understands the threats that it is facing and that it starts to take digital security seriously.