A new breed of information security leader

Every day, new streams of information flow into corporations, powering up-to-the-minute analysis and smarter decisions. Employees, customers and contractors are all connected as never before, across a multitude of technologies. This hyper-connected era is new ground for many organizations.

These sprawling and overlapping networks pose daunting security challenges. The complexity is dizzying, the possible points of attack nearly limitless. CIOs and CISOs are grappling with growing frustrations—and questions.

From crisis to confidence

2011 was the year of the security breach.¹ And while many security organizations remain in crisis response mode, some security leaders have moved to take a more proactive position, taking steps to reduce future risk. These leaders see their organizations as more mature in their security-related capabilities and better prepared to meet new threats. What have they done to create greater confidence? More importantly, can their actions show the way forward for others?

Read the full report

Finding a strategic voice: Insights from the 2012 IBM Chief Information Security Officer Assessment (1.39MB)

In the new report, IBM identified three types of security leaders: influencers, protectors and responders.

Launch this infographic

Security Essentials for CIOs: enable innovation and manage risk

In this series, IBM examines what it will take to expand the role of information security to confront the challenges facing enterprises today.

• Embracing innovation with confidence

  IBM uses ten key security practices to help balance necessary innovation and the need to control risk. This includes technology, process and policy measures.

  Read more (864KB)

• Enabling mobility: their device, your data

  CIOs face a tough choice. They must figure out a secure way to allow employees to conduct business on their own devices, or they must simply say no.

  Read more (850KB)

• Educating everyone to guard the cloud

  Education is an important and often overlooked component for good cloud security. To maintain a secure cloud environment over time, enterprises need to educate their users on these security essentials.

  Read more (850KB)

• Establishing a "Department of Yes"

  To create a pragmatic, progressive, organizational structure for enterprise security, there are five functions that are needed to transform the departmental culture from "No" to "Yes, here's how."

  Read more (880KB)

• Navigating the risks and rewards of social media

  Engaging in social media allows companies and their employees to access a global community of experts, innovators and potential clients. It also opens the door to new risks. Here are some best practices to build a risk-aware culture for the social world.

  Read more (829KB)

• Responding to the inevitable incident

  Security incidents happen. The key is whether you’re properly prepared or not. Building a first-class system for incident response requires the right staff, expertise, processes and enterprise-wide coordination.

  Read more (1.31MB)

• Securing the extended enterprise

  Your enterprise must take vigorous steps to keep the entire information ecosystem secure. No matter where your data goes, or who uses it, the challenge is to keep it safe. Read the paper for some best practices.

  Read more (902KB)

• 

  Ensuring a more secure future

  Concluding this series, read about three challenges driving the future of security. As we become instrumented, intelligent, and interconnected security must be built in from the very beginning.

  Read more (857KB)

1 IBM X-Force 2011 Full Year Trend and Risk Report.