CIO


Government’s Cloud Audit Program Falls Behind Schedule

In a speech on Wednesday, Federal Chief Information Officer Steven VanRoekel said that a federal plan for qualifying and providing security audits on private sector cloud providers will become mandatory for any agency that wanted to contact with third party cloud providers, according to a report on GovInfoSecurity.com. But even as the U.S. federal government forges ahead with plans to shift a quarter of its IT spending to cloud-based services, efforts to launch that program – the Federal Risk and Authorization Management Program (FedRAMP)- are falling way behind schedule, according to a GAO report.

Ponemon survey: CEOs underestimate security risks

From Computerworld (Jaikumar Vijayan)

Computerworld – Compared to other key corporate executives, CEOs appear to underestimate the IT security risks faced by their own organizations, according to a survey of C-level executives released today by the Ponemon Institute.

The Ponemon survey of 213 CEOs, CIOs, COOs and other senior executives reveals what appears to be a perception gap concerning information security issues between CEOs and other senior managers. For instance, 48% of CEOs surveyed said they believe hackers rarely try to access corporate data. On the other hand, some 53% of other C-level executives believe that their company’s data is under attack on a daily or even hourly basis. Download the survey (PDF).  Read the full story [computerworld.com]


From eWEEK (Chris De Herrera)
One of the major challenges CIOs face is the deployment and security of smartphones in the enterprise. It’s important for CIOs to assess how their organization should secure the smartphones employees use to access corporate resources. Here, Knowledge Center contributor Chris De Herrera explains how CIOs can deal with some common security concerns regarding smartphones deployed in the enterprise, including Apple iPhone, RIM BlackBerry, Windows Mobile, Google Android and Palm Pre devices.  Read the full story [eweek.com]

At a Churchill Club event in Santa Clara, Calif., Peter Solvik, managing director at Sigma Partners, talks to a panel of CIOs about how they’re making mobile devices more secure in the enterprise and whether their employees prefer the BlackBerry over the iPhone. The panel includes: Matt Carey, chief information officer of Home Depot; Karenann Terrell, CIO of Baxter; and Lars Rabbe, former CIO of Yahoo.

From Forbes (Charlotte Dunlap)
Security breaches continue to plague organizations, causing CIOs to question whether their traditional network security solutions are adequate for protecting against increasingly sophisticated cybercriminals.
Recently, it was reported that foreign hackers broke into the Pentagon’s $300 billion fighter plane weapons program, a security breach apparently achieved through contractors’ computers. The news is particularly disheartening to CIOs, because if the federal government–with all of its brain power and billions in funds–is still grappling with keeping its data secure, how can organizations and enterprises expect to avoid Internet threats and costly data breaches? Read the full story [forbes.com]

From CIO (Joan Goodchild)
You can install the best firewalls, patch religiously, and make sure your anti-virus software is always up-to-date, but there is one online risk factor you can never control: the user. Whether they are downloading dangerous content or falling prey to phishing scams, the end user continues to be the toughest security risk to mitigate in most organizations.
With that constant struggle in mind, giving users education about what they are doing and why it is dangerous is the more effective strategy. Here are some of the more common security missteps users take and some advice [cio.com] on how to stay secure online.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.