To win support for information security spending, IT security professionals need to refine how they make their case to senior executives, says Christopher Paidhrin, security compliance officer at PeaceHealth Southwest Medical Center. Here's how.
Most organizations remain uncomfortable in letting their employees use their own mobile devices to access their IT systems. Yet, in many instances, those charged with securing their enterprises' IT understand that it's just a matter of time before they must grant workers permission to employ those devices.
Unfortunately, says Ken Vander Wal, most organizations have done little to address security in their policies and procedures regarding BYOD, which is changing the ways companies address user behavior and risk.
A lack of ongoing HIPAA compliance training increases the risk of internal breaches, says Terrell Herzig, information security officer at UAB Medicine.
Improving regulatory compliance efforts is the No. 1 information security priority for healthcare organizations in the year ahead. That's a key finding of the inaugural Healthcare Information Security Today survey.
Many institutions - in and out of government - would hire more IT security professionals if they could be found. According to our analysis of BLS data, there's virtually no unemployment among IT security pros, creating a dearth of IT security specialists.
"The CRMA will give us a heightened awareness of our responsibility in not just evaluating operational or compliance risks, but understanding strategic risks to the business," says Denny Beran of J.C. Penney.
"Just as the space race motivated education and career development in the 1960s, cybersecurity can be today's driving force," says Dickie George, information assurance technical director at NSA.
As employers increasingly realize the importance of information risk management, security, audit and governance, they look to certifications to identify prospective employees.
"Forensics in the cloud is not necessarily a new field, but requires a new skill set and being able to learn on the fly," says Rob Lee, curriculum lead for digital forensics at SANS Institute.
"We find a lot of security professionals saying, 'I'm just going to get another certification, or I'm going to get deeper into this technology skill,'" says researcher David Foote. "That's not going to get you very far."
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.