Stories about: Deloitte & Touche

Many analysts consider Web application vulnerabilities to be among the biggest security threats facing companies these days. A lot of attention has been paid to understanding risks such as input-validation flaws, cross-site scripting errors and other Java Web application security threats.

As young adults who grew up on e-mail and online chat enter the workforce, they bring with them a set of newer technologies designed for rapid-fire communication and workplace personalization. Much of this technology may represent better, faster ways of getting a job done, but it also introduces a new round of security threats for corporate networks; and the decision to allow them or not must be made carefully.

Becoming the chief information security officer (CISO) of a corporation makes you a strategic IT advisor to business management, the chief information officer, and the rest of the information technology staff. Just as no company is the same as another, the job of CISO -- or alternately, "chief security officer," which might include physical security as well -- isn't either. The four security professionals who share their priorities with us make it clear there's nothing cookie-cutter about the top IT security job.

We all face it - the daily barrage of spam, now infested with zero-day malware attacks, not to mention the risks of malicious insiders, infected laptops coming and going behind our deep packet-inspecting firewalls and intrusion-prevention systems. Some even have to worry about how to prove steps of due care and due diligence towards a growing roster of regulatory compliance pressures.

It was two close calls that changed how Rob Israel thought about encrypting the data on his users' laptops.

Back in May, we celebrated CIO's 100th issue by introducing a continuing series — CIO Retrospectives: Seminal Issues & Technologies — where CIO writers revisit seminal events, issues and technologies we've covered over the years. This month, CIO writers cast their respective eyes backwards at that plucky tag-team of security and privacy.

McAfee's auditor, Deloitte & Touche USA, may be thinking of buying some security software itself, after a Deloitte employee left an unencrypted CD containing sensitive information on thousands of McAfee employees in the back of an airline seat last December.

Last year the CERT Coordination Center, a repository of information technology vulnerability reporting run by Carnegie Mellon University, posted 3,784 vulnerabilities. Admittedly, it was a slight dip from the 4,129 reported in 2002, but nonetheless it points to a growing trend in software fallibility. In fact, prior to 2000, when 1,090 vulnerabilities were reported, the total never hit 500.

Top infosecurity pros offer 5 strategies for keeping watch over e-commerce risk.