Tech Library is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.



InformationWeek is the leading multimedia Business Technology brand providing CIOs and IT decision makers with unique perspective and tools that work in lock step with their decision making process - from the setting of business strategies to the evaluation and recommendation of technology solutions. Through its cross-media platform, which includes online sites, magazine, events and research, InformationWeek provides editorial content developed by both journalists and CIO and IT peers delivered when and how they want it, 24/7. The InformationWeek audience of more than 2 million buyers includes CIOs, IT executives and business managers who span across industries, job titles, company sizes and global borders.

Our Website:

Latest Content From InformationWeek

Presentation: 10 Career Moves You Can Make in 2019

by InformationWeekFeb 14, 2019

If you work in IT, chances are pretty good that you are perfectly happy with your current job. But that doesn't mean you should put your career on autopilot. Here are 10 career moves you should consider making in 2019, whether you plan to pursue a new position now or if you simply want to have relevant skills to offer current and future employers.

Image: Pixabay

Research Report: 10 Cyber Threats Small Businesses Can't Ignore

by InformationWeekSep 18, 2012

The email came from "Ivan" in Russia: "After a few minutes I'll start a DDoS attack on your site, and it will cease to work," the message said. "If you don't want to lose any profit, you pay me only $3,500."

Endless Wardrobe, the Australian online clothing retailer under attack, refused to pay. As threatened, the site was flooded with bogus information requests, overwhelmed, and down for a week. Endless Wardrobe worked with its hosting provider to blunt the attack, but the defenses erected by the provider also blocked many legitimate customers.

Research Report: 10 Emerging Threats Your Company May Not Know About

by InformationWeekMay 09, 2013

10 Emerging Threats Your Company May Not Know About

IT pros have never been able to just sit back and relax when it comes to security, but today’s computing landscape is fraught with threats from places we never would have dreamed 10 or even five years ago. Social, ubiquitous mobile, the cloud, the consumerization of IT, cyber espionage … there is no end to the new and newly critical threats facing the enterprise.

In this Dark Reading report, we examine 10 emerging threats that you may not have realized were looming, and provide recommendations for getting out in front of them. (S6940513)


Research Report: 10 Government Technology Innovators

by InformationWeekSep 25, 2009

IT professionals in government, as in all industries, are under pressure. Sure, resources are tight, and legacy IT systems and processes are the norm, but there’s also a growing expectation among the public that government agencies be more transparent and efficient and that their services be Web-enabled. What are government IT organizations to do?

Many are getting creative in how they apply technology to meet their mandates. At the local, state, and federal levels, government technologists are employing Web 2.0 tools, cloud computing, and new applications and systems.

Research Report: 10 Ideas To Power Up Your Green IT Agenda

by InformationWeekSep 22, 2008

As IT teams scramble to figure out a green strategy, here are some ideas to fuel the brainstorming

Research Report: 10 Key Steps to Success In Data Loss Prevention

by InformationWeekApr 11, 2013

10 Key Steps to Success In Data Loss Prevention 

DLP, or data loss prevention, can be a monster to manage, especially on a large scale. Even for smaller organizations, it’s important to tread carefully and to break the project up into manageable chunks. 

Deploying DLP isn’t like deploying a security incident and event management system or a network management system, where you can just add hosts or log sources and get going. With DLP, you need to strategically position assets, carefully select and test the modules you deploy, and really take the time to learn how to manage the system. 

You can, of course, accelerate this process with the use of a good business partner, but, even in that case, you will want to move slowly because of the business impact that a full-scale DLP deployment will have on the organization. What you find with the DLP system will likely make waves and force changes. To increase the chances that your deployment will be successful, it’s critical to move your implementation along carefully and in close coordination with the business. (S6740313)




Research Report: 10 Most Common Security Vulnerabilities in Enterprise Databases

by InformationWeekJun 24, 2013

10 Most Common Security Vulnerabilities in Enterprise Databases  

Databases have a big target on their backs. Often the who are putting databases at risk are not malicious attackers but people within the organization— including database ­administrators and developers — who aren’t doing what they need to do to keep database systems secure.

Vulnerabilities can be introduced during the creation of a database, in the process of customizing an off-the-shelf application or in the process of updating data. Add all of this in with the hackers who are eager to gain access to your company’s databases for monetary or other rewards, and you have a lot of factors working against strong database security. The first step in securing databases is to know what makes them insecure. In this Dark Reading report, we examine the 10 most common security vulnerabilities in enterprise databases and provide recommendations for remediating and even getting out in front of them. (S7080613)

Research Report: 10 Recommendations for Outsourcing Security

by InformationWeekSep 23, 2014

Security isn't just an IT problem. Outsourcing is a bigger strategy for the organization -- and one that shouldn't be tackled by IT alone. Engage senior leaders in an in-depth security discussion; you'll get buy-in from the beginning and have some level of insurance should the deal go south. With the C-suite's stamp of approval, the next step is to determine exactly which elements of the infrastructure are appropriate to outsource and which type of security outsourcing is best for your situation. 

When considering security outsourcing, the deciding factors are all about risk and reward -- which tasks and data are low risk and take a lot of staff hours to complete? The dream? Your low-risk and high-reward tasks will start paying back dividends on the first day of outsourcing. The reality? Only if you devote the time to manage vendor relationships and address issues. 

IT must take a very data-centric view of outsourcing risks. While it might feel natural to protect infrastructure, even the catastrophic failure of 100 compromised servers is better than the loss of a significant number of customer identities and data. By rethinking your security outsourcing strategy from the ground up, you can ensure that hiring expertise will not only save money but free up staff resources. (S8151014)

Research Report: 10 Steps to Ace a FISMA Audit

by InformationWeekMar 28, 2010

The Federal Information Security Management Act known as FISMA, is typically thought to apply only to government organizations. However, contractors and vendors that provide services to, manage systems on behalf of, or maintain close relationships with a government agency may be held to similar standards.

That can be a problem because FISMA regulations are confusing at best and more commonly just plain overwhelming. Not surprisingly, a cottage industry has sprung up of expensive contractors who promise FISMA help.

Here’s what they don’t want you to know: Staying on the right side of FISMA auditors is a matter of common sense and solid security best practices. You’re probably already doing much of what’s required if you’re complying with other security requirements, like PCI for payment accounts data security.


Research Report: 10 Things to Consider When Developing BYOD Security Policy

by InformationWeekSep 09, 2013

10 Things to Consider When Developing BYOD Security Policy

The bring-your-own-device — or BYOD — movement has opened up a new world of ­opportunities for companies and end users alike. For example, companies can reduce the costs associated with device procurement, and employees get to use their preferred devices and mobile operating systems. But with this opportunity comes a great deal of ­ambiguity, especially as related to security. The employee owns the device, but what about the data on the device? What happens if the device is lost or stolen? Who’s liable? Can the company dictate that certain security programs be installed on a device it doesn’t own?

These are but a few of the questions surrounding BYOD right now. This level of ­uncertainty presents a good reason for developing a BYOD security policy, but it also makes it really challenging to actually create such a policy, let alone implement it.

Also complicating matters is the fact that there are so many variables across organizations that dictate what should and should not be in any policy — BYOD or otherwise. ­However, there are guidelines that any company can follow in order to develop a BYOD policy that will balance flexibility and productivity with privacy and security. In this ­report, Dark Reading provides a list of 10 things companies should consider when setting out to develop a BYOD security policy. (S7340913)