March 19, 2015

Governance Challenges: How a CIO Can Improve Cyber Security

“With the right attitude, the CIO can be a real driving force behind significant information security improvements,” writes management consultant J.C. Gaillard in an article about governance challenges for the CIO.

A CIO, or Chief Information Officer, is responsible for the information technology and computer systems that support an organization’s goals. Here are some of the current governance challenges and CIO-driven solutions.

Board Support

Many organizations have not elevated cyber and information risk management to a board-level discussion. But they should.

Solution: “CIOs need to engage with their boards to ensure their organization understands and manages information risk appropriately while also delivering on their strategic goals,” according to a post at CIO Insight.


According to a CIO Insight article,the biggest security hole in information security is staffing – about 40% of security roles were not filled in 2014. A lack of competitive salary was often cited as the reason for under-staffing by almost three-quarter of Ponemon study participants.

Solution: Increase the overall information security budget (PwC research shows security spending was only 3.8% of the overall budget this year with the average budget dipping to $4.1 million, down 4% over last year), and increase salaries in this area.

Mobile Workforce

Whether employees use company-provided mobile devices or their own, the trend to stay connected and conduct business outside the office will continue to grow – as will the risk of security breaches.

Solution: Implement a mobile security strategy supported by the best technology tools. Almost half of respondents (47%) in the 2015 Global State of Information Security Survey use mobile-device management (MDM) or mobile-application management (MAM) solutions.


The Global survey showed that many organizations had not updated critical information security processes and technologies.

Solution: Keep patch-management, intrusion-prevention, privileged user, and all security tools updated and current.

Workplace Environment

“Every single person can infect the enterprise,” says an article at, “whether it’s from clicking a dubious attachment or failing to install a security patch on a smart phone.” 

Solution: Create a culture of security from the top down. While information security policies and procedures are important, the most important change is cultural. Implement standard workplace security practices such as information destruction. For example, regular, secure paper and e-media destruction is most important. Partner with a recognized document destruction company.


Current and former employees are the most-cited culprits of security incidents. Increasingly, third parties with trusted network access are a problem too.

Solution: A commitment to employee training and awareness programs is key. Be sure contractors and suppliers are committed to best practices as well, advises

Overall Security

There’s so much emphasis on cyber breaches and security but information thieves sometimes have to physically break into to a workplace in order to carry out a digital theft. 

Solution: An organization’s security must become more holistic, and blend physical security and cybersecurity. Insurance is another increasingly important strategy. The Global survey showed that more than half (51%) of respondents purchased cybersecurity insurance.

Find out all the ways a document management policy can reduce the risk of a data breach – and make information security a routine part of the job for all employees.