Information security risk management
A risk management program is a key component for enterprise security. This section offers insight on security risk management frameworks and strategies as well as best practices on conducting effective risk assessments, vulnerability assessments, penetration tests and more.
Top Stories
-
Tip
29 Mar 2024
5 tips for building a cybersecurity culture at your company
As a company's cyber-risks evolve, so must its culture. Here are five tips for creating a cybersecurity culture that protects the business and is meaningful for employees. Continue Reading
-
Tip
05 Mar 2024
What are the pros and cons of shadow IT?
The increase of generative AI, digital natives and remote work drives the rise of shadow IT. CIOs and IT leaders should evaluate the pros and cons to mitigate potential risks. Continue Reading
-
Answer
21 Nov 2019
Do you have the right set of penetration tester skills?
Pen testing is more than just the fun of breaking into systems. Learn about the critical penetration tester skills potential candidates must master to become proficient in their career path. Continue Reading
-
Opinion
01 Nov 2019
When cyberthreats are nebulous, how can you plan?
Security planning is tough when you're short-staffed and hackers have smart tech too. You'll need solid skills and, most of all, a willingness to use your imagination. Continue Reading
-
Opinion
01 Nov 2019
CISOs, does your incident response plan cover all the bases?
Security incidents, let's face it, are essentially inevitable. How do you cover the key bases -- education, inventory, and visibility -- in planning for incident response? Continue Reading
-
Infographic
01 Nov 2019
Enterprises feel the pain of cybersecurity staff shortages
It's hard enough keeping up with today's threats on a good day. But when your IT organization is spread thin, especially in terms of cybersecurity staff, the challenges mount. Continue Reading
-
Feature
25 Oct 2019
On a penetration tester career path, flexibility and curiosity are key
Becoming a pen tester takes more than passing an exam. Learn the qualities ethical hackers should embrace to achieve success on their penetration tester career path. Continue Reading
-
Quiz
24 Oct 2019
CompTIA PenTest+ practice test questions to assess your knowledge
Think you're ready to take the CompTIA PenTest+ certification exam? Test your skill set with some of the sample multiple-choice questions you may be facing. Continue Reading
-
Feature
21 Oct 2019
Netscout CSO speaks to third-party risk, security gender gap
Veteran CSO at Netscout Deb Briggs recaps her fireside chat with Cisco CSO Edna Conway at FutureCon 2019, including their discussion on third-party risk and the gender gap in the security industry. Continue Reading
-
Answer
21 Oct 2019
6 different types of hackers, from black hat to red hat
Black, white and grey hats are familiar to security pros, but as the spectrum evolves to include green, blue and red, things get muddled. Brush up on types of hackers, new and old. Continue Reading
-
Tip
15 Oct 2019
Essential instruments for a pen test toolkit
Does your penetration testing toolkit have the proper contents? Learn the must-have tool for any pen tester, as well as specific tools for wireless, network and web app pen testing. Continue Reading
-
Answer
30 Sep 2019
What are the benefits of outsourcing risk mitigation and management?
Rather than handling risk management and mitigation within your organization, outsourcing these important processes to a third party comes with substantial benefits. Continue Reading
-
Tip
19 Sep 2019
Cybersecurity frameworks hold key to solid security strategy
Cybersecurity frameworks take work, but they help organizations clarify their security strategies. If you don't have one, here's what to consider, even for emerging perimeterless security options. Continue Reading
-
Conference Coverage
14 Aug 2019
Latest news from the Black Hat 2019 conference
Learn the latest from this year's Black Hat conference, Aug. 3 to 8. Our team is in Las Vegas to report on what's new in information security risks, trends and defense tactics. Continue Reading
-
Feature
01 Aug 2019
For board of directors, cybersecurity literacy is essential
For boards of directors to meet their business goals, CISOs need a seat at the table. Through her initiative BoardSuited, Joyce Brocaglia aims to pave the way. Continue Reading
-
Feature
01 Aug 2019
Fitting cybersecurity frameworks into your security strategy
Whatever an organization's culture, effective use of a security framework requires understanding business goals and program metrics, and demands leadership communication. Continue Reading
-
Feature
08 Jul 2019
What is a business resilience plan and why do you need one?
Just like business continuity has become indispensable, having an IT resilience plan in place is crucial to keeping your business up and running today. Continue Reading
-
Feature
28 Jun 2019
Comparing EDR tools: Cybereason vs. CrowdStrike vs. Carbon Black
Learn how tools from leading EDR vendors Cybereason, CrowdStrike and Carbon Black compare when it comes to helping security teams fight endpoint threats and respond to incidents. Continue Reading
-
Tip
28 Jun 2019
How to retool incident response best practices for the digital age
As companies become more cloud- and mobile-centric, they need to reassess their incident response best practices and automate as much as possible. Continue Reading
-
Tip
28 Jun 2019
How to prevent cybersecurity attacks using this 4-part strategy
It can be daunting to defend an enterprise against cyberattacks, but these four defensive moves can help fortify and repel whatever comes your way. Continue Reading
-
Tip
25 Jun 2019
What identity governance tools can do for your organization
Learn how to evaluate available security tools that manage the governance of your users' identity and access to company systems and data. Continue Reading
-
Opinion
01 May 2019
Putting cybersecurity for healthcare on solid footing
CISO Kevin Charest talks security threats he sees in the healthcare field and the means his company is using to thwart them, including HCSC's Cyber Fusion Center. Continue Reading
-
Feature
01 May 2019
Huawei ban highlights 5G security issues CISOs must tackle
Why worry over Huawei? A U.S. ban of this Chinese company's products should remind CISOs that now is the time to consider security issues related to the rollout of the 5G network. Continue Reading
-
Infographic
01 May 2019
Are users your biggest risk? Raise IT security awareness
Users are either your best line of defense or greatest vulnerability. Learn how attackers exploit human behavior and fight back by improving user security awareness. Continue Reading
-
Tip
24 Apr 2019
How to plan for the worst possible disaster recovery scenarios
Your worst-case DR scenario today might be vastly different than it was just a few years ago. What's the worst that could happen to your data center in the event of a disaster? Continue Reading
-
Tip
17 Apr 2019
AI, machine learning in cybersecurity focused on behavior
Artificial intelligence, and machine learning in particular, is being fruitfully employed in IT security tools. Learn where this advanced technology works best now. Continue Reading
-
Conference Coverage
07 Mar 2019
RSAC 2019: Coverage of the premiere security gathering
Find out what's happening at the at the 2019 RSA Conference in San Francisco, the information security industry's biggest event, with breaking news and analysis by the SearchSecurity team. Continue Reading
-
News
21 Feb 2019
CrowdStrike report says breakout time for threat actors is increasing
CrowdStrike's annual global threat report highlights why speed is critical for cybersecurity defenders. Experts sound off on key findings, including the rise of 'big game hunting.' Continue Reading
-
Feature
01 Feb 2019
CISO tackles banking cybersecurity and changing roles
Over the course of his career in security, Thomas Hill has held varied positions that inform his views on both technological specifics and strategic roles in modern corporations. Continue Reading
-
Feature
01 Feb 2019
Top 10 CISO concerns for 2019 span a wide range of issues
From dealing with data and staffing shortages to adapting to an ever-expanding set of job responsibilities, CISOs face an array of serious issues in 2019. Continue Reading
- E-Zine 01 Feb 2019
-
News
23 Jan 2019
Top security initiatives for 2019 include MFA, end-user training
TechTarget's IT Priorities survey revealed key security initiatives companies plan to implement in 2019. Experts weigh in on best practices to be adopted. Continue Reading
-
News
18 Jan 2019
Experts: A breach response plan is a must in 2019
During an IT GRC Forum webinar, experts explain the need for shedding legacy security approaches and highlight the gravity of drafting a data breach response plan. Continue Reading
-
Tip
10 Dec 2018
5 actionable deception-tech steps to take to fight hackers
Consider taking these five 'deceptive' steps to make your detection and response capabilities speedier, more effective and to improve your company's security posture. Continue Reading
-
Tip
11 Oct 2018
How entropy sources interact with security and privacy plans
NIST published a draft of its 'Risk Management Framework for Information Systems and Organizations.' Learn what this report entails, as well as how entropy source controls play a key role. Continue Reading
-
Answer
07 Aug 2018
What network security methods do I need to keep data safe?
How can you maintain network security beyond the standard firewall and blacklisting tactics? Encryption and digital rights management can ensure organizational data stays safe. Continue Reading
-
Definition
30 May 2018
active defense
An active defense is the use of offensive actions to outmaneuver an adversary and make an attack more difficult and to carry out. Continue Reading
-
News
19 Apr 2018
Moussouris: Bug bounty programs need to avoid jumping the shark
Bug bounty programs may seem to offer salvation at a bargain price for securing networks and systems, but Katie Moussouris offers tips for avoiding major pitfalls. Continue Reading
-
Tip
06 Apr 2018
Zero-trust model promises increased security, decreased risk
The zero-trust model takes focused and sustained effort, but promises to improve most companies' risk posture. Learn what it takes to get the most out of zero trust. Continue Reading
-
Tip
06 Apr 2018
How to do risk management in cybersecurity using ERM
Perfect security is impossible, but using risk management in cybersecurity using a range of strategies can significantly reduce your organization’s risk. Continue Reading
-
News
07 Feb 2018
Cybersecurity insurance breaks coming for Apple, Cisco customers
Apple and Cisco customers could get lucrative terms for cybersecurity insurance under a new partnership with insurance giant Allianz and global services firm Aon. Continue Reading
-
News
25 Sep 2017
Freese: Cyber-risk management is the key to good infosec hygiene
Speaking at the (ISC)2 Security Congress, FBI Deputy Assistant Director Don Freese spoke about need for security pros to replace fear and emotion with proper cyber-risk management. Continue Reading
-
Podcast
18 May 2017
Risk & Repeat: Reviewing Trump's cybersecurity executive order
This week's Risk & Repeat podcast looks at President Trump's cybersecurity executive order and how it aims to address federal government and critical infrastructure issues. Continue Reading
-
Tip
10 May 2017
Avoid privilege creep from the software development team
Too often, privilege creep occurs via the software development team, the result of pressure to update or launch apps. Learn what tools and tactics can counter privilege creep. Continue Reading