Information security risk management

A risk management program is a key component for enterprise security. This section offers insight on security risk management frameworks and strategies as well as best practices on conducting effective risk assessments, vulnerability assessments, penetration tests and more.

Top Stories

Answer 28 Mar 2025
Business impact analysis vs. risk assessment explained

Do you know the difference between a business impact analysis and risk assessment? Find out how they differ and why you need to perform both here. Continue Reading
By
- Brien Posey
Tip 07 Jan 2025
Enterprise cybersecurity hygiene checklist for 2025

Enterprise cybersecurity hygiene must be a shared responsibility between employees and employers. Learn how both can get the job done with this checklist. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec

Feature 01 Aug 2019
Fitting cybersecurity frameworks into your security strategy

Whatever an organization's culture, effective use of a security framework requires understanding business goals and program metrics, and demands leadership communication. Continue Reading
By
- Joseph Granneman, Illumination.io
Feature 08 Jul 2019
What is a business resilience plan and why do you need one?

Just like business continuity has become indispensable, having an IT resilience plan in place is crucial to keeping your business up and running today. Continue Reading
By
- Erin Sullivan, Senior Site Editor
Feature 28 Jun 2019
Comparing EDR tools: Cybereason vs. CrowdStrike vs. Carbon Black

Learn how tools from leading EDR vendors Cybereason, CrowdStrike and Carbon Black compare when it comes to helping security teams fight endpoint threats and respond to incidents. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Tip 28 Jun 2019
How to prevent cybersecurity attacks using this 4-part strategy

It can be daunting to defend an enterprise against cyberattacks, but these four defensive moves can help fortify and repel whatever comes your way. Continue Reading
By
- Dave Shackleford, Voodoo Security
Tip 25 Jun 2019
What identity governance tools can do for your organization

Learn how to evaluate available security tools that manage the governance of your users' identity and access to company systems and data. Continue Reading
By
- Johna Till Johnson, Nemertes Research
Opinion 01 May 2019
Putting cybersecurity for healthcare on solid footing

CISO Kevin Charest talks security threats he sees in the healthcare field and the means his company is using to thwart them, including HCSC's Cyber Fusion Center. Continue Reading
By
- Alan R. Earls
Feature 01 May 2019
Huawei ban highlights 5G security issues CISOs must tackle

Why worry over Huawei? A U.S. ban of this Chinese company's products should remind CISOs that now is the time to consider security issues related to the rollout of the 5G network. Continue Reading
By
- Mary K. Pratt
Infographic 01 May 2019
Are users your biggest risk? Raise IT security awareness

Users are either your best line of defense or greatest vulnerability. Learn how attackers exploit human behavior and fight back by improving user security awareness. Continue Reading
By
- Jessica Scarpati
Tip 24 Apr 2019
How to plan for the worst possible disaster recovery scenarios

Your worst-case DR scenario today might be vastly different than it was just a few years ago. What's the worst that could happen to your data center in the event of a disaster? Continue Reading
By
- Alan R. Earls
Tip 17 Apr 2019
AI, machine learning in cybersecurity focused on behavior

Artificial intelligence, and machine learning in particular, is being fruitfully employed in IT security tools. Learn where this advanced technology works best now. Continue Reading
By
- Nick Cavalancia, Techvangelism
Conference Coverage 07 Mar 2019
RSAC 2019: Coverage of the premiere security gathering

Find out what's happening at the at the 2019 RSA Conference in San Francisco, the information security industry's biggest event, with breaking news and analysis by the SearchSecurity team. Continue Reading
By
- Madelyn Bacon, TechTarget
News 21 Feb 2019
CrowdStrike report says breakout time for threat actors is increasing

CrowdStrike's annual global threat report highlights why speed is critical for cybersecurity defenders. Experts sound off on key findings, including the rise of 'big game hunting.' Continue Reading
By
- Mekhala Roy
Feature 01 Feb 2019
CISO tackles banking cybersecurity and changing roles

Over the course of his career in security, Thomas Hill has held varied positions that inform his views on both technological specifics and strategic roles in modern corporations. Continue Reading
By
- Alan R. Earls
Feature 01 Feb 2019
Top 10 CISO concerns for 2019 span a wide range of issues

From dealing with data and staffing shortages to adapting to an ever-expanding set of job responsibilities, CISOs face an array of serious issues in 2019. Continue Reading
By
- Mary K. Pratt
E-Zine 01 Feb 2019

CISOs build cybersecurity business case amid attack onslaught

Continue Reading
News 23 Jan 2019
Top security initiatives for 2019 include MFA, end-user training

TechTarget's IT Priorities survey revealed key security initiatives companies plan to implement in 2019. Experts weigh in on best practices to be adopted. Continue Reading
By
- Mekhala Roy
News 18 Jan 2019
Experts: A breach response plan is a must in 2019

During an IT GRC Forum webinar, experts explain the need for shedding legacy security approaches and highlight the gravity of drafting a data breach response plan. Continue Reading
By
- Mekhala Roy
Tip 10 Dec 2018
5 actionable deception-tech steps to take to fight hackers

Consider taking these five 'deceptive' steps to make your detection and response capabilities speedier, more effective and to improve your company's security posture. Continue Reading
By
- Dave Shackleford, Voodoo Security
Tip 11 Oct 2018
How entropy sources interact with security and privacy plans

NIST published a draft of its 'Risk Management Framework for Information Systems and Organizations.' Learn what this report entails, as well as how entropy source controls play a key role. Continue Reading
By
- Judith Myerson
Answer 07 Aug 2018
What network security methods do I need to keep data safe?

How can you maintain network security beyond the standard firewall and blacklisting tactics? Encryption and digital rights management can ensure organizational data stays safe. Continue Reading
By
- Clive Longbottom
Definition 30 May 2018
active defense

An active defense is the use of offensive actions to outmaneuver an adversary and make an attack more difficult and to carry out. Continue Reading
By
- Carolyn Crandall, Attivo Networks
News 19 Apr 2018
Moussouris: Bug bounty programs need to avoid jumping the shark

Bug bounty programs may seem to offer salvation at a bargain price for securing networks and systems, but Katie Moussouris offers tips for avoiding major pitfalls. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
Tip 06 Apr 2018
Zero-trust model promises increased security, decreased risk

The zero-trust model takes focused and sustained effort, but promises to improve most companies' risk posture. Learn what it takes to get the most out of zero trust. Continue Reading
By
- Johna Till Johnson, Nemertes Research
Tip 06 Apr 2018
How to do risk management in cybersecurity using ERM

Perfect security is impossible, but using risk management in cybersecurity using a range of strategies can significantly reduce your organization’s risk. Continue Reading
By
- Johna Till Johnson, Nemertes Research
News 07 Feb 2018
Cybersecurity insurance breaks coming for Apple, Cisco customers

Apple and Cisco customers could get lucrative terms for cybersecurity insurance under a new partnership with insurance giant Allianz and global services firm Aon. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
News 25 Sep 2017
Freese: Cyber-risk management is the key to good infosec hygiene

Speaking at the (ISC)2 Security Congress, FBI Deputy Assistant Director Don Freese spoke about need for security pros to replace fear and emotion with proper cyber-risk management. Continue Reading
By
- Rob Wright, Senior News Director
Podcast 18 May 2017
Risk & Repeat: Reviewing Trump's cybersecurity executive order

This week's Risk & Repeat podcast looks at President Trump's cybersecurity executive order and how it aims to address federal government and critical infrastructure issues. Continue Reading
By
- Rob Wright, Senior News Director

1
2

Search Networking

12 remote access security risks and how to prevent them
Enterprises face myriad remote access security concerns, but training and clear communication can help bolster security programs ...
How to use Cilium Hubble for network observability
Cilium's Hubble tool provides network observability while working in Kubernetes. This guide explains how Hubble works and how to ...
HPE Aruba deepens network security and OpsRamp visibility
A new 'digital circuit breaker' capability for HPE Private Clouds, increased visibility of third-party hardware with OpsRamp and ...

Search CIO

RIT showcase offers glimpse of early tech innovation cycle
Connected vehicle security, AI and 3D printing were among the technologies featured at Imagine RIT, an annual exhibition focusing...
Contempt order worsens Apple's antitrust woes
A federal judge found Apple to be in contempt of an injunction ordering the company to make access to alternative payment options...
Key differences between chief data officers vs. CIOs
CDOs and CIOs hold distinct roles in the tech-driven C-suite. Both roles are key to improving data collection and usage ...

Search Enterprise Desktop

End users can code with AI, but IT must be wary
The scale and speed of generative AI coding -- known as vibe coding -- are powerful, but users might be misapplying this ...
10 troubleshooting steps for when Windows Update is frozen
When a Windows desktop is frozen and can't update, there could be many causes. The troubleshooting process can be complicated, ...
Troubleshooting the most common issues with Windows 11
When Windows 11 administrators encounter an issue with a desktop without a clear fix, they should perform general troubleshooting...

Search Cloud Computing

Nutanix expands storage, Kubernetes and AI platforms at Next
The latest capabilities and partnerships highlighted at Nutanix's Next conference expand disaggregated storage to Pure Storage, ...
Explore edge computing services in the cloud
Discover the powerful advantages of edge computing over cloud computing, delivering faster performance and significantly lowering...
A guide to the CompTIA Cloud Essentials+ certification exam
The CompTIA Cloud Essentials+ certification empowers nontechnical professionals with essential cloud knowledge to make informed ...

ComputerWeekly.com

O2 upgrades Wembley Stadium connectivity
Upgrade around major UK sporting arena to see fans gaining access to dedicated distributed antenna system-based 5G standalone ...
Private cellular business deployments to reach more than 7,000 by 2030
Research finds enhanced security features and neutral host deployments will be central to expediting growth across all sectors ...
Controversial Post Office Horizon system could stay until 2033
Post Office seeks off-the-shelf Horizon replacement as part of £492m tender that includes ongoing support for Horizon up to 2033

Close