Risk management

A successful risk management plan helps enterprises identify, plan for and mitigate potential risks. Learn about the components of risk management programs, including penetration tests, vulnerability and risk assessments, frameworks, security awareness training and more.

Top Stories

Tip 26 Sep 2023
How to use a SWOT analysis for IT disaster recovery planning

A disaster recovery IT SWOT analysis can identify the good and the bad aspects of a DR plan, as well as highlight potential risks and opportunities for improvement. Continue Reading
Tip 26 Sep 2023
3 phases of the third-party risk management lifecycle

Contractors and other third parties can make systems more vulnerable to cyber attacks. The third-party risk management lifecycle helps ensure outside vendors protect your data. Continue Reading

News 20 Sep 2023

Cyber insurance report shows surge in ransomware claims

Coalition's H1 2023 report shows ransomware activity increased and severity reached "historic" highs as businesses lost an average of more than $365,000 following an attack. Continue Reading
Tip 19 Sep 2023

4 tips to find cyber insurance coverage in 2023

The cyber insurance industry is settling down but isn't without challenges. Read up on cyber insurance in 2023 and how to get the most from your organization's coverage this year. Continue Reading
News 14 Sep 2023

Palo Alto Networks: 80% of security exposures exist in cloud

It's no surprise that organizations struggle with cloud security, but a new report reveals an alarming split between cloud and on-premise security exposures. Continue Reading
Tip 11 Sep 2023

How to develop a cloud backup ransomware protection strategy

Deploying cloud backups for ransomware protection has become a common security strategy. Here's how to properly vet cloud storage vendors to ensure backups stay secure. Continue Reading
Feature 09 Sep 2023

The ultimate guide to cybersecurity planning for businesses

This in-depth cybersecurity planning guide provides information and advice to help organizations develop a successful strategy to protect their IT systems from attacks. Continue Reading
Tip 08 Sep 2023

Risk prediction models: How they work and their benefits

Accurate risk prediction models can aid risk management efforts in organizations. Here's a look at how risk models work and the business benefits they provide. Continue Reading
Feature 08 Sep 2023

16 top ERM software vendors to consider in 2023

Various software tools can help automate risk management and GRC processes. Here's a look at 16 enterprise risk management vendors and their products. Continue Reading
Guest Post 30 Aug 2023

SEC cyber attack regulations prompt 10 questions for CISOs

New SEC regulations governing the disclosure of cyber attacks by public companies lead to 10 questions board members should ask their CISOs about managing cyber-risk. Continue Reading
Tip 29 Aug 2023

The CIO's role in strengthening cybersecurity

To effectively tackle security risks, organizations should proactively address the complexities of information security. Learn how CIOs can play a key role in cybersecurity. Continue Reading
News 23 Aug 2023

Google launches AI-powered data classification for Workspace

Available now in preview, the new capability can automatically label files across a customer's Drive environment to protect data from exposure and exfiltration. Continue Reading
News 21 Aug 2023

Vendors criticize Microsoft for repeated security failings

Microsoft is facing frustration for numerous security issues, including problematic transparency, numerous patch bypasses and inconsistent communication practices. Continue Reading
Tip 18 Aug 2023

How to conduct a cloud security assessment

Cloud environments are complicated by visibility issues, misconfigurations and more. Cloud security assessments are one way to ensure everything is protected. Continue Reading
Feature 16 Aug 2023

Adopt embedded penetration testing to keep IoT devices secure

Regular embedded penetration testing can help discover vulnerabilities before attackers do. The author of 'Practical Hardware Pentesting' explains. Continue Reading
Tip 16 Aug 2023

6 open source GRC tools compliance professionals should know

Organizations must meet a variety of regulatory compliance requirements today. Here's a look at six open source GRC tools and related resources that might help. Continue Reading
Feature 16 Aug 2023

Top 12 risk management skills and why you need them

Effective risk management is necessary in all parts of a business. Here are a dozen skills that risk managers need to be successful in their jobs. Continue Reading
Tip 15 Aug 2023

Top 4 information security strategy essentials CIOs need

Right now, hackers are targeting your organization. Fight back by learning how CIOs can create a resilient and strong information security foundation. Continue Reading
Feature 15 Aug 2023

ISO 31000 vs. COSO: Comparing risk management standards

ISO 31000 and the COSO ERM framework are the two most popular risk management standards. Here's what they include and some of their similarities and differences. Continue Reading
Feature 11 Aug 2023

Traditional vs. enterprise risk management: How do they differ?

Traditional risk management and enterprise risk management are similar in their aim to mitigate risks that can harm a company. But there are differences between them. Continue Reading
News 10 Aug 2023

CISA shares 'secure by design' plan for US tech ecosystem

The cyber agency plans to establish secure-by-design principles through internal and external communications, data collection and education for the next generation. Continue Reading
News 10 Aug 2023

U.S., Ukraine cyber leaders talk resilience, collaboration

At Black Hat 2023, CISA's Jen Easterly and Ukraine's Victor Zhora discuss cyber resilience and security hardening in the face of destructive cyber campaigns. Continue Reading
Feature 10 Aug 2023

Why using ransomware negotiation services is worth a try

If stakeholders decide to pay ransom demands, using a ransomware negotiation service could improve the situation's outcome and lower the payout. Continue Reading
News 09 Aug 2023

Coalition looks to bridge gap between CISOs, cyber insurance

While carriers and CISOs agree cyber insurance has contributed to better security postures, Coalition said the relationship needs to stronger as threat evolve and intensify. Continue Reading
Feature 09 Aug 2023

Worldcoin explained: Everything you need to know

Sam Altman's Worldcoin uses iris scans for unique identification with plans to expand for wider adoption of a global currency on the blockchain. However, there are privacy concerns. Continue Reading
Answer 09 Aug 2023

Best practices for reporting ransomware attacks

Organizations must decide whether to report ransomware incidents to the authorities and disclose them to the public. Experts weigh in on the options and best practices. Continue Reading
Tip 07 Aug 2023

How to manage generative AI security risks in the enterprise

Despite its benefits, generative AI poses numerous -- and potentially costly -- security challenges for companies. Review possible threats and best practices to mitigate risks. Continue Reading
Feature 07 Aug 2023

Enterprise risk management team: Roles and responsibilities

Every facet of business operations is exposed to risks, requiring a risk management team that's composed of a diverse mix of corporate executives and managers. Continue Reading
Feature 04 Aug 2023

9 common risk management failures and how to avoid them

As enterprises rework their business models and strategies to meet various new challenges, risks abound. Here are nine risk management failures to look out for. Continue Reading
Feature 03 Aug 2023

Risk appetite vs. risk tolerance: How are they different?

Risk appetite and risk tolerance are related terms but not the same thing. Here's how they differ plus examples of risk appetite and risk tolerance statements. Continue Reading
Feature 03 Aug 2023

12 top enterprise risk management trends in 2023

The 2023 trends that are reshaping the risk management landscape include GRC platforms, maturity frameworks, risk appetite statements and the CIO's critical role in promoting ERM. Continue Reading
Feature 01 Aug 2023

Infosec experts divided on SEC four-day reporting rule

Professionals in the cybersecurity industry voiced concerns and praises of new incident disclosure rules that allow companies four days to report a "material" cyber attack. Continue Reading
Guest Post 28 Jul 2023

Intersection of generative AI, cybersecurity and digital trust

The popularity of generative AI has skyrocketed in recent months. Its benefits, however, are being met with cybersecurity, digital trust and legal challenges. Continue Reading
Feature 26 Jul 2023

Explaining risk maturity models and how they work

Explore risk maturity models and assessment tools for enhancing enterprise risk management. Improve ERM programs to mitigate risk and gain a competitive edge. Continue Reading
News 20 Jul 2023

Cyber insurers adapting to data-centric ransomware threats

Cyber insurance carriers and infosec vendors weigh in on how the shift in ransomware tactics is affecting policies and coverage, presenting challenges for enterprises. Continue Reading
Feature 10 Jul 2023

Wi-Fi AP placement best practices and security policies

From a security standpoint, Wi-Fi network designers should consider the physical and logical placement of APs, as well as management, segmentation and rogue devices. Continue Reading
Feature 10 Jul 2023

Get started: Threat modeling with the Mitre ATT&CK framework

The Mitre ATT&CK framework may seem daunting at first, but it is a key tool that helps SOC teams conduct threat modeling. Learn how to get started. Continue Reading
Tip 07 Jul 2023

Enterprise risk management should inform cyber-risk strategies

Cyber-risk doesn't exist in a vacuum. By understanding the broader enterprise risk management landscape, CISOs can make decisions that best serve the business. Continue Reading
Tip 19 Jun 2023

Cyber-risk quantification benefits and best practices

It's not enough to know cybersecurity threats exist. More importantly, companies must understand cyber-risks in ways stakeholders can measure and discuss. Continue Reading
Tip 12 Jun 2023

Benefits of risk-based vulnerability management over legacy VM

Risk-based vulnerability management not only offers a proactive way to identify vulnerable assets, but it also helps prevent alert fatigue and improve patch prioritization. Continue Reading
Feature 19 May 2023

The potential danger of the new Google .zip top-level domain

How much should the average end user be concerned about the new .zip and .mov TLDs? They aren't as bad as some make them out to be, but it's still worth doing something about them. Continue Reading
News 16 May 2023

Coalition: Employee actions are driving cyber insurance claims

After analyzing cyber insurance claims data, Coalition determined that phishing escalated in 2022, ransomware dropped and timely patching remained a consistent problem. Continue Reading
Tip 10 May 2023

How to reduce risk with cloud attack surface management

Attack surfaces continue to expand, fueled in part by the cloud. Attack surface management is a key way to identify vulnerable assets and reduce the risk to a corporate network. Continue Reading
Feature 03 May 2023

Studies show ransomware has already caused patient deaths

No patient deaths have been definitively attributed to cyber attacks on hospitals, but some infosec experts say that statistical evidence shows a different, grim reality. Continue Reading
News 26 Apr 2023

CISA aims to reduce email threats with serial CDR prototype

CISA officials at RSA Conference 2023 showed off a prototype designed to measure the risk of suspicious files and remove them from email and web services. Continue Reading
News 26 Apr 2023

How ransomware victims can make the best of a bad situation

At RSA Conference 2023, Mandiant's Jibran Ilyas provided tips for ransomware victims that decide to pay, including a list of counterdemands to make to the threat actors. Continue Reading
News 25 Apr 2023

RSAC panel warns AI poses unintended security consequences

A panel of experts at RSA conference 2023 warned of hallucinations and inherent biases but also said generative AI can assist in incident response and other security needs. Continue Reading
News 25 Apr 2023

RSAC speaker offers ransomware victims unconventional advice

Triton Tech Consulting CEO Brandon Clark advised organizations to set aside the stigma of 'negotiating with terrorists' when deciding whether to pay a ransomware gang. Continue Reading
Tip 17 Apr 2023

How to build a cybersecurity deception program

In 'The Art of War,' Sun Tzu declared, 'All warfare is based on deception.' Learn how to apply this principle in the enterprise by building a cybersecurity deception program. Continue Reading
Guest Post 14 Apr 2023

Pen testing amid the rise of AI-powered threat actors

The importance of pen testing continues to increase in the era of AI-powered attacks, along with red teaming, risk prioritization and well-defined goals for security teams. Continue Reading
Tip 07 Apr 2023

5 ChatGPT security risks in the enterprise

Whether in the hands of cybercriminals or oblivious end users, ChatGPT introduces new security risks. Continue Reading
Opinion 06 Apr 2023

Top RSA Conference 2023 trends and topics

Enterprise Strategy Group's Jack Poller outlines his picks for getting the most out of the 2023 RSA Conference, from keynotes to startups, AI, innovation and more. Continue Reading
Feature 03 Apr 2023

Why medical device vulnerabilities are hard to prioritize

Vulnerabilities in critical medical devices could lead to loss of life. But opinions are mixed on how serious the risk is to patient safety and how best to address the flaws. Continue Reading
Tip 29 Mar 2023

Vulnerability management vs. risk management, compared

Vulnerability management seeks out security weaknesses in an organization, while risk management involves looking holistically at how the company is running. Continue Reading
Tip 24 Mar 2023

Use zero-trust data management to better protect backups

Backup admins looking to protect data from bad actors can implement a zero-trust strategy for added protection. However, the method is not without its downsides. Continue Reading
News 22 Mar 2023

Cyber insurance carriers expanding role in incident response

While cyber insurance has its benefits, infosec professionals expressed concern that carriers have too much influence over incident response decisions, especially with ransomware. Continue Reading
Tip 24 Feb 2023

Incident management vs. incident response explained

While even many seasoned cybersecurity leaders use the terms 'incident management' and 'incident response' interchangeably, they aren't technically synonymous. Continue Reading
Tip 16 Feb 2023

Web 3.0 security risks: What you need to know

Elements of the third version of the web are coming to fruition. But Web 3.0 also comes with new cybersecurity, financial and privacy threats besides the familiar risks of Web 2.0. Continue Reading
Feature 26 Jan 2023

Ransomware trends, statistics and facts in 2023

Supply chain attacks, double extortion and RaaS were just a few of the ransomware trends that plagued 2022 and will continue to disrupt businesses in 2023. Continue Reading
Guest Post 18 Jan 2023

How to build a cyber-resilience culture in the enterprise

Discover how organizations can build a culture of cyber resilience by reducing risk, limiting damage, having a disaster recovery plan and assuming a cyber attack is coming. Continue Reading
News 11 Jan 2023

Vulnerable software, low incident reporting raises risks

Beneath the buzz around tech innovations at CES were discussions about cybersecurity and how to prevent the next generation of tech from being just as vulnerable as the last. Continue Reading
News 10 Jan 2023

BitSight, Schneider Electric partner to quantify OT risk

The new partnership aims to provide organizations with increased visibility and risk detection capabilities for operational technology environments and critical infrastructure. Continue Reading
Feature 19 Dec 2022

11 cybersecurity predictions for 2023

Analysts and experts have looked into their crystal balls and made their cybersecurity predictions for 2023. Is your organization prepared if these predictions come true? Continue Reading
Feature 16 Dec 2022

How to use a risk assessment matrix: A free template and guide

A risk assessment matrix identifies threats and vulnerabilities that present the greatest potential for disruption or damage. Use this free template to focus risk mitigation. Continue Reading
News 02 Dec 2022

Experts argue 'sludge' could muck up cyber attacks

Network defenders can supplement their security postures with additional settings and policies that frustrate and discourage attackers, according to a new research paper. Continue Reading
Tip 18 Nov 2022

Top metaverse cybersecurity challenges: How to address them

As the metaverse takes shape, companies must consider a slew of new cybersecurity challenges and how to deal with them. Continue Reading
Guest Post 17 Nov 2022

Do companies need cyber insurance?

As cyber insurance costs rise, companies must determine whether they truly need cyber insurance to tackle their increased risk of cyber attacks. Continue Reading
News 10 Nov 2022

Flashpoint launches new 'ransomware prediction model'

Flashpoint's new model assigns a 'ransomware likelihood' rating for vulnerabilities contained in the VulnDB database, which contains more than 300,000 flaws. Continue Reading
Tip 10 Nov 2022

How to perform a cybersecurity risk assessment in 5 steps

This five-step framework for performing a cybersecurity risk assessment will help your organization prevent and reduce costly security incidents and avoid compliance issues. Continue Reading
Answer 04 Nov 2022

The 7 core pillars of a zero-trust architecture

Learn how Forrester's seven pillars of zero trust model can help IT leaders identify, organize and implement the appropriate cybersecurity tools for a zero-trust framework. Continue Reading
Tip 01 Nov 2022

Ideal CISO reporting structure is to high-level business leaders

CISOs usually report to a high-level executive, but reporting to a top-level business executive like the CEO rather than a technology executive protects the business best. Continue Reading
Feature 28 Oct 2022

Enterprise ransomware preparedness improving but still lacking

An Enterprise Strategy Group survey found enterprises are making strides in ransomware preparedness, but work remains to prevent and mitigate attacks. Continue Reading
Tip 25 Oct 2022

Top security-by-design frameworks

Following a security-by-design framework, or designing one specific to your company, is key to implanting security into every step of the software development lifecycle. Continue Reading
Guest Post 14 Oct 2022

The role of transparency in digital trust

To retain digital trust, organizations must be transparent in the aftermath of cybersecurity attacks and data breaches. Learn more about the roles of transparency in trust. Continue Reading
Feature 11 Oct 2022

LinkedIn scams, fake Instagram accounts hit businesses, execs

Even the most secure business and executive social media accounts that have strong passwords and multifactor authentication are vulnerable to cloning schemes. Continue Reading
Answer 30 Sep 2022

Top 6 benefits of zero-trust security for businesses

The zero-trust security model demands infosec leaders take a holistic approach to IT infrastructure security. Learn about the top six business benefits of zero trust here. Continue Reading
Tip 15 Sep 2022

Use shadow IT discovery to find unauthorized devices and apps

Shadow IT may be convenient for users, but it isn't for IT -- especially where security is concerned. Shadow IT discovery finds unmanaged devices and apps. Continue Reading
Tip 14 Sep 2022

How to connect cyber-risk and climate risk strategies

Every business faces two global systemic risks: cybersecurity and climate change. Learn how to integrate these two areas of risk management for greater business resilience. Continue Reading
News 01 Sep 2022

Researcher unveils smart lock hack for fingerprint theft

An academic researcher demonstrated how IoT smart locks could become tools for attackers to covertly steal fingerprints and potentially access more sensitive personal data. Continue Reading
Tip 01 Sep 2022

Cybersecurity budget breakdown and best practices

Once budget is secured, CISOs must figure out where it should be allocated -- as well as how to justify the costs. Get the lowdown on a cybersecurity budget breakdown here. Continue Reading
Tip 31 Aug 2022

Remote work cybersecurity: 12 risks and how to prevent them

Expanding attack surfaces, increasing vulnerabilities and overstressed staffs are among a litany of security risks whose ultimate cure requires more than an ounce of prevention. Continue Reading
Guest Post 24 Aug 2022

Cybersecurity governance: A path to cyber maturity

Organizations need cybersecurity governance programs that make every employee aware of the cybersecurity mitigation efforts required to reduce cyber-risks. Continue Reading
Tip 22 Aug 2022

Why security chaos engineering works, and how to do it right

While 'chaos' doesn't sound like something software security managers would want, chaos engineering has an enticing amount of value when it comes to identifying potential threats. Continue Reading
Tip 18 Aug 2022

5 reasons to integrate ESG and cybersecurity

Every business faces global systemic risks, yet most have failed to integrate cybersecurity with ESG programs. Here are five reasons why integration makes good business sense. Continue Reading
News 18 Aug 2022

Russian cyber attacks on Ukraine driven by government groups

Researchers with Trustwave say the cyber attacks against Ukraine are not the work of enlisted private hacking groups but Russian government intelligence agencies. Continue Reading
Tip 17 Aug 2022

How to create a threat profile, with template

Read five key steps on how to create a threat profile, and get started making them customized to your organization with our free template. Continue Reading
Tip 16 Aug 2022

How to ensure a secure metaverse in your organization

Before deploying your company's metaverse, follow these practices -- including inventorying vulnerabilities and developing T&Cs -- to proactively address metaverse security issues. Continue Reading
News 16 Aug 2022

For cyber insurance, some technology leads to higher premiums

Though cyber insurance demand is exceeding supply and companies might receive less coverage with higher premiums, experts say there are ways enterprises can reduce risk. Continue Reading
News 16 Aug 2022

Zero Day Initiative seeing an increase in failed patches

In a Q&A with TechTarget Editorial, Trend Micro Zero Day Initiative's Brian Gorenc and Dustin Childs discuss incomplete patches and the value of personal researcher relations. Continue Reading
Tip 16 Aug 2022

5 tips for building a cybersecurity culture at your company

As a company's cyber risks evolve, so must its culture. Here are five tips for creating a cybersecurity culture that protects the business and is meaningful for employees. Continue Reading
Tip 15 Aug 2022

Cybersecurity skills gap: Why it exists and how to address it

The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
News 11 Aug 2022

Researchers reveal Kubernetes security holes, prevention

Researchers with Palo Alto Networks took the stage at Black Hat to explain how configurations and system privileges in Kubernetes clusters can allow container escape and takeover. Continue Reading
News 11 Aug 2022

Zero Day Initiative launches new bug disclosure timelines

The Trend Micro Zero Day Initiative's vulnerability disclosure policy will now mandate shorter disclosure windows for flaws believed to result from bypassed security patches. Continue Reading
News 10 Aug 2022

Chris Krebs: It's still too hard to work with the government

Former CISA Director Chris Krebs offered multiple areas of improvement to the U.S. government's cyber readiness during a Black Hat 2022 keynote. Continue Reading
News 09 Aug 2022

IT pros weigh COVID-19 risks, safety at tech conferences

Companies preparing to send employees to tech conferences should have a COVID-19 safety plan and prepare for the possibility that some workers will bring the virus back to the office. Continue Reading
Tip 05 Aug 2022

5 data security challenges enterprises face today

Data empowers enterprises to succeed. But with great power comes great responsibility -- to keep that data secure. Here are five challenges today's businesses must meet. Continue Reading
Feature 05 Aug 2022

Cybersecurity lessons learned from COVID-19 pandemic

Cybersecurity lessons companies learn from the COVID-19 pandemic include having work-from-home preparations and developing disaster recovery and business continuity plans. Continue Reading
Tip 02 Aug 2022

Data masking vs. data encryption: How do they differ?

Discover how the data security techniques of data masking and data encryption compare, while also learning about different types of both and their use cases. Continue Reading
Tip 29 Jul 2022

SSH key management best practices and implementation tips

SSH connects key systems and the people and processes necessary to keep them functioning. Learn how to use SSH key management best practices to protect your systems and network. Continue Reading
Feature 20 Jul 2022

VMDR: Inside vulnerability management, detection and response

VMDR offers automated asset identification, threat prioritization and patch management. But do companies need another vulnerability management tool? Continue Reading
News 13 Jul 2022

Supreme Court justices doxxed on dark web

Five conservative Supreme Court justices were reportedly doxxed by threat actors that claim to have obtained credit card numbers, addresses and other information. Continue Reading
Feature 08 Jul 2022

Top 7 types of data security technology

These seven types of data security technologies -- from encryption to masking -- will better protect customer and enterprise data from inappropriate and unauthorized access and use. Continue Reading

1
2
3
4
5

Networking

Network considerations for cloud migration to data center
Performance, security concerns and high costs are factors that prompt organizations to migrate workloads from cloud to data ...
Best practices for network automation with Python
Python libraries, version control, documentation and object-oriented programming provide helpful best practices for network ...
How low Earth orbit satellite networks improve internet access
Compared to traditional satellite setups, LEO satellite internet provides several benefits, such as low latency, reduced costs ...

CIO

U.S. antitrust case against Amazon not a clear win
The FTC is looking to make an antitrust case against Amazon for using anticompetitive strategies to harm both sellers and ...
U.S. government shutdown would crush CHIPS Act momentum
A U.S. government shutdown would significantly impact implementation of the CHIPS and Science Act of 2022 as federal workers ...
6 alternatives to blockchain for businesses to consider
Technologies like cloud storage and distributed databases provide some of blockchain's data-integrity and reliability advantages ...

Enterprise Desktop

Redefining DEX: Is user sentiment a requirement?
DEX technologies focus on ensuring users have the tools and high-performing technology they need. But is it a good idea to rely ...
Using the Intune management extension for PowerShell scripts
Intune and PowerShell have a lot of unique management actions they can take, but with the help of the Intune management extension...
Intel promotes new computing era with AI PC
Intel says its upcoming Core Ultra will help lead personal computing to the AI PC era by making AI processing a mainstream task ...

Cloud Computing

How to modernize apps as part of the cloud migration process
Take stock of your applications, and modernize them where appropriate as part of a cloud migration. Learn about the benefits of ...
3 factors that influence multi-cloud cost optimization
Without careful oversight, multi-cloud deployments can be expensive. These data management and security practices can help IT ...
Canonical continues to evolve in cloud market
Paul Nashawaty, an analyst at TechTarget's Enterprise Strategy Group, shares takeaways from Canonical Analyst Day 2023. Explore ...

ComputerWeekly.com

UK tech sector 'let down' and 'betrayed' over Rishi Sunak's net-zero policy tweaks
Now the dust has settled on the news Rishi Sunak is tweaking several of the policies underpinning the government’s net-zero goal,...
Government hands over £12.5m to farming tech innovators
Some 19 projects focusing on automation and robotic technology will get funding from the Department for Environment, Food and ...
First subpostmaster Horizon conviction overturned in Scotland
Scotland has seen its first Post Office Horizon conviction overturned, taking the UK total to 92

Close