Risk management

A successful risk management plan helps enterprises identify, plan for and mitigate potential risks. Learn about the components of risk management programs, including penetration tests, vulnerability and risk assessments, frameworks, security awareness training and more.

Top Stories

Video 24 Jul 2025
An explanation of risk management for businesses

Risk management transforms uncertainty into opportunity by identifying threats, evaluating impacts and implementing strategic controls to protect and enhance business value. Continue Reading
By
- Sabrina Polin, Managing Editor
- Tommy Everson, Assistant Editor
Feature 23 Jul 2025
ISO 31000 vs. COSO: Comparing risk management standards

ISO 31000 and the COSO ERM framework are the two most popular risk management standards. Here's what they include and some of their similarities and differences. Continue Reading
By
- Michael Cobb

Tip 21 Jul 2025
Risk prediction models: How they work and their benefits

Accurate risk prediction models can aid risk management efforts in organizations. Here's a look at how risk models work and the business benefits they provide. Continue Reading
By
- Donald Farmer, TreeHive Strategy
Tip 18 Jul 2025
How to create a risk management plan: Template, key steps

A risk management plan provides a framework for managing business risks. Here's what it includes and how to develop one, plus a downloadable plan template. Continue Reading
By
- Donald Farmer, TreeHive Strategy
News 17 Jul 2025

Rethinking cyber-risk as traditional models fall short

Systemic cyber-risk models are not accounting for rapidly evolving threats -- and a time when organizations are more interconnected than ever. Continue Reading
Tip 15 Jul 2025
AI in risk management: Top benefits and challenges explained

AI can improve the speed and effectiveness of risk management efforts. Here are the potential benefits, use cases and challenges your organization needs to know about. Continue Reading
By
- Donald Farmer, TreeHive Strategy
Definition 15 Jul 2025
What is cloud infrastructure entitlement management (CIEM)?

Cloud infrastructure entitlement management (CIEM) is a modern cloud security discipline for managing identities and privileges in cloud environments. Continue Reading
By
- Mary K. Pratt
- Kinza Yasar, Technical Writer
Definition 15 Jul 2025
What is supply chain risk management (SCRM)?

Supply chain risk management (SCRM) is the coordinated efforts of an organization to help identify, monitor, detect and mitigate threats to supply chain continuity and profitability. Continue Reading
By
- Kinza Yasar, Technical Writer
Tip 11 Jul 2025
How to build a cybersecurity culture across your business

As a company's cyber-risks evolve, so must its culture. Follow these tips to create a strong cybersecurity culture that helps protect your organization from cyberthreats. Continue Reading
By
- Jerald Murphy, Nemertes Research
- John Burke, Nemertes Research
Tip 10 Jul 2025
What CISOs need to know about AI governance frameworks

AI offers business benefits but poses legal, ethical and reputational risks. Governance programs manage these risks while ensuring responsible use and regulatory compliance. Continue Reading
By
- Matthew Smith, Seemless Transition LLC
Tip 09 Jul 2025
Security log management tips and best practices

Learn how to conduct security log management that provides visibility into IT infrastructure activities and traffic, improves troubleshooting and prevents service disruptions. Continue Reading
By
- Ed Moyle, SecurityCurve
- Michael Cobb
Tip 09 Jul 2025
How to perform a cybersecurity risk assessment in 5 steps

When assessing cybersecurity risk, be sure to consider the scope of the project, your organization's specific assets and leadership's tolerance for risk. Continue Reading
By
- Char Sample, ICF International
Definition 09 Jul 2025
What is a CISO as a service (CISOaaS)?

CISO as a service, or CISOaaS, is the outsourcing of CISO (chief information security officer) and information security leadership responsibilities to a third-party provider. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Ben Lutkevich, Site Editor
Feature 07 Jul 2025
What is the future of cybersecurity?

As cyberthreats grow more sophisticated, enterprises face mounting challenges. What does the future of cybersecurity hold, and how can organizations stay ahead? Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Feature 07 Jul 2025
12 top enterprise risk management trends in 2025

Trends reshaping risk management include use of GRC platforms, risk maturity models, risk appetite statements and AI tools, plus the need to manage AI risks. Continue Reading
By
- George Lawton
Definition 02 Jul 2025
What is post-quantum cryptography? Comprehensive guide

Post-quantum cryptography, also known as quantum encryption or PQC, is the development of cryptographic systems for classical computers that can prevent attacks launched by quantum computers. Continue Reading
By
- Nick Barney, Technology Writer
- Rob Clyde, Isaca
- Alexander S. Gillis, Technical Writer and Editor
Definition 02 Jul 2025
What is the principle of least privilege (POLP)?

The principle of least privilege (POLP) is a concept in computer security that limits users' access rights to only what is strictly required to do their jobs. Continue Reading
By
- Kinza Yasar, Technical Writer
- Alexander S. Gillis, Technical Writer and Editor
Tip 02 Jul 2025
How to build a cybersecurity strategy and plan in 4 steps

A cybersecurity strategy isn't meant to be perfect, but this high-level plan must be proactive, effective, actively supported and evolving. Here are four key steps to get there. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Definition 01 Jul 2025
What is risk analysis?

Risk analysis is the process of identifying and analyzing potential issues that could negatively affect key business initiatives or projects. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Kinza Yasar, Technical Writer
- Linda Rosencrance
Tip 01 Jul 2025
How to implement a risk-based security strategy: 5 steps

Making the move from compliance-based to risk-based security helps organizations prioritize threats using systematic assessment and strategic planning. Continue Reading
By
- Ed Moyle, SecurityCurve
Definition 01 Jul 2025
What is risk management? Importance, benefits and guide

Risk management is the process of identifying, assessing and controlling threats to an organization's capital, operations and financial performance. Continue Reading
By
- Linda Tucci, Industry Editor -- CIO/IT Strategy
- Craig Stedman, Industry Editor
Definition 30 Jun 2025
What is the ISO 31000 Risk Management standard?

The ISO 31000 Risk Management framework is an international standard that provides organizations with guidelines and principles for risk management. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Brien Posey
Video 30 Jun 2025
Ransomware: Examples, prevention and mitigating the damage

Top cybersecurity experts gathered to discuss the latest threats from ransomware and how organizations, large and small, can prevent or, at least, mitigate an attack. Continue Reading
By
- Staff report
Tip 30 Jun 2025
What is attack surface management? Guide for organizations

Attack surface management can help CISOs and other cybersecurity managers address the growth in the number of potential entry points threat actors might exploit. Continue Reading
By
- John Moore, Industry Editor
Tip 30 Jun 2025
Cybersecurity outsourcing: Strategies, benefits and risks

For companies battling data breaches and cyberattacks, MSSPs can offer lower costs, better reliability, broader experience and more -- if organizations define their needs well. Continue Reading
By
- Mary K. Pratt
Definition 30 Jun 2025
What is vulnerability management? Definition, process and strategy

Vulnerability management is the process of identifying, assessing, remediating and mitigating security vulnerabilities in software and computer systems. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Sean Michael Kerner
Feature 30 Jun 2025
Enterprise cybersecurity: A strategic guide for CISOs

CISOs and others responsible for safeguarding an organization's systems, networks and data need to manage day-to-day threats while also planning strategically for what's ahead. Continue Reading
By
- Phil Sweeney, Industry Editor
- Craig Stedman, Industry Editor
Feature 30 Jun 2025
Why effective cybersecurity is important for businesses

Cyberattacks can have serious financial and business consequences for companies, which makes implementing strong cybersecurity protections a critical step. Continue Reading
By
- Mary K. Pratt
Tip 27 Jun 2025
Cybersecurity in M&A due diligence: Best practices for executives

Companies wouldn't think of merging with another organization without performing financial or business due diligence. The same is true of cybersecurity. Continue Reading
By
- Ed Moyle, SecurityCurve
Tip 27 Jun 2025
How to build a cybersecurity RFP

Crafting a cybersecurity RFP requires clear goals, precise questions and vendor vetting. Follow these guidelines to streamline the process and meet your company's security needs. Continue Reading
By
- Leah Zitter, Ph.D.
Tip 27 Jun 2025
Cybersecurity skills gap: Why it exists and how to address it

The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Tip 26 Jun 2025
Cyber insurance trends 2025: What executives need to know

Cyber insurance is essential for protecting an organization from the financial impact of a cyberattack and is a critical part of a risk management strategy. Continue Reading
By
- Sean Michael Kerner
Tip 26 Jun 2025
Generative AI security risks: Best practices for enterprises

Despite its benefits, generative AI poses numerous -- and potentially costly -- security challenges for companies. Review possible threats and best practices to mitigate risks. Continue Reading
By
- Nihad Hassan
Tip 25 Jun 2025
Ransomware threat actors today and how to thwart them

Top experts convened on BrightTALK's 'CISO Insights' to discuss 'Ransomware 3.0' -- the current threat and what organizations, large and small, must do to thwart these bad actors. Continue Reading
By
- Staff report
Tip 25 Jun 2025
10 remote work cybersecurity risks and how to prevent them

Larger attack surfaces, limited oversight of data use, AI-driven attacks and vulnerable enterprise technologies are among the security risks faced in remote work environments. Continue Reading
By
- Mary K. Pratt
Definition 25 Jun 2025
What is single sign-on (SSO)?

Single sign-on (SSO) is a session and user authentication service that lets users access multiple applications or systems with a single set of login credentials. Continue Reading
By
- Kinza Yasar, Technical Writer
- Taina Teravainen
Tip 24 Jun 2025
Cybersecurity governance: A guide for businesses to follow

Cybersecurity governance is now critical, with NIST CSF 2.0 recently adding it as a dedicated function. Learn why governance is core to an effective cyber strategy. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Definition 24 Jun 2025
What is risk avoidance?

Risk avoidance is the elimination of hazards, activities and exposures that can negatively affect an organization and its assets. Continue Reading
By
- Mary K. Pratt
Definition 23 Jun 2025
What is pure risk?

Pure risk refers to risks that are beyond human control and result in a loss or no loss, with no possibility of financial gain. Continue Reading
By
- Linda Tucci, Industry Editor -- CIO/IT Strategy
- Ben Cole, Executive Editor
Definition 23 Jun 2025
What is residual risk? How is it different from inherent risk?

Residual risk is the risk that remains after efforts to identify and eliminate some or all types of risk have been made. Continue Reading
By
- Dave Shackleford, Voodoo Security
- Francesca Sales
Tip 23 Jun 2025
How to choose a cybersecurity vendor: 12 key criteria

Choosing a cybersecurity vendor entails a two-phase approach: shortlisting vendors using clear requirements, then conducting thorough evaluations based on key criteria. Here's how. Continue Reading
By
- Leah Zitter, Ph.D.
Definition 20 Jun 2025
What is the Risk Management Framework (RMF)?

The Risk Management Framework (RMF) is a template and guideline organizations use to identify, eliminate and minimize risks. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Brien Posey
Definition 20 Jun 2025
What is risk assessment?

Risk assessment is the process of identifying hazards that could negatively affect an organization's ability to conduct business. Continue Reading
By
- Kinza Yasar, Technical Writer
- Alexander S. Gillis, Technical Writer and Editor
Definition 18 Jun 2025
What is an attack surface? Examples and best practices

An attack surface is the total number of possible entry points and attack vectors an organization or system has that are susceptible to unauthorized access. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Katie Terrell Hanna
Definition 16 Jun 2025
What is operational risk?

Operational risk is the risk of losses caused by flawed or failed processes, policies, systems, people or events that disrupt business operations. Continue Reading
By
- Kinza Yasar, Technical Writer
- Lisa Morgan
Tip 13 Jun 2025
How to write a risk appetite statement: Template, examples

A risk appetite statement defines acceptable risk levels for an organization. Here's what it includes and how to create one, with examples and a downloadable template. Continue Reading
By
- Chris Tozzi
Tip 13 Jun 2025
CISO's guide to building a strong cyber-resilience strategy

Cyber-resilience strategies that integrate BCDR, incident response and cybersecurity enable CISOs to build frameworks that help their organizations effectively handle cyberattacks. Continue Reading
By
- Paul Kirvan
Definition 11 Jun 2025
What is ransomware as a service (RaaS)?

Ransomware as a service (RaaS) is a subscription-based business model that enables threat actors, also called affiliates, to launch ransomware attacks by accessing and using predeveloped ransomware tools. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Kinza Yasar, Technical Writer
- Sean Michael Kerner
Definition 10 Jun 2025
What is a risk management specialist, and what does one do?

A risk management specialist is a role appointed within organizations to identify potential risks that might negatively affect the business. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- George Lawton
Definition 05 Jun 2025
What is third-party risk management (TPRM)?

Third-party risk management (TPRM) is a comprehensive framework for identifying, assessing, and mitigating risks associated with using external vendors, suppliers, partners and service providers. Continue Reading
By
- Kinza Yasar, Technical Writer
Feature 05 Jun 2025
Top 5 steps in the risk management process

Implementing an effective risk management process is a key part of managing business risks. Follow these five steps to ensure a successful process. Continue Reading
By
- Greg Witte, Palydin LLC
Tip 04 Jun 2025
A guide to risk registers: Benefits and examples

Risk registers document, prioritize and track an organization's risks, providing a holistic view of the risks and a ready way to communicate risk strategies. Continue Reading
By
- Mary K. Pratt
Definition 03 Jun 2025
What is a chief risk officer (CRO)? A detailed CRO job description

The chief risk officer (CRO) is a senior executive tasked with assessing, overseeing and mitigating an organization's risks. Continue Reading
By
- Kinza Yasar, Technical Writer
- Mary K. Pratt
- Ben Cole, Executive Editor
Feature 02 Jun 2025
Risk maturity model: How it works and how to use one

Explore risk maturity models and assessment tools for enhancing enterprise risk management. Improve ERM programs to mitigate risk and gain a competitive edge. Continue Reading
By
- Ben Lutkevich, Site Editor
Definition 30 May 2025
What is security?

Security for information technology (IT) refers to the methods, tools and personnel used to defend an organization's digital assets. Continue Reading
By
- Nick Barney, Technology Writer
- Madelyn Bacon, TechTarget
News 30 May 2025
News brief: Week's top breaches stem from third-party attacks

Check out the latest security news from the Informa TechTarget team. Continue Reading
By
- Staff report
Tip 30 May 2025
Key steps to developing a healthy risk culture

Some companies fail to communicate that risk is every employee's business. For others, top leadership is the impediment. Here's how to build a strong risk culture. Continue Reading
By
- Mary K. Pratt
Definition 30 May 2025
What is fourth-party risk management (FPRM)?

Fourth-party risk management (FPRM) is the process of identifying, assessing and mitigating risks that originate from the subcontractors and service providers that an organization's third-party vendors use. Continue Reading
By
- Kinza Yasar, Technical Writer
Feature 30 May 2025
13 types of business risks for companies to manage

Knowing the types of risks businesses commonly face and their applicability to your company is a first step toward effective risk management. Continue Reading
By
- Mary K. Pratt
Definition 28 May 2025
What is a compliance framework?

A compliance framework is a structured set of guidelines that details an organization's processes for maintaining accordance with established regulations, specifications or legislation. Continue Reading
By
- Ben Cole, Executive Editor
Definition 28 May 2025
What is a risk manager? Roles and responsibilities

A risk manager is a professional responsible for identifying and mitigating dangers to an organization's operations, reputation, safety, security and financial health -- any aspect with a potential negative impact on the company. Continue Reading
By
- Andy Patrizio
Feature 22 May 2025
Risk appetite vs. risk tolerance: How are they different?

Risk appetite and risk tolerance are related, but they don’t mean the same thing. Not knowing the difference can cause big problems for your risk management program. Continue Reading
By
- Mike Chapple, University of Notre Dame
Tip 20 May 2025
Best practices for board-level cybersecurity oversight

Corporate boards must play an increasingly active role in overseeing cybersecurity strategies. Here's what they need to know, from SEC disclosure requirements to best practices. Continue Reading
By
- Jerald Murphy, Nemertes Research
Definition 16 May 2025
What is risk appetite?

Risk appetite is the amount of risk an organization or investor is willing to take in pursuit of objectives it deems have value. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
Definition 14 May 2025
What is business resilience?

Business resilience is an organization's ability to adapt quickly to disruptions while maintaining continuous business operations and safeguarding people, assets and overall brand equity. Continue Reading
By
- Paul Kirvan
Definition 14 May 2025
What is penetration testing?

A penetration test, also called a 'pen test,' is a simulated cyberattack on a computer system, network or application to identify and highlight vulnerabilities in an organization's security posture. Continue Reading
By
- Kinza Yasar, Technical Writer
- Puneet Mehta, SDG
Definition 09 May 2025
What is a risk profile? Definition, examples and types

A risk profile is a quantitative analysis of the types of threats an organization, asset, project or individual faces. Continue Reading
By
- Mary K. Pratt
Definition 09 May 2025
What is risk reporting?

Risk reporting is a method of identifying risks tied to or potentially impacting an organization's business processes. Continue Reading
By
- Brien Posey
Definition 09 May 2025
What is the Sarbanes-Oxley Act? Definition and summary

The Sarbanes-Oxley Act of 2002 (SOX) is a federal law that established sweeping auditing and financial regulations for public companies. Continue Reading
By
- Katie Terrell Hanna
- Ben Lutkevich, Site Editor
Feature 07 May 2025
Enterprise risk management team: Roles and responsibilities

Every facet of business operations is exposed to risks, requiring a risk management team that's composed of a diverse mix of corporate executives and managers. Continue Reading
By
- Lisa Morgan
News 06 May 2025

The dark side of digital: Breaking the silence on youth mental health

Industry experts at RSAC 2025 called for urgent accountability in addressing technology's negative impact on youth, highlighting concerns about internet anonymity, mental health and the growing disconnect between generations. Continue Reading
Definition 28 Apr 2025
What is a risk map (risk heat map)?

A risk map, or risk heat map, is a data visualization tool for communicating specific risks an organization faces. Continue Reading
By
- Mary K. Pratt
- Mekhala Roy
Opinion 25 Apr 2025
RSAC 2025 to center on agentic AI, GenAI in security

If AI continues to become more accurate and secure, automation and self-healing systems that strengthen security programs could be the future. Continue Reading
By
- Melinda Marks, Practice Director
Tip 24 Apr 2025
How to incorporate smishing into security awareness training

Smishing is a major threat on enterprise smartphones, but users might not know how it compares to traditional email phishing. IT can help block attacks with training and testing. Continue Reading
By
- Brien Posey
Definition 23 Apr 2025
What is ransomware? Definition and complete guide

Ransomware is malware that locks and encrypts a victim's data, files, devices or systems, rendering them inaccessible and unusable until the attacker receives a ransom payment. Continue Reading
By
- Sharon Shea, Executive Editor
- Alissa Irei, Senior Site Editor
Podcast 22 Apr 2025
The AI market does not understand AI safety

Responsible AI is often misunderstood as a way to make sure that a model is safe. However, AI safety examines whether harmful content is being produced or not. Continue Reading
By
- Esther Shittu, News Writer
- Shaun Sutner, Senior News Director
Tip 17 Apr 2025
Building mobile security awareness training for end users

Do concerns of malware, social engineering and unpatched software on employee mobile devices have you up at night? One good place to start is mobile security awareness training. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Tip 17 Apr 2025
Tips to find cyber insurance coverage in 2025

Most businesses have a form of cyber insurance, either through cyber liability and data breach endorsements in traditional business policies or through standalone cyber policies. Continue Reading
By
- Kathleen Richards
News 15 Apr 2025

Organizations lack incident response plans, but answers are on the way

Developing strong incident response plans remains an area that requires significant improvement. Here are some shortcomings and how to address them. Continue Reading
Feature 15 Apr 2025
Ransomware trends, statistics and facts in 2025

Supply chain attacks, double extortion and RaaS are some of the ransomware trends that will continue to disrupt businesses in 2025. Is your industry a top target? Continue Reading
By
- Sean Michael Kerner
Feature 09 Apr 2025
How to create a data breach response plan, with free template

A data breach response plan outlines how a business reacts to a breach. Follow these six steps, and use our free template to develop your organization's plan. Continue Reading
By
- Rob Shapland
Definition 08 Apr 2025
What is sustainability risk management (SRM)?

Sustainability risk management (SRM) is a business strategy that aligns profit goals with a company's environmental, social and governance (ESG) policies. Continue Reading
By
- Robert Sheldon
Definition 08 Apr 2025
What is a key risk indicator (KRI) and why is it important?

A key risk indicator (KRI) is a metric for measuring the likelihood that the combined probability of an event and its consequences will exceed the organization's risk appetite. Continue Reading
By
- Paul Kirvan
- Linda Tucci, Industry Editor -- CIO/IT Strategy
Answer 08 Apr 2025
How to report ransomware attacks: Steps to take

The Cybersecurity and Infrastructure Security Agency and FBI recommend reporting ransomware attacks to the authorities as soon as possible. Continue Reading
By
- Kyle Johnson, Technology Editor
Tip 31 Mar 2025
How to prevent a data breach: 11 best practices and tactics

When it comes to data breach prevention, the stakes are high. While it's impossible to eliminate the risk, organizations can minimize it by following these best practices. Continue Reading
By
- Andrew Froehlich, West Gate Networks
News 20 Mar 2025
Cloudflare unveils tools for safeguarding AI deployment

The cybersecurity vendor's new suite helps businesses, developers and content creators deploy AI technology at scale safely and securely. Continue Reading
By
- Esther Shittu, News Writer
Feature 20 Mar 2025
IT risk assessment template (with free download)

Risk assessments are a critical part of a disaster recovery plan. Find out how to prepare a risk assessment, then download our included free template to create one. Continue Reading
By
- Paul Kirvan
Tip 18 Mar 2025
How to calculate the cost of a data breach

An effective risk management policy can help companies determine the best ways to offset the costs associated with a data breach and avoid reputational damage. Continue Reading
By
- Matthew Smith, Seemless Transition LLC
Tip 14 Mar 2025
How to secure AI infrastructure: Best practices

AI tools are creating an even greater attack surface for malicious hackers to penetrate. But there are steps you can take to ensure your organization's AI foundation remains safe. Continue Reading
By
- Jerald Murphy, Nemertes Research
Definition 14 Mar 2025
What is pharming?

Pharming is a scamming practice in which malicious code is installed on a PC or server, misdirecting users to fraudulent websites without their knowledge or consent. Continue Reading
By
- Nick Barney, Technology Writer
Tip 07 Mar 2025
Top 14 open source penetration testing tools

From Aircrack-ng to ZAP, these open source penetration testing tools are essential additions to any security pro's toolbox. Continue Reading
By
- Ed Moyle, SecurityCurve
Feature 06 Mar 2025
16 top ERM software vendors to consider in 2025

Various software tools can help automate risk management and GRC processes. Here's a look at 16 enterprise risk management vendors and their products. Continue Reading
By
- George Lawton
Definition 28 Feb 2025
What is the NSA and how does it work?

The National Security Agency (NSA) is a federal government surveillance and intelligence agency that's part of the U.S. Department of Defense and is managed under the authority of the director of national intelligence (DNI). Continue Reading
By
Definition 28 Feb 2025
What is multifactor authentication?

Multifactor authentication (MFA) is an IT security technology that requires multiple sources of unique information from independent categories of credentials to verify a user's identity for a login or other transaction. Continue Reading
By
- Stephen J. Bigelow, Senior Technology Editor
- Kinza Yasar, Technical Writer
- Mary E. Shacklett, Transworld Data
Tip 27 Feb 2025
How data centers can help balance the electrical grid

Data centers consume 1% of global electricity. To ease grid pressure, data centers should use renewable energy, partner with power companies and manage demand during peak times. Continue Reading
By
- Jacob Roundy
Tip 26 Feb 2025
How to improve third-party API integration security

External API integrations are critical, but so is managing third-party API risks to maintain customer trust, remain compliant and ensure long-term operational resilience. Continue Reading
By
- Jerald Murphy, Nemertes Research
News 24 Feb 2025
Apple pulls Advanced Data Protection in UK, sparking concerns

Privacy and security concerns mount, as Apple pulls the end-to-end encryption feature for users located in the U.K. following pressures from the government. Continue Reading
By
- Arielle Waldman, News Writer
Podcast 20 Feb 2025
Risk & Repeat: Salt Typhoon hasn't stopped hacking

Although the Salt Typhoon telecom breaches from last year appear to have been remediated, the Chinese state-sponsored threat group continues to target critical organizations. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 20 Feb 2025
Penetration testing vs. vulnerability scanning: What's the difference?

Confused by the distinctions between penetration testing and vulnerability scanning? You're not alone. Learn the key differences between the two and when to use each. Continue Reading
By
- Kyle Johnson, Technology Editor
- Andrew Froehlich, West Gate Networks
Definition 18 Feb 2025
What is defense in depth?

Defense in depth is a cybersecurity strategy that uses multiple security measures to protect an organization's networks, systems and data. Continue Reading
By
- Kyle Johnson, Technology Editor
Definition 12 Feb 2025
What are agreed-upon procedures (AUPs)?

Agreed-upon procedures are a standard a company or client outlines in an engagement letter or other written agreement when it hires an external party to perform an audit on a specific test or business process. Continue Reading
By
- Scott Robinson, New Era Technology
- Ben Cole, Executive Editor
Answer 10 Feb 2025
3 Best Practices to Protect Backups from Ransomware

Backing up data is one way to guard against threats such as ransomware, but attacks designed to infect backups can compromise data protection efforts. Continue Reading
By
- Mitch Lewis, Evaluator Group