Risk management

A successful risk management plan helps enterprises identify, plan for and mitigate potential risks. Learn about the components of risk management programs, including penetration tests, vulnerability and risk assessments, frameworks, security awareness training and more.

Top Stories

Tip 20 May 2025
Best practices for board-level cybersecurity oversight

Corporate boards must play an increasingly active role in overseeing cybersecurity strategies. Here's what they need to know, from SEC disclosure requirements to best practices. Continue Reading
By
- Jerald Murphy, Nemertes Research
Feature 07 May 2025
Enterprise risk management team: Roles and responsibilities

Every facet of business operations is exposed to risks, requiring a risk management team that's composed of a diverse mix of corporate executives and managers. Continue Reading
By
- Lisa Morgan

Definition 14 May 2025
What is business resilience?

Business resilience is an organization's ability to adapt quickly to disruptions while maintaining continuous business operations and safeguarding people, assets and overall brand equity. Continue Reading
By
- Paul Kirvan
Definition 14 May 2025
What is penetration testing?

A penetration test, also called a 'pen test,' is a simulated cyberattack on a computer system, network or application to identify and highlight vulnerabilities in an organization's security posture. Continue Reading
By
- Kinza Yasar, Technical Writer
- Puneet Mehta, SDG
Definition 09 May 2025
What is a risk profile? Definition, examples and types

A risk profile is a quantitative analysis of the types of threats an organization, asset, project or individual faces. Continue Reading
By
- Mary K. Pratt
Definition 09 May 2025
What is risk reporting?

Risk reporting is a method of identifying risks tied to or potentially impacting an organization's business processes. Continue Reading
By
- Brien Posey
Definition 09 May 2025
What is the Sarbanes-Oxley Act? Definition and summary

The Sarbanes-Oxley Act of 2002 (SOX) is a federal law that established sweeping auditing and financial regulations for public companies. Continue Reading
By
- Katie Terrell Hanna
- Ben Lutkevich, Site Editor
Feature 07 May 2025
Enterprise risk management team: Roles and responsibilities

Every facet of business operations is exposed to risks, requiring a risk management team that's composed of a diverse mix of corporate executives and managers. Continue Reading
By
- Lisa Morgan
News 06 May 2025

The dark side of digital: Breaking the silence on youth mental health

Industry experts at RSAC 2025 called for urgent accountability in addressing technology's negative impact on youth, highlighting concerns about internet anonymity, mental health and the growing disconnect between generations. Continue Reading
Definition 28 Apr 2025
What is a risk map (risk heat map)?

A risk map, or risk heat map, is a data visualization tool for communicating specific risks an organization faces. Continue Reading
By
- Mary K. Pratt
- Mekhala Roy
Opinion 25 Apr 2025
RSAC 2025 to center on agentic AI, GenAI in security

If AI continues to become more accurate and secure, automation and self-healing systems that strengthen security programs could be the future. Continue Reading
By
- Melinda Marks, Practice Director
Tip 24 Apr 2025
How to incorporate smishing into security awareness training

Smishing is a major threat on enterprise smartphones, but users might not know how it compares to traditional email phishing. IT can help block attacks with training and testing. Continue Reading
By
- Brien Posey
Definition 23 Apr 2025
What is ransomware? Definition and complete guide

Ransomware is malware that locks and encrypts a victim's data, files, devices or systems, rendering them inaccessible and unusable until the attacker receives a ransom payment. Continue Reading
By
- Sharon Shea, Executive Editor
- Alissa Irei, Senior Site Editor
Podcast 22 Apr 2025
The AI market does not understand AI safety

Responsible AI is often misunderstood as a way to make sure that a model is safe. However, AI safety examines whether harmful content is being produced or not. Continue Reading
By
- Esther Shittu, News Writer
- Shaun Sutner, Senior News Director
Tip 17 Apr 2025
Building mobile security awareness training for end users

Do concerns of malware, social engineering and unpatched software on employee mobile devices have you up at night? One good place to start is mobile security awareness training. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Tip 17 Apr 2025
Tips to find cyber insurance coverage in 2025

Most businesses have a form of cyber insurance, either through cyber liability and data breach endorsements in traditional business policies or through standalone cyber policies. Continue Reading
By
- Kathleen Richards
News 15 Apr 2025

Organizations lack incident response plans, but answers are on the way

Developing strong incident response plans remains an area that requires significant improvement. Here are some shortcomings and how to address them. Continue Reading
Feature 15 Apr 2025
Ransomware trends, statistics and facts in 2025

Supply chain attacks, double extortion and RaaS are some of the ransomware trends that will continue to disrupt businesses in 2025. Is your industry a top target? Continue Reading
By
- Sean Michael Kerner
Feature 09 Apr 2025
How to create a data breach response plan, with free template

A data breach response plan outlines how a business reacts to a breach. Follow these six steps, and use our free template to develop your organization's plan. Continue Reading
By
- Rob Shapland
Definition 08 Apr 2025
What is sustainability risk management (SRM)?

Sustainability risk management (SRM) is a business strategy that aligns profit goals with a company's environmental, social and governance (ESG) policies. Continue Reading
By
- Robert Sheldon
Definition 08 Apr 2025
What is a key risk indicator (KRI) and why is it important?

A key risk indicator (KRI) is a metric for measuring the likelihood that the combined probability of an event and its consequences will exceed the organization's risk appetite. Continue Reading
By
- Paul Kirvan
- Linda Tucci, Industry Editor -- CIO/IT Strategy
Answer 08 Apr 2025
How to report ransomware attacks: Steps to take

The Cybersecurity and Infrastructure Security Agency and FBI recommend reporting ransomware attacks to the authorities as soon as possible. Continue Reading
By
- Kyle Johnson, Technology Editor
Tip 31 Mar 2025
How to prevent a data breach: 11 best practices and tactics

When it comes to data breach prevention, the stakes are high. While it's impossible to eliminate the risk, organizations can minimize it by following these best practices. Continue Reading
By
- Andrew Froehlich, West Gate Networks
News 20 Mar 2025
Cloudflare unveils tools for safeguarding AI deployment

The cybersecurity vendor's new suite helps businesses, developers and content creators deploy AI technology at scale safely and securely. Continue Reading
By
- Esther Shittu, News Writer
Feature 20 Mar 2025
IT risk assessment template (with free download)

Risk assessments are a critical part of a disaster recovery plan. Find out how to prepare a risk assessment, then download our included free template to create one. Continue Reading
By
- Paul Kirvan
Tip 18 Mar 2025
How to calculate the cost of a data breach

An effective risk management policy can help companies determine the best ways to offset the costs associated with a data breach and avoid reputational damage. Continue Reading
By
- Matthew Smith, Seemless Transition LLC
Tip 14 Mar 2025
How to secure AI infrastructure: Best practices

AI tools are creating an even greater attack surface for malicious hackers to penetrate. But there are steps you can take to ensure your organization's AI foundation remains safe. Continue Reading
By
- Jerald Murphy, Nemertes Research
Definition 14 Mar 2025
What is pharming?

Pharming is a scamming practice in which malicious code is installed on a PC or server, misdirecting users to fraudulent websites without their knowledge or consent. Continue Reading
By
- Nick Barney, Technology Writer
Tip 07 Mar 2025
Top 14 open source penetration testing tools

From Aircrack-ng to ZAP, these open source penetration testing tools are essential additions to any security pro's toolbox. Continue Reading
By
- Ed Moyle, SecurityCurve
Feature 06 Mar 2025
16 top ERM software vendors to consider in 2025

Various software tools can help automate risk management and GRC processes. Here's a look at 16 enterprise risk management vendors and their products. Continue Reading
By
- George Lawton
Definition 28 Feb 2025
What is multifactor authentication?

Multifactor authentication (MFA) is an IT security technology that requires multiple sources of unique information from independent categories of credentials to verify a user's identity for a login or other transaction. Continue Reading
By
- Stephen J. Bigelow, Senior Technology Editor
- Kinza Yasar, Technical Writer
- Mary E. Shacklett, Transworld Data
Definition 28 Feb 2025
What is the NSA and how does it work?

The National Security Agency (NSA) is a federal government surveillance and intelligence agency that's part of the U.S. Department of Defense and is managed under the authority of the director of national intelligence (DNI). Continue Reading
By
Tip 27 Feb 2025
How data centers can help balance the electrical grid

Data centers consume 1% of global electricity. To ease grid pressure, data centers should use renewable energy, partner with power companies and manage demand during peak times. Continue Reading
By
- Jacob Roundy
Tip 26 Feb 2025
How to improve third-party API integration security

External API integrations are critical, but so is managing third-party API risks to maintain customer trust, remain compliant and ensure long-term operational resilience. Continue Reading
By
- Jerald Murphy, Nemertes Research
News 24 Feb 2025
Apple pulls Advanced Data Protection in UK, sparking concerns

Privacy and security concerns mount, as Apple pulls the end-to-end encryption feature for users located in the U.K. following pressures from the government. Continue Reading
By
- Arielle Waldman, News Writer
Podcast 20 Feb 2025
Risk & Repeat: Salt Typhoon hasn't stopped hacking

Although the Salt Typhoon telecom breaches from last year appear to have been remediated, the Chinese state-sponsored threat group continues to target critical organizations. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 20 Feb 2025
Penetration testing vs. vulnerability scanning: What's the difference?

Confused by the distinctions between penetration testing and vulnerability scanning? You're not alone. Learn the key differences between the two and when to use each. Continue Reading
By
- Kyle Johnson, Technology Editor
- Andrew Froehlich, West Gate Networks
Definition 18 Feb 2025
What is defense in depth?

Defense in depth is a cybersecurity strategy that uses multiple security measures to protect an organization's networks, systems and data. Continue Reading
By
- Kyle Johnson, Technology Editor
Definition 12 Feb 2025
What are agreed-upon procedures (AUPs)?

Agreed-upon procedures are a standard a company or client outlines in an engagement letter or other written agreement when it hires an external party to perform an audit on a specific test or business process. Continue Reading
By
- Scott Robinson, New Era Technology
- Ben Cole, Executive Editor
Answer 10 Feb 2025
3 Best Practices to Protect Backups from Ransomware

Backing up data is one way to guard against threats such as ransomware, but attacks designed to infect backups can compromise data protection efforts. Continue Reading
By
- Mitch Lewis, Evaluator Group
Definition 07 Feb 2025
What is physical security and how does it work?

Physical security protects personnel, hardware, software, networks, facilities and data from physical actions and events that could cause serious loss or damage to an enterprise, agency or institution. Continue Reading
By
- Mary E. Shacklett, Transworld Data
- Michael Cobb
Definition 07 Feb 2025
What is cyber insurance, and why is it important?

Cyber insurance, also called cyber liability insurance or cybersecurity insurance, is a contract a business or other organization can purchase to reduce the financial risks associated with doing business online. Continue Reading
By
- Cameron Hashemi-Pour, Former Site Editor
- Kinza Yasar, Technical Writer
Tip 05 Feb 2025
How to create a third-party risk management policy

NIST's Cybersecurity Framework offers some helpful tips for organizations to fortify their third-party risk management strategies. Here's how to implement them. Continue Reading
By
- Matthew Smith, Seemless Transition LLC
Feature 03 Feb 2025
How to assess and manage geopolitical risk

Geopolitical risks are often linked to international political, social and economic activities. Set policies for global business to better identify risks before they happen. Continue Reading
By
- Paul Kirvan
News 30 Jan 2025
Wiz reveals DeepSeek database exposed API keys, chat history

Wiz expressed concern about security shortcomings with AI tools and services amid the rapid adoption and rising popularity of offerings like DeepSeek-R1. Continue Reading
By
- Arielle Waldman, News Writer
News 28 Jan 2025
Apple zero-day vulnerability under attack on iOS devices

Apple said the zero-day vulnerability, tracked as CVE-2025-24085, affects its CoreMedia framework and 'may have been actively exploited against versions of iOS before iOS 17.2.' Continue Reading
By
- Rob Wright, Senior News Director
Definition 23 Jan 2025
What is threat modeling?

Threat modeling is the systematic process of identifying threats to and vulnerabilities in software applications, and then defining countermeasures to mitigate those threats and vulnerabilities to better protect business processes, networks, systems and data. Continue Reading
By
- Rahul Awati
- Michael Cobb
Podcast 21 Jan 2025
Risk & Repeat: What is the future of CISA?

South Dakota Gov. Kristi Noem, who is President Donald Trump's nominee for DHS secretary, said during a recent confirmation hearing that CISA should be 'smaller.' Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 16 Jan 2025
The mystery of the $75M ransom payment to Dark Angels

The Dark Angels gang stole 100 TB of data from a Fortune 50 company last year for a record-setting ransom payment. But the victim organization still hasn't disclosed those details. Continue Reading
By
- Rob Wright, Senior News Director
Podcast 14 Jan 2025
Rethinking business continuity before the next big IT outage

For one industry analyst, the most significant gap exposed by the CrowdStrike outage is between IT and business -- not Sec and Ops. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 09 Jan 2025
Experts optimistic on FCC's Cyber Trust Mark for IoT devices

The launch of the FCC's U.S. Cyber Trust Mark label for IoT devices will include internet-connected home security cameras, smart home appliances, baby monitors and more. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 08 Jan 2025
12 top enterprise risk management trends in 2025

Trends reshaping risk management include use of GRC platforms, risk maturity models, risk appetite statements and AI tools, plus the need to manage AI risks. Continue Reading
By
- George Lawton
News 06 Jan 2025
Amit Yoran, Tenable CEO and cybersecurity advocate, dies at 54

Amit Yoran was a decades-long practitioner of cybersecurity and previously held key roles at the U.S. Department of Homeland Security, RSA Security and NetWitness. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 06 Jan 2025
Top 4 incident response certifications to consider in 2025

Cybersecurity professionals pursuing an incident response track should consider the following certifications to bolster their knowledge and advance their career. Continue Reading
By
- Rob Shapland
Feature 30 Dec 2024
The future of hybrid cloud: What to expect in 2025 and beyond

For companies modernizing their business operations, hybrid cloud's embrace of AI, edge computing and integration promises unique levels of flexibility, security and control. Continue Reading
By
- George Lawton
Guest Post 19 Dec 2024
Add gamification learning to your pen testing training playbook

Organizations that embrace gamification in their pen testing training are better positioned to build and maintain the skilled security teams needed to address evolving threats. Continue Reading
By
- Ed Skoudis, SANS Technology Institute
Tip 17 Dec 2024
The pros and cons of biometric authentication

Biometric authentication can be a solid supplement to passwords when securing data and systems. But understanding potential drawbacks, and planning to minimize them, is essential. Continue Reading
By
- Char Sample, ICF International
Tip 10 Dec 2024
Webhook security: Risks and best practices for mitigation

Webhook security is an ongoing process, with responsibility shared between providers and consumers to protect against threats and ensure a secure webhook ecosystem. Continue Reading
By
- Twain Taylor, Twain Taylor Consulting
News 04 Dec 2024
FBI: Criminals using AI to commit fraud 'on a larger scale'

As AI technology becomes more widely adopted, attackers are abusing it for their scams, which the FBI says are becoming increasingly more difficult to detect. Continue Reading
By
- Arielle Waldman, News Writer
Tip 27 Nov 2024
How to build an effective third-party risk assessment framework

Don't overlook the threats associated with connecting vendors and partners to internal systems. Do your due diligence and use third-party risk assessments to prevent supply chain attacks. Continue Reading
By
- Amy Larsen DeCarlo, GlobalData
Definition 21 Nov 2024
What is AI red teaming?

AI red teaming is the practice of simulating attack scenarios on an artificial intelligence application to pinpoint weaknesses and plan preventative measures. Continue Reading
By
- Olivia Wisbey, Associate Site Editor
News 21 Nov 2024
Cyber insurers address ransom reimbursement policy concerns

In a recent op-ed for The Financial Times, U.S. Deputy National Security Advisor Anne Neuberger wrote that reimbursing ransom payments is a 'troubling practice that must end.' Continue Reading
By
- Arielle Waldman, News Writer
Tip 12 Nov 2024
EDR vs. XDR vs. MDR: Key differences and benefits

One of the most important goals of cybersecurity professionals is to quickly identify potential or in-progress cyberattacks. These three approaches can help. Continue Reading
By
- Paul Kirvan
Tip 12 Nov 2024
5 principles of change management in networking

Network change management includes five principles, including risk analysis and peer review. These best practices can help network teams reduce failed network changes and outages. Continue Reading
By
- Terry Slattery, NetCraftsmen
News 04 Nov 2024
CISA: U.S. election disinformation peddled at massive scale

CISA said the U.S. cybersecurity agency has seen small-scale election incidents 'resulting in no significant impacts to election infrastructure,' such as low-level DDoS attacks. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 01 Nov 2024
What is unified threat management (UTM)?

Unified threat management (UTM) is an information security system that provides a single point of protection against cyberthreats, including viruses, worms, spyware and other malware, as well as network attacks. Continue Reading
By
- Paul Kirvan
- Linda Rosencrance
Tip 28 Oct 2024
Insider threat hunting best practices and tools

Detecting threats coming from inside the organization presents unique challenges. Insider threat hunting helps identify potential threat actors and proactively deal with them. Continue Reading
By
- Jerald Murphy, Nemertes Research
Feature 28 Oct 2024
Types of cybersecurity controls and how to place them

A unilateral cybersecurity approach is ineffective in today's threat landscape. Learn why organizations should implement security controls based on the significance of each asset. Continue Reading
By
- Isabella Harford, TechTarget
- Packt Publishing
Tip 28 Oct 2024
How to achieve crypto-agility and future-proof security

Quantum computing will render current asymmetric encryption algorithms obsolete. Organizations need to deploy crypto-agile systems to remain protected. Continue Reading
By
- Amy Larsen DeCarlo, GlobalData
News 22 Oct 2024
SEC charges 4 companies for downplaying SolarWinds attacks

The U.S. Securities and Exchange Commission fined the companies for misleading investors about intrusions stemming from the SolarWinds supply chain attack. Continue Reading
By
- Arielle Waldman, News Writer
News 17 Oct 2024
Joe Sullivan: CEOs must be held accountable for security too

The former CSO at Uber was found guilty in 2022 of obstruction of justice relating to a breach. Now he's calling for clearer regulatory frameworks for security. Continue Reading
By
- Nicole Laskowski, Senior News Director
Feature 16 Oct 2024
How to define cyber-risk appetite as a security leader

In this excerpt from 'The CISO Evolution: Business Knowledge for Cybersecurity Executives,' learn how to define and communicate an enterprise's true cyber-risk appetite. Continue Reading
By
- Alissa Irei, Senior Site Editor
- Wiley Publishing
News 10 Oct 2024
Coalition: Ransomware severity up 68% in first half of 2024

The cyber insurance carrier examined claims trends for the first half of 2024, which showed policyholders experienced disruptive and increasingly costly ransomware attacks. Continue Reading
By
- Arielle Waldman, News Writer
Definition 09 Oct 2024
What is user behavior analytics (UBA)?

User behavior analytics (UBA) is the tracking, collecting and assessing of user data and activities using monitoring systems. Continue Reading
By
- Cameron Hashemi-Pour, Former Site Editor
- Peter Loshin, Former Senior Technology Editor
- Madelyn Bacon, TechTarget
Definition 07 Oct 2024
What is risk management? Importance, benefits and guide

Risk management is the process of identifying, assessing and controlling threats to an organization's capital, earnings and operations. Continue Reading
By
- Linda Tucci, Industry Editor -- CIO/IT Strategy
- Craig Stedman, Industry Editor
News 03 Oct 2024
Microsoft SFI progress report elicits cautious optimism

Infosec experts say the Secure Future Initiative progress report shows Microsoft has made important changes to its policies, practices and accountability structures. Continue Reading
By
- Alexander Culafi, Senior News Writer
Opinion 01 Oct 2024
Research reveals strategies to improve cloud-native security

As organizations focus on the cloud to deliver and scale applications, security teams struggle to keep up. Recent research points to how teams can effectively manage cloud security risk. Continue Reading
By
- Melinda Marks, Practice Director
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 23 Sep 2024
Microsoft issues first Secure Future Initiative report

In the first progress report since the launch of its Secure Future Initiative, Microsoft said it's made key improvements to identity and supply chain security. Continue Reading
By
- Arielle Waldman, News Writer
News 19 Sep 2024
Microsoft warns of Russian election threats, disinformation

As the 2024 U.S. presidential election nears, Microsoft detailed new influence campaigns, such as fake videos aimed at discrediting Vice President Kamala Harris. Continue Reading
By
- Arielle Waldman, News Writer
Opinion 18 Sep 2024
Top vulnerability management challenges for organizations

Organizations understand vulnerability management is essential to identifying cyber-risks, but coordinating teams, tools and handling CVEs keeps the pressure on. Continue Reading
By
- Jon Oltsik, Analyst Emeritus
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 18 Sep 2024
Orca: AI services, models falling short on security

New research from Orca Security shows that AI services and models in cloud contain a number of risks and security shortcomings that could be exploited by threat actors. Continue Reading
By
- Arielle Waldman, News Writer
Tip 13 Sep 2024
How AI could change threat detection

AI is changing technology as we know it. Discover how it's already improving organizations' ability to detect cybersecurity threats and how its benefits could grow as AI matures. Continue Reading
By
- Mary K. Pratt
News 12 Sep 2024
Mastercard to acquire Recorded Future for $2.65B

Mastercard says the addition of threat intelligence vendor Recorded Future will bolster its cybersecurity services as threats against the financial sector continue to rise. Continue Reading
By
- Arielle Waldman, News Writer
Opinion 11 Sep 2024
6 steps toward proactive attack surface management

With organizations' attack surfaces growing, new research shows better asset management, tighter access policies like zero trust and consistent configuration standards can help. Continue Reading
By
- Jon Oltsik, Analyst Emeritus
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Tip 10 Sep 2024
Cyber-risk quantification challenges and tools that can help

While cybersecurity risk should inform budget and strategy decisions, quantifying risk and the ROI of mitigation efforts isn't easy. Cyber-risk quantification tools can help. Continue Reading
By
- John Burke, Nemertes Research
Opinion 09 Sep 2024
Cyber-risk management remains challenging

Strong cyber-risk management demands collaboration and coordination across business management, IT operations, security and software development in an ever-changing environment. Continue Reading
By
- Jon Oltsik, Analyst Emeritus
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Tip 09 Sep 2024
How to create an AI acceptable use policy, plus template

With great power comes -- in the case of generative AI -- great security and compliance risks. Learn how an AI acceptable use policy can help ensure safe use of the technology. Continue Reading
By
- Jerald Murphy, Nemertes Research
News 04 Sep 2024
White House unveils plan to improve BGP security

The Office of the National Cyber Director has published a roadmap for internet routing security that outlines recommendations for mitigating BGP hijacking and other threats. Continue Reading
By
- Rob Wright, Senior News Director
News 28 Aug 2024
Infosec experts applaud DOJ lawsuit against Georgia Tech

The Department of Justice joined a whistleblower lawsuit against Georgia Tech for allegedly misleading the Department of Defense about its cybersecurity posture. Continue Reading
By
- Arielle Waldman, News Writer
Answer 28 Aug 2024
Types of hackers: Black hat, white hat, red hat and more

Black, white and gray hats are familiar to security pros, but as the spectrum evolves to include green, blue, red and purple, things get muddled. Brush up on types of hackers. Continue Reading
By
- Sharon Shea, Executive Editor
Podcast 26 Aug 2024
Risk & Repeat: National Public Data breach questions remain

The breach of National Public Data may have put billions of personal records at risk, but the scope of the attack and impact on consumers are still unclear. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 26 Aug 2024
Prepare your small business for ransomware attacks

Ransomware is a threat to all organizations, but small businesses are particularly at risk. Mitigation efforts and recovery planning are key to keep smaller companies in business. Continue Reading
By
- Damon Garn, Cogspinner Coaction
Opinion 16 Aug 2024
Cyber-risk management: Key takeaways from Black Hat 2024

Product updates announced at Black Hat USA 2024 can help security teams better manage constantly changing attack surfaces and ensure new AI projects won't pose security risks. Continue Reading
By
- David Vance
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Opinion 14 Aug 2024
Software testing lessons learned from the CrowdStrike outage

After the recent CrowdStrike outage, organizations are keen to prevent and prepare for potential future disruptions. These key security and quality lessons can help. Continue Reading
By
- Matt Heusser, Excelon Development
News 09 Aug 2024
Evolving threat landscape influencing cyber insurance market

Many aspects of cyber insurance were addressed throughout Black Hat USA 2024, including changes in the threat landscape that affect policies and coverage. Continue Reading
By
- Arielle Waldman, News Writer
News 08 Aug 2024
Zenity CTO on dangers of Microsoft Copilot prompt injections

Zenity's CTO describes how hidden email code can be used to feed malicious prompts to a victim's Copilot instance, leading to false outputs and even credential harvesting. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 08 Aug 2024
What is the Coalition for Secure AI (CoSAI)?

Coalition for Secure AI (CoSAI) is an open source initiative to enhance artificial intelligence's security. Continue Reading
By
- Ava DePasquale
News 07 Aug 2024
CISA: Election infrastructure has never been more secure

CISA Director Jen Easterly emphasized at Black Hat 2024 that election stakeholders cannot be complacent because 'the threat environment has never been so complex.' Continue Reading
By
- Alexander Culafi, Senior News Writer
News 07 Aug 2024
Veracode highlights security risks of GenAI coding tools

At Black Hat USA 2024, Veracode's Chris Wysopal warned of the downstream effects of how generative AI tools are helping developers write code faster. Continue Reading
By
- Arielle Waldman, News Writer
News 07 Aug 2024
Nvidia AI security architect discusses top threats to LLMs

Richard Harang, Nvidia's principal AI and ML security architect, said two of the biggest pain points for LLMs right now are insecure plugins and indirect prompt injections. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 07 Aug 2024
CrowdStrike details errors that led to mass IT outage

CrowdStrike's investigation into the recent defective update found that a 'confluence' of issues led to the release of the channel file last month, causing a mass IT outage. Continue Reading
By
- Rob Wright, Senior News Director
Definition 07 Aug 2024
What is a quality gate?

A quality gate is a milestone in an IT project that requires that predefined criteria be met before the project can proceed to the next phase. Continue Reading
By
- Corinne Bernstein