Risk management

A successful risk management plan helps enterprises identify, plan for and mitigate potential risks. Learn about the components of risk management programs, including penetration tests, vulnerability and risk assessments, frameworks, security awareness training and more.

June 30, 2022 30 Jun'22
SANS Institute: Human error remains the top security issue

The SANS Institute's annual report on security awareness found that human risk is still the biggest source of data breaches and security issues for enterprises.
June 22, 2022 22 Jun'22
Proofpoint: Social engineering attacks slipping past users

Executives, administrators and network defenders overlook the severity of many of the most effective social engineering tools, Proofpoint cautions.
June 20, 2022 20 Jun'22
Cleveland BSides takes heat for Chris Hadnagy appearance

The Cleveland BSides security conference is experiencing turmoil after booking a 'surprise' keynote speaker who was recently barred from DEF CON for misconduct.
June 17, 2022 17 Jun'22
Hertzbleed disclosure raises questions for Intel

Hertzbleed, a family of new side-channel attacks, was first reported to Intel in the third quarter of 2021, and it's unclear why it was kept under embargo for so long.

Bring yourself up to speed with our introductory content

How to conduct a cyber-resilience assessment

It's a good cyber hygiene practice to periodically review your organization's cybersecurity plans and procedures. Use this checklist to guide your cyber-resilience assessment. Continue Reading
Creating a patch management policy: Step-by-step guide

A comprehensive IT patch management policy is insurance against network hardware and software prone to bugs and vulnerabilities that can disrupt critical business processes. Continue Reading
How to conduct a cyber-war gaming exercise

A successful cyber-war game can help organizations find weaknesses in their system but only if the right participants are involved and an after-action review is completed. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

Top 4 source code security best practices

Software supply chain attacks are on the rise. Follow these source code best practices to protect both in-house and third-party code. Continue Reading
Why using ransomware negotiation services is worth a try

If stakeholders decide to pay ransomware demands, using a ransomware negotiation service could improve the situation's outcome and lower the payout. Continue Reading
Do phishing simulations work? Sometimes

Phishing simulations are becoming increasingly popular to pinpoint which employees fall victim to scams, but their effectiveness and morality have been called into question. Continue Reading

Learn to apply best practices and optimize your operations.

Top 4 best practices to secure the SDLC

NIST's Secure Software Development Framework is a set of practices for mitigating software vulnerabilities. Learn about the top SDLC best practices included in this framework. Continue Reading
How to address security risks in GPS-enabled devices

GPS-enabled devices not only pose personal risks but also pose risks to organizations. Learn about the security risks associated with tracking devices and how to address them. Continue Reading
Implementing wireless security in the enterprise

Learn how to properly secure your enterprise wireless network while considering UX, zero trust and commonly overlooked architectural mistakes. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

A guide to MSP patch management best practices

As software patch management challenges mount, industry experts offer advice to MSPs on prioritizing system risk levels, selecting proper tools and testing patches internally. Continue Reading
Prepare for deepfake phishing attacks in the enterprise

Deepfake phishing has already cost at least one company $243,000. Learn how cybersecurity leaders can train users to recognize this emerging attack vector. Continue Reading
Case study: Why it's difficult to attribute nation-state attacks

If two attacks look similar, don't assume they're from the same attacker. It's difficult to attribute nation-state attacks, as evidenced by the notorious 2016 Odinaff malware. Continue Reading