Risk management

A successful risk management plan helps enterprises identify, plan for and mitigate potential risks. Learn about the components of risk management programs, including penetration tests, vulnerability and risk assessments, frameworks, security awareness training and more.

Top Stories

Opinion 25 Apr 2025
RSAC 2025 to center on agentic AI, GenAI in security

If AI continues to become more accurate and secure, automation and self-healing systems that strengthen security programs could be the future. Continue Reading
By
- Melinda Marks, Practice Director
Tip 24 Apr 2025
How to incorporate smishing into security awareness training

Smishing is a major threat on enterprise smartphones, but users might not know how it compares to traditional email phishing. IT can help block attacks with training and testing. Continue Reading
By
- Brien Posey

Tip 27 Oct 2023
How to create a cybersecurity awareness training program

Cybersecurity awareness training often misses the mark, leaving employees undereducated and organizations vulnerable to attack. Here's how to succeed where too many fail. Continue Reading
By
- Alissa Irei, Senior Site Editor
- Mike Chapple, University of Notre Dame
Definition 25 Oct 2023
integrated risk management (IRM)

Integrated risk management (IRM) is a set of proactive, businesswide practices that contribute to an organization's security, risk tolerance profile and strategic decisions. Continue Reading
By
- Nick Barney, Technology Writer
- Wesley Chai
News 24 Oct 2023
JPMorgan Chase CISO explains why he's an 'AI optimist'

Pat Opet, CISO at JPMorgan Chase & Co., discussed how the financial services giant invests in cybersecurity and where generative AI could provide game-changing benefits. Continue Reading
By
- Rob Wright, Senior News Director
Definition 24 Oct 2023
Plundervolt

Plundervolt is the name of an undervolting attack that targeted Intel central processing units (CPUs). Continue Reading
By
- Ben Lutkevich, Site Editor
Feature 20 Oct 2023
Risk assessment matrix: Free template and usage guide

A risk assessment matrix identifies issues that present the greatest potential for business disruption or damage. Use this free template to focus risk mitigation plans. Continue Reading
By
- Paul Kirvan
Feature 18 Oct 2023
7 risk mitigation strategies to protect business operations

Companies facing a multitude of business risks have various options to mitigate them. Here are seven mitigation strategies to minimize the business impact of risks. Continue Reading
By
- Paul Kirvan
Definition 17 Oct 2023
speculative risk

Speculative risk is a type of risk the risk-taker takes on voluntarily and will result in some degree of profit or loss. Continue Reading
By
- Rahul Awati
- Ben Cole, Executive Editor
Tip 17 Oct 2023
How to conduct a cyber-resilience assessment

It's a good cyber-hygiene practice to periodically review your organization's cybersecurity plans and procedures. Use this checklist to guide your cyber-resilience assessment. Continue Reading
By
- Paul Kirvan
News 16 Oct 2023
Google Authenticator synchronization raises MFA concerns

Infosec experts say a synchronization feature added to Google's Authenticator app could lead to unintended consequences for organizations' multifactor authentication codes. Continue Reading
By
- Arielle Waldman, News Writer
Tip 16 Oct 2023
Build a strong cyber-resilience strategy with existing tools

Existing security protocols and processes can be combined to build a cyber-resilience framework, but understanding how these components relate to each other is key. Continue Reading
By
- Paul Kirvan
Tip 13 Oct 2023
Why fourth-party risk management is a must-have

It's not just third-party vendors that pose a security risk. Organizations should also keep an eye on their suppliers' suppliers with a fourth-party risk management strategy. Continue Reading
By
- Michael Cobb
Tip 12 Oct 2023
5 steps to achieve a risk-based security strategy

Learn about the five steps to implement a risk-based security strategy that helps naturally deliver compliance as a consequence of an improved security posture. Continue Reading
By
- Michael Cobb
Definition 12 Oct 2023
security awareness training

Security awareness training is a strategic approach IT and security professionals take to educate employees and stakeholders on the importance of cybersecurity and data privacy. Continue Reading
By
- Kinza Yasar, Technical Writer
- Mary K. Pratt
Feature 10 Oct 2023
Security posture management a huge challenge for IT pros

Enterprise Strategy Group's John Oltsik explains why executing security hygiene and posture management at scale remains an uphill battle for organizations, despite automation. Continue Reading
By
- Linda Tucci, Industry Editor -- CIO/IT Strategy
Quiz 10 Oct 2023
Security awareness training quiz: Questions and answers

From ransomware to passphrases, find out how much you know about preventing cybersecurity incidents in this security awareness training quiz. Continue Reading
By
- Sharon Shea, Executive Editor
- Katie Donegan, Social Media Manager
Tip 10 Oct 2023
Security log management and logging best practices

Learn how to conduct security log management that provides visibility into IT infrastructure activities and traffic, improves troubleshooting and prevents service disruptions. Continue Reading
By
- Michael Cobb
Tip 10 Oct 2023
Physical pen testing methods and tools

While companies regularly conduct network penetration tests, they may overlook physical office security. Here's how attackers -- with a baseball cap and smartphone -- get in. Continue Reading
By
- Rob Shapland
Definition 05 Oct 2023
risk assessment

Risk assessment is the process of identifying hazards that could negatively affect an organization's ability to conduct business. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
Feature 05 Oct 2023
13 types of business risks for companies to manage

To avoid business problems and operate effectively, companies need to be ready to deal with these common types of risks as part of their risk management programs. Continue Reading
By
- Mary K. Pratt
Definition 03 Oct 2023
Whistleblower Protection Act

The Whistleblower Protection Act of 1989 is a law that protects federal government employees in the United States from retaliatory action for voluntarily disclosing information about dishonest or illegal activities occurring in a government organization. Continue Reading
By
- Mary K. Pratt
- Ben Cole, Executive Editor
Tip 03 Oct 2023
Using the FAIR model to quantify cyber-risk

The Factor Analysis of Information Risk methodology helps organizations frame their cyber-risk exposure as a business issue and quantify it in financial terms. Learn how FAIR works. Continue Reading
By
- Paul Kirvan
- Alissa Irei, Senior Site Editor
Definition 02 Oct 2023
ISO 31000 Risk Management

The ISO 31000 Risk Management framework is an international standard that provides organizations with guidelines and principles for risk management. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Brien Posey
Tip 26 Sep 2023
How to use a SWOT analysis for IT disaster recovery planning

A disaster recovery IT SWOT analysis can identify the good and the bad aspects of a DR plan, as well as highlight potential risks and opportunities for improvement. Continue Reading
By
- Stuart Burns
Definition 26 Sep 2023
principle of least privilege (POLP)

The principle of least privilege (POLP) is a concept in computer security that limits users' access rights to only what is strictly required to do their jobs. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
Tip 26 Sep 2023
3 phases of the third-party risk management lifecycle

Contractors and other third parties can make systems more vulnerable to cyber attacks. The third-party risk management lifecycle helps ensure outside vendors protect your data. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Definition 21 Sep 2023
governance, risk and compliance (GRC)

Governance, risk and compliance (GRC) refers to an organization's strategy for handling the interdependencies among the following three components: corporate governance policies, enterprise risk management programs, and regulatory and company compliance. Continue Reading
By
- Kinza Yasar, Technical Writer
- Paul Kirvan
- Alexander S. Gillis, Technical Writer and Editor
News 20 Sep 2023
Cyber insurance report shows surge in ransomware claims

Coalition's H1 2023 report shows ransomware activity increased and severity reached "historic" highs as businesses lost an average of more than $365,000 following an attack. Continue Reading
By
- Arielle Waldman, News Writer
Definition 19 Sep 2023
total risk

Total risk is an assessment that identifies all the risk factors associated with pursuing a specific course of action. Continue Reading
By
- Katie Terrell Hanna
Definition 18 Sep 2023
electronically stored information (ESI)

Electronically stored information (ESI) is data that is created, altered, communicated and stored in digital form. Continue Reading
By
- Ben Cole, Executive Editor
News 14 Sep 2023
Palo Alto Networks: 80% of security exposures exist in cloud

It's no surprise that organizations struggle with cloud security, but a new report reveals an alarming split between cloud and on-premise security exposures. Continue Reading
By
- Arielle Waldman, News Writer
Tip 11 Sep 2023
How to develop a cloud backup ransomware protection strategy

Deploying cloud backups for ransomware protection has become a common security strategy. Here's how to properly vet cloud storage vendors to ensure backups stay secure. Continue Reading
By
- Dave Shackleford, Voodoo Security
Tip 08 Sep 2023
Risk prediction models: How they work and their benefits

Accurate risk prediction models can aid risk management efforts in organizations. Here's a look at how risk models work and the business benefits they provide. Continue Reading
By
- Donald Farmer, TreeHive Strategy
Definition 05 Sep 2023
email security

Email security is the process of ensuring the availability, integrity and authenticity of email communications by protecting against unauthorized access and email threats. Continue Reading
By
- Kinza Yasar, Technical Writer
- Sean Michael Kerner
Definition 30 Aug 2023
three lines model

The three lines model is a risk management approach to help organizations identify and manage risks effectively by creating three distinct lines of defense. Continue Reading
By
- Amanda Hetler, Senior Editor
Guest Post 30 Aug 2023
SEC cyber attack regulations prompt 10 questions for CISOs

New SEC regulations governing the disclosure of cyber attacks by public companies lead to 10 questions board members should ask their CISOs about managing cyber-risk. Continue Reading
By
- Frank Kim, SANS Institute
Definition 29 Aug 2023
IT audit (information technology audit)

An IT audit is the examination and evaluation of an organization's information technology, operations and controls. Continue Reading
By
- Paul Kirvan
Tip 29 Aug 2023
The CIO's role in strengthening cybersecurity

To effectively tackle security risks, organizations should proactively address the complexities of information security. Learn how CIOs can play a key role in cybersecurity. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
News 23 Aug 2023
Google launches AI-powered data classification for Workspace

Available now in preview, the new capability can automatically label files across a customer's Drive environment to protect data from exposure and exfiltration. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 21 Aug 2023
Vendors criticize Microsoft for repeated security failings

Microsoft is facing frustration for numerous security issues, including problematic transparency, numerous patch bypasses and inconsistent communication practices. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 21 Aug 2023
risk analysis

Risk analysis is the process of identifying and analyzing potential issues that could negatively impact key business initiatives or projects. Continue Reading
By
- Kinza Yasar, Technical Writer
- Linda Rosencrance
Feature 16 Aug 2023
Adopt embedded penetration testing to keep IoT devices secure

Regular embedded penetration testing can help discover vulnerabilities before attackers do. The author of 'Practical Hardware Pentesting' explains. Continue Reading
By
- Kyle Johnson, Technology Editor
Feature 16 Aug 2023
Top 12 risk management skills and why you need them

Effective risk management is necessary in all parts of a business. Here are a dozen skills that risk managers need to be successful in their jobs. Continue Reading
By
- Andy Patrizio
Tip 16 Aug 2023
6 open source GRC tools compliance professionals should know

Organizations must meet a variety of regulatory compliance requirements today. Here's a look at six open source GRC tools and related resources that might help. Continue Reading
By
- Ed Moyle, SecurityCurve
Tip 15 Aug 2023
Top 4 information security strategy essentials CIOs need

Right now, hackers are targeting your organization. Fight back by learning how CIOs can create a resilient and strong information security foundation. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Feature 15 Aug 2023
ISO 31000 vs. COSO: Comparing risk management standards

ISO 31000 and the COSO ERM framework are the two most popular risk management standards. Here's what they include and some of their similarities and differences. Continue Reading
By
- Michael Cobb
Feature 11 Aug 2023
Traditional vs. enterprise risk management: How do they differ?

Traditional risk management and enterprise risk management are similar in their aim to mitigate risks that can harm a company. But there are differences between them. Continue Reading
By
- Lisa Morgan
News 10 Aug 2023
CISA shares 'secure by design' plan for US tech ecosystem

The cyber agency plans to establish secure-by-design principles through internal and external communications, data collection and education for the next generation. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 10 Aug 2023
U.S., Ukraine cyber leaders talk resilience, collaboration

At Black Hat 2023, CISA's Jen Easterly and Ukraine's Victor Zhora discuss cyber resilience and security hardening in the face of destructive cyber campaigns. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 10 Aug 2023
Why using ransomware negotiation services is worth a try

If stakeholders decide to pay ransom demands, using a ransomware negotiation service could improve the situation's outcome and lower the payout. Continue Reading
By
- Kyle Johnson, Technology Editor
News 09 Aug 2023
Coalition looks to bridge gap between CISOs, cyber insurance

While carriers and CISOs agree cyber insurance has contributed to better security postures, Coalition said the relationship needs to stronger as threat evolve and intensify. Continue Reading
By
- Arielle Waldman, News Writer
Definition 09 Aug 2023
crisis management

Crisis management is the application of strategies designed to help an organization deal with a sudden and significant negative event, while maintaining business continuity. Continue Reading
By
- Nick Barney, Technology Writer
- Brien Posey
Tip 07 Aug 2023
How to manage generative AI security risks in the enterprise

Despite its benefits, generative AI poses numerous -- and potentially costly -- security challenges for companies. Review possible threats and best practices to mitigate risks. Continue Reading
By
- Nihad Hassan
Feature 07 Aug 2023
Enterprise risk management team: Roles and responsibilities

Every facet of business operations is exposed to risks, requiring a risk management team that's composed of a diverse mix of corporate executives and managers. Continue Reading
By
- Lisa Morgan
Feature 04 Aug 2023
9 common risk management failures and how to avoid them

As enterprises rework their business models and strategies to meet various new challenges, risks abound. Here are nine risk management failures to look out for. Continue Reading
By
- George Lawton
Feature 03 Aug 2023
Risk appetite vs. risk tolerance: How are they different?

Risk appetite and risk tolerance are related terms but not the same thing. Here's how they differ plus examples of risk appetite and risk tolerance statements. Continue Reading
By
- Mike Chapple, University of Notre Dame
Feature 01 Aug 2023
Infosec experts divided on SEC four-day reporting rule

Professionals in the cybersecurity industry voiced concerns and praises of new incident disclosure rules that allow companies four days to report a "material" cyber attack. Continue Reading
By
- Arielle Waldman, News Writer
Guest Post 28 Jul 2023
Intersection of generative AI, cybersecurity and digital trust

The popularity of generative AI has skyrocketed in recent months. Its benefits, however, are being met with cybersecurity, digital trust and legal challenges. Continue Reading
By
- Goh Ser Yoong
Feature 26 Jul 2023
Explaining risk maturity models and how they work

Explore risk maturity models and assessment tools for enhancing enterprise risk management. Improve ERM programs to mitigate risk and gain a competitive edge. Continue Reading
By
- Ben Lutkevich, Site Editor
News 20 Jul 2023
Cyber insurers adapting to data-centric ransomware threats

Cyber insurance carriers and infosec vendors weigh in on how the shift in ransomware tactics is affecting policies and coverage, presenting challenges for enterprises. Continue Reading
By
- Arielle Waldman, News Writer
Feature 10 Jul 2023
Wi-Fi AP placement best practices and security policies

From a security standpoint, Wi-Fi network designers should consider the physical and logical placement of APs, as well as management, segmentation and rogue devices. Continue Reading
By
- Lee Badman
Feature 10 Jul 2023
Get started: Threat modeling with the Mitre ATT&CK framework

The Mitre ATT&CK framework may seem daunting at first, but it is a key tool that helps SOC teams conduct threat modeling. Learn how to get started. Continue Reading
By
- Kyle Johnson, Technology Editor
Definition 07 Jul 2023
ransomware as a service (RaaS)

Ransomware as a service (RaaS) is a subscription-based business model that enables affiliates to launch ransomware attacks by accessing and using pre-developed ransomware tools. Continue Reading
By
- Kinza Yasar, Technical Writer
- Sean Michael Kerner
Tip 07 Jul 2023
Enterprise risk management should inform cyber-risk strategies

Cyber-risk doesn't exist in a vacuum. By understanding the broader enterprise risk management landscape, CISOs can make decisions that best serve the business. Continue Reading
By
- Jerald Murphy, Nemertes Research
Definition 05 Jul 2023
Dodd-Frank Act

The Dodd-Frank Act (fully known as the Dodd-Frank Wall Street Reform and Consumer Protection Act) is a United States federal law that places regulation of the financial industry in the hands of the government. Continue Reading
By
- Linda Rosencrance
Tip 19 Jun 2023
Cyber-risk quantification benefits and best practices

It's not enough to know cybersecurity threats exist. More importantly, companies must understand cyber-risks in ways stakeholders can measure and discuss. Continue Reading
By
- Jerald Murphy, Nemertes Research
Tip 12 Jun 2023
Benefits of risk-based vulnerability management over legacy VM

Risk-based vulnerability management not only offers a proactive way to identify vulnerable assets, but it also helps prevent alert fatigue and improve patch prioritization. Continue Reading
By
- Ravi Das, ML Tech Inc.
Feature 19 May 2023
The potential danger of the new Google .zip top-level domain

How much should the average end user be concerned about the new .zip and .mov TLDs? They aren't as bad as some make them out to be, but it's still worth doing something about them. Continue Reading
By
- Kyle Johnson, Technology Editor
News 16 May 2023
Coalition: Employee actions are driving cyber insurance claims

After analyzing cyber insurance claims data, Coalition determined that phishing escalated in 2022, ransomware dropped and timely patching remained a consistent problem. Continue Reading
By
- Arielle Waldman, News Writer
Definition 12 May 2023
Generally Accepted Recordkeeping Principles (the Principles)

Generally Accepted Recordkeeping Principles is a framework for managing records in a way that supports an organization's immediate and future regulatory, legal, risk mitigation, environmental and operational requirements. Continue Reading
By
- TechTarget Contributor
Tip 10 May 2023
How to reduce risk with cloud attack surface management

Attack surfaces continue to expand, fueled in part by the cloud. Attack surface management is a key way to identify vulnerable assets and reduce the risk to a corporate network. Continue Reading
By
- Dave Shackleford, Voodoo Security
Feature 03 May 2023
Studies show ransomware has already caused patient deaths

No patient deaths have been definitively attributed to cyber attacks on hospitals, but some infosec experts say that statistical evidence shows a different, grim reality. Continue Reading
By
- Alexis Zacharakos, Student Co-op
Definition 01 May 2023
compliance framework

A compliance framework is a structured set of guidelines that details an organization's processes for maintaining accordance with established regulations, specifications or legislation. Continue Reading
By
- Ben Cole, Executive Editor
News 26 Apr 2023
CISA aims to reduce email threats with serial CDR prototype

CISA officials at RSA Conference 2023 showed off a prototype designed to measure the risk of suspicious files and remove them from email and web services. Continue Reading
By
- Arielle Waldman, News Writer
News 26 Apr 2023
How ransomware victims can make the best of a bad situation

At RSA Conference 2023, Mandiant's Jibran Ilyas provided tips for ransomware victims that decide to pay, including a list of counterdemands to make to the threat actors. Continue Reading
By
- Alexis Zacharakos, Student Co-op
News 25 Apr 2023
RSAC panel warns AI poses unintended security consequences

A panel of experts at RSA conference 2023 warned of hallucinations and inherent biases but also said generative AI can assist in incident response and other security needs. Continue Reading
By
- Arielle Waldman, News Writer
News 25 Apr 2023
RSAC speaker offers ransomware victims unconventional advice

Triton Tech Consulting CEO Brandon Clark advised organizations to set aside the stigma of 'negotiating with terrorists' when deciding whether to pay a ransomware gang. Continue Reading
By
- Alexis Zacharakos, Student Co-op
Tip 17 Apr 2023
How to build a cybersecurity deception program

In 'The Art of War,' Sun Tzu declared, 'All warfare is based on deception.' Learn how to apply this principle in the enterprise by building a cybersecurity deception program. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Guest Post 14 Apr 2023
Pen testing amid the rise of AI-powered threat actors

The importance of pen testing continues to increase in the era of AI-powered attacks, along with red teaming, risk prioritization and well-defined goals for security teams. Continue Reading
By
- Ed Skoudis, SANS Technology Institute
Tip 07 Apr 2023
5 ChatGPT security risks in the enterprise

Whether in the hands of cybercriminals or oblivious end users, ChatGPT introduces new security risks. Continue Reading
By
- Alissa Irei, Senior Site Editor
- Ashwin Krishnan, StandOutin90Sec
Opinion 06 Apr 2023
Top RSA Conference 2023 trends and topics

Enterprise Strategy Group's Jack Poller outlines his picks for getting the most out of the 2023 RSA Conference, from keynotes to startups, AI, innovation and more. Continue Reading
By
- Jack Poller
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Definition 05 Apr 2023
post-quantum cryptography

Post-quantum cryptography, also known as quantum encryption, is the development of cryptographic systems for classical computers that can prevent attacks launched by quantum computers. Continue Reading
By
- Rob Clyde, Isaca
- Alexander S. Gillis, Technical Writer and Editor
Feature 03 Apr 2023
Why medical device vulnerabilities are hard to prioritize

Vulnerabilities in critical medical devices could lead to loss of life. But opinions are mixed on how serious the risk is to patient safety and how best to address the flaws. Continue Reading
By
- Alexis Zacharakos, Student Co-op
Tip 29 Mar 2023
Vulnerability management vs. risk management, compared

Vulnerability management seeks out security weaknesses in an organization, while risk management involves looking holistically at how the company is running. Continue Reading
By
- Ravi Das, ML Tech Inc.
Definition 28 Mar 2023
Sarbanes-Oxley Act

The Sarbanes-Oxley Act of 2002 is a federal law that established sweeping auditing and financial regulations for public companies. Continue Reading
By
- Ben Lutkevich, Site Editor
Tip 24 Mar 2023
Use zero-trust data management to better protect backups

Backup admins looking to protect data from bad actors can implement a zero-trust strategy for added protection. However, the method is not without its downsides. Continue Reading
By
- David Weldon
News 22 Mar 2023
Cyber insurance carriers expanding role in incident response

While cyber insurance has its benefits, infosec professionals expressed concern that carriers have too much influence over incident response decisions, especially with ransomware. Continue Reading
By
- Arielle Waldman, News Writer
Definition 07 Mar 2023
fuzz testing (fuzzing)

Fuzz testing (fuzzing) is a quality assurance technique used to discover coding errors or bugs and security loopholes in software, operating systems and networks. Continue Reading
By
- Ben Lutkevich, Site Editor
Tip 16 Feb 2023
Web 3.0 security risks: What you need to know

Elements of the third version of the web are coming to fruition. But Web 3.0 also comes with new cybersecurity, financial and privacy threats besides the familiar risks of Web 2.0. Continue Reading
By
- Jessica Groopman, Kaleido Insights
Definition 14 Feb 2023
social media policy

A social media policy is a corporate code of conduct that provides guidelines for employees who post content on the internet either as part of their job or as a private person. Continue Reading
By
- Nick Barney, Technology Writer
- Wendy Schuchart, TechTarget
Guest Post 18 Jan 2023
How to build a cyber-resilience culture in the enterprise

Discover how organizations can build a culture of cyber resilience by reducing risk, limiting damage, having a disaster recovery plan and assuming a cyber attack is coming. Continue Reading
By
- Geoff Hancock
News 11 Jan 2023
Vulnerable software, low incident reporting raises risks

Beneath the buzz around tech innovations at CES were discussions about cybersecurity and how to prevent the next generation of tech from being just as vulnerable as the last. Continue Reading
By
- Bridget Botelho, Editorial Director, News
News 10 Jan 2023
BitSight, Schneider Electric partner to quantify OT risk

The new partnership aims to provide organizations with increased visibility and risk detection capabilities for operational technology environments and critical infrastructure. Continue Reading
By
- Arielle Waldman, News Writer
Feature 19 Dec 2022
11 cybersecurity predictions for 2023

Analysts and experts have looked into their crystal balls and made their cybersecurity predictions for 2023. Is your organization prepared if these predictions come true? Continue Reading
By
- Kyle Johnson, Technology Editor
News 02 Dec 2022
Experts argue 'sludge' could muck up cyber attacks

Network defenders can supplement their security postures with additional settings and policies that frustrate and discourage attackers, according to a new research paper. Continue Reading
By
- Shaun Nichols
Definition 18 Nov 2022
pen testing (penetration testing)

A penetration test, also called a pen test or ethical hacking, is a cybersecurity technique that organizations use to identify, test and highlight vulnerabilities in their security posture. Continue Reading
By
- Kinza Yasar, Technical Writer
- Puneet Mehta, SDG
Guest Post 17 Nov 2022
Do companies need cyber insurance?

As cyber insurance costs rise, companies must determine whether they truly need cyber insurance to tackle their increased risk of cyber attacks. Continue Reading
By
- Mark Brown
News 10 Nov 2022
Flashpoint launches new 'ransomware prediction model'

Flashpoint's new model assigns a 'ransomware likelihood' rating for vulnerabilities contained in the VulnDB database, which contains more than 300,000 flaws. Continue Reading
By
- Arielle Waldman, News Writer
Tip 01 Nov 2022
Ideal CISO reporting structure is to high-level business leaders

CISOs usually report to a high-level executive, but reporting to a top-level business executive like the CEO rather than a technology executive protects the business best. Continue Reading
By
- John Burke, Nemertes Research
Feature 28 Oct 2022
Enterprise ransomware preparedness improving but still lacking

An Enterprise Strategy Group survey found enterprises are making strides in ransomware preparedness, but work remains to prevent and mitigate attacks. Continue Reading
By
- Kyle Johnson, Technology Editor
Tip 25 Oct 2022
Top security-by-design frameworks

Following a security-by-design framework, or designing one specific to your company, is key to implanting security into every step of the software development lifecycle. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec