Risk management

A successful risk management plan helps enterprises identify, plan for and mitigate potential risks. Learn about the components of risk management programs, including penetration tests, vulnerability and risk assessments, frameworks, security awareness training and more.

Top Stories

Tip 27 Jun 2025
Cybersecurity in M&A due diligence: Best practices for executives

Companies wouldn't think of merging with another organization without performing financial or business due diligence. The same is true of cybersecurity. Continue Reading
By
- Ed Moyle, SecurityCurve
Tip 27 Jun 2025
How to build a cybersecurity RFP

Crafting a cybersecurity RFP requires clear goals, precise questions and vendor vetting. Follow these guidelines to streamline the process and meet your company's security needs. Continue Reading
By
- Leah Zitter, Ph.D.

Tip 13 Feb 2024
How to conduct a social engineering penetration test

Social engineering attacks are becoming more sophisticated and more damaging. Penetration testing is one of the best ways to learn how to safeguard your systems against attack. Continue Reading
By
- Paul Kirvan
Feature 13 Feb 2024
Ransomware preparedness kicks off 2024 summit series

BrightTALK commenced the new year with ransomware readiness, giving viewers workable tips to prevent and recover from a devastating attack. Check out some highlights here. Continue Reading
By
- Alicia Landsberg, Senior Managing Editor
Tip 12 Feb 2024
Top metaverse cybersecurity challenges: How to address them

As the metaverse takes shape, companies must consider a slew of new cybersecurity challenges and how to deal with them. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
Guest Post 09 Feb 2024
Cybersecurity governance: A path to cyber maturity

Organizations need cybersecurity governance programs that make every employee aware of the cybersecurity mitigation efforts required to reduce cyber-risks. Continue Reading
By
- Pam Nigro
Tip 06 Feb 2024
8 dangers of shadow IT and how to manage them

Unauthorized devices, software and system changes -- and other forms of shadow IT -- can expose organizations to a range of security risks. Here are ways to manage them. Continue Reading
By
- Paul Kirvan
Tip 05 Feb 2024
Shadow AI poses new generation of threats to enterprise IT

AI is all the rage -- and so is shadow AI. Learn how unsanctioned use of generative AI tools can open organizations up to significant risks and what to do about it. Continue Reading
By
- John Burke, Nemertes Research
- Alissa Irei, Senior Site Editor
News 30 Jan 2024
Corvus: 2023 was a 'record-breaking' ransomware year

The insurance company analyzed claims data and ransomware gangs' data leak sites, which suggests as many as 7,600 organizations across the globe were attacked in 2023. Continue Reading
By
- Arielle Waldman, News Writer
Tip 30 Jan 2024
Why organizations need risk-based vulnerability management

As organizations become increasingly dispersed, they need a risk-based vulnerability management approach to achieve the best protection against cybersecurity threats. Continue Reading
By
- Mike Chapple, University of Notre Dame
Tip 29 Jan 2024
How to rank and prioritize security vulnerabilities in 3 steps

Vulnerability management programs gather massive amounts of data on security weaknesses. Security teams should learn how to rank vulnerabilities to quickly fix the biggest issues. Continue Reading
By
- Mike Chapple, University of Notre Dame
News 24 Jan 2024
NCSC says AI will increase ransomware, cyberthreats

While other threats are likely to increase as well, the U.K.'s National Cyber Security Centre warns that threat actors will use AI to continue the influx of ransomware attacks. Continue Reading
By
- Arielle Waldman, News Writer
Tip 23 Jan 2024
How to avoid malware on Linux systems

Malware attacks are devastating to companies, and there is no exception for Linux systems. Consider updating systems and assigning correct permissions. Continue Reading
By
- Jack Wallen
Tip 22 Jan 2024
Business continuity vs. disaster recovery vs. incident response

To stay in business, expect the unexpected. Learn how business continuity, disaster recovery and incident response differ -- and why organizations need plans for all three. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
- Alissa Irei, Senior Site Editor
Definition 19 Jan 2024
security incident

A security incident is an event that could indicate that an organization's systems or data have been compromised or that security measures put in place to protect them have failed. Continue Reading
By
- Kinza Yasar, Technical Writer
- Mary E. Shacklett, Transworld Data
- Ivy Wigmore
Tip 19 Jan 2024
On premises vs. cloud pros and cons, key differences

Immersed in the 'should I stay or should I go' cloud migration debate? Before vacating the premises and moving 'up there,' ponder these advantages and disadvantages. Continue Reading
By
- Zachary Flower, Freelance web developer and writer
- Ron Karjian, Industry Editor
Tip 18 Jan 2024
How to perform a cybersecurity risk assessment in 5 steps

This five-step framework for performing a cybersecurity risk assessment will help your organization prevent and reduce costly security incidents and avoid compliance issues. Continue Reading
By
- Michael Cobb
Feature 17 Jan 2024
CISOs on alert following SEC charges against SolarWinds

The Securities and Exchange Commission announced charges against SolarWinds and its CISO in October, but will it help improve transparency or simply scare infosec executives? Continue Reading
By
- Arielle Waldman, News Writer
Tip 17 Jan 2024
Incident management vs. incident response explained

While even many seasoned cybersecurity leaders use the terms 'incident management' and 'incident response' interchangeably, they aren't technically synonymous. Continue Reading
By
- Rob Shapland
Tip 12 Jan 2024
How to recycle mobile phones in the enterprise

Mobile device disposal requires careful planning. IT teams must learn how to recycle mobile phones to keep e-waste out of landfills and enterprise data out of the wrong hands. Continue Reading
By
- Marius Sandbu, Sopra Steria
Definition 12 Jan 2024
What is hybrid cloud? The ultimate guide

A hybrid cloud is a cloud computing environment that uses a mix of on-premises, private cloud and third-party public cloud services with orchestration among these platforms. Continue Reading
By
- Stephen J. Bigelow, Senior Technology Editor
- Ron Karjian, Industry Editor
Tip 11 Jan 2024
How to securely recycle enterprise computers

No matter how an organization wants to retire a device when it reaches its end of life, IT must first ensure that any sensitive data on it has been properly destroyed. Continue Reading
By
- Marius Sandbu, Sopra Steria
Definition 09 Jan 2024
sandbox

A sandbox is an isolated testing environment that enables users to run programs or open files without affecting the application, system or platform on which they run. Continue Reading
By
- TechTarget Contributor
Tip 05 Jan 2024
7 keys to an effective hybrid cloud migration strategy

Cloud readiness, storage costs, network lag and metrics can make or break the choice to move data, applications and workloads to today's more complex hybrid cloud environment. Continue Reading
By
- Brian Kirsch, Milwaukee Area Technical College
News 04 Jan 2024
December ransomware attacks disrupt healthcare organizations

Two attacks last month exposed the sensitive information of more than 3 million individuals as ransomware attacks continued to disrupt networks and expose private data. Continue Reading
By
- Arielle Waldman, News Writer
Tip 04 Jan 2024
8 hybrid cloud security challenges and how to manage them

Hybrid cloud's benefits are many and varied but so are the security issues surrounding integration, compatibility, governance, compliance, APIs, visibility and responsibility. Continue Reading
By
- Kathleen Richards
Feature 03 Jan 2024
Why effective cybersecurity is important for businesses

Cyber attacks can have serious financial and business consequences for companies, which makes implementing strong cybersecurity protections a critical step. Continue Reading
By
- Mary K. Pratt
Tip 02 Jan 2024
Pros and cons of 10 common hybrid cloud use cases

For businesses contemplating the advantages and disadvantages of their applications living in a distributed cloud infrastructure, take a cue from these hybrid cloud use cases. Continue Reading
By
- George Lawton
Definition 19 Dec 2023
supply chain risk management (SCRM)

Supply chain risk management (SCRM) is the coordinated efforts of an organization to help identify, monitor, detect and mitigate threats to supply chain continuity and profitability. Continue Reading
By
- Kinza Yasar, Technical Writer
News 14 Dec 2023
Splunk: AI isn't making spear phishing more effective

While new research shows AI tools won't make it easier for adversaries to conduct successful phishing attacks, social engineering awareness should remain a priority. Continue Reading
By
- Arielle Waldman, News Writer
Tip 14 Dec 2023
How an AI governance framework can strengthen security

Learn how AI governance frameworks promote security and compliance in enterprise AI deployments with essential components such as risk analysis, access control and incident response. Continue Reading
By
- Jerald Murphy, Nemertes Research
News 06 Dec 2023
Forescout uncovers 21 Sierra Wireless router vulnerabilities

Forescout is urging enterprises to patch software for affected OT/IoT routers as attackers increasingly target edge devices to gain network access to critical infrastructure. Continue Reading
By
- Arielle Waldman, News Writer
Tip 01 Dec 2023
7 key OT security best practices

Keeping operational technology secure requires vigilance and effort, especially as OT increasingly converges with IT. These cybersecurity best practices can help. Continue Reading
By
- Jerald Murphy, Nemertes Research
News 22 Nov 2023
CISA relaunches working group on cyber insurance, ransomware

Following a hiatus, the Cybersecurity Insurance and Data Analysis Working Group will relaunch in December to determine which security measures are most effective to reduce risk. Continue Reading
By
- Arielle Waldman, News Writer
Tip 21 Nov 2023
6 best practices for a records management strategy

A records management strategy can boost efficiency and reduce compliance risk. To create this strategy, organizations must first identify business and legal requirements. Continue Reading
By
- Laurence Hart, CGI Federal
Tip 17 Nov 2023
AI in risk management: Top benefits and challenges explained

AI and machine learning tools can aid in risk management programs. Here are the potential benefits, use cases and challenges your organization needs to know about. Continue Reading
By
- Dave Shackleford, Voodoo Security
Definition 14 Nov 2023
FTC (Federal Trade Commission)

The FTC, or Federal Trade Commission, is a United States federal regulatory agency designed to monitor and prevent anticompetitive, deceptive or unfair business practices. Continue Reading
By
- Ben Cole, Executive Editor
Opinion 08 Nov 2023
Research points to 5 ways to improve cybersecurity culture

Respondents to a new Enterprise Strategy Group/ISSA survey offered five key points on how to strengthen an organization's cybersecurity culture. Continue Reading
By
- Jon Oltsik, Analyst Emeritus
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Tip 07 Nov 2023
7 useful hardware pen testing tools

Penetration testers use a variety of hardware to conduct security assessments, including a powerful laptop, Raspberry Pi, Rubber Ducky and more. Continue Reading
By
- Rob Shapland
Definition 03 Nov 2023
cybersecurity asset management (CSAM)

Cybersecurity asset management (CSAM) is the process created to continuously discover, inventory, monitor, manage and track an organization's assets to determine what those assets do and identify and automatically remediate any gaps in its cybersecurity protections. Continue Reading
By
- Andrew Froehlich, West Gate Networks
News 31 Oct 2023
SEC charges SolarWinds for security failures, fraud

The SEC accused SolarWinds and CISO Timothy Brown of hiding known cybersecurity risks that were further highlighted by the supply chain attack revealed in 2020. Continue Reading
By
- Arielle Waldman, News Writer
Definition 30 Oct 2023
ISO 27002 (International Organization for Standardization 27002)

The ISO 27002 standard is a collection of information security management guidelines that are intended to help an organization implement, maintain and improve its information security management. Continue Reading
By
- Paul Kirvan
- Ben Cole, Executive Editor
Tip 27 Oct 2023
How to create a cybersecurity awareness training program

Cybersecurity awareness training often misses the mark, leaving employees undereducated and organizations vulnerable to attack. Here's how to succeed where too many fail. Continue Reading
By
- Alissa Irei, Senior Site Editor
- Mike Chapple, University of Notre Dame
Definition 25 Oct 2023
integrated risk management (IRM)

Integrated risk management (IRM) is a set of proactive, businesswide practices that contribute to an organization's security, risk tolerance profile and strategic decisions. Continue Reading
By
- Nick Barney, Technology Writer
- Wesley Chai
News 24 Oct 2023
JPMorgan Chase CISO explains why he's an 'AI optimist'

Pat Opet, CISO at JPMorgan Chase & Co., discussed how the financial services giant invests in cybersecurity and where generative AI could provide game-changing benefits. Continue Reading
By
- Rob Wright, Senior News Director
Definition 24 Oct 2023
Plundervolt

Plundervolt is the name of an undervolting attack that targeted Intel central processing units (CPUs). Continue Reading
By
- Ben Lutkevich, Site Editor
Feature 20 Oct 2023
Risk assessment matrix: Free template and usage guide

A risk assessment matrix identifies issues that present the greatest potential for business disruption or damage. Use this free template to focus risk mitigation plans. Continue Reading
By
- Paul Kirvan
Feature 18 Oct 2023
7 risk mitigation strategies to protect business operations

Companies facing a multitude of business risks have various options to mitigate them. Here are seven mitigation strategies to minimize the business impact of risks. Continue Reading
By
- Paul Kirvan
Definition 17 Oct 2023
speculative risk

Speculative risk is a type of risk the risk-taker takes on voluntarily and will result in some degree of profit or loss. Continue Reading
By
- Rahul Awati
- Ben Cole, Executive Editor
Tip 17 Oct 2023
How to conduct a cyber-resilience assessment

It's a good cyber-hygiene practice to periodically review your organization's cybersecurity plans and procedures. Use this checklist to guide your cyber-resilience assessment. Continue Reading
By
- Paul Kirvan
News 16 Oct 2023
Google Authenticator synchronization raises MFA concerns

Infosec experts say a synchronization feature added to Google's Authenticator app could lead to unintended consequences for organizations' multifactor authentication codes. Continue Reading
By
- Arielle Waldman, News Writer
Tip 13 Oct 2023
Why fourth-party risk management is a must-have

It's not just third-party vendors that pose a security risk. Organizations should also keep an eye on their suppliers' suppliers with a fourth-party risk management strategy. Continue Reading
By
- Michael Cobb
Tip 12 Oct 2023
5 steps to achieve a risk-based security strategy

Learn about the five steps to implement a risk-based security strategy that helps naturally deliver compliance as a consequence of an improved security posture. Continue Reading
By
- Michael Cobb
Definition 12 Oct 2023
security awareness training

Security awareness training is a strategic approach IT and security professionals take to educate employees and stakeholders on the importance of cybersecurity and data privacy. Continue Reading
By
- Kinza Yasar, Technical Writer
- Mary K. Pratt
Feature 10 Oct 2023
Security posture management a huge challenge for IT pros

Enterprise Strategy Group's John Oltsik explains why executing security hygiene and posture management at scale remains an uphill battle for organizations, despite automation. Continue Reading
By
- Linda Tucci, Industry Editor -- CIO/IT Strategy
Quiz 10 Oct 2023
Security awareness training quiz: Questions and answers

From ransomware to passphrases, find out how much you know about preventing cybersecurity incidents in this security awareness training quiz. Continue Reading
By
- Sharon Shea, Executive Editor
- Katie Donegan, Social Media Manager
Tip 10 Oct 2023
Security log management and logging best practices

Learn how to conduct security log management that provides visibility into IT infrastructure activities and traffic, improves troubleshooting and prevents service disruptions. Continue Reading
By
- Michael Cobb
Tip 10 Oct 2023
Physical pen testing methods and tools

While companies regularly conduct network penetration tests, they may overlook physical office security. Here's how attackers -- with a baseball cap and smartphone -- get in. Continue Reading
By
- Rob Shapland
Definition 03 Oct 2023
Whistleblower Protection Act

The Whistleblower Protection Act of 1989 is a law that protects federal government employees in the United States from retaliatory action for voluntarily disclosing information about dishonest or illegal activities occurring in a government organization. Continue Reading
By
- Mary K. Pratt
- Ben Cole, Executive Editor
Tip 03 Oct 2023
Using the FAIR model to quantify cyber-risk

The Factor Analysis of Information Risk methodology helps organizations frame their cyber-risk exposure as a business issue and quantify it in financial terms. Learn how FAIR works. Continue Reading
By
- Paul Kirvan
- Alissa Irei, Senior Site Editor
Definition 02 Oct 2023
ISO 31000 Risk Management

The ISO 31000 Risk Management framework is an international standard that provides organizations with guidelines and principles for risk management. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Brien Posey
Tip 26 Sep 2023
How to use a SWOT analysis for IT disaster recovery planning

A disaster recovery IT SWOT analysis can identify the good and the bad aspects of a DR plan, as well as highlight potential risks and opportunities for improvement. Continue Reading
By
- Stuart Burns
Definition 26 Sep 2023
principle of least privilege (POLP)

The principle of least privilege (POLP) is a concept in computer security that limits users' access rights to only what is strictly required to do their jobs. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
Tip 26 Sep 2023
3 phases of the third-party risk management lifecycle

Contractors and other third parties can make systems more vulnerable to cyber attacks. The third-party risk management lifecycle helps ensure outside vendors protect your data. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Definition 21 Sep 2023
governance, risk and compliance (GRC)

Governance, risk and compliance (GRC) refers to an organization's strategy for handling the interdependencies among the following three components: corporate governance policies, enterprise risk management programs, and regulatory and company compliance. Continue Reading
By
- Kinza Yasar, Technical Writer
- Paul Kirvan
- Alexander S. Gillis, Technical Writer and Editor
News 20 Sep 2023
Cyber insurance report shows surge in ransomware claims

Coalition's H1 2023 report shows ransomware activity increased and severity reached "historic" highs as businesses lost an average of more than $365,000 following an attack. Continue Reading
By
- Arielle Waldman, News Writer
Definition 19 Sep 2023
total risk

Total risk is an assessment that identifies all the risk factors associated with pursuing a specific course of action. Continue Reading
By
- Katie Terrell Hanna
Definition 18 Sep 2023
electronically stored information (ESI)

Electronically stored information (ESI) is data that is created, altered, communicated and stored in digital form. Continue Reading
By
- Ben Cole, Executive Editor
News 14 Sep 2023
Palo Alto Networks: 80% of security exposures exist in cloud

It's no surprise that organizations struggle with cloud security, but a new report reveals an alarming split between cloud and on-premise security exposures. Continue Reading
By
- Arielle Waldman, News Writer
Tip 11 Sep 2023
How to develop a cloud backup ransomware protection strategy

Deploying cloud backups for ransomware protection has become a common security strategy. Here's how to properly vet cloud storage vendors to ensure backups stay secure. Continue Reading
By
- Dave Shackleford, Voodoo Security
Tip 08 Sep 2023
Risk prediction models: How they work and their benefits

Accurate risk prediction models can aid risk management efforts in organizations. Here's a look at how risk models work and the business benefits they provide. Continue Reading
By
- Donald Farmer, TreeHive Strategy
Definition 05 Sep 2023
email security

Email security is the process of ensuring the availability, integrity and authenticity of email communications by protecting against unauthorized access and email threats. Continue Reading
By
- Kinza Yasar, Technical Writer
- Sean Michael Kerner
Definition 30 Aug 2023
three lines model

The three lines model is a risk management approach to help organizations identify and manage risks effectively by creating three distinct lines of defense. Continue Reading
By
- Amanda Hetler, Senior Editor
Guest Post 30 Aug 2023
SEC cyber attack regulations prompt 10 questions for CISOs

New SEC regulations governing the disclosure of cyber attacks by public companies lead to 10 questions board members should ask their CISOs about managing cyber-risk. Continue Reading
By
- Frank Kim, SANS Institute
Definition 29 Aug 2023
IT audit (information technology audit)

An IT audit is the examination and evaluation of an organization's information technology, operations and controls. Continue Reading
By
- Paul Kirvan
Tip 29 Aug 2023
The CIO's role in strengthening cybersecurity

To effectively tackle security risks, organizations should proactively address the complexities of information security. Learn how CIOs can play a key role in cybersecurity. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
News 23 Aug 2023
Google launches AI-powered data classification for Workspace

Available now in preview, the new capability can automatically label files across a customer's Drive environment to protect data from exposure and exfiltration. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 21 Aug 2023
Vendors criticize Microsoft for repeated security failings

Microsoft is facing frustration for numerous security issues, including problematic transparency, numerous patch bypasses and inconsistent communication practices. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 21 Aug 2023
risk analysis

Risk analysis is the process of identifying and analyzing potential issues that could negatively impact key business initiatives or projects. Continue Reading
By
- Kinza Yasar, Technical Writer
- Linda Rosencrance
Feature 16 Aug 2023
Adopt embedded penetration testing to keep IoT devices secure

Regular embedded penetration testing can help discover vulnerabilities before attackers do. The author of 'Practical Hardware Pentesting' explains. Continue Reading
By
- Kyle Johnson, Technology Editor
Feature 16 Aug 2023
Top 12 risk management skills and why you need them

Effective risk management is necessary in all parts of a business. Here are a dozen skills that risk managers need to be successful in their jobs. Continue Reading
By
- Andy Patrizio
Tip 16 Aug 2023
6 open source GRC tools compliance professionals should know

Organizations must meet a variety of regulatory compliance requirements today. Here's a look at six open source GRC tools and related resources that might help. Continue Reading
By
- Ed Moyle, SecurityCurve
Tip 15 Aug 2023
Top 4 information security strategy essentials CIOs need

Right now, hackers are targeting your organization. Fight back by learning how CIOs can create a resilient and strong information security foundation. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Feature 15 Aug 2023
ISO 31000 vs. COSO: Comparing risk management standards

ISO 31000 and the COSO ERM framework are the two most popular risk management standards. Here's what they include and some of their similarities and differences. Continue Reading
By
- Michael Cobb
Feature 11 Aug 2023
Traditional vs. enterprise risk management: How do they differ?

Traditional risk management and enterprise risk management are similar in their aim to mitigate risks that can harm a company. But there are differences between them. Continue Reading
By
- Lisa Morgan
News 10 Aug 2023
CISA shares 'secure by design' plan for US tech ecosystem

The cyber agency plans to establish secure-by-design principles through internal and external communications, data collection and education for the next generation. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 10 Aug 2023
U.S., Ukraine cyber leaders talk resilience, collaboration

At Black Hat 2023, CISA's Jen Easterly and Ukraine's Victor Zhora discuss cyber resilience and security hardening in the face of destructive cyber campaigns. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 10 Aug 2023
Why using ransomware negotiation services is worth a try

If stakeholders decide to pay ransom demands, using a ransomware negotiation service could improve the situation's outcome and lower the payout. Continue Reading
By
- Kyle Johnson, Technology Editor
News 09 Aug 2023
Coalition looks to bridge gap between CISOs, cyber insurance

While carriers and CISOs agree cyber insurance has contributed to better security postures, Coalition said the relationship needs to stronger as threat evolve and intensify. Continue Reading
By
- Arielle Waldman, News Writer
Definition 09 Aug 2023
crisis management

Crisis management is the application of strategies designed to help an organization deal with a sudden and significant negative event, while maintaining business continuity. Continue Reading
By
- Nick Barney, Technology Writer
- Brien Posey
Feature 04 Aug 2023
9 common risk management failures and how to avoid them

As enterprises rework their business models and strategies to meet various new challenges, risks abound. Here are nine risk management failures to look out for. Continue Reading
By
- George Lawton
Feature 01 Aug 2023
Infosec experts divided on SEC four-day reporting rule

Professionals in the cybersecurity industry voiced concerns and praises of new incident disclosure rules that allow companies four days to report a "material" cyber attack. Continue Reading
By
- Arielle Waldman, News Writer
Guest Post 28 Jul 2023
Intersection of generative AI, cybersecurity and digital trust

The popularity of generative AI has skyrocketed in recent months. Its benefits, however, are being met with cybersecurity, digital trust and legal challenges. Continue Reading
By
- Goh Ser Yoong
News 20 Jul 2023
Cyber insurers adapting to data-centric ransomware threats

Cyber insurance carriers and infosec vendors weigh in on how the shift in ransomware tactics is affecting policies and coverage, presenting challenges for enterprises. Continue Reading
By
- Arielle Waldman, News Writer
Feature 10 Jul 2023
Wi-Fi AP placement best practices and security policies

From a security standpoint, Wi-Fi network designers should consider the physical and logical placement of APs, as well as management, segmentation and rogue devices. Continue Reading
By
- Lee Badman
Feature 10 Jul 2023
Get started: Threat modeling with the Mitre ATT&CK framework

The Mitre ATT&CK framework may seem daunting at first, but it is a key tool that helps SOC teams conduct threat modeling. Learn how to get started. Continue Reading
By
- Kyle Johnson, Technology Editor
Tip 07 Jul 2023
Enterprise risk management should inform cyber-risk strategies

Cyber-risk doesn't exist in a vacuum. By understanding the broader enterprise risk management landscape, CISOs can make decisions that best serve the business. Continue Reading
By
- Jerald Murphy, Nemertes Research
Definition 05 Jul 2023
Dodd-Frank Act

The Dodd-Frank Act (fully known as the Dodd-Frank Wall Street Reform and Consumer Protection Act) is a United States federal law that places regulation of the financial industry in the hands of the government. Continue Reading
By
- Linda Rosencrance
Tip 19 Jun 2023
Cyber-risk quantification benefits and best practices

It's not enough to know cybersecurity threats exist. More importantly, companies must understand cyber-risks in ways stakeholders can measure and discuss. Continue Reading
By
- Jerald Murphy, Nemertes Research
Tip 12 Jun 2023
Benefits of risk-based vulnerability management over legacy VM

Risk-based vulnerability management not only offers a proactive way to identify vulnerable assets, but it also helps prevent alert fatigue and improve patch prioritization. Continue Reading
By
- Ravi Das, ML Tech Inc.
Feature 19 May 2023
The potential danger of the new Google .zip top-level domain

How much should the average end user be concerned about the new .zip and .mov TLDs? They aren't as bad as some make them out to be, but it's still worth doing something about them. Continue Reading
By
- Kyle Johnson, Technology Editor
News 16 May 2023
Coalition: Employee actions are driving cyber insurance claims

After analyzing cyber insurance claims data, Coalition determined that phishing escalated in 2022, ransomware dropped and timely patching remained a consistent problem. Continue Reading
By
- Arielle Waldman, News Writer