Risk management
A successful risk management plan helps enterprises identify, plan for and mitigate potential risks. Learn about the components of risk management programs, including penetration tests, vulnerability and risk assessments, frameworks, security awareness training and more.
Top Stories
-
Tip
27 Nov 2024
How to build an effective third-party risk assessment framework
Don't overlook the threats associated with connecting vendors and partners to internal systems. Do your due diligence and use third-party risk assessments to prevent supply chain attacks. Continue Reading
By- Amy Larsen DeCarlo, GlobalData
-
News
21 Nov 2024
Cyber insurers address ransom reimbursement policy concerns
In a recent op-ed for The Financial Times, U.S. Deputy National Security Advisor Anne Neuberger wrote that reimbursing ransom payments is a 'troubling practice that must end.' Continue Reading
By- Arielle Waldman, News Writer
-
Feature
16 Aug 2023
Adopt embedded penetration testing to keep IoT devices secure
Regular embedded penetration testing can help discover vulnerabilities before attackers do. The author of 'Practical Hardware Pentesting' explains. Continue Reading
By- Kyle Johnson, Technology Editor
-
Feature
16 Aug 2023
Top 12 risk management skills and why you need them
Effective risk management is necessary in all parts of a business. Here are a dozen skills that risk managers need to be successful in their jobs. Continue Reading
-
Tip
16 Aug 2023
6 open source GRC tools compliance professionals should know
Organizations must meet a variety of regulatory compliance requirements today. Here's a look at six open source GRC tools and related resources that might help. Continue Reading
By- Ed Moyle, Drake Software
-
Tip
15 Aug 2023
Top 4 information security strategy essentials CIOs need
Right now, hackers are targeting your organization. Fight back by learning how CIOs can create a resilient and strong information security foundation. Continue Reading
By- Kevin Beaver, Principle Logic, LLC
-
Feature
15 Aug 2023
ISO 31000 vs. COSO: Comparing risk management standards
ISO 31000 and the COSO ERM framework are the two most popular risk management standards. Here's what they include and some of their similarities and differences. Continue Reading
By -
Feature
11 Aug 2023
Traditional vs. enterprise risk management: How do they differ?
Traditional risk management and enterprise risk management are similar in their aim to mitigate risks that can harm a company. But there are differences between them. Continue Reading
By -
News
10 Aug 2023
CISA shares 'secure by design' plan for US tech ecosystem
The cyber agency plans to establish secure-by-design principles through internal and external communications, data collection and education for the next generation. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
10 Aug 2023
U.S., Ukraine cyber leaders talk resilience, collaboration
At Black Hat 2023, CISA's Jen Easterly and Ukraine's Victor Zhora discuss cyber resilience and security hardening in the face of destructive cyber campaigns. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Feature
10 Aug 2023
Why using ransomware negotiation services is worth a try
If stakeholders decide to pay ransom demands, using a ransomware negotiation service could improve the situation's outcome and lower the payout. Continue Reading
By- Kyle Johnson, Technology Editor
-
News
09 Aug 2023
Coalition looks to bridge gap between CISOs, cyber insurance
While carriers and CISOs agree cyber insurance has contributed to better security postures, Coalition said the relationship needs to stronger as threat evolve and intensify. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
09 Aug 2023
crisis management
Crisis management is the application of strategies designed to help an organization deal with a sudden and significant negative event, while maintaining business continuity. Continue Reading
By- Nick Barney, Technology Writer
- Brien Posey
-
Tip
07 Aug 2023
How to manage generative AI security risks in the enterprise
Despite its benefits, generative AI poses numerous -- and potentially costly -- security challenges for companies. Review possible threats and best practices to mitigate risks. Continue Reading
By -
Feature
07 Aug 2023
Enterprise risk management team: Roles and responsibilities
Every facet of business operations is exposed to risks, requiring a risk management team that's composed of a diverse mix of corporate executives and managers. Continue Reading
By -
Feature
04 Aug 2023
9 common risk management failures and how to avoid them
As enterprises rework their business models and strategies to meet various new challenges, risks abound. Here are nine risk management failures to look out for. Continue Reading
-
Feature
03 Aug 2023
Risk appetite vs. risk tolerance: How are they different?
Risk appetite and risk tolerance are related terms but not the same thing. Here's how they differ plus examples of risk appetite and risk tolerance statements. Continue Reading
By- Mike Chapple, University of Notre Dame
-
Feature
01 Aug 2023
Infosec experts divided on SEC four-day reporting rule
Professionals in the cybersecurity industry voiced concerns and praises of new incident disclosure rules that allow companies four days to report a "material" cyber attack. Continue Reading
By- Arielle Waldman, News Writer
-
Guest Post
28 Jul 2023
Intersection of generative AI, cybersecurity and digital trust
The popularity of generative AI has skyrocketed in recent months. Its benefits, however, are being met with cybersecurity, digital trust and legal challenges. Continue Reading
By- Goh Ser Yoong
-
Feature
26 Jul 2023
Explaining risk maturity models and how they work
Explore risk maturity models and assessment tools for enhancing enterprise risk management. Improve ERM programs to mitigate risk and gain a competitive edge. Continue Reading
By- Ben Lutkevich, Site Editor
-
News
20 Jul 2023
Cyber insurers adapting to data-centric ransomware threats
Cyber insurance carriers and infosec vendors weigh in on how the shift in ransomware tactics is affecting policies and coverage, presenting challenges for enterprises. Continue Reading
By- Arielle Waldman, News Writer
-
Feature
10 Jul 2023
Wi-Fi AP placement best practices and security policies
From a security standpoint, Wi-Fi network designers should consider the physical and logical placement of APs, as well as management, segmentation and rogue devices. Continue Reading
By -
Feature
10 Jul 2023
Get started: Threat modeling with the Mitre ATT&CK framework
The Mitre ATT&CK framework may seem daunting at first, but it is a key tool that helps SOC teams conduct threat modeling. Learn how to get started. Continue Reading
By- Kyle Johnson, Technology Editor
-
Definition
07 Jul 2023
ransomware as a service (RaaS)
Ransomware as a service (RaaS) is a subscription-based business model that enables affiliates to launch ransomware attacks by accessing and using pre-developed ransomware tools. Continue Reading
By- Kinza Yasar, Technical Writer
- Sean Michael Kerner
-
Tip
07 Jul 2023
Enterprise risk management should inform cyber-risk strategies
Cyber-risk doesn't exist in a vacuum. By understanding the broader enterprise risk management landscape, CISOs can make decisions that best serve the business. Continue Reading
By- Jerald Murphy, Nemertes Research
-
Definition
05 Jul 2023
Dodd-Frank Act
The Dodd-Frank Act (fully known as the Dodd-Frank Wall Street Reform and Consumer Protection Act) is a United States federal law that places regulation of the financial industry in the hands of the government. Continue Reading
-
Tip
19 Jun 2023
Cyber-risk quantification benefits and best practices
It's not enough to know cybersecurity threats exist. More importantly, companies must understand cyber-risks in ways stakeholders can measure and discuss. Continue Reading
By- Jerald Murphy, Nemertes Research
-
Tip
12 Jun 2023
Benefits of risk-based vulnerability management over legacy VM
Risk-based vulnerability management not only offers a proactive way to identify vulnerable assets, but it also helps prevent alert fatigue and improve patch prioritization. Continue Reading
By- Ravi Das, ML Tech Inc.
-
Feature
19 May 2023
The potential danger of the new Google .zip top-level domain
How much should the average end user be concerned about the new .zip and .mov TLDs? They aren't as bad as some make them out to be, but it's still worth doing something about them. Continue Reading
By- Kyle Johnson, Technology Editor
-
News
16 May 2023
Coalition: Employee actions are driving cyber insurance claims
After analyzing cyber insurance claims data, Coalition determined that phishing escalated in 2022, ransomware dropped and timely patching remained a consistent problem. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
12 May 2023
Generally Accepted Recordkeeping Principles (the Principles)
Generally Accepted Recordkeeping Principles is a framework for managing records in a way that supports an organization's immediate and future regulatory, legal, risk mitigation, environmental and operational requirements. Continue Reading
-
Tip
10 May 2023
How to reduce risk with cloud attack surface management
Attack surfaces continue to expand, fueled in part by the cloud. Attack surface management is a key way to identify vulnerable assets and reduce the risk to a corporate network. Continue Reading
By- Dave Shackleford, Voodoo Security
-
Feature
03 May 2023
Studies show ransomware has already caused patient deaths
No patient deaths have been definitively attributed to cyber attacks on hospitals, but some infosec experts say that statistical evidence shows a different, grim reality. Continue Reading
By- Alexis Zacharakos, Student Co-op
-
Definition
01 May 2023
compliance framework
A compliance framework is a structured set of guidelines that details an organization's processes for maintaining accordance with established regulations, specifications or legislation. Continue Reading
By- Ben Cole, Executive Editor
-
News
26 Apr 2023
CISA aims to reduce email threats with serial CDR prototype
CISA officials at RSA Conference 2023 showed off a prototype designed to measure the risk of suspicious files and remove them from email and web services. Continue Reading
By- Arielle Waldman, News Writer
-
News
26 Apr 2023
How ransomware victims can make the best of a bad situation
At RSA Conference 2023, Mandiant's Jibran Ilyas provided tips for ransomware victims that decide to pay, including a list of counterdemands to make to the threat actors. Continue Reading
By- Alexis Zacharakos, Student Co-op
-
News
25 Apr 2023
RSAC panel warns AI poses unintended security consequences
A panel of experts at RSA conference 2023 warned of hallucinations and inherent biases but also said generative AI can assist in incident response and other security needs. Continue Reading
By- Arielle Waldman, News Writer
-
News
25 Apr 2023
RSAC speaker offers ransomware victims unconventional advice
Triton Tech Consulting CEO Brandon Clark advised organizations to set aside the stigma of 'negotiating with terrorists' when deciding whether to pay a ransomware gang. Continue Reading
By- Alexis Zacharakos, Student Co-op
-
Tip
17 Apr 2023
How to build a cybersecurity deception program
In 'The Art of War,' Sun Tzu declared, 'All warfare is based on deception.' Learn how to apply this principle in the enterprise by building a cybersecurity deception program. Continue Reading
By- Karen Scarfone, Scarfone Cybersecurity
-
Guest Post
14 Apr 2023
Pen testing amid the rise of AI-powered threat actors
The importance of pen testing continues to increase in the era of AI-powered attacks, along with red teaming, risk prioritization and well-defined goals for security teams. Continue Reading
By- Ed Skoudis, SANS Technology Institute
-
Tip
07 Apr 2023
5 ChatGPT security risks in the enterprise
Whether in the hands of cybercriminals or oblivious end users, ChatGPT introduces new security risks. Continue Reading
By- Alissa Irei, Senior Site Editor
- Ashwin Krishnan, StandOutin90Sec
-
Opinion
06 Apr 2023
Top RSA Conference 2023 trends and topics
Enterprise Strategy Group's Jack Poller outlines his picks for getting the most out of the 2023 RSA Conference, from keynotes to startups, AI, innovation and more. Continue Reading
By- Jack Poller
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Definition
05 Apr 2023
post-quantum cryptography
Post-quantum cryptography, also known as quantum encryption, is the development of cryptographic systems for classical computers that can prevent attacks launched by quantum computers. Continue Reading
By- Rob Clyde, Isaca
- Alexander S. Gillis, Technical Writer and Editor
-
Feature
03 Apr 2023
Why medical device vulnerabilities are hard to prioritize
Vulnerabilities in critical medical devices could lead to loss of life. But opinions are mixed on how serious the risk is to patient safety and how best to address the flaws. Continue Reading
By- Alexis Zacharakos, Student Co-op
-
Tip
29 Mar 2023
Vulnerability management vs. risk management, compared
Vulnerability management seeks out security weaknesses in an organization, while risk management involves looking holistically at how the company is running. Continue Reading
By- Ravi Das, ML Tech Inc.
-
Definition
28 Mar 2023
Sarbanes-Oxley Act
The Sarbanes-Oxley Act of 2002 is a federal law that established sweeping auditing and financial regulations for public companies. Continue Reading
By- Ben Lutkevich, Site Editor
-
Tip
24 Mar 2023
Use zero-trust data management to better protect backups
Backup admins looking to protect data from bad actors can implement a zero-trust strategy for added protection. However, the method is not without its downsides. Continue Reading
By -
News
22 Mar 2023
Cyber insurance carriers expanding role in incident response
While cyber insurance has its benefits, infosec professionals expressed concern that carriers have too much influence over incident response decisions, especially with ransomware. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
07 Mar 2023
fuzz testing (fuzzing)
Fuzz testing (fuzzing) is a quality assurance technique used to discover coding errors or bugs and security loopholes in software, operating systems and networks. Continue Reading
By- Ben Lutkevich, Site Editor
-
Tip
16 Feb 2023
Web 3.0 security risks: What you need to know
Elements of the third version of the web are coming to fruition. But Web 3.0 also comes with new cybersecurity, financial and privacy threats besides the familiar risks of Web 2.0. Continue Reading
By- Jessica Groopman, Kaleido Insights
-
Definition
14 Feb 2023
social media policy
A social media policy is a corporate code of conduct that provides guidelines for employees who post content on the internet either as part of their job or as a private person. Continue Reading
By- Nick Barney, Technology Writer
- Wendy Schuchart, TechTarget
-
Guest Post
18 Jan 2023
How to build a cyber-resilience culture in the enterprise
Discover how organizations can build a culture of cyber resilience by reducing risk, limiting damage, having a disaster recovery plan and assuming a cyber attack is coming. Continue Reading
By- Geoff Hancock
-
News
11 Jan 2023
Vulnerable software, low incident reporting raises risks
Beneath the buzz around tech innovations at CES were discussions about cybersecurity and how to prevent the next generation of tech from being just as vulnerable as the last. Continue Reading
By- Bridget Botelho, Editorial Director, News
-
News
10 Jan 2023
BitSight, Schneider Electric partner to quantify OT risk
The new partnership aims to provide organizations with increased visibility and risk detection capabilities for operational technology environments and critical infrastructure. Continue Reading
By- Arielle Waldman, News Writer
-
Feature
19 Dec 2022
11 cybersecurity predictions for 2023
Analysts and experts have looked into their crystal balls and made their cybersecurity predictions for 2023. Is your organization prepared if these predictions come true? Continue Reading
By- Kyle Johnson, Technology Editor
-
News
02 Dec 2022
Experts argue 'sludge' could muck up cyber attacks
Network defenders can supplement their security postures with additional settings and policies that frustrate and discourage attackers, according to a new research paper. Continue Reading
-
Definition
18 Nov 2022
pen testing (penetration testing)
A penetration test, also called a pen test or ethical hacking, is a cybersecurity technique that organizations use to identify, test and highlight vulnerabilities in their security posture. Continue Reading
By- Kinza Yasar, Technical Writer
- Puneet Mehta, SDG
-
Guest Post
17 Nov 2022
Do companies need cyber insurance?
As cyber insurance costs rise, companies must determine whether they truly need cyber insurance to tackle their increased risk of cyber attacks. Continue Reading
By- Mark Brown
-
News
10 Nov 2022
Flashpoint launches new 'ransomware prediction model'
Flashpoint's new model assigns a 'ransomware likelihood' rating for vulnerabilities contained in the VulnDB database, which contains more than 300,000 flaws. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
01 Nov 2022
Ideal CISO reporting structure is to high-level business leaders
CISOs usually report to a high-level executive, but reporting to a top-level business executive like the CEO rather than a technology executive protects the business best. Continue Reading
By- John Burke, Nemertes Research
-
Feature
28 Oct 2022
Enterprise ransomware preparedness improving but still lacking
An Enterprise Strategy Group survey found enterprises are making strides in ransomware preparedness, but work remains to prevent and mitigate attacks. Continue Reading
By- Kyle Johnson, Technology Editor
-
Tip
25 Oct 2022
Top security-by-design frameworks
Following a security-by-design framework, or designing one specific to your company, is key to implanting security into every step of the software development lifecycle. Continue Reading
By- Ashwin Krishnan, StandOutin90Sec
-
Definition
14 Oct 2022
Wi-Fi Pineapple
A Wi-Fi Pineapple is a wireless auditing platform from Hak5 that allows network security administrators to conduct penetration tests. Continue Reading
By- Ben Lutkevich, Site Editor
-
Guest Post
14 Oct 2022
The role of transparency in digital trust
To retain digital trust, organizations must be transparent in the aftermath of cybersecurity attacks and data breaches. Learn more about the roles of transparency in trust. Continue Reading
By- Sushila Nair, Nate Abbott
-
Feature
11 Oct 2022
LinkedIn scams, fake Instagram accounts hit businesses, execs
Even the most secure business and executive social media accounts that have strong passwords and multifactor authentication are vulnerable to cloning schemes. Continue Reading
By- Bridget Botelho, Editorial Director, News
-
Tip
15 Sep 2022
Use shadow IT discovery to find unauthorized devices and apps
Shadow IT may be convenient for users, but it isn't for IT -- especially where security is concerned. Shadow IT discovery finds unmanaged devices and apps. Continue Reading
By- Karen Scarfone, Scarfone Cybersecurity
-
Tip
14 Sep 2022
How to connect cyber-risk and climate risk strategies
Every business faces two global systemic risks: cybersecurity and climate change. Learn how to integrate these two areas of risk management for greater business resilience. Continue Reading
By- Jessica Groopman, Kaleido Insights
-
Definition
08 Sep 2022
data integrity
Data integrity is the assurance that digital information is uncorrupted and can only be accessed or modified by those authorized to do so. Continue Reading
By- Stephen J. Bigelow, Senior Technology Editor
-
News
01 Sep 2022
Researcher unveils smart lock hack for fingerprint theft
An academic researcher demonstrated how IoT smart locks could become tools for attackers to covertly steal fingerprints and potentially access more sensitive personal data. Continue Reading
-
Tip
01 Sep 2022
Cybersecurity budget breakdown and best practices
Once budget is secured, CISOs must figure out where it should be allocated -- as well as how to justify the costs. Get the lowdown on a cybersecurity budget breakdown here. Continue Reading
By- Ashwin Krishnan, StandOutin90Sec
-
Tip
22 Aug 2022
Why security chaos engineering works, and how to do it right
While 'chaos' doesn't sound like something software security managers would want, chaos engineering has an enticing amount of value when it comes to identifying potential threats. Continue Reading
By- Tom Nolle, Andover Intel
-
Tip
18 Aug 2022
5 reasons to integrate ESG and cybersecurity
Every business faces global systemic risks, yet most have failed to integrate cybersecurity with ESG programs. Here are five reasons why integration makes good business sense. Continue Reading
By- Jessica Groopman, Kaleido Insights
-
News
18 Aug 2022
Russian cyber attacks on Ukraine driven by government groups
Researchers with Trustwave say the cyber attacks against Ukraine are not the work of enlisted private hacking groups but Russian government intelligence agencies. Continue Reading
-
Tip
17 Aug 2022
How to create a threat profile, with template
Read five key steps on how to create a threat profile, and get started making them customized to your organization with our free template. Continue Reading
By- Karen Scarfone, Scarfone Cybersecurity
-
Tip
16 Aug 2022
How to ensure a secure metaverse in your organization
Before deploying your company's metaverse, follow these practices -- including inventorying vulnerabilities and developing T&Cs -- to proactively address metaverse security issues. Continue Reading
By- Ashwin Krishnan, StandOutin90Sec
-
News
16 Aug 2022
For cyber insurance, some technology leads to higher premiums
Though cyber insurance demand is exceeding supply and companies might receive less coverage with higher premiums, experts say there are ways enterprises can reduce risk. Continue Reading
By- Arielle Waldman, News Writer
-
News
16 Aug 2022
Zero Day Initiative seeing an increase in failed patches
In a Q&A with TechTarget Editorial, Trend Micro Zero Day Initiative's Brian Gorenc and Dustin Childs discuss incomplete patches and the value of personal researcher relations. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
11 Aug 2022
Researchers reveal Kubernetes security holes, prevention
Researchers with Palo Alto Networks took the stage at Black Hat to explain how configurations and system privileges in Kubernetes clusters can allow container escape and takeover. Continue Reading
-
News
11 Aug 2022
Zero Day Initiative launches new bug disclosure timelines
The Trend Micro Zero Day Initiative's vulnerability disclosure policy will now mandate shorter disclosure windows for flaws believed to result from bypassed security patches. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
10 Aug 2022
Chris Krebs: It's still too hard to work with the government
Former CISA Director Chris Krebs offered multiple areas of improvement to the U.S. government's cyber readiness during a Black Hat 2022 keynote. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
09 Aug 2022
IT pros weigh COVID-19 risks, safety at tech conferences
Companies preparing to send employees to tech conferences should have a COVID-19 safety plan and prepare for the possibility that some workers will bring the virus back to the office. Continue Reading
By- Antone Gonsalves, News Director
-
Tip
05 Aug 2022
5 data security challenges enterprises face today
Data empowers enterprises to succeed. But with great power comes great responsibility -- to keep that data secure. Here are five challenges today's businesses must meet. Continue Reading
By- Ashwin Krishnan, StandOutin90Sec
-
Feature
05 Aug 2022
Cybersecurity lessons learned from COVID-19 pandemic
Cybersecurity lessons companies learn from the COVID-19 pandemic include having work-from-home preparations and developing disaster recovery and business continuity plans. Continue Reading
By- Kyle Johnson, Technology Editor
-
Tip
02 Aug 2022
Data masking vs. data encryption: How do they differ?
Discover how the data security techniques of data masking and data encryption compare, while also learning about different types of both and their use cases. Continue Reading
By -
Tip
29 Jul 2022
SSH key management best practices and implementation tips
SSH connects key systems and the people and processes necessary to keep them functioning. Learn how to use SSH key management best practices to protect your systems and network. Continue Reading
By- Peter Loshin, Former Senior Technology Editor
-
Definition
22 Jul 2022
insider threat
An insider threat is a category of risk posed by those who have access to an organization's physical or digital assets. Continue Reading
By- Andrew Froehlich, West Gate Networks
- Katie Terrell Hanna
- Brien Posey
-
Feature
20 Jul 2022
VMDR: Inside vulnerability management, detection and response
VMDR offers automated asset identification, threat prioritization and patch management. But do companies need another vulnerability management tool? Continue Reading
By- Kyle Johnson, Technology Editor
-
News
13 Jul 2022
Supreme Court justices doxxed on dark web
Five conservative Supreme Court justices were reportedly doxxed by threat actors that claim to have obtained credit card numbers, addresses and other information. Continue Reading
-
Feature
08 Jul 2022
Top 7 types of data security technology
These seven types of data security technologies -- from encryption to masking -- will better protect customer and enterprise data from inappropriate and unauthorized access and use. Continue Reading
By- Kyle Johnson, Technology Editor
-
News
07 Jul 2022
Early detection crucial in stopping BEC scams
Cofense Intelligence studied hundreds of business email compromise attacks and found that most scams attempt to establish trust with targeted employees over multiple emails. Continue Reading
-
News
30 Jun 2022
SANS Institute: Human error remains the top security issue
The SANS Institute's annual report on security awareness found that human risk is still the biggest source of data breaches and security issues for enterprises. Continue Reading
-
Feature
29 Jun 2022
A guide to MSP patch management best practices
As software patch management challenges mount, industry experts offer advice to MSPs on prioritizing system risk levels, selecting proper tools and testing patches internally. Continue Reading
By -
Tip
24 Jun 2022
Top 4 best practices to secure the SDLC
NIST's Secure Software Development Framework is a set of practices for mitigating software vulnerabilities. Learn about the top SDLC best practices included in this framework. Continue Reading
By- Karen Scarfone, Scarfone Cybersecurity
-
News
22 Jun 2022
Proofpoint: Social engineering attacks slipping past users
Executives, administrators and network defenders overlook the severity of many of the most effective social engineering tools, Proofpoint cautions. Continue Reading
-
Guest Post
21 Jun 2022
How to address security risks in GPS-enabled devices
GPS-enabled devices not only pose personal risks but also pose risks to organizations. Learn about the security risks associated with tracking devices and how to address them. Continue Reading
By- Nabil Hannan
-
News
20 Jun 2022
Cleveland BSides takes heat for Chris Hadnagy appearance
The Cleveland BSides security conference is experiencing turmoil after booking a 'surprise' keynote speaker who was recently barred from DEF CON for misconduct. Continue Reading
-
News
17 Jun 2022
Hertzbleed disclosure raises questions for Intel
Hertzbleed, a family of new side-channel attacks, was first reported to Intel in the third quarter of 2021, and it's unclear why it was kept under embargo for so long. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
08 Jun 2022
SANS lists bad backups, cloud abuse as top cyberthreats
A panel of experts from the SANS Institute took the stage at RSA Conference 2022 to weigh in on some of the biggest threats and risks facing security teams. Continue Reading
-
News
07 Jun 2022
Microsoft flags common pitfalls for cyber insurance
Cyber insurance is getting more expensive and tougher to acquire. At RSA Conference 2022, Microsoft's Cynthia James discussed the common mistakes made when obtaining coverage. Continue Reading
By- Peyton Doyle, News Editorial Assistant
-
News
07 Jun 2022
Ransomware Task Force calls for better incident reporting
Michael Phillips, co-chair of the Ransomware Task Force and chief claims officer at Resilience, pointed to a 'data gap' that prohibits a complete picture of the ransomware problem. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
07 Jun 2022
DNI Avril Haines: Cybersecurity is getting harder
During her RSA Conference 2022 keynote, the U.S. Director of National Intelligence discussed the increase in cyber threats, from nation-state attacks to commercial hacking tools. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Feature
01 Jun 2022
How to design architecture for enterprise wireless security
Learn about a five-phase design methodology that will help your company plan for and create an enterprise wireless security architecture. Continue Reading
By- Kyle Johnson, Technology Editor
- Wiley Publishing