Risk management

A successful risk management plan helps enterprises identify, plan for and mitigate potential risks. Learn about the components of risk management programs, including penetration tests, vulnerability and risk assessments, frameworks, security awareness training and more.

Top Stories

Tip 20 May 2025
Best practices for board-level cybersecurity oversight

Corporate boards must play an increasingly active role in overseeing cybersecurity strategies. Here's what they need to know, from SEC disclosure requirements to best practices. Continue Reading
By
- Jerald Murphy, Nemertes Research
Feature 07 May 2025
Enterprise risk management team: Roles and responsibilities

Every facet of business operations is exposed to risks, requiring a risk management team that's composed of a diverse mix of corporate executives and managers. Continue Reading
By
- Lisa Morgan

Tip 29 Nov 2021
How SBOMs for cybersecurity reduce software vulnerabilities

With SBOMs, companies will know what components constitute the software they purchase, making it easier for security teams to understand and manage vulnerabilities and risks. Continue Reading
By
- Ed Moyle, SecurityCurve
Feature 29 Nov 2021
Elastic Stack Security tutorial: How to create detection rules

This excerpt from 'Threat Hunting with Elastic Stack' provides step-by-step instructions to create detection rules and monitor network security events data. Continue Reading
By
- Kyle Johnson, Technology Editor
- Packt Publishing
Feature 29 Nov 2021
Elastic Security app enables affordable threat hunting

New to threat hunting in cybersecurity? Consider using the open code Elastic Stack suite to gather security event data and create visualizations for decision-makers. Continue Reading
By
- Kyle Johnson, Technology Editor
Guest Post 23 Nov 2021
How to talk about cybersecurity risks, colloquially

The cybersecurity field is riddled with confusion and complexity. Knowing how to talk about risk and how to manage it is key to building resilience. Continue Reading
By
- Todd Inskeep
News 19 Nov 2021
How enterprises need to prepare for 'cyberwar' conflicts

Infosec expert Tarah Wheeler said increasing international conflicts are posing new compliance and regulatory standards, but adapting the changes may be difficult for enterprises. Continue Reading
By
- Arielle Waldman, News Writer
Guest Post 15 Nov 2021
Reduce the risk of cyber attacks with frameworks, assessments

Don't rely on a compliance mandate to reduce the risk of cyber attacks or on a cyber insurer to cover an attack's aftermath. Assessments and frameworks are key to staying safe. Continue Reading
By
- Kayne McGladrey
Guest Post 10 Nov 2021
4 concepts that help balance business and security goals

The goal of enterprise security is to maintain connectivity, while remaining protected. Use these four concepts to balance business and security goals. Continue Reading
By
- Mark Pierpoint
News 08 Nov 2021
Bug bounty programs in 2021: High payouts, higher stakes

Bug bounty programs today offer high monetary rewards for researchers, but they can also suffer from communication issues, delays and inaction that may portend bigger problems. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 05 Nov 2021
Routers, NAS and phones hacked in Pwn2Own competition

Security researchers have spent the week attempting to break into network-connected hardware and other devices in hopes of winning recognition and big payouts. Continue Reading
By
- Shaun Nichols
Feature 25 Oct 2021
How to use Python for privilege escalation in Windows

Penetration testers can use Python to write scripts and services to discover security vulnerabilities. In this walkthrough, learn how to escalate privileges in Windows. Continue Reading
By
- Kyle Johnson, Technology Editor
- No Starch Press
Feature 25 Oct 2021
Why hackers should learn Python for pen testing

The authors of 'Black Hat Python' explain the importance of learning Python for pen testing, how it helps create scripts to hack networks and endpoints, and more. Continue Reading
By
- Kyle Johnson, Technology Editor
Podcast 22 Oct 2021
Risk & Repeat: Apple bug bounty frustrations boil over

Security researchers criticized the Apple Security Bounty program and claimed the company ignored bug reports, denied bounty payments and silently patched vulnerabilities. Continue Reading
By
- Rob Wright, Senior News Director
News 15 Oct 2021
Burned by Apple, researchers mull selling zero days to brokers

Security researchers have grown frustrated with Apple's lack of communication, ‘silent patching’ of vulnerabilities, denial of bug bounty rewards and other issues. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 11 Oct 2021
5 open source offensive security tools for red teaming

To be an effective red teamer, you need the right tools in your arsenal. These are five of the open source offensive security tools worth learning. Continue Reading
By
- Ed Moyle, SecurityCurve
Feature 30 Sep 2021
How to use Ghidra for malware analysis, reverse-engineering

The Ghidra malware analysis tool helps infosec beginners learn reverse-engineering quickly. Get help setting up a test environment and searching for malware indicators. Continue Reading
By
- Kyle Johnson, Technology Editor
- Packt Publishing
Feature 30 Sep 2021
Get started with the Ghidra reverse-engineering framework

Malware analysts use Ghidra to examine code to better understand how it works. Learn what to expect from the reverse-engineering framework, how to start using it and more. Continue Reading
By
- Kyle Johnson, Technology Editor
News 13 Sep 2021
Tenable acquires cloud security startup Accurics for $160M

The acquisition will be Tenable's first expansion into securing infrastructure as code, as it makes a push to identify and fix flaws in cloud-native software. Continue Reading
By
- Arielle Waldman, News Writer
News 31 Aug 2021
College students targeted by money mule phishing techniques

Back to fool: University students with little security training are being targeted by Nigerian scammers to move fraudulent funds with the lure of quick bucks and flexible hours. Continue Reading
By
- Shaun Nichols
Tip 31 Aug 2021
How to use Metasploit commands and exploits for pen tests

These step-by-step instructions demonstrate how to use the Metasploit Framework for enterprise vulnerability and penetration testing. Continue Reading
By
- Ed Moyle, SecurityCurve
News 09 Aug 2021
Transparency after a cyber attack: How much is too much?

Sharing threat intelligence and proof-of-concept exploits can often help other organizations better defend themselves, but such efforts are hampered by obstacles and restrictions. Continue Reading
By
- Arielle Waldman, News Writer
News 04 Aug 2021
14 flaws in NicheStack put critical infrastructure at risk

The vulnerability disclosure process for Infra:Halt, a set of flaws impacting critical infrastructure, took nearly a year, due to the nature of supply chain vulnerabilities. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 28 Jul 2021
CISA unveils list of most targeted vulnerabilities in 2020

Attackers chased the headlines in 2020, going after the most publicized vulnerabilities in Citrix, Pulse Secure and Fortinet products, according to the U.S. government. Continue Reading
By
- Shaun Nichols
Podcast 22 Jul 2021
Risk & Repeat: Vulnerability patching still falling short

Many organizations still fail to patch critical vulnerabilities, even when they're under exploitation in the wild. What are the best ways to improve patching rates? Continue Reading
By
- Rob Wright, Senior News Director
News 13 Jul 2021
Schneider Electric PLCs vulnerable to remote takeover attacks

The authentication bypass vulnerability is a symptom of a much larger security crisis plaguing industrial control hardware, according to researchers who found the bug. Continue Reading
By
- Shaun Nichols
News 12 Jul 2021
SolarWinds warns of zero-day vulnerability under attack

SolarWinds says targeted attacks from a single threat actor have been reported on a previously unknown vulnerability in the Serv-U file transfer platform. Continue Reading
By
- Shaun Nichols
News 08 Jul 2021
Dutch researchers shed new light on Kaseya vulnerabilities

Dutch security researchers were working with Kaseya to get an authentication bypass flaw and other bugs patched when the catastrophic supply chain attack occurred. Continue Reading
By
- Shaun Nichols
Tip 29 Jun 2021
Mitigate threats with a remote workforce risk assessment

Risk assessments are more necessary than ever as organizations face the challenge of protecting remote and hybrid workers alongside in-office employees. Continue Reading
By
- Paul Kirvan
Definition 22 Jun 2021
security

Security for information technology (IT) refers to the methods, tools and personnel used to defend an organization's digital assets. Continue Reading
By
- Madelyn Bacon, TechTarget
- TechTarget Contributor
News 16 Jun 2021
Zscaler: Exposed servers, open ports jeopardizing enterprises

Zscaler analyzed 1,500 networks and found administrators are leaving basic points of entry wide open for attackers as neglected servers are falling by the wayside. Continue Reading
By
- Shaun Nichols
Feature 15 Jun 2021
How to get started with security chaos engineering

Introducing security chaos engineering: the latest methodology security teams can implement to proactively discover vulnerabilities or weaknesses in a company's system. Continue Reading
By
- Michael Cobb
News 08 Jun 2021
CISA taps Bugcrowd for federal vulnerability disclosure program

The new program follows a CISA directive from September that requires executive branch agencies to create and publish vulnerability disclosure policies. Continue Reading
By
- Shaun Nichols
Guest Post 08 Jun 2021
4 ways to build a thoughtful security culture

It's time companies paid more attention to their security culture, working toward building an effective security awareness program that everyone can understand and get behind. Continue Reading
By
- Matt Warner
Feature 07 Jun 2021
Hackers vs. lawyers: Security research stifled in key situations

The age-old debate between sharing information or covering legal liability is a growing issue in everything from bug bounties to disclosing ransomware attacks. Continue Reading
By
- Shaun Nichols
Feature 03 Jun 2021
How to ethically conduct pen testing for social engineering

Author Joe Gray explores his interest in pen testing for social engineering, what it means to be an ethical hacker and how to get started in the career. Continue Reading
By
- Kyle Johnson, Technology Editor
Feature 03 Jun 2021
How to handle social engineering penetration testing results

In the wake of conducting social engineering penetration testing, companies need to have a plan ready to prevent or minimize phishing, vishing and other attacks. Continue Reading
By
- Kyle Johnson, Technology Editor
- No Starch Press
Definition 21 May 2021
ethical hacker

An ethical hacker, or white hat hacker, is an information security expert authorized by an organization to penetrate computing infrastructure to find security vulnerabilities a malicious hacker could exploit. Continue Reading
By
News 18 May 2021
McAfee CTO: Use data to make better cyber-risk decisions

According to McAfee CTO Steve Grobman, the best response to today's cyber-risks includes both human and technology-based solutions, like threat intelligence and good security hygiene. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 12 Apr 2021
Threat intelligence frameworks to bolster security

Organizations have many threat intelligence frameworks to work with, each with its own advantages. From for-profit to nonprofit, here's help to figure out which ones you need. Continue Reading
By
- Johna Till Johnson, Nemertes Research
Guest Post 06 Apr 2021
6 ways to prevent insider threats every CISO should know

Too often, organizations focus exclusively on external risks to security. Infosec expert Nabil Hannan explains what CISOs can do to effectively assess and prevent insider threats. Continue Reading
By
- Nabil Hannan
Guest Post 11 Mar 2021
Strengthening supply chain security risk management

In the wake of several supply chain attacks, Pam Nigro discusses how companies can work to reduce risk by broadening how to manage third-party vendors' access to company data. Continue Reading
By
- Pam Nigro
Tip 25 Feb 2021
How to manage third-party risk in the supply chain

From third-party risk assessments to multifactor authentication, follow these steps to ensure suppliers don't end up being your enterprise cybersecurity strategy's weakest link. Continue Reading
By
- Michael Cobb
Guest Post 11 Feb 2021
4 tips to help CISOs get more C-suite cybersecurity buy-in

CISOs can get more cybersecurity buy-in with cohesive storytelling, focusing on existential security threats, leading with CARE and connecting security plans to business objectives. Continue Reading
By
- Neil Daswani and Moudy Elbayadi
Tip 03 Feb 2021
Design a human firewall training program in 5 steps

Follow these five steps to develop human firewall training that's not only effective at preventing social engineering attacks, but also relevant and accessible to employees. Continue Reading
By
- Jessica Groopman, Kaleido Insights
News 14 Jan 2021
Tenable: Vulnerability disclosures skyrocketed over last 5 years

New research from Tenable shows a dramatic increase in vulnerability disclosures since 2015, as well as concerning data about data breaches, ransomware threats and unpatched bugs. Continue Reading
By
- Arielle Waldman, News Writer
Answer 07 Jan 2021
Explore benefits and challenges of cloud penetration testing

Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help inform cloud pen test strategies. Continue Reading
By
- Nick Lewis
Tip 06 Jan 2021
The human firewall's role in a cybersecurity strategy

The human firewall is a crucial element of a long-term, holistic security initiative. Explore how human firewalls can protect your enterprise against attacks. Continue Reading
By
- Jessica Groopman, Kaleido Insights
Guest Post 31 Dec 2020
The enterprise case for implementing live-fire cyber skilling

Companies continue to grapple with the cybersecurity skills gap, but Adi Dar offers a way to ensure security teams are properly trained through the use of live exercises. Continue Reading
By
- Adi Dar
Feature 30 Dec 2020
Insider threat vs. insider risk: What's the difference?

Identifying, managing and mitigating insider threats is far different than protecting against insider risks. Read up on the difference and types of internal risks here. Continue Reading
By
- Sharon Shea; Skyhorse Publishing
Feature 30 Dec 2020
Insider risk indicators thwart potential threats

By paying attention to risk indicators, enterprises can tell the difference between insider threat and insider risk to prevent falling victim at the hands of one of their own. Continue Reading
By
- Sharon Shea, Executive Editor
Tip 09 Dec 2020
Key SOC metrics and KPIs: How to define and use them

Enterprises struggle to get the most out of their security operation centers. Using the proper SOC metrics and KPIs can help. Learn how to define and benefit from them here. Continue Reading
By
- Andrew Froehlich, West Gate Networks
- Nick Lewis
Quiz 08 Dec 2020
Practice Certified Ethical Hacker exam questions

Preparing for your Certified Ethical Hacker certification? Assess your knowledge of topics on the CEH exam with these practice test questions. Continue Reading
By
- Sharon Shea, Executive Editor
- McGraw Hill Education
Feature 08 Dec 2020
Ethical hacker career path advice: Getting started

Matt Walker, author of a Certified Ethical Hacker exam guide and practice exam book, offers advice to career hopefuls on the profession, CEH certification and more. Continue Reading
By
- Sharon Shea, Executive Editor
Tip 04 Nov 2020
Red team vs. blue team vs. purple team: What's the difference?

Red team-blue team exercises simulate attacks on enterprise networks. What does each team do? Where do purple teams fit in? Find out here. Continue Reading
By
- Sharon Shea, Executive Editor
News 04 Nov 2020
SaltStack discloses critical vulnerabilities, urges patching

The SaltStack vulnerabilities, disclosed Tuesday, allow remote attackers to execute arbitrary code on affected installations of the popular open source software. Continue Reading
By
- Arielle Waldman, News Writer
Guest Post 28 Oct 2020
Addressing the expanding threat attack surface from COVID-19

CISOs need to ensure they and their security teams are aware of the new threats created by many businesses expanding their attack surface with many employees still working remotely. Continue Reading
By
- Vishal Salvi
Guest Post 27 Oct 2020
The need for independent cybersecurity solutions testing

Rohit Dhamankar suggests implementing standardized testing of cybersecurity providers, like MSSPs and MDRs, to help companies better understand the services they're getting from each. Continue Reading
By
- Rohit Dhamankar
News 27 Oct 2020
Mitre ATT&CK: How it has evolved and grown

Adoption of the Mitre ATT&CK framework, which saw version 8.0 released Tuesday, has grown rapidly over the last years, though challenges still remain for enterprise users. Continue Reading
By
- Arielle Waldman, News Writer
Guest Post 21 Oct 2020
Changing the culture of information sharing for cybersecurity

Dan Young explains why it's time for the cybersecurity industry to come together regarding information sharing and how insurance providers, regulators and others could assist. Continue Reading
By
- Dan Young
Feature 12 Oct 2020
Cybersecurity budget relies on planning and negotiation

Experts from Gartner and Forrester discuss how successful cybersecurity budgeting during these uncertain times requires planning, research and negotiation. Continue Reading
By
- Michael Heller, TechTarget
Guest Post 09 Oct 2020
For Cybersecurity Awareness Month, learn about emerging risks

Tami Hudson examines why leaders should use October to educate themselves and their companies around the latest attacks bad actors are implementing and where to prioritize investment. Continue Reading
By
- Tami Hudson
Guest Post 28 Sep 2020
How to improve cybersecurity for the workforce of the future

Many organizations continue to have employees work from home, but they haven't always hardened their cybersecurity efforts alongside this move to better protect employees and data. Continue Reading
By
- Vishal Salvi
Guest Post 28 Sep 2020
Cybersecurity testing essentials for mergers and acquisitions

Before moving forward with an M&A, conduct some cybersecurity testing to ensure your company knows how the acquired company protects data, employees and customers. Continue Reading
By
- Mark Whitehead
News 23 Sep 2020
ConnectWise launches bug bounty program to boost security

ConnectWise, which provides remote management software to MSPs, partnered with HackerOne in its first bug bounty program, which is part of a larger strategy to improve security. Continue Reading
By
- Arielle Waldman, News Writer
News 09 Sep 2020
Intel patches critical flaw in Active Management Technology

Intel's Patch Tuesday featured four security advisories, including a critical flaw in Active Management Technology that could allow an attacker privilege escalation. Continue Reading
By
- Arielle Waldman, News Writer
News 03 Sep 2020
CISA issues vulnerability disclosure order for federal agencies

The U.S. Cybersecurity and Infrastructure Security Agency gives a directive for federal agencies to establish vulnerability disclosure policies in the next 180 calendar days. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 31 Aug 2020
Inclusivity a crucial step beyond diversity in cybersecurity

Spurred on by the social justice movement around the world, cybersecurity experts want to see a move beyond diversity efforts to ensure inclusivity in organizations as well. Continue Reading
By
- Michael Heller, TechTarget
Tip 24 Aug 2020
The 7 elements of an enterprise cybersecurity culture

An effective 'human firewall' can prevent or mitigate many of the threats enterprises face today. Adopt these seven elements of a culture of cybersecurity to defend against risks. Continue Reading
By
- Jessica Groopman, Kaleido Insights
News 21 Aug 2020
Claroty: 70% of ICS vulnerabilities are remotely exploitable

Out of 365 ICS vulnerabilities that were disclosed by the National Vulnerability Database in the first half of 2020, Claroty found more than 70% can be remotely exploited. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 11 Aug 2020
Healthcare CISO offers alternatives to 'snake oil' companies

Indiana University Health CISO Mitchell Parker discussed internal risk assessments, security snake oil salesmen and more at his Black Hat USA 2020 talk. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 10 Aug 2020
Games, not shame: Why security awareness training needs a makeover

Elevate Security co-founder Masha Sedova spoke at Black Hat USA 2020 about why traditional security awareness training is ineffective and fails to change risky behavior. Continue Reading
By
- Arielle Waldman, News Writer
News 06 Aug 2020
Voting vendor ES&S unveils vulnerability disclosure program

Election Systems & Software, the biggest vendor of U.S. voting equipment, will allow the security researcher community to test its elections equipment for vulnerabilities. Continue Reading
By
- Arielle Waldman, News Writer
Quiz 03 Aug 2020
Test your cybersecurity knowledge with this quick ISM quiz

Read our August 2020 e-zine, and then take this short quiz to test your knowledge of cybersecurity awareness training and other issues -- from types of CISOs to talent recruitment. Continue Reading
By
- Brenda L. Horrigan, Executive Managing Editor
Feature 03 Aug 2020
10 tips for cybersecurity awareness programs in uncertain times

Explore the winning tactics and tools CISOs and other cybersecurity leaders are employing in their programs to raise employee security awareness -- and consider how they might work for you. Continue Reading
By
- Mary K. Pratt
03 Aug 2020

10 tips for cybersecurity awareness programs in uncertain times

Continue Reading
03 Aug 2020

Importance of cybersecurity awareness never greater

Continue Reading
E-Zine 03 Aug 2020

Cybersecurity education for employees: Learn what works

Continue Reading
Opinion 03 Aug 2020
Importance of cybersecurity awareness never greater

Security awareness is more essential than ever, but in a world of increasingly sophisticated threats, making it a reality requires more than set-it-and-forget-it training. Continue Reading
By
- Ben Cole, Executive Editor
Tip 03 Aug 2020
How to start an enterprise bug bounty program and why

Incentivizing researchers for finding software vulnerabilities can be advantageous for vendors and participants. Here's what to know before starting a bug bounty program. Continue Reading
By
- Ed Moyle, SecurityCurve
Feature 30 Jul 2020
How CISOs can deal with cybersecurity stress and burnout

Being a paramedic and working in cybersecurity taught CISO Rich Mogull how to avoid stress and burnout. Check out his advice to maintain mental health in high-stress roles. Continue Reading
By
- Michael Heller, TechTarget
Answer 15 Jun 2020
How to protect workloads using a zero-trust security model

Never trust, always verify. Learn how to implement a zero-trust security model to help manage risk and protect IT workloads at your organization. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Tip 05 May 2020
Identifying common Microsoft 365 security misconfigurations

Microsoft 365 security problems can double the time it takes to contain a breach, according to a new survey. Check out best practices and operational strategies to fix them. Continue Reading
By
- Johna Till Johnson, Nemertes Research
News 28 Apr 2020
Bugcrowd launches 'classic' penetration testing service

The crowdsourcing security company launched the Bugcrowd Classic Pen Test service to offer enterprises a more cost-effective and efficient way to test their cybersecurity posture. Continue Reading
By
- Arielle Waldman, News Writer
Tip 07 Apr 2020
AI pen testing promises, delivers both speed and accuracy

AI is making many essential cybersecurity tasks more effective and efficient. AI-enabled penetration testing, or BAS, technologies are a case in point. Continue Reading
By
- Andrew Froehlich, West Gate Networks
News 01 Apr 2020
Voatz disputes claims it was 'kicked off' HackerOne

HackerOne has cut ties with Voatz, but the mobile voting vendor disputed reports that it was kicked off the bug bounty platform following controversy with security researchers. Continue Reading
By
- Alexander Culafi, Senior News Writer
Answer 10 Mar 2020
Risk management vs. risk assessment vs. risk analysis

Understanding risk is the first step to making informed budget and security decisions. Explore the differences between risk management vs. risk assessment vs. risk analysis. Continue Reading
By
- Katie Donegan, Social Media Manager
Opinion 04 Mar 2020
RSA 2020 wrap-up: VMware Carbon Black integrations; MAM for BYOD; how to handle non-employees

RSA is always full of interesting things to learn about, so here are a few more vendors I sat down with. Continue Reading
By
- Kyle Johnson, Technology Editor
03 Feb 2020

Cisco CISO says today's enterprise must take chances

Continue Reading
Feature 03 Feb 2020
Cisco CISO says today's enterprise must take chances

Cisco CISO Steve Martino talks about taking chances, threats, how the security leader's role is changing and what really works when it comes to keeping the company secure. Continue Reading
By
- Alissa Irei, Senior Site Editor
Tip 22 Jan 2020
How to write a quality penetration testing report

Writing a penetration testing report might not be the most fun part of the job, but it's a critical component. These tips will help you write a good one. Continue Reading
By
- Charles Shirer
News 20 Jan 2020
CyCognito turning tables by using botnets for good

In this Q&A with CyCognito CEO Rob Gurzeev, he discusses what led to his company, how attack simulations work and how he plans to spend the company's recent round of funding. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 16 Jan 2020
Craft an effective application security testing process

For many reasons, only about half of all web apps get proper security evaluation and testing. Here's how to fix that stat and better protect your organization's systems and data. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Quiz 07 Jan 2020
CISM practice questions to prep for the exam

Risk management is at the core of being a security manager. Practice your risk management knowledge with these CISM practice questions. Continue Reading
By
- Sharon Shea, Executive Editor
- McGraw Hill Education
Tip 31 Dec 2019
NIST CSF provides guidelines for risk-based cybersecurity

Organizations benefit from identifying their unique risks when developing cybersecurity processes. Here's how the NIST Cybersecurity Framework can help guide risk-based IT protection. Continue Reading
By
- Peter Sullivan
News 16 Dec 2019
Siemens ICS flaws could allow remote exploits

Siemens recommends locking down industrial control systems as security researchers disclose 54 bugs, including remote exploit flaws, but only three patches are available. Continue Reading
By
- Michael Heller, TechTarget
Answer 09 Dec 2019
How can companies identify IT infrastructure vulnerabilities?

New, sophisticated technology is available to help infosec pros find IT infrastructure vulnerabilities. Automated pen testing and outsourcing threat intelligence services can help. Continue Reading
By
- Andrew Froehlich, West Gate Networks
News 22 Nov 2019
Android Security Rewards program expands, adds $1.5M bounty

Google expanded its Android bug bounty program to include data exfiltration and lock screen bypass and raised its top prize for a full chain exploit of a Pixel device. Continue Reading
By
- Michael Heller, TechTarget
Answer 21 Nov 2019
Do you have the right set of penetration tester skills?

Pen testing is more than just the fun of breaking into systems. Learn about the critical penetration tester skills potential candidates must master to become proficient in their career path. Continue Reading
By
- Charles Shirer
News 15 Nov 2019
Check Point: Qualcomm TrustZone flaws could be 'game over'

Researchers discovered vulnerabilities in Qualcomm TrustZone that Check Point says could lead to 'unprecedented access' because of the extremely sensitive data stored in mobile secure elements. Continue Reading
By
- Michael Heller, TechTarget
Feature 13 Nov 2019
Build new and old strategies into insider threat management

The risk of insider threat does not discriminate across industry lines. Learn how to build an insider threat management program that combines AI, zero-trust principles and a healthy security culture. Continue Reading
By
- Katie Donegan, Social Media Manager
Feature 25 Oct 2019
On a penetration tester career path, flexibility and curiosity are key

Becoming a pen tester takes more than passing an exam. Learn the qualities ethical hackers should embrace to achieve success on their penetration tester career path. Continue Reading
By
- Sharon Shea, Executive Editor