Risk management
A successful risk management plan helps enterprises identify, plan for and mitigate potential risks. Learn about the components of risk management programs, including penetration tests, vulnerability and risk assessments, frameworks, security awareness training and more.
Top Stories
-
News
22 Oct 2024
SEC charges 4 companies for downplaying SolarWinds attacks
The U.S. Securities and Exchange Commission fined the companies for misleading investors about intrusions stemming from the SolarWinds supply chain attack. Continue Reading
By- Arielle Waldman, News Writer
-
News
17 Oct 2024
Joe Sullivan: CEOs must be held accountable for security too
The former CSO at Uber was found guilty in 2022 of obstruction of justice relating to a breach. Now he's calling for clearer regulatory frameworks for security. Continue Reading
By- Nicole Laskowski, Senior News Director
-
Feature
16 Oct 2024
How to define cyber-risk appetite as a security leader
In this excerpt from 'The CISO Evolution: Business Knowledge for Cybersecurity Executives,' learn how to define and communicate an enterprise's true cyber-risk appetite. Continue Reading
By- Alissa Irei, Senior Site Editor
- Wiley Publishing
-
News
10 Oct 2024
Coalition: Ransomware severity up 68% in first half of 2024
The cyber insurance carrier examined claims trends for the first half of 2024, which showed policyholders experienced disruptive and increasingly costly ransomware attacks. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
09 Oct 2024
What is user behavior analytics (UBA)?
User behavior analytics (UBA) is the tracking, collecting and assessing of user data and activities using monitoring systems. Continue Reading
By- Cameron Hashemi-Pour, Site Editor
- Peter Loshin, Former Senior Technology Editor
- Madelyn Bacon, TechTarget
-
Definition
07 Oct 2024
What is risk management? Importance, benefits and guide
Risk management is the process of identifying, assessing and controlling threats to an organization's capital, earnings and operations. Continue Reading
By- Linda Tucci, Industry Editor -- CIO/IT Strategy
- Craig Stedman, Industry Editor
-
News
03 Oct 2024
Microsoft SFI progress report elicits cautious optimism
Infosec experts say the Secure Future Initiative progress report shows Microsoft has made important changes to its policies, practices and accountability structures. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Opinion
01 Oct 2024
Research reveals strategies to improve cloud-native security
As organizations focus on the cloud to deliver and scale applications, security teams struggle to keep up. Recent research points to how teams can effectively manage cloud security risk. Continue Reading
By- Melinda Marks, Practice Director
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
23 Sep 2024
Microsoft issues first Secure Future Initiative report
In the first progress report since the launch of its Secure Future Initiative, Microsoft said it's made key improvements to identity and supply chain security. Continue Reading
By- Arielle Waldman, News Writer
-
News
19 Sep 2024
Microsoft warns of Russian election threats, disinformation
As the 2024 U.S. presidential election nears, Microsoft detailed new influence campaigns, such as fake videos aimed at discrediting Vice President Kamala Harris. Continue Reading
By- Arielle Waldman, News Writer
-
Opinion
18 Sep 2024
Top vulnerability management challenges for organizations
Organizations understand vulnerability management is essential to identifying cyber-risks, but coordinating teams, tools and handling CVEs keeps the pressure on. Continue Reading
By- Jon Oltsik, Analyst Emeritus
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
18 Sep 2024
Orca: AI services, models falling short on security
New research from Orca Security shows that AI services and models in cloud contain a number of risks and security shortcomings that could be exploited by threat actors. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
13 Sep 2024
How AI could change threat detection
AI is changing technology as we know it. Discover how it's already improving organizations' ability to detect cybersecurity threats and how its benefits could grow as AI matures. Continue Reading
-
News
12 Sep 2024
Mastercard to acquire Recorded Future for $2.65B
Mastercard says the addition of threat intelligence vendor Recorded Future will bolster its cybersecurity services as threats against the financial sector continue to rise. Continue Reading
By- Arielle Waldman, News Writer
-
Opinion
11 Sep 2024
6 steps toward proactive attack surface management
With organizations' attack surfaces growing, new research shows better asset management, tighter access policies like zero trust and consistent configuration standards can help. Continue Reading
By- Jon Oltsik, Analyst Emeritus
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Tip
10 Sep 2024
Cyber-risk quantification challenges and tools that can help
While cybersecurity risk should inform budget and strategy decisions, quantifying risk and the ROI of mitigation efforts isn't easy. Cyber-risk quantification tools can help. Continue Reading
By- John Burke, Nemertes Research
-
Opinion
09 Sep 2024
Cyber-risk management remains challenging
Strong cyber-risk management demands collaboration and coordination across business management, IT operations, security and software development in an ever-changing environment. Continue Reading
By- Jon Oltsik, Analyst Emeritus
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Tip
09 Sep 2024
How to create an AI acceptable use policy, plus template
With great power comes -- in the case of generative AI -- great security and compliance risks. Learn how an AI acceptable use policy can help ensure safe use of the technology. Continue Reading
By- Jerald Murphy, Nemertes Research
-
News
04 Sep 2024
White House unveils plan to improve BGP security
The Office of the National Cyber Director has published a roadmap for internet routing security that outlines recommendations for mitigating BGP hijacking and other threats. Continue Reading
By- Rob Wright, Senior News Director
-
News
28 Aug 2024
Infosec experts applaud DOJ lawsuit against Georgia Tech
The Department of Justice joined a whistleblower lawsuit against Georgia Tech for allegedly misleading the Department of Defense about its cybersecurity posture. Continue Reading
By- Arielle Waldman, News Writer
-
Answer
28 Aug 2024
Types of hackers: Black hat, white hat, red hat and more
Black, white and gray hats are familiar to security pros, but as the spectrum evolves to include green, blue, red and purple, things get muddled. Brush up on types of hackers. Continue Reading
By- Sharon Shea, Executive Editor
-
Podcast
26 Aug 2024
Risk & Repeat: National Public Data breach questions remain
The breach of National Public Data may have put billions of personal records at risk, but the scope of the attack and impact on consumers are still unclear. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
26 Aug 2024
Prepare your small business for ransomware attacks
Ransomware is a threat to all organizations, but small businesses are particularly at risk. Mitigation efforts and recovery planning are key to keep smaller companies in business. Continue Reading
By- Damon Garn, Cogspinner Coaction
-
Tip
19 Aug 2024
EDR vs. MDR vs. XDR: Key differences
One of the most important goals of cybersecurity professionals is to quickly identify potential or in-progress cyberattacks. These three approaches can help. Continue Reading
By -
Opinion
16 Aug 2024
Cyber-risk management: Key takeaways from Black Hat 2024
Product updates announced at Black Hat USA 2024 can help security teams better manage constantly changing attack surfaces and ensure new AI projects won't pose security risks. Continue Reading
By- David Vance
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Opinion
14 Aug 2024
Software testing lessons learned from the CrowdStrike outage
After the recent CrowdStrike outage, organizations are keen to prevent and prepare for potential future disruptions. These key security and quality lessons can help. Continue Reading
By- Matt Heusser, Excelon Development
-
News
09 Aug 2024
Evolving threat landscape influencing cyber insurance market
Many aspects of cyber insurance were addressed throughout Black Hat USA 2024, including changes in the threat landscape that affect policies and coverage. Continue Reading
By- Arielle Waldman, News Writer
-
News
08 Aug 2024
Zenity CTO on dangers of Microsoft Copilot prompt injections
Zenity's CTO describes how hidden email code can be used to feed malicious prompts to a victim's Copilot instance, leading to false outputs and even credential harvesting. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
08 Aug 2024
What is the Coalition for Secure AI (CoSAI)?
Coalition for Secure AI (CoSAI) is an open source initiative to enhance artificial intelligence's security. Continue Reading
-
News
07 Aug 2024
CISA: Election infrastructure has never been more secure
CISA Director Jen Easterly emphasized at Black Hat 2024 that election stakeholders cannot be complacent because 'the threat environment has never been so complex.' Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
07 Aug 2024
Veracode highlights security risks of GenAI coding tools
At Black Hat USA 2024, Veracode's Chris Wysopal warned of the downstream effects of how generative AI tools are helping developers write code faster. Continue Reading
By- Arielle Waldman, News Writer
-
News
07 Aug 2024
Nvidia AI security architect discusses top threats to LLMs
Richard Harang, Nvidia's principal AI and ML security architect, said two of the biggest pain points for LLMs right now are insecure plugins and indirect prompt injections. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
07 Aug 2024
CrowdStrike details errors that led to mass IT outage
CrowdStrike's investigation into the recent defective update found that a 'confluence' of issues led to the release of the channel file last month, causing a mass IT outage. Continue Reading
By- Rob Wright, Senior News Director
-
Definition
07 Aug 2024
What is a quality gate?
A quality gate is a milestone in an IT project that requires that predefined criteria be met before the project can proceed to the next phase. Continue Reading
-
Guest Post
02 Aug 2024
How blockchain can support third-party risk management
Third-party risk is of significant and growing concern to today's businesses. Explore how blockchain technology could transform third-party risk management for the better. Continue Reading
By- Jonathan Prewitt, Jeremy A. Sheridan
-
Feature
31 Jul 2024
8 communications basics the CrowdStrike outage highlights
Communications are critical during an emergency. This is especially true for highly unpredictable disruptions, such as the recent CrowdStrike outage. Continue Reading
By -
News
30 Jul 2024
Researcher: CrowdStrike blunder could benefit open source
Enterprises with the IT talent might turn to open-source software as a backup for commercial products to mitigate damage from a CrowdStrike-like IT outage, researcher said. Continue Reading
By- Antone Gonsalves, News Director
-
Opinion
29 Jul 2024
5 key capabilities for effective cyber-risk management
Faced with relentless cyberattacks, organizations need to shore up their cyber-risk management programs by updating legacy tools and checking out new vendor options. Continue Reading
By- David Vance
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Feature
29 Jul 2024
How the Change Healthcare attack may affect cyber insurance
UnitedHealth's Change Healthcare attack continued to show the devastating aftermath of supply chain attacks. Experts say it could change contingent language for future policies. Continue Reading
By- Arielle Waldman, News Writer
-
News
26 Jul 2024
Researcher says deleted GitHub data can be accessed 'forever'
Truffle Security researcher Joe Leon warned GitHub users that deleted repository data is never actually deleted, which creates an "enormous attack vector" for threat actors. Continue Reading
By- Arielle Waldman, News Writer
-
News
24 Jul 2024
KnowBe4 catches North Korean hacker posing as IT employee
KnowBe4 says it hired a new principal security engineer for its internal AI team, but quickly detected suspicious activity originating from the employee's workstation. Continue Reading
By- Arielle Waldman, News Writer
-
Feature
23 Jul 2024
The ultimate guide to cybersecurity planning for businesses
This in-depth cybersecurity planning guide provides information and advice to help organizations develop a successful strategy to protect their IT systems from attacks. Continue Reading
By- Craig Stedman, Industry Editor
-
Definition
22 Jul 2024
What is exposure management?
Exposure management is a cybersecurity approach to protecting exploitable IT assets. Continue Reading
By- Kyle Johnson, Technology Editor
-
Opinion
19 Jul 2024
Is today's CrowdStrike outage a sign of the new normal?
A CrowdStrike update with a faulty sensor file has global implications for Windows systems. But competitors need to limit the finger-pointing in case it happens to them. Continue Reading
By- Gabe Knuth, Senior Analyst
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
18 Jul 2024
Judge tosses most of SEC's lawsuit against SolarWinds
A judge dismissed many of the charges in the U.S. Securities and Exchange Commission's lawsuit against SolarWinds and its CISO, Timothy Brown, though some charges remain. Continue Reading
By- Rob Wright, Senior News Director
-
Tip
18 Jul 2024
How to conduct a cloud security assessment
Cloud computing presents organizations of all types with a nearly endless array of security challenges. Is your security team keeping up – and how do you know? Continue Reading
By- Dave Shackleford, Voodoo Security
-
Feature
12 Jul 2024
Top enterprise risk management certifications to consider
Certifications are essential to many careers. Here are some useful enterprise risk management certifications for risk managers, IT professionals and other workers. Continue Reading
-
Definition
05 Jul 2024
What is a cyber attack? How they work and how to stop them
A cyber attack is any malicious attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
- Mary K. Pratt
-
Tip
26 Jun 2024
The 4 phases of emergency management
To effectively recover from a disruptive incident, IT and DR teams must have a plan in place. This guide breaks down the four phases of an emergency management plan. Continue Reading
By -
News
24 Jun 2024
Corvus: Cyber insurance premiums see 'stabilization'
Corvus Insurance's Peter Hedberg provided insight into the cyber insurance landscape after a tumultuous 2023 and what enterprises can expect moving forward. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
20 Jun 2024
self-driving car (autonomous car or driverless car)
A self-driving car -- sometimes called an autonomous car or driverless car -- is a vehicle that uses a combination of sensors, cameras, radar and artificial intelligence (AI) to travel between destinations without a human operator. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
- Ben Lutkevich, Site Editor
-
News
17 Jun 2024
Alex Stamos on how to break the cycle of security mistakes
In an interview, SentinelOne's Alex Stamos discussed the importance of security by design and why it needs to be applied to emerging technologies, including generative AI. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
13 Jun 2024
5 cybersecurity risks and challenges in supply chain
Supply chains have a range of connection points -- and vulnerabilities. Learn which vulnerabilities hackers look for first and how leaders can fend them off. Continue Reading
By- Kevin Beaver, Principle Logic, LLC
-
Definition
12 Jun 2024
data protection impact assessment (DPIA)
A data protection impact assessment (DPIA) is a process designed to help organizations determine how data processing systems, procedures or technologies affect individuals' privacy and eliminate any risks that might violate compliance. Continue Reading
By- Cameron Hashemi-Pour, Site Editor
- Corinne Bernstein
-
Definition
07 Jun 2024
IT incident management
IT incident management is a component of IT service management (ITSM) that aims to rapidly restore services to normal following an incident while minimizing adverse effects on the business. Continue Reading
By- Kinza Yasar, Technical Writer
- Alexander S. Gillis, Technical Writer and Editor
-
Definition
07 Jun 2024
proof of concept (PoC) exploit
A proof of concept (PoC) exploit is a nonharmful attack against a computer or network. PoC exploits are not meant to cause harm, but to show security weaknesses within software. Continue Reading
By- Kinza Yasar, Technical Writer
-
Answer
05 Jun 2024
Reporting ransomware attacks: Steps to take
The Cybersecurity and Infrastructure Security Agency and FBI recommend reporting ransomware attacks to the authorities as soon as possible. This expert advice outlines the process. Continue Reading
By- Kyle Johnson, Technology Editor
-
Tip
04 Jun 2024
What to know about SharePoint 2019's end of life
As SharePoint 2019 approaches its end of life, users can expect reduced support. Migration to newer platforms like SharePoint Online can offer ongoing security and functionality. Continue Reading
By -
Answer
30 May 2024
The 7 core pillars of a zero-trust architecture
Learn how Forrester's Zero Trust Extended framework can help IT leaders identify, organize and implement the appropriate cybersecurity tools for a zero-trust framework. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
Answer
30 May 2024
Top 6 benefits of zero-trust security for businesses
The zero-trust security model demands infosec leaders take a holistic approach to IT infrastructure security. Learn about the top six business benefits of zero trust here. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
Opinion
28 May 2024
RSAC 2024: Infosec pros battle to stay ahead of the bad guys
This year's RSA Conference strived to inspire IT professionals to be pragmatic with generative AI tools while using the latest technologies to bolster security. Continue Reading
By- Melinda Marks, Practice Director
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
28 May 2024
How AI could bolster software supply chain security
Supply chain risks have become more complicated and continue to affect a variety of organizations, but Synopsys' Tim Mackey believes AI could help create more secure software. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
23 May 2024
Regulation SCI (Regulation Systems Compliance and Integrity)
Regulation SCI (Regulation Systems Compliance and Integrity) is a set of rules adopted by the U.S. Securities and Exchange Commission (SEC) to monitor the security and capabilities of U.S. securities markets' technology infrastructure. Continue Reading
-
Definition
23 May 2024
virtual firewall
A virtual firewall is a firewall device or service that provides network traffic filtering and monitoring for virtual machines (VMs) in a virtualized environment. Continue Reading
By- Kinza Yasar, Technical Writer
- Linda Rosencrance
-
Opinion
22 May 2024
10 risk-related security updates you might have missed at RSAC
AI was a prominent theme at RSA Conference, but many security vendors also delivered risk-focused capabilities to help infosec pros better manage their risk posture. Continue Reading
By- David Vance
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
22 May 2024
Arctic Wolf CPO: Most AI deployment is generic, 'pretty weak'
Dan Schiappa, chief product officer at Arctic Wolf, said that while generative AI technology has enormous potential, many companies are deploying it for the wrong reasons. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
21 May 2024
5 Mitre ATT&CK framework use cases
The Mitre ATT&CK framework helps security teams better protect their organizations. Read up on five Mitre ATT&CK use cases to consider adopting, from red teaming to SOC maturity. Continue Reading
By- Amy Larsen DeCarlo, GlobalData
-
Feature
17 May 2024
Balancing generative AI cybersecurity risks and rewards
At the MIT Sloan CIO Symposium, enterprise leaders grappled with AI's benefits and risks, emphasizing the need for cross-team collaboration, security controls and responsible AI. Continue Reading
By- Olivia Wisbey, Associate Site Editor
-
Feature
16 May 2024
Worldcoin explained: Everything you need to know
Sam Altman's Worldcoin uses iris scans for unique identification with plans to expand for wider adoption of a global currency on the blockchain. However, there are privacy concerns. Continue Reading
By- Amanda Hetler, Senior Editor
-
Definition
14 May 2024
cloud-native application protection platform (CNAPP)
Cloud-native application protection platform, or CNAPP, is a software product that bundles multiple cloud security tools into one package, thereby delivering a holistic approach for securing an organization's cloud infrastructure, its cloud-native applications and its cloud workloads. Continue Reading
-
Definition
14 May 2024
ransomware recovery
Ransomware recovery is the process of resuming operations following a cyberattack that demands payment in exchange for unlocking encrypted data. Continue Reading
By- Paul Crocetti, Executive Editor
-
Definition
13 May 2024
ISO/TS 22317 (International Organization for Standardization Technical Standard 22317)
ISO/TS 22317 is the first formal standard to address the business impact analysis process. Continue Reading
By- Paul Kirvan
- Paul Crocetti, Executive Editor
-
Tip
13 May 2024
How to create a cloud security policy, step by step
What are the necessary components of a cloud security policy, and why should an organization go to the trouble to create one? Download a template to get the process started. Continue Reading
By -
News
10 May 2024
US officials optimistic on AI but warn of risks, abuse
Federal government leaders at RSA Conference 2024 touted the benefits of AI pilot programs but also outlined how a variety of threat actors are currently abusing the technology. Continue Reading
By- Rob Wright, Senior News Director
-
News
09 May 2024
'Secure by design' makes waves at RSA Conference 2024
Cybersecurity vendors and public sector organizations heavily promoted the secure by design approach, particularly for generative AI tools and projects. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
08 May 2024
Experts highlight progress, challenges for election security
Infosec professionals at RSA Conference 2024 discuss digital and physical security challenges for election cycles across the globe in a post-COVID-19 landscape. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
08 May 2024
White House: Threats to critical infrastructure are 'severe'
While the White House released the new National Cybersecurity Strategy last year to help combat threats to critical infrastructure organizations, attacks have continued. Continue Reading
By- Arielle Waldman, News Writer
-
News
06 May 2024
Splunk details Sqrrl 'screw-ups' that hampered threat hunting
At RSA Conference 2024, Splunk's David Bianco emphasizes that enterprises need revamped threat hunting frameworks to help with threat detection and response challenges. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
06 May 2024
cloud infrastructure entitlement management (CIEM)
Cloud infrastructure entitlement management (CIEM) is a discipline for managing identities and privileges in cloud environments. Continue Reading
-
News
24 Apr 2024
Coalition: Insurance claims for Cisco ASA users spiked in 2023
Coalition urged enterprises to be cautious when using Cisco and Fortinet network boundary devices as attackers can leverage the attack vectors to gain initial access. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
23 Apr 2024
Creating a patch management policy: Step-by-step guide
A comprehensive patch management policy is insurance against security vulnerabilities and bugs in networked hardware and software that can disrupt your critical business processes. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
News
16 Apr 2024
OT security vendor Nozomi Networks lands Air Force contract
Nozomi Networks CEO Edgard Capdevielle said the $1.25 million contract will be a guarantee that 'our products will continue to meet the requirements of the Air Force.' Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
10 Apr 2024
Supply chain attack abuses GitHub features to spread malware
Checkmarx warned developers to be cautious when choosing which repositories to use, as attackers are manipulating GitHub features to boost malicious code. Continue Reading
By- Arielle Waldman, News Writer
-
Opinion
10 Apr 2024
5 trends in the cyber insurance evolution
As cyber insurance companies evolve, they will wield more power throughout the industry. Check out five areas where cyber insurance trends are changing the cybersecurity market. Continue Reading
By- Jon Oltsik, Analyst Emeritus
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Definition
03 Apr 2024
AI red teaming
AI red teaming is the practice of simulating attack scenarios on an artificial intelligence application to pinpoint weaknesses and plan preventative measures. Continue Reading
By- Olivia Wisbey, Associate Site Editor
-
Tip
29 Mar 2024
5 tips for building a cybersecurity culture at your company
As a company's cyber-risks evolve, so must its culture. Here are five tips for creating a cybersecurity culture that protects the business and is meaningful for employees. Continue Reading
By- Jerald Murphy, Nemertes Research
-
Opinion
28 Mar 2024
5 areas to help secure your cyber-risk management program
To meet the challenges of managing cyber-risk, organizations need to have a cyber-risk management plan in place. Look at five areas to better secure your organization's assets. Continue Reading
By- David Vance
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Feature
28 Mar 2024
11 core elements of a successful data protection strategy
Your organization's data protection strategy might not include all 11 core elements and associated activities, but the important thing is to have a comprehensive strategy in place. Continue Reading
By -
Tip
22 Mar 2024
Data protection impact assessment template and tips
Conducting a data protection impact assessment is key to evaluating potential risk factors that could pose a serious threat to individuals and their personal information. Continue Reading
By -
Tip
21 Mar 2024
10 remote work cybersecurity risks and how to prevent them
Larger attack surfaces, limited oversight of data use and more vulnerable technologies are among the security risks faced in remote work environments. Continue Reading
-
Feature
14 Mar 2024
JetBrains, Rapid7 clash over vulnerability disclosure policies
In a blog post this week, JetBrains argued that attacks on TeamCity customers were the result of Rapid7 publishing the full technical details of two critical vulnerabilities. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
14 Mar 2024
Practical strategies for shadow IT management
Employees might believe that they need tools beyond the organization's scope. Learn how CIOs and their teams can properly manage shadow IT to avoid unnecessary risk. Continue Reading
By -
Tip
13 Mar 2024
17 potential costs of shadow IT
Companies should be vigilant and consider the significant costs associated with shadow IT. Learn about these overlooked issues and how they affect the organization. Continue Reading
By -
Definition
11 Mar 2024
vulnerability assessment
A vulnerability assessment is the process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructures. Continue Reading
-
News
07 Mar 2024
Former Google engineer charged with stealing AI trade secrets
Linwei Ding, a Chinese national, allegedly evaded Google's data loss prevention systems and stole confidential information to start his own China-based AI company. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
01 Mar 2024
How dynamic malware analysis works
Security teams use dynamic malware analysis to uncover how malware works -- and thereby improve threat hunting and incident detection capabilities. Continue Reading
By -
News
29 Feb 2024
CISA warns Ivanti ICT ineffective for detecting compromises
CISA observed ongoing exploitation against four Ivanti vulnerabilities and found problems with the vendor's Integrity Checker Tool, which is designed to detect compromises. Continue Reading
By- Arielle Waldman, News Writer
-
News
29 Feb 2024
AWS on why CISOs should track 'the metric of no'
AWS' Clarke Rodgers believes that tracking the number of times CISOs say no to line-of-business requests will ultimately help them build a stronger security culture. Continue Reading
By- Rob Wright, Senior News Director
-
Answer
28 Feb 2024
Can ransomware infect backups? 3 tips to protect data
Backing up data is one way to guard against threats such as ransomware, but attacks designed to infect backups can compromise data protection efforts. Continue Reading
By- Mitch Lewis, Evaluator Group
-
News
21 Feb 2024
Coalition: Vulnerability scoring systems falling short
Coalition said enterprises faced more substantial fallout from attacks on Citrix Bleed and Progress Software's MoveIt Transfer due to inadequate vulnerability prioritization. Continue Reading
By- Arielle Waldman, News Writer
-
Feature
21 Feb 2024
Free business continuity testing template for IT pros
Business continuity testing can be a major challenge for any organization. This free template offers ways to incorporate testing into the business continuity management process. Continue Reading
By- Paul Kirvan
- Sonia Lelii, TechTarget
-
Opinion
20 Feb 2024
Why companies need attack surface management in 2024
The attack surface is in a constant state of change and growth -- which is bad news for cyber-risk management. This vulnerability needs to be addressed. Continue Reading
By- Jon Oltsik, Analyst Emeritus
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.