Risk management

A successful risk management plan helps enterprises identify, plan for and mitigate potential risks. Learn about the components of risk management programs, including penetration tests, vulnerability and risk assessments, frameworks, security awareness training and more.

Top Stories

Tip 12 Nov 2024
EDR vs. XDR vs. MDR: Key differences and benefits

One of the most important goals of cybersecurity professionals is to quickly identify potential or in-progress cyberattacks. These three approaches can help. Continue Reading
By
- Paul Kirvan
Tip 12 Nov 2024
5 principles of change management in networking

Network change management includes five principles, including risk analysis and peer review. These best practices can help network teams reduce failed network changes and outages. Continue Reading
By
- Terry Slattery, NetCraftsmen

News 04 Nov 2024
CISA: U.S. election disinformation peddled at massive scale

CISA said the U.S. cybersecurity agency has seen small-scale election incidents 'resulting in no significant impacts to election infrastructure,' such as low-level DDoS attacks. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 01 Nov 2024
What is unified threat management (UTM)?

Unified threat management (UTM) is an information security system that provides a single point of protection against cyberthreats, including viruses, worms, spyware and other malware, as well as network attacks. Continue Reading
By
- Paul Kirvan
- Linda Rosencrance
Tip 28 Oct 2024
Insider threat hunting best practices and tools

Detecting threats coming from inside the organization presents unique challenges. Insider threat hunting helps identify potential threat actors and proactively deal with them. Continue Reading
By
- Jerald Murphy, Nemertes Research
Feature 28 Oct 2024
Types of cybersecurity controls and how to place them

A unilateral cybersecurity approach is ineffective in today's threat landscape. Learn why organizations should implement security controls based on the significance of each asset. Continue Reading
By
- Isabella Harford, TechTarget
- Packt Publishing
Tip 28 Oct 2024
How to achieve crypto-agility and future-proof security

Quantum computing will render current asymmetric encryption algorithms obsolete. Organizations need to deploy crypto-agile systems to remain protected. Continue Reading
By
- Amy Larsen DeCarlo, GlobalData
News 22 Oct 2024
SEC charges 4 companies for downplaying SolarWinds attacks

The U.S. Securities and Exchange Commission fined the companies for misleading investors about intrusions stemming from the SolarWinds supply chain attack. Continue Reading
By
- Arielle Waldman, News Writer
News 17 Oct 2024
Joe Sullivan: CEOs must be held accountable for security too

The former CSO at Uber was found guilty in 2022 of obstruction of justice relating to a breach. Now he's calling for clearer regulatory frameworks for security. Continue Reading
By
- Nicole Laskowski, Senior News Director
Feature 16 Oct 2024
How to define cyber-risk appetite as a security leader

In this excerpt from 'The CISO Evolution: Business Knowledge for Cybersecurity Executives,' learn how to define and communicate an enterprise's true cyber-risk appetite. Continue Reading
By
- Alissa Irei, Senior Site Editor
- Wiley Publishing
News 10 Oct 2024
Coalition: Ransomware severity up 68% in first half of 2024

The cyber insurance carrier examined claims trends for the first half of 2024, which showed policyholders experienced disruptive and increasingly costly ransomware attacks. Continue Reading
By
- Arielle Waldman, News Writer
Definition 09 Oct 2024
What is user behavior analytics (UBA)?

User behavior analytics (UBA) is the tracking, collecting and assessing of user data and activities using monitoring systems. Continue Reading
By
- Cameron Hashemi-Pour, Site Editor
- Peter Loshin, Former Senior Technology Editor
- Madelyn Bacon, TechTarget
Definition 07 Oct 2024
What is risk management? Importance, benefits and guide

Risk management is the process of identifying, assessing and controlling threats to an organization's capital, earnings and operations. Continue Reading
By
- Linda Tucci, Industry Editor -- CIO/IT Strategy
- Craig Stedman, Industry Editor
News 03 Oct 2024
Microsoft SFI progress report elicits cautious optimism

Infosec experts say the Secure Future Initiative progress report shows Microsoft has made important changes to its policies, practices and accountability structures. Continue Reading
By
- Alexander Culafi, Senior News Writer
Opinion 01 Oct 2024
Research reveals strategies to improve cloud-native security

As organizations focus on the cloud to deliver and scale applications, security teams struggle to keep up. Recent research points to how teams can effectively manage cloud security risk. Continue Reading
By
- Melinda Marks, Practice Director
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 23 Sep 2024
Microsoft issues first Secure Future Initiative report

In the first progress report since the launch of its Secure Future Initiative, Microsoft said it's made key improvements to identity and supply chain security. Continue Reading
By
- Arielle Waldman, News Writer
News 19 Sep 2024
Microsoft warns of Russian election threats, disinformation

As the 2024 U.S. presidential election nears, Microsoft detailed new influence campaigns, such as fake videos aimed at discrediting Vice President Kamala Harris. Continue Reading
By
- Arielle Waldman, News Writer
Opinion 18 Sep 2024
Top vulnerability management challenges for organizations

Organizations understand vulnerability management is essential to identifying cyber-risks, but coordinating teams, tools and handling CVEs keeps the pressure on. Continue Reading
By
- Jon Oltsik, Analyst Emeritus
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 18 Sep 2024
Orca: AI services, models falling short on security

New research from Orca Security shows that AI services and models in cloud contain a number of risks and security shortcomings that could be exploited by threat actors. Continue Reading
By
- Arielle Waldman, News Writer
Tip 13 Sep 2024
How AI could change threat detection

AI is changing technology as we know it. Discover how it's already improving organizations' ability to detect cybersecurity threats and how its benefits could grow as AI matures. Continue Reading
By
- Mary K. Pratt
News 12 Sep 2024
Mastercard to acquire Recorded Future for $2.65B

Mastercard says the addition of threat intelligence vendor Recorded Future will bolster its cybersecurity services as threats against the financial sector continue to rise. Continue Reading
By
- Arielle Waldman, News Writer
Opinion 11 Sep 2024
6 steps toward proactive attack surface management

With organizations' attack surfaces growing, new research shows better asset management, tighter access policies like zero trust and consistent configuration standards can help. Continue Reading
By
- Jon Oltsik, Analyst Emeritus
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Tip 10 Sep 2024
Cyber-risk quantification challenges and tools that can help

While cybersecurity risk should inform budget and strategy decisions, quantifying risk and the ROI of mitigation efforts isn't easy. Cyber-risk quantification tools can help. Continue Reading
By
- John Burke, Nemertes Research
Opinion 09 Sep 2024
Cyber-risk management remains challenging

Strong cyber-risk management demands collaboration and coordination across business management, IT operations, security and software development in an ever-changing environment. Continue Reading
By
- Jon Oltsik, Analyst Emeritus
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Tip 09 Sep 2024
How to create an AI acceptable use policy, plus template

With great power comes -- in the case of generative AI -- great security and compliance risks. Learn how an AI acceptable use policy can help ensure safe use of the technology. Continue Reading
By
- Jerald Murphy, Nemertes Research
News 04 Sep 2024
White House unveils plan to improve BGP security

The Office of the National Cyber Director has published a roadmap for internet routing security that outlines recommendations for mitigating BGP hijacking and other threats. Continue Reading
By
- Rob Wright, Senior News Director
News 28 Aug 2024
Infosec experts applaud DOJ lawsuit against Georgia Tech

The Department of Justice joined a whistleblower lawsuit against Georgia Tech for allegedly misleading the Department of Defense about its cybersecurity posture. Continue Reading
By
- Arielle Waldman, News Writer
Answer 28 Aug 2024
Types of hackers: Black hat, white hat, red hat and more

Black, white and gray hats are familiar to security pros, but as the spectrum evolves to include green, blue, red and purple, things get muddled. Brush up on types of hackers. Continue Reading
By
- Sharon Shea, Executive Editor
Podcast 26 Aug 2024
Risk & Repeat: National Public Data breach questions remain

The breach of National Public Data may have put billions of personal records at risk, but the scope of the attack and impact on consumers are still unclear. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 26 Aug 2024
Prepare your small business for ransomware attacks

Ransomware is a threat to all organizations, but small businesses are particularly at risk. Mitigation efforts and recovery planning are key to keep smaller companies in business. Continue Reading
By
- Damon Garn, Cogspinner Coaction
Opinion 16 Aug 2024
Cyber-risk management: Key takeaways from Black Hat 2024

Product updates announced at Black Hat USA 2024 can help security teams better manage constantly changing attack surfaces and ensure new AI projects won't pose security risks. Continue Reading
By
- David Vance
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Opinion 14 Aug 2024
Software testing lessons learned from the CrowdStrike outage

After the recent CrowdStrike outage, organizations are keen to prevent and prepare for potential future disruptions. These key security and quality lessons can help. Continue Reading
By
- Matt Heusser, Excelon Development
News 09 Aug 2024
Evolving threat landscape influencing cyber insurance market

Many aspects of cyber insurance were addressed throughout Black Hat USA 2024, including changes in the threat landscape that affect policies and coverage. Continue Reading
By
- Arielle Waldman, News Writer
News 08 Aug 2024
Zenity CTO on dangers of Microsoft Copilot prompt injections

Zenity's CTO describes how hidden email code can be used to feed malicious prompts to a victim's Copilot instance, leading to false outputs and even credential harvesting. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 08 Aug 2024
What is the Coalition for Secure AI (CoSAI)?

Coalition for Secure AI (CoSAI) is an open source initiative to enhance artificial intelligence's security. Continue Reading
By
- Ava DePasquale
News 07 Aug 2024
CISA: Election infrastructure has never been more secure

CISA Director Jen Easterly emphasized at Black Hat 2024 that election stakeholders cannot be complacent because 'the threat environment has never been so complex.' Continue Reading
By
- Alexander Culafi, Senior News Writer
News 07 Aug 2024
Veracode highlights security risks of GenAI coding tools

At Black Hat USA 2024, Veracode's Chris Wysopal warned of the downstream effects of how generative AI tools are helping developers write code faster. Continue Reading
By
- Arielle Waldman, News Writer
News 07 Aug 2024
Nvidia AI security architect discusses top threats to LLMs

Richard Harang, Nvidia's principal AI and ML security architect, said two of the biggest pain points for LLMs right now are insecure plugins and indirect prompt injections. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 07 Aug 2024
CrowdStrike details errors that led to mass IT outage

CrowdStrike's investigation into the recent defective update found that a 'confluence' of issues led to the release of the channel file last month, causing a mass IT outage. Continue Reading
By
- Rob Wright, Senior News Director
Definition 07 Aug 2024
What is a quality gate?

A quality gate is a milestone in an IT project that requires that predefined criteria be met before the project can proceed to the next phase. Continue Reading
By
- Corinne Bernstein
Guest Post 02 Aug 2024
How blockchain can support third-party risk management

Third-party risk is of significant and growing concern to today's businesses. Explore how blockchain technology could transform third-party risk management for the better. Continue Reading
By
- Jonathan Prewitt, Jeremy A. Sheridan
Feature 31 Jul 2024
8 communications basics the CrowdStrike outage highlights

Communications are critical during an emergency. This is especially true for highly unpredictable disruptions, such as the recent CrowdStrike outage. Continue Reading
By
- Paul Kirvan
News 30 Jul 2024
Researcher: CrowdStrike blunder could benefit open source

Enterprises with the IT talent might turn to open-source software as a backup for commercial products to mitigate damage from a CrowdStrike-like IT outage, researcher said. Continue Reading
By
- Antone Gonsalves, News Director
Opinion 29 Jul 2024
5 key capabilities for effective cyber-risk management

Faced with relentless cyberattacks, organizations need to shore up their cyber-risk management programs by updating legacy tools and checking out new vendor options. Continue Reading
By
- David Vance
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Feature 29 Jul 2024
How the Change Healthcare attack may affect cyber insurance

UnitedHealth's Change Healthcare attack continued to show the devastating aftermath of supply chain attacks. Experts say it could change contingent language for future policies. Continue Reading
By
- Arielle Waldman, News Writer
News 26 Jul 2024
Researcher says deleted GitHub data can be accessed 'forever'

Truffle Security researcher Joe Leon warned GitHub users that deleted repository data is never actually deleted, which creates an "enormous attack vector" for threat actors. Continue Reading
By
- Arielle Waldman, News Writer
News 24 Jul 2024
KnowBe4 catches North Korean hacker posing as IT employee

KnowBe4 says it hired a new principal security engineer for its internal AI team, but quickly detected suspicious activity originating from the employee's workstation. Continue Reading
By
- Arielle Waldman, News Writer
Feature 23 Jul 2024
The ultimate guide to cybersecurity planning for businesses

This in-depth cybersecurity planning guide provides information and advice to help organizations develop a successful strategy to protect their IT systems from attacks. Continue Reading
By
- Craig Stedman, Industry Editor
Definition 22 Jul 2024
What is exposure management?

Exposure management is a cybersecurity approach to protecting exploitable IT assets. Continue Reading
By
- Kyle Johnson, Technology Editor
Opinion 19 Jul 2024
Is today's CrowdStrike outage a sign of the new normal?

A CrowdStrike update with a faulty sensor file has global implications for Windows systems. But competitors need to limit the finger-pointing in case it happens to them. Continue Reading
By
- Gabe Knuth, Senior Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 18 Jul 2024
Judge tosses most of SEC's lawsuit against SolarWinds

A judge dismissed many of the charges in the U.S. Securities and Exchange Commission's lawsuit against SolarWinds and its CISO, Timothy Brown, though some charges remain. Continue Reading
By
- Rob Wright, Senior News Director
Tip 18 Jul 2024
How to conduct a cloud security assessment

Cloud computing presents organizations of all types with a nearly endless array of security challenges. Is your security team keeping up – and how do you know? Continue Reading
By
- Dave Shackleford, Voodoo Security
Feature 12 Jul 2024
Top enterprise risk management certifications to consider

Certifications are essential to many careers. Here are some useful enterprise risk management certifications for risk managers, IT professionals and other workers. Continue Reading
By
- Sean Michael Kerner
Definition 05 Jul 2024
What is a cyber attack? How they work and how to stop them

A cyber attack is any malicious attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Mary K. Pratt
Tip 26 Jun 2024
The 4 phases of emergency management

To effectively recover from a disruptive incident, IT and DR teams must have a plan in place. This guide breaks down the four phases of an emergency management plan. Continue Reading
By
- Paul Kirvan
News 24 Jun 2024
Corvus: Cyber insurance premiums see 'stabilization'

Corvus Insurance's Peter Hedberg provided insight into the cyber insurance landscape after a tumultuous 2023 and what enterprises can expect moving forward. Continue Reading
By
- Arielle Waldman, News Writer
Definition 20 Jun 2024
self-driving car (autonomous car or driverless car)

A self-driving car -- sometimes called an autonomous car or driverless car -- is a vehicle that uses a combination of sensors, cameras, radar and artificial intelligence (AI) to travel between destinations without a human operator. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Ben Lutkevich, Site Editor
News 17 Jun 2024
Alex Stamos on how to break the cycle of security mistakes

In an interview, SentinelOne's Alex Stamos discussed the importance of security by design and why it needs to be applied to emerging technologies, including generative AI. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 13 Jun 2024
5 cybersecurity risks and challenges in supply chain

Supply chains have a range of connection points -- and vulnerabilities. Learn which vulnerabilities hackers look for first and how leaders can fend them off. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Definition 12 Jun 2024
data protection impact assessment (DPIA)

A data protection impact assessment (DPIA) is a process designed to help organizations determine how data processing systems, procedures or technologies affect individuals' privacy and eliminate any risks that might violate compliance. Continue Reading
By
- Cameron Hashemi-Pour, Site Editor
- Corinne Bernstein
Definition 07 Jun 2024
IT incident management

IT incident management is a component of IT service management (ITSM) that aims to rapidly restore services to normal following an incident while minimizing adverse effects on the business. Continue Reading
By
- Kinza Yasar, Technical Writer
- Alexander S. Gillis, Technical Writer and Editor
Definition 07 Jun 2024
proof of concept (PoC) exploit

A proof of concept (PoC) exploit is a nonharmful attack against a computer or network. PoC exploits are not meant to cause harm, but to show security weaknesses within software. Continue Reading
By
- Kinza Yasar, Technical Writer
Answer 05 Jun 2024
Reporting ransomware attacks: Steps to take

The Cybersecurity and Infrastructure Security Agency and FBI recommend reporting ransomware attacks to the authorities as soon as possible. This expert advice outlines the process. Continue Reading
By
- Kyle Johnson, Technology Editor
Tip 04 Jun 2024
What to know about SharePoint 2019's end of life

As SharePoint 2019 approaches its end of life, users can expect reduced support. Migration to newer platforms like SharePoint Online can offer ongoing security and functionality. Continue Reading
By
- Jordan Jones
Answer 30 May 2024
The 7 core pillars of a zero-trust architecture

Learn how Forrester's Zero Trust Extended framework can help IT leaders identify, organize and implement the appropriate cybersecurity tools for a zero-trust framework. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Answer 30 May 2024
Top 6 benefits of zero-trust security for businesses

The zero-trust security model demands infosec leaders take a holistic approach to IT infrastructure security. Learn about the top six business benefits of zero trust here. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Opinion 28 May 2024
RSAC 2024: Infosec pros battle to stay ahead of the bad guys

This year's RSA Conference strived to inspire IT professionals to be pragmatic with generative AI tools while using the latest technologies to bolster security. Continue Reading
By
- Melinda Marks, Practice Director
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 28 May 2024
How AI could bolster software supply chain security

Supply chain risks have become more complicated and continue to affect a variety of organizations, but Synopsys' Tim Mackey believes AI could help create more secure software. Continue Reading
By
- Arielle Waldman, News Writer
Definition 23 May 2024
Regulation SCI (Regulation Systems Compliance and Integrity)

Regulation SCI (Regulation Systems Compliance and Integrity) is a set of rules adopted by the U.S. Securities and Exchange Commission (SEC) to monitor the security and capabilities of U.S. securities markets' technology infrastructure. Continue Reading
By
- Rahul Awati
- Aislyn Fredsall
Definition 23 May 2024
virtual firewall

A virtual firewall is a firewall device or service that provides network traffic filtering and monitoring for virtual machines (VMs) in a virtualized environment. Continue Reading
By
- Kinza Yasar, Technical Writer
- Linda Rosencrance
Opinion 22 May 2024
10 risk-related security updates you might have missed at RSAC

AI was a prominent theme at RSA Conference, but many security vendors also delivered risk-focused capabilities to help infosec pros better manage their risk posture. Continue Reading
By
- David Vance
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 22 May 2024
Arctic Wolf CPO: Most AI deployment is generic, 'pretty weak'

Dan Schiappa, chief product officer at Arctic Wolf, said that while generative AI technology has enormous potential, many companies are deploying it for the wrong reasons. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 21 May 2024
5 Mitre ATT&CK framework use cases

The Mitre ATT&CK framework helps security teams better protect their organizations. Read up on five Mitre ATT&CK use cases to consider adopting, from red teaming to SOC maturity. Continue Reading
By
- Amy Larsen DeCarlo, GlobalData
Feature 17 May 2024
Balancing generative AI cybersecurity risks and rewards

At the MIT Sloan CIO Symposium, enterprise leaders grappled with AI's benefits and risks, emphasizing the need for cross-team collaboration, security controls and responsible AI. Continue Reading
By
- Olivia Wisbey, Associate Site Editor
Feature 16 May 2024
Worldcoin explained: Everything you need to know

Sam Altman's Worldcoin uses iris scans for unique identification with plans to expand for wider adoption of a global currency on the blockchain. However, there are privacy concerns. Continue Reading
By
- Amanda Hetler, Senior Editor
Definition 14 May 2024
cloud-native application protection platform (CNAPP)

Cloud-native application protection platform, or CNAPP, is a software product that bundles multiple cloud security tools into one package, thereby delivering a holistic approach for securing an organization's cloud infrastructure, its cloud-native applications and its cloud workloads. Continue Reading
By
- Mary K. Pratt
Definition 14 May 2024
ransomware recovery

Ransomware recovery is the process of resuming operations following a cyberattack that demands payment in exchange for unlocking encrypted data. Continue Reading
By
- Paul Crocetti, Executive Editor
Definition 13 May 2024
ISO/TS 22317 (International Organization for Standardization Technical Standard 22317)

ISO/TS 22317 is the first formal standard to address the business impact analysis process. Continue Reading
By
- Paul Kirvan
- Paul Crocetti, Executive Editor
Tip 13 May 2024
How to create a cloud security policy, step by step

What are the necessary components of a cloud security policy, and why should an organization go to the trouble to create one? Download a template to get the process started. Continue Reading
By
- Paul Kirvan
News 10 May 2024
US officials optimistic on AI but warn of risks, abuse

Federal government leaders at RSA Conference 2024 touted the benefits of AI pilot programs but also outlined how a variety of threat actors are currently abusing the technology. Continue Reading
By
- Rob Wright, Senior News Director
News 09 May 2024
'Secure by design' makes waves at RSA Conference 2024

Cybersecurity vendors and public sector organizations heavily promoted the secure by design approach, particularly for generative AI tools and projects. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 08 May 2024
Experts highlight progress, challenges for election security

Infosec professionals at RSA Conference 2024 discuss digital and physical security challenges for election cycles across the globe in a post-COVID-19 landscape. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 08 May 2024
White House: Threats to critical infrastructure are 'severe'

While the White House released the new National Cybersecurity Strategy last year to help combat threats to critical infrastructure organizations, attacks have continued. Continue Reading
By
- Arielle Waldman, News Writer
News 06 May 2024
Splunk details Sqrrl 'screw-ups' that hampered threat hunting

At RSA Conference 2024, Splunk's David Bianco emphasizes that enterprises need revamped threat hunting frameworks to help with threat detection and response challenges. Continue Reading
By
- Arielle Waldman, News Writer
Definition 06 May 2024
cloud infrastructure entitlement management (CIEM)

Cloud infrastructure entitlement management (CIEM) is a discipline for managing identities and privileges in cloud environments. Continue Reading
By
- Mary K. Pratt
News 24 Apr 2024
Coalition: Insurance claims for Cisco ASA users spiked in 2023

Coalition urged enterprises to be cautious when using Cisco and Fortinet network boundary devices as attackers can leverage the attack vectors to gain initial access. Continue Reading
By
- Arielle Waldman, News Writer
Tip 23 Apr 2024
Creating a patch management policy: Step-by-step guide

A comprehensive patch management policy is insurance against security vulnerabilities and bugs in networked hardware and software that can disrupt your critical business processes. Continue Reading
By
- Andrew Froehlich, West Gate Networks
News 16 Apr 2024
OT security vendor Nozomi Networks lands Air Force contract

Nozomi Networks CEO Edgard Capdevielle said the $1.25 million contract will be a guarantee that 'our products will continue to meet the requirements of the Air Force.' Continue Reading
By
- Alexander Culafi, Senior News Writer
News 10 Apr 2024
Supply chain attack abuses GitHub features to spread malware

Checkmarx warned developers to be cautious when choosing which repositories to use, as attackers are manipulating GitHub features to boost malicious code. Continue Reading
By
- Arielle Waldman, News Writer
Opinion 10 Apr 2024
5 trends in the cyber insurance evolution

As cyber insurance companies evolve, they will wield more power throughout the industry. Check out five areas where cyber insurance trends are changing the cybersecurity market. Continue Reading
By
- Jon Oltsik, Analyst Emeritus
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Definition 03 Apr 2024
AI red teaming

AI red teaming is the practice of simulating attack scenarios on an artificial intelligence application to pinpoint weaknesses and plan preventative measures. Continue Reading
By
- Olivia Wisbey, Associate Site Editor
Tip 29 Mar 2024
5 tips for building a cybersecurity culture at your company

As a company's cyber-risks evolve, so must its culture. Here are five tips for creating a cybersecurity culture that protects the business and is meaningful for employees. Continue Reading
By
- Jerald Murphy, Nemertes Research
Opinion 28 Mar 2024
5 areas to help secure your cyber-risk management program

To meet the challenges of managing cyber-risk, organizations need to have a cyber-risk management plan in place. Look at five areas to better secure your organization's assets. Continue Reading
By
- David Vance
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Feature 28 Mar 2024
11 core elements of a successful data protection strategy

Your organization's data protection strategy might not include all 11 core elements and associated activities, but the important thing is to have a comprehensive strategy in place. Continue Reading
By
- Paul Kirvan
Tip 22 Mar 2024
Data protection impact assessment template and tips

Conducting a data protection impact assessment is key to evaluating potential risk factors that could pose a serious threat to individuals and their personal information. Continue Reading
By
- Paul Kirvan
Tip 21 Mar 2024
10 remote work cybersecurity risks and how to prevent them

Larger attack surfaces, limited oversight of data use and more vulnerable technologies are among the security risks faced in remote work environments. Continue Reading
By
- Mary K. Pratt
Feature 14 Mar 2024
JetBrains, Rapid7 clash over vulnerability disclosure policies

In a blog post this week, JetBrains argued that attacks on TeamCity customers were the result of Rapid7 publishing the full technical details of two critical vulnerabilities. Continue Reading
By
- Arielle Waldman, News Writer
Tip 14 Mar 2024
Practical strategies for shadow IT management

Employees might believe that they need tools beyond the organization's scope. Learn how CIOs and their teams can properly manage shadow IT to avoid unnecessary risk. Continue Reading
By
- Paul Kirvan
Tip 13 Mar 2024
17 potential costs of shadow IT

Companies should be vigilant and consider the significant costs associated with shadow IT. Learn about these overlooked issues and how they affect the organization. Continue Reading
By
- Paul Kirvan
Definition 11 Mar 2024
vulnerability assessment

A vulnerability assessment is the process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructures. Continue Reading
By
- TechTarget Contributor
News 07 Mar 2024
Former Google engineer charged with stealing AI trade secrets

Linwei Ding, a Chinese national, allegedly evaded Google's data loss prevention systems and stole confidential information to start his own China-based AI company. Continue Reading
By
- Arielle Waldman, News Writer
Tip 01 Mar 2024
How dynamic malware analysis works

Security teams use dynamic malware analysis to uncover how malware works -- and thereby improve threat hunting and incident detection capabilities. Continue Reading
By
- Rob Shapland