Risk management

A successful risk management plan helps enterprises identify, plan for and mitigate potential risks. Learn about the components of risk management programs, including penetration tests, vulnerability and risk assessments, frameworks, security awareness training and more.

Top Stories

Tip 17 Apr 2025
Building mobile security awareness training for end users

Do concerns of malware, social engineering and unpatched software on employee mobile devices have you up at night? One good place to start is mobile security awareness training. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Tip 17 Apr 2025
Tips to find cyber insurance coverage in 2025

Most businesses have a form of cyber insurance, either through cyber liability and data breach endorsements in traditional business policies or through standalone cyber policies. Continue Reading
By
- Kathleen Richards

Definition 05 Jul 2024
What is a cyber attack? How they work and how to stop them

A cyber attack is any malicious attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Mary K. Pratt
Tip 26 Jun 2024
The 4 phases of emergency management

To effectively recover from a disruptive incident, IT and DR teams must have a plan in place. This guide breaks down the four phases of an emergency management plan. Continue Reading
By
- Paul Kirvan
News 24 Jun 2024
Corvus: Cyber insurance premiums see 'stabilization'

Corvus Insurance's Peter Hedberg provided insight into the cyber insurance landscape after a tumultuous 2023 and what enterprises can expect moving forward. Continue Reading
By
- Arielle Waldman, News Writer
Definition 20 Jun 2024
self-driving car (autonomous car or driverless car)

A self-driving car -- sometimes called an autonomous car or driverless car -- is a vehicle that uses a combination of sensors, cameras, radar and artificial intelligence (AI) to travel between destinations without a human operator. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Ben Lutkevich, Site Editor
News 17 Jun 2024
Alex Stamos on how to break the cycle of security mistakes

In an interview, SentinelOne's Alex Stamos discussed the importance of security by design and why it needs to be applied to emerging technologies, including generative AI. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 13 Jun 2024
5 cybersecurity risks and challenges in supply chain

Supply chains have a range of connection points -- and vulnerabilities. Learn which vulnerabilities hackers look for first and how leaders can fend them off. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Definition 12 Jun 2024
data protection impact assessment (DPIA)

A data protection impact assessment (DPIA) is a process designed to help organizations determine how data processing systems, procedures or technologies affect individuals' privacy and eliminate any risks that might violate compliance. Continue Reading
By
- Cameron Hashemi-Pour, Former Site Editor
- Corinne Bernstein
Definition 07 Jun 2024
IT incident management

IT incident management is a component of IT service management (ITSM) that aims to rapidly restore services to normal following an incident while minimizing adverse effects on the business. Continue Reading
By
- Kinza Yasar, Technical Writer
- Alexander S. Gillis, Technical Writer and Editor
Definition 07 Jun 2024
proof of concept (PoC) exploit

A proof of concept (PoC) exploit is a nonharmful attack against a computer or network. PoC exploits are not meant to cause harm, but to show security weaknesses within software. Continue Reading
By
- Kinza Yasar, Technical Writer
Tip 04 Jun 2024
What to know about SharePoint 2019's end of life

As SharePoint 2019 approaches its end of life, users can expect reduced support. Migration to newer platforms like SharePoint Online can offer ongoing security and functionality. Continue Reading
By
- Jordan Jones
Answer 30 May 2024
The 7 core pillars of a zero-trust architecture

Learn how Forrester's Zero Trust Extended framework can help IT leaders identify, organize and implement the appropriate cybersecurity tools for a zero-trust framework. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Answer 30 May 2024
Top 6 benefits of zero-trust security for businesses

The zero-trust security model demands infosec leaders take a holistic approach to IT infrastructure security. Learn about the top six business benefits of zero trust here. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Opinion 28 May 2024
RSAC 2024: Infosec pros battle to stay ahead of the bad guys

This year's RSA Conference strived to inspire IT professionals to be pragmatic with generative AI tools while using the latest technologies to bolster security. Continue Reading
By
- Melinda Marks, Practice Director
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 28 May 2024
How AI could bolster software supply chain security

Supply chain risks have become more complicated and continue to affect a variety of organizations, but Synopsys' Tim Mackey believes AI could help create more secure software. Continue Reading
By
- Arielle Waldman, News Writer
Definition 23 May 2024
Regulation SCI (Regulation Systems Compliance and Integrity)

Regulation SCI (Regulation Systems Compliance and Integrity) is a set of rules adopted by the U.S. Securities and Exchange Commission (SEC) to monitor the security and capabilities of U.S. securities markets' technology infrastructure. Continue Reading
By
- Rahul Awati
- Aislyn Fredsall
Definition 23 May 2024
virtual firewall

A virtual firewall is a firewall device or service that provides network traffic filtering and monitoring for virtual machines (VMs) in a virtualized environment. Continue Reading
By
- Kinza Yasar, Technical Writer
- Linda Rosencrance
Opinion 22 May 2024
10 risk-related security updates you might have missed at RSAC

AI was a prominent theme at RSA Conference, but many security vendors also delivered risk-focused capabilities to help infosec pros better manage their risk posture. Continue Reading
By
- David Vance
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 22 May 2024
Arctic Wolf CPO: Most AI deployment is generic, 'pretty weak'

Dan Schiappa, chief product officer at Arctic Wolf, said that while generative AI technology has enormous potential, many companies are deploying it for the wrong reasons. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 21 May 2024
5 Mitre ATT&CK framework use cases

The Mitre ATT&CK framework helps security teams better protect their organizations. Read up on five Mitre ATT&CK use cases to consider adopting, from red teaming to SOC maturity. Continue Reading
By
- Amy Larsen DeCarlo, GlobalData
Feature 17 May 2024
Balancing generative AI cybersecurity risks and rewards

At the MIT Sloan CIO Symposium, enterprise leaders grappled with AI's benefits and risks, emphasizing the need for cross-team collaboration, security controls and responsible AI. Continue Reading
By
- Olivia Wisbey, Associate Site Editor
Feature 16 May 2024
Worldcoin explained: Everything you need to know

Sam Altman's Worldcoin uses iris scans for unique identification with plans to expand for wider adoption of a global currency on the blockchain. However, there are privacy concerns. Continue Reading
By
- Amanda Hetler, Senior Editor
Definition 14 May 2024
cloud-native application protection platform (CNAPP)

Cloud-native application protection platform, or CNAPP, is a software product that bundles multiple cloud security tools into one package, thereby delivering a holistic approach for securing an organization's cloud infrastructure, its cloud-native applications and its cloud workloads. Continue Reading
By
- Mary K. Pratt
Definition 14 May 2024
ransomware recovery

Ransomware recovery is the process of resuming operations following a cyberattack that demands payment in exchange for unlocking encrypted data. Continue Reading
By
- Paul Crocetti, Executive Editor
Definition 13 May 2024
ISO/TS 22317 (International Organization for Standardization Technical Standard 22317)

ISO/TS 22317 is the first formal standard to address the business impact analysis process. Continue Reading
By
- Paul Kirvan
- Paul Crocetti, Executive Editor
Tip 13 May 2024
How to create a cloud security policy, step by step

What are the necessary components of a cloud security policy, and why should an organization go to the trouble to create one? Download a template to get the process started. Continue Reading
By
- Paul Kirvan
News 10 May 2024
US officials optimistic on AI but warn of risks, abuse

Federal government leaders at RSA Conference 2024 touted the benefits of AI pilot programs but also outlined how a variety of threat actors are currently abusing the technology. Continue Reading
By
- Rob Wright, Senior News Director
News 09 May 2024
'Secure by design' makes waves at RSA Conference 2024

Cybersecurity vendors and public sector organizations heavily promoted the secure by design approach, particularly for generative AI tools and projects. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 08 May 2024
Experts highlight progress, challenges for election security

Infosec professionals at RSA Conference 2024 discuss digital and physical security challenges for election cycles across the globe in a post-COVID-19 landscape. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 08 May 2024
White House: Threats to critical infrastructure are 'severe'

While the White House released the new National Cybersecurity Strategy last year to help combat threats to critical infrastructure organizations, attacks have continued. Continue Reading
By
- Arielle Waldman, News Writer
News 06 May 2024
Splunk details Sqrrl 'screw-ups' that hampered threat hunting

At RSA Conference 2024, Splunk's David Bianco emphasizes that enterprises need revamped threat hunting frameworks to help with threat detection and response challenges. Continue Reading
By
- Arielle Waldman, News Writer
Definition 06 May 2024
cloud infrastructure entitlement management (CIEM)

Cloud infrastructure entitlement management (CIEM) is a discipline for managing identities and privileges in cloud environments. Continue Reading
By
- Mary K. Pratt
News 24 Apr 2024
Coalition: Insurance claims for Cisco ASA users spiked in 2023

Coalition urged enterprises to be cautious when using Cisco and Fortinet network boundary devices as attackers can leverage the attack vectors to gain initial access. Continue Reading
By
- Arielle Waldman, News Writer
Tip 23 Apr 2024
Creating a patch management policy: Step-by-step guide

A comprehensive patch management policy is insurance against security vulnerabilities and bugs in networked hardware and software that can disrupt your critical business processes. Continue Reading
By
- Andrew Froehlich, West Gate Networks
News 16 Apr 2024
OT security vendor Nozomi Networks lands Air Force contract

Nozomi Networks CEO Edgard Capdevielle said the $1.25 million contract will be a guarantee that 'our products will continue to meet the requirements of the Air Force.' Continue Reading
By
- Alexander Culafi, Senior News Writer
News 10 Apr 2024
Supply chain attack abuses GitHub features to spread malware

Checkmarx warned developers to be cautious when choosing which repositories to use, as attackers are manipulating GitHub features to boost malicious code. Continue Reading
By
- Arielle Waldman, News Writer
Opinion 10 Apr 2024
5 trends in the cyber insurance evolution

As cyber insurance companies evolve, they will wield more power throughout the industry. Check out five areas where cyber insurance trends are changing the cybersecurity market. Continue Reading
By
- Jon Oltsik, Analyst Emeritus
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Tip 29 Mar 2024
5 tips for building a cybersecurity culture at your company

As a company's cyber-risks evolve, so must its culture. Here are five tips for creating a cybersecurity culture that protects the business and is meaningful for employees. Continue Reading
By
- Jerald Murphy, Nemertes Research
Opinion 28 Mar 2024
5 areas to help secure your cyber-risk management program

To meet the challenges of managing cyber-risk, organizations need to have a cyber-risk management plan in place. Look at five areas to better secure your organization's assets. Continue Reading
By
- David Vance
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Feature 28 Mar 2024
11 core elements of a successful data protection strategy

Your organization's data protection strategy might not include all 11 core elements and associated activities, but the important thing is to have a comprehensive strategy in place. Continue Reading
By
- Paul Kirvan
Tip 22 Mar 2024
Data protection impact assessment template and tips

Conducting a data protection impact assessment is key to evaluating potential risk factors that could pose a serious threat to individuals and their personal information. Continue Reading
By
- Paul Kirvan
Tip 21 Mar 2024
10 remote work cybersecurity risks and how to prevent them

Larger attack surfaces, limited oversight of data use and more vulnerable technologies are among the security risks faced in remote work environments. Continue Reading
By
- Mary K. Pratt
Feature 14 Mar 2024
JetBrains, Rapid7 clash over vulnerability disclosure policies

In a blog post this week, JetBrains argued that attacks on TeamCity customers were the result of Rapid7 publishing the full technical details of two critical vulnerabilities. Continue Reading
By
- Arielle Waldman, News Writer
Tip 14 Mar 2024
Practical strategies for shadow IT management

Employees might believe that they need tools beyond the organization's scope. Learn how CIOs and their teams can properly manage shadow IT to avoid unnecessary risk. Continue Reading
By
- Paul Kirvan
Tip 13 Mar 2024
17 potential costs of shadow IT

Companies should be vigilant and consider the significant costs associated with shadow IT. Learn about these overlooked issues and how they affect the organization. Continue Reading
By
- Paul Kirvan
Definition 11 Mar 2024
vulnerability assessment

A vulnerability assessment is the process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructures. Continue Reading
By
- TechTarget Contributor
News 07 Mar 2024
Former Google engineer charged with stealing AI trade secrets

Linwei Ding, a Chinese national, allegedly evaded Google's data loss prevention systems and stole confidential information to start his own China-based AI company. Continue Reading
By
- Arielle Waldman, News Writer
Tip 01 Mar 2024
How dynamic malware analysis works

Security teams use dynamic malware analysis to uncover how malware works -- and thereby improve threat hunting and incident detection capabilities. Continue Reading
By
- Rob Shapland
News 29 Feb 2024
CISA warns Ivanti ICT ineffective for detecting compromises

CISA observed ongoing exploitation against four Ivanti vulnerabilities and found problems with the vendor's Integrity Checker Tool, which is designed to detect compromises. Continue Reading
By
- Arielle Waldman, News Writer
News 29 Feb 2024
AWS on why CISOs should track 'the metric of no'

AWS' Clarke Rodgers believes that tracking the number of times CISOs say no to line-of-business requests will ultimately help them build a stronger security culture. Continue Reading
By
- Rob Wright, Senior News Director
News 21 Feb 2024
Coalition: Vulnerability scoring systems falling short

Coalition said enterprises faced more substantial fallout from attacks on Citrix Bleed and Progress Software's MoveIt Transfer due to inadequate vulnerability prioritization. Continue Reading
By
- Arielle Waldman, News Writer
Feature 21 Feb 2024
Free business continuity testing template for IT pros

Business continuity testing can be a major challenge for any organization. This free template offers ways to incorporate testing into the business continuity management process. Continue Reading
By
- Paul Kirvan
- Sonia Lelii, TechTarget
Opinion 20 Feb 2024
Why companies need attack surface management in 2024

The attack surface is in a constant state of change and growth -- which is bad news for cyber-risk management. This vulnerability needs to be addressed. Continue Reading
By
- Jon Oltsik, Analyst Emeritus
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Tip 15 Feb 2024
How to craft cyber-risk statements that work, with examples

A cyber-risk statement should be clear, concise and simple -- but that doesn't mean it's easy to write. Get tips and read our cyber-risk statement examples. Continue Reading
By
- Jerald Murphy, Nemertes Research
Tip 13 Feb 2024
How to conduct a social engineering penetration test

Social engineering attacks are becoming more sophisticated and more damaging. Penetration testing is one of the best ways to learn how to safeguard your systems against attack. Continue Reading
By
- Paul Kirvan
Feature 13 Feb 2024
Ransomware preparedness kicks off 2024 summit series

BrightTALK commenced the new year with ransomware readiness, giving viewers workable tips to prevent and recover from a devastating attack. Check out some highlights here. Continue Reading
By
- Alicia Landsberg, Senior Managing Editor
Tip 12 Feb 2024
Top metaverse cybersecurity challenges: How to address them

As the metaverse takes shape, companies must consider a slew of new cybersecurity challenges and how to deal with them. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
Guest Post 09 Feb 2024
Cybersecurity governance: A path to cyber maturity

Organizations need cybersecurity governance programs that make every employee aware of the cybersecurity mitigation efforts required to reduce cyber-risks. Continue Reading
By
- Pam Nigro
Tip 06 Feb 2024
8 dangers of shadow IT and how to manage them

Unauthorized devices, software and system changes -- and other forms of shadow IT -- can expose organizations to a range of security risks. Here are ways to manage them. Continue Reading
By
- Paul Kirvan
Tip 05 Feb 2024
Shadow AI poses new generation of threats to enterprise IT

AI is all the rage -- and so is shadow AI. Learn how unsanctioned use of generative AI tools can open organizations up to significant risks and what to do about it. Continue Reading
By
- John Burke, Nemertes Research
- Alissa Irei, Senior Site Editor
News 30 Jan 2024
Corvus: 2023 was a 'record-breaking' ransomware year

The insurance company analyzed claims data and ransomware gangs' data leak sites, which suggests as many as 7,600 organizations across the globe were attacked in 2023. Continue Reading
By
- Arielle Waldman, News Writer
Tip 30 Jan 2024
Why organizations need risk-based vulnerability management

As organizations become increasingly dispersed, they need a risk-based vulnerability management approach to achieve the best protection against cybersecurity threats. Continue Reading
By
- Mike Chapple, University of Notre Dame
Tip 29 Jan 2024
How to rank and prioritize security vulnerabilities in 3 steps

Vulnerability management programs gather massive amounts of data on security weaknesses. Security teams should learn how to rank vulnerabilities to quickly fix the biggest issues. Continue Reading
By
- Mike Chapple, University of Notre Dame
Tip 29 Jan 2024
Cybersecurity skills gap: Why it exists and how to address it

The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
News 24 Jan 2024
NCSC says AI will increase ransomware, cyberthreats

While other threats are likely to increase as well, the U.K.'s National Cyber Security Centre warns that threat actors will use AI to continue the influx of ransomware attacks. Continue Reading
By
- Arielle Waldman, News Writer
Tip 23 Jan 2024
How to avoid malware on Linux systems

Malware attacks are devastating to companies, and there is no exception for Linux systems. Consider updating systems and assigning correct permissions. Continue Reading
By
- Jack Wallen
Tip 22 Jan 2024
Business continuity vs. disaster recovery vs. incident response

To stay in business, expect the unexpected. Learn how business continuity, disaster recovery and incident response differ -- and why organizations need plans for all three. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
- Alissa Irei, Senior Site Editor
Definition 19 Jan 2024
security incident

A security incident is an event that could indicate that an organization's systems or data have been compromised or that security measures put in place to protect them have failed. Continue Reading
By
- Kinza Yasar, Technical Writer
- Mary E. Shacklett, Transworld Data
- Ivy Wigmore
Tip 19 Jan 2024
On premises vs. cloud pros and cons, key differences

Immersed in the 'should I stay or should I go' cloud migration debate? Before vacating the premises and moving 'up there,' ponder these advantages and disadvantages. Continue Reading
By
- Zachary Flower, Freelance web developer and writer
- Ron Karjian, Industry Editor
Tip 18 Jan 2024
How to perform a cybersecurity risk assessment in 5 steps

This five-step framework for performing a cybersecurity risk assessment will help your organization prevent and reduce costly security incidents and avoid compliance issues. Continue Reading
By
- Michael Cobb
Feature 17 Jan 2024
CISOs on alert following SEC charges against SolarWinds

The Securities and Exchange Commission announced charges against SolarWinds and its CISO in October, but will it help improve transparency or simply scare infosec executives? Continue Reading
By
- Arielle Waldman, News Writer
Tip 17 Jan 2024
Incident management vs. incident response explained

While even many seasoned cybersecurity leaders use the terms 'incident management' and 'incident response' interchangeably, they aren't technically synonymous. Continue Reading
By
- Rob Shapland
Tip 12 Jan 2024
How to recycle mobile phones in the enterprise

Mobile device disposal requires careful planning. IT teams must learn how to recycle mobile phones to keep e-waste out of landfills and enterprise data out of the wrong hands. Continue Reading
By
- Marius Sandbu, Sopra Steria
Definition 12 Jan 2024
What is hybrid cloud? The ultimate guide

A hybrid cloud is a cloud computing environment that uses a mix of on-premises, private cloud and third-party public cloud services with orchestration among these platforms. Continue Reading
By
- Stephen J. Bigelow, Senior Technology Editor
- Ron Karjian, Industry Editor
Tip 11 Jan 2024
How to securely recycle enterprise computers

No matter how an organization wants to retire a device when it reaches its end of life, IT must first ensure that any sensitive data on it has been properly destroyed. Continue Reading
By
- Marius Sandbu, Sopra Steria
Definition 09 Jan 2024
sandbox

A sandbox is an isolated testing environment that enables users to run programs or open files without affecting the application, system or platform on which they run. Continue Reading
By
- TechTarget Contributor
Tip 05 Jan 2024
7 keys to an effective hybrid cloud migration strategy

Cloud readiness, storage costs, network lag and metrics can make or break the choice to move data, applications and workloads to today's more complex hybrid cloud environment. Continue Reading
By
- Brian Kirsch, Milwaukee Area Technical College
News 04 Jan 2024
December ransomware attacks disrupt healthcare organizations

Two attacks last month exposed the sensitive information of more than 3 million individuals as ransomware attacks continued to disrupt networks and expose private data. Continue Reading
By
- Arielle Waldman, News Writer
Tip 04 Jan 2024
8 hybrid cloud security challenges and how to manage them

Hybrid cloud's benefits are many and varied but so are the security issues surrounding integration, compatibility, governance, compliance, APIs, visibility and responsibility. Continue Reading
By
- Kathleen Richards
Feature 03 Jan 2024
Why effective cybersecurity is important for businesses

Cyber attacks can have serious financial and business consequences for companies, which makes implementing strong cybersecurity protections a critical step. Continue Reading
By
- Mary K. Pratt
Tip 02 Jan 2024
Pros and cons of 10 common hybrid cloud use cases

For businesses contemplating the advantages and disadvantages of their applications living in a distributed cloud infrastructure, take a cue from these hybrid cloud use cases. Continue Reading
By
- George Lawton
Definition 19 Dec 2023
supply chain risk management (SCRM)

Supply chain risk management (SCRM) is the coordinated efforts of an organization to help identify, monitor, detect and mitigate threats to supply chain continuity and profitability. Continue Reading
By
- Kinza Yasar, Technical Writer
News 14 Dec 2023
Splunk: AI isn't making spear phishing more effective

While new research shows AI tools won't make it easier for adversaries to conduct successful phishing attacks, social engineering awareness should remain a priority. Continue Reading
By
- Arielle Waldman, News Writer
Tip 14 Dec 2023
How an AI governance framework can strengthen security

Learn how AI governance frameworks promote security and compliance in enterprise AI deployments with essential components such as risk analysis, access control and incident response. Continue Reading
By
- Jerald Murphy, Nemertes Research
News 06 Dec 2023
Forescout uncovers 21 Sierra Wireless router vulnerabilities

Forescout is urging enterprises to patch software for affected OT/IoT routers as attackers increasingly target edge devices to gain network access to critical infrastructure. Continue Reading
By
- Arielle Waldman, News Writer
Tip 01 Dec 2023
7 key OT security best practices

Keeping operational technology secure requires vigilance and effort, especially as OT increasingly converges with IT. These cybersecurity best practices can help. Continue Reading
By
- Jerald Murphy, Nemertes Research
News 22 Nov 2023
CISA relaunches working group on cyber insurance, ransomware

Following a hiatus, the Cybersecurity Insurance and Data Analysis Working Group will relaunch in December to determine which security measures are most effective to reduce risk. Continue Reading
By
- Arielle Waldman, News Writer
Tip 21 Nov 2023
6 best practices for a records management strategy

A records management strategy can boost efficiency and reduce compliance risk. To create this strategy, organizations must first identify business and legal requirements. Continue Reading
By
- Laurence Hart, CGI Federal
Tip 17 Nov 2023
AI in risk management: Top benefits and challenges explained

AI and machine learning tools can aid in risk management programs. Here are the potential benefits, use cases and challenges your organization needs to know about. Continue Reading
By
- Dave Shackleford, Voodoo Security
Feature 17 Nov 2023
5 core steps in the risk management process

Implementing an effective risk management process is a key part of managing business risks. Follow these five steps to ensure a successful process. Continue Reading
By
- Greg Witte, Huntington Ingalls Industries Inc.
Definition 14 Nov 2023
FTC (Federal Trade Commission)

The FTC, or Federal Trade Commission, is a United States federal regulatory agency designed to monitor and prevent anticompetitive, deceptive or unfair business practices. Continue Reading
By
- Ben Cole, Executive Editor
Opinion 08 Nov 2023
Research points to 5 ways to improve cybersecurity culture

Respondents to a new Enterprise Strategy Group/ISSA survey offered five key points on how to strengthen an organization's cybersecurity culture. Continue Reading
By
- Jon Oltsik, Analyst Emeritus
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Tip 07 Nov 2023
7 useful hardware pen testing tools

Penetration testers use a variety of hardware to conduct security assessments, including a powerful laptop, Raspberry Pi, Rubber Ducky and more. Continue Reading
By
- Rob Shapland
Definition 03 Nov 2023
cybersecurity asset management (CSAM)

Cybersecurity asset management (CSAM) is the process created to continuously discover, inventory, monitor, manage and track an organization's assets to determine what those assets do and identify and automatically remediate any gaps in its cybersecurity protections. Continue Reading
By
- Andrew Froehlich, West Gate Networks
News 31 Oct 2023
SEC charges SolarWinds for security failures, fraud

The SEC accused SolarWinds and CISO Timothy Brown of hiding known cybersecurity risks that were further highlighted by the supply chain attack revealed in 2020. Continue Reading
By
- Arielle Waldman, News Writer
Definition 30 Oct 2023
ISO 27002 (International Organization for Standardization 27002)

The ISO 27002 standard is a collection of information security management guidelines that are intended to help an organization implement, maintain and improve its information security management. Continue Reading
By
- Paul Kirvan
- Ben Cole, Executive Editor
Tip 27 Oct 2023
How to create a cybersecurity awareness training program

Cybersecurity awareness training often misses the mark, leaving employees undereducated and organizations vulnerable to attack. Here's how to succeed where too many fail. Continue Reading
By
- Alissa Irei, Senior Site Editor
- Mike Chapple, University of Notre Dame
Definition 25 Oct 2023
integrated risk management (IRM)

Integrated risk management (IRM) is a set of proactive, businesswide practices that contribute to an organization's security, risk tolerance profile and strategic decisions. Continue Reading
By
- Nick Barney, Technology Writer
- Wesley Chai
News 24 Oct 2023
JPMorgan Chase CISO explains why he's an 'AI optimist'

Pat Opet, CISO at JPMorgan Chase & Co., discussed how the financial services giant invests in cybersecurity and where generative AI could provide game-changing benefits. Continue Reading
By
- Rob Wright, Senior News Director
Definition 24 Oct 2023
Plundervolt

Plundervolt is the name of an undervolting attack that targeted Intel central processing units (CPUs). Continue Reading
By
- Ben Lutkevich, Site Editor
Feature 20 Oct 2023
Risk assessment matrix: Free template and usage guide

A risk assessment matrix identifies issues that present the greatest potential for business disruption or damage. Use this free template to focus risk mitigation plans. Continue Reading
By
- Paul Kirvan