Risk management
A successful risk management plan helps enterprises identify, plan for and mitigate potential risks. Learn about the components of risk management programs, including penetration tests, vulnerability and risk assessments, frameworks, security awareness training and more.
Top Stories
-
Guest Post
19 Dec 2024
Add gamification learning to your pen testing training playbook
Organizations that embrace gamification in their pen testing training are better positioned to build and maintain the skilled security teams needed to address evolving threats. Continue Reading
By- Ed Skoudis, SANS Technology Institute
-
Tip
17 Dec 2024
The pros and cons of biometric authentication
Biometric authentication can be a solid supplement to passwords when securing data and systems. But understanding potential drawbacks, and planning to minimize them, is essential. Continue Reading
By- Char Sample, ICF International
-
News
07 Jun 2022
Ransomware Task Force calls for better incident reporting
Michael Phillips, co-chair of the Ransomware Task Force and chief claims officer at Resilience, pointed to a 'data gap' that prohibits a complete picture of the ransomware problem. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
07 Jun 2022
DNI Avril Haines: Cybersecurity is getting harder
During her RSA Conference 2022 keynote, the U.S. Director of National Intelligence discussed the increase in cyber threats, from nation-state attacks to commercial hacking tools. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Feature
01 Jun 2022
How to design architecture for enterprise wireless security
Learn about a five-phase design methodology that will help your company plan for and create an enterprise wireless security architecture. Continue Reading
By- Kyle Johnson, Technology Editor
- Wiley Publishing
-
Feature
01 Jun 2022
Implementing wireless security in the enterprise
Learn how to properly secure your enterprise wireless network while considering UX, zero trust and commonly overlooked architectural mistakes. Continue Reading
By- Kyle Johnson, Technology Editor
-
Tip
26 May 2022
Top 4 source code security best practices
Software supply chain attacks are on the rise. Follow these source code best practices to protect both in-house and third-party code. Continue Reading
By- Karen Scarfone, Scarfone Cybersecurity
-
News
26 May 2022
'Pantsdown' BMC vulnerability still present in Quanta servers
Eclypsium found that a critical security flaw first disclosed in 2019 remains exposed in many internet-facing servers, leaving networks at risk for remote code execution attacks. Continue Reading
-
Tip
25 May 2022
Prepare for deepfake phishing attacks in the enterprise
Deepfake phishing has already cost at least one company $243,000. Learn how cybersecurity leaders can train users to recognize this emerging attack vector. Continue Reading
By- Ashwin Krishnan, StandOutin90Sec
-
Tip
19 May 2022
How to conduct a cyber-war gaming exercise
A successful cyber-war game can help organizations find weaknesses in their system but only if the right participants are involved and an after-action review is completed. Continue Reading
By- Johna Till Johnson, Nemertes Research
-
News
17 May 2022
North Korean IT workers targeting US enterprises
North Korean nationals are looking to land jobs at U.S. and European companies to collect sensitive data that could help the reclusive government's military programs. Continue Reading
-
Feature
02 May 2022
Do phishing simulations work? Sometimes
Phishing simulations are becoming increasingly popular to pinpoint which employees fall victim to scams, but their effectiveness and morality have been called into question. Continue Reading
By- Isabella Harford, TechTarget
-
Feature
28 Apr 2022
Case study: Why it's difficult to attribute nation-state attacks
If two attacks look similar, don't assume they're from the same attacker. It's difficult to attribute nation-state attacks, as evidenced by the notorious 2016 Odinaff malware. Continue Reading
By- Isabella Harford, TechTarget
- No Starch Press
-
Feature
28 Apr 2022
Tips for using a threat profile to prevent nation-state attacks
Is your organization concerned about state-sponsored attacks? Threat profiling can help prevent nation-state attacks. Get advice on how to create an effective threat profile. Continue Reading
By- Isabella Harford, TechTarget
-
News
28 Apr 2022
Phishing attacks benefiting from shady SEO practices
Cybercriminals running phishing operations are now making use of SEO specialists that break Google's rules to get themselves placed above legitimate search results to lure victims. Continue Reading
-
Feature
27 Apr 2022
How to conduct Linux privilege escalations
Learn how to conduct Linux kernel exploitation with Metasploit and manually, as well as how to identify vulnerabilities on Linux using enumeration scripts. Continue Reading
By- Kyle Johnson, Technology Editor
- Packt Publishing
-
Feature
27 Apr 2022
Why companies should focus on preventing privilege escalation
If attackers can elevate privileges once inside a system, their access can be unlimited. Discover common privilege escalation techniques and how to mitigate them. Continue Reading
By- Kyle Johnson, Technology Editor
-
Tip
27 Apr 2022
Best practices for creating an insider threat program
A thorough insider threat program includes plan preparation, threat assessment, and plan review and renewal. Learn how to implement this three-step model to protect your company. Continue Reading
By- Ashwin Krishnan, StandOutin90Sec
-
Feature
22 Apr 2022
An introduction to binary diffing for ethical hackers
Binary diffing is a useful tool in the ethical hacker's arsenal. This excerpt teaches aspiring penetration testers and red teamers how to get started. Continue Reading
By- Alissa Irei, Senior Site Editor
- McGraw Hill Education
-
Feature
22 Apr 2022
Unethical vulnerability disclosures 'a disgrace to our field'
The cybersecurity field needs more people who use their powers for good, the lead author of Gray Hat Hacking: The Ethical Hacker's Handbook, Sixth Edition says. Continue Reading
By- Alissa Irei, Senior Site Editor
-
News
21 Apr 2022
Zero-day vulnerability exploitation soaring, experts say
Researchers with Mandiant and Google Project Zero say they observed significant increases in exploitation of zero-day vulnerabilities over the past year. Continue Reading
-
Tip
21 Apr 2022
7 best practices for Web3 security risk mitigation
Tech builders and businesses evaluating decentralized technologies should keep these seven Web3 security best practices in mind to help mitigate traditional and novel cyber threats. Continue Reading
By- Jessica Groopman, Kaleido Insights
-
Tip
20 Apr 2022
Traditional IT vs. critical infrastructure cyber-risk assessments
When it comes to critical infrastructure cybersecurity, the stakes are uniquely high. Assessing associated cyber-risk, in turn, is uniquely challenging. Continue Reading
By -
News
15 Apr 2022
Corvus: Ransomware costs, ransom payments declining
Cyber insurance provider Corvus examined how the cost of ransomware attacks declined over the past year and a half and what it means for different industries moving forward. Continue Reading
By- Peyton Doyle, News Editorial Assistant
-
Opinion
14 Apr 2022
Making sense of conflicting third-party security assessments
Third-party security assessments from different sources may not always agree, but that doesn't mean they can be ignored. Learn how Mitre ATT&CK can provide perspective. Continue Reading
By- Dave Gruber, Principal Analyst
-
News
12 Apr 2022
Ukraine energy grid hit by Russian Industroyer2 malware
The 2016 malware known as 'Industroyer' has resurfaced in a new series of targeted attacks against industrial controller hardware at a Ukraine power company. Continue Reading
-
News
05 Apr 2022
German authorities behead dark web Hydra Market
Police in Germany raided facilities hosting the infamous Hydra Market site as part of an international effort to crack down on dark web forums and marketplaces. Continue Reading
-
Feature
05 Apr 2022
How effective is security awareness training? Not enough
Annual security awareness trainings do little to improve security. Learn why they aren't helpful, and discover steps to improve your organization's training program. Continue Reading
By- Isabella Harford, TechTarget
-
News
29 Mar 2022
Rapid7 finds zero-day attacks surged in 2021
Cybercriminals are turning bugs into exploits faster than ever, according to Rapid7, which found that the average time to known exploitation dropped 71% last year. Continue Reading
-
Feature
29 Mar 2022
Cryptocurrency cyber attacks on the rise as industry expands
Consumers, businesses and governments are finding new ways to use cryptocurrency, but a recent string of cyber attacks has highlighted security risks and shortcomings. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
25 Mar 2022
6 types of insider threats and how to prevent them
From disgruntled employees to compromised users to third-party vendors, here are six types of insider threats and best practices to mitigate the issues. Continue Reading
By- Sharon Shea, Executive Editor
-
News
24 Mar 2022
North Korean hackers exploited Chrome zero-day for 6 weeks
Google researchers say a Chrome zero-day bug stemming from a use-after-free error was exploited by North Korean hackers against both media and financial targets earlier this year. Continue Reading
-
News
16 Mar 2022
LokiLocker ransomware crew bursts onto the scene
The mysterious LokiLocker ransomware group caught the attention of BlackBerry researchers, who say the outfit could become the next cybercrime group to menace enterprises. Continue Reading
-
Guest Post
16 Mar 2022
5 cybersecurity myths and how to address them
These myths persist due to misinformation and a lack of cybersecurity awareness. Continue Reading
By- Barry O'Donnell
-
News
14 Mar 2022
Cyber insurance war exclusions loom amid Ukraine crisis
Changes in insurance exemptions for acts of war reflect an increase in damages caused to enterprises related to state-sponsored cyber attacks. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
11 Mar 2022
How to write an information security policy, plus templates
Infosec policies are key to any enterprise security program. Read up on types of security policies and how to write one, and download free templates to start the drafting process. Continue Reading
By -
Answer
10 Mar 2022
Use microsegmentation to mitigate lateral attacks
Attackers will get into a company's system sooner or later. Limit their potential damage by isolating zones with microsegmentation to prevent lateral movement. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
News
09 Mar 2022
Immersive Labs: Average cyberthreat response takes 96 days
Immersive Labs' Cyber Workforce Benchmark found that some critical threats, including a zero-day vulnerability, took an average of six months to fully address. Continue Reading
By- Peyton Doyle, News Editorial Assistant
-
Feature
03 Mar 2022
How to stop malicious or accidental privileged insider attacks
How many permissions or privileges a user has will affect how big of an insider threat they are. Discover the issues surrounding privileged users and how to curtail these threats. Continue Reading
By- Kyle Johnson, Technology Editor
-
Definition
02 Mar 2022
North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP)
The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) plan is a set of standards aimed at regulating, enforcing, monitoring and managing the security of the Bulk Electric System (BES) in North America. Continue Reading
By- Rahul Awati
- Ben Cole, Executive Editor
-
Definition
28 Feb 2022
risk assessment framework (RAF)
A risk assessment framework (RAF) is a strategy for prioritizing and sharing information about the security risks to an information technology (IT) infrastructure. Continue Reading
By -
Guest Post
25 Feb 2022
4 tips for selecting cybersecurity insurance
Choosing a cybersecurity insurance provider can be a daunting and complex task. Follow this advice to select the best policy -- and provider -- for your business. Continue Reading
By- Nate Smolenski
-
News
24 Feb 2022
New tech, same threats for Web 3.0
Emerging technologies are prone to old-school social engineering attacks and credential-swiping techniques, according to Cisco Talos researchers who analyzed the new platforms. Continue Reading
-
Tip
23 Feb 2022
Crosswalk cloud compliance to ensure consistency
Combining a risk management framework with security policies can be tricky, but crosswalking -- especially in the cloud -- can help address inconsistencies and maintain compliance. Continue Reading
By- Diana Kelley, SecurityCurve
-
Tip
22 Feb 2022
Top 6 critical infrastructure cyber-risks
Cyber attacks on critical infrastructure assets can cause enormous and life-threatening consequences. Discover the top cyber-risks to critical infrastructure here. Continue Reading
By -
News
16 Feb 2022
Trickbot has infected 140,000-plus machines since late 2020
In October 2020, Microsoft reported that more than 90% of Trickbot's infrastructure had been disabled. The threat actor bounced back and began thriving soon after. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
14 Feb 2022
CISA says 'Shields Up' as Russia-Ukraine tensions escalate
CISA said in its advisory that 'there are not currently any specific credible threats to the U.S. homeland,' but cited past Russian cyber attacks against Ukraine and others. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Feature
08 Feb 2022
Pros and cons of manual vs. automated penetration testing
Automated penetration testing capabilities continue to improve, but how do they compare to manual pen testing? Get help finding which is a better fit for your organization. Continue Reading
By- Kyle Johnson, Technology Editor
-
News
07 Feb 2022
Metaverse rollout brings new security risks, challenges
When companies and users decide to adapt the technologies of the coming metaverse, they will also expose themselves to a new class of security risks and vulnerabilities. Continue Reading
-
Feature
31 Jan 2022
How to prepare for malicious insider threats
Stopping malicious insider threats is just as important as preventing external ones. Uncover what to look for and strategies to prevent insider threats before they cause damage. Continue Reading
By- Kyle Johnson, Technology Editor
- Packt Publishing
-
Feature
31 Jan 2022
Include defensive security in your cybersecurity strategy
Is your company's cybersecurity strategy comprehensive enough to protect against an expanding threat landscape? Learn how developing defensive security strategies can help. Continue Reading
By- Kyle Johnson, Technology Editor
-
News
27 Jan 2022
Apple security update fixes zero-day vulnerability
Apple released a series of security updates for bugs that included a critical zero-day vulnerability in iOS and macOS that is being actively exploited in the wild. Continue Reading
-
News
26 Jan 2022
New vulnerability rating framework aims to fill in CVSS gaps
The CVSS vulnerability scale doesn't always give a clear picture of the risk of a vulnerability, but experts hope the emerging standard called EPSS will provide more clarity. Continue Reading
-
Tip
18 Jan 2022
4 software supply chain security best practices
The increasing complexity of software supply chains makes it difficult for companies to understand all its components. Learn how to find vulnerabilities before attackers. Continue Reading
By- Ed Moyle, Drake Software
-
Guest Post
13 Jan 2022
Is ransomware as a service going out of style?
Increased government pressure has backed many ransomware gangs into a corner, in turn forcing attackers to replace the ransomware-as-a-service model with a smash-and-grab approach. Continue Reading
By- Mike Behrmann
-
Definition
29 Dec 2021
white hat hacker
A white hat hacker -- or ethical hacker -- is an individual who uses hacking skills to identify security vulnerabilities in hardware, software or networks. Continue Reading
By- Andrew Froehlich, West Gate Networks
- Madelyn Bacon, TechTarget
-
Feature
28 Dec 2021
Top infosec best practices, challenges and pain points
Weak infosec practices can have irrevocable consequences. Read up on infosec best practices and challenges, as well as the importance of cybersecurity controls and risk management. Continue Reading
By- Isabella Harford, TechTarget
-
News
20 Dec 2021
Critical bugs could go unpatched amid Log4j concern
Many organizations are focused on finding and patching Log4Shell, but there are other vulnerabilities, including Patch Tuesday bugs, already under active exploitation. Continue Reading
-
Definition
14 Dec 2021
Chernobyl virus
The Chernobyl virus is a computer virus with a potentially devastating payload that destroys all computer data when an infected file is executed. Continue Reading
-
Tip
06 Dec 2021
How to get started with attack surface reduction
Attack surface reduction and management are vital to any security team's toolbox. Learn what ASR is and how it complements existing vulnerability management products. Continue Reading
By- Diana Kelley, SecurityCurve
-
Guest Post
30 Nov 2021
Enterprise password security guidelines in a nutshell
In this concise guide to passwords, experts at Cyber Tec outline the security problems that put enterprises at risk and offer answers on how to solve them. Continue Reading
By- Cyber Tec Security
-
Tip
29 Nov 2021
How SBOMs for cybersecurity reduce software vulnerabilities
With SBOMs, companies will know what components constitute the software they purchase, making it easier for security teams to understand and manage vulnerabilities and risks. Continue Reading
By- Ed Moyle, Drake Software
-
Feature
29 Nov 2021
Elastic Stack Security tutorial: How to create detection rules
This excerpt from 'Threat Hunting with Elastic Stack' provides step-by-step instructions to create detection rules and monitor network security events data. Continue Reading
By- Kyle Johnson, Technology Editor
- Packt Publishing
-
Feature
29 Nov 2021
Elastic Security app enables affordable threat hunting
New to threat hunting in cybersecurity? Consider using the open code Elastic Stack suite to gather security event data and create visualizations for decision-makers. Continue Reading
By- Kyle Johnson, Technology Editor
-
Guest Post
23 Nov 2021
How to talk about cybersecurity risks, colloquially
The cybersecurity field is riddled with confusion and complexity. Knowing how to talk about risk and how to manage it is key to building resilience. Continue Reading
By- Todd Inskeep
-
News
19 Nov 2021
How enterprises need to prepare for 'cyberwar' conflicts
Infosec expert Tarah Wheeler said increasing international conflicts are posing new compliance and regulatory standards, but adapting the changes may be difficult for enterprises. Continue Reading
By- Arielle Waldman, News Writer
-
Guest Post
15 Nov 2021
Reduce the risk of cyber attacks with frameworks, assessments
Don't rely on a compliance mandate to reduce the risk of cyber attacks or on a cyber insurer to cover an attack's aftermath. Assessments and frameworks are key to staying safe. Continue Reading
By- Kayne McGladrey
-
Guest Post
10 Nov 2021
4 concepts that help balance business and security goals
The goal of enterprise security is to maintain connectivity, while remaining protected. Use these four concepts to balance business and security goals. Continue Reading
By- Mark Pierpoint
-
News
08 Nov 2021
Bug bounty programs in 2021: High payouts, higher stakes
Bug bounty programs today offer high monetary rewards for researchers, but they can also suffer from communication issues, delays and inaction that may portend bigger problems. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
05 Nov 2021
Routers, NAS and phones hacked in Pwn2Own competition
Security researchers have spent the week attempting to break into network-connected hardware and other devices in hopes of winning recognition and big payouts. Continue Reading
-
Feature
25 Oct 2021
How to use Python for privilege escalation in Windows
Penetration testers can use Python to write scripts and services to discover security vulnerabilities. In this walkthrough, learn how to escalate privileges in Windows. Continue Reading
By- Kyle Johnson, Technology Editor
- No Starch Press
-
Feature
25 Oct 2021
Why hackers should learn Python for pen testing
The authors of 'Black Hat Python' explain the importance of learning Python for pen testing, how it helps create scripts to hack networks and endpoints, and more. Continue Reading
By- Kyle Johnson, Technology Editor
-
Podcast
22 Oct 2021
Risk & Repeat: Apple bug bounty frustrations boil over
Security researchers criticized the Apple Security Bounty program and claimed the company ignored bug reports, denied bounty payments and silently patched vulnerabilities. Continue Reading
By- Rob Wright, Senior News Director
-
News
15 Oct 2021
Burned by Apple, researchers mull selling zero days to brokers
Security researchers have grown frustrated with Apple's lack of communication, ‘silent patching’ of vulnerabilities, denial of bug bounty rewards and other issues. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
11 Oct 2021
5 open source offensive security tools for red teaming
To be an effective red teamer, you need the right tools in your arsenal. These are five of the open source offensive security tools worth learning. Continue Reading
By- Ed Moyle, Drake Software
-
Feature
30 Sep 2021
How to use Ghidra for malware analysis, reverse-engineering
The Ghidra malware analysis tool helps infosec beginners learn reverse-engineering quickly. Get help setting up a test environment and searching for malware indicators. Continue Reading
By- Kyle Johnson, Technology Editor
- Packt Publishing
-
Feature
30 Sep 2021
Get started with the Ghidra reverse-engineering framework
Malware analysts use Ghidra to examine code to better understand how it works. Learn what to expect from the reverse-engineering framework, how to start using it and more. Continue Reading
By- Kyle Johnson, Technology Editor
-
News
13 Sep 2021
Tenable acquires cloud security startup Accurics for $160M
The acquisition will be Tenable's first expansion into securing infrastructure as code, as it makes a push to identify and fix flaws in cloud-native software. Continue Reading
By- Arielle Waldman, News Writer
-
News
31 Aug 2021
College students targeted by money mule phishing techniques
Back to fool: University students with little security training are being targeted by Nigerian scammers to move fraudulent funds with the lure of quick bucks and flexible hours. Continue Reading
-
Tip
31 Aug 2021
How to use Metasploit commands and exploits for pen tests
These step-by-step instructions demonstrate how to use the Metasploit Framework for enterprise vulnerability and penetration testing. Continue Reading
By- Ed Moyle, Drake Software
-
News
09 Aug 2021
Transparency after a cyber attack: How much is too much?
Sharing threat intelligence and proof-of-concept exploits can often help other organizations better defend themselves, but such efforts are hampered by obstacles and restrictions. Continue Reading
By- Arielle Waldman, News Writer
-
News
04 Aug 2021
14 flaws in NicheStack put critical infrastructure at risk
The vulnerability disclosure process for Infra:Halt, a set of flaws impacting critical infrastructure, took nearly a year, due to the nature of supply chain vulnerabilities. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
28 Jul 2021
CISA unveils list of most targeted vulnerabilities in 2020
Attackers chased the headlines in 2020, going after the most publicized vulnerabilities in Citrix, Pulse Secure and Fortinet products, according to the U.S. government. Continue Reading
-
Podcast
22 Jul 2021
Risk & Repeat: Vulnerability patching still falling short
Many organizations still fail to patch critical vulnerabilities, even when they're under exploitation in the wild. What are the best ways to improve patching rates? Continue Reading
By- Rob Wright, Senior News Director
-
News
13 Jul 2021
Schneider Electric PLCs vulnerable to remote takeover attacks
The authentication bypass vulnerability is a symptom of a much larger security crisis plaguing industrial control hardware, according to researchers who found the bug. Continue Reading
-
News
12 Jul 2021
SolarWinds warns of zero-day vulnerability under attack
SolarWinds says targeted attacks from a single threat actor have been reported on a previously unknown vulnerability in the Serv-U file transfer platform. Continue Reading
-
News
08 Jul 2021
Dutch researchers shed new light on Kaseya vulnerabilities
Dutch security researchers were working with Kaseya to get an authentication bypass flaw and other bugs patched when the catastrophic supply chain attack occurred. Continue Reading
-
Tip
29 Jun 2021
Mitigate threats with a remote workforce risk assessment
Risk assessments are more necessary than ever as organizations face the challenge of protecting remote and hybrid workers alongside in-office employees. Continue Reading
By -
Definition
22 Jun 2021
security
Security for information technology (IT) refers to the methods, tools and personnel used to defend an organization's digital assets. Continue Reading
By- Madelyn Bacon, TechTarget
- TechTarget Contributor
-
News
16 Jun 2021
Zscaler: Exposed servers, open ports jeopardizing enterprises
Zscaler analyzed 1,500 networks and found administrators are leaving basic points of entry wide open for attackers as neglected servers are falling by the wayside. Continue Reading
-
Feature
15 Jun 2021
How to get started with security chaos engineering
Introducing security chaos engineering: the latest methodology security teams can implement to proactively discover vulnerabilities or weaknesses in a company's system. Continue Reading
By -
Definition
14 Jun 2021
threat modeling
Threat modeling is a procedure for optimizing application, system or business process security by identifying objectives and vulnerabilities, and then defining countermeasures to prevent or mitigate the effects of threats to the system. Continue Reading
By -
News
08 Jun 2021
CISA taps Bugcrowd for federal vulnerability disclosure program
The new program follows a CISA directive from September that requires executive branch agencies to create and publish vulnerability disclosure policies. Continue Reading
-
Guest Post
08 Jun 2021
4 ways to build a thoughtful security culture
It's time companies paid more attention to their security culture, working toward building an effective security awareness program that everyone can understand and get behind. Continue Reading
By- Matt Warner
-
Feature
07 Jun 2021
Hackers vs. lawyers: Security research stifled in key situations
The age-old debate between sharing information or covering legal liability is a growing issue in everything from bug bounties to disclosing ransomware attacks. Continue Reading
-
Feature
03 Jun 2021
How to ethically conduct pen testing for social engineering
Author Joe Gray explores his interest in pen testing for social engineering, what it means to be an ethical hacker and how to get started in the career. Continue Reading
By- Kyle Johnson, Technology Editor
-
Feature
03 Jun 2021
How to handle social engineering penetration testing results
In the wake of conducting social engineering penetration testing, companies need to have a plan ready to prevent or minimize phishing, vishing and other attacks. Continue Reading
By- Kyle Johnson, Technology Editor
- No Starch Press
-
Definition
21 May 2021
ethical hacker
An ethical hacker, or white hat hacker, is an information security expert authorized by an organization to penetrate computing infrastructure to find security vulnerabilities a malicious hacker could exploit. Continue Reading
-
News
18 May 2021
McAfee CTO: Use data to make better cyber-risk decisions
According to McAfee CTO Steve Grobman, the best response to today's cyber-risks includes both human and technology-based solutions, like threat intelligence and good security hygiene. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
13 Apr 2021
physical security
Physical security is the protection of personnel, hardware, software, networks and data from physical actions and events that could cause serious loss or damage to an enterprise, agency or institution. Continue Reading
By -
Tip
12 Apr 2021
Threat intelligence frameworks to bolster security
Organizations have many threat intelligence frameworks to work with, each with its own advantages. From for-profit to nonprofit, here's help to figure out which ones you need. Continue Reading
By- Johna Till Johnson, Nemertes Research
-
Guest Post
06 Apr 2021
6 ways to prevent insider threats every CISO should know
Too often, organizations focus exclusively on external risks to security. Infosec expert Nabil Hannan explains what CISOs can do to effectively assess and prevent insider threats. Continue Reading
By- Nabil Hannan