Risk management

A successful risk management plan helps enterprises identify, plan for and mitigate potential risks. Learn about the components of risk management programs, including penetration tests, vulnerability and risk assessments, frameworks, security awareness training and more.

Top Stories

Tip 12 Nov 2024
EDR vs. XDR vs. MDR: Key differences and benefits

One of the most important goals of cybersecurity professionals is to quickly identify potential or in-progress cyberattacks. These three approaches can help. Continue Reading
By
- Paul Kirvan
Tip 12 Nov 2024
5 principles of change management in networking

Network change management includes five principles, including risk analysis and peer review. These best practices can help network teams reduce failed network changes and outages. Continue Reading
By
- Terry Slattery, NetCraftsmen

Tip 01 Jun 2015
Understanding and mitigating a FREAK vulnerability attack

After the discovery that the FREAK vulnerability can affect a wide variety of OSes, enterprises should amp up mitigation efforts. Here's some background on the attack and how to stop it. Continue Reading
By
- Randall Gamby, HP
Feature 01 Apr 2015
Social engineering: You got nailed!

Move beyond prevention to fast detection to combat a stealthy social engineering attack. Continue Reading
By
- Sally Johnson
Tip 06 Nov 2014
The three stages of the ISO 31000 risk management process

The ISO 31000 risk management process proposes three stages. Expert Mike Chapple reviews this alternative to the ISO 27001 framework. Continue Reading
By
- Mike Chapple, University of Notre Dame
Quiz 19 Aug 2014
Authenticated vulnerability scanning: How much do you know?

This vulnerability scanning quiz will test you on the key points we've covered in the webcast, podcast and article in this Security School. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Feature 02 Jun 2014
Threat intelligence versus risk: How much cybersecurity is enough?

Learn how threat intelligence plays into global risk assessment as more security officers are tasked with damage control. Continue Reading
By
- Kathleen Richards, features editor
Tip 21 May 2014
Stop attackers hacking with Metasploit

Metasploit attacks may not be sexy, but they can stab through enterprise defenses. Learn how basic security controls can thwart Metasploit hacking. Continue Reading
By
- Nick Lewis
Feature 10 Mar 2014
Risk Management Framework

In this excerpt from chapter 3 of Risk Management Framework, author James Broad discusses the four components of risk management. Continue Reading
By
- SearchSecurity and Syngress
Opinion 02 Dec 2013
Return on security investment: The risky business of probability

You are better off with real numbers when it comes to measuring probability and the elements of security risk, even if they are wrong. Continue Reading
By
- Pete Lindstrom
Feature 24 Oct 2012
Metasploit Review: Ten Years Later, Are We Any More Secure?

Some say the pen testing framework is a critical tool for improving enterprise security, while others say it helps attackers. Continue Reading
By
- George V. Hulme
Answer 25 May 2010
Which tools will help in validating form input in a website?

Find out how to validate form input in a website. Continue Reading
By
- Nick Lewis
Tip 16 Apr 2010
Performing a security risk analysis to assess acceptable level of risk

No organization is ever completely without risk, but there are steps that can be taken to establish an acceptable level of risk that can be appropriately mitigated. In this tip, Michael Cobb explains how to perform a security risk analysis to help determine an acceptable level of risk. Continue Reading
By
- Michael Cobb
Tip 09 Oct 2008
Risk assessments: Internal vs. external

Risk assessments are a necessary function at financial firms, but how do you know whether to conduct them internally or to use a third party? Expert Rick Lawhorn explores the pros and cons in this tip. Continue Reading
By
- Rick Lawhorn
Tip 14 Apr 2008
GLBA risk assessment steps to success

GLBA requires financial firms to protect their data from anticipated risks. How can those risks be determined? Follow these steps to perform a risk assessment at your financial organization. Continue Reading
By
- Tony Bradley, Bradley Strategy Group
Tip 22 Aug 2007
Enterprise risk management frameworks: Controls for people, processes, technology

Once responsibilities and requirements are defined, the next stage in developing a successful risk management framework involves developing controls. As Khalid Kark explains, that includes developing a culture of security, using technology in the right places and implementing processes to execute on policies. Continue Reading
By
- Khalid Kark, Forrester Research Inc.
Answer 04 Mar 2004

How does 'arbitrary code' exploit a device?

Continue Reading