Risk management
A successful risk management plan helps enterprises identify, plan for and mitigate potential risks. Learn about the components of risk management programs, including penetration tests, vulnerability and risk assessments, frameworks, security awareness training and more.
Top Stories
-
News
07 Mar 2024
Former Google engineer charged with stealing AI trade secrets
Linwei Ding, a Chinese national, allegedly evaded Google's data loss prevention systems and stole confidential information to start his own China-based AI company. Continue Reading
-
Tip
01 Mar 2024
How dynamic malware analysis works
Security teams use dynamic malware analysis to uncover how malware works -- and thereby improve threat hunting and incident detection capabilities. Continue Reading
-
News
29 Feb 2024
CISA warns Ivanti ICT ineffective for detecting compromises
CISA observed ongoing exploitation against four Ivanti vulnerabilities and found problems with the vendor's Integrity Checker Tool, which is designed to detect compromises. Continue Reading
-
News
29 Feb 2024
AWS on why CISOs should track 'the metric of no'
AWS' Clarke Rodgers believes that tracking the number of times CISOs say no to line-of-business requests will ultimately help them build a stronger security culture. Continue Reading
-
Answer
28 Feb 2024
Can ransomware infect backups? 3 tips to protect data
Backing up data is one way to guard against threats such as ransomware, but attacks designed to infect backups can compromise data protection efforts. Continue Reading
-
News
21 Feb 2024
Coalition: Vulnerability scoring systems falling short
Coalition said enterprises faced more substantial fallout from attacks on Citrix Bleed and Progress Software's MoveIt Transfer due to inadequate vulnerability prioritization. Continue Reading
-
Feature
21 Feb 2024
Free business continuity testing template for IT pros
Business continuity testing can be a major challenge for any organization. This free template offers ways to incorporate testing into the business continuity management process. Continue Reading
-
Opinion
20 Feb 2024
Why companies need attack surface management in 2024
The attack surface is in a constant state of change and growth -- which is bad news for cyber-risk management. This vulnerability needs to be addressed. Continue Reading
-
Tip
15 Feb 2024
How to craft cyber-risk statements that work, with examples
A cyber-risk statement should be clear, concise and simple -- but that doesn't mean it's easy to write. Get tips and read our cyber-risk statement examples. Continue Reading
-
Tip
13 Feb 2024
How to conduct a social engineering penetration test
Social engineering attacks are becoming more sophisticated and more damaging. Penetration testing is one of the best ways to learn how to safeguard your systems against attack. Continue Reading
-
Feature
13 Feb 2024
Ransomware preparedness kicks off 2024 summit series
BrightTALK commenced the new year with ransomware readiness, giving viewers workable tips to prevent and recover from a devastating attack. Check out some highlights here. Continue Reading
-
Tip
12 Feb 2024
Top metaverse cybersecurity challenges: How to address them
As the metaverse takes shape, companies must consider a slew of new cybersecurity challenges and how to deal with them. Continue Reading
-
Guest Post
09 Feb 2024
Cybersecurity governance: A path to cyber maturity
Organizations need cybersecurity governance programs that make every employee aware of the cybersecurity mitigation efforts required to reduce cyber-risks. Continue Reading
-
Tip
06 Feb 2024
8 dangers of shadow IT and how to manage them
Unauthorized devices, software and system changes -- and other forms of shadow IT -- can expose organizations to a range of security risks. Here are ways to manage them. Continue Reading
-
Tip
05 Feb 2024
Shadow AI poses new generation of threats to enterprise IT
AI is all the rage -- and so is shadow AI. Learn how unsanctioned use of generative AI tools can open organizations up to significant risks and what to do about it. Continue Reading
-
Tip
31 Jan 2024
4 tips to find cyber insurance coverage in 2024
The cyber insurance industry is settling down but isn't without challenges. Read up on cyber insurance in 2024 and how to get the most from your organization's coverage this year. Continue Reading
-
News
30 Jan 2024
Corvus: 2023 was a 'record-breaking' ransomware year
The insurance company analyzed claims data and ransomware gangs' data leak sites, which suggests as many as 7,600 organizations across the globe were attacked in 2023. Continue Reading
-
Tip
30 Jan 2024
Why organizations need risk-based vulnerability management
As organizations become increasingly dispersed, they need a risk-based vulnerability management approach to achieve the best protection against cybersecurity threats. Continue Reading
-
Tip
29 Jan 2024
Top 4 incident response certifications to consider in 2024
Cybersecurity professionals pursuing an incident response track should consider the following certifications to bolster their knowledge and advance their career. Continue Reading
-
Tip
29 Jan 2024
Cybersecurity skills gap: Why it exists and how to address it
The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
-
Tip
29 Jan 2024
How to rank and prioritize security vulnerabilities in 3 steps
Vulnerability management programs gather massive amounts of data on security weaknesses. Security teams should learn how to rank vulnerabilities to quickly fix the biggest issues. Continue Reading
-
Feature
26 Jan 2024
The ultimate guide to cybersecurity planning for businesses
This in-depth cybersecurity planning guide provides information and advice to help organizations develop a successful strategy to protect their IT systems from attacks. Continue Reading
-
News
24 Jan 2024
NCSC says AI will increase ransomware, cyberthreats
While other threats are likely to increase as well, the U.K.'s National Cyber Security Centre warns that threat actors will use AI to continue the influx of ransomware attacks. Continue Reading
-
Tip
23 Jan 2024
How to avoid malware on Linux systems
Malware attacks are devastating to companies, and there is no exception for Linux systems. Consider updating systems and assigning correct permissions. Continue Reading
-
Tip
22 Jan 2024
Business continuity vs. disaster recovery vs. incident response
To stay in business, expect the unexpected. Learn how business continuity, disaster recovery and incident response differ -- and why organizations need plans for all three. Continue Reading
-
Tip
19 Jan 2024
On premises vs. cloud pros and cons, key differences
Immersed in the 'should I stay or should I go' cloud migration debate? Before vacating the premises and moving 'up there,' ponder these advantages and disadvantages. Continue Reading
-
Definition
19 Jan 2024
security incident
A security incident is an event that could indicate that an organization's systems or data have been compromised or that security measures put in place to protect them have failed. Continue Reading
-
Feature
18 Jan 2024
12 top enterprise risk management trends in 2024
Trends reshaping risk management include use of GRC platforms, risk maturity models, risk appetite statements and AI tools, plus the need to manage AI risks. Continue Reading
-
Tip
18 Jan 2024
How to perform a cybersecurity risk assessment in 5 steps
This five-step framework for performing a cybersecurity risk assessment will help your organization prevent and reduce costly security incidents and avoid compliance issues. Continue Reading
-
Feature
17 Jan 2024
16 top ERM software vendors to consider in 2024
Various software tools can help automate risk management and GRC processes. Here's a look at 16 enterprise risk management vendors and their products. Continue Reading
-
Feature
17 Jan 2024
CISOs on alert following SEC charges against SolarWinds
The Securities and Exchange Commission announced charges against SolarWinds and its CISO in October, but will it help improve transparency or simply scare infosec executives? Continue Reading
-
Tip
17 Jan 2024
Incident management vs. incident response explained
While even many seasoned cybersecurity leaders use the terms 'incident management' and 'incident response' interchangeably, they aren't technically synonymous. Continue Reading
-
Tip
12 Jan 2024
How to recycle mobile phones in the enterprise
Mobile device disposal requires careful planning. IT teams must learn how to recycle mobile phones to keep e-waste out of landfills and enterprise data out of the wrong hands. Continue Reading
-
Definition
12 Jan 2024
What is hybrid cloud? The ultimate guide
A hybrid cloud is a cloud computing environment that uses a mix of on-premises, private cloud and third-party public cloud services with orchestration among these platforms. Continue Reading
-
Tip
11 Jan 2024
How to securely recycle enterprise computers
No matter how an organization wants to retire a device when it reaches its end of life, IT must first ensure that any sensitive data on it has been properly destroyed. Continue Reading
-
Definition
09 Jan 2024
sandbox
A sandbox is an isolated testing environment that enables users to run programs or open files without affecting the application, system or platform on which they run. Continue Reading
-
Tip
05 Jan 2024
7 keys to an effective hybrid cloud migration strategy
Cloud readiness, storage costs, network lag and metrics can make or break the choice to move data, applications and workloads to today's more complex hybrid cloud environment. Continue Reading
-
News
04 Jan 2024
December ransomware attacks disrupt healthcare organizations
Two attacks last month exposed the sensitive information of more than 3 million individuals as ransomware attacks continued to disrupt networks and expose private data. Continue Reading
-
Tip
04 Jan 2024
8 hybrid cloud security challenges and how to manage them
Hybrid cloud's benefits are many and varied but so are the security issues surrounding integration, compatibility, governance, compliance, APIs, visibility and responsibility. Continue Reading
-
Feature
03 Jan 2024
Why effective cybersecurity is important for businesses
Cyber attacks can have serious financial and business consequences for companies, which makes implementing strong cybersecurity protections a critical step. Continue Reading
-
Feature
03 Jan 2024
Ransomware trends, statistics and facts heading into 2024
Supply chain attacks, double extortion and RaaS are just a few of the ransomware trends that will continue to disrupt businesses in 2024. Is your industry a top target? Continue Reading
-
Tip
02 Jan 2024
Pros and cons of 10 common hybrid cloud use cases
For businesses contemplating the advantages and disadvantages of their applications living in a distributed cloud infrastructure, take a cue from these hybrid cloud use cases. Continue Reading
-
Feature
28 Dec 2023
The future of hybrid cloud: What to expect in 2024 and beyond
For companies modernizing their business operations, hybrid cloud's embrace of AI, edge computing and integration promises unique levels of flexibility, security and control. Continue Reading
-
Definition
19 Dec 2023
supply chain risk management (SCRM)
Supply chain risk management (SCRM) is the coordinated efforts of an organization to help identify, monitor, detect and mitigate threats to supply chain continuity and profitability. Continue Reading
-
Tip
14 Dec 2023
How an AI governance framework can strengthen security
Learn how AI governance frameworks promote security and compliance in enterprise AI deployments with essential components such as risk analysis, access control and incident response. Continue Reading
-
News
14 Dec 2023
Splunk: AI isn't making spear phishing more effective
While new research shows AI tools won't make it easier for adversaries to conduct successful phishing attacks, social engineering awareness should remain a priority. Continue Reading
-
Definition
12 Dec 2023
cyber attack
A cyber attack is any malicious attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage. Continue Reading
-
News
06 Dec 2023
Forescout uncovers 21 Sierra Wireless router vulnerabilities
Forescout is urging enterprises to patch software for affected OT/IoT routers as attackers increasingly target edge devices to gain network access to critical infrastructure. Continue Reading
-
Tip
01 Dec 2023
7 key OT security best practices
Keeping operational technology secure requires vigilance and effort, especially as OT increasingly converges with IT. These cybersecurity best practices can help. Continue Reading
-
News
22 Nov 2023
CISA relaunches working group on cyber insurance, ransomware
Following a hiatus, the Cybersecurity Insurance and Data Analysis Working Group will relaunch in December to determine which security measures are most effective to reduce risk. Continue Reading
-
Tip
21 Nov 2023
6 best practices for a records management strategy
A records management strategy can boost efficiency and reduce compliance risk. To create this strategy, organizations must first identify business and legal requirements. Continue Reading
-
Tip
17 Nov 2023
AI in risk management: Top benefits and challenges explained
AI and machine learning tools can aid in risk management programs. Here are the potential benefits, use cases and challenges your organization needs to know about. Continue Reading
-
Feature
17 Nov 2023
5 core steps in the risk management process
Implementing an effective risk management process is a key part of managing business risks. Follow these five steps to ensure a successful process. Continue Reading
-
Definition
14 Nov 2023
FTC (Federal Trade Commission)
The FTC, or Federal Trade Commission, is a United States federal regulatory agency designed to monitor and prevent anticompetitive, deceptive or unfair business practices. Continue Reading
-
Opinion
08 Nov 2023
Research points to 5 ways to improve cybersecurity culture
Respondents to a new Enterprise Strategy Group/ISSA survey offered five key points on how to strengthen an organization's cybersecurity culture. Continue Reading
-
Tip
07 Nov 2023
7 useful hardware pen testing tools
Penetration testers use a variety of hardware to conduct security assessments, including a powerful laptop, Raspberry Pi, Rubber Ducky and more. Continue Reading
-
Definition
03 Nov 2023
cybersecurity asset management (CSAM)
Cybersecurity asset management (CSAM) is the process created to continuously discover, inventory, monitor, manage and track an organization's assets to determine what those assets do and identify and automatically remediate any gaps in its cybersecurity protections. Continue Reading
-
News
31 Oct 2023
SEC charges SolarWinds for security failures, fraud
The SEC accused SolarWinds and CISO Timothy Brown of hiding known cybersecurity risks that were further highlighted by the supply chain attack revealed in 2020. Continue Reading
-
Definition
30 Oct 2023
ISO 27002 (International Organization for Standardization 27002)
The ISO 27002 standard is a collection of information security management guidelines that are intended to help an organization implement, maintain and improve its information security management. Continue Reading
-
Tip
27 Oct 2023
How to create a cybersecurity awareness training program
Cybersecurity awareness training often misses the mark, leaving employees undereducated and organizations vulnerable to attack. Here's how to succeed where too many fail. Continue Reading
-
Definition
25 Oct 2023
integrated risk management (IRM)
Integrated risk management (IRM) is a set of proactive, businesswide practices that contribute to an organization's security, risk tolerance profile and strategic decisions. Continue Reading
-
News
24 Oct 2023
JPMorgan Chase CISO explains why he's an 'AI optimist'
Pat Opet, CISO at JPMorgan Chase & Co., discussed how the financial services giant invests in cybersecurity and where generative AI could provide game-changing benefits. Continue Reading
-
Definition
24 Oct 2023
Plundervolt
Plundervolt is the name of an undervolting attack that targeted Intel central processing units (CPUs). Continue Reading
-
Feature
20 Oct 2023
Risk assessment matrix: Free template and usage guide
A risk assessment matrix identifies issues that present the greatest potential for business disruption or damage. Use this free template to focus risk mitigation plans. Continue Reading
-
Feature
18 Oct 2023
7 risk mitigation strategies to protect business operations
Companies facing a multitude of business risks have various options to mitigate them. Here are seven mitigation strategies to minimize the business impact of risks. Continue Reading
-
Definition
17 Oct 2023
speculative risk
Speculative risk is a type of risk the risk-taker takes on voluntarily and will result in some degree of profit or loss. Continue Reading
-
Tip
17 Oct 2023
How to conduct a cyber-resilience assessment
It's a good cyber-hygiene practice to periodically review your organization's cybersecurity plans and procedures. Use this checklist to guide your cyber-resilience assessment. Continue Reading
-
News
16 Oct 2023
Google Authenticator synchronization raises MFA concerns
Infosec experts say a synchronization feature added to Google's Authenticator app could lead to unintended consequences for organizations' multifactor authentication codes. Continue Reading
-
Tip
16 Oct 2023
Build a strong cyber-resilience strategy with existing tools
Existing security protocols and processes can be combined to build a cyber-resilience framework, but understanding how these components relate to each other is key. Continue Reading
-
Feature
16 Oct 2023
Top enterprise risk management certifications to consider
Certifications are essential to many careers. Here are some useful enterprise risk management certifications for risk managers, IT professionals and other workers. Continue Reading
-
Tip
13 Oct 2023
Why fourth-party risk management is a must-have
It's not just third-party vendors that pose a security risk. Organizations should also keep an eye on their suppliers' suppliers with a fourth-party risk management strategy. Continue Reading
-
Tip
12 Oct 2023
5 steps to achieve a risk-based security strategy
Learn about the five steps to implement a risk-based security strategy that helps naturally deliver compliance as a consequence of an improved security posture. Continue Reading
-
Definition
12 Oct 2023
security awareness training
Security awareness training is a strategic approach IT and security professionals take to educate employees and stakeholders on the importance of cybersecurity and data privacy. Continue Reading
-
Feature
10 Oct 2023
Security posture management a huge challenge for IT pros
Enterprise Strategy Group's John Oltsik explains why executing security hygiene and posture management at scale remains an uphill battle for organizations, despite automation. Continue Reading
-
Quiz
10 Oct 2023
Security awareness training quiz: Questions and answers
From ransomware to passphrases, find out how much you know about preventing cybersecurity incidents in this security awareness training quiz. Continue Reading
-
Tip
10 Oct 2023
Physical pen testing methods and tools
While companies regularly conduct network penetration tests, they may overlook physical office security. Here's how attackers -- with a baseball cap and smartphone -- get in. Continue Reading
-
Tip
10 Oct 2023
Security log management and logging best practices
Learn how to conduct security log management that provides visibility into IT infrastructure activities and traffic, improves troubleshooting and prevents service disruptions. Continue Reading
-
Definition
05 Oct 2023
risk assessment
Risk assessment is the process of identifying hazards that could negatively affect an organization's ability to conduct business. Continue Reading
-
Feature
05 Oct 2023
13 types of business risks for companies to manage
To avoid business problems and operate effectively, companies need to be ready to deal with these common types of risks as part of their risk management programs. Continue Reading
-
Definition
04 Oct 2023
What is ransomware? How it works and how to remove it
Ransomware is a type of malware that locks and encrypts a victim's data, files, devices or systems, rendering them inaccessible and unusable until the attacker receives a ransom payment. Continue Reading
-
Definition
03 Oct 2023
Whistleblower Protection Act
The Whistleblower Protection Act of 1989 is a law that protects federal government employees in the United States from retaliatory action for voluntarily disclosing information about dishonest or illegal activities occurring in a government organization. Continue Reading
-
Tip
03 Oct 2023
Using the FAIR model to quantify cyber-risk
The Factor Analysis of Information Risk methodology helps organizations frame their cyber-risk exposure as a business issue and quantify it in financial terms. Learn how FAIR works. Continue Reading
-
Definition
02 Oct 2023
ISO 31000 Risk Management
The ISO 31000 Risk Management framework is an international standard that provides organizations with guidelines and principles for risk management. Continue Reading
-
Tip
26 Sep 2023
How to use a SWOT analysis for IT disaster recovery planning
A disaster recovery IT SWOT analysis can identify the good and the bad aspects of a DR plan, as well as highlight potential risks and opportunities for improvement. Continue Reading
-
Definition
26 Sep 2023
principle of least privilege (POLP)
The principle of least privilege (POLP) is a concept in computer security that limits users' access rights to only what is strictly required to do their jobs. Continue Reading
-
Tip
26 Sep 2023
3 phases of the third-party risk management lifecycle
Contractors and other third parties can make systems more vulnerable to cyber attacks. The third-party risk management lifecycle helps ensure outside vendors protect your data. Continue Reading
-
Definition
21 Sep 2023
governance, risk and compliance (GRC)
Governance, risk and compliance (GRC) refers to an organization's strategy for handling the interdependencies among the following three components: corporate governance policies, enterprise risk management programs, and regulatory and company compliance. Continue Reading
-
News
20 Sep 2023
Cyber insurance report shows surge in ransomware claims
Coalition's H1 2023 report shows ransomware activity increased and severity reached "historic" highs as businesses lost an average of more than $365,000 following an attack. Continue Reading
-
Definition
19 Sep 2023
total risk
Total risk is an assessment that identifies all the risk factors associated with pursuing a specific course of action. Continue Reading
-
Definition
18 Sep 2023
electronically stored information (ESI)
Electronically stored information (ESI) is data that is created, altered, communicated and stored in digital form. Continue Reading
-
News
14 Sep 2023
Palo Alto Networks: 80% of security exposures exist in cloud
It's no surprise that organizations struggle with cloud security, but a new report reveals an alarming split between cloud and on-premise security exposures. Continue Reading
-
Tip
11 Sep 2023
How to develop a cloud backup ransomware protection strategy
Deploying cloud backups for ransomware protection has become a common security strategy. Here's how to properly vet cloud storage vendors to ensure backups stay secure. Continue Reading
-
Definition
11 Sep 2023
What is risk management and why is it important?
Risk management is the process of identifying, assessing and controlling threats to an organization's capital, earnings and operations. Continue Reading
-
Tip
08 Sep 2023
Risk prediction models: How they work and their benefits
Accurate risk prediction models can aid risk management efforts in organizations. Here's a look at how risk models work and the business benefits they provide. Continue Reading
-
Definition
05 Sep 2023
email security
Email security is the process of ensuring the availability, integrity and authenticity of email communications by protecting against unauthorized access and email threats. Continue Reading
-
Definition
30 Aug 2023
three lines model
The three lines model is a risk management approach to help organizations identify and manage risks effectively by creating three distinct lines of defense. Continue Reading
-
Guest Post
30 Aug 2023
SEC cyber attack regulations prompt 10 questions for CISOs
New SEC regulations governing the disclosure of cyber attacks by public companies lead to 10 questions board members should ask their CISOs about managing cyber-risk. Continue Reading
-
Definition
29 Aug 2023
IT audit (information technology audit)
An IT audit is the examination and evaluation of an organization's information technology, operations and controls. Continue Reading
-
Tip
29 Aug 2023
The CIO's role in strengthening cybersecurity
To effectively tackle security risks, organizations should proactively address the complexities of information security. Learn how CIOs can play a key role in cybersecurity. Continue Reading
-
News
23 Aug 2023
Google launches AI-powered data classification for Workspace
Available now in preview, the new capability can automatically label files across a customer's Drive environment to protect data from exposure and exfiltration. Continue Reading
-
News
21 Aug 2023
Vendors criticize Microsoft for repeated security failings
Microsoft is facing frustration for numerous security issues, including problematic transparency, numerous patch bypasses and inconsistent communication practices. Continue Reading
-
Definition
21 Aug 2023
risk analysis
Risk analysis is the process of identifying and analyzing potential issues that could negatively impact key business initiatives or projects. Continue Reading