Enterprise Risk Management Metrics and Assessments
- August 06, 2014
At Black Hat USA 2014, keynote speaker Dan Geer said bounding system dependencies was only hope for managing the risks of complexity.
- June 23, 2014
At its annual security event, Gartner talked up Internet of Things security and not being compliance-focused, but both clash with practical concerns.
- May 01, 2014
At a SANS event, former NSA cybersecurity boss Tony Sager said effective information security leadership requires a holistic, disciplined approach.
- December 02, 2013
You are better off with real numbers when it comes to measuring probability and the elements of security risk, even if they are wrong.
- November 01, 2013
What's a dollar spent on security worth in terms of risk? Break-even analysis helps you decide.
- October 22, 2013
Delayed by the government shutdown, the preliminary NIST Cybersecurity Framework offers general best practices for critical infrastructure security.
- October 01, 2013
In his inaugural Security Economics column, Peter Lindstrom looks at technology risk management, and how to make the hard decisions pay off.
- April 18, 2013
Big Yellow's annual report indicates a threefold rise in targeted attacks against SMBs as attackers search beyond big firms for susceptible targets.
- March 27, 2013
Panelists at the SANS Cyber Threat Intelligence Summit lament the challenges of using cyber-intelligence to thwart enterprise security threats.
- February 25, 2013
At B-Sides San Francisco, Dan Kaminsky discussed how society inhibits its own security culture, and the need to look beyond status-quo technology.