Enterprise Risk Management Metrics and Assessments
- September 18, 2015
An internal audit of the U.S. Department of Homeland Security has been completed, detailing areas where its cyber mission has failed and what plans are in place to make improvements.
- July 29, 2015
Video: Security operations centers are critical to continuous network monitoring and detecting data breaches. Eric Cole discusses SOCs and the role security automation plays in them.
- June 26, 2015
RubyGems software packaging client was found to have a DNS vulnerability that redirects users to malicious gem servers.
- April 28, 2015
A panel discussion at RSA Conference 2015 outlined strategic methods enterprises can use to build and advocate for an insider threat program.
- April 22, 2015
A Forrester analyst told RSA Conference 2015 attendees that enterprise threat intelligence programs are maturing, though obstacles like nascent technology and hard-to-find employees mean some firms may never reach full maturity.
- August 06, 2014
At Black Hat USA 2014, keynote speaker Dan Geer said bounding system dependencies was only hope for managing the risks of complexity.
- June 23, 2014
At its annual security event, Gartner talked up Internet of Things security and not being compliance-focused, but both clash with practical concerns.
- May 01, 2014
At a SANS event, former NSA cybersecurity boss Tony Sager said effective information security leadership requires a holistic, disciplined approach.
- December 02, 2013
You are better off with real numbers when it comes to measuring probability and the elements of security risk, even if they are wrong.
- November 01, 2013
What's a dollar spent on security worth in terms of risk? Break-even analysis helps you decide.
- October 22, 2013
Delayed by the government shutdown, the preliminary NIST Cybersecurity Framework offers general best practices for critical infrastructure security.
- October 01, 2013
In his inaugural Security Economics column, Peter Lindstrom looks at technology risk management, and how to make the hard decisions pay off.
- April 18, 2013
Big Yellow's annual report indicates a threefold rise in targeted attacks against SMBs as attackers search beyond big firms for susceptible targets.
- March 27, 2013
Panelists at the SANS Cyber Threat Intelligence Summit lament the challenges of using cyber-intelligence to thwart enterprise security threats.
- February 25, 2013
At B-Sides San Francisco, Dan Kaminsky discussed how society inhibits its own security culture, and the need to look beyond status-quo technology.