Risk assessments metrics and frameworks
- September 18, 2015
An internal audit of the U.S. Department of Homeland Security has been completed, detailing areas where its cyber mission has failed and what plans are in place to make improvements.
- July 29, 2015
Video: Security operations centers are critical to continuous network monitoring and detecting data breaches. Eric Cole discusses SOCs and the role security automation plays in them.
- June 26, 2015
RubyGems software packaging client was found to have a DNS vulnerability that redirects users to malicious gem servers.
- June 05, 2015
A new study claims social media may be a useful indicator of vulnerability risk and lead to more accurate CVSS scores and prioritization.
- May 21, 2015
A new study shows enterprises with security analytics are confident in their threat detection capabilities, while those without are overwhelmed by copious false positives and alerts.
- April 28, 2015
An open source threat model is aiming to be a repository for risk assessment with the aim of allowing enterprise to focus on creating the right security controls for each business.
- April 28, 2015
A panel discussion at RSA Conference 2015 outlined strategic methods enterprises can use to build and advocate for an insider threat program.
- April 22, 2015
A Forrester analyst told RSA Conference 2015 attendees that enterprise threat intelligence programs are maturing, though obstacles like nascent technology and hard-to-find employees mean some firms may never reach full maturity.
- April 13, 2015
Experts have split opinions regarding the correct methodology for counting vulnerabilities, but all agree that focusing on numbers can mask real cybersecurity risks.
- March 27, 2015
News roundup: The ban of "booth babes" at RSA Conference 2015 has been met with praise; does it equal an increase of women in infosec? Plus: Cyberthreat data-sharing bill advances; Flash flaw exploited days after patching; new twist on Google Play ...
- August 06, 2014
At Black Hat USA 2014, keynote speaker Dan Geer said bounding system dependencies was only hope for managing the risks of complexity.
- July 17, 2014
New Ponemon Institute data shows enterprise executives rarely if ever talk with their security teams, and that threat modeling may be underused.
- May 01, 2014
At a SANS event, former NSA cybersecurity boss Tony Sager said effective information security leadership requires a holistic, disciplined approach.
- December 02, 2013
You are better off with real numbers when it comes to measuring probability and the elements of security risk, even if they are wrong.
- November 01, 2013
What's a dollar spent on security worth in terms of risk? Break-even analysis helps you decide.