Risk assessments metrics and frameworks
- October 01, 2013
In his inaugural Security Economics column, Peter Lindstrom looks at technology risk management, and how to make the hard decisions pay off.
- September 03, 2013
Analysts expect security concerns to drive global risk management, but executives may need convincing.
- July 19, 2013
A study by Bit9 explains just how bad the Java problem really is: The most popular version has 96 severe vulnerabilities.
- April 18, 2013
Big Yellow's annual report indicates a threefold rise in targeted attacks against SMBs as attackers search beyond big firms for susceptible targets.
- March 27, 2013
Panelists at the SANS Cyber Threat Intelligence Summit lament the challenges of using cyber-intelligence to thwart enterprise security threats.
- March 04, 2013
At RSA 2013, experts Ed Skoudis and Johannes Ullrich explained how the SANS CyberCity supports offensive forensics and helps prevent kinetic attacks.
- February 25, 2013
At B-Sides San Francisco, Dan Kaminsky discussed how society inhibits its own security culture, and the need to look beyond status-quo technology.
- December 10, 2012
Most risk management programs fail because they end up being another audit function, explains Alex Hutton, a faculty member at IANS.
- November 19, 2012
The PCI Risk Assessment Special Interest Group concludes that risk assessments are based on a company's unique risk tolerance and environment.
- November 14, 2012
Red teaming assesses the security of an organization and can be a more effective way to assess the organization's security posture.
- November 12, 2012
Study from vulnerability management firm Positive Technologies Security contends that 39% of systems in the U.S. and Europe are vulnerable to attack.
- October 17, 2012
Zero-day exploits are typically used in targeted attacks, but public disclosure of unpatched flaws significantly increases the use of the exploits.
- October 11, 2012
The Black Hole attack toolkit is fueling many of the exploits targeting the vulnerabilities, according to Microsoft.
- October 10, 2012
Mobile risk management vendor Mobilisafe assesses employee smartphones and tablets for platform vulnerabilities.
- October 02, 2012
Windows security has improved, but longstanding Unix and network vulnerabilities remain an easy target for determined attackers.