New & Notable
Enterprise Risk Management: Metrics and Assessments News
August 06, 2014
At Black Hat USA 2014, keynote speaker Dan Geer said bounding system dependencies was only hope for managing the risks of complexity.
June 23, 2014
At its annual security event, Gartner talked up Internet of Things security and not being compliance-focused, but both clash with practical concerns.
May 01, 2014
At a SANS event, former NSA cybersecurity boss Tony Sager said effective information security leadership requires a holistic, disciplined approach.
December 02, 2013
You are better off with real numbers when it comes to measuring probability and the elements of security risk, even if they are wrong.
Enterprise Risk Management: Metrics and Assessments Get Started
Bring yourself up to speed with our introductory content
The ISO 31000 risk management process proposes three stages. Expert Mike Chapple reviews this alternative to the ISO 27001 framework. Continue Reading
The IT asset lifecycle is the stages that an organization’s information technology asset goes through during the time span of its ownership. An IT asset is any company-owned information, software or hardware that is used in the course of business. ... Continue Reading
In his debut 'Security that Works' column for SearchSecurity, Eric Cole of the SANS Institute challenges infosec pros to grade themselves on the three fundamental aspects of any successful enterprise security program. Continue Reading
Evaluate Enterprise Risk Management: Metrics and Assessments Vendors & Products
Weigh the pros and cons of technologies, products and projects you are considering.
Readers vote on the best threat intelligence products of 2014. Continue Reading
As more security professionals take on greater roles in global risk management, Global 2000 companies are investing in cybersecurity measures above and beyond compliance requirements. Global threat intelligence services have continued to evolve and ... Continue Reading
Expert Joseph Granneman details the MEHARI risk management framework and compares it to the ISO 27000 and NIST 800 series. Continue Reading
Product ReviewsPowered by IT Central Station
Powered by IT Central Station
Valuable Features: <ul> <li>Correlation Engine simpleness</li> <li>Visual agent deployment</li> <li>Stream...Continue Reading
Support can retrieve salient logging data from massive distributed systems in seconds but deployment is not easy.Powered by IT Central Station
I've been using Splunk for over 3 years now. The most valuable feature for me is alerting. Using Splunk, production support teams can retrieve...Continue Reading
I've evaluated Splunk and IBM Q1 but LogLogic is the best choice for log management. SIEM funcionailty needs improvementPowered by IT Central Station
Valuable Features: You can collect almost any type of log from almost any platform or source. Documentation is extensive with excellent...Continue Reading
Manage Enterprise Risk Management: Metrics and Assessments
Learn to apply best practices and optimize your operations.
Video: Rich Mogull says if you take away any one of the Data Breach Triangle's three key components, a breach becomes impossible. The Securosis CEO explains this unique perspective on data breach prevention. Continue Reading
The security management hierarchy in most organizations isn't conducive to breach prevention, says Dr. Eric Cole. He explains the critical changes needed to empower CISOs in this month's Security That Works column. Continue Reading
Recent data shows that more than 50% of all networking devices are aging or obsolete and pose a security risk to the enterprise. Expert Kevin Beaver discusses how to factor device age into a security risk assessment. Continue Reading
Problem Solve Enterprise Risk Management: Metrics and Assessments Issues
We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.
Third-party vendor management is important for avoiding incidents like the Target breach. Joseph Granneman offers four must-have security controls. Continue Reading
Expert Ernie Hayden explains how critical infrastructure organizations can use the NIST cybersecurity framework to assess, improve infosec practices. Continue Reading
Expert Mike Chapple reviews the recent ISO 27001 update, including the three most significant changes to ISO 27001 and the effect on infosec programs. Continue Reading