Risk assessments metrics and frameworks
- February 26, 2019
Security expert Art Manion discusses what he calls major problems within the Common Vulnerability Scoring System and explains why CVSS needs to be replaced.
- November 30, 2018
The first round of evaluations using the Mitre ATT&CK framework has gone public, putting on display how different endpoint products detect advanced threat activities.
- June 01, 2018
The 'Federal Cybersecurity Risk Determination Report and Action Plan' shows the majority of federal agencies are at risk, and DHS suggests a lack of leadership may be to blame.
- March 09, 2018
Tenable.io Lumin enables organizations to gauge their 'cyber exposure' to vulnerabilities and allows them to compare remediation efforts against industry benchmark data.
- February 19, 2018
In this week's Risk & Repeat podcast, SearchSecurity editors discuss a new industry partnership designed to give Apple and Cisco customers beneficial cyberinsurance policies.
- October 03, 2017
A longitudinal cyberinsurance study performed by the Department of Homeland Security could improve enterprise security but the effects depend on the data collected, said experts.
- September 25, 2017
Speaking at the (ISC)2 Security Congress, FBI Deputy Assistant Director Don Freese spoke about need for security pros to replace fear and emotion with proper cyber-risk management.
- July 28, 2017
Analyzing infosec through the lens of game theory shows that cyber-risk analysis and wasting attacker time may be highly effective cybersecurity strategies.
- February 22, 2017
One expert warned there can be a disconnect between what security remediation means to CISOs and what researchers announce because of divergent objectives.
- December 09, 2016
The IBM Watson for Cyber Security beta program aims to augment human intelligence, but experts question if IBM can distinguish it from other machine learning products.
- September 21, 2016
The SWIFT messaging system aims to improve the security of supported banks with new antifraud reports, but experts are unsure how useful the anomaly detection will be.
- September 15, 2016
Oracle's lack of response to security researchers raises more questions after a zero-day MySQL vulnerability was reported, though patches may have already been released.
- July 18, 2016
Responsible disclosure wins as researchers roll out branded website for 'httpoxy,' a set of vulnerabilities in server-side web apps that use the HTTP_PROXY variable.
- May 18, 2016
Internet pioneer Paul Vixie spoke with SearchSecurity about Internet crime, the glibc bug and other pervasive vulnerabilities that may never be eradicated.
- April 19, 2016
DHS says users need to uninstall QuickTime for Windows immediately as Apple quietly sends the software to its end of life following the disclosure of two zero-day flaws.