Risk assessments metrics and frameworks
- January 20, 2020
In this Q&A with CyCognito CEO Rob Gurzeev, he discusses what led to his company, how attack simulations work and how he plans to spend the company's recent round of funding.
- October 22, 2019
The new platform provides an extra layer of testing by sending its findings to Bugcrowd's crowdsourced security testing tools.
- August 12, 2019
The cyber insurance market is growing rapidly and policies are incredibly inexpensive -- but experts at Black Hat 2019 had concerns about those low prices.
- February 26, 2019
Security expert Art Manion discusses what he calls major problems within the Common Vulnerability Scoring System and explains why CVSS needs to be replaced.
- November 30, 2018
The first round of evaluations using the Mitre ATT&CK framework has gone public, putting on display how different endpoint products detect advanced threat activities.
- June 01, 2018
The 'Federal Cybersecurity Risk Determination Report and Action Plan' shows the majority of federal agencies are at risk, and DHS suggests a lack of leadership may be to blame.
- March 09, 2018
Tenable.io Lumin enables organizations to gauge their 'cyber exposure' to vulnerabilities and allows them to compare remediation efforts against industry benchmark data.
- February 19, 2018
In this week's Risk & Repeat podcast, SearchSecurity editors discuss a new industry partnership designed to give Apple and Cisco customers beneficial cyberinsurance policies.
- October 03, 2017
A longitudinal cyberinsurance study performed by the Department of Homeland Security could improve enterprise security but the effects depend on the data collected, said experts.
- September 25, 2017
Speaking at the (ISC)2 Security Congress, FBI Deputy Assistant Director Don Freese spoke about need for security pros to replace fear and emotion with proper cyber-risk management.
- July 28, 2017
Analyzing infosec through the lens of game theory shows that cyber-risk analysis and wasting attacker time may be highly effective cybersecurity strategies.
- February 22, 2017
One expert warned there can be a disconnect between what security remediation means to CISOs and what researchers announce because of divergent objectives.
- December 09, 2016
The IBM Watson for Cyber Security beta program aims to augment human intelligence, but experts question if IBM can distinguish it from other machine learning products.
- September 21, 2016
The SWIFT messaging system aims to improve the security of supported banks with new antifraud reports, but experts are unsure how useful the anomaly detection will be.
- September 15, 2016
Oracle's lack of response to security researchers raises more questions after a zero-day MySQL vulnerability was reported, though patches may have already been released.
- July 18, 2016
Responsible disclosure wins as researchers roll out branded website for 'httpoxy,' a set of vulnerabilities in server-side web apps that use the HTTP_PROXY variable.
- May 18, 2016
Internet pioneer Paul Vixie spoke with SearchSecurity about Internet crime, the glibc bug and other pervasive vulnerabilities that may never be eradicated.
- April 19, 2016
DHS says users need to uninstall QuickTime for Windows immediately as Apple quietly sends the software to its end of life following the disclosure of two zero-day flaws.
- April 14, 2016
The much-hyped Badlock bug is still important to patch, but raised issues with celebrity vulnerability promotion and responsible disclosure of security vulnerabilities.
- April 08, 2016
Vulnerability branding was once a practice that elevated understanding of flaws and potentially led to better remediation, but now serves as little more than marketing for security researchers.
- November 23, 2015
Adobe CSO Brad Arkin spoke at the recent Privacy. Security. Risk. 2015 event about his experiences dealing with the company's massive data breach two years ago.
- November 19, 2015
TechTarget 2015 Annual Salary and Careers Survey: Out of the myriad of security responsibilities for an enterprise, IT risk management and regulatory compliance occupy the most time.
- September 18, 2015
An internal audit of the U.S. Department of Homeland Security has been completed, detailing areas where its cyber mission has failed and what plans are in place to make improvements.
- July 29, 2015
Video: Security operations centers are critical to continuous network monitoring and detecting data breaches. Eric Cole discusses SOCs and the role security automation plays in them.
- June 26, 2015
RubyGems software packaging client was found to have a DNS vulnerability that redirects users to malicious gem servers.
- June 05, 2015
A new study claims social media may be a useful indicator of vulnerability risk and lead to more accurate CVSS scores and prioritization.
- May 21, 2015
A new study shows enterprises with security analytics are confident in their threat detection capabilities, while those without are overwhelmed by copious false positives and alerts.
- April 28, 2015
An open source threat model is aiming to be a repository for risk assessment with the aim of allowing enterprise to focus on creating the right security controls for each business.
- April 28, 2015
A panel discussion at RSA Conference 2015 outlined strategic methods enterprises can use to build and advocate for an insider threat program.
- April 22, 2015
A Forrester analyst told RSA Conference 2015 attendees that enterprise threat intelligence programs are maturing, though obstacles like nascent technology and hard-to-find employees mean some firms may never reach full maturity.
- April 13, 2015
Experts have split opinions regarding the correct methodology for counting vulnerabilities, but all agree that focusing on numbers can mask real cybersecurity risks.
- March 27, 2015
News roundup: The ban of "booth babes" at RSA Conference 2015 has been met with praise; does it equal an increase of women in infosec? Plus: Cyberthreat data-sharing bill advances; Flash flaw exploited days after patching; new twist on Google Play ...
- December 02, 2013
You are better off with real numbers when it comes to measuring probability and the elements of security risk, even if they are wrong.
- November 14, 2012
Red teaming assesses the security of an organization and can be a more effective way to assess the organization's security posture.
- July 23, 2012
Sean Barnum of MITRE will describe Structured Threat Information eXpression (STIX), a new cyberthreat intelligence system for incident response teams.
- June 21, 2012
U.K. companies are preparing to manage their security during the Olympics. Would your security contingency plan hold up to such a disruptive event?
- April 12, 2012
How would you define a security threat? The correct answer could score the funding you need for your next security project.
- February 06, 2012
A researcher calls the state of industrial control system security “laughable” and warns of the consequences of unpatched critical infrastructure that is reachable over the Internet.
- September 15, 2010
OpenPages will be integrated with IBM's business analytics software portfolio.
- March 19, 2008
The security incident at the Hannaford supermarket chain and elsewhere have some wondering if it's time to purchase data breach insurance. But experts say there are drawbacks.
- March 05, 2008
Security experts say IT pros should be more concerned about the risks created by misconfigured networks than all the flaws and exploit code they read about.
- October 13, 2006
This week, the blogosphere is buzzing about Google Code Search. Despite concerns that the tool will aid attackers, some see it as a boost for security.
- October 11, 2006
The new search tool from Google can help developers find useful code examples. But security experts worry that it also will make attackers' jobs that much easier.
- December 16, 2004
Developers of the popular open-source tool are starting to charge commercial customers who bring nothing to the project's development.
- December 14, 2004
The nation's IT landscape is loaded with antiquated software ripe for attack. But a new study suggests most companies don't plan to address the problem.
- March 04, 2004
Reader inquiries about security issues surrounding .zip files prompted a Q&A with Wild List moderator Bruce Hughes, who cites more than 40 worms since 1999 that have taken advantage of the compressed file format to spread.