Risk assessments metrics and frameworks
- November 01, 2013
What's a dollar spent on security worth in terms of risk? Break-even analysis helps you decide.
- October 22, 2013
Delayed by the government shutdown, the preliminary NIST Cybersecurity Framework offers general best practices for critical infrastructure security.
- October 01, 2013
In his inaugural Security Economics column, Peter Lindstrom looks at technology risk management, and how to make the hard decisions pay off.
- September 03, 2013
Analysts expect security concerns to drive global risk management, but executives may need convincing.
- July 19, 2013
A study by Bit9 explains just how bad the Java problem really is: The most popular version has 96 severe vulnerabilities.
- April 18, 2013
Big Yellow's annual report indicates a threefold rise in targeted attacks against SMBs as attackers search beyond big firms for susceptible targets.
- March 27, 2013
Panelists at the SANS Cyber Threat Intelligence Summit lament the challenges of using cyber-intelligence to thwart enterprise security threats.
- March 04, 2013
At RSA 2013, experts Ed Skoudis and Johannes Ullrich explained how the SANS CyberCity supports offensive forensics and helps prevent kinetic attacks.
- February 25, 2013
At B-Sides San Francisco, Dan Kaminsky discussed how society inhibits its own security culture, and the need to look beyond status-quo technology.
- December 10, 2012
Most risk management programs fail because they end up being another audit function, explains Alex Hutton, a faculty member at IANS.
- November 19, 2012
The PCI Risk Assessment Special Interest Group concludes that risk assessments are based on a company's unique risk tolerance and environment.
- November 14, 2012
Red teaming assesses the security of an organization and can be a more effective way to assess the organization's security posture.
- November 12, 2012
Study from vulnerability management firm Positive Technologies Security contends that 39% of systems in the U.S. and Europe are vulnerable to attack.
- October 17, 2012
Zero-day exploits are typically used in targeted attacks, but public disclosure of unpatched flaws significantly increases the use of the exploits.
- October 11, 2012
The Black Hole attack toolkit is fueling many of the exploits targeting the vulnerabilities, according to Microsoft.