Information security risk management

A risk management program is a key component for enterprise security. This section offers insight on security risk management frameworks and strategies as well as best practices on conducting effective risk assessments, vulnerability assessments, penetration tests and more.

November 04, 2020 04 Nov'20
SaltStack discloses critical vulnerabilities, urges patching

The SaltStack vulnerabilities, disclosed Tuesday, allow remote attackers to execute arbitrary code on affected installations of the popular open source software.
October 27, 2020 27 Oct'20
Mitre ATT&CK: How it has evolved and grown

Adoption of the Mitre ATT&CK framework, which saw version 8.0 released Tuesday, has grown rapidly over the last years, though challenges still remain for enterprise users.
September 24, 2020 24 Sep'20
Shopify discloses data breach caused by insider threats

Canadian e-commerce company Shopify disclosed a data breach involving two insider threats, but questions remain about the breach and how it was discovered.
September 23, 2020 23 Sep'20
ConnectWise launches bug bounty program to boost security

ConnectWise, which provides remote management software to MSPs, partnered with HackerOne in its first bug bounty program, which is part of a larger strategy to improve security.

Bring yourself up to speed with our introductory content

Security awareness training best practices for MSPs

Human error is the root of many IT security catastrophes. Use these security awareness best practices to craft programs that users will actually learn from. Continue Reading
Business continuity vendors bolster offerings during pandemic

Organizations must ensure their pandemic business continuity and technology DR plans address cybersecurity, as well as remote employees, social distancing and company shutdowns. Continue Reading
Certified Information Systems Auditor (CISA)

The Certified Information Systems Auditor (CISA) is a certification and globally recognized standard for appraising an IT auditor's knowledge, expertise and skill in assessing vulnerabilities and instituting IT controls in an enterprise environment. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

Cyber insurance explained, from selection to post-purchase

Before you sign on the dotted line, make sure you understand what cyber insurance can and can't do -- and what type of policy will do the most for you. Continue Reading
How to use the Mitre ATT&CK framework for cloud security

Learn how to use the Mitre ATT&CK security framework to keep your enterprise cloud environment -- whether AWS, GCP, Azure, Azure AD or Microsoft 365 -- secure. Continue Reading
The 6 benefits of zero-trust security for businesses

The zero-trust security model demands infosec leaders take a holistic approach to IT infrastructure security. Learn about the six business benefits of zero trust and how it differs from traditional security approaches. Continue Reading

Learn to apply best practices and optimize your operations.

8 benefits of a security operations center

A security operations center can help lessen the fallout of a data breach, but its business benefits go much further than that. Here are eight SOC benefits to consider. Continue Reading
10 tips for building a next-generation SOC

Check out 10 tips to help build a next-generation security operations center with the integrated tools to free security analysts to get ahead of and respond to threats fast. Continue Reading
Pair cyber insurance, risk mitigation to manage cyber-risk

The role of cyber insurance may come after a breach, but it remains a useful element in an organization's vulnerability management strategy. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

The challenge of addressing the IT and security skills gap

In the first of a two-part series, Jonathan Meyers examines the issues surrounding the security skills gap that companies must contend with due to limited budgets, training and more. Continue Reading
Addressing the expanding threat attack surface from COVID-19

CISOs need to ensure they and their security teams are aware of the new threats created by many businesses expanding their attack surface with many employees still working remotely. Continue Reading
Top 3 challenges of a zero-trust security model

There are three main zero-trust security challenges, but because the model is highly beneficial, it's important for organizations to learn how to overcome them. Continue Reading