Information security risk management

A risk management program is a key component for enterprise security. This section offers insight on security risk management frameworks and strategies as well as best practices on conducting effective risk assessments, vulnerability assessments, penetration tests and more.

September 24, 2021 24 Sep'21
Spurned researcher posts trio of iOS zero days

An anonymous bug hunter critical of Apple's handling of reports to its bounty program has released details for three zero-day vulnerabilities in its iOS mobile platform.
September 13, 2021 13 Sep'21
Hackers port Cobalt Strike attack tool to Linux

An unknown group of cybercriminals has created a version of the Windows-only Cobalt Strike Beacon tool that works against Linux machines, which has been used in recent attacks.
September 13, 2021 13 Sep'21
Tenable acquires cloud security startup Accurics for $160M

The acquisition will be Tenable's first expansion into securing infrastructure as code, as it makes a push to identify and fix flaws in cloud-native software.
September 01, 2021 01 Sep'21
Beware of proxyware: Connection-sharing services pose risks

Cisco Talos warns that sharing internet connections with random people via third-party app like Honeygain and Peer2Profit could lead to malware installations and other threats.

Bring yourself up to speed with our introductory content

attack surface

An attack surface is defined as the total number of all possible entry points for unauthorized access into any system. Continue Reading
vulnerability assessment (vulnerability analysis)

A vulnerability assessment is the process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructures. Continue Reading
SIEM vs. SOAR vs. XDR: Evaluate the differences

SIEM, SOAR and XDR share similar definitions, but each has distinct drawbacks. Learn what each offers and how they differ for help deciding which to deploy in your company. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

The benefits of an IT management response

Many organizations create management responses to traditional audit findings. But did you know organizations can do them after IT audits and assessments, too? Continue Reading
3 components to consider when selecting an MDR service

In the market for an MDR service? Read up on three considerations to keep in mind and questions to ask potential providers before making a decision. Continue Reading
Why zero-trust models should replace legacy VPNs

Many organizations use legacy VPNs to secure their networks, especially in the work-from-home era. Expert Pranav Kumar explains why zero-trust models are a safer option. Continue Reading

Learn to apply best practices and optimize your operations.

Recent surge in ransomware attacks threatens national security

Some recent ransomware attacks that have disrupted service include Colonial Pipeline, JBS Foods and Quanta. Continue Reading
The benefits of using AI in risk management

Manual risk management is a thing of the past; AI in risk management is here to stay. Uncover the benefits, use cases and challenges your organization needs to know about. Continue Reading
4 ways to build a thoughtful security culture

It's time companies paid more attention to their security culture, working toward building an effective security awareness program that everyone can understand and get behind. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

How to prevent ransomware: 6 key steps to safeguard assets

Ransomware can cost companies billions in damage. Incorporate these ransomware prevention best practices to keep attackers out. Continue Reading
Top 3 ransomware attack vectors and how to avoid them

Adversaries use three common entryways to infect systems with ransomware. Learn how to prevent your organization from falling victim to an attack. Continue Reading
Use a decentralized identity framework to reduce enterprise risk

To reduce the risk of identity theft for customers, partners and employees, companies should look at integrating a decentralized identity framework into existing infrastructure. Continue Reading