Information security risk management

A risk management program is a key component for enterprise security. This section offers insight on security risk management frameworks and strategies as well as best practices on conducting effective risk assessments, vulnerability assessments, penetration tests and more.

February 24, 2021 24 Feb'21
Dragos: ICS security threats grew threefold in 2020

A new report highlights the challenges facing ICS vendors today, including practices that are geared toward traditional IT and not designed for ICS security.
February 02, 2021 02 Feb'21
SonicWall confirms zero-day vulnerability on SMA 100 series

After testing NCC Group's findings, SonicWall 'confirmed their submission as a critical zero-day in the SMA 100 series 10.x code, and are tracking it as SNWLID-2021-0001.'
January 19, 2021 19 Jan'21
SolarWinds supply chain attack explained: Need-to-know info

The SolarWinds supply chain breach is the talk of the town -- and will be for months and years to come. Get informed and be part of the conversation with our guide.
January 14, 2021 14 Jan'21
Tenable: Vulnerability disclosures skyrocketed over last 5 years

New research from Tenable shows a dramatic increase in vulnerability disclosures since 2015, as well as concerning data about data breaches, ransomware threats and unpatched bugs.

Bring yourself up to speed with our introductory content

honeypot (computing)

A honeypot is a network-attached system set up as a decoy to lure cyber attackers and detect, deflect and study hacking attempts to gain unauthorized access to information systems. Continue Reading
cybersecurity

Cybersecurity is the protection of internet-connected systems such as hardware, software and data from cyberthreats. Continue Reading
How to develop a cybersecurity strategy: Step-by-step guide

A cybersecurity strategy isn't meant to be perfect, but it must be proactive, effective, actively supported and evolving. Here are the four steps required to get there. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

SolarWinds fallout has enterprise CISOs on edge

As investigators uncover more about the massive SolarWinds hack, enterprise CISOs' concerns about digital supply chain security grow. Continue Reading
The ultimate guide to cybersecurity planning for businesses

This in-depth cybersecurity planning guide provides information and advice to help organizations develop a successful strategy to protect their IT systems from attacks. Continue Reading
What is the future of cybersecurity?

Remote work is here to stay, so it's time to rethink the short-term fixes made in 2020. What else is in the cards? Here are the trends shaping the future of cybersecurity. Continue Reading

Learn to apply best practices and optimize your operations.

How to prevent supply chain attacks: Tips for suppliers

Every company, large and small, must assume it is a target in the supply chain. Suppliers should follow these best practices to keep themselves and their customers protected. Continue Reading
Why developers should consider automated threat modeling

Traditional threat modeling is hard. Can automated threat modeling make development and security teams' lives easier? Continue Reading
Introducing development teams to threat modeling in SDLC

Enterprises can improve their security posture by educating development teams on threat modeling so they can work alongside security teams and everyone knows a common language. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

4 tips to help CISOs get more C-suite cybersecurity buy-in

CISOs can get more cybersecurity buy-in with cohesive storytelling, focusing on existential security threats, leading with CARE and connecting security plans to business objectives. Continue Reading
Use business email compromise training to mitigate risk

Effective BEC training can prevent scams designed to exploit the brain's automatic responses. It starts by teaching employees to slow down and make the unconscious conscious. Continue Reading
Enterprise ransomware prevention measures to enact in 2021

Enterprises must shore up their ransomware prevention efforts by strengthening security awareness, adding email controls, and developing and testing incident response plans. Continue Reading