Information security risk management

A risk management program is a key component for enterprise security. This section offers insight on security risk management frameworks and strategies as well as best practices on conducting effective risk assessments, vulnerability assessments, penetration tests and more.

May 10, 2021 10 May'21
RSA Conference 2021: Focus on resilience

SearchSecurity will be at RSAC 2021, virtual edition, to provide pre-conference coverage and breaking news and analysis from the world's biggest infosec event.
May 04, 2021 04 May'21
Qualys finds 21 vulnerabilities in Exim mail software

Qualys, which discovered the '21Nails' vulnerabilities, said that it did not see evidence of exploitation, but many vulnerabilities are 17 years old and at risk of being exploited.
April 21, 2021 21 Apr'21
Hackers exploit 3 SonicWall zero-day vulnerabilities

SonicWall patched the zero-day vulnerabilities earlier this month, but the security vendor didn't disclose they were being exploited until Tuesday.
April 08, 2021 08 Apr'21
Unpatched applications threaten SAP security

Cyberattacks are a significant threat to unpatched, unprotected SAP applications, according to a new threat intelligence report from SAP and Onapsis.

Bring yourself up to speed with our introductory content

kill switch

A kill switch in an IT context is a mechanism used to shut down or disable a device or program. Continue Reading
computer forensics (cyber forensics)

Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. Continue Reading
insider threat

An insider threat is a category of risk posed by those who have access to an organization's physical or digital assets. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

How to use CIS benchmarks to improve public cloud security

Safeguarding public cloud environment is a shared responsibility. Cloud customers should use CIS benchmarks to ensure cloud security at the account level. Continue Reading
Applying web application reconnaissance to offensive hacking

Learn how to apply web application reconnaissance fundamentals to improve both offensive and defensive hacking skills in an excerpt of 'Web Application Security' by Andrew Hoffman. Continue Reading
Collaboration is key to a secure web application architecture

Author Andrew Hoffman explains the importance of a secure web application architecture and how to achieve it through collaboration between software and security engineers. Continue Reading

Learn to apply best practices and optimize your operations.

Cybersecurity contingency planning needs a face-lift

Following the unexpected craziness of 2020, companies need to sit down and revamp their cybersecurity contingency plan to ensure their business continuity. Continue Reading
5 cybersecurity testing areas CISOs need to address

With increasing board interest in cybersecurity risk, CISOs need to explain the preventive steps they are taking to have the right cybersecurity testing in place to minimize risk. Continue Reading
Building an incident response framework for your enterprise

Understanding the incident response framework standards and how to build the best framework for your organization is essential to preventing threats and mitigating cyber incidents. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

6 ways to prevent insider threats every CISO should know

Too often, organizations focus exclusively on external risks to security. Infosec expert Nabil Hannan explains what CISOs can do to effectively assess and prevent insider threats. Continue Reading
How to fix the top 5 cybersecurity vulnerabilities

Check out the top five cybersecurity vulnerabilities and find out how to prevent data loss or exposure, whether the problem is end-user gullibility, inadequate network monitoring or poor endpoint security defenses. Continue Reading
3 ways CISOs can align cybersecurity to business goals

To work effectively with the C-suite, CISOs can take three steps to align business goals with cybersecurity needs to reduce risk, guest contributor Mike McGlynn advises. Continue Reading