Information security risk management

A risk management program is a key component for enterprise security. This section offers insight on security risk management frameworks and strategies as well as best practices on conducting effective risk assessments, vulnerability assessments, penetration tests and more.

June 16, 2021 16 Jun'21
Zscaler: Exposed servers, open ports jeopardizing enterprises

Zscaler analyzed 1,500 networks and found administrators are leaving basic points of entry wide open for attackers as neglected servers are falling by the wayside.
June 15, 2021 15 Jun'21
Apple issues patches for two more WebKit zero-days

Apple said both WebKit zero-days, which affect older iOS devices, have reportedly been exploited in the wild, but further details about the threat activity are unknown.
June 08, 2021 08 Jun'21
CISA taps Bugcrowd for federal vulnerability disclosure program

The new program follows a CISA directive from September that requires executive branch agencies to create and publish vulnerability disclosure policies.
June 07, 2021 07 Jun'21
Hackers vs. lawyers: Security research stifled in key situations

The age-old debate between sharing information or covering legal liability is a growing issue in everything from bug bounties to disclosing ransomware attacks.

Bring yourself up to speed with our introductory content

OPSEC (operations security)

OPSEC (operations security) is a security and risk management process and strategy that classifies information, then determines what is required to protect sensitive information and prevent it from getting into the wrong hands. Continue Reading
How to get started with security chaos engineering

Introducing security chaos engineering: the latest methodology security teams can implement to proactively discover vulnerabilities or weaknesses in a company's system. Continue Reading
threat modeling

Threat modeling is a procedure for optimizing application, system or business process security by identifying objectives and vulnerabilities, and then defining countermeasures to prevent or mitigate the effects of threats to the system. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

How do risk assessment costs vary and why?

Risk assessments help identify and, more importantly, prioritize activities an organization needs to address its most serious threats and vulnerabilities. However, costs may vary. Continue Reading
How to use CIS benchmarks to improve public cloud security

Safeguarding public cloud environments is a shared responsibility. Cloud customers should use CIS benchmarks to ensure cloud security at the account level. Continue Reading
Applying web application reconnaissance to offensive hacking

Learn how to apply web application reconnaissance fundamentals to improve both offensive and defensive hacking skills in an excerpt of 'Web Application Security' by Andrew Hoffman. Continue Reading

Learn to apply best practices and optimize your operations.

4 ways to build a thoughtful security culture

It's time companies paid more attention to their security culture, working toward building an effective security awareness program that everyone can understand and get behind. Continue Reading
How to handle social engineering penetration testing results

In the wake of conducting social engineering penetration testing, companies need to have a plan ready to prevent or minimize phishing, vishing and other attacks. Continue Reading
How to ethically conduct pen testing for social engineering

Author Joe Gray explores his interest in pen testing for social engineering, what it means to be an ethical hacker and how to get started in the career. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

6 ways to prevent insider threats every CISO should know

Too often, organizations focus exclusively on external risks to security. Infosec expert Nabil Hannan explains what CISOs can do to effectively assess and prevent insider threats. Continue Reading
How to fix the top 5 cybersecurity vulnerabilities

Check out the top five cybersecurity vulnerabilities and find out how to prevent data loss or exposure, whether the problem is end-user gullibility, inadequate network monitoring or poor endpoint security defenses. Continue Reading
3 ways CISOs can align cybersecurity to business goals

To work effectively with the C-suite, CISOs can take three steps to align business goals with cybersecurity needs to reduce risk, guest contributor Mike McGlynn advises. Continue Reading