Information security risk management

A risk management program is a key component for enterprise security. This section offers insight on security risk management frameworks and strategies as well as best practices on conducting effective risk assessments, vulnerability assessments, penetration tests and more.

July 28, 2021 28 Jul'21
CISA unveils list of most targeted vulnerabilities in 2020

Attackers chased the headlines in 2020, going after the most publicized vulnerabilities in Citrix, Pulse Secure and Fortinet products, according to the U.S. government.
July 22, 2021 22 Jul'21
Risk & Repeat: Vulnerability patching still falling short

Many organizations still fail to patch critical vulnerabilities, even when they're under exploitation in the wild. What are the best ways to improve patching rates?
July 15, 2021 15 Jul'21
SonicWall warns of 'imminent' SMA 100/SRA ransomware attacks

SonicWall said that those who fail to update or disconnect their vulnerable SMA 100 and SRA devices are 'at imminent risk of a targeted ransomware attack.'
July 14, 2021 14 Jul'21
Microsoft: Chinese threat actor exploited SolarWinds zero-day

Microsoft has observed DEV-0322, the threat actor exploiting the SolarWinds Serv-U zero-day, 'targeting entities in the U.S. Defense Industrial Base Sector and software companies.'

Bring yourself up to speed with our introductory content

Mitigating risk-based vulnerability management challenges

An onslaught of threats combined with constrained budgets leaves security teams wondering which risks to prioritize and how. Enter risk-based vulnerability management. Continue Reading
What is cybersecurity insurance (cybersecurity liability insurance)?

Cybersecurity insurance, also called cyber liability insurance or cyber insurance, is a contract that an entity can purchase to help reduce the financial risks associated with doing business online. Continue Reading
What is risk analysis?

Risk analysis is the process of identifying and analyzing potential issues that could negatively impact key business initiatives or projects. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

Risk-based vulnerability management tools in the cloud

As enterprises increasingly rely on cloud services, a risk-based vulnerability management approach can provide the best protection against cybersecurity threats. Continue Reading
How to perform a cybersecurity risk assessment in 5 steps

This five-step framework for performing a cybersecurity risk assessment will help your organization prevent and reduce costly security incidents and avoid compliance issues. Continue Reading
How to select an MDR service that's right for your company

A well-engineered managed detection and response system can provide a lot of benefits. But, before deploying an MDR service, determine exactly what you expect from a provider. Continue Reading

Learn to apply best practices and optimize your operations.

Recent surge in ransomware attacks threatens national security

Some recent ransomware attacks that have disrupted service include Colonial Pipeline, JBS Foods and Quanta. Continue Reading
The benefits of using AI in risk management

Manual risk management is a thing of the past; AI in risk management is here to stay. Uncover the benefits, use cases and challenges your organization needs to know about. Continue Reading
4 ways to build a thoughtful security culture

It's time companies paid more attention to their security culture, working toward building an effective security awareness program that everyone can understand and get behind. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

Use a decentralized identity framework to reduce enterprise risk

To reduce the risk of identity theft for customers, partners and employees, companies should look at integrating a decentralized identity framework into existing infrastructure. Continue Reading
How to rank enterprise network security vulnerabilities

Risk management programs yield massive data on network security vulnerabilities. Infosec pros must rank risks to prioritize remediation efforts. Continue Reading
Mitigate threats with a remote workforce risk assessment

Risk assessments are more necessary than ever as organizations face the challenge of protecting remote and hybrid workers alongside in-office employees. Continue Reading