Risk Management
Risk Management | News, how-tos, features, reviews, and videos
![A gavel rests on open law book. [law / regulation / compliance / legal liability]](https://images.idgesg.net/images/article/2020/09/gavel_mallett_rests_on_open_law_book_legal_liability_risk_regulations_compliance_by_andreypopov_gettyimages-1021544574_2400x1600-100860121-medium.3x2.jpg?auto=webp&quality=85,70)
Cyber insurance explained: What it covers and why prices continue to rise
Cyber insurance, also referred to as cyber risk insurance or cyber liability insurance coverage (CLIC), mitigates risk exposure by offsetting costs involved with damages and recovery after a cybersecurity incident.
8 strange ways employees can (accidently) expose data
From eyeglass reflections and new job postings to certificate transparency logs and discarded printers, employees have odd ways to unintentionally expose data..
Recent cases highlight need for insider threat awareness and action
Insider threats can have a devastating impact even if the harm is unintentional. Here's advice to identify and mitigate insider threat risk.
The deepfake danger: When it wasn’t you on that Zoom call
Deepfakes pose a real threat to security and risk management and it’s only going to get worse as the technology develops and bad actors can access malicious offerings such as deepfakes as a service.
![A man with an umbrella appears waist-deep in water against a city skyline. [multiple-exposure]](https://images.idgesg.net/images/article/2020/09/multiple-exposure_man_with_umbrella_appears_waist-deep_in_water_against_city_skyline_risk_insurance_protection_by_anyaberkut_gettyimages-1215138291_2400x1600-100858027-small.3x2.jpg?auto=webp&quality=85,70)
D&O insurance not yet a priority despite criminal trial of Uber’s former CISO
The cost is too high and the risk too low to offer CISOs directors-and-officers insurance at many companies. Protective governance policies might make more sense.
![A multitude of arrows pierce a target. [numerous attacks / quantity / severity]](https://images.idgesg.net/images/article/2020/12/arrows_piercing_a_target_numerous_attacks_quantity_by_franck_v_cc0_via_unsplash-100869381-small.3x2.jpg?auto=webp&quality=85,70)
Top 5 attack surface challenges related to security operations
The growing attack surface is extending the security/software developer gap, increasing vulnerabilities, and slowing security investigations.
How posting personal and business photos can be a security risk
Image geotags, metadata, and location information can allow competitors, cybercriminals, and even nation-state threat actors to gain knowledge they can use against organizations.
Why SBOMs alone aren’t enough for software supply chain security
Organizations must be willing to ask software vendors hard risk-based questions and be prepared for that to lengthen the purchase process.
Why patching quality, vendor info on vulnerabilities are declining
It's getting harder to assess the impact of patching or not patching, and too many patches don't fully fix the problem. It's time to pressure vendors.
Lloyd’s of London to exclude state-backed attacks from cyber insurance policies
From March 2023, Lloyd’s of London will require all its insurer groups to exclude liability for losses arising from state-backed cyberattacks.
Safe Security debuts two free risk assessment tools for businesses
Organizations can gauge their cybersecurity risk factors by using Safe Security’s new online calculators.
How harm reduction can more effectively reduce employee risky behavior
Black Hat speaker proposes framework to reduce the negative consequences of risky user actions and encourage them to follow security's advice.
5 trends making cybersecurity threats riskier and more expensive
Risks increase as the world becomes more digital, regulated, and interconnected, but you can take steps to reduce their impact.
How a sex worker became a defense contractor employee -- and an insider threat
An accomplished research scientist manipulated a defense contractor CEO into hiring a prostitute for a technical role. Here's how this insider threat could have been avoided.
Cyber Safety Review Board warns that Log4j event is an “endemic vulnerability”
The CSRB report predicts the Log4J risk will continue for years and offers best practices for mitigating the threat.
How Code42 automates insider risk response
When insiders exhibit risky behaviors, good-natured bots reach out to provide support in this CSO50 award-winning project.
Smart factories unprepared for cyberattacks
Smart factory operators are well aware of the cyberthreats they face but acknowledge lack of readiness to defend against them.
MITRE's Inside-R Protect goes deep into the behavior side of insider threats
The new Inside-R program looks to collect historical insider threat data to more deeply analyze behaviors that signal risk.