Risk Management

Risk Management | News, how-tos, features, reviews, and videos

Cyber insurance > Umbrella hub protecting connected devices + online activities in binary world.
News Analysis

Decline in ransomware claims could spark change for cyber insurance

data security / padlock / binary code / digital display
Feature

6 ways the pandemic has triggered long-term security changes

Bill Hunkapiller, Chief Information Security Officer, Florida State University
Feature

FSU’s university-wide resiliency program focuses on doing the basics better

An audit showing inadequate disaster recovery plans in many of the university’s 307 administrative units was the stick CISO Bill Hunkapiller needed to advance a centralized, streamlined resiliency program.

dashboard / report / metrics / results / analysis / management
Opinion

Device identity: The overlooked insider threat

Device/machine identity, especially in association with robotic process automation, can be a conduit for intentional and unintentional insider breaches.

One red umbrella stands out among a mass of black umbrellas.
InfoSec at Your ServiceBy

6 steps for third-party cyber risk management

If you have third-party partners, you need a third-party cyber risk management program. Here are six key steps to follow.

job growth climbing the corporate ladder promotion stairs corporate govenernance new job nathan dum
Feature

CRISC certification: Your ticket to the C-suite?

Certified in Risk and Information Systems Control (CRISC) is a certification that focuses on enterprise IT risk management. Learn about the exam, prerequisites, study guides, and potential salary.

tc watson celanese
video

How chemical manufacturer Celanese secures its IT and OT environments

Celanese Corporation is a global chemical leader in the production of differentiated chemistry solutions and specialty materials used in most major industries and consumer applications. With IT and OT environments exposed to risk, the...

Tech Spotlight > Cybersecurity [CSO] > Hands gesture in conversation
Feature

How CISOs and CIOs should share cybersecurity ownership

CISOs and CIOs weigh in on how their cybersecurity responsibilities are evolving with changes in the business environment and threat landscape.

binary code flows around a corporate structure / cybersecurity / technology companies
Feature

The 10 most powerful cybersecurity companies

What makes these 10 security vendors the biggest power players? We break it down.

cso information security policy risk management writing policy by metamorworks getty 2400x1600
Feature

Security teams report rise in cyber risk

A recent report shows declining confidence in many organizations’ security function to address today’s threats. Here’s why and how security teams can reverse the trend.

Mark Odom, vice president and CISO, Jefferson Health
Feature

How Jefferson Health enhanced cybersecurity via its cloud transformation

Jefferson Health CISO Mark Odom discusses the healthcare provider's shift to a cloud-first strategy and shares how it has created a more efficient, agile, and risk-focused security approach.

A lost businessman wanders amid conflicting directional signs through the fog.
Feature

8 biases that will kill your security program

CISOs and their security teams often hold cognitive biases that get in the way of making the right risk management and incident response decisions. Here are eight of the most common to avoid.

data analytics / risk assessment / tracking data or trends
Cybersecurity SnippetsBy

Move over XDR, it's time for security observability, prioritization, and validation (SOPV)

Independent tools and data repositories are coming together for better threat management, impacting organizations, security professionals, and the industry. We need to take the same approach to security hygiene and posture management....

A multitude of arrows pierce a target. [numerous attacks / quantity / severity]
Feature

7 best practices for enterprise attack surface management

Follow this advice to minimize vulnerabilities and give threat actors fewer opportunities to compromise your organization's network and devices.

technology debt drowning in debt piggy bank by romolo tavani hudiem getty images
Feature

7 ways technical debt increases security risk

Shoddily developed and deployed projects can leave your enterprise vulnerable to attacks. Here's how to stop technical debt from sending your organization to the cyber-poorhouse.

tc vcmar hudson
video

Securing the software supply chain: A structured approach

Managing risk across an extended supply chain is extremely challenging for organizations of all sizes. The sheer volume of connected components that communicate, store, and process data will continue to expand the attack surface, and...

supply chain management controls - ERP - Enterprise Resource Planning
Opinion

GAO calls out US government agencies: Get your supply chain security act together

The US Government Accounting Office tells Congress that federal agencies have largely ignored its supply chain risk management guidance for nearly ten years.

CSO > Invalidated cyber insurance
Feature

17 cyber insurance application questions you'll need to answer

Recent high-profile security incidents have tightened requirements to qualify for cyber insurance. These are the tougher questions insurance carriers are now asking.

light string in a jar at sunset / lightbulbs / ideas / innovation / brainstorming
Opinion

Defining linchpins: An industry perspective on remediating Sunburst

The concept of linchpin software can be useful in assessing risk and focusing security efforts, but it comes with challenges.

CSO Hall of Fame 2021 [LOGO]
Feature

CSO Hall of Fame honorees

Meet the security leaders enshrined in the CSO Hall of Fame.

Load More