Risk Management

Risk Management | News, how-tos, features, reviews, and videos

Activists protest against racism and advocate for social justice and equal rights.

insurance

Cyber insurance explained: What it covers and why prices continue to rise

Cyber insurance, also referred to as cyber risk insurance or cyber liability insurance coverage (CLIC), mitigates risk exposure by offsetting costs involved with damages and recovery after a cybersecurity incident.

An engineer reviews strategy framework data.

5 IT risk assessment frameworks compared

Formal risk assessment methodologies can help take guesswork out of evaluating IT risks if applied appropriately. Here is real-world feedback on using COBIT, OCTAVE, FAIR, NIST RMF, and TARA.

risk assessment - safety analysis - security audit

Why are people so bad at risk assessment? Blame the brain

Stakeholders and CISOs tend to have different perspectives on estimating the risk of a potential cybersecurity incident. Understanding the psychological aspects can help bridge the gap.

Cyber insurance  >  Umbrella hub protecting connected devices + online activities in binary world.

Decline in ransomware claims could spark change for cyber insurance

New research indicates that ransomware attack and payment claims are in decline as resiliency takes priority for organizations.

data security / padlock / binary code / digital display

6 ways the pandemic has triggered long-term security changes

With some changes prompted by COVID-19 likely to be permanent, enterprises will need to revise their data security strategies.

Bill Hunkapiller, Chief Information Security Officer, Florida State University

FSU’s university-wide resiliency program focuses on doing the basics better

An audit showing inadequate disaster recovery plans in many of the university’s 307 administrative units was the stick CISO Bill Hunkapiller needed to advance a centralized, streamlined resiliency program.

dashboard / report / metrics / results / analysis  / management

Device identity: The overlooked insider threat

Device/machine identity, especially in association with robotic process automation, can be a conduit for intentional and unintentional insider breaches.

One red umbrella stands out among a mass of black umbrellas.

6 steps for third-party cyber risk management

If you have third-party partners, you need a third-party cyber risk management program. Here are six key steps to follow.

job growth climbing the corporate ladder promotion stairs corporate govenernance new job nathan dum

CRISC certification: Your ticket to the C-suite?

Certified in Risk and Information Systems Control (CRISC) is a certification that focuses on enterprise IT risk management. Learn about the exam, prerequisites, study guides, and potential salary.

tc watson celanese
video

How chemical manufacturer Celanese secures its IT and OT environments

Celanese Corporation is a global chemical leader in the production of differentiated chemistry solutions and specialty materials used in most major industries and consumer applications. With IT and OT environments exposed to risk, the...

Tech Spotlight   >   Cybersecurity [CSO]   >   Hands gesture in conversation

How CISOs and CIOs should share cybersecurity ownership

CISOs and CIOs weigh in on how their cybersecurity responsibilities are evolving with changes in the business environment and threat landscape.

binary code flows around a corporate structure / cybersecurity / technology companies

The 10 most powerful cybersecurity companies

What makes these 10 security vendors the biggest power players? We break it down.

cso information security policy risk management writing policy by metamorworks getty 2400x1600

Security teams report rise in cyber risk

A recent report shows declining confidence in many organizations’ security function to address today’s threats. Here’s why and how security teams can reverse the trend.

Mark Odom, vice president and CISO, Jefferson Health

How Jefferson Health enhanced cybersecurity via its cloud transformation

Jefferson Health CISO Mark Odom discusses the healthcare provider's shift to a cloud-first strategy and shares how it has created a more efficient, agile, and risk-focused security approach.

A lost businessman wanders amid conflicting directional signs through the fog.

8 biases that will kill your security program

CISOs and their security teams often hold cognitive biases that get in the way of making the right risk management and incident response decisions. Here are eight of the most common to avoid.

data analytics / risk assessment / tracking data or trends

Move over XDR, it's time for security observability, prioritization, and validation (SOPV)

Independent tools and data repositories are coming together for better threat management, impacting organizations, security professionals, and the industry. We need to take the same approach to security hygiene and posture management....

A multitude of arrows pierce a target. [numerous attacks / quantity / severity]

7 best practices for enterprise attack surface management

Follow this advice to minimize vulnerabilities and give threat actors fewer opportunities to compromise your organization's network and devices.

technology debt drowning in debt piggy bank by romolo tavani hudiem getty images

7 ways technical debt increases security risk

Shoddily developed and deployed projects can leave your enterprise vulnerable to attacks. Here's how to stop technical debt from sending your organization to the cyber-poorhouse.

Load More
You Might Also Like