Risk Management | News, how-tos, features, reviews, and videos
The Exploit Prediction Scoring System has its shortcomings, but it can complement CVSS to help better prioritize and assess vulnerability risk.
The conviction of Uber's former CSO could change the roles of top security leaders and raises the level of personal risk in the wake of a breach.
Cyber insurance can't protect your organization from cybercrime, but it can keep your business on stable financial footing should a significant security event occur.
From eyeglass reflections and new job postings to certificate transparency logs and discarded printers, employees have odd ways to unintentionally expose data..
Insider threats can have a devastating impact even if the harm is unintentional. Here's advice to identify and mitigate insider threat risk.
Deepfakes pose a real threat to security and risk management and it’s only going to get worse as the technology develops and bad actors can access malicious offerings such as deepfakes as a service.
The cost is too high and the risk too low to offer CISOs directors-and-officers insurance at many companies. Protective governance policies might make more sense.
The growing attack surface is extending the security/software developer gap, increasing vulnerabilities, and slowing security investigations.
Image geotags, metadata, and location information can allow competitors, cybercriminals, and even nation-state threat actors to gain knowledge they can use against organizations.
Organizations must be willing to ask software vendors hard risk-based questions and be prepared for that to lengthen the purchase process.