Mapping ATT&CK techniques to CVEs should make risk assessment easier
Vulnerability reporters should start using MITRE ATT&CK technique references to describe what the attacker is trying to achieve by exploiting a given CVE-numbered …
risk assessment
While businesses are ramping up their risk mitigation efforts, they could be doing more
Zurich North America and Advisen have released a survey of corporate risk managers and insurance buyers revealing current views about information security and cyber risk …
The first step to being cybersmart: Just start somewhere
When it comes to a subject as complex as cybersecurity, it’s easy to become a victim of decision paralysis. When company leaders and IT staff begin looking at their options …
Which technologies can help legal and compliance teams navigate a changing landscape of risk?
In this interview with Help Net Security, Zack Hutto, Director of Advisory Services at Gartner‘s Legal and Compliance Practice, talks about the challenges legal and …
How collaboration between IT pros and senior leaders could drive the future of risk mitigation
What is an acceptable level of risk for IT pros and their organizations? The answer to this question has changed in recent years, with the threat landscape shifting …
Assessing subsidiary risk a top priority for most enterprises, yet they still lack proper visibility
Most enterprises are overconfident and lack the proper visibility to manage subsidiary risk, according to an Osterman Research study. The study surveyed enterprises with more …
Protecting your company from fourth-party risk
In a world that is becoming ever more interconnected, organizations are learning firsthand that they are not only vulnerable to the adverse events that their vendors …
Ransomware and cyber insurance: What are the risks?
High-profile ransomware events, such as the Colonial Pipeline and Kaseya attacks, continue to create eye-popping headlines about how easily a cybercriminal group can cripple …
How to rethink risks with new cloud deployments
These days, technology seems to evolve at the speed of light. Infrastructures change, attack surfaces reduce and multiply and, not surprisingly, your cloud environment …
Application security approaches broken by rising adoption of cloud-native architectures
The rising adoption of cloud-native architectures, DevOps, and agile methodologies has broken traditional approaches to application security, a survey of 700 CISOs by Coleman …
How prepared is the intelligence community to tackle possible threats?
Human psychology is complex. It’s a dynamic and sometimes contradictory system. Compounding this problem is the rapid progress of technology and social media, toppling …
Acting on a security risk assessment of your organization’s use of Salesforce
Salesforce isn’t rocket science, but the software has an incredible array of tools, which is why securing it demands a unique (and sometimes complex) approach. If you’re …
