risk management

Third-party identity risk management, compliance, or both?
Third-party risk management and compliance have traditionally gone hand-in-hand. One is a business requirement, the other a business necessity. So, which comes first? Or …

Mitigating third-party risks with effective cyber risk management
Third-party engagement has steadily become an essential part of business operations for many organizations, enlisted for all kinds of products and services across nearly all …

Banks accelerating their risk management transformation
COVID-19’s disruption has stretched risk management infrastructures to the brink, forcing banks to recalibrate their data, models and processes for stress testing, impact …

Making transparency a norm in cybersecurity
The general lack of transparency around cybersecurity continues to be one of the largest factors holding back the combined ability of the public and private sector to truly …

Cybersecurity industry analysis: Another recurring vulnerability we must correct
I have spent my career finding, fixing, discussing, and breaking down software vulnerabilities, one way or another. I know that when it comes to some common security bugs, …

Maximizing a hybrid cloud approach with colocation
As a multi-tenant cloud environment, the public cloud offers companies with vast amounts of data a highly affordable option. However, it also presents a number of limitations …

Navigating the waters of maritime cybersecurity
In January 2021, new International Maritime Organization (IMO) guidelines on maritime cyber risk management went into effect. Around the same time, the U.S. government …

Why threat hunting is obsolete without context
Cybersecurity is an undisputed concern within any industry – but how are organizations and businesses using the security data and information they collect to best ensure their …

Pandemic accelerating need for insider risk management
As companies exit the pandemic, security leaders will be challenged with new data security complexities. Remote work over the past year magnified challenges that companies …

Risk-based vulnerability management has produced demonstrable results
Several years ago, risk-based cybersecurity was a largely untested and hotly debated topic. But the tests have since been administered and the debate largely settled: …

PCI SSC publishes PCI Secure Software Standard 1.1 and supporting program documentation
Version 1.1 of the PCI Secure Software Standard introduces the Terminal Software Module, a new security requirements module for payment software intended for deployment and …

Cybersecurity only the tip of the iceberg for third-party risk management
Most companies are missing key risks at more than one stage of the vendor risk lifecycle, yet few are expanding their TPRM programs to address these risks, according to …
Featured news
Resources
Don't miss
- Federal Reserve System CISO on aligning cyber risk management with transparency, trust
- How cybercriminals are weaponizing AI and what CISOs should do about it
- How analyzing 700,000 security incidents helped our understanding of Living Off the Land tactics
- CitrixBleed 2 might be actively exploited (CVE-2025-5777)
- RIFT: New open-source tool from Microsoft helps analyze Rust malware