Risk Management

Risk Management news, analysis, research, how-to, opinion, and video.

cyber secuirty

Startup Cyber adAPT takes on threat detection

Cyber adAPT, a startup springing from DARPA funded research, is shipping its first products that detect network compromises and gather data that can be used later for forensic analysis of breaches.


Applying the Irari Rules to a risk-based security program

A few respected critics took issue with what we call the Irari Rules. Here’s why their concerns are off base.

Final checklist

3 ways to minimize enterprise software selection risk

While a data-driven software selection focuses on requirements, the demo, product audit and reference checks reduce project risks in other ways.

wtc 9 11

Risk management, 9/11, and where we are today

The 9/11 terrorist act on the World Trade Center towers and the Pentagon were almost unfathomable. But it happened and it changed the way we view the world and it changed the way we plan for risks - at least on a safety level. How...

just say no to the project

5 reasons you should turn down an IT project

Not all IT projects should be taken on. There are often good reasons to turn a project down. Being a smart project manager means knowing why and when to say no to a project.

project on track

Key steps to getting your IT project back on track

By knowing your project financials, meeting often and having detailed, useful status reports, you will get your project unstuck or keep it from getting derailed in the first place.

The costs of buying the wrong enterprise software

What a bad enterprise software purchase will cost you

If you fail to do the work upfront to select the best-fit enterprise software, you will pay the price.

Hard Truths of IT Security

Don’t count on people to prevent data breaches

As malware gets more sophisticated and hostile, columnist Rob Enderle says we can’t always count on people to do the right thing. He offers his plan to deal with the weak link.

cios execs security thinkstock

How to calm your board's nerves about cybersecurity

CIOs need to provide their companies' boards of directors with regular, easily understood briefings on data security, and steer the conversation toward the familiar ground of business risk management, says Editor in Chief Maryfran...

Project Management

How software evaluations can keep your project on budget and on time

An effective way to improve the accuracy of software implementation estimates is to use information collected when evaluating the selected product. Better estimates improve project management and reduce the risks of implementation...


How CISOs can communicate risk to businesses

Veracode’s Chris Wysopal offers a tutorial at RSA on how to communicate risk managment at the C level.

risk management

How risk management leads to increased profit margins

Companies that put a premium on risk management can cope with ever-increasing business risks while seizing opportunities that present themselves.

lost cause1

Strategies for tackling and saving the most challenging IT projects

Some professionals go the safe route when seeking out new projects and new clients. Others go for the troubled implementations: the long shots and lost causes. Which type are you?

Approach aggressive sales people with caution

Buyer beware: How auditing RFPs can help you make smarter enterprise software purchases

Aggressive salespeople and “over-optimistic” RFPs can doom enterprise software projects. Audit RFPs to verify they meet requirements as claimed before purchasing the software, and avoid software disasters.

broken link breaching weakest link connection vulnerability 000004213740

How to get CVSS right

CVSS is a good system in which to develop your vulnerability management program. But Ben Rothke argues that unless you customize it, you will always be basing your program off of other people's vulnerabilities.

12727904 m

Hit the jackpot when selecting enterprise software by using RFP scoring

Enterprise software RFPs with open questions requiring short essay answers are difficult to evaluate. See how RFP scoring takes the gambling out of selecting best-fit software. Know how well the software will work in your environment...

navy lookout

With greater visibility comes increased response

As our manager tests an advanced firewall, several events that would have gone undetected come to light.

shrugging woman

What’s next for your awareness program?

You’ve tried phishing simulations and Computer Based Training (CBT), and you still have incidents. You may think your program is successful, or useless. What are you going to do next?

RedSeal gets new funding, executives

Network visualization and risk assessment vendor RedSeal is re-launching with new capabilities, executives and funding that will be used to hire more engineers and boost its channel partners.

Load More