Risk Management

Risk Management news, analysis, research, how-to, opinion, and video.

risk management
lost cause1

Approach aggressive sales people with caution

Buyer beware: How auditing RFPs can help you make smarter enterprise software purchases

Aggressive salespeople and “over-optimistic” RFPs can doom enterprise software projects. Audit RFPs to verify they meet requirements as claimed before purchasing the software, and avoid software disasters.

broken link breaching weakest link connection vulnerability 000004213740

How to get CVSS right

CVSS is a good system in which to develop your vulnerability management program. But Ben Rothke argues that unless you customize it, you will always be basing your program off of other people's vulnerabilities.

12727904 m

Hit the jackpot when selecting enterprise software by using RFP scoring

Enterprise software RFPs with open questions requiring short essay answers are difficult to evaluate. See how RFP scoring takes the gambling out of selecting best-fit software. Know how well the software will work in your environment...

navy lookout

With greater visibility comes increased response

As our manager tests an advanced firewall, several events that would have gone undetected come to light.

shrugging woman

What’s next for your awareness program?

You’ve tried phishing simulations and Computer Based Training (CBT), and you still have incidents. You may think your program is successful, or useless. What are you going to do next?

RedSeal gets new funding, executives

Network visualization and risk assessment vendor RedSeal is re-launching with new capabilities, executives and funding that will be used to hire more engineers and boost its channel partners.

diving board

A guide to monetizing risks for security spending decisions

You have a finite amount of cash to spend on people and technologies to keep your business’ risk to an acceptable level, so you have to make your decisions wisely. As Curt Dalton points out in this step-by-step guide, monetizing key...

Requirements

When buying enterprise software: The devil is in the details

When selecting enterprise software, poorly written requirements are a problem. Consequences include missed deadlines, not selecting best-fit software, unrealized ROI, and occasionally outright failure. Use these guidelines and tools...

Vectra Networks ships a new sensor for its attack-detection gear

Vectra Networks is rolling out new appliance that gives its attack-detection gear better visibility into potentially malicious activity on corporate networks.

police inpectors

Who ‘Owns’ an Investigation?

When things go wrong, as they inevitably will in any organization, the way to resolve those problems starts with an effective investigation. But an advisory council says too often those investigations are plagued with confusion and...

malware bug virus security magnifying glass detection

New Weapons Offer Hope Against Advanced Cyberattacks

Traffic monitoring tools from Damballa, Lanscope, LightCyber can detect hidden malware.

2 phishing emails

7 Social Engineering Scams and How to Avoid Them

Even the most savvy IT professionals can fall victim to social engineering attacks. Here’s how to recognize these threats and avoid falling prey to them.

loose lips might sink ships

Awareness on the Cheap

Our manager finds several ways to expand awareness training without breaking the bank.

cyber security lock glow data

Feds to Private Businesses: Cough Up Your Cyber Intelligence

Corporations will be asked to contribute cyber intelligence to a new federal agency tasked with analyzing threat data culled from as many public and private sources as possible in order to more quickly spot attacks and attribute them...

3 Things CSOs Can Learn From CPOs

The role of the CSO and CIO has been changing dramatically and sometimes, it can be hard to keep up -- but there are some tricks that CSOs and CIOs can pick up from their Chief Procurement Officers.

1927 mississippi flood levee breach

Be Prepared for the Breach That’s Headed Your Way

If we learned anything in 2014, it was that no one is immune to a massive data breach. If one hits you this year, are you going to have the visibility that will let you tell the executive team what they need to know?

big data risks

How to Mitigate Data Monetization Risks

Big data represents a substantial asset for your organization, but it's also a potential liability. Here's how to assess and mitigate the risks of your data initiatives.

world economic forum 2015

New Framework Helps Companies Quantify Risk

The World Economic Forum has released a new framework this week that helps companies calculate the risk of cyberattacks

Load More