Understanding your organization's security posture can mean the difference between data that's protected from attackers and a breach that can result in major financial and reputational harm.
Risk is a multilayered function derived from threat, vulnerability and impact.
At a recent SC Magazine Roundtable, gov't security pros bemoaned the difficulty in obtaining resources. But instead of crying over spilled milk, they traded ideas for mitigating risk in a down economy.
Most businesses don't understand how to manage risk, yet, we live in a world full of risks, says Guidance Software's Anthony Di Bello.
Check Point Software Technologies bolstered its portfolio Monday with the acquisition of privately held Dynasec, a 7-year-old, Israel-based provider of governance, risk management and compliance solutions.
Mark Weatherford, former CSO of the North American Electric Reliability Corp. (NERC), has been appointed to a newly created position at the U.S. Department of Homeland Security. Serving as deputy under secretary for cybersecurity within the National Protection and Programs Directorate (NPPD), the DHS component charged with reducing risk, Weatherford will focus on ensuring strong cybersecurity operations and communications for the department. He is expected to start in mid-November. Prior to his role at NERC, Weatherford was CISO of the state of California. A former naval cryptologic officer, Weatherford also previously led the Navy's computer network defense operations.
The National Institute of Standards and Technology late last week published new guidance to help organizations develop and implement an information security continuous monitoring (ISCM) program. This initiative can help companies better provide ongoing awareness of threats and vulnerabilities, assess the effectiveness of deployed security controls and support risk management decisions, according to the 80-page guidance document. A mature ISCM program, which requires the use of both automated and manual processes, will enable companies to move from compliance-driven to data-driven risk management.
Enterprises can achieve ROI by doing an in-house risk assessment, says Kris Rowley, CISO of the state of Vermont.
Software buyers may soon have access to more secure offerings, thanks to a new scoring system that will allow end-users to demand more assurance.
Dust off your company's risk assessment process and make sure it is up to date because this is where your approach to defending against a WikiLeaks type of threat is going to start.
Sign up to our newsletters
SC Magazine Articles
- APT operation 'Double Tap' exploits serious Windows OLE bug
- 'DoubleDirect' MitM attack affects iOS, Android and OS X users
- Android malware 'NotCompatible' evolves, spawns resilient botnet
- The Internet of Things (IoT) will fail if security has no context
- Regin: nation-state possibly behind the stealthy modular spying malware
- Operators disable firewall features to increase network performance, survey finds
- DDoS attacks cost organizations $40,000 per hour, survey finds
- Waste no time patching Windows Schannel, OLE bugs, experts warn
- Study: 68 percent of healthcare breaches caused by loss or theft of devices, files
- Spin.com redirects to Rig Exploit Kit, infects users with malware, Symantec observes
- Study: 'High priority' issues hamper endpoint security solution implementation
- Researchers identify POS malware targeting ticket machines, electronic kiosks
- Pirated Joomla, WordPress, Drupal themes and plugins contain CryptoPHP backdoor
- DDoS attacks grew in size, threats became more complex, Q3 reports say
- Man gets 18 months in prison for accessing Subway POS devices, loading up gift cards