Security News

Black Hat and DEF CON visitors differ on physical risk management
2022-08-15 04:58

As last week's hacker summer camps would down it's clear that attendee numbers are still well down on the pre-COVID days, although things are recovering. Risk management is a key tenet of security and there was much discussion in the weeks and months before the shows about whether flying into Las Vegas and spending a week in crowded hotels was worth the risk.

SimpleRisk: Enterprise risk management simplified
2022-08-02 03:30

In this Help Net Security video, CEO/CISO Josh Sokol, showcases SimpleRisk, a fully integrated GRC platform that can be used for all of your governance, risk management, and compliance needs. If you're at Black Hat USA 2022, you can learn more about SimpleRisk.

Applying Shift Left principles to third party risk management
2022-07-05 04:00

In this Help Net Security video, Etai Hochman, CTO at Mirato, talks about Shift Left, a concept that means to find and prevent defects early in the software delivery process. Shifting application security left to engage developers earlier in the software development lifecycle results in faster fixes and less wasted energy prioritizing and fixing vulnerabilities that pose little to no risk.

NIST updates guidance for cybersecurity supply chain risk management
2022-05-06 10:02

The National Institute of Standards and Technology has updated its guidance document for helping organizations identify, assess and respond to cybersecurity risks throughout the supply chain. "The guidance helps organizations build cybersecurity supply chain risk considerations and requirements into their acquisition processes and highlights the importance of monitoring for risks. Because cybersecurity risks can arise at any point in the life cycle or any link in the supply chain, the guidance now considers potential vulnerabilities such as the sources of code within a product, for example, or retailers that carry it," NIST notes.

Operational risk management solution market to reach $3,098.0 million by 2028
2022-03-28 03:00

The global operational risk management solution market size is expected to grow from $1,656. 0 million by 2028; operational risk management solution market share is estimated to grow at a CAGR of 9.4% from 2021 to 2028, according to ResearchAndMarkets.

Bridging the “front and back of the house”: A lesson in risk management
2022-01-06 05:30

Between cloud proliferation, new tech infrastructure and tools and an increasingly distributed workforce, organizations are struggling to implement proper risk management practices. They often ignore one of the most important components of a solid risk management strategy: efficient communication between the "Front and back of the house."

Extracting value from the interconnected network of risk management
2021-12-09 07:00

The network presents our best opportunity to understand the interactions which link our application of risk management strategy. Step 2: Create a library of activities and associate it with every risk management initiative that touches the in-scope resources.

Railway cyber risk management: Raising awareness on relevant threats
2021-12-02 04:30

ENISA has announced the release of its report - Railway Cybersecurity - Good Practices in Cyber Risk Management for railway organizations. European railway undertakings and infrastructure managers need to address cyber risks in a systematic way as part of their risk management processes.

How to handle third-party security risk management
2021-11-19 06:00

In this Help Net Security interview, Demi Ben-Ari, CTO at Panorays, talks about third-party security risk management and the repercussions of a third-party breach. Why is third-party security risk management so important?

Break into the cybersecurity field by learning the NIST risk management framework
2021-11-04 10:02

Cybersecurity is a lucrative field, and you don't have to spend years learning all the various aspects of it. If you are an advanced IT professional, you can actually break into it with very specialized training, such as the NIST Cybersecurity & Risk Management Frameworks course.