Risk Management News, Articles and Updates

Building situational awareness via your operating environment telemetry

Nik Whitfield outlines how, when building a risk-based approach to security, CISOs need to start by building situational awareness from the telemetry of their operating environment.

80% of IT pros have implemented a patch policy to enhance security

Eighty percent of IT professionals have implemented a patch policy to enhance their organisation's security.

What's your approach to cyber-security?

Richard Beck takes a look at how UK businesses plan to tackle cyber-threats to corporate security over the coming year.

Translating cyber-threats into business risks to tackle threats effectively

By learning to translate their concerns into the language of business risk, cyber-security professionals will find that their messages are heard - and heeded - more readily, says Piers Wilson.

Innovation versus infosecurity

Innovation and security should not be mutually exclusive but unfortunately they often are seen that way, says James Henry.

UK lawyer warns of cyber-insurance loopholes

A leading UK lawyer has said that cyber-insurance can play a part in a business cyber-security strategy, so long as the risks are understood.

Manage suppliers to increase your cyber-resilience

Companies must understand how security works inside - and outside - their organisation, argues Seth Berman.

Defending against APTs: 'We are behind the curve'

High-profile CISOs and senior IT security managers talked advanced persistent threats (APTs) and how they can be countered at SC Magazine's latest roundtable in central London.

Research reveals hackers are increasingly exploiting privileged accounts

New research claims that the security threats landscape is now almost egalitarian in nature, with almost every industry - and every company - now being a security target.

Information security assurance from a resilience perspective

A holistic approach to information security is needed to overcome the shortcomings of a Risk Management approach says David Stubley.

Should you use cyber insurance to mitigate risk?

While still a relatively immature industry, cyber insurance can reduce the costs of recovering from a breach, and, as Tony Morbin reports, it can also play a role in driving adoption of best practice, including de-facto standards in critical infrastructure.

Ponemon - Smaller breaches likely; consultants a risk?

Average total cost of a data breach has increased by 15 percent in the last 11 months; consultants increase risk says new Ponemon report.

Third-party security risks follow Target data breach

What should businesses be doing to ensure that contractors and other third-parties are aware of the risks in security? That was one of the key questions during a panel discussion at Infosecurity 2014 in London on Thursday.

Communication gap indentified between IT and management

Bad news is filtered out of communicaiton to the C-suite and 63 percent of IT staff only start talking after a breach has taken place.

Forensic readiness - the new 'business continuity'

If you don't have good forensic readiness planning and testing in place, you are neglecting a core requirement of good organisational planning, no less than if you failed to have disaster recovery or business continuity planning argues David Rimmer

Appthority on mobile risk management

On the first morning of the annual RSA Conference in San Francisco, I met with a company whose story began almost exactly a year ago.

Google says account takeovers are down more than 99 per cent

Google is crediting enhanced risk analysis efforts with lowering the number of compromised user accounts by nearly 100 per cent over two years.

Proactive vs Reactive approaches

The concept of being prepared for the worst crosses over all types of incidents.

Businesses look to outsource, but often with increase cost and risk

Businesses are rapidly adopting an outsourced, third-party information technology operations model.

Being human - behaviour that needs to be on board

On the night of April 14th, 1912, the RMS Titanic scraped an iceberg and sank to the bottom of the ocean in only two hours and 40 minutes resulting in the death of 1,517 people.

Risk-managed approaches to information security

Adoption of a 'risk-managed' approach to information security is extremely fashionable amongst the organisations that I work with.