Risk Identification/Classification/Mitigation

Threat modeling has been in the appsec toolbox for decades. But it hasn't always been used and it hasn't always been useful. Sandy Carielli shares what she's learned from talking to orgs about what's been successful, and what's failed, when they've approached this practice. Akira Brand joins to talk about her direct experience with building threat ...

You may think you're fully covered by your cybersecurity insurance carrier — until you file a claim. Here’s why most claims aren't 100% compensated, and how you can make sure yours will be.

The Sarbanes-Oxley (SOX) Act was a watershed moment in corporate governance, fundamentally altering how companies approached financial reporting and internal operational controls. By holding executives personally accountable for the accuracy of financial reports, SOX restored investor confidence in the wake of corporate malfeasance. The SEC's new...

CISOs struggle more with reactive budgets than CIOs or CTOs. It's not that part of the CISO's budget shouldn't be reactive, it's certainly necessary to an extent. The problem is when proactive measures suffer as a result. In this interview, we'll discuss some of the causes behind this and some strategies for breaking out of this loop. This segment...

Here's how organizations can use managed risk services to enhance vulnerability management and attack surface management, letting them spot and fix security gaps before problems arise.

The top priority on the CIS Critical Security Controls list has never changed: inventory and control of enterprise assets. Yet it remains one of the most challenging controls to implement, much less master. The refrain, "you can't secure what you don't know about" is as old as information security itself. Complicating this task is the fact that im...

Managing vulnerabilities is a large, complex problem that can't be completely fixed. And still, many cybersecurity organizations continue with a traditional approach that attempts to address all vulnerabilities, spreading staff too thin and increasing exploitation windows. With a small set of vulnerabilities being the cause of most of the breaching...

As we approach the opening ceremony, cybersecurity experts are gearing up to face an array of potential cyber threats. Dave Stapleton, VP and CISO at ProcessUnity, outlines key steps the event planners must take into account.