Tech Center Risk Management
Dark Reading's Risk Management Tech Center is your portal to all the news, product information, technical data, and best practices related to the assessment, measurement, and management of cybersecurity risk in the enterprise. Written for executives and businesspeople as well as security and IT professionals, the Risk Management Tech Center is a single community dedicated to the tools and techniques used to analyze security risk as well as methods for assessing the costs and benefits associated with cybersecurity defenses and the potential impact of new threats.
Featured Commentary
-
Eric ColeRisk Management: Asking The Right Questions
In order to make sure an organization's security is properly aligned with risk, it is critical that organizations focus on asking the questions that really matter.
News
-
Marrying IT Risk Management With Enterprise Procurement
Third parties represent a big chunk of data breaches, and experts say the only way to address the risk is to get IT risk managers working with vendor management executives
-
Using Dependency Modeling For Better Risk Decisions
Q&A with Open Group executives who are evangelizing a new standard for dependency modeling to help with IT risk management and beyond
-
Monitoring And Reporting IT Security Risk In Your Organization
To implement a risk-based approach to security, you must be able to gauge and report risk. Here are some tips on how to do it right
-
Does Your Security Data Mesh With Risk Metrics?
Normalizing security data spewing from tools across the enterprise is a key step in creating a consistent set of metrics to use in managing risk
-
Governance Without Metrics Is Just Dogma
Entertaining RSA Conference panel titled 'Why U No Haz Metrics' discusses the importance of measuring security controls against exposure to loss
More Stories
- SCADA 'Sandbox' Tests Real-World Impact Of Cyberattacks On Critical Infrastructure
- Getting The Most Out Of A GRC Platform
- Threat Intelligence Brings Dynamic Decisions To Risk Management
- Go Hack Yourself
- How To Conduct An Effective IT Security Risk Assessment
By The Numbers
What Risk Management Metrics Does Your Organization Use?
Organizations depend on metrics around the reduction of cost of IT security and the number of end users receiving training far more than performance-based metrics like the reduction in the number of threats.
Source: The State Of Risk-Based Security Management: United States, 2012, Ponemon Institute/Tripwire
Commentary
-
Risk Management: Asking The Right Questions
By Eric Cole
In order to make sure an organization's security is properly aligned with risk, it is critical that organizations focus on asking the questions that really matter
-
Is Your Organization Doing Good Things Or Doing The Right Things?
By Eric Cole
Fixing vulnerabilities that are a real threat is the right thing to do
-
Dark Reading Launches Tech Centers On Risk, Identity Management
By Tim Wilson
New Dark Reading subsites focus on risk measurement and strategy, identity and access management
Around the Web
Dark Reading Reports
-
Monitoring and Reporting IT Security Risk In Your Organization
Assessing and reporting risk is a challenge in any case, but especially in today's constantly changing IT and business environments. Organizations that want to approach risk in a systematic way face significant obstacles, but it is possible to adopt a structured risk management strategy while keeping data current. In this Dark Reading report, we recommend strategies and tools for harnessing data in a way that's relevant and meaningful, and can be effectively reported to all stakeholders.
-
How to Conduct an Effective IT Security Risk Assessment
Assessing an organization's security risk is an important element of an effective enterprise security strategy. It's also a key way to justify future security spending to upper management. In this Dark Reading report, we recommend how to conduct an IT security risk assessment - and how to translate the results into terms that make sense in dollars.
-
Six Steps To A Risk-Based Security Strategy
If there's one thing that's true about security, it's that an organization can never be completely secure. The trick is to determine what's most valuable to your organization, and how big the threats to those assets really are. That's putting risk-based management simply, but it doesn't have to be complicated. In this report we provide some perspective around riskbased security, as well as recommend some best practices for developing and effectively implementing a program.
Other reports from the Risk Management Tech Center:
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.