On Risk-Based Authentication

Schneier on Security

A Study on Usability and Security Perceptions of Risk-based Authentication “: Abstract : Risk-based Authentication (RBA) is an adaptive security measure to strengthen password-based authentication. I’ve blogged about risk-based authentication before.

COVID-19 Risks of Flying

Schneier on Security

This is all a prelude to saying that I have been paying a lot of attention to the COVID-related risks of flying. I think that most of the risk is pre-flight, in the airport: crowds at the security checkpoints, gates, and so on. airtravel covid19 riskassessment risksI fly a lot.

Risk 282
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

AI Security Risk Assessment Tool

Schneier on Security

Uncategorized artificial intelligence automation machine learning risk assessmentMicrosoft researchers just released an open-source automation tool for security testing AI systems: “ Counterfit.” ” Details on their blog.

Risk 222

The Legal Risks of Security Research

Schneier on Security

Sunoo Park and Kendra Albert have published “ A Researcher’s Guide to Some Legal Risks of Security Research.” Our Guide gives the most comprehensive presentation to date of this landscape of legal risks, with an eye to both legal and technical nuance.

Risk 228

Risks of Evidentiary Software

Schneier on Security

Over at Lawfare, Susan Landau has an excellent essay on the risks posed by software used to collect evidence (a Breathalyzer is probably the most obvious example).

Risk Management Programs for the Post-COVID Environment

Security Boulevard

After a year spent managing increased business risks—including security, IT resiliency and cybersecurity concerns—business leaders need to adjust their mindset when it pertains to risk management and avoid the more traditional approach to crisis management and business continuity planning.

Risk 109

What is Cyber Risk?

Security Boulevard

The post What is Cyber Risk? The post What is Cyber Risk? CISO Suite Governance, Risk & Compliance Security Bloggers Network Cybersecurity Other risk managementThe discouraging numbers continue to grow as the latest high-profile breaches make headlines.

Security Risks of Client-Side Scanning

Schneier on Security

I’m part of a group of cryptographers that has just published a paper discussing the security risks of such a system. (It’s Even before Apple made its announcement , law enforcement shifted their battle for backdoors to client-side scanning.

Risk 230

Effective software security activities for managing supply chain risks

Security Boulevard

Get recommendations for managing supply chain risks. The post Effective software security activities for managing supply chain risks appeared first on Software Integrity Blog. BSIMM12 reports increased attention on software security due to recent supply chain disruptions.

Security Risks of Chatbots

Schneier on Security

Good essay on the security risks -- to democratic discourse -- of chatbots. lies nationalsecuritypolicy propaganda risks

Risk 164

Perceptions of Insider Risk 2021

Security Boulevard

Insider Risk Summit This week at the Insider Risk Summit, industry experts shared their thoughts on how to mitigate insider risks with discussions about. The post Perceptions of Insider Risk 2021 appeared first on Security Boulevard.

Risk 100

National Security Risks of Late-Stage Capitalism

Schneier on Security

The company outsourced much of its software engineering to cheaper programmers overseas, even though that typically increases the risk of security vulnerabilities. In other words, the risk of a cyberattack can be transferred to the customers.

Risk 285

Best Risk Management Software for 2021

eSecurity Planet

Enterprise risk management software can provide risk monitoring, identification, analysis, assessment, and mitigation, all in one solution. . Jump to: Top Risk Management Software Vendors What is Risk Management? Top Risk Management Software Vendors.

Risk 61

Measuring Security Risk vs. Success

Security Boulevard

Oftentimes, how organizations measure risk determines how they will prioritize investments. The post Measuring Security Risk vs. Success appeared first on Security Boulevard.

Risk 107

Enabling Risk Register Benchmarking

Security Boulevard

Risk quantification has bridged the security world to the business world. By quantifying risk, security leaders have been able to frame cybersecurity in a business context and illustrate the impact cyber and business have on each other.

Risk 52

Risks in Telecommunications IT

Trend Micro

Malware Phishing Connected Car Compliance & Risks Ransomware Smart Factories Articles, News, Reports Cyber Crime Research Privacy & Risks Cyber Threats IoT Mobile

What is Third-Party Risk?

Security Boulevard

As if managing your own risk profile isn’t challenging enough today, your organization must concern itself with how. The post What is Third-Party Risk? The post What is Third-Party Risk?

Risk 86

What Constitutes a Mature Risk Management Program?

Security Boulevard

Risk management programs require a specific approach in order to be truly effective. The post What Constitutes a Mature Risk Management Program? The post What Constitutes a Mature Risk Management Program?

Risk 87

Synthetic Data Removes Data Privacy Risks

Security Boulevard

The post Synthetic Data Removes Data Privacy Risks appeared first on Security Boulevard. Cybersecurity Data Security Governance, Risk & Compliance Security Boulevard (Original) Vulnerabilities Data Privacy data risk synthetic data

Developing a Risk Management Approach to Cybersecurity

Security Boulevard

The post Developing a Risk Management Approach to Cybersecurity appeared first on Hyperproof. The post Developing a Risk Management Approach to Cybersecurity appeared first on Security Boulevard.

Risk 108

The NSA on the Risks of Exposing Location Data

Schneier on Security

The NSA has issued an advisory on the risks of location data. Mitigations reduce, but do not eliminate, location tracking risks in mobile devices. Users should be aware of these risks and take action based on their specific situation and risk tolerance.

Risk 214

The Dawn of Insider Risk – Are You Prepared?

Security Boulevard

The post The Dawn of Insider Risk – Are You Prepared? Cybersecurity Data Security Governance, Risk & Compliance Identity & Access Mobile Security Network Security Security Awareness Security Boulevard (Original) Threat Intelligence Data breach insider risk insider threat

Risk 94

Qualys Unfurls Ransomware Risk Assessment Service

Security Boulevard

Qualys today launched a Ransomware Risk Assessment Service through which organizations can proactively identify, prioritize, track and ultimately remediate assets that are vulnerable to ransomware attacks.

Risk 95

Data Laundering Poses Privacy, Security Risks

Security Boulevard

The post Data Laundering Poses Privacy, Security Risks appeared first on Security Boulevard.

Risk 114

Men, Executives Pose Higher Cybersecurity Risk

Security Boulevard

The post Men, Executives Pose Higher Cybersecurity Risk appeared first on Security Boulevard. When it comes to online behaviors, women are far safer than men, according to a wide-ranging survey from SecurityAdvisor.

Risk 107

What Are You NOT Detecting?

Anton on Security

What I mean here is: are you thinking about these: Threats that you don’t need to detect due to your risk profile, your threat assessment, etc. However, we all know infosec/cyber/IT is awesome at intelligently assessing risk … right? What are you not detecting? OK, what threats are you NOT detecting? Still didn’t help? Threats that you do need to detect, but don’t know how. Threats that you do need to detect and know how, but cannot operationally (e.g.

Risk 116

Post-pandemic growth starts with understanding risk

Trend Micro

To succeed in the post-pandemic era, organizations must come to a shared understanding about cybersecurity as a critical element of business risk. The digital transformations that accompanied the pandemic are here to stay.

Reducing Manual Touchpoints to Minimize Risk

Security Boulevard

The fact of the matter is, the more manual touchpoints that an organization has, the greater the risk for human error;[…]. The post Reducing Manual Touchpoints to Minimize Risk appeared first on Iceberg Networks.

Risk 87

Cloud Identity Governance can Overcome Entitlement Risks

Security Boulevard

Of the many problems that threaten enterprises, entitlement and access management risks are a significant cause for concern. The post Cloud Identity Governance can Overcome Entitlement Risks appeared first on Security Boulevard.

Best Third-Party Risk Management (TPRM) Tools of 2021

eSecurity Planet

In a developing market, third-party risk management (TPRM) software and tools could be the answer to helping organizations fill the gap. Best Third-Party Risk Management (TPRM) Tools. BitSight is a Leader in the Forrester Wave report for Cybersecurity Risk Rating Platforms in 2021.

Risk 85

How to Relieve Vendor Risk Assessment Headaches (With a Vendor Risk Management Solution)

Security Boulevard

The post How to Relieve Vendor Risk Assessment Headaches (With a Vendor Risk Management Solution) appeared first on Hyperproof. The post How to Relieve Vendor Risk Assessment Headaches (With a Vendor Risk Management Solution) appeared first on Security Boulevard.

Risk 86

How to avoid Video Conferencing Security Risks

CyberSecurity Insiders

The post How to avoid Video Conferencing Security Risks appeared first on Cybersecurity Insiders. As most of the jobs are turning remote these days, videoconferencing has become a critical component of Work From Home (WFH) scenarios, while conducting day-to-day operations.

Risk 113

5 IT risk assessment frameworks compared

CSO Magazine

From a cybersecurity standpoint, organizations are operating in a high-risk world. The ability to assess and manage risk has perhaps never been more important.

Cyberattacks in 2021 Highlighted Critical Infrastructure Risks

Security Boulevard

The first half of the year saw an increase in vulnerabilities found in ICS, exposing the high risk for attacks. The post Cyberattacks in 2021 Highlighted Critical Infrastructure Risks appeared first on Security Boulevard.

Risk 82

How Putting Risk First in Cybersecurity is Driving IRM Adoption

Security Boulevard

Risk management has developed significantly from when it was first introduced. In the 16th and 17th centuries, notions of risk management evolved into something more akin to how we see it in the cybersecurity landscape today. Security Bloggers Network Integrated Risk Management

Risk 114

The Elephant in the Risk Governance Room

Security Boulevard

Effective risk governance means organizations are making data-driven. The de facto language of business risk is the risk matrix, which. However, there is a better option—one that unlocks deeper, more comprehensive conversations not only about risk, but also how risk.

Reducing Cybersecurity Risk With Minimal Resources

Lohrman on Security

Risk 213

What is Vendor Risk Management (VRM)?

Security Boulevard

Vendor risk management, or VRM, is a program within an organization that is responsible for identifying and remediating risks associated with vendors. The post What is Vendor Risk Management (VRM)? The post What is Vendor Risk Management (VRM)?

Risk 56

GUEST ESSAY: The three horsemen of cyber risks: misinformation, disinformation and fake news

The Last Watchdog

Such a transformation however, comes with its own set of risks. Misleading information has emerged as one of the leading cyber risks in our society, affecting political leaders, nations, and people’s lives, with the COVID-19 pandemic having only made it worse. Misleading information – comprised of the three horseman of cyber risks: misinformation, disinformation, and fake news — also affects something we rarely stop to consider: business. Industry 4.0

Reduce open source software risks in your supply chain

Security Boulevard

Knowing what’s in your open source software, whether you’re a consumer or producer, can help you manage security risks in your supply chain. The post Reduce open source software risks in your supply chain appeared first on Software Integrity Blog.

Data Scraping: Associated Security and Privacy Risks

Hot for Security

The security risks of web scraping are endless, since malicious actors abuse the process of gathering publicly available data. Additional security risks stem from poorly configured or unprotected databases containing publicly available user data.

Risk 101

Optimizing Risk Response, Unfiltered

Security Boulevard

projects for ISACA: a whitepaper titled “Optimizing Risk Response” and a. companion webinar titled “Rethinking Risk Response.”. The post Optimizing Risk Response, Unfiltered appeared first on Security Boulevard. Security Bloggers Network Quantitative Risk

Risk 52

Irius Risk & Gary McGraw

Adam Shostack

I’m very excited that Gary McGraw is joining the Irius Risk Technical Advisory Board as board chair. Gary’s a pioneer in software security, and his work in machine learning was my choice to kick off blogging 2020. Software Engineering startups threat modeling

Risk 100