On Risk-Based Authentication

Schneier on Security

A Study on Usability and Security Perceptions of Risk-based Authentication “: Abstract : Risk-based Authentication (RBA) is an adaptive security measure to strengthen password-based authentication. I’ve blogged about risk-based authentication before.

COVID-19 Risks of Flying

Schneier on Security

This is all a prelude to saying that I have been paying a lot of attention to the COVID-related risks of flying. I think that most of the risk is pre-flight, in the airport: crowds at the security checkpoints, gates, and so on. airtravel covid19 riskassessment risksI fly a lot.

Risk 229
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Risks of Evidentiary Software

Schneier on Security

Over at Lawfare, Susan Landau has an excellent essay on the risks posed by software used to collect evidence (a Breathalyzer is probably the most obvious example).

AI Security Risk Assessment Tool

Schneier on Security

Uncategorized artificial intelligence automation machine learning risk assessmentMicrosoft researchers just released an open-source automation tool for security testing AI systems: “ Counterfit.” ” Details on their blog.

Risk 143

The Legal Risks of Security Research

Schneier on Security

Sunoo Park and Kendra Albert have published “ A Researcher’s Guide to Some Legal Risks of Security Research.” Our Guide gives the most comprehensive presentation to date of this landscape of legal risks, with an eye to both legal and technical nuance.

Risk 190

What is Cyber Risk?

Security Boulevard

The post What is Cyber Risk? The post What is Cyber Risk? CISO Suite Governance, Risk & Compliance Security Bloggers Network Cybersecurity Other risk managementThe discouraging numbers continue to grow as the latest high-profile breaches make headlines.

Reducing Manual Touchpoints to Minimize Risk

Security Boulevard

The fact of the matter is, the more manual touchpoints that an organization has, the greater the risk for human error;[…]. The post Reducing Manual Touchpoints to Minimize Risk appeared first on Iceberg Networks.

Risk 86

Risks of Password Managers

Schneier on Security

Stuart Schechter writes about the security risks of using a password manager. My particular choices about security and risk is to only store passwords on my computer -- not on my phone -- and not to put anything in the cloud. In my way of thinking, that reduces the risks of a password manager considerably. passwordsafe passwords riskassessment risks

Synthetic Data Removes Data Privacy Risks

Security Boulevard

The post Synthetic Data Removes Data Privacy Risks appeared first on Security Boulevard. Cybersecurity Data Security Governance, Risk & Compliance Security Boulevard (Original) Vulnerabilities Data Privacy data risk synthetic data

The Elephant in the Risk Governance Room

Security Boulevard

Effective risk governance means organizations are making data-driven. The de facto language of business risk is the risk matrix, which. However, there is a better option—one that unlocks deeper, more comprehensive conversations not only about risk, but also how risk.

Security Risks of Chatbots

Schneier on Security

Good essay on the security risks -- to democratic discourse -- of chatbots. lies nationalsecuritypolicy propaganda risks

Risk 149

Reducing Cybersecurity Risk With Minimal Resources

Lohrman on Security

Risk 267

National Security Risks of Late-Stage Capitalism

Schneier on Security

The company outsourced much of its software engineering to cheaper programmers overseas, even though that typically increases the risk of security vulnerabilities. In other words, the risk of a cyberattack can be transferred to the customers.

Risk 244

Reduce open source software risks in your supply chain

Security Boulevard

Knowing what’s in your open source software, whether you’re a consumer or producer, can help you manage security risks in your supply chain. The post Reduce open source software risks in your supply chain appeared first on Software Integrity Blog.

What Are You NOT Detecting?

Anton on Security

What I mean here is: are you thinking about these: Threats that you don’t need to detect due to your risk profile, your threat assessment, etc. However, we all know infosec/cyber/IT is awesome at intelligently assessing risk … right? What are you not detecting? OK, what threats are you NOT detecting? Still didn’t help? Threats that you do need to detect, but don’t know how. Threats that you do need to detect and know how, but cannot operationally (e.g.

Risk 116

The NSA on the Risks of Exposing Location Data

Schneier on Security

The NSA has issued an advisory on the risks of location data. Mitigations reduce, but do not eliminate, location tracking risks in mobile devices. Users should be aware of these risks and take action based on their specific situation and risk tolerance.

Risk 200

Measuring Security Risk vs. Success

Security Boulevard

Oftentimes, how organizations measure risk determines how they will prioritize investments. The post Measuring Security Risk vs. Success appeared first on Security Boulevard.

Risk 84

What is Third-Party Risk?

Security Boulevard

As if managing your own risk profile isn’t challenging enough today, your organization must concern itself with how. The post What is Third-Party Risk? The post What is Third-Party Risk?

Risk 68

Developing a Risk Management Approach to Cybersecurity

Security Boulevard

The post Developing a Risk Management Approach to Cybersecurity appeared first on Hyperproof. The post Developing a Risk Management Approach to Cybersecurity appeared first on Security Boulevard.

Risk 85

Data Laundering Poses Privacy, Security Risks

Security Boulevard

The post Data Laundering Poses Privacy, Security Risks appeared first on Security Boulevard.

Risk 56

Data Scraping: Associated Security and Privacy Risks

Hot for Security

The security risks of web scraping are endless, since malicious actors abuse the process of gathering publicly available data. Additional security risks stem from poorly configured or unprotected databases containing publicly available user data.

Risk 101

What is Application Security Risk?

Security Boulevard

The post What is Application Security Risk? The post What is Application Security Risk? Application Security DevOps Security Bloggers Network AppSec AppSec Risk Visibility Automation Cybersecurity DEVOPS DevSecOps

Risk 56

Top Risk Management Software Vendors

eSecurity Planet

Risk management software can provide risk monitoring, identification, analysis, assessment and mitigation, all in one solution. There are many factors that go into choosing the best risk management software for your specific organization’s business needs.

Risk 52

Irius Risk & Gary McGraw

Adam Shostack

I’m very excited that Gary McGraw is joining the Irius Risk Technical Advisory Board as board chair. Gary’s a pioneer in software security, and his work in machine learning was my choice to kick off blogging 2020. Software Engineering startups threat modeling

Risk 100

Moody’s to Include Cyber Risk in Credit Ratings

Adam Levin

The American business and financial services company Moody’s will start factoring risk of getting hacked into their credit ratings for companies. The move is seen as part of a wider initiative to gauge the risk of cyberattacks and data breaches to companies and their investors. “We’ve We’ve been in the risk management business for a very long time. The post Moody’s to Include Cyber Risk in Credit Ratings appeared first on Adam Levin.

2021 Cybersecurity: Mitigating Mobile Security Risks for CISOs

Security Boulevard

The post 2021 Cybersecurity: Mitigating Mobile Security Risks for CISOs appeared first on The State of Security. The post 2021 Cybersecurity: Mitigating Mobile Security Risks for CISOs appeared first on Security Boulevard.

CISO 60

How to navigate open source licensing risks

Trend Micro

Vulnerabilities aren't the only risk that comes with open source software use. Learn how you can best mitigate licensing risks to ensure your team is meeting all legal requirements while building with open source code.

Risk 83

Lessons Learned from the Global Year in Breach: Supply Chain Cybersecurity Risk is Swamping Businesses

Security Boulevard

Clients love the ID Agent Digital Risk Protection Platform. The post Lessons Learned from the Global Year in Breach: Supply Chain Cybersecurity Risk is Swamping Businesses appeared first on Security Boulevard.

Risk 92

Risk analysis for DEF CON 2021

Errata Security

I thought I'd do a little bit of risk analysis. First, a note about risk analysis. For many people, "risk" means something to avoid. But real risk analysis is about shades of gray, trying to quantify things. It's another interesting lesson about risk analysis.

Risk 95

Credit Reporting Companies Put Customer Data at Risk

Adam Levin

Follow the three Ms: Minimize your risk: Don’t provide any more information than necessary to third-parties; be especially careful with sensitive data such as your Social Security number. The post Credit Reporting Companies Put Customer Data at Risk appeared first on Adam Levin.

How to Choose the Right Risk Management Software

Security Boulevard

The volume and complexity of risks today’s organizations face are growing exponentially due to rapidly advancing technology and. The post How to Choose the Right Risk Management Software appeared first on Hyperproof.

Risk 74

A Risk Management Wake-Up Call

Security Boulevard

As our reliance on digital systems grow, cyber risk becomes ever pervasive, enterprise organizations need to reset their approaches. Read article > The post A Risk Management Wake-Up Call appeared first on Axio. Security Bloggers Network Blog Posts cyber-risk

Risk 81

How to Relieve Vendor Risk Assessment Headaches (With a Vendor Risk Management Solution)

Security Boulevard

The post How to Relieve Vendor Risk Assessment Headaches (With a Vendor Risk Management Solution) appeared first on Hyperproof. The post How to Relieve Vendor Risk Assessment Headaches (With a Vendor Risk Management Solution) appeared first on Security Boulevard.

Risk 56

Integrated Risk Management for Your Business

Security Boulevard

For today’s security professionals, managing risk is arguably the most critical and challenging part of their job–and quite. The post Integrated Risk Management for Your Business appeared first on Hyperproof.

Risk 65

Shadow IT, Cloud-Based Malware Increase AppSec Risks

Security Boulevard

Cloud application security risks continue to rise as malware delivered by cloud applications continues to grow, according to a study by Netskope.

Risk 112

Risk analysis for DEF CON 2021

Security Boulevard

I thought I'd do a little bit of risk analysis. First, a note about risk analysis. For many people, "risk" means something to avoid. But real risk analysis is about shades of gray, trying to quantify things. It's another interesting lesson about risk analysis.

Risk 94

IoT Devices a Huge Risk to Enterprises

eSecurity Planet

“The security risk persists: plaintext communications are much easier for attackers to spy on or, worse, to intercept and modify, allowing them to exploit the IoT devices for malicious purposes,” researchers wrote in one of the reports.

IoT 95

Many Businesses Have GRC Software, Yet Most Still Struggle to Manage IT Risks Consistently

Security Boulevard

Even if you haven’t used any Governance, Risk and Compliance (GRC) software yourself, you’re likely familiar with this. The post Many Businesses Have GRC Software, Yet Most Still Struggle to Manage IT Risks Consistently appeared first on Hyperproof.

Risk 96

RPA’s Impact on Governance, Risk Management and Compliance

Security Boulevard

The post RPA’s Impact on Governance, Risk Management and Compliance appeared first on Security Boulevard. Governance, Risk & Compliance Identity & Access Industry Spotlight Security Boulevard (Original) Automation Compliance governance Regulatory Risk RPA

How I Learned to Stop Worrying and Love Vendor Risk

Adam Levin

Insider risk, supply chain vulnerability and vendor risk all boil down to the same thing: the more people have access to your data, the more vulnerable it is to being leaked or breached. What’s interesting here (other than the revelation that just about every major IoT speech-recognition product on the market has been spying on us without telling us) is what it reveals about insider risk. Data Security Technology featured vendor risk whistleblowers

Risk 181

How to Mitigate Risk Against Operational Technology (OT)

Security Boulevard

The post How to Mitigate Risk Against Operational Technology (OT) appeared first on Security Boulevard. Governance, Risk & Compliance Security Bloggers Network cyber-risk energy sector Operational Resilience Operational Resiliency Operational Risk security operations ServiceNow

Risk 56

How Putting Risk First in Cybersecurity is Driving IRM Adoption

Security Boulevard

Risk management has developed significantly from when it was first introduced. In the 16th and 17th centuries, notions of risk management evolved into something more akin to how we see it in the cybersecurity landscape today. Security Bloggers Network Integrated Risk Management

Risk 69

Why Now: How CyberSaint is Making Automated Risk Assessments Possible with NLP

Security Boulevard

But there’s a gap in cybersecurity and integrated risk management where NLP could be used to inform risk and regulatory compliance. The post Why Now: How CyberSaint is Making Automated Risk Assessments Possible with NLP appeared first on Security Boulevard.