Tag: metric
-
10 best practices for vulnerability management according to CISOs
by
in SecurityNews
Tags: api, attack, automation, best-practice, business, ceo, cio, ciso, control, cybersecurity, data, detection, framework, group, incident response, metric, mitre, penetration-testing, programming, ransomware, risk, risk-management, service, software, strategy, technology, threat, tool, update, vulnerability, vulnerability-management1. Culture Achieving a successful vulnerability management program starts with establishing a cybersecurity-minded culture across the organization. Many CISOs admitted to facing historical cultural problems, with one summing it up well. “Our cybersecurity culture was pretty laissez-faire until we got hit with Log4J and then a ransomware attack,” he told CSO. “These events were an…
-
How CISOs can balance business continuity with other responsibilities
by
in SecurityNews
Tags: attack, backup, breach, business, cio, ciso, compliance, cyber, cyberattack, cybersecurity, data, data-breach, finance, framework, healthcare, incident, incident response, metric, nist, ransomware, resilience, risk, service, strategy, supply-chain, technology, threat, usa, vulnerabilityCIO-CISO divide: Who owns business continuity?: While CISOs may find that their remit is expanding to cover business continuity, a lack of clear delineation of roles and responsibilities can spell trouble.To effectively handle business continuity, cybersecurity leaders need a framework to collaborate with IT leadership.Responding to events requires a delicate balance between thoroughness of investigation…
-
How CISOs can balance business continuity with other responsibilities
by
in SecurityNews
Tags: attack, backup, breach, business, cio, ciso, compliance, cyber, cyberattack, cybersecurity, data, data-breach, finance, framework, healthcare, incident, incident response, metric, nist, ransomware, resilience, risk, service, strategy, supply-chain, technology, threat, usa, vulnerabilityCIO-CISO divide: Who owns business continuity?: While CISOs may find that their remit is expanding to cover business continuity, a lack of clear delineation of roles and responsibilities can spell trouble.To effectively handle business continuity, cybersecurity leaders need a framework to collaborate with IT leadership.Responding to events requires a delicate balance between thoroughness of investigation…
-
Trump shifts cyberattack readiness to state and local governments in wake of info-sharing cuts
by
in SecurityNews
Tags: advisory, cio, cisa, ciso, communications, cyber, cyberattack, cybersecurity, election, government, group, infrastructure, intelligence, Internet, metric, office, resilience, risk, russia, strategy, technology, threatCreating a national resilience strategy The EO requires the assistant to the President for national security affairs (APNSA), in coordination with the assistant to the President for economic policy and the heads of relevant executive departments and agencies, to publish within 90 days (by June 17) a National Resilience Strategy that articulates the priorities, means,…
-
The State of Digital Trust in 2025 Consumers Still Shoulder the Responsibility
by
in SecurityNews
Tags: access, ai, authentication, banking, breach, captcha, cloud, compliance, control, cyber, data, deep-fake, encryption, finance, fintech, framework, GDPR, government, healthcare, identity, india, insurance, law, login, malicious, metric, mfa, mitigation, password, privacy, regulation, resilience, risk, service, software, strategy, switch, technology, threat, toolThe State of Digital Trust in 2025 – Consumers Still Shoulder the Responsibility madhav Thu, 03/20/2025 – 04:52 Trust remains the cornerstone of digital interactions, yet its foundations are increasingly fragile in an era of sophisticated cyber threats and evolving consumer expectations. The 2024 Digital Trust Index gave us extremely important insights into the expectations…
-
Breaking Down Risks in Cybersecurity
by
in SecurityNewsCyber Crime Junkies podcast Breaking Down Risks in Cybersecurity A great conversation on the Cyber Crime Junkies podcast with David Mauro! We covered so many different topics that the CISOs are struggling with: Generative vs Agentic AI risks and opportunities How cyber attackers leverage powerful tools like…
-
What Is Exposure Management and Why Does It Matter?
by
in SecurityNews
Tags: access, attack, breach, business, ciso, cloud, compliance, credentials, cve, cyber, cybersecurity, data, data-breach, group, identity, infrastructure, iot, metric, password, phishing, risk, service, software, technology, threat, tool, vulnerability, vulnerability-managementEach Monday, the Tenable Exposure Management Academy will provide the practical, real-world guidance you need to shift from vulnerability management to exposure management. In our first blog in this new series, we get you started with an overview of the differences between the two and explore how cyber exposure management can benefit your organization. Traditional…
-
Boards Challenged to Embrace Cybersecurity Oversight
by
in SecurityNewsIntegrating Cyber Risk into Business Risk Decisions Cybersecurity failures are now business risks that CEOs and Boards must own. The world of business owners, investors, and their representatives are collectively realizing the potentially catastrophic impacts of cybersecurity incidents if not incorporated into the strategic management of the most senior business leadership. Many regulatory bodies, insurance…
-
What key metrics indicate NHI performance in DevOps?
by
in SecurityNews
Tags: metricWhat Do Non-Human Identities Bring to the Table in DevOps? Where constant innovation and rapid deployment are the norms, have you ever wondered how Non-Human Identities (NHIs) and Secrets Security Management fit into the picture? If you answered yes, then you’re in the right place. We’ll delve into the multifaceted role of NHIs in DevOps,……
-
Beyond Patching: Why a Risk-Based Approach to Vulnerability Management Is Essential
by
in SecurityNewsThe cybersecurity industry has long treated patching as the gold standard for vulnerability management. It is the cornerstone of compliance frameworks, a key metric for security performance, and often the first response to a newly discovered vulnerability. But patching alone is no longer enough. In the 2025 Gartner® report, We’re Not Patching Our Way Out……
-
Is your enterprise ‘cyber resilient’? Probably not. Here’s how other boards fixed that
by
in SecurityNews
Tags: backup, breach, business, ciso, cloud, compliance, control, cyber, cyberattack, cybersecurity, endpoint, finance, framework, governance, incident, metric, monitoring, nist, resilience, risk, service, strategy, supply-chain, tool, training, vulnerability, vulnerability-managementLockheed Martin: Lockheed Martin introduced its Cyber Resiliency Level (CRL) Framework and corresponding Scoreboard in 2018, illustrating a more formalized approach to measuring cyber resilience during this period. The company’s Cyber Resiliency Scoreboard includes tools like a questionnaire and dashboard for measuring the maturity levels of six categories, including Cyber Hygiene and Architecture.MIT: The Balanced Scorecard for Cyber Resilience (BSCR) provides…
-
Advanced Power Tracking
by
in SecurityNewsProduct Update: Version 4.8 This update brings key improvements to asset management and power tracking. Highlights include Template Power metrics in bulk actions, simplified rack layouts for easier asset placement, and advanced power sensors for detailed analysis. The upgraded asset discovery engine now supports more vendor asset types, streamlining management. … First seen on securityboulevard.com…
-
What CISOs need from the board: Mutual respect on expectations
by
in SecurityNews
Tags: business, ceo, ciso, compliance, control, cyber, cybersecurity, finance, framework, governance, metric, risk, risk-management, skills, strategy, technology, threat, update, vulnerabilityPart 500. While this legislation was groundbreaking for being very prescriptive in what cyber controls are required, there was in earlier drafts indications that each board should have suitably cyber-qualified members.Similar guidelines were established with the Australian Institute of Company Directors (AICD) drafting its Cyber Governance Principles, which were recently refreshed. The timing of this…
-
How CISOs can sharpen their board pitch for IAM buy-in
by
in SecurityNews
Tags: access, automation, breach, business, ciso, cloud, compliance, control, cybersecurity, data, finance, guide, iam, identity, metric, risk, security-incident, strategy, supply-chainthe top focus area going into 2025. However, communicating IAM’s value to the board remains a challenge”, it isn’t enough for these security leaders to craft effective IAM strategies”, they must also secure their board’s support.CISOs know that executive buy-in is critical for obtaining the necessary funding and setting the right tone from the top. The…
-
Critical Vulnerability in Fluent Bit Exposes Cloud Services to Potential Cyber Attacks
by
in SecurityNews
Tags: attack, cloud, computing, cve, cvss, cyber, data-breach, flaw, infrastructure, metric, service, tool, vulnerabilityA critical security flaw in Fluent Bit, a widely adopted log processing and metrics collection tool part of the Cloud Native Computing Foundation (CNCF), has exposed enterprise cloud infrastructures to denial-of-service (DoS) attacks. Designated as CVE-2024-50608 and CVE-2024-50609, these vulnerabilities”, scoring 8.9 on the CVSS v3.1 severity scale”, stem from improper handling of HTTP headers…
-
Ransomware gangs extort victims 17 hours after intrusion on average
by
in SecurityNews
Tags: access, business, credentials, data, encryption, espionage, exploit, extortion, government, group, healthcare, Intruder, malicious, malware, metric, monitoring, network, ransom, ransomware, service, tactics, technology, theft, threat, tool, vulnerability, zero-dayThe initial point of access for the attackers and the privileges it provided themHow easy it is to reach other network segments and systems from the initially compromised assetWhether access into the environment was resold to a ransomware operator by an initial access brokerWhether the attackers decided to operate only outside the victim’s regular business…
-
Consortium Acquires Cyber Risk Quantification Startup To Become ‘Next-Gen VAR’
Consortium’s acquisition of Metrics That Matter is aimed at providing customers with a more-accurate, continuously updated picture of their cyber risk, CEO Nate Ungerott tells CRN. First seen on crn.com Jump to article: www.crn.com/news/security/2025/consortium-networks-acquires-cyber-risk-quantification-startup-to-become-next-gen-var
-
Consortium Networks Acquires Cyber Risk Quantification Startup To Become ‘Next-Gen VAR’
Consortium Networks’ acquisition of Metrics That Matter is aimed at providing customers with a more-accurate, continuously updated picture of their cyber risk, CEO Nate Ungerott tells CRN. First seen on crn.com Jump to article: www.crn.com/news/security/2025/consortium-networks-acquires-cyber-risk-quantification-startup-to-become-next-gen-var
-
Getting the Most Value out of the OSCP: Pre-Course Prep
by
in SecurityNews
Tags: access, antivirus, attack, compliance, control, credentials, cyber, cybersecurity, detection, exploit, finance, framework, guide, hacker, hacking, infosec, infrastructure, jobs, kali, linux, mandiant, metric, microsoft, mitre, network, organized, password, penetration-testing, PurpleTeam, RedTeam, risk, service, skills, software, tactics, technology, tool, training, vulnerability, windowsThe first post in a five-part practical guide series on maximizing the professional, educational, and financial value of the OffSec certification pursuit for a successful career in offensive cybersecurity consulting Disclaimer: All opinions expressed in this article are solely my own. I have reviewed the content to ensure compliance with OffSec’s copyright policies and agreements.…
-
Enhancements for BloodHound v7.0 Provide Fresh User Experience and Attack Path Risk Optimizations
by
in SecurityNews
Tags: access, attack, ciso, computer, control, cybersecurity, data, group, identity, incident response, metric, radius, risk, risk-assessment, threat, tool, update, vulnerability, vulnerability-managementGeneral Availability of Improved Analysis Algorithm and Security Posture Management Improvements The BloodHound team previewed several concepts in the last couple of releases that made it easier for customers to visualize attack paths and show improvements in identity risk reduction over time. This week’s release of BloodHound v7.0 includes significant enhancements focused on improving user experience…
-
It pays to know how your cybersecurity stacks up
by
in SecurityNewsLike all other business leaders, chief information security officers (CISOs) could find themselves on the unemployment line if something on their watch goes seriously sideways.But what if CISOs simply aren’t demonstrating enough business value?With companies cutting costs, proving cybersecurity programs are good for the business has become vital to protecting budgets and jobs. That’s why…
-
7 tips for improving cybersecurity ROI
by
in SecurityNews
Tags: advisory, ai, attack, business, ciso, compliance, control, corporate, cyber, cybersecurity, data, defense, detection, exploit, finance, gartner, group, incident response, infrastructure, intelligence, metric, monitoring, network, privacy, resilience, risk, risk-assessment, risk-management, service, siem, software, strategy, technology, threat, tool, vulnerability, wafWhen it comes to cybersecurity investments, smart money is directed toward initiatives that deliver the greatest protection at the lowest possible cost. But what appears to be a straightforward calculation can often be anything but.CISOs perennially face challenges securing adequate funding to safeguard the enterprise, placing them often in difficult positions attempting to stretch resources…
-
Mastering SEO for Cybersecurity Entrepreneurs: A Strategic Guide to Dominating Search Rankings
by
in SecurityNewsMaster fundamentals of SEO to elevate your online presence in 2025. From keyword research and on-page optimization to local SEO tactics, this guide covers essential strategies for entrepreneurs. Learn how to track key metrics, stay updated on the latest trends to drive more traffic and conversions. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/mastering-seo-for-cybersecurity-entrepreneurs-a-strategic-guide-to-dominating-search-rankings/
-
CISOs are moving closer to the board, but budget hurdles remain
by
in SecurityNewsIn recent years, CISOs have often felt that their board of directors did not take them seriously. This key issue for cybersecurity, however, is turning around, with 82% of CISOs now reporting directly to their CEOs, versus 47% in 2023, according to a survey by Splunk.Splunk’s report, which surveyed 500 CISOs, CSOs, and similar security officers,…
-
How Ephemeral on-demand data can improve DORA DevOps scores
by
in SecurityNewsUnderstand the performance metrics used to produce the DORA scores and how on-demand data from Tonic Ephemeral, as well as the integration between Ephemeral and Tonic Structural, can improve the DORA score for your development teams First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/how-ephemeral-on-demand-data-can-improve-dora-devops-scores/
-
GitLab CISO on proactive monitoring and metrics for DevSecOps success
by
in SecurityNewsIn this Help Net Security interview, Josh Lemos, CISO at GitLab, talks about the shift from DevOps to DevSecOps, focusing on the complexity of building systems and integrating … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/09/josh-lemos-gitlab-devsecops-success/
-
How CISOs can forge the best relationships for cybersecurity investment
by
in SecurityNews
Tags: access, ai, business, ceo, cio, ciso, communications, control, cyber, cybersecurity, data, finance, framework, group, guide, metric, network, privacy, risk, risk-analysis, risk-management, threat, tool, zero-trustWhen it comes to securing cybersecurity investments there are many things at play. The key often lies in the CISO’s ability to build relationships with key stakeholders across the organization. However, CISOs are being tasked with protecting their organizations while navigating budget constraints.Although nearly two-thirds of CISOs report budget increases, funding is only up 8%…
-
Volkswagen massive data leak caused by a failure to secure AWS credentials
by
in SecurityNewsA failure to properly protect access to its AWS environment is one of the root causes of the recent massive Volkswagen data leak, according to a presentation on the incident at the Chaos Computer Club on Dec. 27.But the security analyst who helped expose the leak said the $351 billion car manufacturer violated its own…
-
Impart is now available in the AWS Marketplace – Impart Security
by
in SecurityNews
Tags: api, attack, data, detection, fraud, infrastructure, injection, kubernetes, marketplace, metric, monitoring, risk, service, strategy, threat, tool, update, wafToday, we are thrilled to announce that Impart is now available in the AWS Marketplace. More Streamlined Contracting AWS customers with existing spend commitments can apply their Impart purchase toward their AWS commitment. This availability simplifies the buying process with streamlined contractual and legal terms, enabling faster procurement. Product Benefits AWS customers can now more easily purchase…