Get started

Vulnerability assessment for compliance

• Often overlooked strategies hinder cybersecurity program development

  Corporate compliance and risk management expert Jeff Jenkins outlines three invaluable -- but often overlooked -- strategies that companies should incorporate during cybersecurity program development. Continue Reading

• Can automated segregation of duties benefit regulatory compliance?

  In this feature, Michael Rasmussen explains why automated SoD reduces compliance costs as well as the potential for fraud and lawsuits. Continue Reading

• compliance risk

  Compliance risk is exposure to legal penalties, financial forfeiture and material loss an organization faces when it fails to act in accordance with industry laws and regulations, internal policies or prescribed best practices. Continue Reading

• Next generation of threats requires new approach to PCI security

  In this Q&A, learn how increasingly sophisticated cyberthreats should influence organizations' information protection and PCI security strategy. Continue Reading

• systemic risk

  Systemic risk is a category of risk that describes threats to a system, market or economic segment. Continue Reading

• Definitions to Get Started

  • risk management
  • pure risk (absolute risk)
  • risk assessment
  • OPSEC (operational security)

  • COMSEC (communications security)
  • Altman Z-score
  • unsystemic risk (unsystematic risk)
  • information assurance

  View All Definitions

• inherent risk

  Inherent risk is a category of threat that describes potential losses or pitfalls that exist before internal security controls or mitigating factors are implemented.Continue Reading

• Security-related information sharing boosts corporate data protection

  Former eBay CISO David Cullinane discusses why new threats make security-related information sharing an integral part of corporate data protection.Continue Reading

• speculative risk

  Speculative risk is a category of risk that can be taken on voluntarily and will either result in a profit or loss. Continue Reading

• Center for Internet Security (CIS)

  The Center for Internet Security (CIS) is a nonprofit organization focused on improving public- and private-sector cybersecurity readiness and response.Continue Reading

• risk exposure

  Risk exposure is a quantified loss potential of business actions, and is usually calculated based on the probability of the incident occurring multiplied by its potential losses.Continue Reading

• Walking the tightrope: The compliance and security balancing act

  Just because data is secure does not mean it's compliant, and vice versa. In this tip, learn how to strike the right compliance and security balance.Continue Reading

• intrusion detection system (IDS)

  An intrusion detection system (IDS) is a device or software application that alerts an administrator of a security breach, policy violation or other compromise that may adversely affect the administrator's information technology (IT) network. Continue Reading

• Predictive security intelligence: How it protects today's enterprise

  In this Ask the Expert video, security guru Eric Cowperthwaite explains predictive security intelligence and how to leverage it in the enterprise.Continue Reading

• ISO 27002 (International Organization for Standardization 27002)

  The ISO 27002 standard is a collection of information security guidelines that are intended to help an organization implement, maintain, and improve its information security management.Continue Reading

• Simplify, specialize, integrate: The keys to cybersecurity

  In this webcast, learn how simplifying online security controls can create big cybersecurity strategy returns for both the public and private sector.Continue Reading