Risk management is not one of humanity's strong points, but we can learn some lessons from our own real life experiences to apply to our security careers.
Measuring risk is a notoriously hard task, so Andy Ellis suggests teams focus on fixing the problems in fornt of them instead of trying to measure what could happen.
Morgan Stanley has agreed to pay a $60 million fine for its repeated failures to adequately protect customer data when disposing of old equipment.
Which platform is the riskiest: Windows, Mac, Linux, Unix, or a networking device? Latest research from Kenna Security and Cyentia Institute shows that CISOs have to consider both the number of vulnerabilities and how issues are addressed in order to determine risk.
Many security leaders rely on a cost-per-record metric to calculate the costs of a security incident. The latest research from Cyentia Institute using Advisen data shows estimates based on that metric are frequently inaccurate.