Guide: Rethinking application security risk for federal agencies

Cybersecurity risk can be hard to define and measure, even though the consequences of a cyberattack are very real. This post suggests a practical approach to determining and reducing application security risk ...
API security vulnerabilities testing BRc4 Akamai security pentesting ThreatX red team pentesting API APIs Penetration Testing

The Evolution of Vulnerability Scanning and Pentesting

An awareness of unprotected vulnerabilities and risks is the starting point for determining the best way to align resources with cybersecurity. By conducting regular real-world attack testing, security operations can illuminate weaknesses ...
Security Boulevard
insider risk Risky Insider Security Behaviors

Why Insider Threat Risk Increases in the Cloud 

As organizations move to the cloud, enterprise data is increasingly created, used and stored across a variety of SaaS and cloud-based service providers. While these services bring new efficiencies and, in some ...
Security Boulevard

Cybersecurity Risk’s “New Math”

Mary K. Pratt posted an article, “The new math of cybersecurity value,” on CSOonline on September 21, 2021, available at The new math of cybersecurity value | CSO Online   It is a ...
risk fatigue breach breaches risks

Orgs Brace for Breaches as IT Pros Battle Fatigue

The risk of cyberattacks has increased in the last year and 80% of global organizations report they are likely to experience a data breach that impacts customer data in the next 12 ...
Security Boulevard

Inadequate Cybersecurity

It is customary to begin an article on cybersecurity with statements about huge increases in threats and attacks and mounting cyberspace losses from fraud, identity theft, ransoms, data exfiltration, blackmail, etc. Few, ...
DoJ hackers third party security

Can Third-Party Security Programs Prevent the Next SolarWinds?

While the U.S. government was focused on election security last year, unbeknownst to senior American officials a secret cyber espionage campaign by a major nation-state adversary of unprecedented magnitude was already underway – ...
Security Boulevard

Cybersecurity Lessons from the Pandemic: Perception of Risk

The more “mature” among us may recall when decision-making under uncertainty was based on the concept of “rational economic man.” We estimated or calculated the probability and amount of a loss (or ...

Cybersecurity Lessons from the Pandemic: Models and Predictions

There are a number of different types of models—and the output from each must be viewed and used differently depending on the form of the model. First, you have relationships derived from ...

Truth, Trust and Cybersecurity Risk

It is a sad reflection on the times, but it is becoming increasingly difficult to distinguish among true and false “facts,” accurate and misleading interpretations, and personal and politically-expedient beliefs. In my ...