Tag: metric
-
How to Use Risk-Based Metrics in an Exposure Management Program
Tags: attack, business, cloud, control, cybersecurity, data, exploit, guide, intelligence, iot, metric, mobile, monitoring, risk, service, threat, tool, update, vulnerability, vulnerability-managementEach Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, Tenable security engineers Arnie Cabral and Jason Schavel share how you can use risk-based metrics. You can read the entire Exposure Management Academy series here. We’re information security engineers at…
-
Cybersecurity Snapshot: Experts Issue Best Practices for Migrating to Post-Quantum Cryptography and for Improving Orgs’ Cyber Culture
Tags: access, attack, best-practice, business, cio, ciso, communications, computer, computing, conference, corporate, crypto, cryptography, cyber, cybersecurity, data, defense, email, encryption, finance, government, group, ibm, identity, incident, incident response, infrastructure, jobs, lessons-learned, metric, microsoft, mitre, monitoring, nist, risk, service, strategy, technology, threat, tool, training, update, vulnerability, vulnerability-management, warfareCheck out a new roadmap for adopting quantum-resistant cryptography. Plus, find out how your company can create a better cybersecurity environment. In addition, MITRE warns about protecting critical infrastructure from cyber war. And get the latest on exposure response strategies and on CISO compensation and job satisfaction. Dive into five things that are top of…
-
Posture ≠Protection
CSPM, DSPM, ASPM, SSPM, ESPM, the alphabet soup of Security Posture Management (SPM) tools promises visibility into risk. They map misconfigurations, surface exposure paths and highlight policy gaps. That can be useful. But let’s not confuse awareness with action. They don’t block threats.They don’t enforce controls.They don’t prevent breaches. SPMs detect, then delegate. A ticket.…
-
Week in review: NIST proposes new vulnerabilities metric, flaws in NASA’s open source software
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Vulnerabilities found in NASA’s open source software Vulnerabilities in open … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/01/week-in-review-nist-proposes-new-vulnerabilities-metric-flaws-in-nasas-open-source-software/
-
Will AI agent-fueled attacks force CISOs to fast-track passwordless projects?
Tags: access, ai, api, attack, authentication, breach, business, ciso, cloud, credentials, cyber, cybersecurity, data, fido, finance, framework, google, Hardware, identity, login, metric, microsoft, okta, passkey, password, phishing, privacy, risk, risk-management, service, technology, threat, tool, update, zero-trustPasswordless options: In retiring passwords, security leaders will need to consider their options, passkeys, biometrics, and third-party login services, looking for the best technical, usability, and security fit. There are pros and cons for each option, and in many cases CISOs may be guided towards one based on their existing environment.Passkeys, used by Microsoft, Samsung,…
-
NIST Introduces New Metric to Measure Likelihood of Vulnerability Exploits
The US National Institute of Standards and Technology (NIST) published a white paper introducing a new metric called Likely Exploited Vulnerabilities (LEV) First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/nist-metric-lev-likelihood/
-
NIST proposes new metric to gauge exploited vulnerabilities
NIST has introduced a new way to estimate which software vulnerabilities have likely been exploited, and it’s calling on the cybersecurity community to help improve and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/26/nist-likely-exploited-vulnerabilities/
-
Police Tout Darknet Global Takedown ‘Operation RapTor’
Global Collaboration Leads to Drug, Firearm Bust. U.S. and European officials Thursday touted a global operation to disrupt the criminal darkweb, announcing the arrest of 270 accused darkweb vendors and buyers across 10 countries. Operation RapTor resulted in the confiscation of more than $200 million and more than two metric tons of drugs. First seen…
-
New NIST Security Metric Aims to Pinpoint Exploited Vulnerabilities
Researchers from the National Institute of Standards and Technology (NIST) and the Cybersecurity and Infrastructure Security Agency (CISA) have introduced a new security metric designed to improve vulnerability management. The proposed Likely Exploited Vulnerabilities (LEV) metric aims to enhance organizations’ ability to identify which vulnerabilities are most likely to be exploited, enabling more efficient remediation…
-
Top 12 US cities for cybersecurity job and salary growth
Tags: access, ai, apple, attack, blockchain, business, country, crowdstrike, cyber, cybersecurity, data, defense, finance, fintech, government, group, infrastructure, insurance, iot, jobs, metric, microsoft, nvidia, office, okta, privacy, software, startup, strategy, supply-chain, technology, training, warfareWhile major hubs like San Francisco naturally come to mind, and perform well based on the metrics we evaluated, there are many lesser-known cities that may be just as promising, if not more. These emerging destinations can offer easier access to job opportunities, more sustainable career paths, higher pay, and a lower cost of living.Here’s…
-
Why Your MTTR Is Too Slow, And How to Fix It Fast
SLASH YOUR MTTR! Join Us for a Live Webinar on Faster Incident Response & Reduced Downtime. MTTR (Mean Time to Response) isn’t just a buzzword, it’s a crucial metric that can make or break your organization’s ability to bounce back from incidents quickly. But here’s the thing: most teams misunderstand what MTTR really means…. First…
-
We’re Answering Your Exposure Management Questions
Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this Exposure Management Academy FAQ, we help CISOs understand exposure management, look at how advanced you might be and outline how to structure a program. You can read the entire Exposure Management…
-
How to Develop and Communicate Metrics for CSIRPs
A well-documented cybersecurity incident response program (CSIRP) provides the transparency needed for informed decision-making, protecting the organization in a constantly changing threat environment. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/develop-communicate-metrics-csirps
-
A Unified Approach to Exposure Management: Introducing Tenable One Connectors and Customized Risk Dashboards
Unified visibility and context are the keys to an effective exposure management program. Learn how the new Tenable One connectors and unified dashboards give you a comprehensive view of your attack surface, help you streamline decision-making and empower your teams to uncover hidden risks, prioritize critical exposures and respond to threats with confidence. In 2022,…
-
CVE funding crisis offers chance for vulnerability remediation rethink
Tags: access, ai, awareness, best-practice, cisa, cve, cvss, cybersecurity, data, exploit, Hardware, healthcare, intelligence, iot, kev, least-privilege, metric, mfa, microsoft, network, open-source, penetration-testing, risk, software, threat, tool, training, update, vulnerability, vulnerability-managementAutomatic for the people: AI technologies could act as a temporary bridge for vulnerability triage, but not a replacement for a stable CVE system, according to experts consulted by CSO.”Automation and AI-based tools can also enable real-time discovery of new vulnerabilities without over-relying on standard CVE timelines,” said Haris Pylarinos, founder and chief executive of…
-
CISO vs CFO: why are the conversations difficult?
Tags: ai, attack, breach, business, ciso, compliance, cyber, cyberattack, cybersecurity, finance, insurance, jobs, metric, ransomware, RedTeam, risk, risk-management, saas, strategy, technology, threat, toolmight happen, which often means the best outcome is nothing happens. That’s a tough sell.”Although a single cyberattack can wipe out millions of dollars, CFOs and CISOs often approach cybersecurity from fundamentally different perspectives. Bridging this divide requires more than just better communication, it demands, as Argyle put it, a shift in mindset. The disconnect…
-
Make the move to more meaningful metrics
Tags: metricFirst seen on scworld.com Jump to article: www.scworld.com/perspective/make-the-move-to-more-meaningful-metrics
-
The 14 most valuable cybersecurity certifications
Tags: access, ai, application-security, attack, automation, best-practice, blockchain, blueteam, china, cisa, cisco, ciso, cloud, compliance, computer, computing, conference, control, country, credentials, cryptography, cyber, cybersecurity, data, defense, encryption, endpoint, exploit, finance, governance, government, guide, hacker, hacking, incident response, intelligence, Internet, jobs, kali, law, linux, malware, metric, microsoft, monitoring, network, penetration-testing, privacy, reverse-engineering, risk, risk-analysis, risk-management, skills, threat, training, vulnerability, windowsIndustry recognition Who’s to say one certification is more respected than another? Such criteria can be very subjective, so we turned to the most direct and unbiased source to cut through the ambiguity: job listings. In addition to education, skills, and qualifications, employers often specify certs they seek in their ideal candidate. These mentions carry…
-
AI looms large on the RSA Conference agenda
Rise of the machines: Charlie Lewis, a partner at management consulting firm McKinsey & Co., similarly predicted that consolidation in cloud security and security operations were key industry trends likely to be showcased during the RSA Conference.”Enterprises need to integrate security into their software development practices,” Lewis told CSO. Enterprises need to deploy AI-based technologies…
-
Reporting lines: Could separating from IT help CISOs?
Tags: attack, business, cio, ciso, cyber, cybersecurity, exploit, finance, insurance, metric, mitigation, risk, risk-management, skills, technology, vulnerabilityReporting to the CFO can improve discussions about funding: There’s art and science to secure funding. Number matters in getting budget approval, and cybersecurity is at pains to be seen as more than a cost center. However, two-thirds (66%) of CFOs don’t fully understand the CISO role and have difficulty seeing the tangible return on…
-
AttackIQ Academy Enterprise: Cybersecurity Training Dashboard for Security Teams
AttackIQ Academy Enterprise is our answer to this challenge. This new solution gives security leaders clear visibility into their employees’ learning progress through an interactive dashboard displaying comprehensive training metrics and assessment results. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/attackiq-academy-enterprise-cybersecurity-training-dashboard-for-security-teams/
-
Are We Prioritizing the Wrong Security Metrics?
True security isn’t about meeting deadlines, it’s about mitigating risk in a way that aligns with business objectives while protecting against real-world threats. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/are-we-prioritizing-wrong-security-metrics
-
Security Awareness Metrics That Matter to the CISO
Security awareness has become a critical component of organizational defense strategies, particularly as companies adopt zero-trust architectures. Chief Information Security Officers (CISOs) are increasingly challenged to demonstrate the effectiveness of security awareness programs through meaningful metrics that resonate with leadership. With human error contributing to approximately 95% of data breaches, quantifying the impact of security…
-
What boards want and don’t want to hear from cybersecurity leaders
Tags: access, business, ciso, compliance, control, cyber, cybersecurity, email, malicious, metric, phishing, risk, security-incident, skills, strategy, technology, threat, training, update“It’s only when you report to someone not involved in technology that you realize you’re talking in jargon or not close to talking the language of the business,” says Bennett. Decoding what the board wants from security leaders: Cybersecurity leaders need regular contact with boards to foster familiarity and understanding. Without this, a lack of…
-
SOC Metrics That Matter: KPIs Every Security Team Should Track
First seen on scworld.com Jump to article: www.scworld.com/native/soc-metrics-that-matter-kpis-every-security-team-should-track