Tag Archives: industry

Nonprofits Cannot Ignore CyberSecurity

Chloe Messdaghi    October 26, 2017

Prior to joining Kenna Security, I worked with a number of nonprofits around the world. Each focused on providing shelter, education, health services, and food to children in need. The mission was clear and critical. Executing that mission wasn’t so easy. Nonprofits run on donated money. Though our goal was to save children, the strategy to drive the mission forward… Read more »

Treating the Root Cause: Security in Healthcare

Michael Roytman    August 29, 2017

Treating the Root Cause: Security in Healthcare Security is healthcare, and it’s apparent even in the language we use to describe malicious software. Viruses, worms and the like have long been examples of malware so-called because they propagate as disease, but more relevantly to us – they are also treated as such. Symptomatic treatment is any medical therapy of a… Read more »

The Three CVEs that You’re Not Paying Attention to (But Probably Should)

Michael Roytman    June 17, 2015

The Risk I/O philosophy is all about fixing what matters – that is, using data to make decisions that make the most of the limited actions you can take in a day, a week, a month. It’s not about the sheer volume of vulnerabilities that your team closes — it’s closing the ones that reduce your overall risk the most…. Read more »

Vulnerability Management for the Midsize

Ed Bellis    March 19, 2015

It’s not fair. The big companies have the teams, the tools, and the processes required in order to run a best-in-class vulnerability management program. But guess what? The bad guys don’t care about how big you are. In fact, non-targeted exploits accounted for 75% of the breaches from Verizon’s 2013 Data Breach Investigation Report—meaning even mid-sized companies are equally or… Read more »

What a Difference a Year Makes: Reflecting on our Dell SecureWorks Partnership

Ryan Cunnane    February 18, 2015

What a different a year makes. Nearly a year ago, Risk I/O was in the beginning phases of what would become one of our greatest successes to date: a partnership with Dell SecureWorks.  As we celebrate the one-year anniversary of the partnership, we wanted to highlight its significance and firm validation in the marketplace. Partnership highlights include: Threat intelligence supplied by Dell SecureWorks’… Read more »

Secret #5 of Vulnerability Scanning: You Can Actually Prioritize, Rather Than Just Analyze

Ed Bellis    January 20, 2015

This is the third post by Ed Bellis in a three-part series on Vulnerability Scanning. To view all five secrets and two common “gotchas” of vulnerability scanning, please click here. Typically, security teams spend tons of time putting together Excel spreadsheets and swimming through countless rows of data. Doing so will get the job done, eventually…kind of. But the problem is, as… Read more »

Secret #4 of Vulnerability Scanning: Don’t Dump-and-Run, Make It Consumable

Ed Bellis    January 15, 2015

This is the second post by Ed Bellis in a three-part series on Vulnerability Scanning. To view all five secrets and two common “gotchas” of vulnerability scanning, please click here. You know what I’m talking about when I talk about the infamous dump-and-run. “Here’s your 300-page PDF with a laundry list of every vulnerability known to man!” From what I’ve… Read more »

Secret #1 of Vulnerability Scanning: CVSS Is Only Part of the Picture

Ed Bellis    January 8, 2015

This is the first post by Ed Bellis in a three-part series on Vulnerability Scanning. To view all five secrets and two common “gotchas” of vulnerability scanning, please click here. Information security can be a thankless job. I know, I’ve lived it first-hand. When I ran Security at Orbitz, it was absolutely critical that my team and I stayed on top of… Read more »

On Physical Security

rhuber    March 31, 2014

Our mission at Risk I/O is to help businesses understand threats to their infrastructure, but as security practitioners we are interested in many forms of security, including physical. This blog post concerns something of particular interest to me, securing my office and a nearly successful theft, which was thwarted by a bit of hobbyist tech. Risk I/O is an emerging… Read more »

Mitigating Application DoS: SecTor Conference Talk

rhuber    October 14, 2013

I was recently invited to speak at one of my favorite security conferences, SecTor in Toronto. Many thanks to Risk I/O for giving me some official time to work on this side project over the last month (side note: we are hiring!). This blog post will summarize my SecTor presentation on application Denial of Service attacks. Application DoS has seen… Read more »