InfoQ Homepage Risk Management Content on InfoQ
-
/articles/securing-linux-applications/en/smallimage/proactive-approaches-security-linux-logo-small-1727870445556.jpg)
Proactive Approaches to Securing Linux Systems and Engineering Applications
Maintaining a strong security posture is challenging, especially with Linux. An effective approach is proactive and includes patch management, optimized resource allocation, and effective alerting.
-
/articles/risk-first-compliance/en/smallimage/from-compliance-first-to-risk-first-small-1703233223207.jpg)
From Compliance-First to Risk-First: Why Companies Need a Culture Shift
Transitioning from a "Compliancе-First" approach to a "Risk-First" mindset rеcognizеs that compliancе should not be viеwеd in isolation, but as a componеnt of a broadеr risk managеmеnt strategy.
-
/articles/secure-delivery-workflow/en/smallimage/logo-1675435091128.jpg)
Secure Delivery: Better Workflows for Secure Systems and Pain-Free Delivery
The software delivery process has been transformed in the last decade; we’ve adopted well-understood workflows around functions such as testing, release management and operational support. In this article we'll explore the impact that security workflows have on software delivery, explain the root causes and share battle-proven techniques to show how we can make delivering secure software easier.
-
/articles/integrating-dast-ci-cd/en/smallimage/logo-1666174011486.jpg)
Successfully Integrating Dynamic Security Testing into Your CI/CD Pipeline
Dynamic security testing tools don’t require advanced cybersecurity knowledge to operate. Integrating DAST into your CI/CD pipeline should be done in stages by focusing on the riskiest areas first.
-
/articles/insider-security-threats-zero-trust/en/smallimage/logo-1641193907181.jpg)
Mitigating Inside and Outside Threats with Zero Trust Security
As ransomware and phishing attacks increase, it is evident that attack vectors can be found on the inside in abundance. Zero Trust Security can be thought of as a new security architecture approach where the main goals are: verifying endpoints before any network communications take place, giving least privilege to endpoints, and continuously evaluating the endpoints throughout the communication.
-
/articles/application-security-manager-role/en/smallimage/Application-Security-Manager-small-image-1634312284905.jpg)
Application Security Manager: Developer or Security Officer?
The role of the Application Security Manager (ASM) should be the driving force of the overall code review process. An ASM should know about development processes, information security principles, and have solid technical skills. To get a good ASM you can either use experts from a service provider or grow an in-house professional from developers or security specialists.
-
/articles/human-teams-managing-inner-lizard/en/smallimage/logo-1624995659571.jpg)
Building Stronger Human Teams by Managing the Inner Lizards
Each of us has an inner lizard that frets constantly about our safety. People come with brains that are pre-configured to scan everything you say for threats to their safety. Learning to recognize when you're operating under reptilian influence is a great start. This article introduces some techniques to help you manage the lizard within you along with those around you.
-
/articles/death-spiral-software/en/smallimage/logo-agile-1618211435967.jpg)
Signs You’re in a Death Spiral (and How to Turn It around before It’s Too Late)
Don’t let feature work blind you. Enterprises are ramping up their software delivery to compete in the digital-first world. But more features and faster time-to-market can lead your business into a death spiral if you neglect technical debt and risk work. Learn how to use value stream metrics to identify whether your business is in danger and how to reverse the trajectory before it’s too late.
-
/articles/transformation-by-imagining-it-had-failed/en/smallimage/KICK-OFF-S-1606304485976.jpg)
Kick-off Your Transformation by Imagining It Had Failed
Large scale change initiatives have a worryingly high failure rate, the chief reason for which is that serious risks are not identified early. One way to create the safety needed for everyone to speak openly about the risks they see is by running a pre-mortem. In a pre-mortem, we assume that the transformation had already failed and walk backward from there to investigate what led to the failure.
-
/articles/cybersecurity-pain-points/en/smallimage/three-major-cybersecurity-pain-posts-address-improved-threat-defense-l-1570618911328.jpg)
Three Major Cybersecurity Pain Points to Address for Improved Threat Defense
Three pain points every company must address when addressing cybersecurity include threat volume and complexity, a growing cybersecurity skills gap, and the need for threat prioritization. This article describes each of these in some detail, and includes recommendations for corporations to deal with them.
-
/articles/developers-business-communicate/en/smallimage/logo-1562065617521.jpg)
How Developers Can Learn the Language of Business Stakeholders
This article explores how business stakeholders and developers can improve their collaboration and communication by learning each other's language and dictionaries. It explores areas where there can be the most tension: talking about impediments and blockers, individual and team learning, real options, and risk management.
-
/articles/book-review-risk-free-software-development/en/smallimage/infoq-risk-first-software-development-cover-1560550499019.jpg)
Q&A on the Book Risk-First Software Development
The book Risk-First Software Development by Rob Moffat views all of the activities on a software project through the lens of managing risk. It introduces a pattern language to classify different risks, provides suggestions for balancing risks, and explores how software methodologies view risks.