Based on a survey of over 4,800, this report reviews the practices that lead to positive outcomes for security programs. Linking together practices that are more (or less) successful to the characteristics of positive outcomes, this report aims to give guidance for where practitioners can focus their efforts to achieve similar outcomes. (more available)

The annual report on the composition and findings of security testing as powered by BugCrowd’s bug bounty platform of nearly 3,500 security testers. (more available)

In this report, we will address the aforementioned questions using data that Forescout Technologies has carefully gathered, tested and validated from all forms of device networks and the applications they support. (more available)

P2P Volume 5 focuses on the differences between asset types (OS) and how vulnerabilities are treated on different platforms.

Risk Based Security has been sharing our Vulnerability QuickView reports with the world, providing detailed analysis on the vulnerability landscape based on data from our vulnerability intelligence product, VulnDB . (more available)

From the report, “After working with hundreds of security professionals and covering over 1 million assets at some of the world’s most innovative brands, the team at Axonius has identified 5 things that security teams discover when they automate cybersecurity asset management. (more available)

This study was designed to examine the growing concern of cyber risks and the importance of cyber assessment during mergers and acquisitions (M&A) and determine how well companies are prepared to deal with cyber risk during M&A from the perspective of IT Decision Makers (ITDMs) and Business Decision Makers (BDMs). (more available)

The essays in this eBook provide a wealth of information and present an inside look at an aspect of cybersecurity that is still not well understood. (more available)

This report takes an inside look at Industrial Control Systems and the need for them to be updated for the new Cyber Security Threats. (more available)

This report has been produced in partnership with the 400,000 member Cybersecurity Insiders community of IT security professionals to explore how AWS user organizations are responding to security threats in the cloud, and what tools and best practices IT cybersecurity leaders are prioritizing in their move to the cloud. (more available)

From the report, “Much like DevOps itself, pervasive automation is equal parts process, tooling, and culture. Taking the journey represents a collective commitment by the entire organization, one where the goal is realizing the competitive advantage offered by software automation. (more available)

This paper provides a checklist to address CIS Critical Security Controls.

This paper navigates decision-makers through the issues surrounding a specific technology or business case, explores the business value of adoption, and recommends the range of considerations and concrete next steps in the decision-making process. (more available)

This report is based on a survey, that is intended to provide a community perspective on what security operations centers (SOCs) look like within organizations across the globe, as well as data and guidance to enable organizations to build, manage, maintain and mature effective and efficient SOCs. (more available)

This report illustrates how organizations are implementing proper Cyber hygiene, if at all. To gather this data, Tripwire partnered with Dimensional Research, sending a survey to independent sources of IT security professionals. (more available)

Learn easy and effective ways for IT pros to manage help desk tickets and simplify the job of supporting end-users.

This paper seeks to help organizations understand the future of Software Asset Management.

Device Authority’s Beginners’ Guide to Encryption is designed to help you understand the basics of how encryption works, why it matters, and what challenges are facing encryption in the new landscape of the Internet of Things (IoT). (more available)

Cisco provides a brief report that discusses intent based networking and the enterprise.