The goal of this report is to offer a view on the state of compliance in today’s typical organization, including: the rate of noncompliance among a typical organization’s assets, the compliance standards that are hardest for organizations to adhere to, how well compliance tracks against the overall risk surface and the most common security controls causing non-compliance. (more available)

This report creates an overall picture of the cybersecurity capabilities of public power utilities. Moreover, it supports the previous year’s findings and provides a consistent approach for supporting DOE’s Multiyear Plan for Energy Sector Cybersecurity. (more available)

Over 5,100 IT and security professionals across 27 countries were asked about their organizations’ approaches to updating and integrating security architecture, detecting and responding to threats, and staying resilient when disaster strikes. (more available)

Based on a survey of over 4,800, this report reviews the practices that lead to positive outcomes for security programs. Linking together practices that are more (or less) successful to the characteristics of positive outcomes, this report aims to give guidance for where practitioners can focus their efforts to achieve similar outcomes. (more available)

This report evaluates the state of security in healthcare in 2020, and compares it against 3-years' worth of historical client data. (more available)

The 2019 Survey of 211 participants covers Overall risk security, Risk Management, and also covers what job titles are involved, and what industries are involved. (more available)

A survey of over 300 security professionals on security operations center (SOC) practices and how those practices relate to outcomes.

This 2019 edition of the SANS Security Operations Center (SOC) Survey was designed to provide objective data to security leaders and practitioners who are looking to establish a SOC or optimize their existing SOCs. (more available)

Automation balances machine-based analysis with human-based domain knowledge to help organizations achieve optimal workflows in the face of staff shortages and alert fatigue, all caused by an increasing number of destructive threats. (more available)

From the report, “But what exactly do we talk about when we talk “security?” That’s the question we seek to answer in this report, which has its roots in a similar question asked by an eight-year-old daughter two and a half years ago: “What’s the RSA Conference about, Daddy? (more available)

This report takes an inside look at Industrial Control Systems and the need for them to be updated for the new Cyber Security Threats. (more available)

The HIMSS Media survey, Cloud Security Insights, sponsored by the Center for Connected Medicine, sought to better understand attitudes and perceptions about cloud security among hospitals and health systems. (more available)

This report offers 14 tips to fortify your public cloud environment. From the report, “This edition of RedLock’s Cloud Security Trends marks the report’s one year anniversary, and it’s been a sobering year in terms of public cloud breaches, disclosures and attacks. (more available)

From the report, “DOur objective was to (1) summarize unclassified and classified reports issued and testimonies made from the DoD oversight community and the Government Accountability Office (GAO) between July 1, 2017, and June 30, 2018, that included DoD cybersecurity issues; (2) identify cybersecurity risk areas for DoD management to address based on the five functions of the National Institute of Standards and Technology (NIST), “Framework for Improving Critical Infrastructure Cybersecurity,” April 16, 2018 (Cybersecurity Framework); and (3) identify the open DoD cybersecurity recommendations. (more available)

This report provides information cultivated by the Task Force, which offers the opportunity to address significant cybersecurity concerns in the health care industry. (more available)

This report, is based on a survey of 338 IT and security professionals in the US. The goal of the survey was to quantify adoptions of security frameworks. (more available)

This guide provides some thoughts about implementing a Vulnerability Disclosure Program.

This 10-point checklist outlines best practices for designing a security architecture that protects cloud data at the endpoint. Enterprise computing architectures have changed fundamentally in the last ten years, as employees consume an ever-growing collection of business cloud services through mobile apps. (more available)

The second annual RSA Cybersecurity Poverty Index is the result of an annual maturity self-assessment completed by 878 individuals across 24 industries. (more available)

In this report they seek to answer four important questions. How mature is the profession today? Where are we weakest/strongest? Which improvements in maturity are likely to matter most? (more available)