Security news aggregator

Latest coverage for Strategy

Cybersecurity strategy guides how organizations prioritize risks, protect critical systems, and prepare for incidents, recovery, and resilience.

10 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Security strategy is the long-term direction an organization uses to manage information-security risk and support its business objectives. It sets priorities for protecting systems and data, assigns decision-making authority, defines acceptable risk, and guides investment in controls, skills, architecture, and suppliers. A sound strategy turns risk assessments and threat intelligence into measurable security outcomes rather than a disconnected list of tools.

For practitioners, strategy determines which assets and attack paths receive priority in vulnerability management, how privacy and regulatory obligations shape data handling, and what capabilities must exist for detection, containment, recovery, and testing. It should account for dependencies such as cloud services, software providers, identities, and legacy systems, while establishing review points as technology, threats, and business operations change. Effective governance links these choices to owners, budgets, metrics, and documented exceptions.

Showing 10 most recent headlines Filtered view

NCC Group's Katharina Sommer on Why Nations Are Turning Inward on Cyber DefenseGeopolitical shifts are reshaping how countries approach cyber resilience. Katharina Sommer, group head of government affairs and analyst relations at NCC Group, explains why governments are turning inward and focusing on sovereign cybersecurity strategies as cross-border collaboration weakens.

300-Person Acquisition Expands Managed Services, Adds Legal and Forensics ExpertiseThe acquisition of Aon’s 300-person cyber unit enhances LevelBlue’s incident response and managed security services. It brings legal experience, global coverage and new law firm partnerships to strengthen its channel strategy and customer support, said CEO Bob McCullen.

Security Leadership in Focus - From AI Risks to Cloud ResponsibilityAI fragmentation, non-human identities and nation-state threats dominated conversations at the Gartner Security & Risk Management Summit. ISMG editors discuss how the event stood out for its vendor-neutral focus and strategic discussions tailored for senior security decision-makers.

Security Leadership in Focus - From AI Risks to Cloud ResponsibilityAI fragmentation, non-human identities and nation-state threats dominated conversations at the Gartner Security & Risk Management Summit. ISMG editors discuss how the event stood out for its vendor-neutral focus and strategic discussions tailored for senior security decision-makers.

300-Person Acquisition Expands Managed Services, Adds Legal and Forensics ExpertiseThe acquisition of Aon’s 300-person cyber unit enhances LevelBlue’s incident response and managed security services. It brings legal experience, global coverage and new law firm partnerships to strengthen its channel strategy and customer support, said CEO Bob McCullen.

Bank Info Security 1 year, 1 month ago

Governments Embrace Secure by Design to Curb Cyberthreats

NextJenSecurity Founder Calls for Global Policy Shifts to Reduce VulnerabilitiesGovernments worldwide are shifting from reactive responses to preventive strategies to tackle ransomware attacks. Jen Ellis, founder of NextJenSecurity, stresses the need for vulnerability accountability and secure-by-design policies to tackle systemic cybersecurity flaws.

Forrester's McKay and van der Hout on How Regulations Are Driving Cyber ResilienceSecurity leaders worldwide are elevating resilience in cyber strategies, where Europe emerges as a frontrunner globally in protecting critical infrastructure. Driven by regulation such as NIS2 and DORA, its cybersecurity posture reflects strong resilience planning amid increasing disruptions.

Bank Info Security 1 year, 1 month ago

Vulnerability Databases Face Accuracy and Access Gaps

VulnCheck's Garrity on the Uncertainty of the CVE Ecosystem and EUVD's LimitationsFunding shortages and incomplete coverage in critical vulnerability databases are increasing the risk for defenders. Patrick Garrity, security researcher at VulnCheck, discusses how data gaps and scoring confusion hinder response strategies for potential cyberattacks.

SentinelOne discovered the campaign when they tried to hit the security vendor's own servers An IT services company, a European media group, and a South Asian government entity are among the more than 75 companies where China-linked groups have planted malware to access strategic networks should a conflict break out.…