It is interesting that there is no equivalent term in Latin for risk outside of the word for danger. While security is the state of being free from danger or threat, risk, is a more complex topic and cannot be addressed without the concept of loss. It is the probability, not merely the possibility of something unpleasant or unwelcome happening that will result in a loss of some kind (life, liberty, property). The term did not even come into existence until the 17th century after the Medici had leveraged eastern mathematics in the calculation of probability in financial terms and still the word risk is derived from the word danger. Big mistake!
Danger is a static concept. It simply implies a threat. Risk quantifies it so you can make intelligent decisions. If you are a military strategist, you calculate risk in terms of loss of life and resources against mission objectives. For most of us business is not usually calculated in terms of loss of life but rather in terms of financial efficiency. To be certain this is not an absolute statement. Loss of life against financial efficiency is always present in operational decisions but for the sake of risk in the IT world we, for the most part confine ourselves to financial considerations. Loss of life limb and property all are quantifiable in monetary terms. We always say that loss of life is unacceptable but consider that 33,963 people lost their lives on American highways last year and the National Highway Safety Administration did not call for the closing of all highways. As humans we always weigh risk against reward and therein lies the monetary connection.
How should we approach risk in terms of Information Technology? How should we manage risk? I submit that risk management is the set of decisions and actions that reduce the cost of IT. After all, IT security is an overhead expense. IT security does not make a company money. Having an IT infrastructure is a requirement for e-commerce (for example) which enables a company to access a wider market and drives revenue. IT infrastructure has an ROI. The company could confine itself to a chain of physical stores and that infrastructure would represent an ROI but it would be less because the market that physical stores address is smaller and the cost of physical stores is higher. The cost of securing a physical store, however is cheaper than the cost of securing and internet presence so therein lies the motivation behind IT security in this case....REDUCE COST! A technology that enables a company to increase its revenue base has ROI value. A technology that reduces the cost of acquiring that same revenue has RR (risk reduction) value. The tragedy is that most organization fail to quantify and therefore fail to achieve meaningful RR.
Related Blog Posts
Cybersecurity, Federal Government, Market Intelligence, Technology
As the U.S. marks Cybersecurity Awareness Month, a critical pillar of the nation’s digital defense has expired. On September 30th, Congress failed to pass a continuing resolution, furloughing many federal cybersecurity staff and allowing the Cybersecurity Information Sharing Act (CISA) of 2015 to lapse as cyber threats are reaching unprecedented levels. The Cybersecurity and Infrastructure Security Agency, which spearheaded much of the law’s implementation, has also furloughed nearly two-thirds of its workforce.
Nikki Hamlin
Cybersecurity, Federal Government, Market Intelligence, Technology
The United States is facing a significant cybersecurity workforce shortage, with NIST identifying over 500,000 open cyber positions and estimating there are 74 workers for every 100 cyber jobs. This shortage threatens both the nation’s private sector security profile and federal agencies struggling to compete for cybersecurity professionals. As such, the government is working to support cyber education in the United States. In the meantime, departments will also likely need to implement cyber solutions that can aid in accommodating for the workforce shortfall.
Gabriel Zighelboim
Cybersecurity, Market Intelligence
October is Cybersecurity Awareness Month. 2025 has been a year sprinkled with updates to security needs across federal agencies, with new rules and enforcement attempting to reshape how IT vendors and partners engage with the government. Here’s the most prominent Need to Know topics and insights across the space, starting with CMMC.CMMC 2.0The Department of Defense is set to begin enforcing the Cybersecurity Maturity Model Certification (CMMC) regulations on November 10, 2025.
Susanna Patten
AI, Federal Government, IT Perspective, Market Intelligence, News, State & Local Government, Technology
The One Big Beautiful Bill Act (OBBA), enacted on July 4, 2025, is a significant piece of legislation outlining President Trump's executive agenda and guiding future U.S. tax and spending policies.
Yvonne Maffia
Cybersecurity, Federal Government, Market Intelligence, Technology
The DoD is rolling out aggressive updates to its supply chain cybersecurity framework. If you sell software, services or infrastructure into the Defense Industrial Base (DIB), expect tighter requirements, faster timelines and zero tolerance for compliance gaps. These changes affect your ability to win and keep DoD contracts—especially with new programs like:
Toan Le
AI, Cybersecurity, Federal Government, Market Intelligence
In early June, President Trump released an Executive Order designed to modify sections of Orders 13694 and 14144 previously released by former administrations and “strengthen the nation’s cybersecurity by focusing on critical protections against foreign cyber threats and enhancing secure technology practices.” We’ll look at the latest provisions and implications therein specifically to software, quantum and AI development.
Susanna Patten
AI, Cybersecurity, Data, Federal Government, Market Intelligence
The Samosa Act, a bipartisan piece of legislation which passed the House in December 2024, has been reintroduced in the senate after advancing through the Senate Homeland Security and Governmental Affairs Committee in May 2023 but failing to reach the Senate floor for a final vote.
Yvonne Maffia
AI, Cybersecurity, Data, Market Intelligence
The 2025 fiscal year-end is right around the corner for 46 states, which means that it’s time to take advantage of those end-of-year opportunities before they are gone. SLED decision-makers are already looking ahead to next year’s budget process and are working to identify the most pressing technology policy and priority areas that will shape future downstream requirements.
Yvonne Maffia
Big Data, Cybersecurity, Market Intelligence, Technology
The 2025 National Association of State Chief Information Officers (NASCIO) Midyear Conference took place in Philadelphia, PA where state technology leaders shared insights into their top technology priorities for this year. Some of the key focus areas included AI with emphasis on generative AI, data management, governance and quality and cybersecurity and risk management.
Yvonne Maffia
Cloud, Cybersecurity, Education, Market Intelligence, Technology
This year, higher education is undergoing a transformative shift and education institutions must now keep pace with the expectations of the modern world. Emerging and innovative technology is at the forefront of this transformation, with a focus on boosting flexibility, expanding access to student services and enhancing the individualized student experience with more personalized learning options.
Yvonne Maffia
Cybersecurity, Market Intelligence
To enhance federal cybersecurity, Rep. Nancy Mace, R-S. Carolina, introduced the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025 (H.R. 872) on January 31, 2025. A similar bill introduced the previous year stalled in the Senate. This bill aims to close a critical gap in federal cybersecurity standards by ensuring that all federal contractors implement a vulnerability disclosure policy consistent with the National Institute of Standards and Technology (NIST) guidelines. Shontel Brown, D-Ohio, cosponsors the bill.
Toan Le
Cybersecurity, Federal Government, IT Infrastructure, Market Intelligence, Technology
In the first week of his administration, President Trump issued the “Removing Barriers to American Leadership in Artificial Intelligence” executive order (EO).
Susanna Patten
Cybersecurity, Market Intelligence, Technology
On April 3, 2025, the Cybersecurity Infrastructure Security Agency released a joint cybersecurity advisory alongside the National Security Agency, Federal Bureau of Investigations, Australian Signals Directorate’s Australian Cyber Security Centre, Canadian Centre for Cyber Security and New Zealand National Cyber Security Centre on a cyberattack technique known as “fast flux.” In a cyberattack using fast flux, cyber attackers rapidly change Domain Name System (DNS) records to obscure the locations of malicious servers and create resilient command and control (C2) infrastructure, thereb
Gabriel Zighelboim
Cloud Computing, Cybersecurity, Data, Federal Government, IT Infrastructure, Market Intelligence, Technology
In March 2025, the Defense Information Systems Agency (DISA) released its FY25-FY27 data strategy. The strategy consists of three lines of effort (LOE) and follows DISA’s Data Strategy Implementation Plan for FY 2022-2024. IT Companies interested in contracting with DISA should be aware of the data strategy as the strategy will influence DISA’s IT procurement decisions over the next two years.
Gabriel Zighelboim
AI, Big Data, Cybersecurity, Data and Analytics, Federal Government, Market Intelligence
In 2025, SLED government technology is undergoing a significant transformation, focusing on modernization, efficiency and improved service delivery. Emerging and innovative technology is at the forefront of this transformation, with AI leading the charge. AI’s influence on government operations is undeniable; whether it’s public safety, health, or education, AI is shaping government operations across all verticals.
Yvonne Maffia
Cybersecurity, Market Intelligence, State & Local Government
The State Risk and Authorization Management Program, also known as StateRAMP, is slated to rebrand itself to “GovRAMP” later this year to more accurately reflect the entire scope of the nonprofit’s mission and support the “whole-of-state” approach to cybersecurity.
Yvonne Maffia
AI, Cybersecurity, Market Intelligence
The Army is moving fast to stay ahead in the digital battlefield. To make this happen, it is driving modernization initiatives to boost operational effectiveness and strengthen national security with a comprehensive IT modernization strategy. If you're in IT sales, knowing what the Army is focusing on can help you tailor your solutions to their needs and effectively establish a trusting partnership in the long run. Let's examine the top five IT modernization initiatives that are shaping the Army's 2025 vision and see how your tech solutions can help.
Toan Le
Big Data, Big Data & Analytics, Cybersecurity, Market Intelligence, State & Local Government, Technology
The Center for Digital Government’s 2025 Beyond the Beltway Market Briefing event took place in Mclean, VA last week where state and local government leaders shared insights into top technology priorities for 2025.Some of the key topics of discussion were the 2025 state and local market outlook, the potential impact of the new administration on government technology, emerging technologies such as AI, the foundational role of data, the evolving cybersecurity landscape and modernization and the customer experience.
Yvonne Maffia
IT Perspective, Market Intelligence, State & Local Government, Technology
Numerous cities in the United States struggle with wastewater issues. Many cities’ systems are designed to accommodate smaller populations, and historical rainfall patterns are increasingly prone to causing overflows – where wastewater spills into drinking water sources, streets and homes. And many cities utilize mostly combined wastewater systems where wastewater and rainwater both drain through the same infrastructure, creating increased stress on city systems during storms.
Gabriel Zighelboim
Big Data, Cloud, Cybersecurity, Market Intelligence
With any new executive administration, change is inevitable for federal agency priorities. It remains true, however, that departments and agencies consistently rely on IT products and services and historic trends confirm stability in public sector IT spending under both Republican and Democratic administrations. For FY25, much of the spending has already been laid out in the budget and priorities for FY26 are well under way, so you can expect to see little change to agency needs in the very near term.
Gabriel Zighelboim
Cybersecurity, Digital Design, Market Intelligence, State & Local Government
On December 12th, 2024, The National Association of State Chief Information Officers (NASCIO) released its 2025 annual top 10 priorities list identifying the most pressing technology and policy issues that state CIOs are prioritizing for the upcoming year.
Yvonne Maffia
Cybersecurity, IT Infrastructure, Market Intelligence
The final CMMC rule went into effect December 16, 2024.
Toan Le
Cybersecurity, Education, Market Intelligence
This year’s annual EDUCAUSE Conference took place in San Antonio, Texas, where higher education leaders shared key insights into top edtech trends, priorities and challenges shaping the higher education landscape. The 2025 Educause Top 10 priorities list addresses how higher education technology and data leaders can work together to restore trust within the education sector by building competent and caring institutions through collaboration, consistent results and shifting from monolithic systems and processes to more flexible and unified solutions.
Yvonne Maffia
Big Data, Cybersecurity, Market Intelligence, Technology
Hello from DoDIIS in Omaha, Nebraska! TDSYNNEX Public Sector is once again attending, so if you didn’t make it out to the city that invented the Reuben sandwich, we’ve got you covered. The conference kicked off with a heavy focus on several prevailing themes, notably: cybersecurity, deterrence, interoperability, and data centricity. If you read that list and thought AI was missing – fear not – it was included in discussions, but primarily as a vehicle for aiding in the intelligence community’s (IC) top priorities.
Susanna Patten
Cybersecurity, Market Intelligence, State & Local Government, Technology
The 2024 National Association of State Chief Information Officers (NASCIO) Annual Conference took place in New Orleans, Louisiana earlier this month, where state leaders shared key insights into FY25 top technology priorities, challenges and lessons learned. Some of the key focus areas included AI, with emphasis on generative AI (Gen AI) tech, data management, governance, privacy and accessibility, cybersecurity and risk management and digital services and modern government.
Yvonne Maffia
AI, Cybersecurity, Market Intelligence
This month marks the 20th anniversary of the declaration of “Cybersecurity Awareness Month,” originally created by the Department of Homeland Security and the National Cyber Security Alliance in 2004. Since then, we’ve seen vast amounts of change and innovation in the sector. We’ve also seen continually updated legislation, new technology and opportunities for IT companies to penetrate the market as federal agencies continue to watch threats evolve.
Susanna Patten
Cybersecurity, Federal Government, Market Intelligence, Technology
The US military information network comprises over 15,000 classified and unclassified networks facilitating information exchange for service members worldwide. Known as the Department of Defense Network (DoDIN), it includes devices such as computers, mobile phones, weapons, servers, and data systems consistently serving military personnel at all levels. Data sharing across these devices has been under frequent threats of cyberattacks by adversaries and necessitates keen vigilance by the Defense Information System Agency (DISA) to manage risks and vulnerabilities.
Toan Le
Cybersecurity, Federal Government, Market Intelligence
Defending against cyberattacks is an ongoing battle for the Air Force, Army, and Navy, and requires strategic maneuvering and intelligent solutions. An integral part of these solutions has been the collaboration and technical support from the defense industrial base (DIB). Recently, the principal cyber advisors from each branch announced their challenges and priorities geared toward addressing cyber needs.
Toan Le
Cybersecurity, Market Intelligence, State & Local Government
The 2024 fiscal year-end is coming to a close for 46 states, which means that it’s time to put on those running shoes and take advantage of any last minute, end-of-year opportunities. State, local and education (SLED) organizations are already game planning where to funnel resources and dollars in next year’s budget, highlighting the top priorities and challenges that will shape future downstream requirements.Key points to keep in mind:
Yvonne Maffia
Cybersecurity, Federal Government, Infrastructure, Market Intelligence
Recently the Office of the Director of National Intelligence (ODNI) released a roadmap entitled Vision for the IC Information Environment to outline a vision to protect the nation from adversaries and maintain a “strategic advantage" over those intending to harm its information infrastructure. The roadmap contains recommendations from a collaboration of more than one hundred technical leaders from the intelligence community (IC).
Toan Le
Cybersecurity, Market Intelligence, State & Local Government
The 2024 National Association of State Chief Information Officers (NASCIO) Midyear Conference took place in National Harbor, Maryland last week where state leaders shared insights into their top technology priorities, challenges, and lessons learned. Some of the key focus areas included artificial intelligence (AI) with emphasis on generative AI, data management, accessibility, and governance, cybersecurity and risk management, and modernization and the digital customer experience.Artificial Intelligence
Yvonne Maffia
Cybersecurity, Federal Government, Market Intelligence, State & Local Government
The 2024 United States presidential election is rapidly approaching, and state and local governments are focusing their efforts on bolstering election security and ensuring the proper safeguards are in place.
Yvonne Maffia
Cloud Computing, Cybersecurity, Market Intelligence
Originally passed in 2014, the Federal Information Technology Acquisition Reform Act (FITARA) was designed to improve the management of all-things-IT across federal agencies. It essentially realigned how the government purchases and updates its technology, with an aim at grading agencies based on their ability to adhere to and improve on the following categories:
Susanna Patten
Cloud Computing, Cybersecurity, Education, Market Intelligence, State & Local Government, Technology
The annual EDUCAUSE conference highlighted higher education technology trends, goals, challenges, and how to identify a way ahead for higher education institutions to be successful in today’s modern world.
Yvonne Maffia
Cybersecurity, Education, Federal Government, Market Intelligence, Technology
Over the last few months, there have been several recent cybersecurity initiatives at the federal level, aimed at bridging gaps in K-12 cybersecurity policy and strategy.
Yvonne Maffia
Cloud Computing, Cybersecurity, Market Intelligence
The Air Force hosts an annual summit known as Department of the Air Force Information Technology and Cyberpower (DAFITC) in Montgomery, Alabama, right next to Maxwell Air Force Base. It’s an opportunity for Guardians, Airmen, academics, and IT industry to come together to discuss pain point remedies and high-level plans and strategies. It is also an opportunity for branch heads to strike deals that lead to the adoption of modern and effective systems, meant to enable air superiority. Ms.
Kevin Shaker
Cybersecurity, Internet of Things, IT Infrastructure, Market Intelligence
IoT and Its Impact on Infrastructure and Governance
The Internet of Things (IoT) revolutionizes how governments, organizations, and citizens interact with the physical world. This wave of interconnected devices promises a transformative infrastructure and governmental operations shift. However as the reach of IoT grows, the implications — especially related to security — become even more profound.
Dawit Blackwell
Cybersecurity, Federal Government, Market Intelligence, Technology
The Department of Navy (DON) recently held its annual WEST Conference, this year with a strong emphasis on cybersecurity. The conference brought together key decision-makers from the Navy, Marine Corps, and Coast Guard, along with experts from various industries and government officials. The discussions were broad-ranging, covering topics related to naval warfare, technology, innovation, and cybersecurity.
Toan Le
Cybersecurity, Market Intelligence, State & Local Government
2022 was a noteworthy year for the technology sector, particularly as it relates to cybersecurity. The post-pandemic era of modernization exposed the fragility of U.S. public sector technology infrastructure and systems, widening attack surfaces and posing additional challenges for state, local and education leaders. We have witnessed the whole gamut of continually evolving security threats, ranging from election security breaches, nation-state actors, threats to critical infrastructure, ransomware attacks, hacktivism and more.
Yvonne Maffia
Cloud Computing, Cybersecurity, Education, Federal Government, IT Infrastructure, State & Local Government, Technology
The Cybersecurity and Infrastructure Security Agency (CISA) has seen increased malicious activity with ransomware attacks against K 12 educational institutions. Malicious cyber actors target school computer systems, slowing access, and rendering the systems inaccessible to essential functions, including remote learning. In some instances, ransomware actors stole and threatened to leak confidential student data unless institutions paid a ransom.
Ransomware attacks on US government organizations cost $18.9bn in 2020.
Asad Zaman
Cloud Computing, Cybersecurity, Federal Government, State & Local Government, Technology, Tips and How-Tos
TD Synnex Public Sector’s Chief Cybersecurity Technologist, Don Maclean sat down with Mark Guntrip, Senior Director of Security Strategy at Menlo Security, to discuss one of the latest emergent security threats.
James Hofsiss
Cybersecurity, Market Intelligence, Technology
“We must find fresh ways to connect forces, allies, and partners that provide an effective response to the challenge of a highly contested environment not seen in the last 20 years. Given the challenges we face today and in the future, we simply have no choice but to become more interoperable,” said General CQ Brown JR., U.S. Air Force Chief.
Toan Le
Cybersecurity
Cybersecurity Maturity Model Certification (CMMC) 2.0 is here. If your company is not prepared, the time to get ready is now, or your company may risk losing business with the Department of Defense (DoD).
The CMMC program requires cyber protection standards for companies in the Defense Industrial Base (DIB) and aims to protect sensitive unclassified information that the DoD shares with contractors and subcontractors.
Don Maclean
Cloud Computing, Cybersecurity, Technology, Tips and How-Tos
Every year, there are more and more security breaches, and it gets harder and harder to spot them. According to a leading cybersecurity vendor1, it takes almost seven months for organizations to find breaches, which gives malicious attackers plenty of time to get what they want.
Most often, system misconfigurations like default settings or credentials leave the door wide open for exploitation, resulting in these breaches. As organizations grow, this problem only gets worse because quick changes frequently result in skipped steps.
Heather Sweet
Cloud Computing, Cybersecurity, Technology, Tips and How-Tos, Training
Security is paramount in the digital age, especially when it comes to keeping networks secure. Having network security monitoring services stand between your organization and malicious attackers is crucial. Still, the volume of alerts and issues that come with them can easily overwhelm your team.
The volume of these alerts is rising every year too. According to a report by TrendMicro, 54% of teams surveyed felt like they were drowning in alerts, and 27% said they spent most of their time dealing with false positives.
Heather Sweet
Application Lifecycle, Cybersecurity, DevSecOps
Implementing zero trust may seem daunting, but it is also an opportunity to integrate more secure coding practices into your software applications from the start. Zero-trust security assumes that all traffic on your internal network is potentially malicious. Consequently, it requires taking measures to:
Don Maclean
Federal Government, IT Perspective, State & Local Government
As government agencies and organizations look to modernize their technology stacks to keep up with changes in the workforce, aging solutions, and closing contracts, they’ll all set out with a similar process: submit an RFP, review submissions, and choose a vendor. Seems simple enough.
But what government CIOs often don’t realize is that requiring proven, specific use cases may be limiting what their new (and likely expensive) technology investment can do for their organization. Here’s what I mean.
Vishal Hanjan
Cybersecurity, Federal Government
The rise in a remote workforce and use of cloud-enabled business applications equates to the browser essentially becoming our office, providing access to all necessary tools, data, and communications. Threat actors understand this paradigm shift and are now utilizing Highly Evasive Adaptive Threats (HEAT) to initiate ransomware, extortion ware, and other endpoint intrusions.
HEAT attacks are the next generation of cyber threats.
Menlo Security
Cloud Computing, Cybersecurity, Technology, Tips and How-Tos
The digital landscape evolves fast, and attackers are even faster. New ways to attack systems and organizations appear every day, and traditional methods are starting to fall behind the times.
Highly Evasive Adaptive Threats (HEAT) are the newest step in the digital world for malicious attackers. These attacks are unlike anything security experts have seen before and lead to some of the most devastating breaches ever seen.
In this article, we’ll explain how HEAT attacks impact companies worldwide and how Menlo Security’s Isolation Core can help protect your organization.
Heather Sweet
Big Data & Analytics, Cybersecurity, Market Intelligence
In a recent webinar produced by Federal News Network, the Director of the Environmental Protection Agency (EPA)’s Office of Information Security and Privacy, Tonya Manning, detailed the state of the agency’s zero trust and data handling postures, as well as its latest priorities. We’ll spotlight several takeaways and look at what’s to likely come down the pike for the EPA in the coming months and years.
Zero Trust Architecture
Susanna Patten