Tag: ciso
-
Rising attack exposure, threat sophistication spur interest in detection engineering
Tags: access, ai, attack, automation, banking, ceo, ciso, cloud, compliance, cyber, cybersecurity, data, detection, endpoint, exploit, finance, framework, healthcare, infrastructure, insurance, intelligence, LLM, malware, mitre, network, programming, ransomware, RedTeam, risk, sans, siem, software, supply-chain, tactics, technology, threat, tool, update, vulnerability, zero-dayMore than the usual threat detection practices: Proponents argue that detection engineering differs from traditional threat detection practices in approach, methodology, and integration with the development lifecycle. Threat detection processes are typically more reactive and rely on pre-built rules and signatures from vendors that offer limited customization for the organizations using them. In contrast, detection…
-
A CISO’s guide to securing AI models
In AI applications, machine learning (ML) models are the core decision-making engines that drive predictions, recommendations, and autonomous actions. Unlike traditional IT … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/26/ml-models-security/
-
Cyber Risks Drive CISOs to Surf AI Hype Wave
Gartner Says Hype Can Benefit Organizations That Harness It for Business Advantage. Organizations haven’t yet drawn business value from AI investments, and many feel AI is overhyped. Gartner analysts said encouraging intelligent risk-taking and investing in cybersecurity can improve an organization’s resilience, giving businesses confidence to embrace technologies like AI. First seen on govinfosecurity.com Jump…
-
Was passiert, wenn niemand den Hut aufhat?
Tags: cisoDie Rolle des ISO/IEC 27001 Lead Implementers warum sie für CISOs strategisch wichtig ist und wie sie Informationssicherheit wirksam im Unternehmen verankert. First seen on itsicherheit-online.com Jump to article: www.itsicherheit-online.com/news/security-management/was-passiert-wenn-niemand-den-hut-aufhat/
-
Quantenschlüssel aus der Sicht des CISO
Quantum Key Distribution (QKD) dient dazu, Verschlüsselungsschlüssel sicher zwischen zwei Parteien zu verteilen.Der sogenannte Q-Day, an welchem Quantencomputer leistungsstark genug sind aktuelle Standardmethoden der Verschlüsselung zu knacken, rückt näher. Eine der Lösungen, welche zum Schutz vor dieser Quantenbedrohung entwickelt wurde, ist die sogenannte Quantum Key Distribution (QKD). Das Potenzial von QKD ist immens, ihr aktueller…
-
Trump shifts cyberattack readiness to state and local governments in wake of info-sharing cuts
Tags: advisory, cio, cisa, ciso, communications, cyber, cyberattack, cybersecurity, election, government, group, infrastructure, intelligence, Internet, metric, office, resilience, risk, russia, strategy, technology, threatCreating a national resilience strategy The EO requires the assistant to the President for national security affairs (APNSA), in coordination with the assistant to the President for economic policy and the heads of relevant executive departments and agencies, to publish within 90 days (by June 17) a National Resilience Strategy that articulates the priorities, means,…
-
CISOs are taking on ever more responsibilities and functional roles has it gone too far?
Tags: ai, business, cio, ciso, cloud, compliance, computing, control, corporate, cyber, cybersecurity, data, defense, framework, fraud, governance, healthcare, infosec, intelligence, international, Internet, jobs, law, mitigation, nist, privacy, regulation, resilience, risk, risk-management, service, skills, software, supply-chain, technology, threatth century alongside technology and internet-enabled threats, morphing to meet the demands of the moment. But the position hasn’t just matured; in many cases it has expanded, taking on additional domains.”The CISO role has expanded significantly over the years as companies realize that information security has a unique picture of what is going on across…
-
Cloud providers aren’t delivering on security promises
Security concerns around cloud environments has prompted 44% of CISOs to change cloud service provider, according to Arctic Wolf. This is being driven by the fact that 24% … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/24/cloud-environments-security-concerns/
-
Cybersicherheitsstrategie – 6 Gartner-Empfehlungen für CISOs
First seen on security-insider.de Jump to article: www.security-insider.de/herausforderungen-empfehlungen-cisos-ki-cybersicherheit-a-3ae4293b46bd83ca3d23916adc962aa3/
-
Für Cyberattacken gewappnet Krisenkommunikation nach Plan
Lesen Sie, welche Aspekte für einen Krisenkommunikationsplan entscheidend sind.Cyberangriffe fordern nicht nur CISOs in punkto Prävention und Krisenbewältigung heraus. Auch die Unternehmenskommunikation ist mit im Boot. Sie ist verantwortlich für den Krisenkommunikationsplan, den sie mit dem CISO entwickelt und bei Cybersicherheitsvorfällen umsetzt.Eine gute Krisenprävention hat aus der Perspektive der Kommunikation drei Elemente und beginnt nicht…
-
CISA marks NAKIVO’s critical backup vulnerability as actively exploited
Tags: access, advisory, backup, cisa, ciso, cloud, cybersecurity, exploit, kev, mitigation, network, service, update, vulnerabilityCISOs advised to push for immediate patching: CISA has advised immediate federal and civilian patching of the flaw. For the Federal Civilian Executive Branch (FCEB) agencies, the US cybersecurity watchdog has stipulated a patching deadline of April 19, 2025, in accordance with the BOD 22-01 directive.”Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance…
-
AI Regs: Compliance Risks and Hidden Liabilities for CISOs
Attorney Jonathan Armstrong on AI Security, Legal Risks Related to EU AI Act. AI regulation is evolving fast, and many businesses may already be violating key provisions without realizing it. Jonathan Armstrong, partner at Punter Southall Law, warns that companies may be using high-risk AI applications without security teams even knowing. First seen on govinfosecurity.com…
-
From Cloud Native to AI Native: Lessons for the Modern CISO to Win the Cybersecurity Arms Race
By adopting AI Native security operations, organizations gain a formidable defense posture and streamline their use of human talent for the most challenging, creative and impactful tasks First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/from-cloud-native-to-ai-native-lessons-for-the-modern-ciso-to-win-the-cybersecurity-arms-race/
-
How CISOs are approaching staffing diversity with DEI initiatives under pressure
Staffing diversity can help avoid homogenous thinking: Similarly, Sam McMahon, senior manager of IT and security at Valimail, underscores the necessity of representing different backgrounds and mindsets.”In my experience, even small security teams benefit greatly from the variety of perspectives that come with different backgrounds and skill sets,” he says. “We know that the majority…
-
5 pitfalls that can delay cyber incident response and recovery
The responsibility of cyber incident response falls squarely on the shoulders of the CISO. And many CISOs invest heavily in technical response procedures, tabletop exercises … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/20/incident-response-pitfalls/
-
How healthcare CISOs can balance security and accessibility without compromising care
In this Help Net Security interview, Sunil Seshadri, EVP and CSO at HealthEquity, talks about the growing risks to healthcare data and what organizations can do to stay ahead. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/20/sunil-seshadri-healthequity-healthcare-data-risk/
-
That breach cost HOW MUCH? How CISOs can talk effectively about a cyber incident’s toll
Tags: attack, breach, business, ciso, cyber, cybersecurity, data, email, incident, incident response, insurance, jobs, network, phone, ransomware, risk, risk-managementThe importance of practice in estimating costs: Quantifying the costs of an incident in advance is an inexact art greatly aided by tabletop exercises. “The best way in my mind to flush all of this out is by going through a regular incident response tabletop exercise,” Gary Brickhouse, CISO at GuidePoint Security, tells CSO. “People…
-
Moving beyond checkbox security for true resilience
In this Help Net Security interview, William Booth, director, ATTCK Evaluations at MITRE, discusses how CISOs can integrate regulatory compliance with proactive risk … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/19/william-booth-mitre-proactive-security-measures/
-
Breaking Down Risks in Cybersecurity
Cyber Crime Junkies podcast Breaking Down Risks in Cybersecurity A great conversation on the Cyber Crime Junkies podcast with David Mauro! We covered so many different topics that the CISOs are struggling with: Generative vs Agentic AI risks and opportunities How cyber attackers leverage powerful tools like…
-
Why States Will Need to Step Up Cyber Help for Healthcare
As uncertainty mounts about the range of cyber resources the federal government will continue to offer healthcare and other critical infrastructure sectors during the Trump administration, states will need to step up their support, said Mike Hamilton, field CISO of cybersecurity firm Lumifi Cyber. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/states-will-need-to-step-up-cyber-help-for-healthcare-i-5467
-
Not all cuts are equal: Security budget choices disproportionately impact risk
Tags: ai, application-security, attack, awareness, backdoor, breach, bug-bounty, business, ceo, ciso, cloud, compliance, container, control, cyber, cybersecurity, data, iam, identity, incident response, infrastructure, monitoring, phishing, risk, risk-management, service, software, strategy, technology, threat, tool, training, update, usa, vulnerability[Source: Splunk] As cyber threats evolve at an unprecedented pace, delaying essential technology upgrades can severely impact an organization. The newest technological updates are introduced to enhance an organization’s security offerings and directly address recently identified challenges.”Outdated systems lack new features and functionality that allow for more sophisticated offerings, like moving to the cloud,” Kirsty…
-
How financial institutions can minimize their attack surface
In this Help Net Security interview, Sunil Mallik, CISO of Discover Financial Services, discusses cybersecurity threats for financial institutions. He also shares insights on … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/18/sunil-mallik-discover-financial-institutions-security/
-
What Is Exposure Management and Why Does It Matter?
Tags: access, attack, breach, business, ciso, cloud, compliance, credentials, cve, cyber, cybersecurity, data, data-breach, group, identity, infrastructure, iot, metric, password, phishing, risk, service, software, technology, threat, tool, vulnerability, vulnerability-managementEach Monday, the Tenable Exposure Management Academy will provide the practical, real-world guidance you need to shift from vulnerability management to exposure management. In our first blog in this new series, we get you started with an overview of the differences between the two and explore how cyber exposure management can benefit your organization. Traditional…
-
AI development pipeline attacks expand CISOs’ software supply chain risk
Tags: access, ai, api, application-security, attack, backdoor, breach, business, ciso, cloud, container, control, cyber, cybersecurity, data, data-breach, detection, encryption, exploit, flaw, fortinet, government, infrastructure, injection, intelligence, LLM, malicious, malware, ml, network, open-source, password, penetration-testing, programming, pypi, risk, risk-assessment, russia, saas, sbom, service, software, supply-chain, threat, tool, training, vpn, vulnerabilitydevelopment pipelines are exacerbating software supply chain security problems.Incidents of exposed development secrets via publicly accessible, open-source packages rose 12% last year compared to 2023, according to ReversingLabs (RL).A scan of 30 of the most popular open-source packages found an average of six critical-severity and 33 high-severity flaws per package.Commercial software packages are also a…
-
Tel Aviv Stock Exchange CISO: Making Better Use of Your SIEM
If rule writing for SIEMs isn’t managed properly, it can lead to false positives and misconfigurations, which create extra work for the SOC team. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/tel-aviv-stock-exchange-ciso-making-better-use-of-your-siem
-
7 misconceptions about the CISO role
Tags: api, attack, breach, business, ceo, ciso, compliance, control, corporate, cyber, cyberattack, cybersecurity, defense, exploit, finance, firewall, governance, infrastructure, insurance, jobs, network, password, phishing, resilience, risk, risk-assessment, risk-management, saas, software, startup, strategy, technology, threat, tool, training, update, vulnerabilityKatie Jenkins, EVP and CISO, Liberty Mutual Insurance Liberty Mutual InsuranceThe field is changing so rapidly, Jenkins adds, she needs to commit time to keeping up on research and connecting with other CISOs for knowledge exchange.In addition to securing infrastructure, an effective CISO focuses on securing the business, experts say. This requires understanding how security…