Tag: compliance
-
Applying Tenable’s Risk-based Vulnerability Management to the Australian Cyber Security Centre’s Essential Eight
Tags: ai, attack, breach, business, cloud, compliance, container, control, cvss, cyber, cybersecurity, data, data-breach, defense, endpoint, finance, firewall, framework, google, government, identity, incident response, infrastructure, intelligence, Internet, microsoft, mitigation, network, ransomware, risk, service, software, strategy, technology, threat, tool, update, vpn, vulnerability, vulnerability-management, windows, zero-dayLearn how Thales Cyber Services uses Tenable to help customers navigate the maturity levels of the Essential Eight, enabling vulnerability management and staying ahead of cyber threats. In today’s fast-moving digital world, cyber threats are more advanced and relentless than ever. A single security breach can mean financial loss, reputational damage and operational chaos. That’s…
-
Cyber insurance emerging as a compliance factor
Espria has added its voice to concerns that growing numbers of firms are going to fall foul of the demands of the insurance industry First seen on computerweekly.com Jump to article: www.computerweekly.com/microscope/news/366628131/Cyber-insurance-emerging-as-a-compliance-factor
-
BSidesSF 2025: Compliance Without The Chaos: Building It Right Into Your DevOps Pipeline
Creator/Author/Presenter: Varun Gurnaney Our deep appreciation to Security BSides – San Francisco and the Creators/Authors/Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon – certainly a venue like no other; and via the organization’s YouTube channel. Additionally, the organization is welcoming…
-
Deploying Gen AI Guardrails for Compliance, Security and Trust
Explore AI guardrails for generative AI. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/deploying-gen-ai-guardrails-for-compliance-security-and-trust/
-
How CISOs can scale down without compromising security
Tags: breach, business, ciso, compliance, control, cybersecurity, data, detection, finance, framework, gartner, governance, intelligence, jobs, metric, open-source, regulation, resilience, risk, soc, strategy, threat, tool, training, vulnerabilityStrategic risk (high, medium, low): What’s the actual exposure if this control fails?Business alignment: Which functions are enabling revenue, customer trust, or compliance?No-brainers: These are redundant tools, shelfware, or “security theatre” controls that look good on paper but deliver no measurable protection.For this assessment, Mahdi brings together a cross-functional team that includes business unit leaders,…
-
Mapping Mayhem: Security’s Blind Spots in Identity Security
For years, primarily driven by regulatory compliance mandates, such as the Sarbanes-Oxley Act of 2002, identity and access management has been treated as a regulatory compliance exercise, rather than the security exercise it should be, and simply checking off compliance requirements leaves many organizations with a dangerous and false sense of security. This is.. First…
-
Insights from Talos IR: Navigating NIS2 technical implementation
ENISA’s 2025 NIS2 guidance makes compliance more complex, but Talos IR’s services directly align with new requirements for reporting, logging and incident response. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/insights-from-talos-ir-navigating-nis2-technical-implementation/
-
Private Cloud gewinnt an Bedeutung Studie: Sicherheit, Compliance und KI im Fokus
First seen on security-insider.de Jump to article: www.security-insider.de/cloud-studie-sicherheit-compliance-und-ki-im-fokus-a-64dc89e2052683d095f61b79fbfcb80d/
-
Empathie trifft IT-Sicherheit: Der Weg zu gelebter Compliance
CISOs sollten Sicherheitsrichtlinien mit Blick auf die Belegschaft gestalten.In vielen Unternehmen stoßen IT-Sicherheitsrichtlinien auf Widerstand, da Mitarbeitende sie als hinderlich oder praxisfern empfinden. Dies erschwert die Umsetzung, untergräbt die Wirksamkeit und belastet die Zusammenarbeit zwischen der Sicherheitsabteilung und den Fachbereichen. Statt als Partner wird Cybersecurity oft als Bremser wahrgenommen ein fatales Sicherheitsrisiko. Für CISOs (Chief…
-
Overcoming Risks from Chinese GenAI Tool Usage
A recent analysis of enterprise data suggests that generative AI tools developed in China are being used extensively by employees in the US and UK, often without oversight or approval from security teams. The study, conducted by Harmonic Security, also identifies hundreds of instances in which sensitive data was uploaded to platforms hosted in China,…
-
Overcoming Risks from Chinese GenAI Tool Usage
A recent analysis of enterprise data suggests that generative AI tools developed in China are being used extensively by employees in the US and UK, often without oversight or approval from security teams. The study, conducted by Harmonic Security, also identifies hundreds of instances in which sensitive data was uploaded to platforms hosted in China,…
-
Wegen Sicherheit, Compliance und KI – Private-Cloud-Adoption beschleunigt sich
First seen on security-insider.de Jump to article: www.security-insider.de/private-cloud-adoption-beschleunigt-sich-a-37bf52d5e63ae68cb190e223cc36c73b/
-
What 50 companies got wrong about cloud identity security
Most organizations still miss basic identity security controls in the cloud, leaving them exposed to breaches, audit failures, and compliance violations. A new midyear … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/25/organizations-cloud-identity-security/
-
How SWIS school strengthened staff online safety and compliance with Meta1st
Against the backdrop of escalating cyberattack threats, schools face growing pressure to ensure the safety, compliance and digital literacy of both students and staff. At SWIS school, a private school based near London, this challenge was recognised early and acted upon with intention. The school’s leadership team understood that protecting students goes beyond traditional The…
-
Microsoft ‘digital escorts’ reveal crucial US counterintelligence blind spot
Tags: access, china, cio, cloud, compliance, country, cyber, cybersecurity, data, defense, firewall, framework, google, government, injection, intelligence, law, microsoft, military, oracle, risk, service, threat, update, vulnerabilityWhat the program was, and how it worked: The digital escort model, according to ProPublica, was designed to comply with federal contracting rules that prohibit foreign nationals from directly accessing sensitive government systems. Under this framework:China-based engineers would file support tickets for tasks such as firewall updates or bug fixes.US-based escorts, often former military personnel…
-
New Report Reveals Just 10% of Employees Drive 73% of Cyber Risk
Tags: access, ai, attack, awareness, ceo, compliance, cyber, cybersecurity, data, finance, government, identity, office, phishing, resilience, risk, risk-management, strategy, technology, threat, trainingHuman risk is concentrated, not widespread: Just 10% of employees are responsible for nearly three-quarters (73%) of all risky behavior.Visibility is alarmingly low: Organizations relying solely on security awareness training (SAT) have visibility into only 12% of risky behavior, compared to 5X that for mature HRM programs.Risk is often misidentified: Contrary to popular belief, remote…
-
Securing Revenue Data in the Cloud: Compliance and Trust in a Digital Age
With cyberthreats intensifying and regulatory bodies tightening oversight, securing revenue data in the cloud is essential. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/securing-revenue-data-in-the-cloud-compliance-and-trust-in-a-digital-age/
-
Is AI here to take or redefine your cybersecurity role?
Tags: ai, attack, automation, business, ceo, cloud, compliance, conference, control, crowdstrike, cyber, cybersecurity, data, governance, intelligence, jobs, monitoring, phishing, risk, skills, soc, software, strategy, technology, threat, training, vulnerability“AI is coming, and will take some jobs, but no need to worry.”That headline ran atop a CSO story published in 2016. Nine years later, the prediction feels closer to coming true, with questions around jobs being replaced or redefined and whether cybersecurity pros should be worried taking on greater nuance, and still hanging in…
-
Threat actors scanning for apps incorporating vulnerable Spring Boot tool
Tags: access, attack, authentication, ciso, compliance, country, credentials, cybersecurity, data, data-breach, email, encryption, endpoint, exploit, finance, flaw, governance, group, hacker, incident response, infrastructure, Internet, kev, nist, organized, password, risk, technology, threat, tool, vulnerability, zero-day/health endpoints, commonly used to detect internet-exposed Spring Boot deployments. If vulnerable implementations of apps, including TeleMessage SGNL, are found, they could be exploited to steal sensitive data in heap memory, including plaintext usernames and passwords. The hole is serious enough that it was added this week to the US Cybersecurity and Infrastructure Security Agency’s Known Exploited…
-
Texas Drug, Alcohol Testing Firm Hack Affects Nearly 750,000
Cybercrime Group Bian Lian Claimed Responsibility for Attack Last Year. A Texas-based firm that conducts workplace drug and alcohol testing for private employers and for compliance with state and federal agencies, including the Department of Transportation, disclosed to regulators that a July 2024 hacking incident affected nearly 750,000 people. First seen on govinfosecurity.com Jump to…
-
8 trends transforming the MDR market today
Tags: access, ai, at&t, attack, automation, breach, cloud, compliance, control, cyber, cybersecurity, data, detection, edr, endpoint, framework, GDPR, google, identity, infrastructure, intelligence, iot, least-privilege, monitoring, mssp, network, nis-2, ransomware, risk, service, siem, soc, sophos, strategy, technology, threat, tool, zero-trustDigital transformation complexifies the attack surface: As businesses modernize their IT environments, the complexity of securing hybrid and cloud-native infrastructures increases, making MDR an attractive option for scalable, expert-led protection, experts say.The shift to hybrid work, IoT adoption, and an increase in cloud migrations have dramatically expanded attack surfaces, while ransomware and AI-powered attacks constantly…
-
Elite Russian university launches degree program on sanctions evasion
The Higher School of Economics (HSE), a leading Russian institution, said the two-year course will focus on international corporate compliance and business ethics, and will be taught in both Russian and English. First seen on therecord.media Jump to article: therecord.media/russian-university-sanctions-evasion-degree
-
28 Prozent der deutschen Finanzdienstleister fehlen kritische Maßnahmen für die DORA-Compliance
Eine Umfrage von Veeam zeigt: Obwohl viele Unternehmen die DORA-Richtlinie priorisieren, gibt es in Deutschland insbesondere bei Incident-Reporting und Datenresilienz noch Luft nach oben. Mit Inkrafttreten der EU-Verordnung zur digitalen operationellen Resilienz (DORA) Mitte Januar 2025 stehen Finanzinstitute unter Zugzwang: Sie müssen ihre IT-Sicherheit aufgrund der herrschenden Gefahrenlage entlang eines Katalogs an Maßnahmen auf einen…
-
China-linked hackers target Taiwan chip firms in a coordinated espionage campaign
Tags: access, ai, attack, china, compliance, control, credentials, cyber, cybersecurity, detection, email, espionage, exploit, finance, framework, government, group, hacker, intelligence, international, login, monitoring, network, phishing, software, supply-chain, technology, threat, warfareInvestment banks in the crosshairs: A second group, UNK_DropPitch, targeted the financial ecosystem surrounding Taiwan’s semiconductor industry. This group conducted phishing campaigns against investment banks, focusing on individuals specializing in Taiwanese semiconductor analysis. The phishing emails purported to come from fictitious financial firms seeking collaboration opportunities.The third group, UNK_SparkyCarp, focused on credential harvesting through sophisticated…
-
Viele deutsche Finanzdienstleister noch nicht bereit für DORA
Die Veeam DORA Confidence Survey wurde im Juni 2025 vom Marktforschungsinstitut Censuswide durchgeführt. Befragt wurden 404 IT- und Compliance-Verantwortliche von Finanzdienstleistern mit über 500 Mitarbeitenden in Deutschland, Großbritannien, Frankreich und den Niederlanden darunter 104 aus Deutschland. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/viele-deutsche-finanzdienstleister-noch-nicht-bereit-fuer-dora/a41423/
-
Most European Financial Firms Still Lagging on DORA Compliance
A Veeam survey found that 96% of financial services organizations believe their current levels of data resilience falls short of DORA compliance, citing major challenges First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/european-financial-dora-compliance/