Tag: compliance
-
How AI is changing the GRC strategy
Tags: access, ai, best-practice, breach, business, ciso, compliance, control, data, detection, finance, framework, fraud, governance, grc, guide, law, monitoring, network, nist, privacy, regulation, risk, risk-analysis, risk-management, strategy, threat, toolAdapting existing frameworks with AI risk controls: AI risks include data safety, misuse of AI tools, privacy considerations, shadow AI, bias and ethical considerations, hallucinations and validating results, legal and reputational issues, and model governance to name a few.AI-related risks should be established as a distinct category within the organization’s risk portfolio by integrating into…
-
Data-Driven Marketing in 2025: Navigating Risks, Ethics and Compliance Management
The modern marketing stack and every effective marketing platform runs on data. From ad campaigns to user journeys,… First seen on hackread.com Jump to article: hackread.com/data-driven-marketing-2025-risks-compliance-management/
-
7 Risiken, die ohne PrivilegedManagement drohen
Cyberangriffe verursachen immer höhere Schäden laut Cobalt könnten die weltweiten Kosten bis 2029 auf 15,63 Billionen US-Dollar steigen. Ein zentraler Schwachpunkt in vielen Unternehmen bleibt das fehlende Privileged-Access-Management (PAM). Ohne PAM wachsen Risiken wie Datenschutzverletzungen, Insider-Bedrohungen und Compliance-Verstöße deutlich an. Der Grund: Privilegierte Konten mit weitreichenden Rechten und Zugriff auf sensible Daten sind Hauptziele […]…
-
AI poisoning and the CISO’s crisis of trust
Tags: access, ai, breach, ceo, ciso, compliance, control, cybersecurity, data, defense, detection, disinformation, exploit, framework, healthcare, identity, infosec, injection, LLM, monitoring, network, privacy, RedTeam, resilience, risk, russia, saas, threat, tool, trainingFoundation models began parroting Kremlin-aligned propaganda after ingesting material seeded by a large-scale Russian network known as the “Pravda Network.”A high-profile AI-generated reading list published by two American news outlets included 10 hallucinated book titles mistakenly attributed to real authors.Researchers showed that imperceptible perturbations in training images could trigger misclassification. Researchers in the healthcare domain demonstrated…
-
Check Point erhält BSI-C5-TypTestat für Cloud-Sicherheitslösung
Check Point Software Technologies gibt bekannt, dass es für seine Cloud-Sicherheitslösungen die BSI-C5-Typ-2-Testat erhalten hat. Die Testierung wurde vom Bundesamt für Sicherheit in der Informationstechnik (BSI) nach einer strengen Prüfung erteilt, die die Einhaltung von 114 Sicherheitskontrollen in 17 Anforderungskategorien bestätigte. BSI-C5 (Cloud Computing Compliance Criteria Catalogue) ist ein in Deutschland anerkannter Standard, der Mindestanforderungen…
-
âš¡ Weekly Recap: Scattered Spider Arrests, Car Exploits, macOS Malware, Fortinet RCE and More
Tags: compliance, cybersecurity, exploit, fortinet, macOS, malware, rce, remote-code-execution, risk, toolIn cybersecurity, precision matters”, and there’s little room for error. A small mistake, missed setting, or quiet misconfiguration can quickly lead to much bigger problems. The signs we’re seeing this week highlight deeper issues behind what might look like routine incidents: outdated tools, slow response to risks, and the ongoing gap between compliance and real…
-
New White House cyber executive order pushes rules as code
Organizations must turn Cyber Governance, Risk, and Compliance (GRC) into executable pipelines, a Microsoft security product manager argues. First seen on cyberscoop.com Jump to article: cyberscoop.com/new-white-house-cyber-executive-order-pushes-rules-as-code-op-ed/
-
8 tough trade-offs every CISO must navigate
Tags: access, ai, attack, business, ciso, cloud, compliance, computer, cyber, cybersecurity, ddos, defense, detection, framework, group, healthcare, incident response, jobs, malicious, mfa, regulation, resilience, risk, service, technology, threat, tool, vulnerability2. Weighing security investments when the budget forces choices: Closely related to the trade-off around risk is what CISOs must navigate when it comes to security investments.”For most CISOs, when they have to make tough choices, 99% of the time it’s due to budget constraints that force them to weight risks versus rewards,” says John…
-
Check Point erhält BSI C5 Typ 2-Testat für Cloud-Sicherheitslösung
Das Testat bestätigt die Einhaltung von Compliance für die KI-gestützte, cloudbasierte Cybersicherheitslösungen für den öffentlichen Sektor und KRITIS-Betreiber First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-erhaelt-bsi-c5-typ-2-testat-fuer-cloud-sicherheitsloesung/a41376/
-
ServiceNow-Leck ermöglicht Datendiebstahl
Tags: access, cloud, compliance, cve, cyberattack, framework, governance, government, risk, saas, update, vulnerabilityÜber eine Schwachstelle in der Zugriffskontrolle von ServiceNow-Plattformen können sensible Unternehmensdaten abgegriffen werden.Forscher von Varonis haben herausgefunden, dass eine Schwachstelle in der beliebten Workflow-Automatisierungs-Plattform von ServiceNow vertrauliche Informationen offenlegt. Nachdem die Security-Experten den Anbieter bereits im vergangenen Jahr über die Softwarelücke informiert hatten, wurde die Plattform stillschweigend gepatcht und im Mai 2025 ein Sicherheits-Update für…
-
Legal gaps in AI are a business risk, not just a compliance issue
A new report from Zendesk outlines a growing problem for companies rolling out AI tools: many aren’t ready to manage the risks. The AI Trust Report 2025 finds that while AI is … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/14/ai-governance-risks-legal-security-teams/
-
New eSIM Hack Allows Attackers to Clone Your eSIM Profile
A critical vulnerability has been identified in the GSMA TS.48 Generic Test Profile versions 6.0 and earlier, which are widely used across the eSIM industry for radio compliance testing. This flaw enables attackers with physical access to an embedded Universal Integrated Circuit Card (eUICC) to exploit publicly known keys, facilitating the installation of non-verified and…
-
FBI’s CJIS demystified: Best practices for passwords, MFA & access control
FBI’s Criminal Justice Information Services (CJIS) compliance isn’t optional when handling law enforcement data. From MFA to password hygiene, see how Specops Software helps meet FBI standards while also securing your Windows Active Directory. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbis-cjis-demystified-best-practices-for-passwords-mfa-and-access-control/
-
FBI’s CJIS demystified: Best practices for passwords, MFA & access control
FBI’s Criminal Justice Information Services (CJIS) compliance isn’t optional when handling law enforcement data. From MFA to password hygiene, see how Specops Software helps meet FBI standards while also securing your Windows Active Directory. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbis-cjis-demystified-best-practices-for-passwords-mfa-and-access-control/
-
DigiCert-Umfrage: Manuelle Zertifikatsprozesse führen zu Ausfällen, Compliance-Fehlern und hohen Verlusten im Unternehmen
Tags: complianceFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/digicert-zertifikatsprozesse-schaeden-unternehmen
-
Hg Purchases A-Lign to Accelerate Cyber Compliance Growth
Cybersecurity Compliance Vendor A-Lign Plans Global Expansion With Backing From Hg. Cybersecurity compliance firm A-LIGN has received a majority investment from Hg, a top tech-focused private equity firm. The deal supports A-LIGN’s global ambitions to deliver SOC 2 and other compliance audits and leverages Hg’s expertise in scaling data and AI-driven services. First seen on…
-
The trust crisis in the cloud”¦and why blockchain deserves a seat at the table
Tags: access, blockchain, breach, cloud, compliance, control, credentials, crypto, data, data-breach, framework, gartner, iam, identity, infrastructure, jobs, risk, threat, tool, zero-trustLimited visibility and tamperable logs. Cloud providers manage logs and telemetry internally. As tenants, we often depend on them to provide logs after an incident without a guarantee of tamper-proof integrity. This lack of transparency hampers forensic investigations and incident response.Privilege concentration and insider risk. CSP administrators often hold elevated access privileges, making them single…
-
The trust crisis in the cloud”¦and why blockchain deserves a seat at the table
Tags: access, blockchain, breach, cloud, compliance, control, credentials, crypto, data, data-breach, framework, gartner, iam, identity, infrastructure, jobs, risk, threat, tool, zero-trustLimited visibility and tamperable logs. Cloud providers manage logs and telemetry internally. As tenants, we often depend on them to provide logs after an incident without a guarantee of tamper-proof integrity. This lack of transparency hampers forensic investigations and incident response.Privilege concentration and insider risk. CSP administrators often hold elevated access privileges, making them single…
-
Claroty erhält C5-Testat für Cloud-Sicherheit
Claroty hat mit dem C5 (Cloud-Computing-Compliance-Criteria-Catalogue)-Testat eine der höchsten Auszeichnungen für Cloud-Sicherheitsstandards in Deutschland erhalten. Der Spezialist für die Sicherheit cyberphysischer Systeme (CPS) hat dabei die strengen, vom Bundesamt für Sicherheit in der Informationstechnik (BSI) definierten Anforderungen erfüllt und unterstreicht damit seine Zielsetzung, Cybersecurity und Compliance durch eine sichere und regelkonforme Cloud bereitzustellen. Der Kriterienkatalog…
-
Strengthening Compliance: The Role of WAFs in PCI DSS 4.0.1
A properly configured WAF is no longer optional but mandatory, providing organizations with real-time protection against evolving web-based threats while ensuring regulatory compliance. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/strengthening-compliance-the-role-of-wafs-in-pci-dss-4-0-1/
-
Skills gaps send CISOs in search of managed security providers
Tags: access, awareness, business, ciso, compliance, control, cyber, cybersecurity, detection, governance, group, infrastructure, intelligence, jobs, monitoring, msp, mssp, network, penetration-testing, risk, risk-assessment, service, skills, strategy, threat, tool, training, update, vulnerabilitySecurity operations centers (SOCs)Cloud platform managementSIEM and log monitoringFramework-based cybersecurity management functionsThreat intelligence feeds and analysisVulnerability scanning and patch managementEndpoint detection and response (EDR)Firewall and network security managementCompliance tracking and audit support”MSPs already have the infrastructure and staff in place to deliver these services efficiently, and at scale,” Richard Tubb, who runs the MSP community…
-
Cybersecurity in the supply chain: strategies for managing fourth-party risks
Tags: access, breach, business, ciso, compliance, control, cyber, cybersecurity, data, exploit, framework, governance, intelligence, ISO-27001, law, mitigation, monitoring, nist, risk, risk-management, saas, service, soc, software, strategy, supply-chain, threat, tool, vulnerabilitySet clear data boundaries: The reality is that any organization consuming third-party software-as-a-service offerings and services has extremely limited control over the partners that their third parties are working with, says Curtis Simpson, CISO at Armis.”This is why it’s critically important to understand the sub-processors involved in the delivery of contracted SaaS offerings and services,…
-
With Iran Cyberthreat Growing, CMMC Isn’t Looking So Crazy: Analysis
The rising cyberthreat from Iran shows why the DoD’s ultra-stringent security requirements for compliance with its CMMC program are probably worthwhile, despite all the messiness associated with the program. First seen on crn.com Jump to article: www.crn.com/news/security/2025/with-iran-cyberthreat-growing-cmmc-isn-t-looking-so-crazy-analysis
-
Guiding Global Teams: Fostering Compliance and Creativity
Tags: complianceWith empowered advocates and continuous measurement, teams can navigate the ï¬ne line between compliance, rule adherence and creative freedom. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/guiding-global-teams-fostering-compliance-and-creativity/
-
Why compliance gets easier when you don’t manually manage secrets
Manually managing secrets increases your compliance burden. This article explains what frameworks demand and how managed secrets platforms like Doppler keep you audit-ready. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/why-compliance-gets-easier-when-you-dont-manually-manage-secrets/
-
Compliance als Erfolgsfaktor im Finanzsektor – Monitoring und Incident Management in der Cloud
First seen on security-insider.de Jump to article: www.security-insider.de/monitoring-und-incident-management-in-der-cloud-a-ea6e914d615092015caf09f3eaceaac1/
-
Rethinking IT Risk Assessments for OT Environments
Sydney Trains’ Maryam Shoraka on Identifying the Blind Spots in OT Systems. IT organizations can apply multiple frameworks to help reduce risk, but relying on them in OT environments could create blind spots. Security leaders must rethink compliance-driven strategies and adapt controls to meet the unique demands of industrial systems, said Sydney Trains’ Maryam Shoraka.…
-
Tackling Cloud Security Challenges in Runtime Environments
Rinki Sethi, chief security officer for Upwind, unpacks why runtime is the new battleground for cloud defense. Sethi traces her epiphany back to 2022, when she first heard that you can’t secure what you can’t see in real time. Configuration checks and compliance scans are fine, she says, but attackers still slip through unless you’re..…