Tag: compliance

Top 10 Privileged Access Management Solutions for 2026

Jan 10, 2026 9:01 AM

Tags: access, ai, cloud, compliance, saas

Privileged Access Management (PAM) solutions have moved from a compliance requirement to a front-line security control. As organizations expand across hybrid cloud, SaaS, DevOps pipelines, non-human identities, and now agentic AI, privileged access has become both more pervasive and more dangerous. Analyst… Read More First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/top-10-privileged-access-management-solutions-for-2026/
How are Agentic AI systems ensuring compliance?

Jan 10, 2026 5:01 AM

Tags: ai, compliance, identity

Are Non-Human Identities (NHIs) the Missing Piece in Agentic AI Compliance? There’s a silent yet critical player: the Non-Human Identity (NHI). With organizations increasingly adopting Agentic AI systems to streamline operations and enhance compliance, the role of NHIs in securing these systems has never been more crucial. But what exactly are NHIs, and how do……
Beyond “Is Your SOC AI Ready?” Plan the Journey!

Jan 9, 2026 10:01 PM

Tags: access, ai, api, automation, breach, business, ciso, compliance, control, data, detection, framework, guide, metric, mitre, siem, soar, soc, software, strategy, technology, threat, tool, training, update

You read the “AI-ready SOC pillars” blog, but you still see a lot of this: Bungled AI SOC transition How do we do better? Let’s go through all 5 pillars aka readiness dimensions and see what we can actually do to make your SOC AI-ready. #1 SOC Data Foundations As I said before, this one is my…
The New Weak Link in Compliance Isn’t Code It’s Communication

Jan 9, 2026 6:01 PM

Tags: authentication, compliance, cybersecurity, vulnerability

Cybersecurity has never been only a technical problem, but the balance of what truly makes an organization secure has shifted dramatically. For years, the industry assumed the greatest dangers lived in code, in vulnerable servers, old libraries, unpatched systems, and brittle authentication flows. Enterprises poured money and time into shoring up these weaknesses with.. First…
Red-Teaming als Eckpfeiler der KI-Compliance

Jan 9, 2026 2:01 PM

Tags: ai, compliance, LLM, RedTeam

KI-Systeme spielen in allen Branchen zunehmend eine zentrale Rolle bei kritischen Vorgängen. Gleichzeitig steigen die Sicherheitsrisiken durch den Einsatz der künstlichen Intelligenz rapide. Red Teaming hat sich als Eckpfeiler zum Schutz von KI etabliert insbesondere, wenn agentenbasierte KI immer stärkeren Einzug in Unternehmen hält. Multi-LLM (Large-Language-Models)-Systeme treffen autonome Entscheidungen und führen Aufgaben ohne menschliches […]…
CCPA Compliance Checklist for 2026: What You Need to Know

Jan 9, 2026 1:01 PM

Tags: compliance, law, privacy

Key Takeaways The California Consumer Privacy Act (CCPA) is California’s primary privacy law governing how businesses collect, use, disclose, and protect personal information about California residents. Since its introduction, the law has steadily evolved, expanding both the rights granted to individuals and the expectations placed on organizations that handle personal data. The CCPA law gives……
Red Teaming als Eckpfeiler der KI-Compliance

Jan 9, 2026 1:01 PM

Tags: ai, compliance, LLM, RedTeam

ie zunehmende Verbreitung agentenbasierter KI verändert die Angriffsflächen von Organisationen grundlegend. Im Unterschied zu Assistenten mit einem einzelnen LLM bestehen diese Systeme aus miteinander verbundenen Agenten mit komplexen Arbeitsabläufen und Abhängigkeiten, First seen on infopoint-security.de Jump to article: www.infopoint-security.de/red-teaming-als-eckpfeiler-der-ki-compliance/a43314/
Like it or not, AI will transform cyber strategy in 2026

Jan 9, 2026 7:01 AM

Tags: ai, compliance, cyber, governance, intelligence, risk, skills, strategy

Bubble or no bubble, from cyber skills to defensive strategies to governance, risk and compliance, artificial intelligence will remake the cyber world in 2026 First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366637095/Like-it-or-not-AI-will-transform-cyber-strategy-in-2026
The 2 faces of AI: How emerging models empower and endanger cybersecurity

Jan 8, 2026 8:02 PM

Tags: ai, api, attack, compliance, credentials, cyber, cybersecurity, data, deep-fake, defense, detection, endpoint, espionage, exploit, finance, flaw, framework, GDPR, google, governance, government, group, guide, hacker, HIPAA, incident response, injection, intelligence, LLM, malicious, malware, mandiant, microsoft, network, PCI, penetration-testing, privacy, risk, russia, scam, security-incident, service, social-engineering, strategy, tactics, threat, tool, vulnerability, zero-day

Self-modifying, evasive malware More recently, the researchers at Google Threat Intelligence Group (GTIG) identified a disturbing new trend: malware that uses LLMs during execution to dynamically alter its own behavior and evade detection. This is not pre-generated code, this is code that adapts mid-execution.In June 2025, GTIG identified an experimental malware called PROMPTFLUX, which connects…
The 2 faces of AI: How emerging models empower and endanger cybersecurity

Jan 8, 2026 8:02 PM

Tags: ai, api, attack, compliance, credentials, cyber, cybersecurity, data, deep-fake, defense, detection, endpoint, espionage, exploit, finance, flaw, framework, GDPR, google, governance, government, group, guide, hacker, HIPAA, incident response, injection, intelligence, LLM, malicious, malware, mandiant, microsoft, network, PCI, penetration-testing, privacy, risk, russia, scam, security-incident, service, social-engineering, strategy, tactics, threat, tool, vulnerability, zero-day

Self-modifying, evasive malware More recently, the researchers at Google Threat Intelligence Group (GTIG) identified a disturbing new trend: malware that uses LLMs during execution to dynamically alter its own behavior and evade detection. This is not pre-generated code, this is code that adapts mid-execution.In June 2025, GTIG identified an experimental malware called PROMPTFLUX, which connects…
Zero-Knowledge Compliance: How Privacy-Preserving Verification Is Transforming Regulatory Technology

Jan 8, 2026 5:05 PM

Tags: breach, compliance, data, framework, law, privacy, risk, technology

Traditional compliance often forces companies to expose sensitive information to prove they follow the rules. This approach increases the risk of breaches and raises severe privacy concerns. With rising regulatory pressure and stricter data sovereignty laws, more organizations are exploring zero-knowledge frameworks as a safer alternative. Zero-knowledge proofs (ZKPs) allow businesses to prove adherence without..…
Cybersecurity at the edge: Securing rugged IoT in mission-critical environments

Jan 8, 2026 5:05 PM

Tags: 5G, access, attack, authentication, breach, business, cio, compliance, control, credentials, cyber, cybersecurity, data, data-breach, defense, detection, firmware, framework, gartner, Hardware, HIPAA, identity, infrastructure, iot, leak, least-privilege, mitigation, monitoring, network, nist, password, risk, strategy, supply-chain, technology, theft, threat, unauthorized, update, vpn, vulnerability, zero-trust

Defense: Compromised devices can leak mission-critical data or disrupt tactical communications.Utilities: Operational paralysis halts power distribution or water treatment, impacting millions.Public safety: Emergency response systems fail during crises, endangering lives.According to Gartner, in 2023, IoT-related incidents in critical infrastructure surged 400% over the previous three years and the average cost of an OT breach exceeded…
Cybersecurity at the edge: Securing rugged IoT in mission-critical environments

Jan 8, 2026 5:05 PM

Tags: 5G, access, attack, authentication, breach, business, cio, compliance, control, credentials, cyber, cybersecurity, data, data-breach, defense, detection, firmware, framework, gartner, Hardware, HIPAA, identity, infrastructure, iot, leak, least-privilege, mitigation, monitoring, network, nist, password, risk, strategy, supply-chain, technology, theft, threat, unauthorized, update, vpn, vulnerability, zero-trust

Defense: Compromised devices can leak mission-critical data or disrupt tactical communications.Utilities: Operational paralysis halts power distribution or water treatment, impacting millions.Public safety: Emergency response systems fail during crises, endangering lives.According to Gartner, in 2023, IoT-related incidents in critical infrastructure surged 400% over the previous three years and the average cost of an OT breach exceeded…
Neujahrsputz und Vorsätze Schwachstellen-Management mit dem BSI-Grundschutz

Jan 8, 2026 3:01 PM

Tags: bsi, compliance, framework, vulnerability

Mondoo unterstützt Organisationen dabei, das BSI-1.5-Compliance-Framework umzusetzen und damit diese große Herausforderung in einen optimierten, automatisierten Prozess zu verwandeln. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/neujahrsputz-und-vorsaetze-schwachstellen-management-mit-dem-bsi-grundschutz/a43294/
Neujahrsputz und Vorsätze Schwachstellen-Management mit dem BSI-Grundschutz

Jan 8, 2026 3:01 PM

Tags: bsi, compliance, framework, vulnerability

Mondoo unterstützt Organisationen dabei, das BSI-1.5-Compliance-Framework umzusetzen und damit diese große Herausforderung in einen optimierten, automatisierten Prozess zu verwandeln. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/neujahrsputz-und-vorsaetze-schwachstellen-management-mit-dem-bsi-grundschutz/a43294/
Passwords are where PCI DSS compliance often breaks down

Jan 8, 2026 7:01 AM

Tags: compliance, credentials, login, malware, password, PCI

Most PCI DSS failures do not start with malware or a targeted attack. They start with everyday behavior. Reused passwords. Credentials stored in spreadsheets. Shared logins … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/08/passwords-pci-dds-compliance/
Die wichtigsten CISO-Trends für 2026

Jan 8, 2026 6:01 AM

Tags: ai, ciso, compliance, cyersecurity, group, nis-2, resilience, risk, risk-management, software, supply-chain, tool, zero-trust

Lesen Sie, vor welchen Herausforderungen CISOs mit Blick auf das Jahr 2026 stehen.Das Jahr 2025 war für viele CISOs herausfordernd. Anfang des Jahres wurden mit dem Digital Operational Resilience Act (DORA) alle Finanzunternehmen dazu verpflichtet, ihre Cybersicherheit zu erhöhen. Zudem mussten sich in diesem Jahr zahlreiche Unternehmen mit der NIS2-Umsetzung auseinandersetzen. Vor welchen Schwierigkeiten stehen…
Der Weg zur CMMC-Compliance

Jan 7, 2026 12:01 PM

Tags: compliance, cybersecurity, defense, framework

Das Cybersecurity Maturity Model Certification (CMMC) ist ein vom US-Verteidigungsministerium entwickeltes Framework zur Bewertung der Cybersicherheitsreife von Unternehmen in der Defense Industrial Base (DIB). First seen on infopoint-security.de Jump to article: www.infopoint-security.de/der-weg-zur-cmmc-compliance/a43278/
8 things CISOs can’t afford to get wrong in 2026

Jan 7, 2026 8:52 AM

Tags: access, advisory, ai, attack, automation, awareness, breach, business, ciso, cloud, communications, compliance, control, cyber, cyberattack, cybersecurity, data, data-breach, defense, dora, encryption, finance, firmware, GDPR, healthcare, identity, incident response, india, infrastructure, injection, insurance, intelligence, iot, jobs, law, malicious, monitoring, network, privacy, ransom, regulation, resilience, risk, saas, scam, service, software, strategy, supply-chain, tactics, technology, theft, threat, tool, training, update, vulnerability, zero-trust

“Identity and access controls for AI agents and AI platforms are one of the most important areas of concern for CISOs,” says Jason Stading, director at global technology research and advisory firm ISG. “Right now, permissions and access rights for AI are a black box in many areas. We will see a major push over…
What European security teams are struggling to operationalize

Jan 7, 2026 7:52 AM

Tags: compliance

European security and compliance teams spend a lot of time talking about regulation. A new forecast report from Kiteworks suggests the harder problem sits elsewhere. According … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/07/security-teams-european-compliance-operations-gap/
Cybersecurity hat kein Budget-Problem

Jan 7, 2026 5:52 AM

Tags: breach, business, ciso, compliance, cyberattack, cybersecurity, cyersecurity, governance, jobs, risk, security-incident, strategy

Ein Tag im Leben eines Sicherheitsentscheiders”¦Wenn es um Security-Budgets geht, dreht sich ein Großteil der (Online-)Diskussionen darum, wie man das “Board” für sich gewinnt und Investitionen rechtfertigt. Einige Ansätze basieren auf spezifischen Finanzmodellen und zielen darauf ab, den Return on Investment (ROI) zu rechtfertigen. Andere konzentrieren sich eher darauf, Risiken zu quantifizieren und deren Minderung…
As Ransomware Attacks Surge, Healthcare Must Look Beyond Compliance to Establish a Cyber Risk Mindset

Jan 6, 2026 5:52 PM

Tags: attack, compliance, cyber, cybersecurity, data-breach, healthcare, insurance, ransomware, risk

The February 2024 Change Healthcare incident exposed 190 million patient records and disrupted healthcare operations nationwide, but it highlighted something far more concerning: the U.S. healthcare sector faces an unprecedented cybersecurity crisis. Healthcare is now the third most-targeted sector, experiencing a 32% surge in ransomware attacks last year. Cyber insurance claims tied to these incidents..…
Why Business Structure Matters for Cybersecurity Compliance in Remote-First Companies

Jan 6, 2026 11:52 AM

Tags: business, cloud, compliance, cybersecurity, jobs, startup, tool

Remote-first companies are no longer an exception. What began as a temporary response to global disruption has evolved into a long-term operating model for startups, scaleups, and even established enterprises. Distributed teams, cloud-based tools, and borderless hiring have unlocked flexibility and talent access”, but they have also introduced new cybersecurity and compliance challenges. One often-overlooked…
AI, Quantum, and the New Threat Frontier: What Will Define Cybersecurity in 2026?

Jan 6, 2026 10:52 AM

Tags: access, ai, api, application-security, attack, authentication, automation, business, ciso, cloud, compliance, computer, computing, container, control, crypto, cryptography, cyber, cybersecurity, data, data-breach, defense, detection, encryption, exploit, finance, flaw, framework, governance, government, healthcare, iam, identity, infrastructure, injection, LLM, malicious, metric, monitoring, network, nist, open-source, oracle, regulation, resilience, risk, service, skills, software, strategy, supply-chain, threat, tool, vulnerability, vulnerability-management, waf, zero-day, zero-trust

AI, Quantum, and the New Threat Frontier: What Will Define Cybersecurity in 2026? madhav Tue, 01/06/2026 – 04:44 If we think 2025 has been fast-paced, it’s going to feel like a warm-up for the changes on the horizon in 2026. Every time this year, Thales experts become cybersecurity oracles and predict where the industry is…
6 strategies for building a high-performance cybersecurity team

Jan 6, 2026 8:52 AM

Tags: advisory, ai, apple, attack, business, ciso, communications, compliance, cyber, cybersecurity, data, defense, intelligence, resilience, risk, service, skills, strategy, technology, threat, tool, training, update, vulnerability

2. Be clear on the mission: Sharon Chand, US cyber defense and resilience leader at professional services firm Deloitte, says a characteristic of a high-performing team is alignment on the team’s mission.To do that, though, team members need to know what the mission is and buy into it.”It has to be a very clear mission…
6 strategies for building a high-performance cybersecurity team

Jan 6, 2026 8:52 AM

Tags: advisory, ai, apple, attack, business, ciso, communications, compliance, cyber, cybersecurity, data, defense, intelligence, resilience, risk, service, skills, strategy, technology, threat, tool, training, update, vulnerability

2. Be clear on the mission: Sharon Chand, US cyber defense and resilience leader at professional services firm Deloitte, says a characteristic of a high-performing team is alignment on the team’s mission.To do that, though, team members need to know what the mission is and buy into it.”It has to be a very clear mission…
Passwords are still breaking compliance programs

Jan 6, 2026 6:52 AM

Tags: ciso, compliance, defense, endpoint, network, password, tool

The security stack has grown, but audits still stumble on passwords. CISOs see this every year. An organization may have strong endpoint tools, layered network defenses, and a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/06/passwords-compliance-control/
How the Organizational Risk Culture Standard can supercharge your cybersecurity culture

Jan 5, 2026 3:52 PM

Tags: automation, ceo, communications, compliance, control, cyber, cybersecurity, data, detection, email, finance, framework, group, guide, intelligence, law, metric, nist, phishing, ransomware, RedTeam, resilience, risk, tool, update

The 10 dimensions, translated for cybersecurity: The ORCS framework defines ten dimensions. Treat them as a system. Each one is distinct; together they are complete. Leadership & governance. Leaders set the tone, model the behavior and anchor accountability. If leaders treat cyber as only an IT issue, everyone else will, too. When leaders make risk-informed…
California’s DROP Program Changes Everything: How B2C Companies Can Eliminate Authentication Liabilities and Meet Global Privacy Compliance with MojoAuth

Jan 5, 2026 12:52 PM

Tags: authentication, compliance, privacy

California’s DROP Program Changes Everything First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/californias-drop-program-changes-everything-how-b2c-companies-can-eliminate-authentication-liabilities-and-meet-global-privacy-compliance-with-mojoauth/
California’s DROP Program Changes Everything: How B2C Companies Can Eliminate Authentication Liabilities and Meet Global Privacy Compliance with MojoAuth

Jan 5, 2026 12:52 PM

Tags: authentication, compliance, privacy

California’s DROP Program Changes Everything First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/californias-drop-program-changes-everything-how-b2c-companies-can-eliminate-authentication-liabilities-and-meet-global-privacy-compliance-with-mojoauth/