Tag: framework
-
What is secrets sprawl and how does it impact NHIs
How Secure Are Your Non-Human Identities in the Face of Secrets Sprawl? Is secrets sprawl silently jeopardizing your organization’s cybersecurity framework? This pressing question is becoming more common among cybersecurity professionals tasked with safeguarding Non-Human Identities (NHIs). With technology advances and organizations increasingly adopt cloud-based solutions, the management of machine identities and their associated secrets……
-
Why is least privilege important for NHIs in Agentic AI
How Do Non-Human Identities Enhance Cybersecurity? What role do Non-Human Identities (NHIs) play in strengthening cybersecurity frameworks? With data management experts and cybersecurity specialists delve deeper into Agentic AI, the management and security of NHIs have become imperative. This elevated importance stems from the ability of NHIs to bridge gaps in security, particularly within cloud……
-
RegScale Open Sources OSCAL Hub to Further Compliance-as-Code Adoption
RegScale this week added an open source hub through which organizations can collect and organize compliance data based on the Open Security Controls Assessment Language (OSCAL) framework. Announced at the OSCAL Plugfest conference, the OSCAL Hub provides a central repository that makes it simpler for more organizations and government agencies to embrace a framework that..…
-
Securing the Network Edge: A Comprehensive Framework for Modern Cybersecurity
The future of cybersecurity means defending everywhere. Securing IoT, cloud, and remote work requires a unified edge-to-cloud strategy. First in a three-part series. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/securing-network-edge-comprehensive-framework-modern-cybersecurity
-
Securing the Network Edge: A Comprehensive Framework for Modern Cybersecurity
The future of cybersecurity means defending everywhere. Securing IoT, cloud, and remote work requires a unified edge-to-cloud strategy. First in a three-part series. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/securing-network-edge-comprehensive-framework-modern-cybersecurity
-
Complying with the Monetary Authority of Singapore’s Cloud Advisory: How Tenable Can Help
Tags: access, advisory, attack, authentication, best-practice, business, cloud, compliance, container, control, country, credentials, cyber, cybersecurity, data, data-breach, finance, fintech, framework, google, governance, government, iam, identity, incident response, infrastructure, intelligence, Internet, kubernetes, least-privilege, malicious, malware, mfa, microsoft, mitigation, monitoring, oracle, regulation, resilience, risk, risk-assessment, risk-management, service, software, strategy, technology, threat, tool, vulnerability, vulnerability-management, zero-trustThe Monetary Authority of Singapore’s cloud advisory, part of its 2021 Technology Risk Management Guidelines, advises financial institutions to move beyond siloed monitoring to adopt a continuous, enterprise-wide approach. These firms must undergo annual audits. Here’s how Tenable can help. Key takeaways: High-stakes compliance: The MAS requires all financial institutions in Singapore to meet mandatory…
-
NIST adds to AI security guidance with Cybersecurity Framework profile
Organizations have a new resource to map AI considerations onto NIST’s most famous security blueprint. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/nist-ai-cybersecurity-framework-profile/808134/
-
NVIDIA Isaac Lab Flaw Enables Remote Code Execution
NVIDIA has disclosed a critical security vulnerability in Isaac Lab, a component of the NVIDIA Isaac Sim framework, that could allow attackers to execute arbitrary code remotely. The company released security patches in December 2025 to address the deserialization flaw tracked as CVE-2025-32210. CVE ID Description CVSS Score Severity CWE CVE-2025-32210 Deserialization vulnerability in NVIDIA Isaac…
-
Leading Through Ambiguity: Decision-Making in Cybersecurity Leadership
Ambiguity isn’t just a challenge. It’s a leadership test – and most fail it. I want to start with something that feels true but gets ignored way too often. Most of us in leadership roles have a love hate relationship with ambiguity. We say we embrace it… until it shows up for real. Then we…
-
Leading Through Ambiguity: Decision-Making in Cybersecurity Leadership
Ambiguity isn’t just a challenge. It’s a leadership test – and most fail it. I want to start with something that feels true but gets ignored way too often. Most of us in leadership roles have a love hate relationship with ambiguity. We say we embrace it… until it shows up for real. Then we…
-
Demystifying risk in AI
Tags: access, ai, best-practice, bsi, business, ciso, cloud, compliance, control, corporate, csf, cyber, cybersecurity, data, framework, google, governance, group, infrastructure, intelligence, ISO-27001, LLM, mitre, ml, monitoring, nist, PCI, risk, risk-management, strategy, technology, threat, training, vulnerabilityThe data that is inserted in a request.This data is evaluated by a training model that involves an entire architecture.The result of the information that will be delivered From an information security point of view. That is the point that we, information security professionals, must judge in the scope of evaluation from the perspective of…
-
AI Governance Unlocks Speed, Not Bureaucracy
ServiceNow’s Neeraj Jain on Risk Mitigation and Real-Time Data Access for AI Agents. Enterprises that embed governance from intake to deployment scale AI faster than those that bolt it on afterward. Clear frameworks mitigate risk, ensure compliance and increase operational efficiency, says Neeraj Jain, director of product management, hyperscalers and multi-cloud at ServiceNow. First seen…
-
The 5 power skills every CISO needs to master in the AI era
Tags: ai, automation, breach, business, ciso, compliance, control, cyber, cybersecurity, data, defense, detection, encryption, endpoint, framework, governance, identity, jobs, law, leak, metric, network, ransomware, resilience, risk, risk-management, skills, technology, threat, tool, updateWhy traditional skill sets are no longer enough: CISO action item: Run a 1-hour “AI Bias Audit” on your top 3 detection rules this quarter.Ask: “What data is missing? Who is underrepresented?”According to the World Economic Forum’s Future of Jobs Report, nearly 40% of core job skills will change by 2030, driven primarily by AI,…
-
The 5 power skills every CISO needs to master in the AI era
Tags: ai, automation, breach, business, ciso, compliance, control, cyber, cybersecurity, data, defense, detection, encryption, endpoint, framework, governance, identity, jobs, law, leak, metric, network, ransomware, resilience, risk, risk-management, skills, technology, threat, tool, updateWhy traditional skill sets are no longer enough: CISO action item: Run a 1-hour “AI Bias Audit” on your top 3 detection rules this quarter.Ask: “What data is missing? Who is underrepresented?”According to the World Economic Forum’s Future of Jobs Report, nearly 40% of core job skills will change by 2030, driven primarily by AI,…
-
No more orange juice? Why one ship reveals America’s maritime cybersecurity crisis
This is a workforce problem, not a vendor problem: The new regulations require all 3,000 MTSA facilities to designate a cybersecurity officer (why the Coast Guard named them CySOs and couldn’t just call them CISOs, I do not know). Finding hundreds of qualified people who understand both operational technology in maritime environments and cybersecurity is…
-
No more orange juice? Why one ship reveals America’s maritime cybersecurity crisis
This is a workforce problem, not a vendor problem: The new regulations require all 3,000 MTSA facilities to designate a cybersecurity officer (why the Coast Guard named them CySOs and couldn’t just call them CISOs, I do not know). Finding hundreds of qualified people who understand both operational technology in maritime environments and cybersecurity is…
-
Compliance-Ready Cybersecurity for Finance and Healthcare: The Seceon Advantage
Tags: compliance, cybersecurity, dora, finance, framework, healthcare, HIPAA, PCI, regulation, serviceNavigating the Most Complex Regulatory Landscapes in Cybersecurity Financial services and healthcare organizations operate under the most stringent regulatory frameworks in existence. From HIPAA and PCI-DSS to GLBA, SOX, and emerging regulations like DORA, these industries face a constant barrage of compliance requirements that demand not just checkboxes, but comprehensive, continuously monitored security programs. The…
-
Can Your AI Initiative Count on Your Data Strategy and Governance?
Launching an AI initiative without a robust data strategy and governance framework is a risk many organizations underestimate. Most AI projects often stall, deliver poor…Read More First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2025/12/can-your-ai-initiative-count-on-your-data-strategy-and-governance/
-
NVIDIA Merlin Vulnerabilities Allows Malicious Code Execution and DoS Attacks
NVIDIA has released urgent security patches for its Merlin machine learning framework after discovering two high-severity deserialization vulnerabilities that could enable attackers to execute malicious code, trigger denial-of-service attacks, and compromise sensitive data on Linux systems. The security bulletin, published on December 9, 2025, identifies critical flaws in the NVTabular and Transformers4Rec components of NVIDIA…
-
Cybersecurity leaders’ top seven takeaways from 2025
Tags: access, ai, api, attack, automation, breach, business, ciso, compliance, control, cyber, cybersecurity, data, data-breach, deep-fake, defense, detection, email, exploit, framework, governance, government, grc, identity, international, malicious, network, nist, phishing, regulation, resilience, risk, saas, service, software, strategy, supply-chain, technology, threat, tool, vulnerability2. AI forced companies to rethink their security strategies: At the same time, Abousselham notes how the rapid rollout of AI forced companies to shift their resources to keep pace with the change, while maintaining safe product releases. He calls 2025 the “chaotic introduction of agentic AI”.”I don’t think the industry was ready or expected…
-
Cybersecurity leaders’ top seven takeaways from 2025
Tags: access, ai, api, attack, automation, breach, business, ciso, compliance, control, cyber, cybersecurity, data, data-breach, deep-fake, defense, detection, email, exploit, framework, governance, government, grc, identity, international, malicious, network, nist, phishing, regulation, resilience, risk, saas, service, software, strategy, supply-chain, technology, threat, tool, vulnerability2. AI forced companies to rethink their security strategies: At the same time, Abousselham notes how the rapid rollout of AI forced companies to shift their resources to keep pace with the change, while maintaining safe product releases. He calls 2025 the “chaotic introduction of agentic AI”.”I don’t think the industry was ready or expected…
-
What makes Non-Human Identities crucial for data security
Are You Overlooking the Security of Non-Human Identities in Your Cybersecurity Framework? Where bustling with technological advancements, the security focus often zooms in on human authentication and protection, leaving the non-human counterparts”, Non-Human Identities (NHIs)”, in the shadows. The integration of NHIs in data security strategies is not just an added layer of protection but…
-
Identity Management in the Fragmented Digital Ecosystem: Challenges and Frameworks
Modern internet users navigate an increasingly fragmented digital ecosystem dominated by countless applications, services, brands and platforms. Engaging with online offerings often requires selecting and remembering passwords or taking other steps to verify and protect one’s identity. However, following best practices has become incredibly challenging due to various factors. Identifying Digital Identity Management Problems in..…