Tag: governance
-
Rethinking identity for the AI era: CISOs must build trust at machine speed
Tags: access, ai, api, attack, authentication, business, ciso, cloud, control, cybersecurity, data, data-breach, google, governance, group, identity, infrastructure, injection, Internet, LLM, malicious, mitigation, network, risk, theft, threat, tool, training, vulnerabilityIdentity as a trust fabric: Most organizations currently rely on a welter of identity and access management systems for a variety of reasons. Some systems might be tied to a specific vendor’s technology; some might be legacy systems from mergers or acquisitions; some might be in place due to legal or regulatory requirements.”What happens even…
-
JWT Governance for SOC 2, ISO 27001, and GDPR, A Complete Guide
how proper JWT governance helps your organization stay compliant with SOC 2, ISO 27001, and GDPR. Explore best practices, governance frameworks, and how SSOJet ensures secure token management. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/jwt-governance-for-soc-2-iso-27001-and-gdpr-a-complete-guide/
-
Gipfel in Berlin Europa strebt digitale Souveränität an
Am 18. November 2025 findet der Summit on European Digital Sovereignty in Berlin statt.Bundeskanzler Friedrich Merz (CDU) und Frankreichs Präsident, Emmanuel Macron, haben sich angekündigt zum Treffen der Digitalminister und IT-Fachleute in Berlin. Rund 900 Teilnehmer werden beim Europäischen Gipfel zur Digitalen Souveränität am Dienstag erwartet. Was lange Zeit ein Nischenthema für IT-Fachleute war, steht inzwischen…
-
The rise of the chief trust officer: Where does the CISO fit?
Tags: ai, business, ceo, ciso, compliance, control, credentials, cybersecurity, data, governance, grc, jobs, marketplace, metric, office, privacy, risk, soc, strategy, technology, vulnerabilityCISO and CTrO: A model for a working partnership?: As customers, partners and regulators demand greater openness and assurance, those in the role say building trust, not just security, is the answer. Trust is touted as a differentiator for organizations looking to strengthen customer confidence and find a competitive advantage. Trust cuts across security, privacy,…
-
Spam flooding npm registry with token stealers still isn’t under control
Tags: access, antivirus, attack, authentication, blockchain, breach, control, credentials, crypto, detection, edr, exploit, finance, firewall, governance, identity, login, malicious, malware, mfa, monitoring, network, open-source, pypi, risk, software, spam, supply-chain, threat, tool, wormCSO that number has now grown to 153,000.And while this payload merely steals tokens, other threat actors are paying attention, said Sonatype CTO Brian Fox.When Sonatype wrote about the campaign just over a year ago, it found a mere 15,000 packages that appeared to come from a single person.With the swollen numbers reported this week,…
-
Australia lags regional peers in AI adoption
A new report found governance gaps, a lack of training and fear of risks as key reasons for the nation’s slow uptake of artificial intelligence compared with regional peers First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366634594/Australia-lags-regional-peers-in-AI-adoption
-
Worm flooding npm registry with token stealers still isn’t under control
Tags: access, antivirus, attack, authentication, blockchain, breach, control, credentials, crypto, detection, edr, exploit, finance, firewall, governance, identity, login, malicious, malware, mfa, monitoring, network, open-source, pypi, risk, software, supply-chain, threat, tool, wormCSO that number has now grown to 153,000.”It’s unfortunate that the worm isn’t under control yet,” said Sonatype CTO Brian Fox.And while this payload merely steals tokens, other threat actors are paying attention, he predicted.”I’m sure somebody out there in the world is looking at this massively replicating worm and wondering if they can ride…
-
Identity Governance and Administration, App Proliferation, and the App Integration Chasm
Most enterprises use more than 1,000 apps, according to ESG research, yet about half are integrated with IGA. Industry innovations enable teams to expand app coverage and get more IGA value. First seen on darkreading.com Jump to article: www.darkreading.com/identity-access-management-security/identity-governance-administration-app-proliferation-app-integration-chasm
-
Bundestag beschließt NIS2-Umsetzung
Tags: backup, bsi, ciso, cloud, cyberattack, cyersecurity, germany, governance, Hardware, kritis, linkedin, nis-2, risk, risk-analysis, software, vulnerability-managementUrsprünglich hätte die EU-Richtlinie NIS2 bereits im Oktober 2024 in nationales Recht umgesetzt werden müssen. Der jetzt vom Bundestag beschlossene Gesetzesentwurf sorgt weiterhin für Gesprächsstoff. Der Bundestag hat den Gesetzesentwurf der Bundesregierung zur Umsetzung der NIS-2-Richtlinie am 13. November 2025 verabschiedet. Union, SPD und AfD stimmten dafür. Die Grünen, denen das Gesetzt nicht weit genug…
-
Funktionen zum sicheren Auswählen, Verwalten und Skalieren von vertrauenswürdigen KI-Agenten
In dieser Phase der GenAI-Entwicklung entsteht der Wettbewerbsvorteil nicht mehr durch die gemieteten Modelle, sondern durch die Daten, die ein Unternehmen besitzt. Dennoch haben die meisten Unternehmen Schwierigkeiten, diese Daten in produktionsreife Agenten umzusetzen, da ihnen die Qualität, Governance und Flexibilität für eine Skalierung fehlen. Agent-Bricks von Databricks ermöglicht Daten- und KI-Teams aus Unternehmensdaten die…
-
Why CISOs Need to Own AI Enterprise Risk
Vigilance Cyber Security’s Moriah Hara on AI Automation and Responsible AI. Mohira Hara, CISO and AI security, risk and governance consultant at Vigilance Cyber Security, says AI is reshaping financial services by accelerating anti-money laundering efforts, automating SOC functions and driving stronger governance frameworks that make CISOs central to managing AI risk. First seen on…
-
Gaps in AI Governance Put SMBs at Greater Cyber Risk
ISMG Sean D. Mack on Building Smarter Cyber Defenses for AI-Driven Attacks. SMBs are adopting artificial intelligence fast, but without governance or safeguards, they risk data leaks, shadow AI and third-party exposure, said Sean D. Mack of ISMG’s CXO Advisor practice. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/gaps-in-ai-governance-put-smbs-at-greater-cyber-risk-a-29982
-
AI startups leak sensitive credentials on GitHub, exposing models and training data
Tags: ai, api, attack, compliance, credentials, cybersecurity, data, data-breach, framework, github, governance, leak, startup, trainingCompliance and governance: The Wiz findings highlight how exposed API keys can escalate into full-scale compromises across AI ecosystems, according to Sakshi Grover, senior research manager for IDC Asia Pacific Cybersecurity Services. “Stolen credentials can be used to manipulate model behavior or extract training data, undermining trust in deployed systems.”Grover noted that such exposures are…
-
Öffentliche Verwaltung im Visier von Cyberspionen
Tags: access, alphv, bsi, cyberattack, cybercrime, encryption, germany, governance, government, infrastructure, lockbit, microsoft, open-source, phishing, qr, service, vulnerabilityLaut BSI haben es Cyberspione aktuell besonders auf die öffentliche Verwaltung abgesehen.Cyberspione haben es in Deutschland derzeit besonders auf die öffentliche Verwaltung abgesehen. Das geht aus dem aktuellen Lagebericht des Bundesamtes für Sicherheit in der Informationstechnik (BSI) hervor. Eine nennenswerte Anzahl von Geschädigten gab es demnach auch in den Sektoren Verteidigung, Rechtspflege, öffentliche Sicherheit und…
-
Maßnahmen zur Gewährleistung der IT”‘Sicherheit in Kommunen
Der öffentliche Sektor muss Governance, Personal, Technik, Prozesse und Partnerschaften systematisch verbessern, kombiniert mit Sensibilisierung, Monitoring und klarer Verantwortung, um Angriffe zu verhindern, Schäden zu begrenzen und digitale Dienste resilient bereitzustellen. Strategische Governance und Verantwortlichkeiten Zentrale Steuerung für IT”‘Sicherheit etablieren (z. B. IT”‘Sicherheitsbeauftragte, Governance”‘Gremien) zur Koordination zwischen Verwaltung, IT und Recht…. First seen on ap-verlag.de…
-
Maßnahmen zur Gewährleistung der IT”‘Sicherheit in Kommunen
Der öffentliche Sektor muss Governance, Personal, Technik, Prozesse und Partnerschaften systematisch verbessern, kombiniert mit Sensibilisierung, Monitoring und klarer Verantwortung, um Angriffe zu verhindern, Schäden zu begrenzen und digitale Dienste resilient bereitzustellen. Strategische Governance und Verantwortlichkeiten Zentrale Steuerung für IT”‘Sicherheit etablieren (z. B. IT”‘Sicherheitsbeauftragte, Governance”‘Gremien) zur Koordination zwischen Verwaltung, IT und Recht…. First seen on ap-verlag.de…
-
Verantwortungsvoller KI-Einsatz: Code of Conduct Demokratische KI; Governance und Abwägung gefordert
Man darf die Diskussion zu KI nicht Big Tech überlassen, das ist der Ansatz, der die Zivilgesellschaft bewogen hat, ein Zeichen zu setzen. Mehr als 75 Organisationen aus der deutschen Zivilgesellschaft haben den von D64 Zentrum für Digitalen Fortschritt … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/11/verantwortungsvoller-ki-einsatz-code-of-conduct-demokratische-ki-governance-und-abwaegung-gefordert/
-
From Compliance Boxes to Fraud Prevention: GRC Reimagined
Gong’s Tamara Lauterbach on Why Framework Maturity Matters More Than Certification. Frameworks are no longer just about checking compliance boxes; they’re becoming critical tools for governance, resilience and fraud prevention. Tamara Lauterbach, senior GRC specialist at Gong, explains how culture, automation and human insight can enhance framework effectiveness. First seen on govinfosecurity.com Jump to article:…
-
European Commission moves to loosen GDPR for AI and cookie tracking
AI training gets green light: The proposal directly addressed one of the most contentious issues in EU privacy law: whether companies can train AI systems using personal data.The draft stated that AI training, testing, and validation may be conducted under the GDPR’s “legitimate interest” basis, as long as companies implement safeguards such as data minimization,…
-
European Commission moves to loosen GDPR for AI and cookie tracking
AI training gets green light: The proposal directly addressed one of the most contentious issues in EU privacy law: whether companies can train AI systems using personal data.The draft stated that AI training, testing, and validation may be conducted under the GDPR’s “legitimate interest” basis, as long as companies implement safeguards such as data minimization,…
-
European Commission moves to loosen GDPR for AI and cookie tracking
AI training gets green light: The proposal directly addressed one of the most contentious issues in EU privacy law: whether companies can train AI systems using personal data.The draft stated that AI training, testing, and validation may be conducted under the GDPR’s “legitimate interest” basis, as long as companies implement safeguards such as data minimization,…
-
European Commission moves to loosen GDPR for AI and cookie tracking
AI training gets green light: The proposal directly addressed one of the most contentious issues in EU privacy law: whether companies can train AI systems using personal data.The draft stated that AI training, testing, and validation may be conducted under the GDPR’s “legitimate interest” basis, as long as companies implement safeguards such as data minimization,…
-
Warum beim Einsatz von KI-Agenten eine durchdachte Governance unerlässlich ist
In einem Wettbewerbsumfeld, in dem technologische Führung oft über Erfolg oder Rückstand entscheidet, kann eine robuste Governance den entscheidenden Unterschied machen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/warum-beim-einsatz-von-ki-agenten-eine-durchdachte-governance-unerlaesslich-ist/a42654/
-
Einsatz von KI-Agenten: Lückenlose Governance für Unternehmen mittlerweile unerlässlich
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/einsatz-ki-agenten-lueckenlos-governance-unternehmen-unerlaesslich
-
AI Security Agents Get Persona Makeovers
New synthetic security staffers promise to bring artificial intelligence comfortably into the security operations center, but they will require governance to protect security. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/ai-security-agents-get-personas-make-them-more-appealing