Tag: governance
-
Welche Compliance-Risiken beschert KI deutschen Unternehmen Vom Regelhüter zum Risikonavigator
Das Interview mit Oliver Riehl, Regional Vice President DACH bei NAVEX, beleuchtet die Herausforderungen und Chancen, die künstliche Intelligenz (KI) für deutsche Unternehmen im Bereich Compliance mit sich bringt. Riehl betont, dass KI helfen kann, Ordnung in die wachsende Komplexität der Regularien zu bringen, jedoch eine gute Governance und klare Richtlinien erforderlich sind, um effektiv…
-
CERN: how does the international research institution manage risk?
Tags: access, ai, business, compliance, control, cyber, cybersecurity, defense, framework, governance, group, international, iot, LLM, network, risk, service, strategy, technology, toolStefan Lüders and Tim Bell of CERN. CERNEmploying proprietary technology can introduce risks, according to Tim Bell, leader of CERN’s IT governance, risk and compliance section, who is responsible for business continuity and disaster recovery. “If you’re a visitor to a university, you’ll want to bring your laptop and use it at CERN. We can’t…
-
US Energy Dept Flags AI, Cyber Gaps as Top Risks for 2026
New Report Says DOE Cyber and AI Governance Is Lagging Behind Rapid Deployment. An inspector general report warns the Department of Energy’s rapid expansion of artificial intelligence and decentralized cybersecurity controls has outpaced governance, limiting enterprise visibility and exposing critical infrastructure to persistent threats from state-backed and criminal actors. First seen on govinfosecurity.com Jump to…
-
Governance maturity defines enterprise AI confidence
AI security has reached a point where enthusiasm alone no longer carries organizations forward. New Cloud Security Alliance research shows that governance has become the main … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/24/csa-ai-security-governance-report/
-
ServiceNow’s $7.75 billion cash deal for Armis illustrates shifting strategies
Tags: access, ai, attack, authentication, automation, business, ceo, cio, ciso, computing, control, cyber, governance, identity, incident response, intelligence, iot, risk, service, strategy, tool, update, vulnerabilityVisibility is the key: “For decades, the CIO’s white whale has been a precise, real-time Configuration Management Database [CMDB]. Most are outdated the moment they are populated,” said Whisper Security CEO Kaveh Ranjbar. The Armis acquisition “is an admission that in an era of IoT, OT, and edge computing, you cannot rely on manual entry…
-
We Asked the Experts: 2026 Predictions
Once again, it’s predictions season. We spoke to experts from across the cybersecurity industry about what the future of cyber may look like as we head into 2026. From AI ethics and API governance to the UK’s Cyber Security and Resilience Bill and exponentially increasing threats, there’s set to be a big shake up to…
-
Why outsourced cyber defenses create systemic risks
Tags: access, ai, attack, backdoor, breach, business, ciso, cloud, compliance, corporate, cyber, cybercrime, cybersecurity, data, defense, detection, dora, exploit, finance, framework, GDPR, governance, government, hacker, healthcare, infrastructure, law, malicious, monitoring, moveIT, msp, nis-2, ransomware, regulation, resilience, risk, software, strategy, supply-chain, threat, tool, vulnerability, zero-trustRisk categories of outsourced IT & cybersecurity: When you outsource, responsibility shifts, but accountability never leaves you. The risks fall into clear categories. Operational risks The most basic risk is fragile continuity. In 2017, British Airways outsourced parts of its IT operations. A system outage grounded flights worldwide. The vendor contract delivered savings, but it…
-
Der Aufstieg des Chief Trust Officers: Wo passt der CISO hinein?
Tags: ai, ceo, cio, ciso, compliance, cyersecurity, finance, governance, grc, office, risk, risk-management, soc, software, vulnerabilityDer Chief Trust Officer steht für einen Wandel von der Verteidigung von Systemen hin zur Sicherung der Glaubwürdigkeit.Immer mehr Unternehmen heben Vertrauen als Unterscheidungsmerkmal für ihr Geschäft hervor. Durch Datenschutzverletzungen, Bedenken hinsichtlich der Produktsicherheit und Unsicherheiten in Bezug auf künstliche Intelligenz hat das Vertrauen der Kunden in den vergangenen Jahren stark gelitten.Wie aus dem Edelman…
-
Gesetzentwurf zu Vorratsdatenspeicherung: Neuer Anlauf für den digitalen Zombie
Die Regierung startet einen neuen Anlauf zur anlasslosen Speicherung von Verbindungsdaten. Die IT-Wirtschaft kritisiert die Pläne als unverhältnismäßig. First seen on golem.de Jump to article: www.golem.de/news/gesetzentwurf-veroeffentlicht-regierung-treibt-vorratsdatenspeicherung-voran-2512-203533.html
-
Bundesregierung: Nutzung von Datenbrokern ist Staatsgeheimnis
Tags: governanceDie Bundesregierung will keine Angaben dazu machen, bei welchen Firmen deutsche Sicherheitsbehörden Nutzerdaten einkaufen. First seen on golem.de Jump to article: www.golem.de/news/bundesregierung-nutzung-von-datenbrokern-ist-staatsgeheimnis-2512-203514.html
-
Cybersecurity Snapshot: Cyber Pros Emerge as Bold AI Adopters, While AI Changes Data Security Game, CSA Reports Say
Tags: advisory, ai, api, attack, awareness, business, cloud, compliance, control, credit-card, crime, crimes, crypto, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, framework, google, governance, guide, healthcare, injection, intelligence, law, LLM, lockbit, malicious, metric, mitigation, monitoring, network, office, openai, ransom, ransomware, risk, risk-management, service, skills, sql, threat, tool, training, update, vulnerabilityFormerly “AI shy” cyber pros have done a 180 and become AI power users, as AI forces data security changes, the CSA says. Plus, PwC predicts orgs will get serious about responsible AI usage in 2026, while the NCSC states that, no, prompt injection isn’t the new SQL injection. And much more! Key takeaways Cyber…
-
Cybersecurity Snapshot: Cyber Pros Emerge as Bold AI Adopters, While AI Changes Data Security Game, CSA Reports Say
Tags: advisory, ai, api, attack, awareness, business, cloud, compliance, control, credit-card, crime, crimes, crypto, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, framework, google, governance, guide, healthcare, injection, intelligence, law, LLM, lockbit, malicious, metric, mitigation, monitoring, network, office, openai, ransom, ransomware, risk, risk-management, service, skills, sql, threat, tool, training, update, vulnerabilityFormerly “AI shy” cyber pros have done a 180 and become AI power users, as AI forces data security changes, the CSA says. Plus, PwC predicts orgs will get serious about responsible AI usage in 2026, while the NCSC states that, no, prompt injection isn’t the new SQL injection. And much more! Key takeaways Cyber…
-
CultureAI Selected for Microsoft’s Agentic Launchpad Initiative to Advance Secure AI Usage
UK-based AI safety and governance company CultureAI has been named as one of the participants in Microsoft’s newly launched Agentic Launchpad, a technology accelerator aimed at supporting startups working on advanced AI systems. The inclusion marks a milestone for CultureAI’s growth and signals broader industry interest in integrating AI safety and usage control into emerging…
-
CSA Study: Mature AI Governance Translates Into Responsible AI Adoption
New CSA research shows mature AI governance accelerates responsible AI adoption, boosts security confidence, and enables agentic AI at scale. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/csa-study-mature-ai-governance-translates-into-responsible-ai-adoption/
-
The Agentic Era is Here: Announcing the 4th Edition of AI API Security For Dummies
If you look at the headlines, the story is about Artificial Intelligence. But if you look at the architecture, the story is about APIs. The reality of modern tech is simple: You can’t have AI security without API security. As we move rapidly from simple chatbots to autonomous agents, the way we secure our infrastructure…
-
Strategische Partnerschaft von BeyondTrust und Ping Identity
Bereitstellung einer einheitlichen Identitätssicherheitsstruktur Die Cybersicherheitsunternehmen BeyondTrust und Ping Identity haben eine strategische Partnerschaft zur Bereitstellung einer einheitlichen Identitätssicherheitsstruktur vereinbart. Mit der Kombination ihrer Lösungen ermöglichen sie die Automatisierung und Orchestrierung von Zugriffsentscheidungen zwischen menschlichen und nicht-menschlichen Identitäten. Durch Integration von Privileged Access Management (PAM), Identity and Access Management (IAM) und Identity Governance and… First…
-
The Agentic Era is Here: Announcing the 4th Edition of AI API Security For Dummies
If you look at the headlines, the story is about Artificial Intelligence. But if you look at the architecture, the story is about APIs. The reality of modern tech is simple: You can’t have AI security without API security. As we move rapidly from simple chatbots to autonomous agents, the way we secure our infrastructure…
-
The Agentic Era is Here: Announcing the 4th Edition of AI API Security For Dummies
If you look at the headlines, the story is about Artificial Intelligence. But if you look at the architecture, the story is about APIs. The reality of modern tech is simple: You can’t have AI security without API security. As we move rapidly from simple chatbots to autonomous agents, the way we secure our infrastructure…
-
Strategische Partnerschaft von BeyondTrust und Ping Identity
Bereitstellung einer einheitlichen Identitätssicherheitsstruktur Die Cybersicherheitsunternehmen BeyondTrust und Ping Identity haben eine strategische Partnerschaft zur Bereitstellung einer einheitlichen Identitätssicherheitsstruktur vereinbart. Mit der Kombination ihrer Lösungen ermöglichen sie die Automatisierung und Orchestrierung von Zugriffsentscheidungen zwischen menschlichen und nicht-menschlichen Identitäten. Durch Integration von Privileged Access Management (PAM), Identity and Access Management (IAM) und Identity Governance and… First…
-
The innovative CISO’s bucket list: Human-led transformation at the core
Tags: ai, application-security, breach, business, ciso, cloud, compliance, control, data, defense, GDPR, governance, group, privacy, regulation, resilience, risk, risk-management, threat, toolBuilding a unified, integrated defense: The second major bucket list theme is breaking down the silos that perpetually plague security organizations. Application security (AppSec), cloud security (CloudSec) and governance, risk and compliance (GRC) groups all work from different spreadsheets and tools and often with different objectives. This model is inefficient, expensive and leaves massive gaps…
-
The innovative CISO’s bucket list: Human-led transformation at the core
Tags: ai, application-security, breach, business, ciso, cloud, compliance, control, data, defense, GDPR, governance, group, privacy, regulation, resilience, risk, risk-management, threat, toolBuilding a unified, integrated defense: The second major bucket list theme is breaking down the silos that perpetually plague security organizations. Application security (AppSec), cloud security (CloudSec) and governance, risk and compliance (GRC) groups all work from different spreadsheets and tools and often with different objectives. This model is inefficient, expensive and leaves massive gaps…
-
The innovative CISO’s bucket list: Human-led transformation at the core
Tags: ai, application-security, breach, business, ciso, cloud, compliance, control, data, defense, GDPR, governance, group, privacy, regulation, resilience, risk, risk-management, threat, toolBuilding a unified, integrated defense: The second major bucket list theme is breaking down the silos that perpetually plague security organizations. Application security (AppSec), cloud security (CloudSec) and governance, risk and compliance (GRC) groups all work from different spreadsheets and tools and often with different objectives. This model is inefficient, expensive and leaves massive gaps…
-
Russlands Einfluss Kritik an Lücken bei Cybersicherheit
Die Bundesregierung wirft Russland eine massive Cyberattacke sowie die Verbreitung von Falschinformationen im jüngsten Bundestagswahlkampf vor.Die Grünen sehen sich durch die jüngsten Erkenntnisse über russische Einflussoperationen im Bundestagswahlkampf in ihrer Einschätzung bestärkt, dass die aktuellen Maßnahmen zum Schutz der parlamentarischen Demokratie nicht ausreichen. “Dass unsere Demokratie und ihre Institutionen zunehmend hybriden Angriffen autoritärer Regime ausgesetzt…
-
D&O liability protection rising for security leaders, unless you’re a midtier CISO
Tags: access, best-practice, breach, business, ciso, compliance, control, cyber, cybersecurity, data, data-breach, defense, finance, governance, incident response, insurance, jobs, law, network, risk, risk-management, security-incident, toolA question of indemnity: But Ryan Griffin, US cyber leader at insurance broker McGill and Partners, points out that the difference between D&O insurance and a direct indemnification agreement is often misunderstood.”The most crucial tool for a CISO’s protection is the indemnification agreement with their employer,” Griffin explains. “The D&O policy is how the company…
-
D&O liability protection rising for security leaders, unless you’re a midtier CISO
Tags: access, best-practice, breach, business, ciso, compliance, control, cyber, cybersecurity, data, data-breach, defense, finance, governance, incident response, insurance, jobs, law, network, risk, risk-management, security-incident, toolA question of indemnity: But Ryan Griffin, US cyber leader at insurance broker McGill and Partners, points out that the difference between D&O insurance and a direct indemnification agreement is often misunderstood.”The most crucial tool for a CISO’s protection is the indemnification agreement with their employer,” Griffin explains. “The D&O policy is how the company…
-
Complying with the Monetary Authority of Singapore’s Cloud Advisory: How Tenable Can Help
Tags: access, advisory, attack, authentication, best-practice, business, cloud, compliance, container, control, country, credentials, cyber, cybersecurity, data, data-breach, finance, fintech, framework, google, governance, government, iam, identity, incident response, infrastructure, intelligence, Internet, kubernetes, least-privilege, malicious, malware, mfa, microsoft, mitigation, monitoring, oracle, regulation, resilience, risk, risk-assessment, risk-management, service, software, strategy, technology, threat, tool, vulnerability, vulnerability-management, zero-trustThe Monetary Authority of Singapore’s cloud advisory, part of its 2021 Technology Risk Management Guidelines, advises financial institutions to move beyond siloed monitoring to adopt a continuous, enterprise-wide approach. These firms must undergo annual audits. Here’s how Tenable can help. Key takeaways: High-stakes compliance: The MAS requires all financial institutions in Singapore to meet mandatory…
-
The 12 Months of Innovation: How Salt Security Helped Rewrite API AI Security in 2025
Tags: access, ai, api, attack, automation, breach, business, ciso, cloud, compliance, control, crowdstrike, cyber, data, data-breach, defense, detection, email, exploit, github, governance, injection, insurance, intelligence, privacy, risk, risk-management, software, strategy, supply-chain, threat, tool, wafAs holiday lights go up and inboxes fill with year-in-review emails, it’s tempting to look back on 2025 as “the year of AI.” But for security teams, it was something more specific the year APIs, AI agents, and MCP servers collided across the API fabric, expanding the attack surface faster than most organizations could keep…
-
Demystifying risk in AI
Tags: access, ai, best-practice, bsi, business, ciso, cloud, compliance, control, corporate, csf, cyber, cybersecurity, data, framework, google, governance, group, infrastructure, intelligence, ISO-27001, LLM, mitre, ml, monitoring, nist, PCI, risk, risk-management, strategy, technology, threat, training, vulnerabilityThe data that is inserted in a request.This data is evaluated by a training model that involves an entire architecture.The result of the information that will be delivered From an information security point of view. That is the point that we, information security professionals, must judge in the scope of evaluation from the perspective of…