Tag: governance
-
The Agentic AI Posture Score: A New Metric for CISOs
In cybersecurity, we live by our metrics. We measure Mean Time to Respond (MTTR), Dwell Time, and Patch Cadence. These numbers tell the Board how fast we react when things go wrong. But in the era of Agentic AI, reaction speed is no longer enough. When an AI Agent or an MCP server is compromised,…
-
EU’s answer to CVE solves dependency issue, adds fragmentation risks
Tags: access, ai, china, cisco, cve, cyber, cybersecurity, data, dos, exploit, finance, governance, grc, infrastructure, intelligence, international, nvd, open-source, risk, service, software, threat, tool, vulnerability, vulnerability-managementCoordinated disclosure: Nik Kale, principal engineer and product architect at Cisco Systems, says GCVE’s main challenge comes from building a platform that the security community can rely on for coordinated disclosure and remediation.”Viability depends far more on governance than on the data itself,” Kale says. “That includes clear attribution rules, transparent CNA processes, predictable decision-making,…
-
Kritik am Kritis-Dachgesetz: “Flickenteppich” befürchtet
Der Gesetzesentwurf der Bundesregierung zum Schutz kritischer Infrastruktur reicht nach Meinung des Deutschen Städtetag nicht aus.Der Deutsche Städtetag hält den zur Abstimmung im Bundestag anstehenden Vorschlag der Koalition zum Schutz kritischer Infrastruktur für unzureichend. Der Entwurf von Union und SPD sieht für Unternehmen der kritischen Infrastruktur wie etwa große Energieversorger oder Verkehrsunternehmen strengere Verpflichtungen zum…
-
NSFOCUS Unveils Enhanced AI LLM Risk Threat Matrix for Holistic AI Security Governance
SANTA CLARA, Calif., Jan 29, 2026 Security is a prerequisite for the application and development of LLM technology. Only by addressing security risks when integrating LLMs can businesses ensure healthy and sustainable growth. NSFOCUS first proposed the AI LLM Risk Threat Matrix in 2024. The Matrix addresses security from multiple perspectives: foundational security, data security,…The…
-
KI-Identitäten außer Kontrolle: Massive Governance-Lücken in deutschen Unternehmen
Künstliche Intelligenz ist längst kein Zukunftsthema mehr. Sie agiert in Arbeitsumgebungen bereits heute autonom. Das ist auf der einen Seite ein Riesenvorteil, auf der anderen Seite jedoch schwierig überwachbar. Eine neue internationale Umfrage, beauftragt von Saviynt und in Deutschland, Großbritannien und den USA durchgeführt, zeigt: KI-Identitäten greifen bereits tief in kritische Systeme ein [1]…. First…
-
AI Use by CISA Chief Alarms Cyber Officials
CISA Defends Director’s Use of AI Tool Despite Internal Compliance Review. Cybersecurity and Infrastructure Security Agency Acting Director Madhu Gottumukkala uploaded sensitive documents to ChatGPT under a temporary, approved exception, prompting internal alerts and reigniting concerns over the agency’s AI governance and leadership judgement. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ai-use-by-cisa-chief-alarms-cyber-officials-a-30620
-
AI tools break quickly, underscoring need for governance
In a new report, the security firm Zscaler said it identified severe vulnerabilities in every enterprise tool it tested — sometimes on its first prompt. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-vulnerabilities-governance-zscaler/810718/
-
Stop Staring at JSON: How GenAI is Solving the API >>Context Crisis<<
Tags: ai, api, attack, authentication, banking, business, credentials, credit-card, data, endpoint, governance, mobile, organized, risk, soc, threat, toolThere is a moment that happens in every SOC (Security Operations Center) every day. An alert fires. An analyst looks at a dashboard and sees a UR: POST /vs/payments/proc/77a. And then they stop. They stare. And they ask the question that kills productivity: “What does this thing actually do?” Is it a critical payment gateway?…
-
Always-on privileged access is pervasive, and fraught with risks
Tags: access, api, automation, cloud, credentials, cybersecurity, framework, governance, iam, risk, saas, serviceParadigm shift ahead: Forrester analyst Geoff Cairns stresses the cybersecurity risks at play when organizations do not rein in excessive credential use. “Persistent standing privilege, yes, I think that is rampant,” he says. “It is something that attackers can target and then leverage to move laterally through systems and create havoc. The elevated privilege makes that…
-
Delegation is a risk decision every leader makes, not an ops choice
Tags: access, ai, awareness, breach, business, communications, compliance, control, finance, governance, infrastructure, jobs, resilience, risk, risk-assessment, service, toolAirlines and booking platforms, overwhelmed by volume and operational pressure, delegated financial decision-making to automated systems that could issue credits, delay refunds, or apply preset rules at scale.In many cases, those systems operated exactly as configured. They stayed within internal thresholds, followed approved logic, and reduced immediate operational load. The problem surfaced later. Customers challenged outcomes.…
-
Transfer learning and governance help bridge healthcare AI divide
Singapore researchers show how adapting pre-trained AI models can solve data scarcity issues in countries with limited resources. Separately, they have proposed forming an international consortium to build consensus on AI governance in medicine First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366637650/Transfer-learning-and-governance-help-bridge-healthcare-AI-divide
-
Cryptographic Agility for Contextual AI Resource Governance
Master cryptographic agility for AI resource governance. Learn how to secure Model Context Protocol (MCP) with post-quantum security and granular policy control. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/cryptographic-agility-for-contextual-ai-resource-governance/
-
Privacy Is Fueling the CIO’s AI Agenda
Cisco Research Shows How AI Is Reshaping Data Privacy and Governance. Enterprise data privacy and governance are undergoing fundamental shifts as the promised speed and efficiency of artificial intelligence come crashing into the realities of data risk and regulatory uncertainty. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/privacy-fueling-cios-ai-agenda-a-30610
-
4 Probleme, die CISOs behindern
Tags: ai, business, ciso, cloud, compliance, cyberattack, cybersecurity, cyersecurity, data, framework, governance, risk, risk-management, skills, strategy, tool, vulnerability-managementLesen Sie, welche strategischen Probleme CISOs bei ihren Aufgaben behindern.Viele Sicherheitsverantwortliche glauben, dass ein Cybervorfall unvermeidlich ist unklsar ist lediglich der Zeitpunkt. Diese Überzeugung spiegelt sich in der gängigen Redewendung wider, dass es nicht darum geht, ‘ob”, sondern ‘wann” ein Angriff erfolgt.Eine wachsende Zahl von CISOs rechnet jedoch eher früher als später mit einem Vorfall:…
-
Keeper Security Expands Its Zero-Trust Privileged Access Controls Into Slack
Keeper Security’s new Slack integration extends secure, policy-driven access governance into the platform. Slack serves as one of the most popular and widely used collaboration platforms in the world for organisations of all sizes. It has a strong adoption across EMEA, especially in the European markets including the UK, with high engagement across major hubs…
-
Overcoming AI fatigue
Tags: access, ai, awareness, business, ciso, cloud, control, data, finance, governance, incident response, jobs, metric, monitoring, privacy, risk, strategy, supply-chain, technology, tool, training, zero-trustbefore it becomes fully entrenched in every corner of the business. It’s a rare opportunity, one we shouldn’t waste. A big part of the confusion comes from the word “AI” itself. We use the same label to talk about a chatbot drafting marketing copy and autonomous agents that generate and implement incident response playbooks. Technically,…
-
Datenschutz im KI-Zeitalter: Von der Compliance-Pflicht zur strategischen Security-Governance
Datenschutz ist zu einem zentralen Faktor für IT-Sicherheit, digitale Resilienz und unternehmerisches Vertrauen geworden. Angesichts der immer leistungsfähigeren KI-System werden auch die datenschutzrechtlichen und sicherheitsstrategischen Herausforderungen immer größer. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/datenschutz-im-ki-zeitalter-von-der-compliance-pflicht-zur-strategischen-security-governance/a43465/
-
4 issues holding back CISOs’ security agendas
Tags: access, ai, application-security, attack, business, ciso, cloud, compliance, control, cyber, cybersecurity, data, endpoint, framework, governance, intelligence, jobs, monitoring, network, resilience, risk, risk-assessment, risk-management, sans, service, skills, strategy, technology, threat, tool, training, vulnerability, vulnerability-management2. Inability to keep pace with AI innovation and adoption: Executives and employees alike have been rushing to adopt artificial intelligence, enticed by expectations that AI will transform workflows and save time, money, and effort.But CISOs for the most part have not kept pace with their business colleagues’ rate of AI adoption.According to a survey…
-
The 7 Essential Elements of a Compliance Framework You Need to Know
Key Takeaways Regulatory expectations continue to expand. Oversight bodies increasingly look beyond documentation to how organizations manage compliance risk in practice. In this environment, compliance functions best when supported by a structured framework. While industries and jurisdictions vary, effective, high-quality governance and compliance programs consistently rely on seven foundational elements. From Requirement Lists to Operating……
-
Microsoft handed over BitLocker keys to law enforcement, raising enterprise data control concerns
Tags: access, authentication, backup, breach, business, china, cloud, control, corporate, credentials, data, endpoint, governance, government, group, india, infrastructure, law, mfa, microsoft, risk, service, technologyWhere most enterprises go wrong: Enterprises using BitLocker should treat the recovery keys as highly sensitive, and avoid default cloud backup unless there is a clear business requirement and the associated risks are well understood and mitigated.The safest configuration is to redirect those keys to on-premises Active Directory or a controlled enterprise key vault. Even…
-
Microsoft handed over BitLocker keys to law enforcement, raising enterprise data control concerns
Tags: access, authentication, backup, breach, business, china, cloud, control, corporate, credentials, data, endpoint, governance, government, group, india, infrastructure, law, mfa, microsoft, risk, service, technologyWhere most enterprises go wrong: Enterprises using BitLocker should treat the recovery keys as highly sensitive, and avoid default cloud backup unless there is a clear business requirement and the associated risks are well understood and mitigated.The safest configuration is to redirect those keys to on-premises Active Directory or a controlled enterprise key vault. Even…
-
F5 Strengthens, Scales Sustains AI Security With Integrated Runtime Protection
F5 AI Guardrails and F5 AI Red Team extend platform capabilities with continuous testing, adaptive governance and real-time protection. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/f5-strengthens-scales-sustains-ai-security-with-integrated-runtime-protection/
-
F5 Strengthens, Scales Sustains AI Security With Integrated Runtime Protection
F5 AI Guardrails and F5 AI Red Team extend platform capabilities with continuous testing, adaptive governance and real-time protection. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/f5-strengthens-scales-sustains-ai-security-with-integrated-runtime-protection/
-
F5 Strengthens, Scales Sustains AI Security With Integrated Runtime Protection
F5 AI Guardrails and F5 AI Red Team extend platform capabilities with continuous testing, adaptive governance and real-time protection. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/f5-strengthens-scales-sustains-ai-security-with-integrated-runtime-protection/
-
Dobrindt zu Cyberangriffen: “Wir werden zurückschlagen”
Innenminister Dobrindt will, dass Behörden offensiver gegen Cyberattacken vorgehen können.Die Bundesregierung will auf Cyberangriffe künftig offensiver reagieren. “Wir werden zurückschlagen, auch im Ausland. Wir werden Angreifer stören und ihre Infrastruktur zerstören”, sagte Bundesinnenminister Alexander Dobrindt (CSU) der «Süddeutschen Zeitung». Deutschland werde die Schwelle für solche Schritte niedrig ansetzen.Verantwortlich für solche Gegenschläge sollen laut Dobrindt Geheimdienste…
-
CISO’s predictions for 2026
Tags: access, ai, attack, authentication, automation, breach, business, ciso, cloud, control, credentials, cryptography, cyber, cyberattack, cybersecurity, data, data-breach, encryption, endpoint, extortion, finance, governance, government, healthcare, identity, infrastructure, malicious, mobile, mssp, network, password, penetration-testing, ransomware, risk, router, saas, soc, strategy, supply-chain, technology, threat, tool, vulnerability, warfareAI agents to reshape the threat landscape: But those same AI technologies are also changing the threat landscape. Toal points to a recent Anthropic report that documented the first large-scale AI-enabled cyberattack as an early warning sign. “I guarantee attackers will be more focused on using AI agents for what they want than a lot…
-
As Oracle loses interest in MySQL, devs mull future options
As Big Red’s governance of the popular database comes into question, contributors to MySQL consider wresting control First seen on theregister.com Jump to article: www.theregister.com/2026/01/23/mysql_post_oracle/