Tag: governance

Coming AI regulations have IT leaders worried about hefty compliance fines

Oct 16, 2025 1:07 PM

Tags: ai, cio, compliance, control, data, gartner, governance, healthcare, intelligence, law, regulation, risk, software, technology, tool, training, usa

CIOs on the forefront: With US states and more countries potentially passing AI regulations, CIOs are understandably nervous about compliance as they deploy the technology, says Dion Hinchcliffe, vice president and practice lead for digital leadership and CIOs, at market intelligence firm Futurum Equities.”The CIO is on the hook to make it actually work, so…
Coming AI regulations have IT leaders worried about hefty compliance fines

Oct 16, 2025 1:07 PM

Tags: ai, cio, compliance, control, data, gartner, governance, healthcare, intelligence, law, regulation, risk, software, technology, tool, training, usa

CIOs on the forefront: With US states and more countries potentially passing AI regulations, CIOs are understandably nervous about compliance as they deploy the technology, says Dion Hinchcliffe, vice president and practice lead for digital leadership and CIOs, at market intelligence firm Futurum Equities.”The CIO is on the hook to make it actually work, so…
A View from the C-suite: Aligning AI security to the NIST RMF FireTail Blog

Oct 16, 2025 12:08 AM

Tags: access, ai, attack, breach, csf, cybersecurity, data, data-breach, defense, detection, framework, governance, grc, guide, incident response, infrastructure, injection, jobs, LLM, malicious, nist, RedTeam, risk, risk-management, strategy, supply-chain, theft, tool, vulnerability

Oct 15, 2025 – Jeremy Snyder – In 2025, the AI race is surging ahead and the pressure to innovate is intense. For years, the NIST Cybersecurity Framework (CSF) has been our trusted guide for managing risk. It consists of five principles: identify, protect, detect, respond, and recover. But with the rise of AI revolutionizing…
New York Hospitals Are Facing Tougher Cyber Rules Than HIPAA

Oct 15, 2025 10:07 PM

Tags: compliance, cyber, cybersecurity, data, governance, healthcare, HIPAA, regulation

State cybersecurity regulations that apply to some hospitals in New York state go well compliance under the federal HIPAA security rule, posing expanded data governance challenges for providers, said Matthew Bernstein of consulting firm Bernstein Data. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/new-york-hospitals-are-facing-tougher-cyber-rules-than-hipaa-i-5498
New York Hospitals Are Facing Tougher Cyber Rules Than HIPAA

Oct 15, 2025 10:07 PM

Tags: compliance, cyber, cybersecurity, data, governance, healthcare, HIPAA, regulation

State cybersecurity regulations that apply to some hospitals in New York state go well compliance under the federal HIPAA security rule, posing expanded data governance challenges for providers, said Matthew Bernstein of consulting firm Bernstein Data. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/new-york-hospitals-are-facing-tougher-cyber-rules-than-hipaa-i-5498
New York Hospitals Are Facing Tougher Cyber Rules Than HIPAA

Oct 15, 2025 10:07 PM

Tags: compliance, cyber, cybersecurity, data, governance, healthcare, HIPAA, regulation

State cybersecurity regulations that apply to some hospitals in New York state go well compliance under the federal HIPAA security rule, posing expanded data governance challenges for providers, said Matthew Bernstein of consulting firm Bernstein Data. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/new-york-hospitals-are-facing-tougher-cyber-rules-than-hipaa-i-5498
Introducing MAESTRO: A framework for securing generative and agentic AI

Oct 15, 2025 2:54 PM

Tags: ai, api, attack, banking, business, cloud, compliance, container, control, data, detection, endpoint, fintech, framework, fraud, GDPR, governance, identity, infrastructure, injection, kubernetes, LLM, malicious, mitre, monitoring, network, nist, PCI, radius, risk, saas, service, supply-chain, threat, tool, unauthorized

System boundary: MAESTRO reviews focus on models, AI agents, data flows, CI/CD pipelines, supporting tools and third-party APIs. Broader IT security hygiene (patching, identity governance, endpoint protection) is assumed to be managed by existing programs.Assumptions: organizations have the security baseline configurations and compliance, such as ISO 27XXX, in place. MAESTRO builds on these baselines and…
Beyond the checklist: Building adaptive GRC frameworks for agentic AI

Oct 15, 2025 1:54 PM

Tags: access, ai, breach, ciso, cloud, compliance, control, crime, data, detection, endpoint, finance, framework, fraud, governance, grc, international, metric, monitoring, nist, risk, risk-management, strategy, supply-chain, switch

Autonomous agent drift First, I experienced an autonomous agent drift that nearly caused a severe financial and reputational crisis. We deployed a sophisticated agent tasked with optimizing our cloud spending and resource allocation across three regions, giving it a high degree of autonomy. Its original mandate was clear, but after three weeks of self-learning and…
Resilience Engineering: Britische Unternehmen sollen Notfallpläne entwickeln

Oct 14, 2025 3:24 PM

Tags: cyberattack, governance, government, resilience

Die britische Regierung empfiehlt Unternehmen, Vorkehrungen für den Fall einer Cyberattacke zu treffen – mit Stift und Papier. First seen on golem.de Jump to article: www.golem.de/news/resilience-engineering-britische-unternehmen-sollen-notfallplaene-entwickeln-2510-201150.html
Resilience Engineering: Britische Unternehmen sollen Notfallpläne entwickeln

Oct 14, 2025 3:24 PM

Tags: cyberattack, governance, government, resilience

Die britische Regierung empfiehlt Unternehmen, Vorkehrungen für den Fall einer Cyberattacke zu treffen – mit Stift und Papier. First seen on golem.de Jump to article: www.golem.de/news/resilience-engineering-britische-unternehmen-sollen-notfallplaene-entwickeln-2510-201150.html
Oracle issues second emergency patch for E-Business Suite in two weeks

Oct 14, 2025 11:23 AM

Tags: attack, business, cve, cybersecurity, data, exploit, google, governance, group, identity, infrastructure, intelligence, kev, least-privilege, malicious, mandiant, monitoring, network, oracle, strategy, threat, update, vulnerability, zero-trust

Immediate actions for CVE-2025-61884: Oracle has provided patches for CVE-2025-61884 for all affected versions covered under Premier Support or Extended Support. However, security experts warned that patching alone may not be sufficient. The lessons from the recent CVE-2025-61882 attacks show that organizations need to hunt for signs of prior compromise even after applying fixes.In a…
NIS2-Umsetzung: Mehr digitale Resilienz für Europa

Oct 14, 2025 8:23 AM

Tags: germany, governance, nis-2, resilience

Experten begrüßen Kabinettsbeschluss Dänemark als mögliches Vorbild für nächste Schritte? Ende Juli hat die Bundesregierung den Kabinettsbeschluss zur Umsetzung der EU-NIS2-Richtlinie gefasst und damit den Weg für strengere IT-Sicherheitsanforderungen in Deutschland geebnet. Doch während Deutschland hierbei noch ganz am Anfang steht, hat unser Nachbarland Dänemark die Richtlinie bereits vollständig in nationales Recht umgesetzt… First seen…
NIS2-Umsetzung: Mehr digitale Resilienz für Europa

Oct 14, 2025 8:23 AM

Tags: germany, governance, nis-2, resilience

Experten begrüßen Kabinettsbeschluss Dänemark als mögliches Vorbild für nächste Schritte? Ende Juli hat die Bundesregierung den Kabinettsbeschluss zur Umsetzung der EU-NIS2-Richtlinie gefasst und damit den Weg für strengere IT-Sicherheitsanforderungen in Deutschland geebnet. Doch während Deutschland hierbei noch ganz am Anfang steht, hat unser Nachbarland Dänemark die Richtlinie bereits vollständig in nationales Recht umgesetzt… First seen…
NIS2-Umsetzung: Mehr digitale Resilienz für Europa

Oct 14, 2025 8:23 AM

Tags: germany, governance, nis-2, resilience

Experten begrüßen Kabinettsbeschluss Dänemark als mögliches Vorbild für nächste Schritte? Ende Juli hat die Bundesregierung den Kabinettsbeschluss zur Umsetzung der EU-NIS2-Richtlinie gefasst und damit den Weg für strengere IT-Sicherheitsanforderungen in Deutschland geebnet. Doch während Deutschland hierbei noch ganz am Anfang steht, hat unser Nachbarland Dänemark die Richtlinie bereits vollständig in nationales Recht umgesetzt… First seen…
Netherlands invokes special powers against Chinese-owned semiconductor company Nexperia

Oct 13, 2025 6:24 PM

Tags: china, governance

The Dutch ministry of economic affairs said it was making the “highly exceptional” move “following recent and acute signals of serious governance shortcomings” at Nexperia. First seen on therecord.media Jump to article: therecord.media/netherlands-special-powers-chinese-owned-semiconductor
Dull but dangerous: A guide to 15 overlooked cybersecurity blind spots

Oct 13, 2025 2:24 PM

Tags: access, ai, api, attack, backup, cloud, control, corporate, credentials, crypto, cybersecurity, data, detection, dns, edr, email, encryption, endpoint, exploit, firewall, firmware, governance, guide, iam, identity, iot, leak, least-privilege, linux, malicious, mfa, network, password, phishing, phone, ransomware, resilience, saas, sbom, service, siem, strategy, supply-chain, tool, unauthorized, update, vulnerability

Server time synchronization (NTP drift) Skewed clocks create a perfect cover for attackers. When your servers disagree about when events happened, correlation dies and forensics becomes fiction. Yet most organizations treat NTP like plumbing: set once and forget.Fix this now: Enforce a secure NTP hierarchy with authenticated sources. Monitor offset religiously. Block unauthorized NTP traffic…
Dull but dangerous: A guide to 15 overlooked cybersecurity blind spots

Oct 13, 2025 2:24 PM

Tags: access, ai, api, attack, backup, cloud, control, corporate, credentials, crypto, cybersecurity, data, detection, dns, edr, email, encryption, endpoint, exploit, firewall, firmware, governance, guide, iam, identity, iot, leak, least-privilege, linux, malicious, mfa, network, password, phishing, phone, ransomware, resilience, saas, sbom, service, siem, strategy, supply-chain, tool, unauthorized, update, vulnerability

Server time synchronization (NTP drift) Skewed clocks create a perfect cover for attackers. When your servers disagree about when events happened, correlation dies and forensics becomes fiction. Yet most organizations treat NTP like plumbing: set once and forget.Fix this now: Enforce a secure NTP hierarchy with authenticated sources. Monitor offset religiously. Block unauthorized NTP traffic…
So gelingt die Balance zwischen Risiko und Innovation bei der künstlichen Intelligenz

Oct 13, 2025 2:24 PM

Tags: ai, compliance, governance, risk

Unternehmen stehen heute vor der Aufgabe, ihre Governance, Risiko- und Compliance-Systeme (GRC) grundlegend neu zu denken. Die rasante Etablierung künstlicher Intelligenz (KI) im Unternehmensalltag und die Regulierung durch den EU-AI-Act zwingen Organisationen dazu, über klassische Compliance- und Risikomanagementtools hinauszugehen und proaktive KI-Governance zu etablieren. Entscheidend ist dabei: Wer jetzt strategisch handelt, um die Anforderungen an…
So gelingt die Balance zwischen Risiko und Innovation bei der künstlichen Intelligenz

Oct 13, 2025 2:24 PM

Tags: ai, compliance, governance, risk

Unternehmen stehen heute vor der Aufgabe, ihre Governance, Risiko- und Compliance-Systeme (GRC) grundlegend neu zu denken. Die rasante Etablierung künstlicher Intelligenz (KI) im Unternehmensalltag und die Regulierung durch den EU-AI-Act zwingen Organisationen dazu, über klassische Compliance- und Risikomanagementtools hinauszugehen und proaktive KI-Governance zu etablieren. Entscheidend ist dabei: Wer jetzt strategisch handelt, um die Anforderungen an…
So gelingt die Balance zwischen Risiko und Innovation bei der künstlichen Intelligenz

Oct 13, 2025 2:24 PM

Tags: ai, compliance, governance, risk

Unternehmen stehen heute vor der Aufgabe, ihre Governance, Risiko- und Compliance-Systeme (GRC) grundlegend neu zu denken. Die rasante Etablierung künstlicher Intelligenz (KI) im Unternehmensalltag und die Regulierung durch den EU-AI-Act zwingen Organisationen dazu, über klassische Compliance- und Risikomanagementtools hinauszugehen und proaktive KI-Governance zu etablieren. Entscheidend ist dabei: Wer jetzt strategisch handelt, um die Anforderungen an…
Dutch government puts Nexperia on a short leash over chip security fears

Oct 13, 2025 1:23 PM

Tags: china, governance, government

Minister invokes powers to stop firm shifting knowledge to China, citing governance shortcomings First seen on theregister.com Jump to article: www.theregister.com/2025/10/13/nexperia_special_measures/
What to look for in a data protection platform for hybrid clouds

Oct 13, 2025 9:23 AM

Tags: access, advisory, ai, attack, automation, backup, breach, business, cisco, cloud, compliance, computing, control, corporate, data, defense, encryption, endpoint, framework, gartner, google, governance, government, group, guide, ibm, identity, infrastructure, intelligence, Internet, iot, kubernetes, law, malware, metric, microsoft, monitoring, network, oracle, privacy, ransomware, regulation, risk, risk-assessment, saas, service, software, technology, threat, tool, veeam, vmware, vulnerability, zero-trust

hybrid cloud data protection buyer’s guide today!] In this buyer’s guide Data protection for hybrid clouds explainedWhy hybrid clouds need data protectionWhat to look for in a data protection platform for hybrid cloudsMajor trends in data protection for hybrid cloudsLeading vendors for data protection of hybrid cloudsWhat to ask before buying data protection for hybrid…
What to look for in a data protection platform for hybrid clouds

Oct 13, 2025 9:23 AM

Tags: access, advisory, ai, attack, automation, backup, breach, business, cisco, cloud, compliance, computing, control, corporate, data, defense, encryption, endpoint, framework, gartner, google, governance, government, group, guide, ibm, identity, infrastructure, intelligence, Internet, iot, kubernetes, law, malware, metric, microsoft, monitoring, network, oracle, privacy, ransomware, regulation, risk, risk-assessment, saas, service, software, technology, threat, tool, veeam, vmware, vulnerability, zero-trust

hybrid cloud data protection buyer’s guide today!] In this buyer’s guide Data protection for hybrid clouds explainedWhy hybrid clouds need data protectionWhat to look for in a data protection platform for hybrid cloudsMajor trends in data protection for hybrid cloudsLeading vendors for data protection of hybrid cloudsWhat to ask before buying data protection for hybrid…
What to look for in a data protection platform for hybrid clouds

Oct 13, 2025 9:23 AM

Tags: access, advisory, ai, attack, automation, backup, breach, business, cisco, cloud, compliance, computing, control, corporate, data, defense, encryption, endpoint, framework, gartner, google, governance, government, group, guide, ibm, identity, infrastructure, intelligence, Internet, iot, kubernetes, law, malware, metric, microsoft, monitoring, network, oracle, privacy, ransomware, regulation, risk, risk-assessment, saas, service, software, technology, threat, tool, veeam, vmware, vulnerability, zero-trust

hybrid cloud data protection buyer’s guide today!] In this buyer’s guide Data protection for hybrid clouds explainedWhy hybrid clouds need data protectionWhat to look for in a data protection platform for hybrid cloudsMajor trends in data protection for hybrid cloudsLeading vendors for data protection of hybrid cloudsWhat to ask before buying data protection for hybrid…
Cybersecurity Snapshot: AI Security Skills Drive Up Cyber Salaries, as Cyber Teams Grow Arsenal of AI Tools, Reports Find

Oct 10, 2025 9:24 PM

Tags: access, advisory, ai, attack, authentication, breach, business, ciso, cloud, computing, credentials, cve, cyber, cybersecurity, data, defense, endpoint, exploit, extortion, finance, framework, fraud, google, governance, guide, hacker, hacking, identity, incident response, Internet, iot, jobs, login, microsoft, monitoring, network, nist, oracle, organized, password, privacy, ransomware, risk, risk-assessment, risk-management, scam, skills, technology, threat, tool, training, update, vulnerability, vulnerability-management, zero-day

Want recruiters to show you the money? A new report says AI skills are your golden ticket. Plus, cyber teams are all in on AI, including agentic AI tools. Oh, and please patch a nasty Oracle zero-day bug ASAP. And get the latest on vulnerability management, IoT security and cyber fraud. Key takeaways Eager to…
FBI seizes BreachForums servers as threatened Salesforce data release deadline approaches

Oct 10, 2025 9:24 PM

Tags: attack, dark-web, data, detection, extortion, governance, infrastructure, intelligence, leak, least-privilege, radius, ransomware, risk, saas, service

Targeting SaaS: Rik Ferguson, VP security intelligence at Forescout, agreed that any disruption was likely to be a temporary setback.”It burns infrastructure, yields intelligence, and sows distrust among criminals. But the gang’s dark-web leak site is still up, and they explicitly say the campaign continues,” he told CSO Online by email.”That tells you everything about…
Nanoprecise partners with AccuKnox to strengthen its Zero Trust Cloud Security and Compliance Posture

Oct 10, 2025 5:23 PM

Tags: ai, cloud, compliance, cyber, governance, intelligence, iot, monitoring, usa, zero-trust

Menlo Park, USA, October 10th, 2025, CyberNewsWire AccuKnox, a leader in Zero Trust Cloud Native Application Protection Platforms (CNAPP), is proud to announce that Nanoprecise has selected AccuKnox to enhance its cloud security, governance, and compliance framework. Nanoprecise is a pioneer predictive maintenance and condition monitoring, and leverages Artificial Intelligence and IoT technologies to deliver…
Nanoprecise partners with AccuKnox to strengthen its Zero Trust Cloud Security and Compliance Posture

Oct 10, 2025 5:23 PM

Tags: ai, cloud, compliance, cyber, governance, intelligence, iot, monitoring, usa, zero-trust

Menlo Park, USA, October 10th, 2025, CyberNewsWire AccuKnox, a leader in Zero Trust Cloud Native Application Protection Platforms (CNAPP), is proud to announce that Nanoprecise has selected AccuKnox to enhance its cloud security, governance, and compliance framework. Nanoprecise is a pioneer predictive maintenance and condition monitoring, and leverages Artificial Intelligence and IoT technologies to deliver…
Nanoprecise partners with AccuKnox to strengthen its Zero Trust Cloud Security and Compliance Posture

Oct 10, 2025 5:23 PM

Tags: ai, cloud, compliance, cyber, governance, intelligence, iot, monitoring, usa, zero-trust

Menlo Park, USA, October 10th, 2025, CyberNewsWire AccuKnox, a leader in Zero Trust Cloud Native Application Protection Platforms (CNAPP), is proud to announce that Nanoprecise has selected AccuKnox to enhance its cloud security, governance, and compliance framework. Nanoprecise is a pioneer predictive maintenance and condition monitoring, and leverages Artificial Intelligence and IoT technologies to deliver…
Multimodal AI, A Whole New Social Engineering Playground for Hackers

Oct 10, 2025 2:23 PM

Tags: ai, automation, ciso, cyber, exploit, governance, hacker, incident response, social-engineering, strategy

Multimodal AI delivers context-rich automation but also multiplies cyber risk. Hidden prompts, poisoned pixels, and cross-modal exploits can corrupt entire pipelines. Discover how attackers manipulate multimodal inputs”, and the governance, testing, and incident response strategies CISOs need to stay ahead. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/multimodal-ai-a-whole-new-social-engineering-playground-for-hackers/