Tag: governance

Chinesische Telekom-Hacker in 80 Ländern aktiv

Aug 28, 2025 10:23 AM

Tags: cyberattack, germany, governance, government, hacker, usa

Laut FBI hat es die chinesische Hackergruppe “Salt Typhoon” auf mindestens 80 Länder abgesehen.Die mutmaßlich chinesischen Hacker, die Telekommunikations-Anbieter in den USA ausspähten, greifen rund um die Welt an. Die US-Bundespolizei FBI informierte im Zuge mindestens 80 Länder, in denen Aktivität der Gruppe “Salt Typhoon” festgestellt worden sei. Eine ausführliche Beschreibung der Vorgehensweise der Hacker…
The CISO succession crisis: why companies have no plan and how to change that

Aug 28, 2025 10:23 AM

Tags: access, attack, business, ceo, cio, ciso, compliance, control, corporate, cyber, cybersecurity, data, email, flaw, framework, fraud, governance, jobs, phishing, privacy, risk, risk-management, skills, software, technology, threat, training

The technical-to-strategic divide: One major obstacle keeping many mid-level security pros from becoming CISOs isn’t their tech skills, it’s learning to shift from doing hands-on security work to acting as strategic business partners. That change takes a whole new set of skills and a different way of thinking.”I think you see this with a lot…
Chinesische Hackergruppe Salt Typhoon greift weltweit (Telekom-)Unternehmen an

Aug 28, 2025 10:23 AM

Tags: governance, government

Die US National Security Agency (NSA) und andere US-amerikanische und ausländische Organisationen (z.B. das BSI) haben eine Sicherheitswarnung herausgegeben. Cybergruppen wie Salt Typhoon, die von der chinesischen Regierung unterstützt werden, greifen weltweit Netzwerke in den Bereichen Telekommunikation, Regierung, Transport, Beherbergung … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/08/28/chinesische-hackergruppe-salt-typhoon-greift-weltweit-telekom-unternehmen-an/
Regierung plant stärkere Cyberabwehr

Aug 28, 2025 10:23 AM

Tags: cyber, cyberattack, germany, governance, government, resilience

Die Bundesregierung will Ende des Jahres einen Gesetzentwurf vorlegen, der die Cyberabwehr in Deutschland stärken soll.Die Bundesregierung hat ein entschiedeneres Vorgehen gegen Sicherheitsbedrohungen im digitalen Raum angekündigt. Wie Regierung und Bundesinnenministerium mitteilten, beschloss das Kabinett entsprechende Eckpunkte zur Erhöhung der Cybersicherheit.Das Innenministerium plant demnach, bis Ende des Jahres einen Gesetzentwurf vorzulegen, der den Sicherheitsbehörden mehr…
Cyber-Dome: Bundesregierung plant stärkere Cyberabwehr

Aug 27, 2025 6:23 PM

Tags: cyber, governance

Die Pläne zu einer besseren Cyberabwehr sind noch sehr vage. Ein Gesetzentwurf von Alexander Dobrindt soll bis Ende 2025 kommen. First seen on golem.de Jump to article: www.golem.de/news/cyber-dome-bundesregierung-plant-staerkere-cyberabwehr-2508-199572.html
SailPoint bringt neue Lösung für Anwendungsintelligenz und Governance

Aug 27, 2025 3:23 PM

Tags: governance, resilience

Unternehmen benötigen nicht nur schnelleres Onboarding sie brauchen eine intelligentere Grundlage für langfristige Resilienz und Wachstum. urch die Integration von Intelligenz ins Anwendungsmanagement können Organisationen mehr Assets schützen, schneller wachsen und Identität gezielt als Motor für agile Geschäftsmodelle nutzen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sailpoint-bringt-neue-loesung-fuer-anwendungsintelligenz-und-governance/a41810/
Only 49% of companies to increase cyber budget after a breach

Aug 27, 2025 10:23 AM

Tags: access, advisory, ai, breach, ciso, cyber, cybersecurity, data, data-breach, defense, exploit, governance, ibm, risk, service, strategy, technology, threat, tool, unauthorized, vulnerability

Complexity and broken processes: Todd Thorsen, CISO at data recovery vendor CrashPlan, said that some breach victims may conclude that they were more exposed to the complexity of their IT environment rather than insufficient investment.”Complexity can be as big a problem as underinvestment in security, duplicative systems, poorly managed integrations, shelf-ware, etc.,” he says. “This…
5 ways to improve cybersecurity function while spending less

Aug 27, 2025 10:23 AM

Tags: advisory, ai, authentication, ceo, ciso, control, cyber, cybersecurity, firewall, governance, incident response, mfa, microsoft, middle-east, risk, scam, service, siem, skills, soc, technology, threat, tool, training, windows

2. Focus on people and processes: “Teamwork and influential leadership are pivotal in Orange County. We work side-by-side as extensions across our departments. We can’t all do everything, and we don’t want to reinvent the wheel. We shoulder the burden together, revisit existing initiatives, and reduce that tech debt,” Cheramie explains. “That’s how you do…
LLMs easily exploited using run-on sentences, bad grammar, image scaling

Aug 27, 2025 6:23 AM

Tags: access, advisory, ai, api, attack, control, data, email, exploit, google, governance, injection, LLM, malicious, network, open-source, openai, social-engineering, strategy, technology, threat, training, update, vulnerability

The trick is to give a really long set of instructions without punctuation or most especially not a period or full stop that might imply the end of a sentence because by this point in the text the AI safety rules and other governance systems have lost their way and given upModels are also easily…
Microsoft’s New AI Risk Assessment Framework A Step Forward

Aug 27, 2025 5:23 AM

Tags: ai, cybersecurity, data, framework, governance, microsoft, risk, risk-assessment, tool

Microsoft recently introduced a new framework designed to assess the security of AI models. It’s always encouraging to see developers weaving cybersecurity considerations into the design and deployment of emerging, disruptive technologies. Stronger security reduces the potential for harmful outcomes”Š”, “Šand that’s a win for everyone. It is wonderful to see that Microsoft leveraged its…
NIS2 und der Mittelstand: Zwischen Pflicht und Praxis

Aug 26, 2025 4:54 PM

Tags: ai, ceo, compliance, cybersecurity, cyersecurity, dora, fortinet, germany, governance, healthcare, international, network, nis-2, resilience, risk, risk-analysis, risk-management, service, software, strategy, supply-chain, zero-trust

Neue EU-Vorgaben wie DORA und NIS2 setzen Unternehmen unter Zugzwang bieten aber gleichzeitig die Chance, IT-Sicherheit strategisch neu zu denken.Wem das noch nicht Grund genug ist, sich mit der Resilienz und IT-Sicherheit des eigenen Unternehmens zu befassen, hat aus Richtung der Europäischen Union in den letzten Monaten noch einmal etwas Zusatzmotivation erhalten. Während von dem…
NIS2 und der Mittelstand: Zwischen Pflicht und Praxis

Aug 26, 2025 4:54 PM

Tags: ai, ceo, compliance, cybersecurity, cyersecurity, dora, fortinet, germany, governance, healthcare, international, network, nis-2, resilience, risk, risk-analysis, risk-management, service, software, strategy, supply-chain, zero-trust

Neue EU-Vorgaben wie DORA und NIS2 setzen Unternehmen unter Zugzwang bieten aber gleichzeitig die Chance, IT-Sicherheit strategisch neu zu denken.Wem das noch nicht Grund genug ist, sich mit der Resilienz und IT-Sicherheit des eigenen Unternehmens zu befassen, hat aus Richtung der Europäischen Union in den letzten Monaten noch einmal etwas Zusatzmotivation erhalten. Während von dem…
Need help with AI safety? Stay ahead of risks with these tools and frameworks

Aug 25, 2025 6:54 PM

Tags: advisory, ai, best-practice, business, cloud, compliance, conference, control, cybersecurity, finance, framework, governance, government, group, healthcare, intelligence, microsoft, privacy, resilience, risk, service, skills, strategy, technology, tool

Comprehensive AI readiness lists for organizations to evaluate how prepared they really are for AI.Usage guidelines that align with existing security and governance practices.Strategies for how to tackle AI ethical risks like bias and transparency.AI security instructions for how to use AI safely to strengthen cybersecurity.Attack resilience guidelines for understanding how AI systems can be…
Meet the unsung silent hero of cyber resilience you’ve been ignoring

Aug 25, 2025 3:55 PM

Tags: ai, blockchain, compliance, computing, cyber, cybersecurity, defense, detection, dora, framework, GDPR, governance, infrastructure, iot, monitoring, network, PCI, regulation, resilience, technology, tool

Fixing this isn’t complicated. It just needs your focused attention: First, secure your sources. Forget public NTP servers from dubious origins. Instead, choose authenticated and secure protocols, such as NTP or Network Time Security (NTS). These protocols offer encrypted and tamper-resistant synchronization, ensuring that your clocks can’t be easily spoofed.Next, redundancy matters. Don’t rely on…
How AI is reshaping cybersecurity operations

Aug 25, 2025 9:54 AM

Tags: access, ai, attack, business, ciso, cloud, control, cyber, cybersecurity, data, defense, detection, encryption, finance, gartner, governance, guide, hacker, infrastructure, intelligence, jobs, malware, microsoft, monitoring, phishing, regulation, resilience, risk, sans, service, skills, soc, strategy, supply-chain, technology, threat, tool, training, update

Because AI can perform tasks at speeds that supersede human capacity, it exponentially scales the amount of work that a cybersecurity function can do, says Rob T. Lee, chief of research for AI and emerging threats and head of faculty at SANS Institute.Moreover, AI excels at doing repetitive tasks near perfectly every time, so it…
Microsoft Copilot Agent Policy Flaw Lets Any User Access AI Agents

Aug 25, 2025 8:54 AM

Tags: access, ai, control, cyber, flaw, framework, governance, microsoft, unauthorized

Microsoft has disclosed a critical flaw in its Copilot agents’ governance framework that allows any authenticated user to access and interact with AI agents within an organization”, bypassing intended policy controls and exposing sensitive operations to unauthorized actors. At the core of the issue is the way Copilot Agent Policies are enforced”, or, more accurately,…
Warum Chatkontrolle zum Scheitern verurteilt ist oder noch Schlimmeres droht

Aug 25, 2025 5:54 AM

Tags: governance

Die EU diskutiert seit Jahren über Chatkontrolle. Jetzt hat die Bundesregierung ihre Haltung geändert: Statt Nein sagt sie nur noch »unentschlossen«. Damit wächst die Gefahr, dass die EU den riskanten Vorschlag beschließt. Chatkontrolle widerspricht nicht nur den europäischen Datenschutzgesetzen, sondern es wird auch praktisch nicht funktionieren. Im besten Fall bleibt das Gesetz wirkungslos, aber im……
Featured Chrome extension FreeVPN.One caught capturing and transmitting user data

Aug 22, 2025 3:54 PM

Tags: access, api, browser, ceo, chrome, corporate, credentials, data, data-breach, endpoint, finance, governance, healthcare, india, malicious, mobile, monitoring, privacy, risk, technology, threat, tool, vpn, vulnerability, vulnerability-management

Unmanaged extensions expose enterprises: Such incidents highlight how unmanaged browser extensions can act as covert data exfiltration channels, exposing sensitive corporate information. Enterprises usually deploy licensed, corporate-grade VPNs that are safe and accompanied by monitoring and access controls. But employees often install free VPN extensions for personal use.”This poses as a major threat to industries…
The Triple Threats CISOs cannot ignore: A Perfect Storm of Digital Frontlines, Dark AI and Quantum Leaps

Aug 22, 2025 6:54 AM

Tags: ai, ciso, computer, computing, corporate, cyber, cybersecurity, data, deep-fake, email, encryption, firewall, fraud, governance, incident response, intelligence, malicious, penetration-testing, phishing, resilience, risk, scam, service, siem, soc, social-engineering, technology, threat, tool, training, vulnerability

Adrian Hia, Managing Director for Asia Pacific at Kaspersky.Smart Security Operations Centers (SOCs) that leverage AI and real-time analytics to monitor, respond, and adapt to these complex new threats are critical. Adrian Hia further shared, “When incidents occur, response becomes critical. Every minute equates to dollars lost. organisations in Southeast Asia are increasingly relying on…
Anthropic Folds Claude Code Into Business Plans With Governance Tools

Aug 22, 2025 12:54 AM

Tags: ai, api, business, compliance, governance, tool

Anthropic added Claude Code to its Team and Enterprise subscriptions, alongside a new Compliance API that helps IT leaders enforce governance and track AI coding activity. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-anthropic-claude-code-business-plan-governance/
Microsoft 365 Adds New Feature for Admins to Manage Link Creation Policies

Aug 21, 2025 3:54 PM

Tags: ai, control, cyber, governance, microsoft

Microsoft announced on August 20, 2025, a significant enhancement to its Microsoft 365 administrative capabilities with the introduction of new tenant-level controls for managing org-wide sharing links for user-built Copilot agents. This feature, scheduled for general availability in mid-September 2025, represents a critical step forward in enterprise governance for AI-powered collaboration tools. Enhanced Administrative Control…
Why AI Agents and MCP Servers Just Became a CISO’s Most Urgent Priority

Aug 21, 2025 2:56 PM

Tags: ai, api, attack, breach, ciso, control, data, detection, exploit, framework, governance, infrastructure, LLM, risk, technology, threat, tool, update, waf

Over the last year, I’ve spent countless hours with CISOs, CTOs, and security architects talking about a new wave of technology that’s changing the game faster than anything we’ve seen before: Agentic AI and Model Context Protocol (MCP) servers. If you think AI is still in the “cool demos and pilot projects” stage, think again.…
The End of Tribal Knowledge: Why Contextual Policy Is the Foundation for Agentic AI Development

Aug 21, 2025 5:54 AM

Tags: ai, data, governance, risk, software
New security features beef up Google Cloud Platform

Aug 19, 2025 6:54 PM

Tags: access, ai, attack, authentication, cloud, compliance, computing, control, credentials, data, defense, detection, encryption, finance, google, governance, group, iam, incident response, intelligence, least-privilege, monitoring, network, privacy, RedTeam, risk, service, soar, soc, technology, threat, tool, unauthorized, update, vulnerability, waf, zero-trust

CSO in an email.”One of the biggest security improvements that we’re announcing is within our AI Protection solution [part of a customer’s GCP Security Command Center]. As organizations rapidly adopt AI, we’re developing new capabilities to help them keep their initiatives secure.”These include new capabilities for automated discovery of AI agents and Model Context Protocol…
KI-Agenten breiten sich aus aber Governance-Lücken gefährden Vertrauen der Verbraucher

Aug 19, 2025 4:54 PM

Tags: ai, governance

First seen on datensicherheit.de Jump to article: www.datensicherheit.de/ki-agenten-ausbreitung-governance-luecken-gefahr-verbraucher-vertrauen
FireTail at Black Hat USA 2025: Finalist in the Startup Spotlight FireTail Blog

Aug 19, 2025 11:54 AM

Tags: ai, control, data, governance, risk, risk-assessment, risk-management, startup, unauthorized, usa

Aug 18, 2025 – Lina Romero – Title: FireTail at Black Hat USA 2025: Finalist in the Startup Spotlight FireTail was one of just four finalists competing at Black Hat’s Startup Spotlight this year. FireTail was one of four startups selected as a finalist in the Black Hat USA 2025 Startup Spotlight Competition. This week…
Wie CISOs von der Blockchain profitieren

Aug 19, 2025 6:58 AM

Tags: access, ai, api, blockchain, ciso, compliance, framework, governance, identity, LLM, network, saas, sbom, software, tool, zero-trust

Die Blockchain macht Trust verifizierbar.Sicherheitsvorfälle gehen nicht nur auf eine Kompromittierung der internen Systeme zurück. Sie hängen regelmäßig auch damit zusammen, dass:Privileged-Access-Protokolle fehlen,SaaS-Audit-Trails nicht vertrauenswürdig sind, oderLieferketten kompromittiert werden.Die Blockchain kann dabei helfen, diese realen Probleme zu lösen und Manipulationssicherheit, Datenintegrität und Trust zu gewährleisten. Im Kern ist Blockchain ein System von Datensätzen, die über…
Bridging the AI model governance gap: Key findings for CISOs

Aug 18, 2025 6:54 AM

Tags: ai, ciso, governance

While most organizations understand the need for strong AI model governance, many are still struggling to close gaps that could slow adoption and increase risk. The findings … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/18/ciso-ai-model-governance/
Workday research: 75% of employees will work with artificial intelligence, but not for it

Aug 12, 2025 5:12 PM

Tags: ai, governance, intelligence, technology

Workday research finds 75% of workers like AI as a teammate, but only 30% want AI to be the boss. Trust in the technology may grow with use, but human focus, clear roles and governance are key First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366629115/Workday-research-75-of-employees-will-work-with-artificial-intelligence-but-not-for-it
Digitale Souveränität für Deutschland vorerst unerreichbar

Aug 12, 2025 12:12 PM

Tags: access, ai, bsi, chatgpt, china, cloud, computer, cyersecurity, encryption, germany, google, governance, government, hacker, injection, Internet, risk, strategy, update, usa

BSI-Präsidentin Plattner: “Wir haben technologische Abhängigkeiten an ganz vielen Stellen.” Jan WaßmuthSeine Abhängigkeit von Cloud-Lösungen, KI-Modellen und anderen Tech-Produkten aus dem Ausland wird Deutschland nach Einschätzung des Bundesamtes für Sicherheit in der Informationstechnik (BSI) so bald nicht überwinden. Da der Staat seine digitalen Systeme und Daten bis auf weiteres nicht ohne Input aus dem außereuropäischen…