Tag: governance
-
Sichere Bewältigung von Compliance-Herausforderungen bei der Datenaufbewahrung durch SaaS-Drittlösungen
Die Einhaltung von Richtlinien zur Datenaufbewahrung sind für Unternehmen unerlässlich, denn sie sorgen dafür, dass wertvolle Informationen sicher gespeichert und Branchenvorschriften egal wie komplex sie sind eingehalten werden. Diese Governance-Frameworks legen fest, wie Unternehmen sensible Daten verwalten von deren Erstellung und aktiven Nutzung bis hin zur Archivierung oder Vernichtung. Heute verlassen sich […] First seen…
-
Introducing Resource Policies for Continuous AI Security FireTail Blog
Sep 30, 2025 – Alan Fagan – AI moves fast. New models are adopted, get updated, configurations drift. Keeping track of it all is hard, and catching security issues before they become incidents can feel impossible.That is why, as part of our latest release, we’ve added Resource Policies to FireTail.Resource Policies make it simple to…
-
Databricks enters the cybersecurity arena with an AI-driven platform
A crowded field of AI Security Platforms: Databricks’ latest move puts it in competition with established security players who’ve been leaning heavily on AI-driven analytics, including Splunk (now part of Cisco), Microsoft Sentinel, Google Chronicle, and startups like Securonix. Each offers some flavors of unifying data streams, layering AI detection, and reducing analyst fatigue.For Databricks,…
-
KI-Gefahren rücken Integritätsschutz in den Mittelpunkt
Tags: ai, ciso, cloud, compliance, cyberattack, data, data-breach, DSGVO, exploit, governance, injection, LLM, ml, risk, tool, training, updateData Poisoning gefährdet die Integrität von KI-Modellen.Für CISOs reduziert KI selten die Komplexität, sondern füllt vielmehr ihre ohnehin schon volle Agenda. Neben den traditionellen Sicherheitsprioritäten müssen sie sich nun auch mit neuen KI-bedingten Risiken auseinandersetzen, etwa wenn KI-Lösungen unkontrolliert für geschäftliche Zwecke genutzt, Modelle manipuliert und neue Vorschriften nicht eingehalten werden. Eine der drängendsten Herausforderungen…
-
Ukraine’s digital chief pushes for AI-first state amid war and cyber threats
Ukraine’s deputy prime minister is betting big on artificial intelligence’s ability to shape governance, education and even the battlefield. First seen on therecord.media Jump to article: therecord.media/ukraine-ai-state-digital
-
How to Use NHI Governance as Your Central Dashboard to Monitor AWS IAM
Let’s have a look at how to integrate NHI Governance with AWS IAM to get detailed security insights into your dashboard. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/how-to-use-nhi-governance-as-your-central-dashboard-to-monitor-aws-iam/
-
Agentic AI in IT security: Where expectations meet reality
Tags: ai, api, automation, cloud, compliance, control, credentials, crowdstrike, cybersecurity, data, detection, finance, framework, gartner, google, governance, infrastructure, injection, metric, phishing, RedTeam, risk, service, siem, skills, soar, soc, software, strategy, technology, threat, tool, trainingIntegration approaches: Add-on vs. standalone: The first decision regarding AI agents is whether to layer them onto existing platforms or to implement standalone frameworks. The add-on model treats agents as extensions to security information and event management (SIEM), security orchestration, automation and response (SOAR), or other security tools, providing quick wins with minimal disruption. Standalone…
-
Agentic AI in IT security: Where expectations meet reality
Tags: ai, api, automation, cloud, compliance, control, credentials, crowdstrike, cybersecurity, data, detection, finance, framework, gartner, google, governance, infrastructure, injection, metric, phishing, RedTeam, risk, service, siem, skills, soar, soc, software, strategy, technology, threat, tool, trainingIntegration approaches: Add-on vs. standalone: The first decision regarding AI agents is whether to layer them onto existing platforms or to implement standalone frameworks. The add-on model treats agents as extensions to security information and event management (SIEM), security orchestration, automation and response (SOAR), or other security tools, providing quick wins with minimal disruption. Standalone…
-
USENIX 2025: Using Privacy Infrastructure To Kickstart AI Governance: NIST AI Risk Management Case Studies
Creators, Authors and Presenters: Katharina Koerner, Trace3; Nandita Rao Narla, DoorDash Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Enigma ’23 Conference content on the organization’s’ YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/usenix-2025-using-privacy-infrastructure-to-kickstart-ai-governance-nist-ai-risk-management-case-studies/
-
Qantas cutting CEO pay signals new era of cyber accountability
Tags: ai, attack, breach, ceo, ciso, cyber, cybersecurity, data, data-breach, finance, governance, incident, incident response, malicious, privacy, ransomware, riskWhat should CISOs and CEOs do now?: CISOs, who have historically borne the brunt of breaches and malicious cyber incidents, should take heed of this emerging trend. “Be aware of the environment and expectations today, and where they’re headed,” Redgraves’ Tully says. “Try to get out in front of that. You need to work with…
-
Cyberangriff: Britischer CoGruppe entgeht Millionengewinn
Eine Cyberattacke im April 2025 hat bei der Co-op-Gruppe zu großen Verlusten geführt.Die britische Verbrauchergenossenschaft Co-op rechnet wegen einer Cyberattacke mit entgangenen Gewinnen in Höhe von etwa 120 Millionen Pfund (rund 137 Millionen Euro) im laufenden Geschäftsjahr. Das geht aus dem jüngsten Halbjahresbericht der Co-operative Group hervor, die vor allem Supermärkte in Großbritannien betreibt, unter…
-
Cyberangriff: Britischer CoGruppe entgeht Millionengewinn
Eine Cyberattacke im April 2025 hat bei der Co-op-Gruppe zu großen Verlusten geführt.Die britische Verbrauchergenossenschaft Co-op rechnet wegen einer Cyberattacke mit entgangenen Gewinnen in Höhe von etwa 120 Millionen Pfund (rund 137 Millionen Euro) im laufenden Geschäftsjahr. Das geht aus dem jüngsten Halbjahresbericht der Co-operative Group hervor, die vor allem Supermärkte in Großbritannien betreibt, unter…
-
Cloud Security Alliance launches framework to improve SaaS security
Tags: access, business, ceo, cloud, compliance, control, firewall, framework, governance, international, Internet, monitoring, network, privacy, risk, risk-assessment, saas, zero-trustChange control and configuration managementData security and privacy lifecycle managementIdentity and access managementInteroperability and portabilityLogging and monitoringSecurity incident management, e-discovery, and cloud forensicsThese domains are designed to map high-level business requirements into tangible SaaS security features that customers can actually configure and rely on, such as log delivery, SSO enforcement, secure configuration guidelines, and incident…
-
AI coding assistants amplify deeper cybersecurity risks
Tags: access, ai, api, application-security, attack, authentication, business, ceo, ciso, cloud, compliance, control, cybersecurity, data, data-breach, detection, fintech, flaw, governance, injection, leak, LLM, metric, open-source, programming, radius, risk, risk-management, service, software, startup, strategy, threat, tool, training, vulnerability‘Shadow’ engineers and vibe coding compound risks: Ashwin Mithra, global head of information security at continuous software development firm Cloudbees, notes that part of the problem is that non-technical teams are using AI to build apps, scripts, and dashboards.”These shadow engineers don’t realize they’re part of the software development life cycle, and often bypass critical…
-
5 ways to streamline Identity Governance with this free tool
Identity Governance doesn’t have to be complex or costly. tenfold’s free Community Edition helps orgs (up to 150 users) streamline onboarding, access reviews & M365 permissions, all with a no-code IGA platform. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/5-ways-to-streamline-identity-governance-with-this-free-tool/
-
RubyGems maintainer quits after Ruby Central takes control of project
Long-time contributor Ellen Dash steps down after GitHub access shake-up and governance dispute First seen on theregister.com Jump to article: www.theregister.com/2025/09/22/ruby_central_rubygems/
-
The CISO’s guide to rolling out generative AI at scale
Tags: access, ai, best-practice, chatgpt, ciso, communications, governance, guide, jobs, lessons-learned, network, privacy, risk, technology, tool, trainingSet the stage for success Before launch, host an organization-wide lunch and learn to introduce the platform, explain the rollout’s goals, and connect the initiative to real work. This is not a marketing event; it’s an operational alignment session. Bring the vendor in to walk through the platform, show what it does, and answer questions.…
-
The CISO’s guide to rolling out generative AI at scale
Tags: access, ai, best-practice, chatgpt, ciso, communications, governance, guide, jobs, lessons-learned, network, privacy, risk, technology, tool, trainingSet the stage for success Before launch, host an organization-wide lunch and learn to introduce the platform, explain the rollout’s goals, and connect the initiative to real work. This is not a marketing event; it’s an operational alignment session. Bring the vendor in to walk through the platform, show what it does, and answer questions.…
-
Anton’s Security Blog Quarterly Q3 2025
Tags: ai, automation, breach, ciso, cloud, cyber, defense, detection, edr, google, governance, guide, metric, office, RedTeam, risk, siem, soc, software, supply-chain, threat, vulnerability, vulnerability-management, zero-trustAmazingly, Medium has fixed the stats so my blog / podcast quarterly is back to life. As before, this covers both Anton on Security and my posts from Google Cloud blog, Google Cloud community blog, and our Cloud Security Podcast (subscribe on Spotify). Gemini for docs based on this blog Top 10 posts with the most…
-
AI-powered phishing scams now use fake captcha pages to evade detection
The attack playbook: The phishing campaigns follow a familiar playbook at the outset. Victims typically receive spam emails that carry urgent, action-oriented messages such as “Password Reset Required” or “USPS Change of Address Notification”.Clicking on the embedded link doesn’t take the user directly to a credential-stealing site but instead loads what appears to be a…
-
AI-powered phishing scams now use fake captcha pages to evade detection
The attack playbook: The phishing campaigns follow a familiar playbook at the outset. Victims typically receive spam emails that carry urgent, action-oriented messages such as “Password Reset Required” or “USPS Change of Address Notification”.Clicking on the embedded link doesn’t take the user directly to a credential-stealing site but instead loads what appears to be a…
-
How to build a trustworthy AI governance roadmap aligned with ISO 42001
Future-proof AI with a governance roadmap aligned to ISO 42001. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/spons/how-to-build-a-trustworthy-ai-governance-roadmap-aligned-with-iso-42001/760415/
-
CSO Awards winners highlight security innovation and transformation
Tags: ai, attack, automation, awareness, best-practice, business, ciso, cloud, compliance, conference, control, cyber, cybersecurity, data, defense, detection, finance, flaw, framework, governance, group, guide, infrastructure, intelligence, login, malicious, metric, mitre, network, penetration-testing, phishing, privacy, programming, risk, risk-management, service, siem, skills, soc, software, technology, threat, tool, training, update, vulnerability, vulnerability-managementFSU tackles third-party risk with tighter vendor management program: Organization: Florida State UniversityProject: Third-Party Risk Management ProgramSecurity leader: Bill Hunkapiller, CISOOfficials at Florida State University wanted to ensure that data shared with outside entities was well protected. To achieve that, CISO Bill Hunkapiller and his team revamped its third-party risk management program so that the…
-
Agentic AI der neue Horror für Sicherheitsentscheider?
Tags: ai, antivirus, api, breach, ciso, compliance, cyberattack, cybersecurity, cyersecurity, detection, governance, law, mail, malware, monitoring, risk, service, supply-chain, tool, vulnerabilityKI ist mittlerweile in den meisten Unternehmen gesetzt. Im Trend liegen aktuell vor allem Systeme mit autonomen Fähigkeiten bei denen die potenziellen Sicherheitsrisiken besonders ausgeprägt sind.KI-Agenten werden im Unternehmensumfeld immer beliebter und zunehmend in Workflows und Prozesse integriert. Etwa in den Bereichen Softwareentwicklung, Kundenservice und -Support, Prozessautomatisierung oder Employee Experience. Für CISOs und ihre Teams…
-
Cybersecurity in smart cities under scrutiny
Tags: 5G, attack, breach, ciso, control, cyber, cyberattack, cybersecurity, data, detection, governance, government, infrastructure, intelligence, international, iot, monitoring, network, service, strategy, technology, tool, vulnerability, zero-trustEnrique DomÃnguez, Accenture Accenture. En la imagen, Enrique DomÃnguez.Rosa DÃaz Moles, director of public sector at S2GRUPO, also highlights smart cities’ complexity and their resulting cybersecurity issues.The digital transformation of public services involves “an accelerated convergence between IT and OT systems, as well as the massive incorporation of connected IoT devices,” she explains, which gives rise…
-
Cybersecurity in smart cities under scrutiny
Tags: 5G, attack, breach, ciso, control, cyber, cyberattack, cybersecurity, data, detection, governance, government, infrastructure, intelligence, international, iot, monitoring, network, service, strategy, technology, tool, vulnerability, zero-trustEnrique DomÃnguez, Accenture Accenture. En la imagen, Enrique DomÃnguez.Rosa DÃaz Moles, director of public sector at S2GRUPO, also highlights smart cities’ complexity and their resulting cybersecurity issues.The digital transformation of public services involves “an accelerated convergence between IT and OT systems, as well as the massive incorporation of connected IoT devices,” she explains, which gives rise…
-
What Makes an AI Governance Framework Effective?
Key Takeaways Artificial intelligence is being adopted at a remarkable pace. Enterprises now use AI in customer service, fraud detection, logistics, healthcare diagnostics, and dozens of other areas. With this adoption comes a new category of risk. AI can improve efficiency and accuracy, but it can also introduce bias, expose sensitive data, create regulatory compliance……
-
Cybersecurity in smart cities, under scrutiny
Tags: 5G, attack, breach, ciso, control, cyber, cyberattack, cybersecurity, data, detection, governance, government, infrastructure, intelligence, international, iot, monitoring, network, service, strategy, technology, tool, vulnerability, zero-trustEnrique DomÃnguez, Accenture Accenture. En la imagen, Enrique DomÃnguez.Rosa DÃaz Moles, director of public sector at S2GRUPO, also highlights smart cities’ complexity and their resulting cybersecurity issues.The digital transformation of public services involves “an accelerated convergence between IT and OT systems, as well as the massive incorporation of connected IoT devices,” she explains, which gives rise…