Tag: governance
-
Is the CISO role broken?
Short tenures breed long-term failure: But tenures have remained low. Several articles every year place the average CISO tenure in the region at two to three years, and that matches my own field experience.You do not achieve much in terms of transformative impact in any large firm in two to three years.In fact, many CISOs…
-
Is the CISO role broken?
Short tenures breed long-term failure: But tenures have remained low. Several articles every year place the average CISO tenure in the region at two to three years, and that matches my own field experience.You do not achieve much in terms of transformative impact in any large firm in two to three years.In fact, many CISOs…
-
SailPoint stellt neue Studie -Horizons of Identity Security- vor
Die Ergebnisse aus vier Jahren Horizons-Studie zeigen: Die Anforderungen an die Reife sind kontinuierlich angestiegen von manuellem IAM über Automatisierung bis hin zur Governance von KI-Agenten und adaptiver Vertrauensbildung. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sailpoint-stellt-neue-studie-horizons-of-identity-security-vor/a41921/
-
Don’t let outdated IGA hold back your security, compliance, and growth
Identity Governance & Administration (IGA) is critical to keeping data secure, ensuring only the right people have access to the right resources. But legacy IGA is slow, costly, and code-heavy. Learn from tenfold why Modern IGA solutions deliver faster out-of-the-box integrations, streamlined governance, and built-in compliance. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/dont-let-outdated-iga-hold-back-your-security-compliance-and-growth/
-
The Full Lifecycle Imperative: Why >>Shift Left<>Shift Right<<
Tags: access, ai, api, attack, authentication, automation, business, cloud, compliance, data, detection, framework, governance, HIPAA, mitre, nist, PCI, risk, siem, strategy, threat, tool, vulnerability, wafIn this series, we examined the vital connection between AI and APIs, highlighting what makes a leader in the API security market through the 2025 KuppingerCole Leadership Compass. Now, we turn to the core strategy of true API security: the full-lifecycle approach, where security is a continuous, integrated process rather than a single action. The…
-
Data masking and data governance: Ensuring data integrity
Safeguarding data is a fundamental function of data governance”, and that extends to the data used by developers. But how do you maintain test data utility when masking sensitive information? First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/data-masking-and-data-governance-ensuring-data-integrity/
-
Governance-Driven Automation: How Flowable Is Redefining Digital Process Management
A newly published independent research report highlights Flowable’s rise in the digital process automation market. Built on open-source… First seen on hackread.com Jump to article: hackread.com/governance-driven-automation-flowable-process-management/
-
Shadow AI Discovery: A Critical Part of Enterprise AI Governance
The Harsh Truths of AI AdoptionMITs State of AI in Business report revealed that while 40% of organizations have purchased enterprise LLM subscriptions, over 90% of employees are actively using AI tools in their daily work. Similarly, research from Harmonic Security found that 45.4% of sensitive AI interactions are coming from personal email accounts, where…
-
JFrog extends DevSecOps playbook to AI governance
The software security specialist is leveraging its capabilities in DevSecOps to address security, data provenance and bias in AI models First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366630049/JFrog-extends-DevSecOps-playbook-to-AI-governance
-
Agentic AI: A CISO’s security nightmare in the making?
Tags: access, ai, antivirus, api, attack, automation, ciso, compliance, cybersecurity, data, defense, detection, email, endpoint, exploit, framework, governance, law, leak, malicious, malware, open-source, privacy, risk, service, strategy, supply-chain, tool, vulnerabilityFree agents: Autonomy breeds increased risks: Agentic AI introduces the ability to make independent decisions and act without human oversight. This capability presents its own cybersecurity risk by potentially leaving organizations vulnerable.”Agentic AI systems are goal-driven and capable of making decisions without direct human approval,” Joyce says. “When objectives are poorly scoped or ambiguous, agents…
-
CCSP certification: Exam, cost, requirements, training, salary
Tags: access, application-security, best-practice, china, cloud, compliance, computer, credentials, cybersecurity, data, governance, infosec, infrastructure, jobs, risk, skills, training, usaCCSP vs. CISSP: ISC2 also offers the Certified Information Systems Security Professional (CISSP) certification aimed at upper-level security pros with industry experience. The biggest difference between these two certifications is that the CISSP exam draws from a much broader and more general pool of security knowledge, as it is meant to show that you can design,…
-
Chinesische Hackergruppe Salt Typhoon greift weltweit (Telekommunikations-)Unternehmen an
Die US National Security Agency (NSA) und andere US-amerikanische und ausländische Organisationen (z.B. das BSI) haben eine Sicherheitswarnung herausgegeben. Cybergruppen wie Salt Typhoon, die von der chinesischen Regierung unterstützt werden, greifen weltweit Netzwerke in den Bereichen Telekommunikation, Regierung, Transport, Beherbergung … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/08/28/chinesische-hackergruppe-salt-typhoon-greift-weltweit-telekom-unternehmen-an/
-
Qualys erhält höchste US-Cloud Sicherheitszertifizierung FedRAMP High ATO
Die FedRAMP High Autorisierung unterstreicht unsere erheblichen Investitionen in erstklassige Sicherheit und bekräftigt unser Engagement als vertrauenswürdiger Partner, um den Auftrag der US-Regierung zur Stärkung der Cybersicherheit voranzubringen First seen on infopoint-security.de Jump to article: www.infopoint-security.de/qualys-erhaelt-hoechste-us-cloud-sicherheitszertifizierung-fedramp-high-ato/a41812/
-
Regierung plant stärkere Cyberabwehr
Die Bundesregierung will Ende des Jahres einen Gesetzentwurf vorlegen, der die Cyberabwehr in Deutschland stärken soll.Die Bundesregierung hat ein entschiedeneres Vorgehen gegen Sicherheitsbedrohungen im digitalen Raum angekündigt. Wie Regierung und Bundesinnenministerium mitteilten, beschloss das Kabinett entsprechende Eckpunkte zur Erhöhung der Cybersicherheit.Das Innenministerium plant demnach, bis Ende des Jahres einen Gesetzentwurf vorzulegen, der den Sicherheitsbehörden mehr…
-
Chinesische Telekom-Hacker in 80 Ländern aktiv
Laut FBI hat es die chinesische Hackergruppe “Salt Typhoon” auf mindestens 80 Länder abgesehen.Die mutmaßlich chinesischen Hacker, die Telekommunikations-Anbieter in den USA ausspähten, greifen rund um die Welt an. Die US-Bundespolizei FBI informierte im Zuge mindestens 80 Länder, in denen Aktivität der Gruppe “Salt Typhoon” festgestellt worden sei. Eine ausführliche Beschreibung der Vorgehensweise der Hacker…
-
The CISO succession crisis: why companies have no plan and how to change that
The technical-to-strategic divide: One major obstacle keeping many mid-level security pros from becoming CISOs isn’t their tech skills, it’s learning to shift from doing hands-on security work to acting as strategic business partners. That change takes a whole new set of skills and a different way of thinking.”I think you see this with a lot…
-
Chinesische Hackergruppe Salt Typhoon greift weltweit (Telekom-)Unternehmen an
Die US National Security Agency (NSA) und andere US-amerikanische und ausländische Organisationen (z.B. das BSI) haben eine Sicherheitswarnung herausgegeben. Cybergruppen wie Salt Typhoon, die von der chinesischen Regierung unterstützt werden, greifen weltweit Netzwerke in den Bereichen Telekommunikation, Regierung, Transport, Beherbergung … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/08/28/chinesische-hackergruppe-salt-typhoon-greift-weltweit-telekom-unternehmen-an/
-
Cyber-Dome: Bundesregierung plant stärkere Cyberabwehr
Die Pläne zu einer besseren Cyberabwehr sind noch sehr vage. Ein Gesetzentwurf von Alexander Dobrindt soll bis Ende 2025 kommen. First seen on golem.de Jump to article: www.golem.de/news/cyber-dome-bundesregierung-plant-staerkere-cyberabwehr-2508-199572.html
-
SailPoint bringt neue Lösung für Anwendungsintelligenz und Governance
Unternehmen benötigen nicht nur schnelleres Onboarding sie brauchen eine intelligentere Grundlage für langfristige Resilienz und Wachstum. urch die Integration von Intelligenz ins Anwendungsmanagement können Organisationen mehr Assets schützen, schneller wachsen und Identität gezielt als Motor für agile Geschäftsmodelle nutzen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sailpoint-bringt-neue-loesung-fuer-anwendungsintelligenz-und-governance/a41810/
-
5 ways to improve cybersecurity function while spending less
Tags: advisory, ai, authentication, ceo, ciso, control, cyber, cybersecurity, firewall, governance, incident response, mfa, microsoft, middle-east, risk, scam, service, siem, skills, soc, technology, threat, tool, training, windows2. Focus on people and processes: “Teamwork and influential leadership are pivotal in Orange County. We work side-by-side as extensions across our departments. We can’t all do everything, and we don’t want to reinvent the wheel. We shoulder the burden together, revisit existing initiatives, and reduce that tech debt,” Cheramie explains. “That’s how you do…
-
Microsoft’s New AI Risk Assessment Framework A Step Forward
Microsoft recently introduced a new framework designed to assess the security of AI models. It’s always encouraging to see developers weaving cybersecurity considerations into the design and deployment of emerging, disruptive technologies. Stronger security reduces the potential for harmful outcomes”Š”, “Šand that’s a win for everyone. It is wonderful to see that Microsoft leveraged its…
-
NIS2 und der Mittelstand: Zwischen Pflicht und Praxis
Tags: ai, ceo, compliance, cybersecurity, cyersecurity, dora, fortinet, germany, governance, healthcare, international, network, nis-2, resilience, risk, risk-analysis, risk-management, service, software, strategy, supply-chain, zero-trustNeue EU-Vorgaben wie DORA und NIS2 setzen Unternehmen unter Zugzwang bieten aber gleichzeitig die Chance, IT-Sicherheit strategisch neu zu denken.Wem das noch nicht Grund genug ist, sich mit der Resilienz und IT-Sicherheit des eigenen Unternehmens zu befassen, hat aus Richtung der Europäischen Union in den letzten Monaten noch einmal etwas Zusatzmotivation erhalten. Während von dem…
-
NIS2 und der Mittelstand: Zwischen Pflicht und Praxis
Tags: ai, ceo, compliance, cybersecurity, cyersecurity, dora, fortinet, germany, governance, healthcare, international, network, nis-2, resilience, risk, risk-analysis, risk-management, service, software, strategy, supply-chain, zero-trustNeue EU-Vorgaben wie DORA und NIS2 setzen Unternehmen unter Zugzwang bieten aber gleichzeitig die Chance, IT-Sicherheit strategisch neu zu denken.Wem das noch nicht Grund genug ist, sich mit der Resilienz und IT-Sicherheit des eigenen Unternehmens zu befassen, hat aus Richtung der Europäischen Union in den letzten Monaten noch einmal etwas Zusatzmotivation erhalten. Während von dem…
-
Need help with AI safety? Stay ahead of risks with these tools and frameworks
Tags: advisory, ai, best-practice, business, cloud, compliance, conference, control, cybersecurity, finance, framework, governance, government, group, healthcare, intelligence, microsoft, privacy, resilience, risk, service, skills, strategy, technology, toolComprehensive AI readiness lists for organizations to evaluate how prepared they really are for AI.Usage guidelines that align with existing security and governance practices.Strategies for how to tackle AI ethical risks like bias and transparency.AI security instructions for how to use AI safely to strengthen cybersecurity.Attack resilience guidelines for understanding how AI systems can be…
-
Meet the unsung silent hero of cyber resilience you’ve been ignoring
Tags: ai, blockchain, compliance, computing, cyber, cybersecurity, defense, detection, dora, framework, GDPR, governance, infrastructure, iot, monitoring, network, PCI, regulation, resilience, technology, toolFixing this isn’t complicated. It just needs your focused attention: First, secure your sources. Forget public NTP servers from dubious origins. Instead, choose authenticated and secure protocols, such as NTP or Network Time Security (NTS). These protocols offer encrypted and tamper-resistant synchronization, ensuring that your clocks can’t be easily spoofed.Next, redundancy matters. Don’t rely on…
-
How AI is reshaping cybersecurity operations
Tags: access, ai, attack, business, ciso, cloud, control, cyber, cybersecurity, data, defense, detection, encryption, finance, gartner, governance, guide, hacker, infrastructure, intelligence, jobs, malware, microsoft, monitoring, phishing, regulation, resilience, risk, sans, service, skills, soc, strategy, supply-chain, technology, threat, tool, training, updateBecause AI can perform tasks at speeds that supersede human capacity, it exponentially scales the amount of work that a cybersecurity function can do, says Rob T. Lee, chief of research for AI and emerging threats and head of faculty at SANS Institute.Moreover, AI excels at doing repetitive tasks near perfectly every time, so it…