Collecting Cyber-News from over 60 sources

Tag: governance

Anschlag in Magdeburg: Bundesregierung ändert Haltung zur Vorratsdatenspeicherung

Dec 31, 2024 2:27 PM

Tags: governance

SPD und Grüne ändern ihre Haltung zur Vorratsdatenspeicherung. Zuvor hatten Bundesländer und Unionsfraktion deren Einführung gefordert. First seen on golem.de Jump to article: www.golem.de/news/anschlag-in-magdeburg-bundesregierung-aendert-haltung-zur-vorratsdatenspeicherung-2412-192050.html
Blown the cybersecurity budget? Here are 7 ways cyber pros can save money

Dec 30, 2024 8:44 AM

Tags: access, advisory, ai, automation, business, cio, ciso, cloud, control, cyber, cybersecurity, finance, governance, group, guide, infrastructure, intelligence, international, jobs, office, risk, service, skills, software, strategy, technology, threat, tool, training, vulnerability, vulnerability-management

It’s hard to find a CISO or cybersecurity leader who has the money they need to pay for all the work they want to do.A majority of CISOs (57%) said they expect to see an increase in their cybersecurity budgets over the next one to two years, according to Deloitte’s Global Future of Cyber Report,…
Gain Relief with Strategic Secret Governance

Dec 29, 2024 12:43 AM

Tags: cybersecurity, governance, strategy, threat, vulnerability

Why is Efficient Secret Governance Essential? Have you ever pondered the importance of strategic secret governance and what it means to your cybersecurity strategy? In the evolving landscape of threats and vulnerabilities, it’s essential to consider new facets of security, such as managing Non-Human Identities (NHIs) and secrets. NHIs are machine identities used in cybersecurity,……
Data protection challenges abound as volumes surge and threats evolve

Dec 27, 2024 7:43 AM

Tags: access, ai, authentication, awareness, ciso, cloud, compliance, control, credentials, cryptography, cybersecurity, data, email, encryption, endpoint, firewall, framework, google, governance, guide, hacker, identity, intelligence, Internet, LLM, mfa, mobile, monitoring, network, office, phishing, phone, risk, risk-assessment, risk-management, saas, strategy, tactics, technology, theft, threat, tool, unauthorized, update, vulnerability

In the global digital economy, data is the most important asset organizations must protect from theft and damage. CISOs are fundamentally guardians of that asset, obligated to keep it secure and available to relevant users when and where they need it.”Every company has become a data company in this day and age; even if you’re…
Salt Security Tackles API Risks with AI-Powered Innovations

Dec 26, 2024 4:43 PM

Tags: ai, api, automation, ceo, governance, risk, threat

CEO Roey Eliyahu on Using AI to Simplify API Security. Salt Security CEO Roey Eliyahu highlights innovations such as Pepper, an AI-based assistant for API discovery and rapid threat response. The platform helps reduce expertise requirements and simplify API security through governance automation and advanced analytics. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/salt-security-tackles-api-risks-ai-powered-innovations-a-27141
Russia fires its biggest cyberweapon against Ukraine

Dec 20, 2024 12:42 PM

Tags: access, attack, breach, cisa, communications, country, cyber, cyberattack, defense, email, governance, government, group, incident response, infrastructure, intelligence, microsoft, mitigation, mobile, risk, russia, service, strategy, threat, ukraine, vulnerability, warfare

Ukraine has faced one of the most severe cyberattacks in recent history, targeting its state registries and temporarily disrupting access to critical government records.Ukrainian Deputy Prime Minister Olga Stefanishyna attributed the attack to Russian operatives, describing it as an attempt to destabilize the country’s vital digital infrastructure amid the ongoing war.”It’s already clear that the…
SailPoint Buys Imprivata IGA Assets to Boost Healthcare

Dec 19, 2024 9:46 PM

Tags: cloud, governance, healthcare, identity, saas

Identity Governance Acquisition Expands SailPoint’s Healthcare Portfolio Globally. The acquisition of Imprivata’s identity governance portfolio marks a pivotal move for SailPoint in strengthening healthcare identity security globally, leveraging cloud solutions, exclusive partnerships and advanced SaaS offerings to address market complexities. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/sailpoint-buys-imprivata-iga-assets-to-boost-healthcare-a-27105
The MSP Opportunity in Generative AI Governance

Dec 18, 2024 9:43 PM

Tags: ai, governance, msp

First seen on scworld.com Jump to article: www.scworld.com/perspective/the-msp-opportunity-in-generative-ai-governance
Identities Do Not Exist in a Vacuum: A View on Understanding Non-Human Identities Governance

Dec 18, 2024 7:43 PM

Tags: governance

The future of eliminating secrets sprawl means getting a handle on the lifecycles and interdependencies of the non-human identities that rely on secrets. Learn how to implement these NHI security measures at scale. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/identities-do-not-exist-in-a-vacuum-a-view-on-understanding-non-human-identities-governance/
AI Regulation Gets Serious in 2025 Is Your Organization Ready?

Dec 18, 2024 12:42 PM

Tags: ai, compliance, framework, governance, regulation

While the challenges are significant, organizations have an opportunity to build scalable AI governance frameworks that ensure compliance while enabling responsible AI innovation. The post AI Regulation Gets Serious in 2025 Is Your Organization Ready? appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/ai-regulation-gets-serious-in-2025-is-your-organization-ready/
Meta hit with $263 million fine in Europe over 2018 data breach

Dec 18, 2024 11:42 AM

Tags: access, breach, business, ceo, cio, compliance, cyber, data, data-breach, exploit, finance, framework, GDPR, governance, incident response, law, privacy, regulation, risk, technology, threat, unauthorized, vulnerability

Meta has been fined $263.5 million (Euro251 million) by Ireland’s Data Protection Commission (DPC) for a 2018 Facebook security breach that exposed the sensitive data of 29 million users globally.The breach exploited a vulnerability in Facebook’s “view as” feature, which allows users to view their profiles as others would see them.The exploit enabled unauthorized access…
Das Tempo zieht an: Technologietrends 2025

Dec 18, 2024 6:42 AM

Tags: ai, governance

In einer Welt, die sich mit atemberaubender Geschwindigkeit verändert, steht der Technologiesektor vor einem entscheidenden Wendepunkt. Das Jahr 2024 erlebte den Übergang von KI-Experimenten zur alltäglichen Anwendung, doch 2025 wird uns vor eine noch größere Herausforderung stellen: die Balance zwischen rasanter Innovation und robuster Sicherheit. Unternehmen sind zunehmend nicht mehr in der Lage, angemessene Governance-Strukturen……
Das ungenutzte Potenzial von Identity Governance and Administration Mehr als ein technisches Werkzeug

Dec 18, 2024 5:42 AM

Tags: governance, identity

Früher war es der Wachmann am Eingang, heute schützt Identity Management Unternehmen vor unerwünschten Eindringlingen. Doch trotz der steigenden Verbreitung von IGA-Systemen, schöpfen nur wenige Unternehmen die Möglichkeiten der Technologie aus. Denn der Schlüssel zu einem erfolgreichen IGA-Einsatz offenbart sich erst, wenn man die positiven Nebeneffekte kennt, die IGA auf die gesamte Unternehmensinfrastruktur hat. First…
Lesson from latest SEC fine for not completely disclosing data breach details: ‘Be truthful’

Dec 18, 2024 5:42 AM

Tags: attack, breach, business, cio, ciso, cloud, compliance, control, corporate, credentials, cyber, cybersecurity, data, data-breach, email, finance, governance, government, group, incident, law, monitoring, network, risk, software, theft, threat, unauthorized

A $3.55 million civil penalty levied this week by a US financial regulator against a Michigan bank for filing misleading statements about the theft of 1.5 million people’s data is a reminder to leaders of all organizations to be upfront about cyber incidents.”The message is, ‘Be truthful with your disclosures,’” said Bob Zukis, executive director…
US Congressional Task Force Offers Roadmap for AI Governance

Dec 17, 2024 11:42 PM

Tags: ai, governance, law, privacy, regulation

Lawmakers Urge Washington to Adapt Current Laws to Avoid Duplication. The bipartisan House Task Force on AI released a final report Tuesday urging Congress to adopt an agile, incremental approach to AI policy, avoid duplicative regulations, support AI talent pathways and ensure privacy and transparency in AI governance while addressing its growing energy demands. First…
Seamless API Threat Detection and Response: Integrating Salt Security and CrowdStrike NG-SIEM

Dec 17, 2024 3:44 PM

Tags: api, attack, business, compliance, crowdstrike, data, ddos, defense, detection, governance, incident response, injection, intelligence, malicious, mitigation, monitoring, risk, risk-management, siem, strategy, threat, vulnerability

APIs are essential for modern digital business operations, enabling smooth connectivity and data exchange between applications. However, the growing dependence on APIs has unintentionally widened the attack surface, making strong API security a vital concern for organizations. Traditional security measures often prove inadequate in effectively safeguarding this changing landscape. To address this challenge, integrating specialized…
Data Governance in DevOps: Ensuring Compliance in the AI Era

Dec 16, 2024 12:42 PM

Tags: ai, compliance, data, governance, intelligence, programming, software

With the evolution of modern software development, CI/CD pipeline governance has emerged as a critical factor in maintaining both agility and compliance. As we enter the age of artificial intelligence (AI), the importance of robust pipeline governance has only intensified. With that said, we’ll explore the concept of CI/CD pipeline governance and why it’s vital,…
Security leaders top 10 takeaways for 2024

Dec 16, 2024 8:42 AM

Tags: access, ai, attack, automation, best-practice, breach, business, ciso, cloud, compliance, corporate, crowdstrike, cybercrime, cybersecurity, data, deep-fake, detection, email, finance, fraud, governance, group, guide, hacker, identity, incident response, infosec, ISO-27001, office, okta, phishing, privacy, programming, regulation, risk, risk-management, saas, security-incident, service, software, startup, strategy, technology, threat, tool, training, vulnerability

This year has been challenging for CISOs, with a growing burden of responsibility, the push to make cybersecurity a business enabler, the threat of legal liability for security incidents, and an expanding attack landscape.As the year comes to a close, CISOs reflect on some of the takeaways that have shaped the security landscape in 2024.…
Cloud Access Security Broker ein Kaufratgeber

Dec 16, 2024 5:42 AM

Tags: access, ai, api, authentication, cisco, cloud, compliance, control, cyberattack, data, detection, endpoint, exploit, gartner, governance, intelligence, mail, malware, microsoft, monitoring, network, phishing, ransomware, risk, saas, service, software, startup, threat, tool, zero-day, zero-trust
API Security is Not a Problem You Can Solve at the Edge

Dec 13, 2024 4:07 PM

Tags: access, ai, api, attack, compliance, control, corporate, credentials, data, data-breach, defense, detection, endpoint, finance, firewall, governance, hacker, healthcare, HIPAA, infrastructure, intelligence, mobile, monitoring, network, regulation, risk, service, strategy, threat, tool, unauthorized, vulnerability, waf

In today’s interconnected digital ecosystems, traditional security mechanisms like Web Application Firewalls (WAFs), API gateways, and Content Delivery Networks (CDNs) act as enforcement points. Think of them as bouncers at the entrance of a high-profile nightclub”, they decide who gets in and who doesn’t. However, relying solely on these edge solutions to secure APIs is…
How to turn around a toxic cybersecurity culture

Dec 13, 2024 11:05 AM

Tags: access, advisory, attack, authentication, awareness, business, ciso, compliance, control, cyber, cybersecurity, data, governance, group, guide, healthcare, jobs, password, phishing, risk, sans, service, strategy, technology, threat, training, vulnerability, zero-trust

A toxic cybersecurity culture affects team turnover, productivity, and morale. Worse yet, it places enterprise systems and data at risk.In a toxic cybersecurity culture, everybody believes that cybersecurity is somebody else’s job, says Keri Pearlson, executive director for Cybersecurity at MIT Sloan (CAMS), a research consortium focusing on cybersecurity leadership and governance issues. “They don’t…
A Critical Guide to PCI Compliance

Dec 12, 2024 6:05 PM

Tags: access, best-practice, breach, business, cloud, compliance, container, control, credit-card, data, data-breach, detection, encryption, finance, gartner, governance, guide, Hardware, ibm, monitoring, network, PCI, ransomware, risk, service, software, strategy, threat, tool, unauthorized

A Critical Guide to PCI Compliance madhav Thu, 12/12/2024 – 13:28 You are shopping online, adding items to your cart, and you’re ready to pay with your credit card. You expect that when you hit “Checkout,” your payment details will be safe. This sense of trust exists thanks largely to PCI DSS”, the Payment Card…
Die wichtigsten Cybersecurity-Prognosen für 2025

Dec 12, 2024 5:05 PM

Tags: access, ai, apple, apt, cloud, cyberattack, cybercrime, cybersecurity, cyersecurity, data, deep-fake, governance, incident response, jobs, kritis, malware, military, mobile, nis-2, ransomware, service, software, stuxnet, supply-chain
The 7 most in-demand cybersecurity skills today

Dec 12, 2024 12:05 PM

Tags: access, ai, api, application-security, attack, backup, best-practice, breach, business, cloud, compliance, computing, control, cyber, cyberattack, cybersecurity, data, defense, encryption, exploit, framework, gartner, GDPR, google, governance, grc, group, hacker, Hardware, healthcare, incident response, infrastructure, injection, intelligence, jobs, LLM, malicious, mitigation, ml, network, penetration-testing, phishing, privacy, ransomware, risk, risk-analysis, risk-assessment, risk-management, saas, service, skills, social-engineering, software, spear-phishing, strategy, technology, threat, tool, training, update, vulnerability, zero-trust

Cybersecurity teams find themselves understaffed, overburdened, and rushing to keep up with a rapidly changing threat landscape, as cyberattackers continually devise new ways to attack organizations, and organizations accelerate their embrace of the latest technologies.As a result, security professionals must continually upskill themselves to ensure they keep pace with organizations’ latest skill demands. Unfortunately, deciding…
Shaping effective AI governance is about balancing innovation with humanity

Dec 12, 2024 7:05 AM

Tags: ai, ciso, governance

In this Help Net Security interview, Ben de Bont, CISO at ServiceNow, discusses AI governance, focusing on how to foster innovation while ensuring responsible oversight. He … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/12/ben-de-bont-servicenow-ai-governance/
Anton’s Security Blog Quarterly Q4 2024

Dec 11, 2024 5:36 AM

Tags: ai, automation, ciso, cloud, cyber, defense, detection, edr, google, governance, incident response, metric, office, security-incident, siem, soc, threat, vulnerability, vulnerability-management, zero-trust

Amazingly, Medium has fixed the stats so my blog/podcast quarterly is back to life. As before, this covers both Anton on Security and my posts from Google Cloud blog, and our Cloud Security Podcast (subscribe). Meta AI creation, steampunk theme Top 10 posts with the most lifetime views (excluding paper announcement blogs): Security Correlation Then…
Interview mit HiScout Lässt sich GRC noch ohne ein ganzheitliches Tool umsetzen?

Dec 9, 2024 3:07 PM

Tags: business, compliance, governance, grc, risk, tool

Das Management von Governance, Risk und Compliance, kurz GRC, wurde in der Vergangenheit oftmals separat betrachtet und noch viel eklatanter via Listen abgehakt. Netzpalaver sprach via Remote-Session mit Sascha Kreutziger, Leiter Business Development bei HiScout, wie sich die Unternehmens-Anforderungen an Business-Continuity und den Datenschutz, insbesondere über Abteilungen hinweg mit der effizient umsetzen […] First seen…
Haben die Russen die Wahl in Rumänien manipuliert?

Dec 9, 2024 10:07 AM

Tags: computer, cyberattack, cybercrime, cyersecurity, governance, government, infrastructure, injection, intelligence, Internet, sql, vulnerability
Gen AI use cases rising rapidly for cybersecurity, but concerns remain

Dec 9, 2024 8:07 AM

Tags: ai, attack, automation, awareness, ceo, ciso, compliance, control, cybersecurity, data, detection, finance, framework, fraud, GDPR, governance, grc, group, guide, Hardware, HIPAA, incident response, intelligence, international, malware, middle-east, monitoring, phishing, privacy, RedTeam, regulation, risk, risk-assessment, risk-management, soc, software, strategy, technology, threat, tool, training, usa

Generative AI is being embedded into security tools at a furious pace as CISOs adopt the technology internally to automate manual processes and improve productivity. But research also suggests this surge in gen AI adoption comes with a fair amount of trepidation among cybersecurity professionals, which CISOs must keep in mind when weaving gen AI…
Die besten Hacker-Filme

Dec 6, 2024 5:48 AM

Tags: backdoor, computer, cyber, cybercrime, dark-web, germany, governance, government, hacker, intelligence, Internet, malware, marketplace, usa