Tag: governance
-
2026: Die KI-Revolution geht weiter und wird noch schneller
Im Jahr 2026 wird die KI-Revolution weiter beschleunigen und Unternehmen sowie ganze Branchen grundlegend verändern, wobei resiliente und flexible Infrastrukturen entscheidend für den Erfolg sind. Governance-Frameworks werden immer wichtiger, um Stabilität und Kontrolle im KI-Ökosystem zu gewährleisten, während Datenmanagement als zentrales Rückgrat für Innovationen dient. Agentenbasierte KI-Systeme übernehmen zunehmend operative Aufgaben, optimieren Prozesse in Echtzeit……
-
Critical vulnerability in IBM API Connect could allow authentication bypass
Tags: api, authentication, control, exploit, flaw, governance, ibm, mitigation, monitoring, radius, resilience, service, software, update, vmware, vulnerabilityInterim fixes provided: IBM said that the issue was discovered during internal testing, and it has provided interim fixes for each affected version of the software, with individual update details for VMware, OCP/CP4I, and Kubernetes.The only mitigation suggested for the flaw, according to IBM’s security bulletin, is this: “Customers unable to install the interim fix…
-
Governance und Technik sichern KI-generierten Code – KI-Coding-Tools steigern Produktivität und das Risiko gleichermaßen
First seen on security-insider.de Jump to article: www.security-insider.de/ki-coding-risiko-produktivitaet-a-58baba6d765452f24331dc77086d7ef2/
-
So geht Post-Incident Review
Post-Incident Reviews können dazu beitragen, die richtigen Lehren aus Sicherheitsvorfällen zu ziehen wenn sie richtig aufgesetzt sind.Angenommen, Ihr Unternehmen wird von Cyberkriminellen angegriffen, kommt dabei aber mit einem blauen Auge davon, weil die Attacke zwar spät, aber noch rechtzeitig entdeckt und abgewehrt werden konnte ohne größeren Business Impact. Jetzt einfach wie bisher weiterzumachen und die…
-
Bundesregierung: Behördendomains als Geheimsache und Schadcodeverteiler
Tags: governanceWas passiert, wenn Ministerien und Behörden ihren Namen ändern und frühere Domains verwaisen? Ein Sicherheitsforscher stieß auf unerwartete Ergebnisse. First seen on golem.de Jump to article: www.golem.de/news/bundesregierung-behoerdendomains-als-geheimsache-und-schadcodeverteiler-2512-203655.html
-
Welche Compliance-Risiken beschert KI deutschen Unternehmen Vom Regelhüter zum Risikonavigator
Das Interview mit Oliver Riehl, Regional Vice President DACH bei NAVEX, beleuchtet die Herausforderungen und Chancen, die künstliche Intelligenz (KI) für deutsche Unternehmen im Bereich Compliance mit sich bringt. Riehl betont, dass KI helfen kann, Ordnung in die wachsende Komplexität der Regularien zu bringen, jedoch eine gute Governance und klare Richtlinien erforderlich sind, um effektiv…
-
CERN: how does the international research institution manage risk?
Tags: access, ai, business, compliance, control, cyber, cybersecurity, defense, framework, governance, group, international, iot, LLM, network, risk, service, strategy, technology, toolStefan Lüders and Tim Bell of CERN. CERNEmploying proprietary technology can introduce risks, according to Tim Bell, leader of CERN’s IT governance, risk and compliance section, who is responsible for business continuity and disaster recovery. “If you’re a visitor to a university, you’ll want to bring your laptop and use it at CERN. We can’t…
-
US Energy Dept Flags AI, Cyber Gaps as Top Risks for 2026
New Report Says DOE Cyber and AI Governance Is Lagging Behind Rapid Deployment. An inspector general report warns the Department of Energy’s rapid expansion of artificial intelligence and decentralized cybersecurity controls has outpaced governance, limiting enterprise visibility and exposing critical infrastructure to persistent threats from state-backed and criminal actors. First seen on govinfosecurity.com Jump to…
-
Governance maturity defines enterprise AI confidence
AI security has reached a point where enthusiasm alone no longer carries organizations forward. New Cloud Security Alliance research shows that governance has become the main … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/24/csa-ai-security-governance-report/
-
ServiceNow’s $7.75 billion cash deal for Armis illustrates shifting strategies
Tags: access, ai, attack, authentication, automation, business, ceo, cio, ciso, computing, control, cyber, governance, identity, incident response, intelligence, iot, risk, service, strategy, tool, update, vulnerabilityVisibility is the key: “For decades, the CIO’s white whale has been a precise, real-time Configuration Management Database [CMDB]. Most are outdated the moment they are populated,” said Whisper Security CEO Kaveh Ranjbar. The Armis acquisition “is an admission that in an era of IoT, OT, and edge computing, you cannot rely on manual entry…
-
We Asked the Experts: 2026 Predictions
Once again, it’s predictions season. We spoke to experts from across the cybersecurity industry about what the future of cyber may look like as we head into 2026. From AI ethics and API governance to the UK’s Cyber Security and Resilience Bill and exponentially increasing threats, there’s set to be a big shake up to…
-
Why outsourced cyber defenses create systemic risks
Tags: access, ai, attack, backdoor, breach, business, ciso, cloud, compliance, corporate, cyber, cybercrime, cybersecurity, data, defense, detection, dora, exploit, finance, framework, GDPR, governance, government, hacker, healthcare, infrastructure, law, malicious, monitoring, moveIT, msp, nis-2, ransomware, regulation, resilience, risk, software, strategy, supply-chain, threat, tool, vulnerability, zero-trustRisk categories of outsourced IT & cybersecurity: When you outsource, responsibility shifts, but accountability never leaves you. The risks fall into clear categories. Operational risks The most basic risk is fragile continuity. In 2017, British Airways outsourced parts of its IT operations. A system outage grounded flights worldwide. The vendor contract delivered savings, but it…
-
Der Aufstieg des Chief Trust Officers: Wo passt der CISO hinein?
Tags: ai, ceo, cio, ciso, compliance, cyersecurity, finance, governance, grc, office, risk, risk-management, soc, software, vulnerabilityDer Chief Trust Officer steht für einen Wandel von der Verteidigung von Systemen hin zur Sicherung der Glaubwürdigkeit.Immer mehr Unternehmen heben Vertrauen als Unterscheidungsmerkmal für ihr Geschäft hervor. Durch Datenschutzverletzungen, Bedenken hinsichtlich der Produktsicherheit und Unsicherheiten in Bezug auf künstliche Intelligenz hat das Vertrauen der Kunden in den vergangenen Jahren stark gelitten.Wie aus dem Edelman…
-
Gesetzentwurf zu Vorratsdatenspeicherung: Neuer Anlauf für den digitalen Zombie
Die Regierung startet einen neuen Anlauf zur anlasslosen Speicherung von Verbindungsdaten. Die IT-Wirtschaft kritisiert die Pläne als unverhältnismäßig. First seen on golem.de Jump to article: www.golem.de/news/gesetzentwurf-veroeffentlicht-regierung-treibt-vorratsdatenspeicherung-voran-2512-203533.html
-
Bundesregierung: Nutzung von Datenbrokern ist Staatsgeheimnis
Tags: governanceDie Bundesregierung will keine Angaben dazu machen, bei welchen Firmen deutsche Sicherheitsbehörden Nutzerdaten einkaufen. First seen on golem.de Jump to article: www.golem.de/news/bundesregierung-nutzung-von-datenbrokern-ist-staatsgeheimnis-2512-203514.html
-
Cybersecurity Snapshot: Cyber Pros Emerge as Bold AI Adopters, While AI Changes Data Security Game, CSA Reports Say
Tags: advisory, ai, api, attack, awareness, business, cloud, compliance, control, credit-card, crime, crimes, crypto, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, framework, google, governance, guide, healthcare, injection, intelligence, law, LLM, lockbit, malicious, metric, mitigation, monitoring, network, office, openai, ransom, ransomware, risk, risk-management, service, skills, sql, threat, tool, training, update, vulnerabilityFormerly “AI shy” cyber pros have done a 180 and become AI power users, as AI forces data security changes, the CSA says. Plus, PwC predicts orgs will get serious about responsible AI usage in 2026, while the NCSC states that, no, prompt injection isn’t the new SQL injection. And much more! Key takeaways Cyber…
-
Cybersecurity Snapshot: Cyber Pros Emerge as Bold AI Adopters, While AI Changes Data Security Game, CSA Reports Say
Tags: advisory, ai, api, attack, awareness, business, cloud, compliance, control, credit-card, crime, crimes, crypto, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, framework, google, governance, guide, healthcare, injection, intelligence, law, LLM, lockbit, malicious, metric, mitigation, monitoring, network, office, openai, ransom, ransomware, risk, risk-management, service, skills, sql, threat, tool, training, update, vulnerabilityFormerly “AI shy” cyber pros have done a 180 and become AI power users, as AI forces data security changes, the CSA says. Plus, PwC predicts orgs will get serious about responsible AI usage in 2026, while the NCSC states that, no, prompt injection isn’t the new SQL injection. And much more! Key takeaways Cyber…
-
CultureAI Selected for Microsoft’s Agentic Launchpad Initiative to Advance Secure AI Usage
UK-based AI safety and governance company CultureAI has been named as one of the participants in Microsoft’s newly launched Agentic Launchpad, a technology accelerator aimed at supporting startups working on advanced AI systems. The inclusion marks a milestone for CultureAI’s growth and signals broader industry interest in integrating AI safety and usage control into emerging…
-
CSA Study: Mature AI Governance Translates Into Responsible AI Adoption
New CSA research shows mature AI governance accelerates responsible AI adoption, boosts security confidence, and enables agentic AI at scale. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/csa-study-mature-ai-governance-translates-into-responsible-ai-adoption/
-
The Agentic Era is Here: Announcing the 4th Edition of AI API Security For Dummies
If you look at the headlines, the story is about Artificial Intelligence. But if you look at the architecture, the story is about APIs. The reality of modern tech is simple: You can’t have AI security without API security. As we move rapidly from simple chatbots to autonomous agents, the way we secure our infrastructure…
-
Strategische Partnerschaft von BeyondTrust und Ping Identity
Bereitstellung einer einheitlichen Identitätssicherheitsstruktur Die Cybersicherheitsunternehmen BeyondTrust und Ping Identity haben eine strategische Partnerschaft zur Bereitstellung einer einheitlichen Identitätssicherheitsstruktur vereinbart. Mit der Kombination ihrer Lösungen ermöglichen sie die Automatisierung und Orchestrierung von Zugriffsentscheidungen zwischen menschlichen und nicht-menschlichen Identitäten. Durch Integration von Privileged Access Management (PAM), Identity and Access Management (IAM) und Identity Governance and… First…
-
The Agentic Era is Here: Announcing the 4th Edition of AI API Security For Dummies
If you look at the headlines, the story is about Artificial Intelligence. But if you look at the architecture, the story is about APIs. The reality of modern tech is simple: You can’t have AI security without API security. As we move rapidly from simple chatbots to autonomous agents, the way we secure our infrastructure…
-
Strategische Partnerschaft von BeyondTrust und Ping Identity
Bereitstellung einer einheitlichen Identitätssicherheitsstruktur Die Cybersicherheitsunternehmen BeyondTrust und Ping Identity haben eine strategische Partnerschaft zur Bereitstellung einer einheitlichen Identitätssicherheitsstruktur vereinbart. Mit der Kombination ihrer Lösungen ermöglichen sie die Automatisierung und Orchestrierung von Zugriffsentscheidungen zwischen menschlichen und nicht-menschlichen Identitäten. Durch Integration von Privileged Access Management (PAM), Identity and Access Management (IAM) und Identity Governance and… First…
-
The Agentic Era is Here: Announcing the 4th Edition of AI API Security For Dummies
If you look at the headlines, the story is about Artificial Intelligence. But if you look at the architecture, the story is about APIs. The reality of modern tech is simple: You can’t have AI security without API security. As we move rapidly from simple chatbots to autonomous agents, the way we secure our infrastructure…
-
The innovative CISO’s bucket list: Human-led transformation at the core
Tags: ai, application-security, breach, business, ciso, cloud, compliance, control, data, defense, GDPR, governance, group, privacy, regulation, resilience, risk, risk-management, threat, toolBuilding a unified, integrated defense: The second major bucket list theme is breaking down the silos that perpetually plague security organizations. Application security (AppSec), cloud security (CloudSec) and governance, risk and compliance (GRC) groups all work from different spreadsheets and tools and often with different objectives. This model is inefficient, expensive and leaves massive gaps…
-
The innovative CISO’s bucket list: Human-led transformation at the core
Tags: ai, application-security, breach, business, ciso, cloud, compliance, control, data, defense, GDPR, governance, group, privacy, regulation, resilience, risk, risk-management, threat, toolBuilding a unified, integrated defense: The second major bucket list theme is breaking down the silos that perpetually plague security organizations. Application security (AppSec), cloud security (CloudSec) and governance, risk and compliance (GRC) groups all work from different spreadsheets and tools and often with different objectives. This model is inefficient, expensive and leaves massive gaps…
-
The innovative CISO’s bucket list: Human-led transformation at the core
Tags: ai, application-security, breach, business, ciso, cloud, compliance, control, data, defense, GDPR, governance, group, privacy, regulation, resilience, risk, risk-management, threat, toolBuilding a unified, integrated defense: The second major bucket list theme is breaking down the silos that perpetually plague security organizations. Application security (AppSec), cloud security (CloudSec) and governance, risk and compliance (GRC) groups all work from different spreadsheets and tools and often with different objectives. This model is inefficient, expensive and leaves massive gaps…