Tag: grc
-
GRC Automation Becomes Essential as Compliance Demands Accelerate
Modern GRC pressures are outpacing manual processes, making automation essential for staying compliant and secure. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/compliance/grc-automation-becomes-essential-as-compliance-demands-accelerate/
-
From code to boardroom: A GenAI GRC approach to supply chain risk
Tags: ai, blockchain, business, ciso, compliance, dark-web, data, defense, finance, framework, gartner, grc, intelligence, LLM, metric, open-source, regulation, resilience, risk, strategy, supply-chain, threat, vulnerabilityThe GenAI GRC mandate: From reporting to prediction: To counter a threat that moves at the speed of computation, our GRC must also become generative and predictive. The GenAI GRC mandate is to shift the focus from documenting compliance to predicting systemic failure.Current GRC methods are designed for documentation. They verify that a policy exists.…
-
From code to boardroom: A GenAI GRC approach to supply chain risk
Tags: ai, blockchain, business, ciso, compliance, dark-web, data, defense, finance, framework, gartner, grc, intelligence, LLM, metric, open-source, regulation, resilience, risk, strategy, supply-chain, threat, vulnerabilityThe GenAI GRC mandate: From reporting to prediction: To counter a threat that moves at the speed of computation, our GRC must also become generative and predictive. The GenAI GRC mandate is to shift the focus from documenting compliance to predicting systemic failure.Current GRC methods are designed for documentation. They verify that a policy exists.…
-
3 ways CISOs can win over their boards this budget season
Tip 2: Go beyond compliance standards: It’s no secret that compliance and regulations drive nearly 80% of CISOs’ budget justifications. Industry standards like HIPAA and SOC2 can offer a guiding framework for a program, but with evolving threats from AI, the rise of quantum computing and increasingly complex third-party risk, CISOs need to think of…
-
Boost your cyber defense with unified cybersecurity and GRC strategies
Tags: compliance, cyber, cybersecurity, defense, finance, governance, grc, risk, risk-management, strategy, threatCybersecurity is no longer just an IT issue; it is a strategic imperative that touches every aspect of modern business. In today’s digital landscape, organizations face increasingly sophisticated threats that can disrupt operations, tarnish reputations, and lead to significant financial losses. A unified approach that integrates cybersecurity with governance, risk management, and compliance (GRC) strategies…The…
-
The rise of the chief trust officer: Where does the CISO fit?
Tags: ai, business, ceo, ciso, compliance, control, credentials, cybersecurity, data, governance, grc, jobs, marketplace, metric, office, privacy, risk, soc, strategy, technology, vulnerabilityCISO and CTrO: A model for a working partnership?: As customers, partners and regulators demand greater openness and assurance, those in the role say building trust, not just security, is the answer. Trust is touted as a differentiator for organizations looking to strengthen customer confidence and find a competitive advantage. Trust cuts across security, privacy,…
-
EOL-Software gefährdet Unternehmenssicherheit
Geräte mit End-of-Life-Software (EOL) stellen nach wie vor ein weit verbreitetes Sicherheitsproblem in Unternehmen dar.Laut einer Studie von Palo Alto Networks laufen 26 Prozent der Linux-Systeme und acht Prozent der Windows-Systeme mit veralteten Versionen. Die Ergebnisse basieren auf Telemetriedaten von 27 Millionen Geräten in den Netzwerken von 1.800 Unternehmen.Die Analyse offenbart zudem, dass 39 Prozent…
-
From Compliance Boxes to Fraud Prevention: GRC Reimagined
Gong’s Tamara Lauterbach on Why Framework Maturity Matters More Than Certification. Frameworks are no longer just about checking compliance boxes; they’re becoming critical tools for governance, resilience and fraud prevention. Tamara Lauterbach, senior GRC specialist at Gong, explains how culture, automation and human insight can enhance framework effectiveness. First seen on govinfosecurity.com Jump to article:…
-
10 promising cybersecurity startups CISOs should know about
Tags: access, ai, attack, automation, business, ceo, ciso, cloud, compliance, container, control, cybersecurity, data, deep-fake, defense, detection, endpoint, exploit, finance, gartner, google, governance, government, grc, ibm, identity, linux, malicious, microsoft, military, monitoring, network, open-source, ransomware, RedTeam, risk, saas, software, startup, supply-chain, technology, threat, tool, vulnerability, vulnerability-management, zero-trust2. Chainguard: Category: Software supply chain securityWhy they’re here: Founded in 2021 by Dan Lorenc (formerly at Microsoft and Google), Chainguard offers a Linux-based platform for securely building applications. The company has raised more than $600M and is valued at $3.5B. In fiscal year 2025, Chainguard reached a $40M annual run rate and by the…
-
10 promising cybersecurity startups CISOs should know about
Tags: access, ai, attack, automation, business, ceo, ciso, cloud, compliance, container, control, cybersecurity, data, deep-fake, defense, detection, endpoint, exploit, finance, gartner, google, governance, government, grc, ibm, identity, linux, malicious, microsoft, military, monitoring, network, open-source, ransomware, RedTeam, risk, saas, software, startup, supply-chain, technology, threat, tool, vulnerability, vulnerability-management, zero-trust2. Chainguard: Category: Software supply chain securityWhy they’re here: Founded in 2021 by Dan Lorenc (formerly at Microsoft and Google), Chainguard offers a Linux-based platform for securely building applications. The company has raised more than $600M and is valued at $3.5B. In fiscal year 2025, Chainguard reached a $40M annual run rate and by the…
-
10 promising cybersecurity startups CISOs should know about
Tags: access, ai, attack, automation, business, ceo, ciso, cloud, compliance, container, control, cybersecurity, data, deep-fake, defense, detection, endpoint, exploit, finance, gartner, google, governance, government, grc, ibm, identity, linux, malicious, microsoft, military, monitoring, network, open-source, ransomware, RedTeam, risk, saas, software, startup, supply-chain, technology, threat, tool, vulnerability, vulnerability-management, zero-trust2. Chainguard: Category: Software supply chain securityWhy they’re here: Founded in 2021 by Dan Lorenc (formerly at Microsoft and Google), Chainguard offers a Linux-based platform for securely building applications. The company has raised more than $600M and is valued at $3.5B. In fiscal year 2025, Chainguard reached a $40M annual run rate and by the…
-
Discover Practical AI Tactics for GRC, Join the Free Expert Webinar
Artificial Intelligence (AI) is rapidly transforming Governance, Risk, and Compliance (GRC). It’s no longer a future concept”, it’s here, and it’s already reshaping how teams operate.AI’s capabilities are profound: it’s speeding up audits, flagging critical risks faster, and drastically cutting down on time-consuming manual work. This leads to greater efficiency, higher accuracy, and a more…
-
5 Ways CISOs can turn GRC into a profit center, not a cost center
For years, Governance, Risk, and Compliance (GRC) has been viewed as a necessary expense, an insurance policy for when things go wrong. But a new generation of CISOs is proving that when managed strategically, GRC can do far more than protect. It can unlock growth, accelerate deals, and strengthen customer trust. In the latest Strategic…The…
-
A View from the C-suite: Aligning AI security to the NIST RMF FireTail Blog
Tags: access, ai, attack, breach, csf, cybersecurity, data, data-breach, defense, detection, framework, governance, grc, guide, incident response, infrastructure, injection, jobs, LLM, malicious, nist, RedTeam, risk, risk-management, strategy, supply-chain, theft, tool, vulnerabilityOct 15, 2025 – Jeremy Snyder – In 2025, the AI race is surging ahead and the pressure to innovate is intense. For years, the NIST Cybersecurity Framework (CSF) has been our trusted guide for managing risk. It consists of five principles: identify, protect, detect, respond, and recover. But with the rise of AI revolutionizing…
-
Beyond the checklist: Building adaptive GRC frameworks for agentic AI
Tags: access, ai, breach, ciso, cloud, compliance, control, crime, data, detection, endpoint, finance, framework, fraud, governance, grc, international, metric, monitoring, nist, risk, risk-management, strategy, supply-chain, switchAutonomous agent drift First, I experienced an autonomous agent drift that nearly caused a severe financial and reputational crisis. We deployed a sophisticated agent tasked with optimizing our cloud spending and resource allocation across three regions, giving it a high degree of autonomy. Its original mandate was clear, but after three weeks of self-learning and…
-
Your cyber risk problem isn’t tech, it’s architecture
Tags: ai, attack, awareness, best-practice, business, ciso, cloud, compliance, container, control, csf, cyber, cybersecurity, data, data-breach, defense, finance, framework, GDPR, governance, grc, group, intelligence, Internet, ISO-27001, mitre, nist, PCI, phishing, privacy, ransomware, regulation, risk, risk-assessment, risk-management, software, strategy, threat, training, update, vulnerabilityIf the company already has a mature risk culture: The implementation of a cybersecurity management project becomes more flexible. Since my goal is to share the mechanics to achieve success in a cybersecurity program, I emphasize below some components of this ‘recipe’ to consider: Understand the dynamics and scope of the business, mapping stakeholders, processes…
-
Your cyber risk problem isn’t tech, it’s architecture
Tags: ai, attack, awareness, best-practice, business, ciso, cloud, compliance, container, control, csf, cyber, cybersecurity, data, data-breach, defense, finance, framework, GDPR, governance, grc, group, intelligence, Internet, ISO-27001, mitre, nist, PCI, phishing, privacy, ransomware, regulation, risk, risk-assessment, risk-management, software, strategy, threat, training, update, vulnerabilityIf the company already has a mature risk culture: The implementation of a cybersecurity management project becomes more flexible. Since my goal is to share the mechanics to achieve success in a cybersecurity program, I emphasize below some components of this ‘recipe’ to consider: Understand the dynamics and scope of the business, mapping stakeholders, processes…
-
Hiscout und Viccon bündeln Expertise für Informationssicherheit und Business-Continuity-Management
Hiscout, führender Anbieter integrierter GRC-Softwarelösungen, startet eine strategische Zusammenarbeit mit der Viccon. Ziel der Partnerschaft ist es, Unternehmen bei Informationssicherheit, Business-Continuity-Management, Datenschutz und Compliance mit praxisnahen und individuell zugeschnittenen Lösungen zu unterstützen. Die Energiewirtschaft und Industrieunternehmen sind dabei ebenso im Fokus wie der Gesundheitssektor. Gemeinsam wollen Hiscout und Viccon Kunden künftig noch umfassender bei der…
-
Cybersecurity Snapshot: CISA Highlights Vulnerability Management Importance in Breach Analysis, as Orgs Are Urged To Patch Cisco Zero-Days
Tags: 2fa, access, advisory, api, attack, authentication, breach, business, cisa, cisco, cloud, control, credentials, crime, cve, cyber, cybersecurity, data, defense, endpoint, exploit, fido, finance, firewall, framework, github, grc, guide, identity, incident response, infrastructure, Internet, ISO-27001, kev, law, lessons-learned, malicious, malware, mfa, mitigation, monitoring, network, open-source, phishing, privacy, ransomware, risk, saas, scam, security-incident, service, soc, software, supply-chain, tactics, threat, update, vpn, vulnerability, vulnerability-management, worm, zero-dayCISA’s takeaways of an agency hack include a call for timely vulnerability patching. Plus, Cisco zero-day bugs are under attack, patch now. Meanwhile, the CSA issued a framework for SaaS security. And get the latest on the npm breach, the ransomware attack that disrupted air travel and more! Here are six things you need to…
-
The Definitive Guide to Compliance Costs: Where Your Budget Goes
Key Takeaways Businesses are managing compliance on multiple fronts: cybersecurity standards, privacy regulations, third-party oversight, and sector-specific rules that change faster than budgets can adapt. Each requirement adds to the total cost of compliance. It’s easy to pinpoint your audit fees or the price of their GRC platform. But those are only part of the……
-
The Definitive Guide to Compliance Costs: Where Your Budget Goes
Key Takeaways Businesses are managing compliance on multiple fronts: cybersecurity standards, privacy regulations, third-party oversight, and sector-specific rules that change faster than budgets can adapt. Each requirement adds to the total cost of compliance. It’s easy to pinpoint your audit fees or the price of their GRC platform. But those are only part of the……
-
The Gravity of Process: Why New Tech Never Fixes Broken Process and Can AI Change It?
Tags: advisory, ai, api, best-practice, business, cybersecurity, data, flaw, grc, incident response, risk, siem, soar, soc, technology, threat, tool, trainingLet’s tackle the age old question: can new technology fix broken or missing processes? And then let’s add: does AI and AI agents change the answer you would give? Gemini illustration based on this blog This is the question which I recently debated with some friends, with a few AIs and with myself. The context was of…
-
Breaking Down Silos: Why You Need an Ecosystem View of Cloud Risk
Tags: access, attack, business, ciso, cloud, compliance, container, cvss, cyber, data, data-breach, exploit, governance, grc, identity, infrastructure, Internet, least-privilege, metric, network, risk, threat, tool, training, vulnerabilityA disjointed approach to cloud security generates more noise than clarity, making it hard for you to prioritize what to fix first. Learn how Tenable dissolves this challenge by integrating cloud security into a unified exposure management platform giving you the context to pinpoint your organization’s biggest cyber risks. Don’t just manage cloud security understand…
-
Breaking Down Silos: Why You Need an Ecosystem View of Cloud Risk
Tags: access, attack, business, ciso, cloud, compliance, container, cvss, cyber, data, data-breach, exploit, governance, grc, identity, infrastructure, Internet, least-privilege, metric, network, risk, threat, tool, training, vulnerabilityA disjointed approach to cloud security generates more noise than clarity, making it hard for you to prioritize what to fix first. Learn how Tenable dissolves this challenge by integrating cloud security into a unified exposure management platform giving you the context to pinpoint your organization’s biggest cyber risks. Don’t just manage cloud security understand…
-
Hiscout als Goldsponsor auf dem BCM Summit 2025 in Hamburg
Am 25. und 26. September findet der BCM Summit 2025 im Gastwerk Hotel Hamburg statt. Hiscout, führender Anbieter von GRC-Software, ist auch in diesem Jahr wieder vor Ort als Goldsponsor des Events. Die Konferenz zählt zu den wichtigsten Branchentreffen für Business-Continuity-Management (BCM) und Krisenmanagement im deutschsprachigen Raum. Der Summit bringt Fach- und Führungskräfte aus […]…
-
Hiscout als Goldsponsor auf dem BCM Summit 2025 in Hamburg
Am 25. und 26. September findet der BCM Summit 2025 im Gastwerk Hotel Hamburg statt. Hiscout, führender Anbieter von GRC-Software, ist auch in diesem Jahr wieder vor Ort als Goldsponsor des Events. Die Konferenz zählt zu den wichtigsten Branchentreffen für Business-Continuity-Management (BCM) und Krisenmanagement im deutschsprachigen Raum. Der Summit bringt Fach- und Führungskräfte aus […]…