Tag: grc
-
Oracle Risk Management Cloud vs SafePaaS: What you should evaluate
IT Security, GRC, and audit teams often ask: “Is Oracle Risk Management Cloud enough for our control model, or do we need an alternative?” This guide answers that question with a practical comparison of what Oracle RMC does well, where SafePaaS can complement Oracle, and where some organizations may choose SafePaaS as an alternative for……
-
Cybersicherheit im Fokus Hiscout auf dem NISCongress 2026
Hiscout, einer der führenden Anbieter integrierter GRC-Softwarelösungen, nimmt am NIS-2-Congress 2026 am 12. und 13. Mai in Frankfurt teil. Dort zeigt der Experte, wie Unternehmen die Anforderungen der europäischen NIS2-Richtlinie strukturiert und effizient realisieren können. Die Veranstaltung bringt Unternehmen, Entscheidungsträger und führende Experten zusammen, um die praktische Umsetzung der Richtlinie zu diskutieren. Im Mittelpunkt stehen…
-
TekStream Targets Proactive Security With ImagineX Cyber Buy
Acquisition Adds Advisory, GRC and Vulnerability Services to ImagineX’s MDR Core. TekStream acquired ImagineX’s cyber division to integrate advisory, vulnerability management and GRC with its MDR services, aiming to help CISOs defend against faster, AI-driven attacks by unifying proactive and reactive security into a single operational model. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/tekstream-targets-proactive-security-imaginex-cyber-buy-a-31507
-
AI-Powered Risk Registers vs. Traditional Risk Management: What’s the Difference?
Key Takeaways It’s surprising that traditional risk registers (spreadsheets or basic databases) persist in a world racing toward AI-infused technology. But the states speak for themselves: 59% of GRC practitioners use no commercial tool, with 52% spending 30-50% of time on admin tasks like data entry. Although reliable for basic checklists, traditional risk registers are……
-
The Shadow AI Trap: Why Your AI Inventory is Your Biggest EU AI Act Compliance Risk FireTail Blog
Tags: access, ai, api, automation, ciso, cloud, compliance, computing, control, data, governance, grc, infrastructure, LLM, monitoring, risk, risk-management, saas, service, software, toolApr 16, 2026 – Alan Fagan – The EU AI Act cares about evidence, not intentWhen National Competent Authorities begin enforcement on August 2, 2026, they will ask organisations what AI systems they operate, how those systems are being used, and what controls are in place. Many organisations will struggle to answer these questions.The Shadow…
-
Article 12 and the Logging Mandate: What the EU AI Act Actually Requires FireTail Blog
Tags: access, ai, breach, ciso, cloud, compliance, control, data, data-breach, finance, GDPR, grc, healthcare, infrastructure, insurance, jobs, metric, monitoring, regulation, risk, saas, service, toolApr 16, 2026 – Lina Romero – When GDPR arrived, the organisations that had mistaken documentation for capability were the ones that struggled the most. They had policies about data retention but no technical controls enforcing those policies. They had breach notification procedures but no systems capable of detecting a breach in time to use…
-
Beyond the Spreadsheet: Why Manual AI Audits Are an EU AI Act Compliance Liability FireTail Blog
Tags: access, ai, ciso, cloud, compliance, control, data, detection, finance, framework, GDPR, governance, grc, group, incident response, infrastructure, ISO-27001, monitoring, regulation, risk, saas, service, soc, toolApr 16, 2026 – Alan Fagan – When it comes to the EU AI Act, many organisations take a manual approach to auditing, which looks impressive on paper but collapses under regulatory scrutiny. They use policies, surveys, working groups, and a well-formatted risk register. However, a manual approach does not provide the continuous, automated, technical…
-
Beyond the Spreadsheet: Why Manual AI Audits Are an EU AI Act Compliance Liability FireTail Blog
Tags: access, ai, ciso, cloud, compliance, control, data, detection, finance, framework, GDPR, governance, grc, group, incident response, infrastructure, ISO-27001, monitoring, regulation, risk, saas, service, soc, toolApr 16, 2026 – Alan Fagan – When it comes to the EU AI Act, many organisations take a manual approach to auditing, which looks impressive on paper but collapses under regulatory scrutiny. They use policies, surveys, working groups, and a well-formatted risk register. However, a manual approach does not provide the continuous, automated, technical…
-
The Shadow AI Trap: Why Your AI Inventory is Your Biggest EU AI Act Compliance Risk FireTail Blog
Tags: access, ai, api, automation, ciso, cloud, compliance, computing, control, data, governance, grc, infrastructure, LLM, monitoring, risk, risk-management, saas, service, software, toolApr 16, 2026 – Alan Fagan – The EU AI Act cares about evidence, not intentWhen National Competent Authorities begin enforcement on August 2, 2026, they will ask organisations what AI systems they operate, how those systems are being used, and what controls are in place. Many organisations will struggle to answer these questions.The Shadow…
-
“MomentTime” GRC Is Becoming Obsolete
New native ServiceNow application embeds continuous compliance monitoring, risk quantification and remediation workflows directly into enterprise IT and security operations. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/moment-in-time-grc-is-becoming-obsolete/
-
NIS2 im Fokus: Anforderungen mit Speziallösung von Swiss GRC umsetzen
NIS2 ist mehr als eine regulatorische Pflicht sie ist ein Weckruf. Für Unternehmen bedeutet das: Jetzt ist der richtige Zeitpunkt, Cyberresilienz strategisch anzugehen First seen on infopoint-security.de Jump to article: www.infopoint-security.de/nis2-im-fokus-anforderungen-mit-spezialloesung-von-swiss-grc-umsetzen/a44586/
-
CMMC compliance in the age of AI
Tags: access, ai, automation, awareness, business, compliance, control, data, detection, email, governance, government, grc, metric, risk, tool, trainingThe primary readiness gap: data scope awareness: Central to preparation is gaining a complete understanding of the data subject to CMMC 2.0 controls. Many organizations are still struggling to define the full scope of systems, workflows and third-party relationships that process or store CUI. When contractors conduct detailed CMMC-focused data inventories, it’s common that they’ll…
-
Agentic GRC: Teams Get the Tech. The Mindset Shift Is What’s Missing.
Agentic GRC automates workflows, forcing teams to rethink their role beyond operations. Anecdotes explains why the biggest challenge is shifting from execution to risk leadership. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/agentic-grc-teams-get-the-tech-the-mindset-shift-is-whats-missing/
-
BSidesSLC 2025 Guerrilla GRC Helping Small Businesses Get Cyber Smart
Author, Creator & Presenter: Joshua Boyles – VP Of Cybersecurity At LHMCO) Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/bsidesslc-2025-guerrilla-grc-helping-small-businesses-get-cyber-smart/
-
EU AI Act Compliance Guide for CISOs GRC Leaders – Kovrr
Articles related to cyber risk quantification, cyber risk management, and cyber resilience. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/eu-ai-act-compliance-guide-for-cisos-grc-leaders-kovrr/
-
News: AI-native Security Assurance leads the GRC Transformation
Enterprise CISOs are being asked to do more than ever. Their role is now two-fold: protector of the business and enabler of its growth. They need to reduce risk across a vast and changing digital environment, protect the business, satisfy customers, and meet compliance requirements. What’s more, they want to showcase the positive impacts of…The…
-
73% of Breaches Happen Due to Weak GRC Implement It The Right Way
Most organizations assume breaches happen because of sophisticated zero-day exploits or highly advanced attackers. The reality is far less dramatic and far more risky. Nearly 73% of breaches stem from weak Governance, Risk, and Compliance (GRC) practices. This means attackers are not breaking in, they’re walking through open doors created by poor risk visibility, weak……
-
PQC roadmap remains hazy as vendors race for early advantage
Tags: attack, cisco, communications, control, crypto, cryptography, data, encryption, finance, firmware, gartner, google, grc, guide, Hardware, healthcare, identity, infrastructure, monitoring, network, nist, risk, software, technology, threat, tool, vpn, vulnerabilitySome are already ahead as the migration question looms: One of the earliest vendors to operationalize cryptographic discovery specifically for PQC readiness was Sandbox AQ, which emerged from Google’s quantum research efforts. As early as 2022, the company argued that enterprises needed to inventory cryptography assets long before post-quantum algorithms could be deployed at scale.Initially…
-
Hiscout und Bearingpoint stärken gemeinsam die Resilienz der öffentlichen Verwaltung
Hiscout, ein führender Anbieter integrierter GRC-Softwarelösungen, baut sein Partnernetzwerk weiter aus und arbeitet ab sofort strategisch mit der Management- und Technologieberatung Bearingpoint zusammen. Ziel der Partnerschaft ist es, Organisationen der öffentlichen Hand bei Informationssicherheit, Business-Continuity-Management (BCM), Datenschutz und Compliance noch umfassender und praxisnaher zu unterstützen. Im Fokus der Zusammenarbeit steht die Weiterentwicklung und Stärkung der…
-
AI in the SOC: Why Complete Autonomy Is the Wrong Goal
Dan Petrillo, VP of Product at BlueVoyant As artificial intelligence (AI) becomes more deeply embedded in security operations, a divide has emerged in how its role is defined. Some argue the security operations centre (SOC) should be fully autonomous, with AI replacing human analysts. Others believe that augmentation is the right path, using AI to support and extend existing teams. Augmentation probably reflects…
-
AI in the SOC: Why Complete Autonomy Is the Wrong Goal
Dan Petrillo, VP of Product at BlueVoyant As artificial intelligence (AI) becomes more deeply embedded in security operations, a divide has emerged in how its role is defined. Some argue the security operations centre (SOC) should be fully autonomous, with AI replacing human analysts. Others believe that augmentation is the right path, using AI to support and extend existing teams. Augmentation probably reflects…
-
The Cloud and AI Velocity Trap: Why Governance Is Falling Behind Innovation
Tags: access, ai, attack, business, cloud, compliance, control, cyber, data, flaw, framework, governance, grc, iam, identity, least-privilege, malicious, malware, radius, risk, risk-management, service, supply-chain, tactics, threat, tool, vulnerability, zero-trustAI adoption is outpacing traditional cyber governance. The “Tenable Cloud and AI Security Risk Report 2026” reveals how overprivileged identities and unmonitored supply chain dependencies leave orgs exposed. We offer 10 tactics to shut down your most critical attack paths. Key takeaways The velocity trap: Security teams are fighting “machine-speed” threats with manual processes; you…
-
The Cloud and AI Velocity Trap: Why Governance Is Falling Behind Innovation
Tags: access, ai, attack, business, cloud, compliance, control, cyber, data, flaw, framework, governance, grc, iam, identity, least-privilege, malicious, malware, radius, risk, risk-management, service, supply-chain, tactics, threat, tool, vulnerability, zero-trustAI adoption is outpacing traditional cyber governance. The “Tenable Cloud and AI Security Risk Report 2026” reveals how overprivileged identities and unmonitored supply chain dependencies leave orgs exposed. We offer 10 tactics to shut down your most critical attack paths. Key takeaways The velocity trap: Security teams are fighting “machine-speed” threats with manual processes; you…
-
Is Your GRC Program Really Reducing Risk?
CISO Sean Atkinson on Moving From ‘GRC Theater’ to Continuous GRC Engineering. As NIST, ISO, SOC 2, NIS2 and DORA expand compliance pressure, many organizations are optimizing for audit success instead of risk reduction. Sean Atkinson warns that “GRC theater” creates false confidence. Adversaries operate continuously and so should GRC engineering, he said. First seen…
-
With CISOs stretched thin, re-envisioning enterprise risk may be the only fix
Tags: access, ai, application-security, business, cio, ciso, cloud, compliance, control, cyber, cybersecurity, data, fraud, governance, grc, group, identity, infrastructure, jobs, monitoring, privacy, RedTeam, risk, soc, supply-chain, vulnerabilityStructural changes necessary: Flavio Villanustre, CISO for the LexisNexis Risk Solutions Group, says many organizations have already made the structural changes necessary to address the rising importance, and specialization, of cybersecurity and risk functions.”The breadth and depth of information security and cybersecurity have increased so significantly over the past two decades that it drove a…
-
Top 10 Cyber Risk Management and GRC Companies in the UK and Globally
Cyber risk management and Governance, Risk, and Compliance (GRC) have become central to how organisations protect data, meet regulatory obligations, and maintain operational resilience. As cyber threats grow more sophisticated and regulatory scrutiny increases, organisations must demonstrate not only that risks are identified, but that they are governed, prioritised, and controlled effectively. Cyber risk management…
-
EU’s answer to CVE solves dependency issue, adds fragmentation risks
Tags: access, ai, china, cisco, cve, cyber, cybersecurity, data, dos, exploit, finance, governance, grc, infrastructure, intelligence, international, nvd, open-source, risk, service, software, threat, tool, vulnerability, vulnerability-managementCoordinated disclosure: Nik Kale, principal engineer and product architect at Cisco Systems, says GCVE’s main challenge comes from building a platform that the security community can rely on for coordinated disclosure and remediation.”Viability depends far more on governance than on the data itself,” Kale says. “That includes clear attribution rules, transparent CNA processes, predictable decision-making,…
-
SAP-Sicherheit und Berechtigungsmanagement – Wie cyberresilient ist SAP GRC wirklich?
First seen on security-insider.de Jump to article: www.security-insider.de/sap-grc-haerten-firefighter-eam-sap-sicherheit-a-fb9b70538a1c5da4fd6f0928ba449fed/