Tag: grc
-
So verändert KI Ihre GRC-Strategie
Tags: ai, ciso, compliance, cyersecurity, framework, fraud, governance, grc, group, monitoring, nist, risk, risk-management, strategy, tool -
Compliance and AIOps: The Role of GRC in IT Operations
By providing a data-driven, automated, and real-time approach to Governance, Risk, and Compliance, Qmulos adds that extra layer of visibility to the overall correlation of operational events. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/compliance-and-aiops-the-role-of-grc-in-it-operations/
-
Mind the overconfidence gap: CISOs and staff don’t see eye to eye on security posture
Tags: ai, attack, awareness, business, ciso, compliance, control, cyber, cybersecurity, data, defense, detection, grc, group, hacker, identity, incident response, intelligence, international, least-privilege, metric, network, phishing, ransomware, risk, risk-assessment, risk-management, soc, strategy, technology, threat, tool, training, updateMisplaced priorities: Investments often favor visibility and compliance over “core capabilities like detection engineering, incident response, and threat containment,” according to Santiago Pontiroli, lead security researcher at cybersecurity vendor Acronis TRU.Delayed adaptation: AI-driven threats demand faster, smarter defenses, but key upgrades (such as behavior-based analytics or automation) are often postponed due to underestimated risk, according…
-
Auditmanagement-Modul für die transparente Durchführung von Audits nach ISO19011
Hiscout, ein führender deutscher Anbieter für integrierte GRC-Lösungen (Governance, Risk & Compliance), hat ein neues, effizientes Auditmanagement-Modul auf den Markt gebracht. Mit diesem Modul bietet Hiscout Organisationen ein leistungsstarkes Werkzeug für die effiziente und transparente Durchführung von Audits nach ISO19011. Von der Jahresplanung bis zur revisionssicheren Dokumentation sorgt das Modul für einen durchgängigen, digitalisierten Auditprozess…
-
Modernes ISMSTool für die Berliner Verwaltung sichert digitale Prozesse der Hauptstadt
Die Hiscout hat die Ausschreibung des IT-Dienstleistungszentrums Berlin (ITDZ Berlin) für den Rahmenvertrag ‘ISMS-GRC-Tool” gewonnen. Der Vertrag hat eine Laufzeit von 48 Monaten. Er umfasst die gesamte Berliner Verwaltung als Leistungsempfänger. Rahmenvertrag für ganz Berlin ein strategischer Meilenstein Der Rahmenvertrag wurde über die Vergabeplattform DTAD ausgeschrieben und sieht vor, dass Hiscout die Berliner […] First…
-
How AI is changing the GRC strategy
Tags: access, ai, best-practice, breach, business, ciso, compliance, control, data, detection, finance, framework, fraud, governance, grc, guide, law, monitoring, network, nist, privacy, regulation, risk, risk-analysis, risk-management, strategy, threat, toolAdapting existing frameworks with AI risk controls: AI risks include data safety, misuse of AI tools, privacy considerations, shadow AI, bias and ethical considerations, hallucinations and validating results, legal and reputational issues, and model governance to name a few.AI-related risks should be established as a distinct category within the organization’s risk portfolio by integrating into…
-
July Patch Tuesday: 14 critical Microsoft vulnerabilities, one SAP hole rated at 10 in severity
Tags: access, attack, authentication, business, citrix, computer, control, credentials, cve, cvss, data, email, espionage, exploit, grc, microsoft, monitoring, network, ransomware, remote-code-execution, risk, sap, service, threat, update, vulnerability, windowsNetwork security: Allow PKU2U authentication requests to this computer to use online identities“.Tyler Reguly, Fortra’s associate director of security R&D, told CSO that, based on Microsoft’s presentation of the information, disabling this GPO will mitigate this vulnerability.The second priority is a fix for CVE-2025-49704, a SharePoint Remote Code Execution vulnerability, because it presents a critical risk to a…
-
July Patch Tuesday: 14 critical Microsoft vulnerabilities, one SAP hole rated at 10 in severity
Tags: access, attack, authentication, business, citrix, computer, control, credentials, cve, cvss, data, email, espionage, exploit, grc, microsoft, monitoring, network, ransomware, remote-code-execution, risk, sap, service, threat, update, vulnerability, windowsNetwork security: Allow PKU2U authentication requests to this computer to use online identities“.Tyler Reguly, Fortra’s associate director of security R&D, told CSO that, based on Microsoft’s presentation of the information, disabling this GPO will mitigate this vulnerability.The second priority is a fix for CVE-2025-49704, a SharePoint Remote Code Execution vulnerability, because it presents a critical risk to a…
-
How FinTechs are turning GRC into a strategic enabler
In this Help Net Security interview, Alexander Clemm, Corp GRC Lead, Group CISO, and BCO at Riverty, shares how the GRC landscape for FinTechs has matured in response to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/02/alexander-clemm-riverty-fintechs-grc-landscape/
-
The rise of the compliance super soldier: A new human-AI paradigm in GRC
Tags: ai, automation, awareness, compliance, control, governance, grc, jobs, law, LLM, metric, regulation, risk, skills, strategy, threat, tool, training, updateRegulatory acceleration: Global AI laws are evolving but remain fragmented and volatile. Toolchain convergence: Risk, compliance and engineering workflows are merging into unified platforms. Maturity asymmetry: Few organizations have robust genAI governance strategies, and even fewer have built dedicated AI risk teams. These forces create a scenario where GRC teams must evolve rapidly, from policy monitors to strategic…
-
Third-party risk management is broken, but not beyond repair
Getting to the root of the problem: The surge of TPRM tools has automated much of what was once a manual, resource-intensive process. These platforms were developed to simplify the creation, distribution, and completion of security questionnaires, addressing the operational burden organizations often face when conducting third-party risk audits. While they’ve brought much-needed efficiency, they’ve…
-
The highest-paying jobs in cybersecurity today
Tags: access, ai, application-security, cisco, cloud, compliance, control, corporate, cybersecurity, data, defense, detection, firewall, governance, grc, hacker, identity, incident response, infrastructure, intelligence, jobs, network, penetration-testing, privacy, risk, risk-assessment, risk-management, skills, soc, threat, tool, training, vulnerability, vulnerability-managementSee “Top 12 cloud security certifications”See “CISSP certification: Requirements, training, exam, and cost”See “CCSP certification: Exam, cost, requirements, training, salary” Security engineer: After security architects, security engineers receive the second-highest annual cash compensation ($191,000), with a base salary of $168,000. Nearly a third (31%) of security engineers surveyed also received annual equity grants.Like their architect…
-
Security, risk and compliance in the world of AI agents
Tags: access, ai, api, attack, automation, business, compliance, control, credentials, data, encryption, finance, framework, governance, grc, identity, infection, injection, ISO-27001, jobs, LLM, monitoring, password, privacy, regulation, resilience, risk, service, tool, trainingUnderstand and interpret natural language Access internal and external data sources dynamically Invoke tools (like APIs, databases, search engines) Carry memory to recall prior interactions or results Chain logic to reason through complex multi-step tasks They may be deployed through: Open-source frameworks like LangChain or Semantic Kernel Custom-built agent stacks powered by internal LLM APIs Hybrid orchestration models integrated across business platforms Real-world examples…
-
Hiscout und Innoventon gehen strategische Partnerschaft ein
Hiscout, ein führender Anbieter für integrierte GRC-Lösungen (Governance, Risk & Compliance), gibt heute den Beginn einer strategischen Partnerschaft mit den Software- und IT-Sicherheitsexperten von Innoventon bekannt. Gemeinsam bündeln die Unternehmen ihre Expertise, um Kunden künftig noch umfassendere und maßgeschneiderte Lösungen im Bereich Informationssicherheit und Datenschutz anzubieten. Durch die Partnerschaft profitieren Kunden von einer nahtlosen Integration…
-
Feel the FOMO: Unlocking the Future of GRC Automation
If you’ve been around the governance, risk and compliance (GRC) space for a while, you likely remember the days when GRC workflows involved manually collecting screenshots from several systems, filling out control statuses in spreadsheets and hoping you’re ready for your next audit(s). Those days are gone, or at least, should have, by now… First…
-
Building a Security Portfolio Even When You’re a Blue Teamer
Things to Include on Your CV When Your Job Focuses on Keeping Systems Running If you’re a junior SOC analyst, a GRC specialist, or someone working in ICS environments, the idea of a cyber portfolio might seem irrelevant. It’s not. Employers need tangible proof of your skills, and a well-constructed portfolio does just that –…
-
Active-Directory-Anbindung für GRC-Plattformen – HiScout integriert AD-Synchronisation in GRC-Suite
Tags: grcFirst seen on security-insider.de Jump to article: www.security-insider.de/hiscout-integriert-ad-synchronisation-in-grc-suite-a-618e7416bacd48e88ff1167735bbccdd/
-
Kommentar von Sebastian Dosch und Clarissa Bent, Microfin Unternehmensberatung – Microsoft Copilot diese drei GRC-Faktoren können für eine harte Landung sorgen
First seen on security-insider.de Jump to article: www.security-insider.de/microsoft-copilot-chancen-herausforderungen-regulierte-branchen-a-7b5c1916239f8cf130b54b1157c84ed6/
-
AI Governance So gestalten Sie die KI-Revolution sicher
Unternehmen müssen ein Governance-, Risiko- und Compliance-Rahmenwerk (GRC) speziell für KI einführen, wenn sie nicht den Risiken Künstlicher Intelligenz zum Opfer fallen wollen.Der Einsatz von Künstlicher Intelligenz (KI) in Unternehmen birgt vielfältige Risiken in den Bereichen Cybersicherheit, Datenschutz, Voreingenommenheit, Ethik und Compliance.Nur 24 Prozent der IT- und Business-Entscheidungsträger, hat allerdings bereits umfassende KI-GRC-Richtlinien implementiert, um…
-
Effiziente IT-Sicherheit für Behörden Hiscout auf der PITS 2025
Der Spezialist für integrierter GRC-Softwarelösungen, Hiscout, ist auf der diesjährigen Public-IT-Security (PITS) vom 3. bis 4. Juni in Berlin vertreten. Die etablierte Fachveranstaltung bringt Entscheider aus Behörden, Ministerien und öffentlichen Einrichtungen mit Lösungsanbietern zusammen, um zentrale Herausforderungen rund um Informationssicherheit, Datenschutz und Compliance zu diskutieren. Am Stand präsentiert Hiscout seine praxisbewährte Lösung für Informationssicherheit in…
-
Deepfake attacks are inevitable. CISOs can’t prepare soon enough.
Tags: advisory, ai, attack, authentication, awareness, blockchain, business, ciso, compliance, control, cybersecurity, data, deep-fake, defense, detection, espionage, finance, fraud, governance, grc, identity, incident response, jobs, law, mfa, north-korea, password, privacy, resilience, risk, scam, software, strategy, tactics, technology, threat, tool, training, updateReal-world fabrications: Even security vendors have been victimized. Last year, the governance risk and compliance (GRC) lead at cybersecurity company Exabeam was hiring for an analyst, and human resources (HR) qualified a candidate that looked very good on paper with a few minor concerns, says Kevin Kirkwood, CISO.”There were gaps in how the education represented…
-
The rise of vCISO as a viable cybersecurity career path
Tags: advisory, business, ceo, cio, ciso, compliance, computer, control, country, cyber, cybersecurity, government, grc, group, guide, healthcare, incident response, infrastructure, ISO-27001, jobs, mobile, network, nist, risk, risk-assessment, risk-management, service, skills, strategy, technology, tool, trainingDamon Petraglia, vCISO and CISO on demand Blue Mantis Damon Petraglia A long-time cybersecurity pro with chops built up in the federal government world and through forensic investigation work, Damon Petraglia works as a vCISO and CISO on demand for the IT services firm Blue Mantis.”Where I am today as a vCISO is a culmination…
-
KI und Datenschutz (k)ein Widerspruch?
Hiscout, ein führender Anbieter integrierter GRC-Softwarelösungen, wird auf den diesjährigen BvD-Verbandstagen am 27. und 28. Mai 2025 im Leonardo Royal Hotel Berlin Alexanderplatz vertreten sein. Unter dem Motto ‘KI und Datenschutz (k)ein Widerspruch?” diskutieren Datenschutzbeauftragte und -experten die Herausforderungen und Chancen der künstlichen Intelligenz im Datenschutz. Auf den BvD-Verbandstagen 2025 treffen sich Datenschutzexpertinnen und -experten,…
-
6 types of risk every organization must manage, and 4 strategies for doing it
Tags: ai, attack, backup, best-practice, breach, business, compliance, control, cyber, cybersecurity, data, finance, framework, fraud, GDPR, governance, government, grc, hacker, healthcare, infrastructure, insurance, intelligence, law, mitigation, office, phishing, ransom, ransomware, regulation, risk, risk-assessment, risk-management, service, startup, strategy, technology, threat, training, vulnerabilityCybersecurity risks Threats such as data breaches, phishing attacks, system intrusions, and broader digital vulnerabilities fall under the umbrella of security risks. The definition of cybersecurity risk is constantly evolving, now encompassing threats related to artificial intelligence and AI-driven systems.If you’re trying to mitigate risks in this area, you need to think not just about…
-
GRC Meets CRQ – Kovrr’s Quantified Cyber Risk Registe
Articles related to cyber risk quantification, cyber risk management, and cyber resilience. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/grc-meets-crq-kovrrs-quantified-cyber-risk-registe/
-
The Future of GRC Integrating ESG, Cyber, and Regulatory Risk
The landscape of Governance, Risk, and Compliance (GRC) is undergoing a profound transformation as organizations face mounting pressures from regulatory bodies, evolving cyber threats, and the growing importance of Environmental, Social, and Governance (ESG) factors. In 2025, the convergence of these domains is not just a trend but a necessity for sustainable business operations. Companies…