Tag: metric
-
ODNI to CISOs on threat assessments: You’re on your own
Tags: access, ai, china, ciso, computer, control, credentials, cyber, cybercrime, data, defense, detection, disinformation, encryption, finance, framework, government, healthcare, identity, infrastructure, intelligence, iran, jobs, korea, metric, resilience, risk, russia, service, strategy, technology, theft, threat, tool, warfareThe bifurcated framework: Operational reporting vs. homeland focus: The report now operates on two distinct tracks that risk narrowing the threat horizon for CROs. In a departure from traditional probabilistic forecasting, the IC has transitioned toward active operational reporting. This shift prioritizes immediate success metrics, such as a significant drop in border encounters and fentanyl…
-
ODNI to CISOs on threat assessments: You’re on your own
Tags: access, ai, china, ciso, computer, control, credentials, cyber, cybercrime, data, defense, detection, disinformation, encryption, finance, framework, government, healthcare, identity, infrastructure, intelligence, iran, jobs, korea, metric, resilience, risk, russia, service, strategy, technology, theft, threat, tool, warfareThe bifurcated framework: Operational reporting vs. homeland focus: The report now operates on two distinct tracks that risk narrowing the threat horizon for CROs. In a departure from traditional probabilistic forecasting, the IC has transitioned toward active operational reporting. This shift prioritizes immediate success metrics, such as a significant drop in border encounters and fentanyl…
-
The metrics killing your SOC, and what to use instead
Security operations centres risk being rendered entirely ineffective if organizations measure them using the wrong performance indicators, according to Dave Chismon, CTO for … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/28/soc-performance-metrics/
-
No Metrics Are Better Than Bad Metrics in the SOC, Says NCSC
The National Cyber Security Centre has warned against measuring SOCs with ticket-based metrics First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/no-metrics-better-bad-metrics-soc/
-
No Metrics Are Better Than Bad Metrics in the SOC, Says NCSC
The National Cyber Security Centre has warned against measuring SOCs with ticket-based metrics First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/no-metrics-better-bad-metrics-soc/
-
As the NVD scales back CVE enrichment, here’s what Tenable customers need to know
Tags: access, ai, cisa, cloud, cve, cvss, data, data-breach, exploit, infrastructure, intelligence, kev, metric, mitre, nist, nvd, ransomware, risk, software, strategy, technology, threat, vulnerability, vulnerability-management, zero-dayNIST’s shift toward selective CVE enrichment creates significant visibility gaps for teams relying solely on the National Vulnerability Database. As AI accelerates vulnerability disclosure rates, organizations need independent, high-fidelity intelligence to prioritize risks that the NVD may now overlook. Key takeaways NIST is pivoting to a prioritized enrichment model, focusing only on specific criteria like…
-
7 Passkey Deployment Lessons from eBay, HubSpot, Revolut, and VicRoads
7 proven passkey deployment lessons from eBay, HubSpot, Revolut, and VicRoads. Covers enrollment design, mobile-first strategy, account recovery UX, device rotation handling, and the login success rate metric that actually predicts FIDO2 rollout success. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/7-passkey-deployment-lessons-from-ebay-hubspot-revolut-and-vicroads/
-
We beat Google’s zero-knowledge proof of quantum cryptanalysis
Tags: ai, application-security, attack, best-practice, computer, computing, control, cryptography, data, exploit, google, group, Hardware, metric, programming, risk, rust, technology, tool, update, vulnerabilityTwo weeks ago, Google’s Quantum AI group published a zero-knowledge proof of a quantum circuit so optimized, they concluded that first-generation quantum computers will break elliptic curve cryptography keys in as little as 9 minutes. Today, Trail of Bits is publishing our own zero-knowledge proof that significantly improves Google’s on all metrics. Our result is…
-
Article 12 and the Logging Mandate: What the EU AI Act Actually Requires FireTail Blog
Tags: access, ai, breach, ciso, cloud, compliance, control, data, data-breach, finance, GDPR, grc, healthcare, infrastructure, insurance, jobs, metric, monitoring, regulation, risk, saas, service, toolApr 16, 2026 – Lina Romero – When GDPR arrived, the organisations that had mistaken documentation for capability were the ones that struggled the most. They had policies about data retention but no technical controls enforcing those policies. They had breach notification procedures but no systems capable of detecting a breach in time to use…
-
The need for a board-level definition of cyber resilience
Tags: awareness, business, cisa, compliance, control, crime, cyber, cybercrime, cybersecurity, detection, finance, framework, governance, law, metric, regulation, resilience, risk, risk-analysis, risk-management, service, supply-chain, technologyWhere the literature converges: Organizational outcomes vs. policy and controls It’s consistently agreed that cyber resilience should be tied to organizational outcomes rather than technical controls and policies. Rather than focusing on metrics such as mean time to detection or number of security controls, organizational cyber resilience needs to evaluate levels of business continuity, preservation…
-
5 trends defining the future of AI-powered cybersecurity
Tags: ai, automation, backup, breach, business, cloud, compliance, cyber, cybersecurity, data, defense, detection, endpoint, framework, government, metric, monitoring, msp, regulation, resilience, threatSee how AI is altering the landscape in the new N-able and Futurum report, Cybersecurity in the Age of AI: Moving from Fragile to Resilient. Get key insights on building a modern framework for business resilience. 2. From perimeter security to continuous cyber resilience: The “castle and moat” approach is obsolete. In a world of…
-
EdTech Digest – How to Fix the Digital Ghosting Epidemic
This article was originally published in EdTech Digest on 03/24/26 by Charlie Sander. To fight “digital ghosting,” schools need a smarter approach to device use, student safety, and digital wellbeing While physical attendance has long been the primary metric for school safety and success, a more insidious trend is emerging that data alone often misses. I…
-
The AI inflection point: What security leaders must do now
The questions have matured: The AI discussion in security has evolved in phases.First came skepticism from security leaders, asking whether AI actually works in security operations. Given years of overpromised technology, the caution was warranted.Experimentation followed, with questions centering on what types of work AI should handle and where it introduces risk.Now, the dominant questions…
-
The AI inflection point: What security leaders must do now
The questions have matured: The AI discussion in security has evolved in phases.First came skepticism from security leaders, asking whether AI actually works in security operations. Given years of overpromised technology, the caution was warranted.Experimentation followed, with questions centering on what types of work AI should handle and where it introduces risk.Now, the dominant questions…
-
Rockstar Games gets a taste of grand theft data
ShinyHunters claims it accessed Snowflake metrics via third-party tool First seen on theregister.com Jump to article: www.theregister.com/2026/04/13/shinyhunters_rockstar_breach/
-
Rockstar Games gets a taste of grand theft data amid ShinyHunters threat of ‘Pay or leak’
Gang claims it accessed Snowflake metrics via third-party tool First seen on theregister.com Jump to article: www.theregister.com/2026/04/13/shinyhunters_rockstar_breach/
-
Anthropic Claude Mythos Will Break Vulnerability Management
Tags: access, ai, attack, control, cyber, cybersecurity, data, exploit, metric, risk, software, tool, update, vulnerability, vulnerability-managementAnthropic’s latest AI Model, Claude Mythos, will break the cybersecurity vulnerability management operational models. Mythos is so good at discovering and building viable exploits it is currently being rolled-out in a controlled manner under “Project Glasswing”. Those cybersecurity companies who have early access are attesting to the blazing speed and accuracy of the model…
-
Anthropic Claude Mythos Will Break Vulnerability Management
Tags: access, ai, attack, control, cyber, cybersecurity, data, exploit, metric, risk, software, tool, update, vulnerability, vulnerability-managementAnthropic’s latest AI Model, Claude Mythos, will break the cybersecurity vulnerability management operational models. Mythos is so good at discovering and building viable exploits it is currently being rolled-out in a controlled manner under “Project Glasswing”. Those cybersecurity companies who have early access are attesting to the blazing speed and accuracy of the model…
-
TDL 019 – The Psychology Behind a Cyber Breach and the Leaders Who Survive It – Nim Nadarajah
Tags: access, ai, apple, automation, breach, business, cctv, ceo, cio, ciso, cloud, computing, conference, control, corporate, crowdstrike, cve, cyber, cyberattack, cybersecurity, data, dns, edr, email, finance, firewall, governance, group, healthcare, incident, incident response, infrastructure, injection, insurance, Internet, jobs, law, LLM, metric, microsoft, msp, network, office, powershell, privacy, programming, psychology, risk, saas, service, siem, soar, soc, software, startup, strategy, supply-chain, switch, technology, threat, tool, training, usa, vulnerability, windows, zero-trustLeading Through the Cyber Abyss In Episode 019 of The Defender’s Log, host David Redekop sits down with Nim Nadarajah, CISO and Managing Partner of Critical Matrix, to explore the evolving landscape of cybersecurity leadership. From the “annual pilgrimage” of RSAC 2026 to the front lines of incident response, the conversation shifts from technical bits…
-
TDL 019 – The Psychology Behind a Cyber Breach and the Leaders Who Survive It – Nim Nadarajah
Tags: access, ai, apple, automation, breach, business, cctv, ceo, cio, ciso, cloud, computing, conference, control, corporate, crowdstrike, cve, cyber, cyberattack, cybersecurity, data, dns, edr, email, finance, firewall, governance, group, healthcare, incident, incident response, infrastructure, injection, insurance, Internet, jobs, law, LLM, metric, microsoft, msp, network, office, powershell, privacy, programming, psychology, risk, saas, service, siem, soar, soc, software, startup, strategy, supply-chain, switch, technology, threat, tool, training, usa, vulnerability, windows, zero-trustLeading Through the Cyber Abyss In Episode 019 of The Defender’s Log, host David Redekop sits down with Nim Nadarajah, CISO and Managing Partner of Critical Matrix, to explore the evolving landscape of cybersecurity leadership. From the “annual pilgrimage” of RSAC 2026 to the front lines of incident response, the conversation shifts from technical bits…
-
CMMC compliance in the age of AI
Tags: access, ai, automation, awareness, business, compliance, control, data, detection, email, governance, government, grc, metric, risk, tool, trainingThe primary readiness gap: data scope awareness: Central to preparation is gaining a complete understanding of the data subject to CMMC 2.0 controls. Many organizations are still struggling to define the full scope of systems, workflows and third-party relationships that process or store CUI. When contractors conduct detailed CMMC-focused data inventories, it’s common that they’ll…
-
The tabletop exercise grows up
would do. They do not do it.Every experienced facilitator knows the moment: someone in the room challenges the premise and the facilitator asks participants to “suspend disbelief.” That phrase should give us pause. If the scenario requires suspension of disbelief, it is not building preparedness. It is building familiarity with a document.The gap between documentation…
-
Lies, Damned Lies, and Cybersecurity Metrics
A panel of five C-suite leaders discuss how cybersecurity success is measured and why it isn’t improving results. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/lies-damned-lies-cybersecurity-metrics
-
Why I Cancelled Semrush After 7 Years (And Why GEO Is the Only B2B Growth Strategy That Matters Now)
I cancelled my Semrush subscription last month. Not because it stopped working, but because the metrics it tracks no longer predict revenue. The game changed when 90% of B2B buyers started using ChatGPT to build their vendor shortlists. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/why-i-cancelled-semrush-after-7-years-and-why-geo-is-the-only-b2b-growth-strategy-that-matters-now/
-
7 ways to improve your business resilience with backup and recovery
Tags: attack, automation, backup, business, cloud, compliance, control, cyber, data, dns, HIPAA, identity, malware, metric, network, PCI, ransomware, resilience, risk, service, soc, threat, vulnerability2. Ensure off-site backup copies : Local backups are fast, but they are also vulnerable to the same physical disasters and ransomware attacks that hit your primary servers. If your production environment and your backups are on the same network segment without air-gapping, a single compromise becomes a total extinction event. The Fix: Adopt a 3-2-1 strategy (3 total copies of data, 2 different media…
-
5 Steps to break free from alert fatigue and build resilient security operations
2. Prioritize outcomes over ticket volume : Stop focusing on how many alerts are cleared. This may be a metric for a better understanding of where automation or headcount are necessary but prioritize outcomes. Instead, the right questions are: How quickly did you contain a threat? Did we disrupt business operations or keep recovery swift and effective? A practical, outcome-driven SOC measures: Dwell time: How long before a threat was neutralized? Mean Time to Contain: How quickly…