Tag: metric
-
CISOs must prove the business value of cyber, the right metrics can help
Cybersecurity as a business function: “The challenge has been that security is put in the wrong organizational structure, with the CISO reporting to the CIO or CTO or chief digital officer,” Oberlaender says. “Security is not foremost a technology problem. Maybe ten or twenty percent is technology. But the rest is people, process and the…
-
What past ERP mishaps can teach CISOs about security platformization
Tags: ai, automation, business, cio, ciso, cyber, cybersecurity, data, finance, metric, resilience, service, technology, tool, training5 tips for getting security platformization right: Current trending suggests that in many enterprises, security platform migration is inevitable in the short- or long-term. Given this, CISOs would be well served by carefully studying the mistakes made with ERP and plan accordingly with proven best practices. Based on my research, here are a few suggestions:Get executive…
-
What past ERP mishaps can teach CISOs about security platformization
Tags: ai, automation, business, cio, ciso, cyber, cybersecurity, data, finance, metric, resilience, service, technology, tool, training5 tips for getting security platformization right: Current trending suggests that in many enterprises, security platform migration is inevitable in the short- or long-term. Given this, CISOs would be well served by carefully studying the mistakes made with ERP and plan accordingly with proven best practices. Based on my research, here are a few suggestions:Get executive…
-
Metrics don’t lie, but they can be misleading when they only tell IT’s side of the story
In this Help Net Security interview, Rik Mistry, Managing Partner at Interval Group, discusses how to align IT strategy with business goals. He explains how security, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/07/rik-mistry-interval-group-it-security-metrics/
-
250 Episodes of Cloud Security Podcast by Google: From Confidential Computing to AI-Ready SOC
Tags: access, ai, automation, breach, cloud, computing, data, detection, firewall, google, incident response, metric, RedTeam, siem, soc, threat, vulnerability, vulnerability-management, zero-trustGemini for Docs improvises So this may suck, but I am hoping to at least earn some points for honesty here. I wanted to write something pithy and smart once I realized our Cloud Security Podcast by Google just aired our 250th episode (“EP250 The End of “Collect Everything”? Moving from Centralization to Data Access?”).…
-
250 Episodes of Cloud Security Podcast by Google: From Confidential Computing to AI-Ready SOC
Tags: access, ai, automation, breach, cloud, computing, data, detection, firewall, google, incident response, metric, RedTeam, siem, soc, threat, vulnerability, vulnerability-management, zero-trustGemini for Docs improvises So this may suck, but I am hoping to at least earn some points for honesty here. I wanted to write something pithy and smart once I realized our Cloud Security Podcast by Google just aired our 250th episode (“EP250 The End of “Collect Everything”? Moving from Centralization to Data Access?”).…
-
250 Episodes of Cloud Security Podcast by Google: From Confidential Computing to AI-Ready SOC
Tags: access, ai, automation, breach, cloud, computing, data, detection, firewall, google, incident response, metric, RedTeam, siem, soc, threat, vulnerability, vulnerability-management, zero-trustGemini for Docs improvises So this may suck, but I am hoping to at least earn some points for honesty here. I wanted to write something pithy and smart once I realized our Cloud Security Podcast by Google just aired our 250th episode (“EP250 The End of “Collect Everything”? Moving from Centralization to Data Access?”).…
-
250 Episodes of Cloud Security Podcast by Google: From Confidential Computing to AI-Ready SOC
Tags: access, ai, automation, breach, cloud, computing, data, detection, firewall, google, incident response, metric, RedTeam, siem, soc, threat, vulnerability, vulnerability-management, zero-trustGemini for Docs improvises So this may suck, but I am hoping to at least earn some points for honesty here. I wanted to write something pithy and smart once I realized our Cloud Security Podcast by Google just aired our 250th episode (“EP250 The End of “Collect Everything”? Moving from Centralization to Data Access?”).…
-
HackedGPT: Novel AI Vulnerabilities Open the Door for Private Data Leakage
Tenable Research has discovered seven vulnerabilities and attack techniques in ChatGPT, including unique indirect prompt injections, exfiltration of personal user information, persistence, evasion, and bypass of safety mechanisms. Key takeaways: Tenable Research has discovered multiple new and persistent vulnerabilities in OpenAI’s ChatGPT that could allow an attacker to exfiltrate private information from users’ memories and…
-
HackedGPT: Novel AI Vulnerabilities Open the Door for Private Data Leakage
Tenable Research has discovered seven vulnerabilities and attack techniques in ChatGPT, including unique indirect prompt injections, exfiltration of personal user information, persistence, evasion, and bypass of safety mechanisms. Key takeaways: Tenable Research has discovered multiple new and persistent vulnerabilities in OpenAI’s ChatGPT that could allow an attacker to exfiltrate private information from users’ memories and…
-
HackedGPT: Novel AI Vulnerabilities Open the Door for Private Data Leakage
Tenable Research has discovered seven vulnerabilities and attack techniques in ChatGPT, including unique indirect prompt injections, exfiltration of personal user information, persistence, evasion, and bypass of safety mechanisms. Key takeaways: Tenable Research has discovered multiple new and persistent vulnerabilities in OpenAI’s ChatGPT that could allow an attacker to exfiltrate private information from users’ memories and…
-
Gen AI success requires an AI champions network
How to ensure network success: Only by having direct access to the core AI program team will your AI champions be able to escalate blockers, share wins, or ask questions. What they surface will include everything from permissions problems to policy gray zones to unplanned usage patterns that could be scaled into formal solutions. That…
-
Gen AI success requires an AI champions network
How to ensure network success: Only by having direct access to the core AI program team will your AI champions be able to escalate blockers, share wins, or ask questions. What they surface will include everything from permissions problems to policy gray zones to unplanned usage patterns that could be scaled into formal solutions. That…
-
Gen AI success requires an AI champions network
How to ensure network success: Only by having direct access to the core AI program team will your AI champions be able to escalate blockers, share wins, or ask questions. What they surface will include everything from permissions problems to policy gray zones to unplanned usage patterns that could be scaled into formal solutions. That…
-
What does aligning security to the business really mean?
Indicators of alignment: One barometer of security-business alignment in action, Thielemann says, is when security teams engage with the business and use business metrics to determine security’s effectiveness.As an example, she points to the partnership between security and engineering at a manufacturing plant that had devices using software no longer supported by the vendor. The…
-
What does aligning security to the business really mean?
Indicators of alignment: One barometer of security-business alignment in action, Thielemann says, is when security teams engage with the business and use business metrics to determine security’s effectiveness.As an example, she points to the partnership between security and engineering at a manufacturing plant that had devices using software no longer supported by the vendor. The…
-
What does aligning security to the business really mean?
Indicators of alignment: One barometer of security-business alignment in action, Thielemann says, is when security teams engage with the business and use business metrics to determine security’s effectiveness.As an example, she points to the partnership between security and engineering at a manufacturing plant that had devices using software no longer supported by the vendor. The…
-
Cybersecurity Snapshot: Top Guidance for Improving AI Risk Management, Governance and Readiness
Tags: access, ai, api, attack, awareness, breach, business, ceo, cloud, compliance, computer, control, corporate, crime, cryptography, cyber, cybersecurity, data, data-breach, encryption, exploit, finance, framework, germany, google, governance, guide, hacking, ibm, identity, india, infrastructure, intelligence, jobs, law, leak, metric, microsoft, network, penetration-testing, privacy, risk, risk-management, scam, security-incident, skills, strategy, technology, threat, tool, training, vulnerability, vulnerability-managementMany organizations are playing catch-up in key AI security policy areas, such as usage governance, risk oversight, data protection, and staff training. In this Cybersecurity Snapshot special edition, we round up recent guidance on preparing for, managing and governing AI cyber risks. Key takeaways Most organizations’ AI adoption is dangerously outpacing their security strategies and…
-
Cybersecurity Snapshot: Top Guidance for Improving AI Risk Management, Governance and Readiness
Tags: access, ai, api, attack, awareness, breach, business, ceo, cloud, compliance, computer, control, corporate, crime, cryptography, cyber, cybersecurity, data, data-breach, encryption, exploit, finance, framework, germany, google, governance, guide, hacking, ibm, identity, india, infrastructure, intelligence, jobs, law, leak, metric, microsoft, network, penetration-testing, privacy, risk, risk-management, scam, security-incident, skills, strategy, technology, threat, tool, training, vulnerability, vulnerability-managementMany organizations are playing catch-up in key AI security policy areas, such as usage governance, risk oversight, data protection, and staff training. In this Cybersecurity Snapshot special edition, we round up recent guidance on preparing for, managing and governing AI cyber risks. Key takeaways Most organizations’ AI adoption is dangerously outpacing their security strategies and…
-
Cybersecurity management for boards: Metrics that matter
Tags: ai, attack, automation, breach, business, cloud, compliance, control, cyber, cybersecurity, data-breach, deep-fake, detection, dora, finance, firewall, governance, insurance, jobs, metric, mitigation, nis-2, nist, phishing, ransomware, regulation, resilience, risk, scam, soc, threat, trainingWhy does this matter? Resilience aligns with your actual business goals: continuity, trust and long-term value. It reflects your appetite for risk and your ability to adapt. And with regulations like DORA and NIS2 pushing accountability higher up the ladder, your board is on the hook. Financial impact and continuity metrics: You can’t fight cyber…
-
Volvo’s recent security breach: 5 tips to speed incident response while preserving forensic integrity
Tags: access, automation, breach, business, cio, ciso, cloud, compliance, control, cyber, cybersecurity, data, data-breach, detection, endpoint, finance, framework, gartner, GDPR, guide, incident, incident response, insurance, metric, mitigation, nist, resilience, risk, risk-management, saas, security-incident, siem, soar, supply-chain, vulnerabilityIdentify and catalog your evidence sources in advance (endpoints, memory, logs, cloud assets)Stage scripts or agents that can snapshot memory and archive logs immediately when an IR trigger firesMake forensic collection part of containment, not something you tack on afterwardModern approaches and even NIST’s updated guidance emphasize that evidence gathering should begin during, not after,…
-
Volvo’s recent security breach: 5 tips to speed incident response while preserving forensic integrity
Tags: access, automation, breach, business, cio, ciso, cloud, compliance, control, cyber, cybersecurity, data, data-breach, detection, endpoint, finance, framework, gartner, GDPR, guide, incident, incident response, insurance, metric, mitigation, nist, resilience, risk, risk-management, saas, security-incident, siem, soar, supply-chain, vulnerabilityIdentify and catalog your evidence sources in advance (endpoints, memory, logs, cloud assets)Stage scripts or agents that can snapshot memory and archive logs immediately when an IR trigger firesMake forensic collection part of containment, not something you tack on afterwardModern approaches and even NIST’s updated guidance emphasize that evidence gathering should begin during, not after,…
-
How to Take Vulnerability Management to the Next Level and Supercharge Your Career
Tags: access, ai, attack, authentication, awareness, business, ciso, cloud, compliance, cve, cvss, cybersecurity, data, exploit, flaw, framework, governance, identity, metric, mfa, risk, skills, strategy, technology, tool, update, vulnerability, vulnerability-managementAt Tenable, we believe the next generation of great CISOs and security leaders will arise from those vulnerability management professionals who are driving the shift to exposure management today. Key takeaways: Vulnerability management is crucial for the evolution toward a more strategic, business-aligned approach to cybersecurity, that’s why these professionals are best positioned to lead…
-
Data sovereignty proof: How to verify controls like ‘Project Texas’
“Verification regimes work best when they serve everyone’s interests. The reporting company wants a process that does not impose too many burdens or interrupt workflow while allowing it to demonstrate compliance. Oversight bodies want hard data that is difficult to fake and indicates adherence to the regime. Finally, these systems need to be simple enough…
-
Data sovereignty proof: How to verify controls like ‘Project Texas’
“Verification regimes work best when they serve everyone’s interests. The reporting company wants a process that does not impose too many burdens or interrupt workflow while allowing it to demonstrate compliance. Oversight bodies want hard data that is difficult to fake and indicates adherence to the regime. Finally, these systems need to be simple enough…
-
Simple to Ask: Is Your SOC AI Ready? Not Simple to Answer!
Gemini made blog illustration In early 1900s, factory owners bolted the new electric dynamo onto their old, central-shaft-and-pulley systems. They thought they were modernizing, but they were just doing a “retrofit.” The massive productivity boom didn’t arrive until they completely re-architected the factory around the new unit-drive motor (metaphor source). Today’s AI agent slapped onto…
-
Phishing training needs a new hook, here’s how to rethink your approach
Tags: ai, attack, authentication, computer, cybersecurity, detection, metric, mfa, mobile, phishing, risk, threat, training, vulnerabilityPhishing training offers minimal benefits: Grant Ho, assistant professor of computer science at The University of Chicago collaborated with UC San Diego and UC San Diego Health to evaluate the efficacy of annual training and embedded phishing training. In their research, they analyzed how approximately 20,000 employees at UCSD Health handled simulated phishing campaigns across…
-
Beyond the checklist: Building adaptive GRC frameworks for agentic AI
Tags: access, ai, breach, ciso, cloud, compliance, control, crime, data, detection, endpoint, finance, framework, fraud, governance, grc, international, metric, monitoring, nist, risk, risk-management, strategy, supply-chain, switchAutonomous agent drift First, I experienced an autonomous agent drift that nearly caused a severe financial and reputational crisis. We deployed a sophisticated agent tasked with optimizing our cloud spending and resource allocation across three regions, giving it a high degree of autonomy. Its original mandate was clear, but after three weeks of self-learning and…