Tag: regulation
-
Offensive security takes center stage in the AI era
Tags: ai, attack, automation, business, ciso, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, framework, hacker, hacking, incident response, intelligence, malicious, offense, phishing, RedTeam, regulation, risk, skills, software, strategy, tactics, technology, threat, tool, vulnerability, vulnerability-management, windowsRed teaming, where ethical hackers simulate real-world attacks to test detection and response capabilities. Red teams aim to emulate threat actors by using stealthy tactics to bypass controls and achieve objectives such as data exfiltration or privilege escalation.Adversary emulation, where security pros re-create known threat actor tactics, techniques, and procedures (TTPs) based on threat intelligence…
-
Vaillant CISO: NIS2 complexity and lack of clarity endanger its mission
Tags: ai, attack, awareness, business, ciso, compliance, corporate, country, cyber, cyberattack, cybersecurity, dora, email, germany, infrastructure, intelligence, network, nis-2, office, organized, phishing, ransomware, regulation, risk, service, skills, supply-chain, threat, trainingCSO Germany: The energy sector is increasingly becoming a target for cybercriminals. Experts and the Federal Office for Information Security (BSI) believe that protection in this area must be significantly increased. How do you assess the current situation?Reiß: The geopolitical tensions we are currently witnessing are leading to an increased threat level. This naturally also affects the heating…
-
Offensive security takes center stage in the AI era
Tags: ai, attack, automation, business, ciso, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, framework, hacker, hacking, incident response, intelligence, malicious, offense, phishing, RedTeam, regulation, risk, skills, software, strategy, tactics, technology, threat, tool, vulnerability, vulnerability-management, windowsRed teaming, where ethical hackers simulate real-world attacks to test detection and response capabilities. Red teams aim to emulate threat actors by using stealthy tactics to bypass controls and achieve objectives such as data exfiltration or privilege escalation.Adversary emulation, where security pros re-create known threat actor tactics, techniques, and procedures (TTPs) based on threat intelligence…
-
Bipartisan health care cybersecurity legislation returns to address a cornucopia of issues
The bill, first introduced late last year, deals with regulations, training, grants and more. First seen on cyberscoop.com Jump to article: cyberscoop.com/bipartisan-health-care-cybersecurity-legislation-returns-to-address-a-cornucopia-of-issues/
-
Key questions CISOs must ask before adopting AI-enabled cyber solutions
Questions to ask vendors about their AI security offerings: There are several areas where CISOs will want to focus their attention when considering AI-powered cyber solutions, including the following:Shadow AI: Uncovering and addressing shadow AI throughout the organization is a key issue for security leaders today. But so too is ensuring that sanctioned AI-enabled solutions…
-
Key questions CISOs must ask before adopting AI-enabled cyber solutions
Questions to ask vendors about their AI security offerings: There are several areas where CISOs will want to focus their attention when considering AI-powered cyber solutions, including the following:Shadow AI: Uncovering and addressing shadow AI throughout the organization is a key issue for security leaders today. But so too is ensuring that sanctioned AI-enabled solutions…
-
Key questions CISOs must ask before adopting AI-enabled cyber solutions
Questions to ask vendors about their AI security offerings: There are several areas where CISOs will want to focus their attention when considering AI-powered cyber solutions, including the following:Shadow AI: Uncovering and addressing shadow AI throughout the organization is a key issue for security leaders today. But so too is ensuring that sanctioned AI-enabled solutions…
-
Empathetic policy engineering: The secret to better security behavior and awareness
Tags: awareness, business, ciso, cyberattack, cybersecurity, data, framework, group, phishing, regulation, risk, risk-assessment, strategy, threat, trainingIn many companies, IT security guidelines encounter resistance because employees perceive them as obstructive or impractical. This makes implementation difficult, undermines effectiveness, and strains collaboration between the security department and business units.As a result, instead of being seen as a partner, cybersecurity is often perceived as a hindrance, a fatal security risk. For CISOs, this…
-
Empathetic policy engineering: The secret to better security behavior and awareness
Tags: awareness, business, ciso, cyberattack, cybersecurity, data, framework, group, phishing, regulation, risk, risk-assessment, strategy, threat, trainingIn many companies, IT security guidelines encounter resistance because employees perceive them as obstructive or impractical. This makes implementation difficult, undermines effectiveness, and strains collaboration between the security department and business units.As a result, instead of being seen as a partner, cybersecurity is often perceived as a hindrance, a fatal security risk. For CISOs, this…
-
Info Blocking Enforcement: What HHS Will Likely Focus On
Tags: regulationWhile information blocking regulations were authorized under the 21st Century Cures Act nearly a decade ago, regulators are only starting to ramp up enforcement of the prohibited practices. Attorney Nan Halstead of Reed Smith explains critical steps organizations need to take to comply. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/info-blocking-enforcement-what-hhs-will-likely-focus-on-i-5502
-
Telecom security reboot: Why zero trust is the only way forward
Tags: access, attack, authentication, breach, china, compliance, control, credentials, cybersecurity, data, defense, detection, endpoint, framework, governance, group, hacker, Hardware, infrastructure, ISO-27001, network, nis-2, nist, ransomware, regulation, risk, service, threat, tool, update, zero-trustIT and OT: Impact is linked: Most OT attacks start in IT environments these days. Once attackers get hold of admin credentials or find a weak interface, they can jump straight into the network gear or base-station controllers.Bridging this isn’t about shuffling org charts. It’s about seeing everything at once and building a single rulebook.…
-
Telecom security reboot: Why zero trust is the only way forward
Tags: access, attack, authentication, breach, china, compliance, control, credentials, cybersecurity, data, defense, detection, endpoint, framework, governance, group, hacker, Hardware, infrastructure, ISO-27001, network, nis-2, nist, ransomware, regulation, risk, service, threat, tool, update, zero-trustIT and OT: Impact is linked: Most OT attacks start in IT environments these days. Once attackers get hold of admin credentials or find a weak interface, they can jump straight into the network gear or base-station controllers.Bridging this isn’t about shuffling org charts. It’s about seeing everything at once and building a single rulebook.…
-
JPMorgan, Citi, Morgan Stanley assess fallout from SitusAMC data breach
Tags: advisory, breach, cyberattack, cybersecurity, data, data-breach, email, finance, incident response, microsoft, regulation, risk, risk-management, service, technology, threat, tool, update, vulnerabilityThird-party breaches accelerating: The SitusAMC incident is part of a broader trend of increasing cyberattacks targeting third-party vendors in the financial services sector. Third parties accounted for 30% of data breaches in 2024, a 15% increase from 2023, according to Venminder’s State of Third-Party Risk Management 2025 survey. The survey found 49% of organizations experienced…
-
JPMorgan, Citi, Morgan Stanley assess fallout from SitusAMC data breach
Tags: advisory, breach, cyberattack, cybersecurity, data, data-breach, email, finance, incident response, microsoft, regulation, risk, risk-management, service, technology, threat, tool, update, vulnerabilityThird-party breaches accelerating: The SitusAMC incident is part of a broader trend of increasing cyberattacks targeting third-party vendors in the financial services sector. Third parties accounted for 30% of data breaches in 2024, a 15% increase from 2023, according to Venminder’s State of Third-Party Risk Management 2025 survey. The survey found 49% of organizations experienced…
-
NDSS 2025 THEMIS: Regulating Textual Inversion For Personalized Concept Censorship
Tags: ai, backdoor, business, conference, Internet, malicious, network, regulation, technology, threat, trainingSESSION Session 3D: Al Safety ———– ———– Authors, Creators & Presenters: Yutong Wu (Nanyang Technological University), Jie Zhang (Centre for Frontier AI Research, Agency for Science, Technology and Research (A*STAR), Singapore), Florian Kerschbaum (University of Waterloo), Tianwei Zhang (Nanyang Technological University) ———– PAPER THEMIS: Regulating Textual Inversion for Personalized Concept Censorship Personalization has become a…
-
NDSS 2025 THEMIS: Regulating Textual Inversion For Personalized Concept Censorship
Tags: ai, backdoor, business, conference, Internet, malicious, network, regulation, technology, threat, trainingSESSION Session 3D: Al Safety ———– ———– Authors, Creators & Presenters: Yutong Wu (Nanyang Technological University), Jie Zhang (Centre for Frontier AI Research, Agency for Science, Technology and Research (A*STAR), Singapore), Florian Kerschbaum (University of Waterloo), Tianwei Zhang (Nanyang Technological University) ———– PAPER THEMIS: Regulating Textual Inversion for Personalized Concept Censorship Personalization has become a…
-
From code to boardroom: A GenAI GRC approach to supply chain risk
Tags: ai, blockchain, business, ciso, compliance, dark-web, data, defense, finance, framework, gartner, grc, intelligence, LLM, metric, open-source, regulation, resilience, risk, strategy, supply-chain, threat, vulnerabilityThe GenAI GRC mandate: From reporting to prediction: To counter a threat that moves at the speed of computation, our GRC must also become generative and predictive. The GenAI GRC mandate is to shift the focus from documenting compliance to predicting systemic failure.Current GRC methods are designed for documentation. They verify that a policy exists.…
-
From code to boardroom: A GenAI GRC approach to supply chain risk
Tags: ai, blockchain, business, ciso, compliance, dark-web, data, defense, finance, framework, gartner, grc, intelligence, LLM, metric, open-source, regulation, resilience, risk, strategy, supply-chain, threat, vulnerabilityThe GenAI GRC mandate: From reporting to prediction: To counter a threat that moves at the speed of computation, our GRC must also become generative and predictive. The GenAI GRC mandate is to shift the focus from documenting compliance to predicting systemic failure.Current GRC methods are designed for documentation. They verify that a policy exists.…
-
Unified Compliance with AI: Optimizing Regulatory Demands with Internal Tools
Key Takeaways What is Unified AI Oversight? In today’s AI landscape, organizations face overlapping regulations, ethical expectations, and AI operational risks. Unified AI oversight is a single lens to manage AI systems while staying aligned with global rules, reducing blind spots and duplication. It ensures AI systems are not only compliant but also ethical, secure,……
-
FCC spikes Biden-era cyber regulations prompted by Salt Typhoon telecom breaches
The Republican-led FCC voted to remove cybersecurity rules for telecom companies that were put in place before Donald Trump’s inauguration as a response to 2024 breaches attributed to state-backed Chinese hackers. First seen on therecord.media Jump to article: therecord.media/fcc-removes-biden-era-cybersecurity-rules-telecoms-salt-typhoon
-
3 ways CISOs can win over their boards this budget season
Tip 2: Go beyond compliance standards: It’s no secret that compliance and regulations drive nearly 80% of CISOs’ budget justifications. Industry standards like HIPAA and SOC2 can offer a guiding framework for a program, but with evolving threats from AI, the rise of quantum computing and increasingly complex third-party risk, CISOs need to think of…
-
European Commission ‘simplification’ proposal would weaken GDPR, AI regulations
Under the proposal, the EU would weaken data protection rules by delaying when regulations governing high-risk AI systems take effect and allowing companies to use personal data for AI training without prior consent from users in most circumstances. First seen on therecord.media Jump to article: therecord.media/european-commission-proposal-gdpr-ai-simplification
-
ISMG Fraud Prevention, Financial Cyber Summits: The AI Bet
Tags: ai, ciso, compliance, cyber, cybersecurity, defense, finance, fraud, identity, regulation, resilience, risk, strategy, threatCyber Leaders Address AI Threats, Compliance Resilience, Zero Trust. From AI”‘driven fraud schemes to tightening regulations and identity threats, ISMG’s New York Fraud Prevention and Financial Cybersecurity Summits brought together CISOs, investigators and risk leaders to share practical strategies for strengthening defenses and building true resilience. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ismg-fraud-prevention-financial-cyber-summits-ai-bet-a-30055
-
ISMG Fraud Prevention, Financial Cyber Summits: The AI Bet
Tags: ai, ciso, compliance, cyber, cybersecurity, defense, finance, fraud, identity, regulation, resilience, risk, strategy, threatCyber Leaders Address AI Threats, Compliance Resilience, Zero Trust. From AI”‘driven fraud schemes to tightening regulations and identity threats, ISMG’s New York Fraud Prevention and Financial Cybersecurity Summits brought together CISOs, investigators and risk leaders to share practical strategies for strengthening defenses and building true resilience. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ismg-fraud-prevention-financial-cyber-summits-ai-bet-a-30055