Tag: resilience
-
OpenAI’s New Security Plan Rewards ‘Critical’ Bug Discovery
Max Payout for Bug Bounty Program Up From $20,000 to $100,000. OpenAI announced a cybersecurity initiative that aims to improve the resilience of its artificial intelligence systems by rewarding the discovery of critical vulnerabilities and improving threat mitigation. OpenAI raised the maximum payout for its bug bounty program from $20,000 to $100,000. First seen on…
-
Sparring in the Cyber Ring: Using Automated Pentesting to Build Resilience
“A boxer derives the greatest advantage from his sparring partner”¦” , Epictetus, 50135 ADHands up. Chin tucked. Knees bent. The bell rings, and both boxers meet in the center and circle. Red throws out three jabs, feints a fourth, and”, BANG”, lands a right hand on Blue down the center.This wasn’t Blue’s first day and…
-
NCSC taps influencers to make 2FA go viral
Who knew social media stars had a role to play in building national cyber resilience? First seen on theregister.com Jump to article: www.theregister.com/2025/03/26/ncsc_influencers_2fa/
-
Legal impact on cybersecurity in 2025: new developments and challenges in the EU
Tags: 5G, authentication, compliance, corporate, cybersecurity, dora, finance, framework, fraud, identity, law, network, regulation, resilience, risk, service, strategy, technology, theftDORA Regulation: digital operational resilience in the financial sector: Regulation 2022/2554 (DORA) focuses on increasing the “Digital Operational Resilience” of financial institutions. Approved on 14 December 2022, DORA seeks to strengthen the security and robustness of financial sector entities’ information systems, with the aim of reducing technological risks and cyberthreats.As mentioned, DORA is applicable to…
-
Data Connect announces vSOC Assure to streamline cyber risk assessments and increase cyber resilience
Data Connect, a leading cyber security services provider underpinned by elite cyber practitioners and technology, today announced the launch of vSOC Assure. The platform has been developed in response to the growing need for robust, ongoing security assessments and it goes beyond traditional cyber security audits, offering a structured, year-round approach to risk identification, remediation…
-
Cyber Risks Drive CISOs to Surf AI Hype Wave
Gartner Says Hype Can Benefit Organizations That Harness It for Business Advantage. Organizations haven’t yet drawn business value from AI investments, and many feel AI is overhyped. Gartner analysts said encouraging intelligent risk-taking and investing in cybersecurity can improve an organization’s resilience, giving businesses confidence to embrace technologies like AI. First seen on govinfosecurity.com Jump…
-
Despite challenges, the CVE program is a public-private partnership that has shown resilience
In 1999, Dave Mann and Steve Christey, two researchers from the nonprofit R&D corporation MITRE, debuted a concept for security vulnerabilities that laid the groundwork for the common vulnerability and exposures framework (CVE) that organizes information around computer vulnerabilities. Twenty-five years later, the CVE program, which assigns a unique record to each reported vulnerability, is…
-
Trump shifts cyberattack readiness to state and local governments in wake of info-sharing cuts
Tags: advisory, cio, cisa, ciso, communications, cyber, cyberattack, cybersecurity, election, government, group, infrastructure, intelligence, Internet, metric, office, resilience, risk, russia, strategy, technology, threatCreating a national resilience strategy The EO requires the assistant to the President for national security affairs (APNSA), in coordination with the assistant to the President for economic policy and the heads of relevant executive departments and agencies, to publish within 90 days (by June 17) a National Resilience Strategy that articulates the priorities, means,…
-
CISOs are taking on ever more responsibilities and functional roles has it gone too far?
Tags: ai, business, cio, ciso, cloud, compliance, computing, control, corporate, cyber, cybersecurity, data, defense, framework, fraud, governance, healthcare, infosec, intelligence, international, Internet, jobs, law, mitigation, nist, privacy, regulation, resilience, risk, risk-management, service, skills, software, supply-chain, technology, threatth century alongside technology and internet-enabled threats, morphing to meet the demands of the moment. But the position hasn’t just matured; in many cases it has expanded, taking on additional domains.”The CISO role has expanded significantly over the years as companies realize that information security has a unique picture of what is going on across…
-
Why Cyber Quality Is the Key to Security
The time to secure foundations, empower teams, and make cyber resilience the standard is now, because the cost of waiting is far greater than the investment in proactive security. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/why-cyber-quality-key-security
-
Insider-Ansichten zum Cyber Resilience Act: Vom Verhandlungstisch in Brüssel
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/cyber-resilience-act-eu-gesetzgebung-2025
-
11 hottest IT security certs for higher pay today
Tags: access, attack, automation, business, cloud, container, control, corporate, credentials, cyber, cybersecurity, data, defense, encryption, exploit, finance, fortinet, google, governance, incident response, infosec, intelligence, Internet, jobs, linux, malicious, malware, monitoring, network, penetration-testing, remote-code-execution, resilience, reverse-engineering, risk, risk-assessment, risk-management, skills, software, technology, threat, tool, training, vulnerability, windowsOffensive Security Certified Expert (OSCE): OffSec’s Offensive Security Certified Expert consists of three courses: Advanced Web Attacks and Exploitation, Advanced Evasion Techniques and Breaching Defenses, and Windows User Mode Exploit Development. The format for each course exam is the same: Candidates have 48 hours to compromise a given target using various techniques. No formal prerequisites exist for any of the…
-
Public-private partnerships: A catalyst for industry growth and maturity
Tags: ceo, crypto, cyber, cybercrime, cybersecurity, data, defense, fortinet, framework, government, guide, infrastructure, intelligence, interpol, lessons-learned, mitre, resilience, software, threat, vulnerabilitySuccessful partnerships offer a blueprint for effective collaboration Numerous cybersecurity-focused partnerships are underway, involving successful collaboration across all sectors. These examples can help take public-private partnership efforts from abstract ideas to impactful execution and provide valuable insights and lessons learned.One example is the work being done by the Cyber Threat Alliance (CTA) and its members.…
-
The State of Digital Trust in 2025 Consumers Still Shoulder the Responsibility
Tags: access, ai, authentication, banking, breach, captcha, cloud, compliance, control, cyber, data, deep-fake, encryption, finance, fintech, framework, GDPR, government, healthcare, identity, india, insurance, law, login, malicious, metric, mfa, mitigation, password, privacy, regulation, resilience, risk, service, software, strategy, switch, technology, threat, toolThe State of Digital Trust in 2025 – Consumers Still Shoulder the Responsibility madhav Thu, 03/20/2025 – 04:52 Trust remains the cornerstone of digital interactions, yet its foundations are increasingly fragile in an era of sophisticated cyber threats and evolving consumer expectations. The 2024 Digital Trust Index gave us extremely important insights into the expectations…
-
How CISOs are approaching staffing diversity with DEI initiatives under pressure
Staffing diversity can help avoid homogenous thinking: Similarly, Sam McMahon, senior manager of IT and security at Valimail, underscores the necessity of representing different backgrounds and mindsets.”In my experience, even small security teams benefit greatly from the variety of perspectives that come with different backgrounds and skill sets,” he says. “We know that the majority…
-
Moving beyond checkbox security for true resilience
In this Help Net Security interview, William Booth, director, ATTCK Evaluations at MITRE, discusses how CISOs can integrate regulatory compliance with proactive risk … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/19/william-booth-mitre-proactive-security-measures/
-
7 misconceptions about the CISO role
Tags: api, attack, breach, business, ceo, ciso, compliance, control, corporate, cyber, cyberattack, cybersecurity, defense, exploit, finance, firewall, governance, infrastructure, insurance, jobs, network, password, phishing, resilience, risk, risk-assessment, risk-management, saas, software, startup, strategy, technology, threat, tool, training, update, vulnerabilityKatie Jenkins, EVP and CISO, Liberty Mutual Insurance Liberty Mutual InsuranceThe field is changing so rapidly, Jenkins adds, she needs to commit time to keeping up on research and connecting with other CISOs for knowledge exchange.In addition to securing infrastructure, an effective CISO focuses on securing the business, experts say. This requires understanding how security…
-
European tech industry coalition calls for ‘radical action’ on digital sovereignty, starting with buying local
A broad coalition drawn from across the ranks of Europe’s tech industry is calling for >>radical action
-
5 proactive steps towards cyber resilience
First seen on scworld.com Jump to article: www.scworld.com/perspective/five-proactive-steps-towards-cyber-resilience
-
Cybersecurity in Kommunen: Eigeninitiative gefragt
Tags: awareness, best-practice, ciso, cyber, cybersecurity, cyersecurity, DSGVO, germany, resilienceDeutsche Kommunen erscheinen in Sachen Cybersicherheit eine leichte Beute zu sein.Das cyberintelligence.institute hat in Zusammenarbeit mit dem Cybersicherheitsunternehmen NordPass in einer Studie die kommunale Cybersicherheit in Deutschland aus juristischer und organisatorischer Sicht analysiert. Demnach befinden sich Städte und Gemeinden in einer Zwickmühle.Auf der einen Seite sind die Kommunen der Studie zufolge ein interessantes Ziel. Locken…
-
Salt Typhoon: A Wake-up Call for Critical Infrastructure
The Salt Typhoon attacks underscored the need for unity, innovation, and resilience in the face of an increasingly sophisticated cyber-threat landscape. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/salt-typhoon-wake-up-call-critical-infrastructure
-
Australian financial firm hit with lawsuit after massive data breach
Tags: access, awareness, breach, ciso, cyber, cybersecurity, data, data-breach, finance, firewall, infrastructure, malware, monitoring, network, resilience, risk, risk-management, software, threat, training, updateproperly configuring and monitoring firewalls to protect against cyber-attacksupdating and patching software and operating systems consistently and in a timely mannerproviding regular, mandatory cybersecurity awareness training to staffallocating inadequate human, technological, and financial resources to manage cybersecurity.As a result of those failures, ASIC said in its court filing, “A FIIG employee inadvertently downloaded a .zip…
-
At Ukraine’s major cyber conference, Europe takes center stage over US
The 2025 Kyiv International Cyber Resilience Forum looked and sounded different as European governments and cyber companies filled a void left by the Trump administration. First seen on therecord.media Jump to article: therecord.media/kyiv-cyber-conference-europe-center-stage-over-us
-
Continuous Compliance: Automatisierte Compliance für den Finanzsektor
Finanzunternehmen stehen vor neuen Herausforderungen: Strenge Regulatorik wie die EU-Verordnung DORA (Digital Operational Resilience Act) setzt hohe Standards, um die IT-Sicherheit zu stärken. Doch wie lassen sich diese Anforderungen effizient umsetzen und gleichzeitig die Wettbewerbsfähigkeit steigern? Das EU-Forschungsprojekt »EMERALD« liefert Antworten. EMERALD verfolgt das Ziel, die automatisierte Einhaltung von Compliance-Anforderungen durch innovative Technologien zu… First…
-
Hiring privacy experts is tough, here’s why
Tags: ai, business, ciso, compliance, cybersecurity, data, framework, jobs, privacy, resilience, skills, technology, trainingWhy it is difficult to hire privacy experts: Finding a highly skilled privacy professional can feel like chasing a unicorn, Kazi describes. “Yes, privacy is important, but they want somebody who’s a lawyer, an expert in technology, knowledgeable about user interface and user experience, and ideally, they know a lot about ethics and are an…
-
The CISO as Business Resilience Architect
To truly become indispensable in the boardroom, CISOs need to meet the dual demands of defending against sophisticated adversaries while leading resilience strategies. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/ciso-business-resilience-architect