Tag: risk-management
-
LLMs hype versus reality: What CISOs should focus on
Tags: ai, attack, backdoor, breach, business, chatgpt, ciso, cloud, control, corporate, cyber, cybercrime, cybersecurity, data, finance, governance, LLM, malware, monitoring, network, open-source, risk, risk-management, sans, service, software, supply-chain, technology, threat, tool, vulnerabilitynot using AI even though there is a lot of over-hype and promise about its capability. That said, organizations that don’t use AI will get left behind. The risk of using AI is where all the FUD is.”In terms of applying controls, rinse, wash, and repeat the processes you followed when adopting cloud, BYOD, and…
-
How Exposure Management Helps Communicate Cyber Risk
Tags: access, attack, awareness, best-practice, business, cio, cyber, cybersecurity, data, framework, metric, risk, risk-management, threat, tool, update, vulnerability, vulnerability-managementEach Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. This week, Tenable experts discuss best practices for communicating cyber risk. You can read the entire Exposure Management Academy series here. Despite headline-grabbing incidents and keen interest from C-suites and boardrooms, many security…
-
10 tough cybersecurity questions every CISO must answer
2. How can we achieve the right security balance for our company’s risk tolerance?: To play that consultative role, CISOs also need to ask and answer that question, says Vandy Hamidi, CISO of public accounting and advisory firm BPM.”My role is to reduce risk in a way that enables the business to operate confidently while…
-
Over Two Thirds of MSPs Hit by Multiple Breaches in Past Year, Survey Reveals
Today, Cybersmart, a provider of cyber risk management for small businesses, has released the findings from its second annual CyberSmart MSP Survey, which focuses on the security of Managed Service Providers (MSPs) and their customers. The 2025 report revealed that 69% of MSP leaders globally admitted to being hit by multiple breaches over the past 12…
-
Third-party risk management is broken, but not beyond repair
Getting to the root of the problem: The surge of TPRM tools has automated much of what was once a manual, resource-intensive process. These platforms were developed to simplify the creation, distribution, and completion of security questionnaires, addressing the operational burden organizations often face when conducting third-party risk audits. While they’ve brought much-needed efficiency, they’ve…
-
The highest-paying jobs in cybersecurity today
Tags: access, ai, application-security, cisco, cloud, compliance, control, corporate, cybersecurity, data, defense, detection, firewall, governance, grc, hacker, identity, incident response, infrastructure, intelligence, jobs, network, penetration-testing, privacy, risk, risk-assessment, risk-management, skills, soc, threat, tool, training, vulnerability, vulnerability-managementSee “Top 12 cloud security certifications”See “CISSP certification: Requirements, training, exam, and cost”See “CCSP certification: Exam, cost, requirements, training, salary” Security engineer: After security architects, security engineers receive the second-highest annual cash compensation ($191,000), with a base salary of $168,000. Nearly a third (31%) of security engineers surveyed also received annual equity grants.Like their architect…
-
News brief: Gartner Security and Risk Management Summit recap
Check out the latest security news from the Informa TechTarget team. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366626138/News-brief-Gartner-Security-and-Risk-Management-Summit-recap
-
ISMG Editors: Gartner Security & Risk Management Summit Recap
Security Leadership in Focus – From AI Risks to Cloud Responsibility. AI fragmentation, non-human identities and nation-state threats dominated conversations at the Gartner Security & Risk Management Summit. ISMG editors discuss how the event stood out for its vendor-neutral focus and strategic discussions tailored for senior security decision-makers. First seen on govinfosecurity.com Jump to article:…
-
2025 CSO Hall of Fame honorees
Tags: ceo, cio, ciso, corporate, cybersecurity, finance, google, group, infrastructure, international, jobs, risk, risk-management, sans, technologyMeg Anderson, VP & CISO (retired), Principal Financial Group Bob Bruns, CISO, Avanade Jonathan Chow, CISO, Genesys Mignona Cote, CISO, Infor Laura Deaner, Managing Director, CISO, The Depository Trust & Clearing Corporation (DTCC) George Finney, CISO, University of Texas System Michael Gordon, SVP & CISO, McDonald’s Ron Green, Cybersecurity Fellow/Former CSO, Mastercard Shawn Henry, CSO, CrowdStrike Todd Lukens, SVP, Security & Infrastructure, Nationwide Rishi Tripathi,…
-
Ganzheitliches Risikomanagement – Was ist Enterprise Risk Management?
First seen on security-insider.de Jump to article: www.security-insider.de/was-ist-erm-enterprise-risk-management-a-95772b2efb270802d7a6c2d60231c13e/
-
AuditBoard expandiert nach Deutschland – Neue Lösungen für Audit, Compliance und Risikomanagement
First seen on security-insider.de Jump to article: www.security-insider.de/auditboard-risikomanagement-compliance-deutschland-a-7ea05c051821d78967ca18d28c302f0e/
-
How to Get a Clearer Picture of Vendor Risk
Experts Call for Continuous Assessments of Vendor Risk – Not Just at Onboarding. As vendor ecosystems grow in complexity, many organizations still view third-party risk management as a static assessment of vendors as they’re onboarded. But organizations often focus too heavily on upfront vetting of vendors and fail to track how their risk profiles may…
-
Seraphic Security Unveils BrowserTotal Free AI-Powered Browser Security Assessment for Enterprises
srcset=”https://b2b-contenthub.com/wp-content/uploads/2025/06/dashboard1200x720_2_1749468214vL4nUEOAEX.jpg?quality=50&strip=all 1200w, b2b-contenthub.com/wp-content/uploads/2025/06/dashboard1200x720_2_1749468214vL4nUEOAEX.jpg?resize=300%2C180&quality=50&strip=all 300w, b2b-contenthub.com/wp-content/uploads/2025/06/dashboard1200x720_2_1749468214vL4nUEOAEX.jpg?resize=768%2C461&quality=50&strip=all 768w, b2b-contenthub.com/wp-content/uploads/2025/06/dashboard1200x720_2_1749468214vL4nUEOAEX.jpg?resize=1024%2C614&quality=50&strip=all 1024w, b2b-contenthub.com/wp-content/uploads/2025/06/dashboard1200x720_2_1749468214vL4nUEOAEX.jpg?resize=1162%2C697&quality=50&strip=all 1162w, b2b-contenthub.com/wp-content/uploads/2025/06/dashboard1200x720_2_1749468214vL4nUEOAEX.jpg?resize=280%2C168&quality=50&strip=all 280w, b2b-contenthub.com/wp-content/uploads/2025/06/dashboard1200x720_2_1749468214vL4nUEOAEX.jpg?resize=140%2C84&quality=50&strip=all 140w, b2b-contenthub.com/wp-content/uploads/2025/06/dashboard1200x720_2_1749468214vL4nUEOAEX.jpg?resize=800%2C480&quality=50&strip=all 800w, b2b-contenthub.com/wp-content/uploads/2025/06/dashboard1200x720_2_1749468214vL4nUEOAEX.jpg?resize=600%2C360&quality=50&strip=all 600w, b2b-contenthub.com/wp-content/uploads/2025/06/dashboard1200x720_2_1749468214vL4nUEOAEX.jpg?resize=417%2C250&quality=50&strip=all 417w” width=”1024″ height=”614″ sizes=”(max-width: 1024px) 100vw, 1024px”> Cyber NewsWirePowered by AI, BrowserTotal offers CISOs and security teams a comprehensive, hands-on environment to test browser security defenses against today’s most sophisticated threats. Key features of the platform include: Posture…
-
Multicloud security automation is essential, but no silver bullet
Tags: access, ai, automation, best-practice, bsi, business, cloud, compliance, control, corporate, data, framework, guide, infrastructure, intelligence, monitoring, risk, risk-management, service, soar, strategy, threat, tool, training, update, vulnerabilityDefining multicloud automation strategies: As an engineering leader, how should you approach implementing security automation in a multicloud environment? The experts we spoke to emphasized intentional design, layered planning, and a commitment to continual refinement.”I like to consider the planning process in terms of layers,” says Protiviti’s Armknecht. “The foundational layer involves achieving observability across…
-
NIST Launches Updated Incident Response Guide
Tags: cybersecurity, framework, guide, incident response, nist, risk, risk-management, technology, updateThe National Institute of Standards and Technology (NIST) has released a long-awaited update to its incident response guidance: Special Publication 800-61 Revision 3 (SP 800-61r3). This new version, titled “Incident Response Recommendations and Considerations for Cybersecurity Risk Management,” aligns closely with the latest Cybersecurity Framework (CSF) 2.0, marking a significant evolution in how organizations should……
-
How Security Teams Can Turn Hype Into Opportunity
During the opening keynote at Gartner Security & Risk Management Summit 2025, analysts weighed in on how CISOs and security teams can use security fervor around AI and other tech to the betterment of their security posture. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/gartner-security-teams-hype-opportunity
-
How to create a compelling SOC narrative for executives
Focus on financial impact, efficiency and risk management to ensure informed cybersecurity investment decisions.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/gartner-how-to-create-a-compelling-soc-narrative-for-executives/750135/
-
Seraphic Security Unveils BrowserTotal Free AI-Powered Browser Security Assessment For Enterprises
Tel Aviv, Israel, June 9th, 2025, CyberNewsWire Available to the public and debuting at the Gartner Security & Risk Management Summit,BrowserTotal is a first of its kind browser security assessment tool conducting more than 120tests to provide posture standing, emerging threat insights, URL analysis, extension risks, andmore. Seraphic Security, a leader in enterprise browser security,…
-
Why Securing NHIs Reduces Your Cyber Risk
Why is NHI Security Critical in Risk Management? Have you ever considered the potential security risk lurking? The reality is that the growing complexity of IT infrastructures, particularly in the cloud, presents new challenges for risk management and cyber protection. Among the most notable security risks lies in the management of Non-Human Identities (NHIs). Overseeing……
-
Vendor Risk in SaaS Supply Chains: 2025 Guide – Nudge Security
Why effective vendor risk management is a critical strategy for identifying, assessing, and mitigating risks within the SaaS supply chain. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/vendor-risk-in-saas-supply-chains-2025-guide-nudge-security/
-
Elevating the CISO to Business Enabler With CRQ – Kovrr
Articles related to cyber risk quantification, cyber risk management, and cyber resilience. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/elevating-the-ciso-to-business-enabler-with-crq-kovrr/
-
#Infosec2025: Know Your Audience to Make an Impact, CISOs Tell Their Peers
A panel of CISOs at Infosecurity Europe urged their peers to use risk management and clear communication to tame a chaotic cyber landscape First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/infosec2025-know-your-audience/
-
Get out of the audit committee: Why CISOs need dedicated board time
Tags: ai, business, ciso, cyber, cybersecurity, data, framework, mitigation, resilience, risk, risk-management, strategy, technology, threat, updateThe full partnership model between CISO and board: Full and frank security discussions are more than just a ‘nice to have’. The SEC has indicated it expects public companies with senior leadership to be transparent in how they assess and communicate cybersecurity risks.By extension, CISOs have an important role in communicating risks to senior leadership…