Tag: risk-management

The CEO, CFO, and Board’s Role in Cybersecurity – Kovrr

May 6, 2025 11:50 PM

Tags: ceo, cyber, cybersecurity, risk, risk-management

Articles related to cyber risk quantification, cyber risk management, and cyber resilience. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/the-ceo-cfo-and-boards-role-in-cybersecurity-kovrr/
CISOs Transform Into Business-Critical Digital Risk Leaders

May 6, 2025 6:50 PM

Tags: ai, business, ciso, google, risk, risk-management, tool

Google’s Phil Venables on How AI Creates Structural Advantage in Security. Amid rising cyberthreats, security leaders are using AI tools to drive business enablement and risk management across their organizations, creating unprecedented opportunities for team transformation and career advancement, said Phil Venables, strategic security advisor at Google. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cisos-transform-into-business-critical-digital-risk-leaders-a-28296
CISO vs CFO: why are the conversations difficult?

May 5, 2025 8:49 AM

Tags: ai, attack, breach, business, ciso, compliance, cyber, cyberattack, cybersecurity, finance, insurance, jobs, metric, ransomware, RedTeam, risk, risk-management, saas, strategy, technology, threat, tool

might happen, which often means the best outcome is nothing happens. That’s a tough sell.”Although a single cyberattack can wipe out millions of dollars, CFOs and CISOs often approach cybersecurity from fundamentally different perspectives. Bridging this divide requires more than just better communication, it demands, as Argyle put it, a shift in mindset. The disconnect…
12 most innovative launches at RSA 2025

May 5, 2025 8:49 AM

Tags: ai, attack, awareness, ciso, cloud, communications, compliance, control, cyber, cybersecurity, data, deep-fake, detection, email, endpoint, finance, framework, governance, healthcare, identity, insurance, intelligence, login, malicious, network, nist, open-source, openai, phishing, privacy, RedTeam, resilience, risk, risk-analysis, risk-management, saas, service, siem, social-engineering, tactics, threat, tool, training, update, zero-day, zero-trust

AuditBoard: AI governance solution: AuditBoard announced its AI governance solution, designed to help organizations accelerate AI risk management and promote responsible AI adoption. The solution is designed to streamline AI use case intake, review, and approval processes, establish a centralized repository for approved AI models, and dynamically link AI risks to vendors, assets, and controls…
Cybersecurity Snapshot: CISA’s Best Cyber Advice on Securing Cloud, OT, Apps and More

May 2, 2025 6:50 PM

Tags: access, ai, attack, authentication, best-practice, breach, business, cisa, ciso, cloud, computer, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, exploit, firewall, flaw, framework, government, guide, hacker, iam, identity, incident, incident response, infrastructure, injection, international, Internet, iot, kubernetes, login, mfa, microsoft, mitigation, mitre, network, nist, open-source, organized, password, phishing, programming, RedTeam, risk, risk-management, sbom, service, software, sql, supply-chain, tactics, technology, threat, tool, unauthorized, update, usa, vulnerability, vulnerability-management, windows, xss, zero-day

In this special edition of the Cybersecurity Snapshot, we’re highlighting some of the most valuable guidance offered by the U.S. Cybersecurity and Infrastructure Security Agency in the past 12 months. Check out best practices, recommendations and insights on protecting your cloud environments, OT systems, software development processes and more. In case you missed it, here’s…
Mehr Assets mehr Angriffsfläche mehr Risiko

May 2, 2025 12:50 PM

Tags: cyberattack, cybersecurity, germany, infrastructure, monitoring, risk, risk-management, security-incident, tool, vulnerability, vulnerability-management

Unternehmen sollten ihre Angriffsflächen genau kennen.Nur wer seine Angriffsflächen kennt, kann diese wirksam verteidigen. Was eine Binsenweisheit scheint, scheint vielen Unternehmen jedoch Probleme zu bereiten. Laut einer Umfrage des Security-Anbieters Trend Micro unter mehr als 2.000 Cybersecurity-Führungskräften mussten knapp drei Viertel (73 Prozent) von ihnen einräumen, schon einmal einen Sicherheitsvorfall erlebt zu haben, weil Assets…
Half of red flags in third-party deals never reach compliance teams

May 2, 2025 6:50 AM

Tags: compliance, risk, risk-management

Third-party risk management (TPRM) is compromised in many organizations because those holding the relationship with the third-party (relationship owners) don’t escalate red … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/02/third-party-relationship-owners/
Capgemini Launches pKYC Sandbox to Modernize Compliance and Streamline Risk Management

May 1, 2025 10:50 PM

Tags: compliance, risk, risk-management

First seen on scworld.com Jump to article: www.scworld.com/news/capgemini-launches-pkyc-sandbox-to-modernize-compliance-and-streamline-risk-management
Insider Research im Gespräch – Paradigmenwechsel in der IT-Security: Das proaktive und automatische Risikomanagement

May 1, 2025 3:50 PM

Tags: risk-management

First seen on security-insider.de Jump to article: www.security-insider.de/cybersecurity-am-wendepunkt-loesungen-und-zukunftsaussichten-a-e8d0c60d213e82f6a7707c5bc12a5b72/
The 14 most valuable cybersecurity certifications

May 1, 2025 10:50 AM

Tags: access, ai, application-security, attack, automation, best-practice, blockchain, blueteam, china, cisa, cisco, ciso, cloud, compliance, computer, computing, conference, control, country, credentials, cryptography, cyber, cybersecurity, data, defense, encryption, endpoint, exploit, finance, governance, government, guide, hacker, hacking, incident response, intelligence, Internet, jobs, kali, law, linux, malware, metric, microsoft, monitoring, network, penetration-testing, privacy, reverse-engineering, risk, risk-analysis, risk-management, skills, threat, training, vulnerability, windows

Industry recognition Who’s to say one certification is more respected than another? Such criteria can be very subjective, so we turned to the most direct and unbiased source to cut through the ambiguity: job listings. In addition to education, skills, and qualifications, employers often specify certs they seek in their ideal candidate. These mentions carry…
KnowBe4 Appoints Bryan Palma as President and CEO

May 1, 2025 5:53 AM

Tags: ceo, cybersecurity, risk, risk-management, technology

KnowBe4, the cybersecurity platform that comprehensively addresses human risk management, announced that cybersecurity industry veteran Bryan Palma has been appointed president and chief executive officer of KnowBe4, effective May 5. KnowBe4’s founder and current chief executive officer Stu Sjouwerman has transitioned to the role of executive chairman. Palma is a highly regarded technology executive with…
Current SaaS delivery model a risk management nightmare, says CISO

Apr 30, 2025 6:49 PM

Tags: ciso, resilience, risk, risk-management, saas, software

JPMorgan Chase security chief Patrick Opet laments the state of SaaS security in an open letter to the industry and calls on software providers to do more to enhance resilience First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366623300/Current-SaaS-delivery-model-a-risk-management-nightmare-says-CISO
CNAPP-Kaufratgeber

Apr 30, 2025 6:56 AM

Tags: access, ai, application-security, attack, authentication, cloud, container, detection, edr, encryption, framework, group, ibm, infrastructure, intelligence, kubernetes, linux, ml, monitoring, network, open-source, risk-management, saas, soar, software, supply-chain, threat, tool, vmware
Kovrr Launches First-Ever CRQ-Powered Cyber Risk Register

Apr 29, 2025 1:51 PM

Tags: cyber, risk, risk-management

Articles related to cyber risk quantification, cyber risk management, and cyber resilience. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/kovrr-launches-first-ever-crq-powered-cyber-risk-register/
Secure by Design is likely dead at CISA. Will the private sector make good on its pledge?

Apr 28, 2025 8:51 PM

Tags: cisa, cybersecurity, government, office, risk, risk-management, sbom, software, technology, tool

CISA’s Secure by Design effort is ‘tiny’: Not everyone believes in the concept of security by design. Jeff Williams, founder and CTO of Contrast Security and creator of the first OWASP Top 10 list in 2002, told CSO that, in his view, the very first secure-by-design manual was the vaunted August 1983 “Orange Book” produced…
From Spreadsheets to SaaS-Based Cyber Risk Registers – Kovrr

Apr 28, 2025 4:51 PM

Tags: cyber, risk, risk-management, saas

Articles related to cyber risk quantification, cyber risk management, and cyber resilience. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/from-spreadsheets-to-saas-based-cyber-risk-registers-kovrr/
Reporting lines: Could separating from IT help CISOs?

Apr 28, 2025 8:51 AM

Tags: attack, business, cio, ciso, cyber, cybersecurity, exploit, finance, insurance, metric, mitigation, risk, risk-management, skills, technology, vulnerability

Reporting to the CFO can improve discussions about funding: There’s art and science to secure funding. Number matters in getting budget approval, and cybersecurity is at pains to be seen as more than a cost center. However, two-thirds (66%) of CFOs don’t fully understand the CISO role and have difficulty seeing the tangible return on…
7 Best Third-Party Risk Management Software in 2025

Apr 25, 2025 3:50 PM

Tags: business, cyber, risk, risk-management, software

Whether you operate a small business or run a large enterprise, you rely on third-party suppliers, merchants or software providers. They are fundamental to your operations, but they can pose security risks. The better you understand how that happens, the less likely you are to experience a breach. With the best third-party risk management software,…
6 types of risk every organization must manage, and 4 strategies for doing it

Apr 25, 2025 11:50 AM

Tags: ai, attack, backup, best-practice, breach, business, compliance, control, cyber, cybersecurity, data, finance, framework, fraud, GDPR, governance, government, grc, hacker, healthcare, infrastructure, insurance, intelligence, law, mitigation, office, phishing, ransom, ransomware, regulation, risk, risk-assessment, risk-management, service, startup, strategy, technology, threat, training, vulnerability

Cybersecurity risks Threats such as data breaches, phishing attacks, system intrusions, and broader digital vulnerabilities fall under the umbrella of security risks. The definition of cybersecurity risk is constantly evolving, now encompassing threats related to artificial intelligence and AI-driven systems.If you’re trying to mitigate risks in this area, you need to think not just about…
10 key questions security leaders must ask at RSA 2025

Apr 24, 2025 11:50 AM

Tags: access, ai, api, application-security, authentication, automation, business, cisa, ciso, cloud, conference, control, corporate, cve, cyber, cybersecurity, data, defense, detection, edr, endpoint, fido, finance, gartner, google, government, healthcare, infrastructure, microsoft, mitigation, mitre, monitoring, mssp, network, nist, passkey, password, phone, programming, resilience, risk, risk-management, service, software, strategy, switch, threat, tool, training, vulnerability, zero-trust

Is agentic AI more myth than reality?: Building on 2024’s AI enthusiasm, this year will be all about agentic AI, defined as “a type of AI that enables software systems to act autonomously, making decisions and taking actions based on goals, with minimal human intervention,” according to AI itself (source: Google Gemini). We’ll see lots…
CISOs no closer to containing shadow AI’s skyrocketing data risks

Apr 17, 2025 10:28 AM

Tags: access, ai, authentication, awareness, best-practice, breach, business, ceo, chatgpt, ciso, compliance, computer, control, cybersecurity, data, data-breach, detection, finance, framework, github, google, governance, group, jobs, law, leak, LLM, mitigation, monitoring, privacy, RedTeam, regulation, risk, risk-management, service, software, technology, theft, tool, training, unauthorized, vulnerability

While most organizations (90%) offer sanctioned generative AI apps and even more (98%) offer their users apps that incorporate gen AI features, unauthorized use of AI services is skyrocketing in business, according to a study by Netskope.Most gen AI use in the enterprise (72%) is shadow IT, driven by individuals using personal accounts to access…
GRC Meets CRQ – Kovrr’s Quantified Cyber Risk Registe

Apr 15, 2025 7:33 AM

Tags: cyber, grc, risk, risk-management

Articles related to cyber risk quantification, cyber risk management, and cyber resilience. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/grc-meets-crq-kovrrs-quantified-cyber-risk-registe/
How BluOcean Cyber Revolutionized SaaS Security and Risk Management

Apr 10, 2025 9:06 PM

Tags: cyber, risk, risk-management, saas

Learn how BluOcean overcame its client’s challenges with SaaS misconfigurations and how AppOmni’s SaaS security platform helped build a scalable, proactive SaaS security program. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/how-bluocean-cyber-revolutionized-saas-security-and-risk-management/
Navigating PCI DSS 4.0 Compliance: How Automated Data Discovery Can Help

Apr 10, 2025 6:06 PM

Tags: compliance, data, PCI, risk, risk-management
Using Post-Quantum Planning to Improve Security Hygiene

Apr 9, 2025 8:55 PM

Tags: cryptography, risk, risk-management

With careful planning, the transition to post-quantum cryptography can significantly improve security and risk management for the present and future. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/post-quantum-planning-security-hygiene
Making Compliance a Strategic Business Driver With AI

Apr 9, 2025 7:13 PM

Tags: ai, awareness, business, compliance, cyber, cybersecurity, risk, risk-management, strategy, tool

UNSW’s Pranit Anand on Personalizing Cyber Awareness Programs. Compliance programs can be more than tick-box exercises. When aligned with business strategy, cybersecurity awareness efforts become tools for improving continuity, profitability and risk management, said Pranit Anand, chief investigator at UNSW Business School. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/making-compliance-strategic-business-driver-ai-a-27959
Cloud-Sicherheit weiter lückenhaft

Apr 9, 2025 5:55 PM

Tags: cloud, risk-management, saas

Der Siegeszug von Cloud- und SaaS-Lösungen schreitet unaufhaltsam voran doch viele Unternehmen verlieren dabei die Kontrolle über ihre Sicherheitslage. Eine aktuelle Studie zeigt: 28 Prozent der Unternehmen verzeichneten 2024 eine cloudbezogene Datenpanne, über ein Drittel davon sogar mehrfach innerhalb eines Jahres. Die Kluft zwischen technologischem Fortschritt und Risikomanagement wächst mit potenziell gefährlichen Folgen. First seen…
Cybersecurity Snapshot: SANS Recommends Six Controls To Secure AI Systems, While NCSC Warns About Outdated API Security Methods

Apr 4, 2025 5:42 PM

Tags: access, advisory, ai, api, attack, authentication, best-practice, botnet, business, cisa, cloud, compliance, computer, control, credentials, cryptography, cyber, cyberattack, cybersecurity, data, detection, dns, endpoint, framework, governance, government, incident response, infrastructure, injection, intelligence, Internet, least-privilege, malicious, mitigation, monitoring, network, phishing, privacy, programming, regulation, resilience, risk, risk-management, sans, service, strategy, supply-chain, threat, training, unauthorized, update, zero-trust

Check out the security controls that SANS Institute says are essential for protecting your AI systems. Plus, the U.K. NCSC urges organizations to adopt newer API security techniques. In addition, CISA and other cyber agencies warn that attackers are using “fast flux” techniques to conceal their actions. And much more! Dive into five things that…
Design, implement, and deploy application protection policies with Cursor Agent – Impart Security

Apr 4, 2025 4:42 PM

Tags: ai, application-security, breach, business, compliance, data, data-breach, detection, gartner, risk, risk-management, tool, waf

Introducing Impart + Cursor: Truly Autonomous Application Protection Runtime Security Without the Babysitting Security teams can now define application protection policies declaratively in Impart, with Cursor’s agent executing them safely and autonomously, eliminating the need for tedious clickops. Why This Matters Application protection has traditionally been a necessary burden. Security engineers find themselves trapped in…
10 best practices for vulnerability management according to CISOs

Apr 2, 2025 8:56 AM

Tags: api, attack, automation, best-practice, business, ceo, cio, ciso, control, cybersecurity, data, detection, framework, group, incident response, metric, mitre, penetration-testing, programming, ransomware, risk, risk-management, service, software, strategy, technology, threat, tool, update, vulnerability, vulnerability-management

1. Culture Achieving a successful vulnerability management program starts with establishing a cybersecurity-minded culture across the organization. Many CISOs admitted to facing historical cultural problems, with one summing it up well. “Our cybersecurity culture was pretty laissez-faire until we got hit with Log4J and then a ransomware attack,” he told CSO. “These events were an…