Tag: risk-management

ISMG Editors: Gartner Security & Risk Management Summit Recap

Jun 13, 2025 4:54 PM

Tags: ai, cloud, gartner, risk, risk-management, threat

Security Leadership in Focus – From AI Risks to Cloud Responsibility. AI fragmentation, non-human identities and nation-state threats dominated conversations at the Gartner Security & Risk Management Summit. ISMG editors discuss how the event stood out for its vendor-neutral focus and strategic discussions tailored for senior security decision-makers. First seen on govinfosecurity.com Jump to article:…
How to Speed Up TPRM Approvals with Spectra Assure

Jun 12, 2025 5:54 PM

Tags: intelligence, risk, risk-management, service, software, threat
2025 CSO Hall of Fame honorees

Jun 12, 2025 5:54 PM

Tags: ceo, cio, ciso, corporate, cybersecurity, finance, google, group, infrastructure, international, jobs, risk, risk-management, sans, technology

Meg Anderson, VP & CISO (retired), Principal Financial Group Bob Bruns, CISO, Avanade Jonathan Chow, CISO, Genesys Mignona Cote, CISO, Infor Laura Deaner, Managing Director, CISO, The Depository Trust & Clearing Corporation (DTCC) George Finney, CISO, University of Texas System Michael Gordon, SVP & CISO, McDonald’s Ron Green, Cybersecurity Fellow/Former CSO, Mastercard Shawn Henry, CSO, CrowdStrike Todd Lukens, SVP, Security & Infrastructure, Nationwide Rishi Tripathi,…
Ganzheitliches Risikomanagement – Was ist Enterprise Risk Management?

Jun 11, 2025 3:55 PM

Tags: risk, risk-management

First seen on security-insider.de Jump to article: www.security-insider.de/was-ist-erm-enterprise-risk-management-a-95772b2efb270802d7a6c2d60231c13e/
AuditBoard expandiert nach Deutschland – Neue Lösungen für Audit, Compliance und Risikomanagement

Jun 11, 2025 2:55 PM

Tags: compliance, germany, risk-management

First seen on security-insider.de Jump to article: www.security-insider.de/auditboard-risikomanagement-compliance-deutschland-a-7ea05c051821d78967ca18d28c302f0e/
Why Threat Agents Must be Included in Cybersecurity Risk Assessments

Jun 11, 2025 7:55 AM

Tags: access, attack, business, compliance, control, cyber, cybercrime, cybersecurity, data, defense, detection, espionage, finance, group, incident, intelligence, risk, risk-assessment, risk-management, social-engineering, strategy, tactics, theft, threat, tool, update, vulnerability

In the ever-evolving landscape of cybersecurity, organizations face a constant struggle: how to best allocate limited resources to maximize their defensive posture. No one has enough budget, personnel, or tools to defend against every conceivable threat. When effort is misapplied to low-risk areas, higher-risk areas are left exposed. This inefficiency can prove disastrous. Risk management…
How to Get a Clearer Picture of Vendor Risk

Jun 11, 2025 5:55 AM

Tags: risk, risk-management

Experts Call for Continuous Assessments of Vendor Risk – Not Just at Onboarding. As vendor ecosystems grow in complexity, many organizations still view third-party risk management as a static assessment of vendors as they’re onboarded. But organizations often focus too heavily on upfront vetting of vendors and fail to track how their risk profiles may…
Seraphic Security Unveils BrowserTotal Free AI-Powered Browser Security Assessment for Enterprises

Jun 10, 2025 4:55 PM

Tags: access, ai, attack, awareness, ceo, ciso, crowdstrike, defense, detection, exploit, gartner, LLM, phishing, risk, risk-management, saas, technology, threat, tool

srcset=”https://b2b-contenthub.com/wp-content/uploads/2025/06/dashboard1200x720_2_1749468214vL4nUEOAEX.jpg?quality=50&strip=all 1200w, b2b-contenthub.com/wp-content/uploads/2025/06/dashboard1200x720_2_1749468214vL4nUEOAEX.jpg?resize=300%2C180&quality=50&strip=all 300w, b2b-contenthub.com/wp-content/uploads/2025/06/dashboard1200x720_2_1749468214vL4nUEOAEX.jpg?resize=768%2C461&quality=50&strip=all 768w, b2b-contenthub.com/wp-content/uploads/2025/06/dashboard1200x720_2_1749468214vL4nUEOAEX.jpg?resize=1024%2C614&quality=50&strip=all 1024w, b2b-contenthub.com/wp-content/uploads/2025/06/dashboard1200x720_2_1749468214vL4nUEOAEX.jpg?resize=1162%2C697&quality=50&strip=all 1162w, b2b-contenthub.com/wp-content/uploads/2025/06/dashboard1200x720_2_1749468214vL4nUEOAEX.jpg?resize=280%2C168&quality=50&strip=all 280w, b2b-contenthub.com/wp-content/uploads/2025/06/dashboard1200x720_2_1749468214vL4nUEOAEX.jpg?resize=140%2C84&quality=50&strip=all 140w, b2b-contenthub.com/wp-content/uploads/2025/06/dashboard1200x720_2_1749468214vL4nUEOAEX.jpg?resize=800%2C480&quality=50&strip=all 800w, b2b-contenthub.com/wp-content/uploads/2025/06/dashboard1200x720_2_1749468214vL4nUEOAEX.jpg?resize=600%2C360&quality=50&strip=all 600w, b2b-contenthub.com/wp-content/uploads/2025/06/dashboard1200x720_2_1749468214vL4nUEOAEX.jpg?resize=417%2C250&quality=50&strip=all 417w” width=”1024″ height=”614″ sizes=”(max-width: 1024px) 100vw, 1024px”> Cyber NewsWirePowered by AI, BrowserTotal offers CISOs and security teams a comprehensive, hands-on environment to test browser security defenses against today’s most sophisticated threats. Key features of the platform include: Posture…
Multicloud security automation is essential, but no silver bullet

Jun 10, 2025 12:55 PM

Tags: access, ai, automation, best-practice, bsi, business, cloud, compliance, control, corporate, data, framework, guide, infrastructure, intelligence, monitoring, risk, risk-management, service, soar, strategy, threat, tool, training, update, vulnerability

Defining multicloud automation strategies: As an engineering leader, how should you approach implementing security automation in a multicloud environment? The experts we spoke to emphasized intentional design, layered planning, and a commitment to continual refinement.”I like to consider the planning process in terms of layers,” says Protiviti’s Armknecht. “The foundational layer involves achieving observability across…
NIST Launches Updated Incident Response Guide

Jun 10, 2025 11:55 AM

Tags: cybersecurity, framework, guide, incident response, nist, risk, risk-management, technology, update

The National Institute of Standards and Technology (NIST) has released a long-awaited update to its incident response guidance: Special Publication 800-61 Revision 3 (SP 800-61r3). This new version, titled “Incident Response Recommendations and Considerations for Cybersecurity Risk Management,” aligns closely with the latest Cybersecurity Framework (CSF) 2.0, marking a significant evolution in how organizations should……
Trump takes aim at Biden’s cyber executive order but leaves it largely untouched

Jun 10, 2025 12:55 AM

Tags: access, ai, china, compliance, computer, credentials, cryptography, cyber, cybercrime, cybersecurity, data, defense, detection, exploit, fraud, government, identity, infrastructure, intelligence, malicious, network, nist, office, privacy, programming, risk, risk-management, service, software, supply-chain, technology, threat, tool, unauthorized, vulnerability, zero-day

Executive Order 13694 and Executive Order 14144.”A fact sheet accompanying the order says that President Trump’s EO modifies “problematic and distracting issues” of Obama- and Biden-era cybersecurity EOs, particularly “digital identity mandates that risked widespread abuse by enabling illegal immigrants to improperly access public benefits.”Virtually all of the changes implemented by the Trump administration address…
How Security Teams Can Turn Hype Into Opportunity

Jun 9, 2025 11:54 PM

Tags: ai, ciso, gartner, risk, risk-management

During the opening keynote at Gartner Security & Risk Management Summit 2025, analysts weighed in on how CISOs and security teams can use security fervor around AI and other tech to the betterment of their security posture. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/gartner-security-teams-hype-opportunity
How to create a compelling SOC narrative for executives

Jun 9, 2025 6:54 PM

Tags: cybersecurity, finance, gartner, risk, risk-management, soc

Focus on financial impact, efficiency and risk management to ensure informed cybersecurity investment decisions.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/gartner-how-to-create-a-compelling-soc-narrative-for-executives/750135/
Seraphic Security Unveils BrowserTotal Free AI-Powered Browser Security Assessment For Enterprises

Jun 9, 2025 4:54 PM

Tags: ai, cyber, gartner, risk, risk-management, threat, tool

Tel Aviv, Israel, June 9th, 2025, CyberNewsWire Available to the public and debuting at the Gartner Security & Risk Management Summit,BrowserTotal is a first of its kind browser security assessment tool conducting more than 120tests to provide posture standing, emerging threat insights, URL analysis, extension risks, andmore. Seraphic Security, a leader in enterprise browser security,…
Why Securing NHIs Reduces Your Cyber Risk

Jun 7, 2025 12:54 AM

Tags: cloud, cyber, infrastructure, risk, risk-management

Why is NHI Security Critical in Risk Management? Have you ever considered the potential security risk lurking? The reality is that the growing complexity of IT infrastructures, particularly in the cloud, presents new challenges for risk management and cyber protection. Among the most notable security risks lies in the management of Non-Human Identities (NHIs). Overseeing……
Vendor Risk in SaaS Supply Chains: 2025 Guide – Nudge Security

Jun 6, 2025 5:54 PM

Tags: guide, risk, risk-management, saas, strategy, supply-chain

Why effective vendor risk management is a critical strategy for identifying, assessing, and mitigating risks within the SaaS supply chain. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/vendor-risk-in-saas-supply-chains-2025-guide-nudge-security/
Elevating the CISO to Business Enabler With CRQ – Kovrr

Jun 5, 2025 6:54 PM

Tags: business, ciso, cyber, risk, risk-management

Articles related to cyber risk quantification, cyber risk management, and cyber resilience. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/elevating-the-ciso-to-business-enabler-with-crq-kovrr/
#Infosec2025: Know Your Audience to Make an Impact, CISOs Tell Their Peers

Jun 5, 2025 4:55 PM

Tags: ciso, cyber, risk, risk-management

A panel of CISOs at Infosecurity Europe urged their peers to use risk management and clear communication to tame a chaotic cyber landscape First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/infosec2025-know-your-audience/
Get out of the audit committee: Why CISOs need dedicated board time

Jun 5, 2025 9:54 AM

Tags: ai, business, ciso, cyber, cybersecurity, data, framework, mitigation, resilience, risk, risk-management, strategy, technology, threat, update

The full partnership model between CISO and board: Full and frank security discussions are more than just a ‘nice to have’. The SEC has indicated it expects public companies with senior leadership to be transparent in how they assess and communicate cybersecurity risks.By extension, CISOs have an important role in communicating risks to senior leadership…
Conquering complexity and risk with data security posture insights

Jun 3, 2025 4:54 PM

Tags: access, ai, attack, automation, best-practice, business, cloud, compliance, control, cyber, cyberattack, data, defense, detection, encryption, exploit, framework, GDPR, governance, infrastructure, intelligence, mitigation, monitoring, PCI, regulation, risk, risk-assessment, risk-management, strategy, technology, theft, threat, tool, unauthorized, vulnerability

Conquering complexity and risk with data security posture insights madhav Tue, 06/03/2025 – 05:35 In today’s competitive landscape it has become an increasingly important for businesses looking for ways to adapt their data security, governance, and risk management practices to the volatile economy by improving efficiency or reducing costs while maintaining structure, consistency, and guidance…
6 hard truths security pros must learn to live with

Jun 2, 2025 12:54 PM

Tags: ai, attack, breach, business, ciso, control, credentials, cyber, cyberattack, cybercrime, cybersecurity, data, data-breach, defense, detection, finance, fraud, gartner, hacker, ibm, insurance, jobs, network, phishing, resilience, risk, risk-management, skills, social-engineering, tactics, technology, threat, training, vulnerability

No matter how good you are, your organization will be victimized: This is a hard one to swallow, but if we take the “five stages of grief” approach to cybersecurity, it’s better to reach the “acceptance” level than to remain in denial because much of what happens is simply out of your control.A global survey…
Passwortlose Authentifizierung wird für CISOs immer wichtiger

May 30, 2025 12:55 PM

Tags: ai, authentication, business, ciso, credentials, cyber, cyberattack, deep-fake, gartner, mfa, microsoft, password, phishing, risk, risk-management, social-engineering

Selbst MFA ist vor raffinierten, KI-gesteuerten Phishing-Angriffen nicht sicher. Biometrische Verfahren gelten als vielversprechende Alternative.Die rasante Entwicklung von KI-Agenten eröffnet Cyberkriminellen neue Angriffsmöglichkeiten, die insbesondere für Chief Information Security Officers (CISOs) eine erhebliche Herausforderung darstellen. Automatisierte Angriffe, die von KI gesteuert werden, können herkömmliche Sicherheitsmaßnahmen wie Passwörter und Multi-Faktor-Authentifizierung (MFA) zunehmend unterlaufen. Trotz weit verbreiteter…
Human Risk Management: The Next Security Challenge

May 29, 2025 11:55 AM

Tags: risk, risk-management

Nisos Human Risk Management: The Next Security Challenge Human risk isn’t new. It’s growing faster, showing up in more places, and catching many organizations off guard… First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/human-risk-management-the-next-security-challenge/
Attack on LexisNexis Risk Solutions exposes data on 300k +

May 28, 2025 8:55 PM

Tags: attack, data, risk, risk-management, software

Data analytics and risk management biz says software dev platform breached, not itself First seen on theregister.com Jump to article: www.theregister.com/2025/05/28/attack_on_lexisnexis_risk_solutions/
7 Cybersicherheitstipps für Reisende

May 28, 2025 2:55 PM

Tags: fraud, risk, risk-management, social-engineering, vulnerability

Die weltweit renommierte Cybersicherheitsplattform KnowBe4, die sich umfassend mit Human-Risk-Management befasst, hat wichtige Tipps für die Reisesicherheit veröffentlicht. Diese sind speziell auf Cybersicherheitsbedrohungen für Reisende in diesem Sommer zugeschnitten. Während sich Reisende auf ihren Sommerurlaub vorbereiten, suchen Cyberkriminelle nach Möglichkeiten, Sicherheitslücken in Reiseplänen auszunutzen. Die Zunahme von Social-Engineering-Betrug, Schwachstellen in öffentlichen WLAN-Netzen sowie neuen Bedrohungen…
Will AI agent-fueled attacks force CISOs to fast-track passwordless projects?

May 28, 2025 8:54 AM

Tags: access, ai, api, attack, authentication, breach, business, ciso, cloud, credentials, cyber, cybersecurity, data, fido, finance, framework, google, Hardware, identity, login, metric, microsoft, okta, passkey, password, phishing, privacy, risk, risk-management, service, technology, threat, tool, update, zero-trust

Passwordless options: In retiring passwords, security leaders will need to consider their options, passkeys, biometrics, and third-party login services, looking for the best technical, usability, and security fit. There are pros and cons for each option, and in many cases CISOs may be guided towards one based on their existing environment.Passkeys, used by Microsoft, Samsung,…
Die wertvollsten Security-Zertifizierungen

May 28, 2025 6:54 AM

Tags: access, ai, blockchain, china, cisa, cisco, cloud, compliance, control, cyberattack, cybersecurity, data, DSGVO, endpoint, framework, germany, governance, hacker, hacking, identity, incident response, injection, international, jobs, kali, linux, monitoring, network, password, penetration-testing, privacy, resilience, risk, risk-management, sans, security-incident, service, siem, skills, social-engineering, sql, threat, usa, vulnerability, windows

Zertifizierte IT-Sicherheitsprofis sind (unter anderem) gefragter und verdienen besser.(Cybersecurity-)Zertifizierungen können eine aktienähnliche Volatilität entfalten: Ihre Popularität kann steigen oder auch fallen und sie können an Relevanz verlieren, wenn sie nicht mit den aktuellen Branchenentwicklungen Schritt halten. Allerdings sind davon nicht alle Zertifizierungen gleichermaßen betroffen: Sogenannte “Blue Chips” haben sich über den Lauf der Zeit bewährt…
How AI agents reshape industrial automation and risk management

May 27, 2025 7:54 AM

Tags: ai, automation, cybersecurity, risk, risk-management

In this Help Net Security interview, Michael Metzler, Vice President Horizontal Management Cybersecurity for Digital Industries at Siemens, discusses the cybersecurity … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/27/michael-metzler-siemens-ai-agents-industrial-environments/
ICYMI: A Look Back at Exposure Management Academy Highlights

May 26, 2025 4:54 PM

Tags: attack, business, ceo, cio, control, cyber, cybersecurity, data, framework, infrastructure, intelligence, office, risk, risk-management, strategy, technology, threat, tool, update, vulnerability, vulnerability-management

Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. This week, we look back on some highlights from the first couple of months of posts, including the broad view exposure management provides, business impact and getting to a single pane of glass.…
CRQ Explained: From Qualitative to Quantitative – Kovrr

May 26, 2025 12:54 PM

Tags: cyber, risk, risk-management

Articles related to cyber risk quantification, cyber risk management, and cyber resilience. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/crq-explained-from-qualitative-to-quantitative-kovrr/