Tag: risk-management
-
How to evaluate and mitigate risks to the global supply chain
Tags: access, business, ceo, ciso, communications, compliance, control, cyberattack, cybersecurity, data, framework, governance, government, intelligence, international, ISO-27001, kaspersky, microsoft, mitigation, monitoring, office, resilience, risk, risk-assessment, risk-management, russia, service, soc, software, supply-chain, technology, threat, tool, update, vulnerabilityMaintain a diversified supply chain: Organizations that source from international technology suppliers need to ensure they are not overly reliant on a single vendor, single region or even a single technology. Maintaining a diversified supply chain can mitigate costly disruptions from a cyberattack or vulnerability involving a key supplier, or from disruptions tied to regulatory…
-
CISO success story: How LA County trains (and retrains) workers to fight phishing
Tags: ai, awareness, breach, business, chatgpt, cio, ciso, cloud, compliance, computing, control, corporate, cybersecurity, data, dos, election, email, endpoint, government, hacker, healthcare, incident response, jobs, law, lessons-learned, malicious, marketplace, network, phishing, privacy, regulation, risk, risk-management, service, software, strategy, supply-chain, tactics, technology, threat, tool, training, vulnerability(The following interview has been edited for clarity and length.)At first glance, LA County’s reporting structure who reports to whom seems, well, fairly complex.We have a federated model: I report to the county CIO. Each department acts as an independent business and has its own department CIO and information security officer. Their job is to…
-
CISOs lavieren zwischen Datenschutz und Business-Support
Gar nicht so einfach, die richtige Balance zwischen Datenschutz und Business-Support zu finden.Die wenigsten Führungskräfte im Bereich Security & Risk Management (SRM) schaffen eine ausgewogene Balance zwischen Datenschutz und Business-Unterstützung. Das hat eine Umfrage von Gartner ergeben. Demzufolge priorisieren 35 Prozent der Befragten den Schutz von Datenbeständen, während gut jeder fünfte (21 Prozent) seinen Fokus…
-
Grip SSPM: Next Evolution in SaaS Identity Risk Management
Grip SSPM enhances SaaS security by automating misconfiguration fixes, engaging app owners, and unifying risk management for a smarter, proactive defense. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/grip-sspm-next-evolution-in-saas-identity-risk-management/
-
Beyond the paycheck: What cybersecurity professionals really want
Tags: business, ceo, corporate, cyber, cybersecurity, data, india, jobs, regulation, risk, risk-management, service, skills, strategy, trainingInvest in skills and allow room for growth: Upskilling also remains a powerful retention tool. As Huber points out, Tenable invests in training entire teams on emerging technologies and capabilities, ensuring that employees feel equipped and valued.Similarly, KPMG has implemented targeted programs to support diversity and career progression within cybersecurity. The firm’s Cyber Women Leads…
-
UK monitoring group to classify cyber incidents on earthquake-like scale
Risk management: The CMC hopes this increased understanding will spur the development of improved incident response planning. Experts quizzed by CSO on CMC welcomed its launch.Ivan Milenkovich, vice president of cyber risk technology in EMEA at Qualys, said data from the CMC has the potential to allow IT security professionals to make better risk assessments,…
-
Die besten DAST- & SAST-Tools
Tags: access, ai, api, application-security, authentication, awareness, cloud, cyberattack, cybersecurity, docker, framework, HIPAA, injection, PCI, rat, risk, risk-management, service, software, sql, supply-chain, tool, vulnerability, vulnerability-managementTools für Dynamic und Static Application Security Testing helfen Entwicklern, ihren Quellcode zu härten. Wir zeigen Ihnen die besten Tools zu diesem Zweck.Die Softwarelieferkette respektive ihre Schwachstellen haben in den vergangenen Jahren für viel Wirbel gesorgt. Ein besonders schlagzeilenträchtiges Beispiel ist der Angriff auf den IT-Dienstleister SolarWinds, bei dem mehr als 18.000 Kundenunternehmen betroffen waren.…
-
DORA ist mehr als nur ein weiteres Regelwerk: Wettbewerbsvorteil statt Compliance-Übung
[link text=”DORA” id=”39656″] markiert einen Wendepunkt in der Regulierung digitaler Resilienz im Finanzsektor. Der Erfolg in der Umsetzung wird maßgeblich davon abhängen, wie gut es Unternehmen gelingt, technische, prozedurale Lösungen wie IGA mit organisatorischen Maßnahmen und einem Risikomanagement zu verbinden. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/dora-ist-mehr-als-nur-ein-weiteres-regelwerk-wettbewerbsvorteil-statt-compliance-uebung/a39736/
-
Fortifying cyber security: What does secure look like in 2025?
Tags: access, ai, attack, authentication, business, compliance, cyber, cybercrime, cybersecurity, deep-fake, exploit, finance, Hardware, intelligence, least-privilege, malware, mfa, nis-2, phishing, regulation, resilience, risk, risk-management, scam, software, threat, training, update, vulnerability, zero-trustThe evolving cybersecurity landscape has increased security pressures for IT leaders. With the World Economic Forum estimating, the global cost of cybercrime is projected to reach $10.5trillion annually in 2025, the situation is only escalating[1]. The rise of new technologies, such as Artificial Intelligence (AI), and the complexities introduced by flexible working have made IT…
-
CISOs: Stop trying to do the lawyer’s job
Tags: breach, business, ciso, compliance, cybersecurity, data, email, finance, group, guide, incident response, international, jobs, law, privacy, RedTeam, risk, risk-management, security-incident, service, skills, strategy, technology, training, updateThere’s a joke that’s been floating around boardrooms for years: “What’s the difference between lawyers and engineers? Lawyers don’t think they’re engineers.”This light-hearted jab highlights a fundamental difference between the two professions. Engineers, and by extension CISOs, focus on building and fixing things, learning a wide array of skills, sometimes sticking their hands into technologies…
-
The SolarWinds $4.4 billion acquisition gives CISOs what they least want: Uncertainty
Tags: attack, breach, business, cisa, ciso, cyber, cybersecurity, finance, government, group, risk, risk-management, service, software, strategy, supply-chain, tool, updateWhen SolarWinds on Friday announced a $4.4 billion cash deal for it to be acquired by private equity (PE) firm Turn/River Capital, it delivered the last thing that nervous enterprise CISOs want: Uncertainty, to be followed by more uncertainty.”Whenever a security company gets acquired by private equity, you never want to throw a party,” said…
-
ISMG Editors: AI Security Wake-Up Call From DeepSeek
Tags: ai, api, ciso, data, data-breach, governance, leak, open-source, risk, risk-management, vulnerabilityAlso: Addressing AI Vulnerabilities and Governance Challenges. DeepSeek, an advanced open-source AI model, is under scrutiny for its safety guardrails failing multiple security tests and a data leak that exposed user information and API keys. Sam Curry, CISO at Zscaler, discusses AI security, risk management and upcoming U.S. policy changes. First seen on govinfosecurity.com Jump…
-
Third-Party Risk Management Failures Expose UK Finance Sector
Orange Cyberdefense found that over half of UK financial firms suffered at least one third-party attack in 2024, linked to significant gaps in risk management strategies First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/third-party-risk-failures-uk/
-
CIOs and CISOs grapple with DORA: Key challenges, compliance complexities
Tags: access, automation, banking, business, cio, ciso, communications, compliance, control, country, cyber, cybersecurity, data, dora, finance, framework, GDPR, governance, jobs, law, monitoring, network, nis-2, penetration-testing, privacy, regulation, resilience, risk, risk-management, service, skills, supply-chain, technology, threat, tool, training, vulnerabilityIn force since January, the Digital Operational Resilience Act (DORA) has required considerable effort from CIOs and CISOs at 20 types of financial entities to achieve compliance. For many, the journey is not complete.”In the past months, financial entities targeted by DORA have been busy internally defining roles and responsibilities related to ICT security, identifying…
-
Qualys TotalAppSec Strengthens Application Risk Management
Qualys introduced TotalAppSec, an AI-powered application risk management solution designed to unify API security, web application scanning and web malware detection across on-premises, hybrid and multi-cloud environments. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/qualys-totalappsec-strengthens-application-risk-management/
-
Tenable Acquires Vulcan Cyber, Building on AI-Powered Risk Prioritization
Cybersecurity risk management company Tenable announced plans to acquire Vulcan Cyber for approximately $147 million in cash and $3 million in restricted stock units. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/tenable-acquires-vulcan-cyber-building-on-ai-powered-risk-prioritization/
-
7 tips for improving cybersecurity ROI
Tags: advisory, ai, attack, business, ciso, compliance, control, corporate, cyber, cybersecurity, data, defense, detection, exploit, finance, gartner, group, incident response, infrastructure, intelligence, metric, monitoring, network, privacy, resilience, risk, risk-assessment, risk-management, service, siem, software, strategy, technology, threat, tool, vulnerability, wafWhen it comes to cybersecurity investments, smart money is directed toward initiatives that deliver the greatest protection at the lowest possible cost. But what appears to be a straightforward calculation can often be anything but.CISOs perennially face challenges securing adequate funding to safeguard the enterprise, placing them often in difficult positions attempting to stretch resources…
-
US SEC Misses the Mark With Materiality Reporting – Kovrr
Articles related to cyber risk quantification, cyber risk management, and cyber resilience. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/us-sec-misses-the-mark-with-materiality-reporting-kovrr/
-
OneMore Secure AB und Northwave Cyber Security gehen strategische Partnerschaft ein
Mit der Einführung neuer EU-Gesetze, einschließlich der NIS2-Richtlinie, steigen die Anforderungen an Sicherheit und Risikomanagement in der Lieferkette. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/onemore-secure-ab-und-northwave-cyber-security-gehen-strategische-partnerschaft-ein/a39643/
-
The Old Ways of Vendor Risk Management Are No Longer Good Enough
Managing third-party risk in the SaaS era demands a proactive, data-driven approach beyond checkbox compliance. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/old-ways-vendor-risk-management-no-longer-good-enough
-
Want to be an effective cybersecurity leader? Learn to excel at change management
Tags: authentication, awareness, business, cio, ciso, cloud, compliance, corporate, cybersecurity, finance, fraud, group, guide, Hardware, identity, jobs, password, privacy, risk, risk-management, service, skills, software, strategy, technology, threat, vulnerability, zero-trustIf there’s one thing that’s inevitable in cybersecurity, it’s change. Ever-evolving technology requires new protections, threats seem to multiply and morph on a daily basis, and even the humblest pieces of software and hardware demand constant updating to stay secure.That work has been increasing as the importance, visibility, and impact of security initiatives have ramped…
-
BTS #44 Network Appliances: A Growing Concern
In this episode, Paul Asadoorian and Chase Snyder discuss the latest security threats and vulnerabilities affecting network appliances, particularly focusing on Avanti and Fortinet platforms. They explore the increasing risks associated with these devices, the need for improved security standards, and the challenges of risk management and visibility in network security. The conversation emphasizes the……
-
Are Third-Party Risk Management Solutions Effective Enough?
A modern EASM solution offers more by incorporating meaningful first-party and third-party cyber risk insights than conventional TPRM solutions. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/are-third-party-risk-management-solutions-effective-enough/
-
CISOs’ top 12 cybersecurity priorities for 2025
Tags: access, ai, api, attack, authentication, automation, awareness, business, cio, ciso, cloud, compliance, control, corporate, cybersecurity, data, detection, framework, governance, identity, incident response, infrastructure, intelligence, jobs, mitigation, monitoring, mssp, oracle, penetration-testing, privacy, risk, risk-management, service, strategy, technology, threat, training, usa, zero-trustSecurity chief Andrew Obadiaru’s to-do list for the upcoming year will be familiar to CISOs everywhere: advance a zero-trust architecture in the organization; strengthen identity and access controls as part of that drive; increase monitoring of third-party risks; and expand the use of artificial intelligence in security operations.”Nothing is particularly new, maybe AI is newer,…
-
An Overview”‹”‹ of Cyber Risk Modeling – Kovrr
Articles related to cyber risk quantification, cyber risk management, and cyber resilience. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/an-overview-of-cyber-risk-modeling-kovrr/