Tag: risk-management
-
8 ways to bolster your security posture on the cheap
Tags: access, attack, authentication, awareness, breach, ciso, control, credentials, cyber, cyberattack, cybersecurity, data, data-breach, ddos, dkim, dmarc, dns, email, endpoint, exploit, finance, google, identity, Internet, metric, mfa, microsoft, mitigation, okta, passkey, password, phishing, risk, risk-management, service, strategy, technology, tool, training, update, waf, zero-day2. Take full advantage of your existing tools: A practical way to strengthen enterprise security without incurring additional significant spend is to ensure you’re fully leveraging the capabilities of solutions already present within your organization, says Gary Brickhouse, CISO at security services firm GuidePoint Security.”Most organizations have invested heavily in security solutions, yet most are…
-
The external pressures redefining cybersecurity risk
Tags: access, ai, attack, breach, business, ciso, control, cyber, cyberattack, cybersecurity, data, deep-fake, defense, email, governance, guide, incident response, injection, network, nist, resilience, risk, risk-management, supply-chain, technology, threat, toolAI is accelerating both the attackers and your defenses, but governance is often missing : What I see generative AI doing in cybersecurity is accelerating what attackers can do and lowering the cost of entry for new criminal gangs. Cyberattacks are more potent because the technology makes it easier to target victims, create deepfake videos or…
-
BSidesSLC 2025 Risk Management Explained Through Star Wars
Author, Creator & Presenter: Kenny Scott – Founder & CEO Of Paramify Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/bsidesslc-2025-risk-management-explained-through-star-wars/
-
Die Einhaltung von NIS2 wird nicht an der Technik scheitern, sondern an den Menschen
NIS2 erhöht die Erwartungen an die Cybersicherheit in ganz Europa und stellt das menschliche Verhalten in den Mittelpunkt der Compliance Experten für Human Risk Management fordern Unternehmen auf ihre Belegschaft auf NIS2 vorbereiten. NIS2 hat die Messlatte für die Cybersicherheit in ganz Europa höher gelegt, und das aus gutem Grund. Die Bedrohungen sind hartnäckiger,… First…
-
BSidesSLC 2025 LLM-Assisted Risk Management For Small Teams Budgets
Author, Creator & Presenter: Connor Turpin – Cloud Architect And Sysadmin Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/bsidesslc-2025-llm-assisted-risk-management-for-small-teams-budgets/
-
Check Point schützt KI-Fabriken mit neuem Security Architecture Blueprint
Darüber hinaus orientiert sich die Architektur an etablierten KI-Governance-Standards wie dem NIST AI Risk Management Framework und Gartner AI TRiSM. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-schuetzt-ki-fabriken-mit-neuem-security-architecture-blueprint-von-gpu-bis-llm/a44349/
-
Check Point schützt KI-Fabriken mit neuem Security Architecture Blueprint
Darüber hinaus orientiert sich die Architektur an etablierten KI-Governance-Standards wie dem NIST AI Risk Management Framework und Gartner AI TRiSM. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-schuetzt-ki-fabriken-mit-neuem-security-architecture-blueprint-von-gpu-bis-llm/a44349/
-
Check Point schützt KI-Fabriken mit neuem Security Architecture Blueprint
Darüber hinaus orientiert sich die Architektur an etablierten KI-Governance-Standards wie dem NIST AI Risk Management Framework und Gartner AI TRiSM. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-schuetzt-ki-fabriken-mit-neuem-security-architecture-blueprint-von-gpu-bis-llm/a44349/
-
KI-Agenten zur sicheren Validierung von Sicherheitslücken und autonomer Behebung
Qualys hat ‘Agent Val” als Teil von ‘Enterprise TruRisk Management” (ETM) eingeführt. Agent-Val ermöglicht dem Risk-Operations-Center (ROC) eine sichere, agentengesteuerte Exploit-Validierung und autonome Risikobehebung. Agent-Val steht für einen grundlegenden Wandel im Schwachstellen- und Risikomanagement: weg von einer auf Annahmen basierenden Priorisierung, hin zu einer evidenzbasierten Umsetzung. Dies beschleunigt die Reaktion, reduziert unnötigen Aufwand und führt…
-
EU AI Act Compliance Guide for CISOs GRC Leaders – Kovrr
Articles related to cyber risk quantification, cyber risk management, and cyber resilience. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/eu-ai-act-compliance-guide-for-cisos-grc-leaders-kovrr/
-
KnowBe4 Expands AIDA to Eight AI Agents at RSAC 2026, Targeting Fully Autonomous Human Risk Management
KnowBe4 is leaning hard into autonomous AI at RSAC 2026, using the conference to spotlight an expanding suite of AI agents it says is reducing security administration from hours to seconds. The company’s AIDA platform, short for Artificial Intelligence Defense Agents, now includes eight agents after the recent launch of the AIDA Orchestration Agent. That..…
-
SecurityScorecard Debuts TITAN AI to Automate Third-Party Risk Management Workflows
RSAC 2026: SecurityScorecard is using RSA Conference week to roll out TITAN AI, a set of capabilities aimed at taking manual work out of third-party risk management (TPRM) and tying vendor oversight more directly to threat intelligence. The company says TITAN AI sits on top of its existing Ratings and TPRM platform and is designed..…
-
Purple Book Community and ArmorCode Survey Flags Shadow AI, AI-Generated Code Risks
RSAC 2026 coverage: The Purple Book Community (PBC), in partnership with ArmorCode, released its State of AI Risk Management 2026 report on Monday, based on a survey of more than 650 senior enterprise cybersecurity leaders in North America and Europe. The report points to a governance gap as organizations operationalize AI faster than security programs..…
-
Anthropic ban heralds new era of supply chain risk, with no clear playbook
Tags: ai, business, ceo, cisco, ciso, compliance, control, data, defense, framework, government, group, infrastructure, intelligence, law, monitoring, network, RedTeam, risk, risk-management, sbom, software, strategy, supply-chain, technology, threat, toolCompliance pressure before policy clarity: For organizations that do business with the federal government, the implications extend beyond technical challenges into legal and contractual risk. Alex Major, co-chair of government contracts and global trade practice at law firm McCarter and English, tells CSO that supply chain designations like the Anthropic ban tend to move quickly…
-
Anthropic ban heralds new era of supply chain risk, with no clear playbook
Tags: ai, business, ceo, cisco, ciso, compliance, control, data, defense, framework, government, group, infrastructure, intelligence, law, monitoring, network, RedTeam, risk, risk-management, sbom, software, strategy, supply-chain, technology, threat, toolCompliance pressure before policy clarity: For organizations that do business with the federal government, the implications extend beyond technical challenges into legal and contractual risk. Alex Major, co-chair of government contracts and global trade practice at law firm McCarter and English, tells CSO that supply chain designations like the Anthropic ban tend to move quickly…
-
Cybersecurity and privacy priorities for 2026: The legal risk map
Tags: attack, authentication, awareness, best-practice, breach, communications, country, cyber, cybersecurity, data, defense, finance, fraud, governance, government, incident, incident response, infrastructure, law, mfa, monitoring, privacy, ransomware, regulation, risk, risk-management, service, strategy, supply-chain, threat, usaContinued federal interest in cybersecurity and privacy, especially in connection with national security concerns: The evident connection between cybersecurity and privacy and national security have led to a number of federal initiatives in recent years. Most recently in March 2026, the White House announced the current administration’s Cyber Strategy for America, renewing a commitment to…
-
CISA official advises agencies not to get too hung up on who takes lead in critical infrastructure sectors
Acting director Nick Andersen said relationships, not actor risk management agency designations, should guide which agency is at the forefront. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisa-srma-critical-infrastructure-flexible-partnerships-nick-andersen/
-
SecurityTrainings messbar machen
Im Gespräch mit Netzpalaver skizzieren Kennedy Sanke, Systemadministrator und Klaus Mayr, IT-Experte, beide bei der Interbite AG aus Liechtenstein, wie sie die Plattform für Human-Risk-Management von KnowBe4 einsetzen. Die Interbite AG ist der IT-Dienstleister der 1967 gegründeten Intamin AG, einer schweizerisch-liechtensteinischen Unternehmensgruppe aus Wollerau im Bereich der Entwicklung und Produktion von Freizeitanlagen und Transportsystemen. Bekannt…
-
When insider risk is a wellbeing issue, not just a disciplinary one
Tags: access, breach, compliance, control, cyber, data, exploit, finance, group, malicious, monitoring, resilience, risk, risk-management, security-incident, threat, training, vulnerabilityWritten by Katie Barnett, Director of Cyber Security at Toro Solutions Insider risk is still often framed around intent, with the focus placed on malicious employees, disgruntled contractors, or deliberate misuse of access for personal gain.Those cases exist and they matter, but they are rarely where risk first begins, and they do not reflect how…
-
When insider risk is a wellbeing issue, not just a disciplinary one
Tags: access, breach, compliance, control, cyber, data, exploit, finance, group, malicious, monitoring, resilience, risk, risk-management, security-incident, threat, training, vulnerabilityWritten by Katie Barnett, Director of Cyber Security at Toro Solutions Insider risk is still often framed around intent, with the focus placed on malicious employees, disgruntled contractors, or deliberate misuse of access for personal gain.Those cases exist and they matter, but they are rarely where risk first begins, and they do not reflect how…
-
Digitales Vertrauen wird strategisch – wie Keyfactor Unternehmen auf neue Krypto-Realitäten vorbereitet
Digitales Vertrauen ist längst nicht mehr nur ein IT-Feature es ist zu einem wichtigen Bestandteil des Risikomanagements von Unternehmen geworden First seen on infopoint-security.de Jump to article: www.infopoint-security.de/digitales-vertrauen-wird-strategisch-wie-keyfactor-unternehmen-auf-neue-krypto-realitaeten-vorbereitet/a44122/
-
How Cyber Risk Management Builds Resilience – Kovrr
Articles related to cyber risk quantification, cyber risk management, and cyber resilience. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/how-cyber-risk-management-builds-resilience-kovrr/
-
How Cyber Risk Management Builds Resilience – Kovrr
Articles related to cyber risk quantification, cyber risk management, and cyber resilience. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/how-cyber-risk-management-builds-resilience-kovrr-2/
-
A 5-step approach to taming shadow AI
Tags: ai, api, business, communications, compliance, control, data, defense, finance, framework, governance, incident response, monitoring, network, nist, risk, risk-assessment, risk-management, service, strategy, technology, toolthought work happened and how it actually does today.Here’s a five-step approach to put a robust AI-risk management framework in place: Employees often use public model APIs, browser-based prompt tools and unsanctioned or ungoverned internal chatbots to boost productivity without considering the risk of exposing sensitive data.AI usage is not difficult to identify; you just need…
-
Announcing the 2026 CSO Hall of Fame honorees
Tags: ai, ceo, cio, ciso, corporate, cyber, cybersecurity, finance, google, group, infrastructure, international, jobs, resilience, risk, risk-management, sans, technologySelim Aissi, CEO & CSO, AGARobert S. Allen, Global CISO & Responsible AI Officer, GallagherMohit Chanana, CISO, Chevron Phillips ChemicalEdna Conway, Chief Operations & Risk Officer, TPO GroupJuan Gomez-Sanchez, VP, Cyber Resilience, McLane Company, Inc.Gary Harbison, Global CISO, Johnson & JohnsonMalcolm Harkins, Chief Security & Trust Officer, HiddenLayerBarry Hensley, CSO, Brown & BrownShaun Khalfan, SVP,…
-
Agentic AI security: Why you need to know about autonomous agents now
There are many benefits and security risks of deploying agentic AI within organizations. This blog emphasizes the importance of robust risk management and threat modeling to defend against both internal operational errors and potential malicious exploitation. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/agentic-ai-security-why-you-need-to-know-about-autonomous-agents-now/
-
The OT security time bomb: Why legacy industrial systems are the biggest cyber risk nobody wants to fix
Tags: access, attack, authentication, awareness, business, ciso, compliance, control, cyber, cybersecurity, data, detection, exploit, firewall, incident, incident response, infrastructure, insurance, ISO-27001, metric, mfa, monitoring, network, office, phishing, ransomware, regulation, resilience, risk, risk-management, service, siem, soc, stuxnet, supply-chain, tool, vpn, vulnerability, zero-dayWhy everyone knows it’s burning, but nobody pulls the fire alarm: When I talk to OT managers, production leads or plant engineers, I rarely hear, “We didn’t know we had a problem.” Far more often, it’s, “We know it’s critical, but we can’t just shut it down.” This gap between awareness and action is the…
-
Survey: CISOs Continue to Struggle to Strike Right Risk Balance
A survey of 422 CISOs finds that while well over half (61%) believe their organizations are highly competent when it comes to cybersecurity and cyber resilience, less than half (45%) said their organization’s risk appetite is effectively aligned with cybersecurity risk management even though 57% claimed their communications channels with the line of business units..…
-
The MSP Guide to Using AI-Powered Risk Management to Scale Cybersecurity
Scaling cybersecurity services as an MSP or MSSP requires technical expertise and a business model that delivers measurable value at scale.Risk-based cybersecurity is the foundation of that model. When done right, it builds client trust, increases upsell opportunities, and drives recurring revenue. But to deliver this consistently and efficiently, you need the right technology and…
-
Die Risiken steigen schneller als die Schutzmaßnahmen Unternehmen überschätzen den Reifegrad ihres Datenschutzes
Viele deutsche Organisationen überschätzen ihren Datenschutz und sind sich der Komplexität moderner Angriffsvektoren sowie der Anforderungen an Compliance oft nicht ausreichend bewusst, was zu gefährlichen Diskrepanzen zwischen Selbstwahrnehmung und tatsächlicher Bedrohungslage führt. Ari Albertini empfiehlt dringend die Automatisierung von Sicherheits- und Compliance-Prozessen, ein aktives Risikomanagement sowie die kritische Prüfung der eingesetzten Software, um europäische Souveränität und…