Tag: risk-management
-
Qualys erweitert sein Enterprise-Trurisk-Management mit integrierter AgenticFabric
Qualys hat leistungsstarke neue Funktionen in Qualys-Enterprise-Trurisk-Management (ETM) vorgestellt, die das proaktive Risikomanagement stärken und Unternehmen dabei helfen, neue und aufkommende Angriffsvektoren im Zeitalter der agentenbasierten KI vorherzusagen und sich davor zu schützen. Die auf der Flaggschiff-Konferenz ‘Risk Operations Conference” (ROCon) von Qualys in Houston angekündigten Verbesserungen stärken die Identitätssicherheit für menschliche und nicht-menschliche Identitäten,…
-
AI and Cyber Control Assessment for Risk Visibility – Kovrr
Articles related to cyber risk quantification, cyber risk management, and cyber resilience. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/ai-and-cyber-control-assessment-for-risk-visibility-kovrr/
-
AI and Cyber Control Assessment for Risk Visibility – Kovrr
Articles related to cyber risk quantification, cyber risk management, and cyber resilience. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/ai-and-cyber-control-assessment-for-risk-visibility-kovrr/
-
Qualys erweitert Enterprise TruRisk Management um neue KI-gestützte Sicherheitsfunktionen
Agentische KI verändert die Cybersicherheit und zwingt Unternehmen dazu, ihr Risikomanagement zu überdenken. Um vorne zu bleiben, müssen sie Risiken proaktiv reduzieren, vorhersagen, wo Angreifer am ehesten zuschlagen werden First seen on infopoint-security.de Jump to article: www.infopoint-security.de/qualys-erweitert-enterprise-trurisk-management-um-neue-ki-gestuetzte-sicherheitsfunktionen/a42393/
-
Qualys erweitert Enterprise TruRisk Management um neue KI-gestützte Sicherheitsfunktionen
Agentische KI verändert die Cybersicherheit und zwingt Unternehmen dazu, ihr Risikomanagement zu überdenken. Um vorne zu bleiben, müssen sie Risiken proaktiv reduzieren, vorhersagen, wo Angreifer am ehesten zuschlagen werden First seen on infopoint-security.de Jump to article: www.infopoint-security.de/qualys-erweitert-enterprise-trurisk-management-um-neue-ki-gestuetzte-sicherheitsfunktionen/a42393/
-
Vom Alarm zur Aktion – So gewinnen CISOs mit dynamischem Risk-Management die Oberhand
First seen on security-insider.de Jump to article: www.security-insider.de/dynamisches-risk-management-it-bedrohungen-cisos-a-d54fca6bb3e46cd04b5d0d1ba2a5bc86/
-
Vom Alarm zur Aktion – So gewinnen CISOs mit dynamischem Risk-Management die Oberhand
First seen on security-insider.de Jump to article: www.security-insider.de/dynamisches-risk-management-it-bedrohungen-cisos-a-d54fca6bb3e46cd04b5d0d1ba2a5bc86/
-
A View from the C-suite: Aligning AI security to the NIST RMF FireTail Blog
Tags: access, ai, attack, breach, csf, cybersecurity, data, data-breach, defense, detection, framework, governance, grc, guide, incident response, infrastructure, injection, jobs, LLM, malicious, nist, RedTeam, risk, risk-management, strategy, supply-chain, theft, tool, vulnerabilityOct 15, 2025 – Jeremy Snyder – In 2025, the AI race is surging ahead and the pressure to innovate is intense. For years, the NIST Cybersecurity Framework (CSF) has been our trusted guide for managing risk. It consists of five principles: identify, protect, detect, respond, and recover. But with the rise of AI revolutionizing…
-
Insider Research im Gespräch – Agentenbasierte KI und Human Risk Management
First seen on security-insider.de Jump to article: www.security-insider.de/agentenbasierte-ki-und-human-risk-management-a-5fe54ef75c39058be05f054b5e1989c4/
-
Boost AI Risk Management With AI Risk Quantification – Kovrr
Articles related to cyber risk quantification, cyber risk management, and cyber resilience. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/boost-ai-risk-management-with-ai-risk-quantification-kovrr/
-
Beyond the checklist: Building adaptive GRC frameworks for agentic AI
Tags: access, ai, breach, ciso, cloud, compliance, control, crime, data, detection, endpoint, finance, framework, fraud, governance, grc, international, metric, monitoring, nist, risk, risk-management, strategy, supply-chain, switchAutonomous agent drift First, I experienced an autonomous agent drift that nearly caused a severe financial and reputational crisis. We deployed a sophisticated agent tasked with optimizing our cloud spending and resource allocation across three regions, giving it a high degree of autonomy. Its original mandate was clear, but after three weeks of self-learning and…
-
KnowBe4 ist Vorreiter beim Security-Training von und mit KI-Agenten
Der Anbieter der weltweit renommierten Cybersicherheits-Plattform, die sich umfassend mit KI und Human-Risk-Management befasst, KnowBe4, stellt neue Trainings vor. Mit ihrer Hilfe kann die Effektivität von sowohl Menschen als auch KI-Agenten in der Abwehr von Cyberbedrohungen gesteigert werden. Laut Gartner werden bis Ende 2026 vierzig Prozent der Unternehmensanwendungen mit aufgabenspezifischen KI-Agenten integriert sein, während dies…
-
Vom CISO zum Chief Risk Architect
Tags: ai, business, ceo, ciso, cyber, cyberattack, cyersecurity, dora, finance, firewall, germany, incident response, nis-2, resilience, risk, risk-assessment, risk-management, supply-chain, technology, update, vulnerabilityDer moderne CISO wird zum Chief Risk Architect.Jahrelang waren CISOs im Maschinenraum der IT tätig und konzentrierten sich auf die Einhaltung von Vorschriften, die Verwaltung von Firewalls, Patching und die Reaktion auf Vorfälle. Ihr Hauptziel war es, einen Cyberangriff zu verhindern und die Sicherheit aufrechtzuerhalten. Doch dieses Modell wird der Komplexität moderner Bedrohungen nicht mehr…
-
AI red flags, ethics boards and the real threat of AGI today
Tags: ai, computer, control, data-breach, disinformation, finance, government, intelligence, risk, risk-management, threatQ: Should every large enterprise have an AI ethics board, and what should its remit include?: Paul Dongha: “When it comes to the executives and decision-makers of large corporations, I think there are a few things here.”Firstly, I believe an ethics board is absolutely mandatory. It should be comprised of senior executives drawn from a…
-
AI red flags, ethics boards and the real threat of AGI today
Tags: ai, computer, control, data-breach, disinformation, finance, government, intelligence, risk, risk-management, threatQ: Should every large enterprise have an AI ethics board, and what should its remit include?: Paul Dongha: “When it comes to the executives and decision-makers of large corporations, I think there are a few things here.”Firstly, I believe an ethics board is absolutely mandatory. It should be comprised of senior executives drawn from a…
-
Cybersecurity Snapshot: AI Security Skills Drive Up Cyber Salaries, as Cyber Teams Grow Arsenal of AI Tools, Reports Find
Tags: access, advisory, ai, attack, authentication, breach, business, ciso, cloud, computing, credentials, cve, cyber, cybersecurity, data, defense, endpoint, exploit, extortion, finance, framework, fraud, google, governance, guide, hacker, hacking, identity, incident response, Internet, iot, jobs, login, microsoft, monitoring, network, nist, oracle, organized, password, privacy, ransomware, risk, risk-assessment, risk-management, scam, skills, technology, threat, tool, training, update, vulnerability, vulnerability-management, zero-dayWant recruiters to show you the money? A new report says AI skills are your golden ticket. Plus, cyber teams are all in on AI, including agentic AI tools. Oh, and please patch a nasty Oracle zero-day bug ASAP. And get the latest on vulnerability management, IoT security and cyber fraud. Key takeaways Eager to…
-
SailPoint bietet Transparenz, Kontrolle und Skalierbarkeit für alle Identitäten in Unternehmen
Neue Funktionen in den Bereichen Cloud, Non-Employee Risk Management, Maschinenidentitäten und Konnektivität stärken unternehmensweit die Identitätssicherheit First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sailpoint-bietet-transparenz-kontrolle-und-skalierbarkeit-fuer-alle-identitaeten-in-unternehmen/a42331/
-
Disaster Recovery und Business Continuity effektiv planen
Tags: ai, api, backup, business, ciso, cloud, compliance, cyber, cyberattack, cyersecurity, gartner, Internet, mail, ransomware, resilience, risk, risk-management, saas, service, software, strategy, technology, tool, vulnerabilitySechs Schritte sollten CISOs für einen erfolgreichen Disaster-Recovery- und Business-Continuity-Plan beachten.Die Grundprinzipien der Disaster Recovery (DR) und der Business Continuity sind seit Jahrzehnten weitgehend unverändert:Risiken identifizieren,die Auswirkungen auf das Geschäft analysieren,Wiederanlaufzeiten (Recovery Time Objectives, RTOs) festlegen,einen Sicherungs- und Wiederherstellungsplan erstellen undregelmäßige Tests durchführen.In der Vergangenheit lagen die Daten auf Servern vor Ort, Cyberbedrohungen waren weniger…
-
Your cyber risk problem isn’t tech, it’s architecture
Tags: ai, attack, awareness, best-practice, business, ciso, cloud, compliance, container, control, csf, cyber, cybersecurity, data, data-breach, defense, finance, framework, GDPR, governance, grc, group, intelligence, Internet, ISO-27001, mitre, nist, PCI, phishing, privacy, ransomware, regulation, risk, risk-assessment, risk-management, software, strategy, threat, training, update, vulnerabilityIf the company already has a mature risk culture: The implementation of a cybersecurity management project becomes more flexible. Since my goal is to share the mechanics to achieve success in a cybersecurity program, I emphasize below some components of this ‘recipe’ to consider: Understand the dynamics and scope of the business, mapping stakeholders, processes…
-
Your cyber risk problem isn’t tech, it’s architecture
Tags: ai, attack, awareness, best-practice, business, ciso, cloud, compliance, container, control, csf, cyber, cybersecurity, data, data-breach, defense, finance, framework, GDPR, governance, grc, group, intelligence, Internet, ISO-27001, mitre, nist, PCI, phishing, privacy, ransomware, regulation, risk, risk-assessment, risk-management, software, strategy, threat, training, update, vulnerabilityIf the company already has a mature risk culture: The implementation of a cybersecurity management project becomes more flexible. Since my goal is to share the mechanics to achieve success in a cybersecurity program, I emphasize below some components of this ‘recipe’ to consider: Understand the dynamics and scope of the business, mapping stakeholders, processes…
-
Bitdefender und secunet: Digitale Souveränität in der Cloud
Bitdefender, ein in Europa ansässiges führendes Cybersecurity-Unternehmen, hat seine strategische Partnerschaft mit secunet bekanntgegeben, einem Unternehmen, das auf digitale Souveränität und den Schutz hochkritischer Umgebungen, etwa von Behörden, spezialisiert ist. In Deutschland kann Bitdefender ab sofort Bitdefender GravityZone, seine umfassende Plattform für Cybersicherheit, Risikomanagement und Compliance, in der souveränen OpenStack Cloud von SysEleven, einem Tochterunternehmen……
-
Autonomous AI hacking and the future of cybersecurity
Tags: ai, cyber, cyberattack, cybersecurity, defense, framework, hacking, offense, open-source, programming, reverse-engineering, risk, risk-management, saas, software, tool, update, vulnerabilityThe AI-assisted evolution of cyberdefense: AI technologies can benefit defenders as well. We don’t know how the different technologies of cyber-offense and cyber-defense will be amenable to AI enhancement, but we can extrapolate a possible series of overlapping developments.Phrase One: The Transformation of the Vulnerability Researcher. AI-based hacking benefits defenders as well as attackers. In…
-
Autonomous AI hacking and the future of cybersecurity
Tags: ai, cyber, cyberattack, cybersecurity, defense, framework, hacking, offense, open-source, programming, reverse-engineering, risk, risk-management, saas, software, tool, update, vulnerabilityThe AI-assisted evolution of cyberdefense: AI technologies can benefit defenders as well. We don’t know how the different technologies of cyber-offense and cyber-defense will be amenable to AI enhancement, but we can extrapolate a possible series of overlapping developments.Phrase One: The Transformation of the Vulnerability Researcher. AI-based hacking benefits defenders as well as attackers. In…
-
Bitdefender und Secunet offerieren Cybersicherheit mit digitaler Souveränität in der Cloud
Bitdefender, ein in Europa ansässiges führendes Cybersecurity-Unternehmen, hat seine strategische Partnerschaft mit Secunet bekanntgegeben, einem Unternehmen, das auf digitale Souveränität und den Schutz hochkritischer Umgebungen, etwa von Behörden, spezialisiert ist. In Deutschland kann Bitdefender ab sofort , seine umfassende Plattform für Cybersicherheit, Risikomanagement und Compliance, in der souveränen von Syseleven, einem Tochterunternehmen von […] First…
-
Bitdefender und Secunet offerieren Cybersicherheit mit digitaler Souveränität in der Cloud
Bitdefender, ein in Europa ansässiges führendes Cybersecurity-Unternehmen, hat seine strategische Partnerschaft mit Secunet bekanntgegeben, einem Unternehmen, das auf digitale Souveränität und den Schutz hochkritischer Umgebungen, etwa von Behörden, spezialisiert ist. In Deutschland kann Bitdefender ab sofort , seine umfassende Plattform für Cybersicherheit, Risikomanagement und Compliance, in der souveränen von Syseleven, einem Tochterunternehmen von […] First…
-
The Political Weaponization of Cybersecurity
Cybersecurity should be guided by technical principles”, not politics. Yet recent incidents in the U.S. highlight how cybersecurity decisions and dismissals are increasingly being used to advance partisan agendas. From cloud data migrations to high-profile government firings, security is becoming a political tool rather than a neutral safeguard. True cybersecurity must return to its foundation:…
-
News alert: Living Security unveils HRMCon 2025 lineup amid 81% human cyber risk visibility gap
Austin, Texas, Sept. 25, 2025, CyberNewswire, Living Security, a global leader in Human Risk Management (HRM), today announced the full speaker lineup for the Human Risk Management Conference (HRMCon 2025), taking place October 20, 2025, at Austin’s Q2… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/news-alert-living-security-unveils-hrmcon-2025-lineup-amid-81-human-cyber-risk-visibility-gap/
-
USENIX 2025: Using Privacy Infrastructure To Kickstart AI Governance: NIST AI Risk Management Case Studies
Creators, Authors and Presenters: Katharina Koerner, Trace3; Nandita Rao Narla, DoorDash Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Enigma ’23 Conference content on the organization’s’ YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/usenix-2025-using-privacy-infrastructure-to-kickstart-ai-governance-nist-ai-risk-management-case-studies/
-
Living Security Unveils HRMCon 2025 Speakers as Report Finds Firms Detect Just 19% of Human Risk
Living Security, a global leader in Human Risk Management (HRM), today announced the full speaker lineup for the Human Risk Management Conference (HRMCon 2025), taking place October 20, 2025, at Austin’s Q2 Stadium and virtually worldwide. The announcement follows findings from the newly published 2025 State of Human Cyber Risk Report, produced by the Cyentia…
-
AI coding assistants amplify deeper cybersecurity risks
Tags: access, ai, api, application-security, attack, authentication, business, ceo, ciso, cloud, compliance, control, cybersecurity, data, data-breach, detection, fintech, flaw, governance, injection, leak, LLM, metric, open-source, programming, radius, risk, risk-management, service, software, startup, strategy, threat, tool, training, vulnerability‘Shadow’ engineers and vibe coding compound risks: Ashwin Mithra, global head of information security at continuous software development firm Cloudbees, notes that part of the problem is that non-technical teams are using AI to build apps, scripts, and dashboards.”These shadow engineers don’t realize they’re part of the software development life cycle, and often bypass critical…