Tag: risk-management
-
Trump seeks unprecedented $1.23 billion cut to federal cyber budget
by
in SecurityNews
Tags: attack, cisa, cyber, cybersecurity, data, government, infrastructure, jobs, network, nist, office, risk, risk-management, service, strategy, technology, threatCynthia Brumfield / CSO(The chart is based on White House data provided for 2017, 2018, 2019, 2020, 2021, 2022, and 2023. Numbers for 2024, 2025, and 2026 reflect adjustments that Trump’s OMB made for 2024 and 2025.)The administration’s cybersecurity budget cuts are not evenly distributed among federal agencies. In fact, according to crosscut tables released…
-
Editors’ Panel: Pro-Iran Hackers Threaten to Leak Trump Data
by
in SecurityNewsAlso: Medicare Data Breach; Gartner Security & Risk Management Summit Takeaways. In this week’s update, ISMG editors discussed Iran-linked hackers claiming to steal emails from Trump’s inner circle, how to refine application development in the age of AI, and a U.S. Medicare data breach amplifying concerns over the safety, security and privacy of federal health…
-
Cybersecurity in the supply chain: strategies for managing fourth-party risks
by
in SecurityNews
Tags: access, breach, business, ciso, compliance, control, cyber, cybersecurity, data, exploit, framework, governance, intelligence, ISO-27001, law, mitigation, monitoring, nist, risk, risk-management, saas, service, soc, software, strategy, supply-chain, threat, tool, vulnerabilitySet clear data boundaries: The reality is that any organization consuming third-party software-as-a-service offerings and services has extremely limited control over the partners that their third parties are working with, says Curtis Simpson, CISO at Armis.”This is why it’s critically important to understand the sub-processors involved in the delivery of contracted SaaS offerings and services,…
-
KnowBe4 stellt neues Assessment-Tool zur Bewertung der Sicherheitskultur vor
by
in SecurityNewsHier setzt das PMA an: Entwickelt von Perry Carpenter, einem führenden Experten für Sicherheitskultur, bietet das Tool einen klar strukturierten, praxisnahen Rahmen zur Selbsteinschätzung. Im Fokus stehen nicht technische Systeme, sondern die menschlichen und organisatorischen Faktoren, die für wirksames Human Risk Management entscheidend sind. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/knowbe4-stellt-neues-assessment-tool-zur-bewertung-der-sicherheitskultur-vor/a41280/
-
Federal Reserve System CISO on aligning cyber risk management with transparency, trust
by
in SecurityNewsIn this Help Net Security interview, Tammy Hornsby-Fink, CISO at Federal Reserve System, shares how the Fed approaches cyber risk with a scenario-based, intelligence-driven … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/01/tammy-hornsby-fink-federal-reserve-system-cyber-risk/
-
LLMs hype versus reality: What CISOs should focus on
by
in SecurityNews
Tags: ai, attack, backdoor, breach, business, chatgpt, ciso, cloud, control, corporate, cyber, cybercrime, cybersecurity, data, finance, governance, LLM, malware, monitoring, network, open-source, risk, risk-management, sans, service, software, supply-chain, technology, threat, tool, vulnerabilitynot using AI even though there is a lot of over-hype and promise about its capability. That said, organizations that don’t use AI will get left behind. The risk of using AI is where all the FUD is.”In terms of applying controls, rinse, wash, and repeat the processes you followed when adopting cloud, BYOD, and…
-
How Exposure Management Helps Communicate Cyber Risk
by
in SecurityNews
Tags: access, attack, awareness, best-practice, business, cio, cyber, cybersecurity, data, framework, metric, risk, risk-management, threat, tool, update, vulnerability, vulnerability-managementEach Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. This week, Tenable experts discuss best practices for communicating cyber risk. You can read the entire Exposure Management Academy series here. Despite headline-grabbing incidents and keen interest from C-suites and boardrooms, many security…
-
10 tough cybersecurity questions every CISO must answer
by
in SecurityNews2. How can we achieve the right security balance for our company’s risk tolerance?: To play that consultative role, CISOs also need to ask and answer that question, says Vandy Hamidi, CISO of public accounting and advisory firm BPM.”My role is to reduce risk in a way that enables the business to operate confidently while…
-
Over Two Thirds of MSPs Hit by Multiple Breaches in Past Year, Survey Reveals
by
in SecurityNewsToday, Cybersmart, a provider of cyber risk management for small businesses, has released the findings from its second annual CyberSmart MSP Survey, which focuses on the security of Managed Service Providers (MSPs) and their customers. The 2025 report revealed that 69% of MSP leaders globally admitted to being hit by multiple breaches over the past 12…
-
Third-party risk management is broken, but not beyond repair
by
in SecurityNewsGetting to the root of the problem: The surge of TPRM tools has automated much of what was once a manual, resource-intensive process. These platforms were developed to simplify the creation, distribution, and completion of security questionnaires, addressing the operational burden organizations often face when conducting third-party risk audits. While they’ve brought much-needed efficiency, they’ve…
-
The highest-paying jobs in cybersecurity today
by
in SecurityNews
Tags: access, ai, application-security, cisco, cloud, compliance, control, corporate, cybersecurity, data, defense, detection, firewall, governance, grc, hacker, identity, incident response, infrastructure, intelligence, jobs, network, penetration-testing, privacy, risk, risk-assessment, risk-management, skills, soc, threat, tool, training, vulnerability, vulnerability-managementSee “Top 12 cloud security certifications”See “CISSP certification: Requirements, training, exam, and cost”See “CCSP certification: Exam, cost, requirements, training, salary” Security engineer: After security architects, security engineers receive the second-highest annual cash compensation ($191,000), with a base salary of $168,000. Nearly a third (31%) of security engineers surveyed also received annual equity grants.Like their architect…
-
News brief: Gartner Security and Risk Management Summit recap
by
in SecurityNewsCheck out the latest security news from the Informa TechTarget team. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366626138/News-brief-Gartner-Security-and-Risk-Management-Summit-recap
-
ISMG Editors: Gartner Security & Risk Management Summit Recap
by
in SecurityNewsSecurity Leadership in Focus – From AI Risks to Cloud Responsibility. AI fragmentation, non-human identities and nation-state threats dominated conversations at the Gartner Security & Risk Management Summit. ISMG editors discuss how the event stood out for its vendor-neutral focus and strategic discussions tailored for senior security decision-makers. First seen on govinfosecurity.com Jump to article:…
-
2025 CSO Hall of Fame honorees
by
in SecurityNews
Tags: ceo, cio, ciso, corporate, cybersecurity, finance, google, group, infrastructure, international, jobs, risk, risk-management, sans, technologyMeg Anderson, VP & CISO (retired), Principal Financial Group Bob Bruns, CISO, Avanade Jonathan Chow, CISO, Genesys Mignona Cote, CISO, Infor Laura Deaner, Managing Director, CISO, The Depository Trust & Clearing Corporation (DTCC) George Finney, CISO, University of Texas System Michael Gordon, SVP & CISO, McDonald’s Ron Green, Cybersecurity Fellow/Former CSO, Mastercard Shawn Henry, CSO, CrowdStrike Todd Lukens, SVP, Security & Infrastructure, Nationwide Rishi Tripathi,…
-
Ganzheitliches Risikomanagement – Was ist Enterprise Risk Management?
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/was-ist-erm-enterprise-risk-management-a-95772b2efb270802d7a6c2d60231c13e/
-
AuditBoard expandiert nach Deutschland – Neue Lösungen für Audit, Compliance und Risikomanagement
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/auditboard-risikomanagement-compliance-deutschland-a-7ea05c051821d78967ca18d28c302f0e/
-
How to Get a Clearer Picture of Vendor Risk
by
in SecurityNewsExperts Call for Continuous Assessments of Vendor Risk – Not Just at Onboarding. As vendor ecosystems grow in complexity, many organizations still view third-party risk management as a static assessment of vendors as they’re onboarded. But organizations often focus too heavily on upfront vetting of vendors and fail to track how their risk profiles may…
-
Seraphic Security Unveils BrowserTotal Free AI-Powered Browser Security Assessment for Enterprises
by
in SecurityNewssrcset=”https://b2b-contenthub.com/wp-content/uploads/2025/06/dashboard1200x720_2_1749468214vL4nUEOAEX.jpg?quality=50&strip=all 1200w, b2b-contenthub.com/wp-content/uploads/2025/06/dashboard1200x720_2_1749468214vL4nUEOAEX.jpg?resize=300%2C180&quality=50&strip=all 300w, b2b-contenthub.com/wp-content/uploads/2025/06/dashboard1200x720_2_1749468214vL4nUEOAEX.jpg?resize=768%2C461&quality=50&strip=all 768w, b2b-contenthub.com/wp-content/uploads/2025/06/dashboard1200x720_2_1749468214vL4nUEOAEX.jpg?resize=1024%2C614&quality=50&strip=all 1024w, b2b-contenthub.com/wp-content/uploads/2025/06/dashboard1200x720_2_1749468214vL4nUEOAEX.jpg?resize=1162%2C697&quality=50&strip=all 1162w, b2b-contenthub.com/wp-content/uploads/2025/06/dashboard1200x720_2_1749468214vL4nUEOAEX.jpg?resize=280%2C168&quality=50&strip=all 280w, b2b-contenthub.com/wp-content/uploads/2025/06/dashboard1200x720_2_1749468214vL4nUEOAEX.jpg?resize=140%2C84&quality=50&strip=all 140w, b2b-contenthub.com/wp-content/uploads/2025/06/dashboard1200x720_2_1749468214vL4nUEOAEX.jpg?resize=800%2C480&quality=50&strip=all 800w, b2b-contenthub.com/wp-content/uploads/2025/06/dashboard1200x720_2_1749468214vL4nUEOAEX.jpg?resize=600%2C360&quality=50&strip=all 600w, b2b-contenthub.com/wp-content/uploads/2025/06/dashboard1200x720_2_1749468214vL4nUEOAEX.jpg?resize=417%2C250&quality=50&strip=all 417w” width=”1024″ height=”614″ sizes=”(max-width: 1024px) 100vw, 1024px”> Cyber NewsWirePowered by AI, BrowserTotal offers CISOs and security teams a comprehensive, hands-on environment to test browser security defenses against today’s most sophisticated threats. Key features of the platform include: Posture…
-
Multicloud security automation is essential, but no silver bullet
by
in SecurityNews
Tags: access, ai, automation, best-practice, bsi, business, cloud, compliance, control, corporate, data, framework, guide, infrastructure, intelligence, monitoring, risk, risk-management, service, soar, strategy, threat, tool, training, update, vulnerabilityDefining multicloud automation strategies: As an engineering leader, how should you approach implementing security automation in a multicloud environment? The experts we spoke to emphasized intentional design, layered planning, and a commitment to continual refinement.”I like to consider the planning process in terms of layers,” says Protiviti’s Armknecht. “The foundational layer involves achieving observability across…
-
NIST Launches Updated Incident Response Guide
by
in SecurityNews
Tags: cybersecurity, framework, guide, incident response, nist, risk, risk-management, technology, updateThe National Institute of Standards and Technology (NIST) has released a long-awaited update to its incident response guidance: Special Publication 800-61 Revision 3 (SP 800-61r3). This new version, titled “Incident Response Recommendations and Considerations for Cybersecurity Risk Management,” aligns closely with the latest Cybersecurity Framework (CSF) 2.0, marking a significant evolution in how organizations should……
-
How Security Teams Can Turn Hype Into Opportunity
by
in SecurityNewsDuring the opening keynote at Gartner Security & Risk Management Summit 2025, analysts weighed in on how CISOs and security teams can use security fervor around AI and other tech to the betterment of their security posture. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/gartner-security-teams-hype-opportunity