The zero trust maturity model is a Cybersecurity and Infrastructure Security Agency (CISA) initiative to help achieve a modern approach of zero trust through the implementation of five pillars with cross-cutting capabilities. The five pillars of zero-trust security are identity, device, network, application and workload and data.

Today almost every organization outsources at least some part (if not many parts) of its operations to third parties. That means those organizations must govern the risks of those third parties — but obtaining the assurance you want from your third parties is a daunting task.

We are in a new global AI race to unlock new, knowledge-based capabilities at a scale never before seen. Companies like OpenAI have proven that early movers reap outsized rewards, so speed is of the essence.

In light of the SEC's cybersecurity disclosure regulations in the US and NIS2 in Europe, corporate executives and institutional investors are facing a pressing need to align their expectations and improve understanding around cybersecurity risk management. The evolving threat landscape and regulatory environment highlight the importance of cohesive strategies to measure, prioritize, mitigate, and communicate cyber risks effectively.

What is there to know about a person? Certainly, their name, but how about their affiliations, philosophical beliefs, or sexual orientation? The nuanced information about a person—including those elements listed above and more—falls into a data category called “personal information” or “personally identifying information” (PII).

Published in 2023, the OWASP Top 10 for LLM Applications is a monumental effort made possible by a large number of experts in the fields of AI, cybersecurity, cloud technology, and beyond. OWASP contributors came up with over 40 distinct threats and then voted and refined their list down to the ten most important vulnerabilities.

User rights permissions regulate access to computer and domain resources, with the ability to override permissions set on specific objects. Managed in Group Policy, each user right has a constant name as well as a Group Policy name associated with it. The constant names are used when referring to the user right in log events. In this section, they’re referred to as user rights, but they’re commonly known as privileges.

Our healthcare client faced a security threat through PDF generation on their platform. We discovered a flaw that allowed harmful code to be included in PDFs, enabling us to access internal server files and services as well as obtaining AWS credentials. Taking proactive steps is vital to protect healthcare systems from such vulnerabilities.