Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Unauthorized access continues to be one of the biggest cybersecurity problems for organizations of all sizes. Its consequences can be severe, ranging from data breaches and financial losses to reputational damage and lawsuits. Therefore, it’s critical for organizations to establish a robust cybersecurity strategy and implement best practices to effectively detect and respond to unauthorized access.

Economic pressures have been leading to greater budget scrutiny and justification of resources for cybersecurity teams. Boards are asking harder questions around cyber risk and exposure. Not only are CISOs working hard to justify and measure their program, they’ve had to become more data-driven in the way they align investments towards company outcomes and business objectives.

The National Institute of Standards and Technology (NIST) has announced the launch of Assessing Risks and Impacts of AI (ARIA), a groundbreaking evaluation program to guarantee the secure and trustworthy deployment of artificial intelligence. Spearheaded by Reva Schwartz, ARIA is designed to integrate human interaction into AI evaluation, covering three crucial levels: model testing, red-teaming, and field testing.

The advent of cloud technology has revolutionized organizations’ data use and security practices. Cloud development has decentralized data management, with development and DevOps teams — and now business intelligence (BI) and AI teams — dispersing data across multiple cloud service providers, regions and applications. This decentralization has fueled the proliferation of shadow data and heightened the risk of unintentional data exposure.

For cybersecurity professionals tasked with defending the public sector, tackling the U.S. Government Configuration Baseline (USGCB) is just another hurdle to a safer federal tomorrow. Part of a wide collection of necessary federal government compliance requirements, it hones in on which baseline security configurations are necessary for federally deployed IT products.

In the latest episode of the Trust Issues podcast, the focus is on the criticality of time in organizational security. The conversation with host David Puner and guest Katherine Mowen, SVP of Information Security at Rate (formerly Guaranteed Rate), highlights the importance of swift decision-making and prompt threat response. They discuss the role of just-in-time (JIT) access and AI in accelerating response times, as well as the ever-evolving threat landscape that requires constant vigilance.

API Management is a comprehensive process that involves creating, publishing, documenting, and overseeing application programming interfaces (APIs) in a secure, scalable environment. APIs are the backbone of modern software architecture, enabling interoperability and seamless functionality across diverse applications. They facilitate the integration of different software components, allowing them to intercommunicate and share data efficiently.

Recently I had to prepare for a governance, risk and compliance conference. I promptly realized that although I used to be quite immersed in this field as an ISO 27k implementation consultant and even a short stint as a Payment Card Industry (PCI QSA) auditor years ago, it has been a while since I looked into this.

Every organization is different, with its own unique needs, challenges and goals. That means that IT solutions, and especially IT security, must be complex tools that are highly configurable and adaptable to various scenarios. IT security solutions must be flexible and robust enough to handle many situations.