Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

bitsight

Do We Need Yet Another Vulnerability Scoring System? For SSVC, That's a YASS

Sep 10, 2024 By Ben Edwards In BitSight
The security world is awash in acronyms. As a niche in the security world, vulnerability, tracking, measurement, and management is no stranger to inscrutable collections of capital letters. We’ve got NVD, CPE, CWE, CVSS, EPSS, CAPEC, KEV, and of course “CVE”. The key goal of all these frameworks is to try to help folks organize information around vulnerabilities and assess how their presence might increase an organization's exposure.
Read Post
SecurityScorecard

Billington 2024: Key Cybersecurity Takeaways from the AI Age

Sep 9, 2024 By SecurityScorecard In SecurityScorecard
SecurityScorecard had the pleasure of participating in the 15th Annual Billington CyberSecurity Conference – a key convening of policymakers and industry thought leaders in our Nation’s Capital. This year’s edition – Advancing Cybersecurity in the AI Age – included over 4,000 registrants and 200 speakers participating in 40+ sessions and breakouts. It would not be an emerging tech and government conference without an extra emphasis on AI.
Read Post
cyberint

Why MSSPs Are Short on Good External Risk Management Tools

Sep 8, 2024 By Avi Mileguir In Cyberint
If you’ve worked in the Managed Security Services Provider (MSSP) industry for a while, you might remember the era when the MSSP tool set consisted only of internal risk management solutions – like software that scanned client endpoints and application source code. Those days are gone. Today, external risk management has become just as critical a part of an MSSP’s job.
Read Post
SecurityScorecard

CISA's Secure By Design: A Year Later

Sep 6, 2024 By SecurityScorecard In SecurityScorecard
In April this year, the CISA Secure By Design initiative turned one. The initiative calls for the public and private sectors to work together to challenge and encourage software manufacturing companies to adopt principles to ensure their software is developed and produced as securely as possible. The initiative tracks seven goals that software manufacturers can pledge to develop and transparently track progress towards those goals.
Read Post
securitysenses

Understanding Risk Management in Trading for Newcomers

Sep 6, 2024 By SecuritySenses In SecuritySenses
Risk management is a crucial pillar of successful trading, especially for newcomers navigating the often volatile financial markets. At its core, risk management involves identifying, assessing, and prioritizing risks to minimize potential losses. New traders should start by determining their risk tolerance - an understanding of how much they can afford to lose without jeopardizing their financial stability. Keeping a crypto trading diary can also help in tracking decisions and outcomes, which is essential for improving one's approach to risk management.
Read Post
vanta

Vanta Delivers: Introducing New Products for the Future of Governance, Risk and Compliance (GRC)

Sep 5, 2024 By Vanta In Vanta
Empowering GRC teams to make their security and compliance continuous and automated. Announcing Report Center, enhancements to Vendor Risk Management (VRM), and market-leading milestones for integrations and frameworks.
Read Post
upguard

ServiceNow Vulnerabilities: CVE-2024-4789 and CVE-2024-5217

Sep 5, 2024 By Nicholas Sollitto In UpGuard
In late July 2024, the US Cybersecurity and Infrastructure Security Agency (CISA) added two critical vulnerabilities (CVE-2024-4789 and CVE-2024-5217) affecting ServiceNow to its list of known exploited vulnerabilities. These vulnerabilities can allow unauthenticated users to execute code remotely, posing severe risks to organizations that use the platform. The potential for unauthorized access and severe data breaches makes addressing these vulnerabilities crucial.
Read Post
bitsight

A Complete Guide to Security Ratings

Sep 5, 2024 By Rachel Holmes In BitSight
Security ratings are a data-driven, dynamic measurement of an organization's cyber security performance that can be used to understand and influence internal and third-party cyber risk. Sometimes referred to as cybersecurity ratings, these quantitative metrics give security teams a simple indicator of security performance across their own organization, as well as the security posture of the third-party organizations they rely on.
Read Post
cultureai

More than a security alert: A guide to nudges

Sep 4, 2024 By Lexie Taylor-East In CultureAI
As American poet Nikki Giovanni wisely observed, "Mistakes are a fact of life. It is the response to error that counts." This rings particularly true in the world of cyber security. Even the most vigilant individuals can make mistakes—after all, we’re only human. What truly matters is how we respond. Imagine a platform that automatically detects risky security behaviours, alerting employees and nudging them to fix their mistakes before they escalate?
Read Post
bitsight

A look into Web Application Security

Sep 3, 2024 By Pedro Umbelino In BitSight
In today's digital age, web applications are the backbone of many businesses, supporting and managing a vast array of sensitive information, from personal details and financial records to critical business data. When we think about any company that we want to know more about, the most common question is: “what is their website”? But web applications are not just about traditional websites, they encompass far more than just the pages you go to when browsing the Internet.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.