%term

What Security Teams Need to Know About the EU's NIS 2 Directive

Oct 24, 2024 By Graham Rance, VP Global Pre-Sales In CyCognito

The deadline to get compliant with the EU's NIS 2 Directive is here. And this isn't just a minor update from its NIS 1 predecessor-it's a major expansion that carries with it new challenges and obligations. The directive now covers a whopping 300,000 organizations, up from just 20,000 under NIS 1. Sectors like aerospace, public administration, digital services, postal and courier services, and food production are now included. Organizations are classified into "essential" or "important" entities based on size and criticality to the economy.

Read Post

CyCognito

Read more about What Security Teams Need to Know About the EU's NIS 2 Directive

How to Overcome the Security Questionnaire Burden

Oct 24, 2024 By Nicholas Sollitto In UpGuard

If you’re on the frontlines of your organization’s cybersecurity department, you’ve likely found yourself burdened by security questionnaires. Whether you’re in charge of evaluating vendor responses or completing questionnaires yourself, it’s no secret these requests can be time-consuming for everyone involved. Well, what if this didn’t have to be the case?

Read Post

UpGuard

Read more about How to Overcome the Security Questionnaire Burden

What is Third-Party Risk Monitoring in Cybersecurity?

Oct 24, 2024 By Edward Kost In UpGuard

Third-party monitoring is a critical aspect of Third-Party Risk Management as it keeps security teams informed of the organization's evolving third-party risk exposure. To learn the importance of third-party monitoring and why it should be emphasized in your TPRM program, read on.

Read Post

UpGuard

Read more about What is Third-Party Risk Monitoring in Cybersecurity?

New from Nucleus: Automating POA&M Management for Federal Compliance

Oct 24, 2024 By Scott Kuffer In Nucleus

Managing compliance in federal IT is a critical and complex task, especially when it comes to addressing findings from security assessments. One of the key tools to bridge the gap between requirements and the current state is the Plan of Action and Milestones (POA&M). Required by federal security frameworks like the Federal Information Security Modernization Act (FISMA) and NIST 800-53, POA&Ms are used to document security weaknesses, outline mitigation plans, and track their resolution.

Read Post

Nucleus

Read more about New from Nucleus: Automating POA&M Management for Federal Compliance

Nucleus Security Launches POAM Process Automation for Federal Agencies

Oct 23, 2024 By Nucleus In Nucleus

Nucleus Security Launches POAM Process Automation for Federal Agencies Integrated solution helps federal agencies and their suppliers reduce operational overhead, maintain compliance, and promote risk management efficacy.

Read Post

Nucleus

Read more about Nucleus Security Launches POAM Process Automation for Federal Agencies

Bensdays - Ep #3 Botnets and Citrus

Oct 23, 2024 By BitSight In BitSight

What do lemons and botnets have in common? You’ll have to watch to find out! Check out Ben Edwards in this week’s reel for a fresh take on cyber threats.

View Video

BitSight

Read more about Bensdays - Ep #3 Botnets and Citrus

Bensdays - Ep #4 Out-of-date things

Oct 23, 2024 By BitSight In BitSight

It's again! And this week, we're spicing up Cybersecurity Awareness Month with a fresh take on software updates. Don’t let outdated tech be the mold on your kohlrabi recipe! Watch now & join us next week for more insights.

View Video

BitSight

Read more about Bensdays - Ep #4 Out-of-date things

LLM Prompt Injection 101

Oct 23, 2024 By Anirban Banerjee In Riscosity

Prompt injection attacks exploit vulnerabilities in natural language processing (NLP) models by manipulating the input to influence the model’s behavior. Common prompt injection attack patterns include: 1. Direct Command Injection: Crafting inputs that directly give the model a command, attempting to hijack the intended instruction. 2. Instruction Reversal: Adding instructions that tell the model to ignore or reverse previous commands. 3.

Read Post

Riscosity

Read more about LLM Prompt Injection 101

Why GRC Tools Are Just Junkyards of Information | Razorthorn Security

Oct 23, 2024 By Razorthorn In Razorthorn

Despite the potential, Jack Jones argues that most GRC tools fail to understand risk and end up being repositories of irrelevant data. Hear why they don’t hit the mark and what needs to change.

View Video

Razorthorn

Read more about Why GRC Tools Are Just Junkyards of Information | Razorthorn Security

Four Ways to Streamline Your Security Review Process

Oct 23, 2024 By Viet Tran In BitSight

Security reviews of third-party vendors are now an essential element of an effective governance, risk, and compliance (GRC) function. After all, there have been numerous examples in recent years of organizations with an otherwise strong security posture falling victim to threats that originated with supply chain partners. But whether you are on the sending or receiving end of a security review, completing the process can be time-consuming and inefficient.

Read Post