Risk Management

Five Key Findings from the Inaugural EPSS Report

Aug 21, 2024 By Corey Tomlinson In Nucleus

Last month, Cyentia and First.org published the inaugural Exploit Prediction Scoring System (EPSS) performance report. The report goes beyond just assessing the EPSS predictive scoring model. It looks at historical vulnerability data and published CVEs, as well as provides comparisons to the other popular scoring models: CVSS and CISA-KEV.

Read Post

Nucleus

Read more about Five Key Findings from the Inaugural EPSS Report

Navigating Japan METI's Upcoming Cybersecurity Rating System: Strategies for Businesses to Enhance Cyber Defense

Aug 21, 2024 By Terence Cheong In BitSight

On April 9, 2024, Japan's Ministry of Economy, Trade and Industry (METI) announced its intention to implement a cybersecurity rating system for companies by fiscal year 2025.

Read Post

BitSight

Read more about Navigating Japan METI's Upcoming Cybersecurity Rating System: Strategies for Businesses to Enhance Cyber Defense

Top cyber security threats to look out for

Aug 21, 2024 By Obrela In Obrela

Increasingly sophisticated cyber security threats present significant challenges for businesses and individuals alike. And with increasing dependency on technology and digital platforms, understanding the various types of cyber security attacks and how they can impact an organization is crucial to maintain a secure business environment. From phishing scams to ransomware attacks, cyber security attacks are constantly evolving, becoming more targeted and difficult to detect.

Read Post

Obrela

Read more about Top cyber security threats to look out for

Dcode Capital Makes Investment in Nucleus Security to Solve Critical Cybersecurity Challenges for Federal Organizations

Aug 20, 2024 By Nucleus In Nucleus

Unified vulnerability management streamlines vulnerability analysis, triage, and remediation.

Read Post

Nucleus

Read more about Dcode Capital Makes Investment in Nucleus Security to Solve Critical Cybersecurity Challenges for Federal Organizations

Challenges in Automating and Scaling Remote Vulnerability Detection

Aug 20, 2024 By Kolby O'Malley-Dertien In BitSight

When a new major CVE gets released, cybersecurity companies race to discover ways of detecting the new vulnerability and organizations scramble to determine if they are impacted or not. Developing high-confidence techniques to scan the public-facing Internet assets for newly published vulnerabilities can potentially take weeks or even months as vulnerability researchers discover and test various detection methods.

Read Post

BitSight

Read more about Challenges in Automating and Scaling Remote Vulnerability Detection

The Role of ISO 27001 in Enhancing Information Security

Aug 20, 2024 By SecuritySenses In SecuritySenses

In today's digital age, information security is paramount for organizations of all sizes and industries. Protecting sensitive data from cyber threats, unauthorized access, and other vulnerabilities is a critical concern. One of the most effective frameworks for achieving robust information security is ISO 27001. This international standard provides a comprehensive approach to managing and safeguarding information assets. This article delves into the role of ISO 27001 in enhancing information security, exploring its key principles, benefits, and implementation strategies.

Read Post

SecuritySenses

Read more about The Role of ISO 27001 in Enhancing Information Security

Insights From The SOC

Aug 16, 2024 By Theofanis Dimakis In Obrela

A review of AI-generated malware, and how a SOC might deal with the ever-increasing threat… Theofanis Dimakis, SOC Officer, and Nikolaos Tsompanidis, Threat Detection & Response Expert at Obrela, speaking during the recent CRESTCon Europe event, shared insights from their perspective into detecting malware, including the rising tide of AI variants.

Read Post

Obrela

Read more about Insights From The SOC

What is HIPAA and How to Become Compliant

Aug 16, 2024 By Charrah Hardamon In Riscosity

HIPAA stands for Health Insurance Portability and Accountability Act. HIPAA is a U.S. law that was enacted in 1996 to protect sensitive patient health information from being disclosed without the patient's consent or knowledge and is enforced by the Department of Health and Human Services (HHS). The purpose of HIPAA is to protect the privacy of patients’ medical information and secure the handling of health information in the age of electronic health records.

Read Post

Riscosity

Read more about What is HIPAA and How to Become Compliant

Generative AI: Workplace Innovation or Security Nightmare

Aug 16, 2024 By Frederick Coulton In CultureAI

The field of AI has been around for decades, but its current surge is rewriting the rules at an accelerated rate. Fuelled by increased computational power and data availability, this AI boom brings with it both opportunities and challenges. AI tools fuel innovation and growth by enabling businesses to analyse data, improve customer experiences, automate processes, and innovate products – at speed. However, as AI becomes more and more commonplace, concerns about misinformation and misuse arise.

Read Post

CultureAI

Read more about Generative AI: Workplace Innovation or Security Nightmare

Supply Chain Visibility: The Key to NIS2 Coordinated Risk Assessments

Aug 15, 2024 By Francisco Fonseca In BitSight

The path to NIS2 compliance is less about ticking boxes and more about fostering a resilient, proactive cybersecurity culture across the organisation and its extended network. While the challenges pertaining to third-party and supply chain risk management are significant, they are not insurmountable—especially if we break them down. Today we will focus on understanding a very specific NIS2 requirement: Coordinated Risk Assessments.

Read Post