%term

Elevating Views of Risk: Holistic Application Risk Management with Snyk

Oct 22, 2024 By Daniel Berman In Snyk

As apps become more complex and development speeds up with DevOps, cloud-native tech, and AI, having a comprehensive approach to managing application risk is more important than ever. Traditional methods just aren’t cutting it anymore. Security teams are overwhelmed by vulnerabilities, and developers aren’t getting the guidance they need on what to focus on first. This gap between security and development is leaving apps more vulnerable.

Read Post

Snyk

Read more about Elevating Views of Risk: Holistic Application Risk Management with Snyk

The Problem with CISOs and Risk Management | Razorthorn Security

Oct 22, 2024 By Razorthorn In Razorthorn

Jack Jones points out that many CISOs know security but not risk. Learn why a lack of understanding of true risks versus security control issues leads to ineffective GRC implementations.

View Video

Razorthorn

Read more about The Problem with CISOs and Risk Management | Razorthorn Security

What is UPnP? And Why is it Still a Security Risk?

Oct 22, 2024 By JumpCloud In JumpCloud

In this video, learn what UPnP is, what it does, use cases, why it's a security risk, and security measures you can take. Learn more about: Resources and social media: Transcript: Universal Plug and Play, or UPnP, is a way for all devices on a local network to discover and connect with each other automatically, rather than having to connect each device by manually entering protocols like TCP/IP, HTTP, or DHCP.

View Video

JumpCloud

Read more about What is UPnP? And Why is it Still a Security Risk?

A trainer's take: "Training alone won't change behaviours"

Oct 22, 2024 By John Scott In CultureAI

I've spent over 35 years as a trainer in various capacities, so it might surprise you to hear me say that training alone isn't enough to change behaviours—particularly when it comes to security. This isn't just my opinion; it's a conclusion from our State of Human Risk Management in 2024 Report. To understand why training isn't the full solution, we need to delve into the field of human error. Mistakes—errors caused by wrongly applied knowledge—can often be corrected with training.

Read Post

CultureAI

Read more about A trainer's take: "Training alone won't change behaviours"

What a 3-Year Plan to Cut Software Risks by 75% Looks Like

Oct 21, 2024 By Chris Wysopal In Veracode

Organizations face an increasing number of software security threats that can compromise their sensitive data and disrupt business operations. To effectively manage these risks and enhance their security posture, it’s crucial for organizations to adopt modern application risk reduction strategies that not only mitigate potential vulnerabilities but also provide clear, actionable next steps and insights for reporting purposes.

Read Post

Veracode

Read more about What a 3-Year Plan to Cut Software Risks by 75% Looks Like

Talking to the C-Suite: Communicating Risk with GRC Tools

Oct 18, 2024 By Razorthorn In Razorthorn

Learn how Jack Jones frames discussions with executives by focusing on loss event scenarios that matter to them. Discover how to report risks in terms of probability and impact using data from GRC tools.

View Video

Razorthorn

Read more about Talking to the C-Suite: Communicating Risk with GRC Tools

How to Safely Integrate LLMs Into Enterprise Applications and Achieve ISO 42001 Compliance

Oct 18, 2024 By Jackson Harrower In Riscosity

Enterprise applications, whether on-premise or in the cloud, access LLMs via APIs hosted in public clouds. These applications might be used for content generation, summarization, data analysis, or a plethora of other tasks. Riscosity’s data flow posture management platform protects sensitive data that would otherwise be accessible to LLM integrations.

Read Post

Riscosity

Read more about How to Safely Integrate LLMs Into Enterprise Applications and Achieve ISO 42001 Compliance

Building the Ideal GRC Tool: A Risk-Based Approach

Oct 17, 2024 By Razorthorn In Razorthorn

In a perfect world, what should a GRC tool do? Jack Jones outlines how a GRC tool should help organisations manage the frequency and magnitude of loss events and how risk should be the core foundation of such tools.

View Video

Razorthorn

Read more about Building the Ideal GRC Tool: A Risk-Based Approach

Addressing Cyber Risk and the Rise of AI

Oct 17, 2024 By Rubrik In Rubrik

In this episode of CISO Conversations: EU Data Regulations, Pierre-François Guglielmi, EMEA Field CISO at Rubrik, is joined by Trish McGill, an Executive Subject Matter Expert for Cyber Security IT/OT at De Heus Voeders and Nobian, Brian Wagner, Chief Technology Officer at Revenir, and Tim Clements, Owner of Purpose and Means. Together, they explore the impact of cyber-attacks and data regulations on business resilience, particularly concerning critical infrastructure, and how these factors ultimately affect profits.

View Video

Rubrik

Read more about Addressing Cyber Risk and the Rise of AI

Healthcare IT Security and Compliance in 2024 and Beyond: A Comprehensive Guide

Oct 17, 2024 By SecurityScorecard In SecurityScorecard

The healthcare industry remains a prime target for cyberattacks, with the growing adoption of digital health technologies escalating the risk. Hospitals and clinics, custodians of vast amounts of sensitive patient data, are particularly vulnerable. As the industry navigates the digital landscape, ensuring cybersecurity compliance is paramount to protecting patient privacy and maintaining operational integrity.

Read Post