NIST Explains Why It Failed to Clear CVE Backlog

November 14, 2024 at 06:10AM NIST reported that all known exploited CVEs in the backlog have been addressed, but acknowledged that completely clearing the backlog by October was overly optimistic. **Meeting Takeaways:** 1. **Status of CVE Backlog**: NIST has addressed all known exploited CVEs but acknowledges that clearing the entire backlog by October was an … Read more

How CISOs Can Lead the Responsible AI Charge

November 13, 2024 at 10:01AM The commentary emphasizes the critical role of chief information security officers (CISOs) in safely navigating AI adoption. With 40% of leaders unaware of generative AI’s cyber-risks, CISOs should lead evaluation and governance, ensuring security and compliance. Their proactive management is vital for leveraging AI while mitigating potential risks effectively. ### … Read more

Managing third-party risks in complex IT environments

November 12, 2024 at 10:14AM Join the webinar on December 3rd at 11 AM ET with Steve Toole from SailPoint, discussing risks of third-party access to systems and data. Learn about identifying risks, mitigation strategies, and fostering a security-first culture. Ideal for IT managers and security professionals. Register to enhance third-party risk management practices. **Meeting … Read more

The ROI of Security Investments: How Cybersecurity Leaders Prove It

November 11, 2024 at 06:42AM Cybersecurity is increasingly vital for businesses, focusing on validating security measures against real-world threats. Shawn Baird from DTCC emphasizes how Automated Security Validation tools enhance productivity and reduce reliance on costly contracting. The gradual implementation builds trust, optimizing staff resources and improving risk management, thus driving strategic budgeting and compliance … Read more

Preparing for DORA Amid Technical Controls Ambiguity

November 8, 2024 at 03:17PM The Digital Operational Resilience Act (DORA) becomes effective in January 2025, mandating financial entities to enhance IT security and data resilience. Organizations must prepare by conducting thorough gap analyses, improving risk management strategies, and ensuring continuous monitoring to comply with DORA’s complex regulations and mitigate potential threats effectively. ### Meeting … Read more

How Developers Drive Security Professionals Crazy

November 8, 2024 at 10:35AM The integration of DevSecOps aims to balance development speed with security, addressing challenges such as security training, complex tools, and alert management. Successful implementation involves understanding risk portfolios, automating security testing, continuous monitoring, and simplifying developers’ experiences, ultimately fostering collaboration for efficient, secure software delivery. **Meeting Takeaways: DevSecOps Implementation** 1. … Read more

9 Steps to Get CTEM on Your 2025 Budgetary Radar

November 6, 2024 at 06:45AM As budget season approaches, it’s crucial to prioritize Continuous Threat Exposure Management (CTEM) in cybersecurity. CTEM shifts from reactive to proactive threat management, enhancing defenses, reducing costs associated with breaches, and improving organizational resilience. Companies must present CTEM as key to managing business risks and securing long-term stability. ### Meeting … Read more

How to Win at Cyber by Influencing People

November 5, 2024 at 10:14AM Implementing zero trust is a complex, ongoing process focused on validating every connection in IT and security. Key steps include fostering organizational partnerships, aligning stakeholders, communicating risk effectively to boards, planning phased deployments, ensuring pragmatic technical deliverables, and addressing basic cybersecurity practices to strengthen security culture. ### Meeting Takeaways on … Read more

OWASP Releases AI Security Guidance

November 4, 2024 at 08:22AM OWASP launched new security guidance for managing risks related to large language models and generative AI applications, part of the Top 10 for LLM Application Security Project. Resources include strategies for deepfake defense, AI security best practices, and a landscape guide for security solutions, aimed at enhancing organizational readiness against … Read more

5 SaaS Misconfigurations Leading to Major Fu*%@ Ups

November 1, 2024 at 07:33AM The article discusses key SaaS misconfigurations that pose security risks, including excessive help desk privileges, lack of MFA for super admins, unblocked legacy authentication, mismanaged super admin counts, and Google Groups view settings. It emphasizes the importance of continuous monitoring and fixing these issues to prevent data breaches and ensure … Read more