Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Risk Management

Third-Party Risk Management Policy Template (Free)

Organizations commonly rely on third parties such as vendors, suppliers, and other business partners to handle critical operations. While third-party relationships can provide many benefits, they also introduce a range of risks that can threaten data security, compliance, and business continuity. Therefore, it's crucial to recognize and manage these risks with a robust Third-Party Risk Management policy.

The NIST AI Risk Management Framework: Building Trust in AI

The NIST Artificial Intelligence Risk Management Framework (AI RMF) is a recent framework developed by The National Institute of Standards and Technology (NIST) to guide organizations across all sectors in the use of artificial intelligence (AI) and its systems. As AI continues to become implemented in nearly every sector — from healthcare to finance to national defense — it also brings new risks and concerns with it.

Vendor Risk Management Assessment Matrix (Clearly Defined)

A vendor risk management assessment matrix could enhance your visibility into vendor risk exposure, helping you make more efficient risk management decisions. In this post, explain what a vendor risk assessment matrix is, how to use it, and provide a step-by-step guide for designing your own.

Cross-Border Data Flow: The EU-US Privacy Shield's Demise

Digital advancement has drastically changed businesses' operations, including increasing global data flows. One consequential aspect of this transformation is the transfer of data across national borders, which poses significant legal, privacy, and security challenges. The EU-US Privacy Shield was a critical agreement that previously protected data transferred between the European Union and the United States.

Control Web Panel - Fingerprinting Open-Source Software using a Consolidation Algorithm approach

At Bitsight, part of the core work of the Vulnerability Research team is to analyze new high-profile vulnerabilities and ensure we come up with ways to detect, at an internet-wide scale, who is affected by these. Sometimes - more often than not - the direct exploitation of these vulnerabilities is significantly intrusive, and thus we can not load a direct port of the publicly available Proofs-of-Concept onto our internet scanning infrastructure.

MAX Prevents CRITICAL Zero-Day Vulnerability

Today we learn about SecurityScorecard's MAX and how it single-handedly prevented a MAJOR Zero-Day Vulnerability. With SecurityScorecard MAX, you no longer have to worry about your supply chain being at risk. SecurityScorecard is the global leader in cybersecurity ratings and the only service with over 12 million companies continuously rated. The company is headquartered in New York and operates in 64 countries around the globe.

The EU Cyber Resilience Act: Securing Digital Products

The EU Cyber Resilience Act (CRA) is a major piece of cyber legislation passed in 2024 in the European Union (EU) that regulates cybersecurity for digital products and services. The EU Cyber Resilience Act directly complements the NIS2 Directive, which regulates risk management and incident reporting across the European market.

Cyberattack at Sisense Puts Critical Infrastructure on Alert

The cybersecurity community woke up on Thursday to news of a cyberattack on Sisense, a major business analytics software company. It’s thought that the breach may have exposed hundreds of Sisense’s customers to a supply chain attack and provided the attacker with a door into the company’s customer networks.