Risk Management

Web Application Security for DevOps: Site and Origin Dynamics and Cross-Site Request Forgery

Oct 22, 2024 By Chris Poulin In BitSight

This is a continuation of the series on web application security. If you haven't already read through part 1, this is a good time to go back. If not, let's move on and answer the question left hanging during our last installment: how do browsers know which site set the cookies in the first place? And what constitutes the same site?

Read Post

BitSight

Read more about Web Application Security for DevOps: Site and Origin Dynamics and Cross-Site Request Forgery

Separating Hype from Reality in HRM

Oct 22, 2024 By John Scott In CultureAI

Human risk management (HRM) has become a more established category in recent years. This development signals a crucial shift towards enabling security teams to accurately quantify and manage workplace risks. With the rise of HRM, a variety of new technologies have also emerged on the market. However, how do you navigate the sea of buzzwords and shiny promises to pick the solution that's right for you?

Read Post

CultureAI

Read more about Separating Hype from Reality in HRM

The Cybersecurity Metrics That Matter Most in the Boardroom

Oct 22, 2024 By Kovrr In Kovrr

‍ As the cost and frequency of cyber events grow, technologies evolve, and regulatory bodies enact stricter cybersecurity laws on the market, it’s become exceedingly clear that elevating cyber matters to the boardroom is a strategic imperative.

Read Post

Kovrr

Read more about The Cybersecurity Metrics That Matter Most in the Boardroom

Elevating Views of Risk: Holistic Application Risk Management with Snyk

Oct 22, 2024 By Daniel Berman In Snyk

As apps become more complex and development speeds up with DevOps, cloud-native tech, and AI, having a comprehensive approach to managing application risk is more important than ever. Traditional methods just aren’t cutting it anymore. Security teams are overwhelmed by vulnerabilities, and developers aren’t getting the guidance they need on what to focus on first. This gap between security and development is leaving apps more vulnerable.

Read Post

Snyk

Read more about Elevating Views of Risk: Holistic Application Risk Management with Snyk

What a 3-Year Plan to Cut Software Risks by 75% Looks Like

Oct 21, 2024 By Chris Wysopal In Veracode

Organizations face an increasing number of software security threats that can compromise their sensitive data and disrupt business operations. To effectively manage these risks and enhance their security posture, it’s crucial for organizations to adopt modern application risk reduction strategies that not only mitigate potential vulnerabilities but also provide clear, actionable next steps and insights for reporting purposes.

Read Post

Veracode

Read more about What a 3-Year Plan to Cut Software Risks by 75% Looks Like

Talking to the C-Suite: Communicating Risk with GRC Tools

Oct 18, 2024 By Razorthorn In Razorthorn

Learn how Jack Jones frames discussions with executives by focusing on loss event scenarios that matter to them. Discover how to report risks in terms of probability and impact using data from GRC tools.

View Video

Razorthorn

Read more about Talking to the C-Suite: Communicating Risk with GRC Tools

How to Safely Integrate LLMs Into Enterprise Applications and Achieve ISO 42001 Compliance

Oct 18, 2024 By Jackson Harrower In Riscosity

Enterprise applications, whether on-premise or in the cloud, access LLMs via APIs hosted in public clouds. These applications might be used for content generation, summarization, data analysis, or a plethora of other tasks. Riscosity’s data flow posture management platform protects sensitive data that would otherwise be accessible to LLM integrations.

Read Post

Riscosity

Read more about How to Safely Integrate LLMs Into Enterprise Applications and Achieve ISO 42001 Compliance

Building the Ideal GRC Tool: A Risk-Based Approach

Oct 17, 2024 By Razorthorn In Razorthorn

In a perfect world, what should a GRC tool do? Jack Jones outlines how a GRC tool should help organisations manage the frequency and magnitude of loss events and how risk should be the core foundation of such tools.

View Video

Razorthorn

Read more about Building the Ideal GRC Tool: A Risk-Based Approach

Addressing Cyber Risk and the Rise of AI

Oct 17, 2024 By Rubrik In Rubrik

In this episode of CISO Conversations: EU Data Regulations, Pierre-François Guglielmi, EMEA Field CISO at Rubrik, is joined by Trish McGill, an Executive Subject Matter Expert for Cyber Security IT/OT at De Heus Voeders and Nobian, Brian Wagner, Chief Technology Officer at Revenir, and Tim Clements, Owner of Purpose and Means. Together, they explore the impact of cyber-attacks and data regulations on business resilience, particularly concerning critical infrastructure, and how these factors ultimately affect profits.

View Video

Rubrik

Read more about Addressing Cyber Risk and the Rise of AI

Healthcare IT Security and Compliance in 2024 and Beyond: A Comprehensive Guide

Oct 17, 2024 By SecurityScorecard In SecurityScorecard

The healthcare industry remains a prime target for cyberattacks, with the growing adoption of digital health technologies escalating the risk. Hospitals and clinics, custodians of vast amounts of sensitive patient data, are particularly vulnerable. As the industry navigates the digital landscape, ensuring cybersecurity compliance is paramount to protecting patient privacy and maintaining operational integrity.

Read Post