Think cybersecurity training is just a snore fest of jargon and compliance checkboxes? Think again. Welcome to the new era of Cybersecurity training, where ‘boring’ is a forbidden word and engagement is the name of the game. This guide is all about flipping the script—from just ticking off ‘compliance’ boxes to actually being ‘competent,’ and we’re doing it with training techniques that are as engaging as they are effective.

Data privacy has never been more critical for business success as it is today, and organizations worldwide are grappling with the stringent requirements of the General Data Protection Regulation (GDPR). One crucial aspect of GDPR compliance is maintaining a Record of Processing Activities (RoPA), which serves as a testament to an organization’s commitment to data protection. But what exactly is a RoPA, and how can organizations create and manage one effectively?

Moody’s investment in Bitsight in 2021 was founded on the belief that cyber risk is business risk. Two years later - this foundational belief is clearer than ever by evidence of recent research developed by the two companies. This blog post is a reflection on the research progress made by the two firms since the announcement of the partnership.

The concept of automation has been around for decades in the software field, but recent advancements in machine learning and natural language processing have led to huge breakthroughs. We’ve gone from machines that complete rules-based, predetermined tasks to a new generation of software that “learns” from huge sets of data so that it can make predictions — collectively known as artificial intelligence (AI).

In the ever-evolving landscape of modern business, staying ahead of the curve has become synonymous with survival. Governance, risk, and compliance (GRC) applications have emerged as the guardians of stability, security, and sustainable growth. So how can you assure your organization invests wisely in these essential tools? If you’re like me, you’ve struggled in the past to justify the investment in GRC and the necessary technology to support it.

Your company’s first external audit can be a bit overwhelming. The audit firm will seek a considerable amount of audit evidence from your business – and if you want to prepare for that compliance audit in advance, there’s an equally vast amount of information available about how audits should work. Every company’s audit experience will differ, depending on the scope and the standard against which you will be audited.

In the arsenal of cyber security tools available to organizations, the penetration test is a key component. Business applications, and organization infrastructure (operating systems, databases, networks, etc.) all have potential vulnerabilities, many of which are just waiting for threat actors to exploit.

The financial sector is constantly adapting to emerging threats and regulatory changes. The New York Department of Financial Services (NYDFS) is at the forefront of cybersecurity regulation, ensuring that covered entities within the state maintain robust cybersecurity programs. In this blog post, we’ll dive into the recent changes to NYDFS regulations, specifically focusing on vulnerability management and an updated definition of risk assessment.

Board members often lack technical expertise and may not fully understand the risks associated with cybersecurity. On the other hand, CISOs are more familiar with IT staff and the technical aspects of cybersecurity. This is understandable, as the board is responsible for making high-level decisions and does not typically get involved in the details of implementation and technical audits.