Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Risk Management

Say Goodbye to Boring: 6 Innovative Ways to Boost Your Cybersecurity Training

Think cybersecurity training is just a snore fest of jargon and compliance checkboxes? Think again. Welcome to the new era of Cybersecurity training, where ‘boring’ is a forbidden word and engagement is the name of the game. This guide is all about flipping the script—from just ticking off ‘compliance’ boxes to actually being ‘competent,’ and we’re doing it with training techniques that are as engaging as they are effective.

A Guide to GDPR Article 30: RoPA (Records of Processing Activities)

Data privacy has never been more critical for business success as it is today, and organizations worldwide are grappling with the stringent requirements of the General Data Protection Regulation (GDPR). One crucial aspect of GDPR compliance is maintaining a Record of Processing Activities (RoPA), which serves as a testament to an organization’s commitment to data protection. But what exactly is a RoPA, and how can organizations create and manage one effectively?

Bitsight's Partnership with Moody's Continues to Evolve - Making Cyber Risk Actionable for Business Leaders

Moody’s investment in Bitsight in 2021 was founded on the belief that cyber risk is business risk. Two years later - this foundational belief is clearer than ever by evidence of recent research developed by the two companies. This blog post is a reflection on the research progress made by the two firms since the announcement of the partnership.

The Role of Artificial Intelligence in Cybersecurity - and the Unseen Risks of Using It

The concept of automation has been around for decades in the software field, but recent advancements in machine learning and natural language processing have led to huge breakthroughs. We’ve gone from machines that complete rules-based, predetermined tasks to a new generation of software that “learns” from huge sets of data so that it can make predictions — collectively known as artificial intelligence (AI).

Unlocking Growth: Building a Business Case for GRC Applications

In the ever-evolving landscape of modern business, staying ahead of the curve has become synonymous with survival. Governance, risk, and compliance (GRC) applications have emerged as the guardians of stability, security, and sustainable growth. So how can you assure your organization invests wisely in these essential tools? If you’re like me, you’ve struggled in the past to justify the investment in GRC and the necessary technology to support it.

5 Tips To Prepare For Your External Audit

Your company’s first external audit can be a bit overwhelming. The audit firm will seek a considerable amount of audit evidence from your business – and if you want to prepare for that compliance audit in advance, there’s an equally vast amount of information available about how audits should work. Every company’s audit experience will differ, depending on the scope and the standard against which you will be audited.

Protecting your Enterprise with Penetration Testing

In the arsenal of cyber security tools available to organizations, the penetration test is a key component. Business applications, and organization infrastructure (operating systems, databases, networks, etc.) all have potential vulnerabilities, many of which are just waiting for threat actors to exploit.

NYDFS Regulatory Changes: Vulnerability Management and Risk Assessment

The financial sector is constantly adapting to emerging threats and regulatory changes. The New York Department of Financial Services (NYDFS) is at the forefront of cybersecurity regulation, ensuring that covered entities within the state maintain robust cybersecurity programs. In this blog post, we’ll dive into the recent changes to NYDFS regulations, specifically focusing on vulnerability management and an updated definition of risk assessment.

Continuing the Conversation on Cybersecurity as a Business Risk

Board members often lack technical expertise and may not fully understand the risks associated with cybersecurity. On the other hand, CISOs are more familiar with IT staff and the technical aspects of cybersecurity. This is understandable, as the board is responsible for making high-level decisions and does not typically get involved in the details of implementation and technical audits.