Integrated risk management (IRM) is a set of proactive, businesswide practices that contribute to an organization’s security, risk tolerance profile and strategic decisions. Read more »
Researchers at Cyata, an agentic identity specialist that has just emerged from stealth, found 14 CVEs in the widely used CyberArk Conjur and HashiCorp Vault enterprise secrets management platforms Read more »
Okta details a phishing campaign in which the threat actor demonstrated some unusually strong opinions on what authentication methods they would like their targets to use. Read more »
Companies House plans to start vetting director identities from the middle of November, but its reliance on the troubled One Login digital identity service may be cause for concern. Read more »
Updates to the NCSC’s Cyber Assessment Framework are designed to help critical services providers better manage their risk profiles. Read more »
Enterprise risk management (ERM) is the process of planning, organizing, directing and controlling the activities of an organization to minimize the harmful effects of risk on its capital and... Read more »
The UK’s Ministry of Defence is embracing AI-led data protection in the wake of a major privacy breach, enlisting Australian cyber firm Castlepoint Systems to oversee sensitive records Read more »
Cisco Talos discloses five new vulnerabilities in cyber security firmware used on Dell Lattitude and Precision devices, including one that could enable an attacker to log-on with a spring... Read more »
Data center physical security is just as important as cybersecurity. Organizations can follow these eight security approaches to enhance facility access monitoring. Read more »
The DRY (don’t repeat yourself) principle, introduced by Andrew Hunt and David Thomas in ‘The Pragmatic Programmer,’ promotes the idea that every piece of knowledge should have a single,... Read more »