Categories
Recently Published
- Compliance Does Equal Security – Just Not The Elimination of Risk
The popular phrase “compliance doesn’t equal security” reflects real shortcomings in the cybersecurity industry’s reliance on frameworks that are often outdated, static, and misaligned with modern software development practices. Many compliance programs remain rooted in document-based assessments and point-in-time audits, even as threat actors evolve rapidly and software systems become more dynamic and complex. It’s… Read more: Compliance Does Equal Security – Just Not The Elimination of Risk - MITRE releases enhanced EMB3D Threat Model
MITRE has publicly released the enhanced EMB3D Threat Model, a comprehensive framework for identifying, understanding, and mitigating threats to embedded devices used in critical infrastructure, industrial systems, IoT, automotive, and healthcare. A major advancement of this release is the inclusion of tiered mitigation guidance—categorized as Foundational, Intermediate, and Leading—which provides stakeholders with a scalable path… Read more: MITRE releases enhanced EMB3D Threat Model - “Where Are We On Cyber?” – A Qualitative Study On Boards’ Cybersecurity Risk Decision Making
This qualitative study explored how cybersecurity risk is perceived and handled at the board level in some of the UK’s largest organizations. Through interviews with 18 C-level executives, CISOs, non-executive directors (NEDs), and consultants, researchers found that while cybersecurity is increasingly present on board agendas, it is commonly reduced to financial abstractions—mainly investment decisions—rather than… Read more: “Where Are We On Cyber?” – A Qualitative Study On Boards’ Cybersecurity Risk Decision Making - All Things Internal Audit Tech: Identity & Access Management
In this podcast, host Bill Truett speaks with cybersecurity expert Nick Lasenko to explore the vital role of Identity and Access Management (IAM) in today’s threat landscape. Lasenko emphasizes that nearly all cyber incidents—including costly data breaches—stem from unauthorized access, making IAM not just a technical necessity but a business-critical function. Drawing on real-world experiences,… Read more: All Things Internal Audit Tech: Identity & Access Management - What is Continuous Threat Exposure Management?
As cyber threats become more sophisticated and attack surfaces expand, traditional periodic vulnerability scans and reactive responses no longer suffice. Continuous Threat Exposure Management (CTEM) and broader exposure management offer a unified, proactive strategy for identifying and reducing organizational risk in real time. Developed from Gartner’s CTEM framework, this model emphasizes five interlocking stages—scoping, discovery,… Read more: What is Continuous Threat Exposure Management? - How Unified Cybersecurity Platforms Add Business Value
As cyberattacks grow more sophisticated and enterprise IT becomes more complex, organizations are finding that traditional, piecemeal security strategies no longer suffice. According to a global study by IBM and Palo Alto Networks, the average enterprise juggles 83 different security tools from 29 vendors, creating a fragmented environment where integration gaps and inefficiencies lead to… Read more: How Unified Cybersecurity Platforms Add Business Value