Compliance - Security Ticks

3 Considerations for Navigating Australian IRAP Assessments

Compliance, Government, Tips & Tricks / SecurityTicks

3 Considerations for Navigating Australian IRAP Assessments 2025-07-10 at 17:19 By Learn how a risk-focused mindset, rather than striving for perfect compliance, is key to navigating the Australian Signals Directorate’s (ASD) Information Security Manual (ISM) guidelines. Discover three crucial considerations for organizations, including those overseas, preparing for an IRAP assessment in Australia. Understand why clarifying […]

React to this headline:

3 Considerations for Navigating Australian IRAP Assessments Read More »

CISOs urged to fix API risk before regulation forces their hand

API security, CISO, Compliance, cybersecurity, monitoring, News, Raidiam, regulation, report, security ROI, survey / SecurityTicks

CISOs urged to fix API risk before regulation forces their hand 2025-07-08 at 07:33 By Mirko Zorz Most organizations are exposing sensitive data through APIs without security controls in place, and they may not even realize it, according to Raidiam. Their report, API Security at a Turning Point, draws on a detailed assessment of 68

React to this headline:

CISOs urged to fix API risk before regulation forces their hand Read More »

7 Reasons Why Trustwave’s FedRAMP Status is Key for US Vendors

Compliance, Government, Managed Detection and Response, SIEM/SOC / SecurityTicks

7 Reasons Why Trustwave’s FedRAMP Status is Key for US Vendors 2025-07-07 at 16:04 By Bill Rucker While selling technology or services to the U.S. Federal Government offers a tremendous opportunity, it also involves navigating complex requirements—especially in the area of cybersecurity. This article is an excerpt from Trustwave Blog View Original Source React to

React to this headline:

7 Reasons Why Trustwave’s FedRAMP Status is Key for US Vendors Read More »

To Report or Not to Report Ransom Payments – Possibly Not Worth the Effort

Compliance, Government, Perspectives / SecurityTicks

To Report or Not to Report Ransom Payments – Possibly Not Worth the Effort 2025-07-03 at 16:03 By Craig Searle Just a recap – Trustwave in no way endorses ransom payments. We believe the best way to deal with a ransomware situation is to: This article is an excerpt from Trustwave Blog View Original Source

React to this headline:

To Report or Not to Report Ransom Payments – Possibly Not Worth the Effort Read More »

To Report or Not to Report Ransom Payments – A Helpful and Useful Idea

Compliance, Government, Perspectives / SecurityTicks

To Report or Not to Report Ransom Payments – A Helpful and Useful Idea 2025-07-03 at 16:03 By Ed Williams Just a recap – Trustwave in no way endorses ransom payments. We believe the best way to deal with a ransomware situation is to: This article is an excerpt from Trustwave Blog View Original Source

React to this headline:

To Report or Not to Report Ransom Payments – A Helpful and Useful Idea Read More »

To Report or Not to Report Ransom Payments – Two Diverging Opinions

Compliance, Government, Perspectives / SecurityTicks

To Report or Not to Report Ransom Payments – Two Diverging Opinions 2025-07-03 at 16:03 By This article is part of a three-part Trustwave series examining the efficacy of recently implemented and proposed government regulations requiring organizations victimized by ransomware to report if they make a ransom payment. This article is an excerpt from Trustwave

React to this headline:

To Report or Not to Report Ransom Payments – Two Diverging Opinions Read More »

How FinTechs are turning GRC into a strategic enabler

Artificial Intelligence, Compliance, cybersecurity, Don't miss, EU, Europe, Features, financial industry, Fintech, framework, GRC, Hot stuff, News, regulation, Risk Management, Riverty / SecurityTicks

How FinTechs are turning GRC into a strategic enabler 2025-07-02 at 08:36 By Mirko Zorz In this Help Net Security interview, Alexander Clemm, Corp GRC Lead, Group CISO, and BCO at Riverty, shares how the GRC landscape for FinTechs has matured in response to tighter regulations and global growth. He discusses the impact of frameworks

React to this headline:

How FinTechs are turning GRC into a strategic enabler Read More »

Federal Reserve System CISO on aligning cyber risk management with transparency, trust

CISO, Compliance, cyber risk, cybersecurity, Don't miss, Features, Federal Reserve System, Hot stuff, News, opinion, resilience, Risk Management, strategy, threat, Threat Intelligence / SecurityTicks

Federal Reserve System CISO on aligning cyber risk management with transparency, trust 2025-07-01 at 09:08 By Mirko Zorz In this Help Net Security interview, Tammy Hornsby-Fink, CISO at Federal Reserve System, shares how the Fed approaches cyber risk with a scenario-based, intelligence-driven strategy. She explains how the Fed assesses potential disruptions to financial stability and

React to this headline:

Federal Reserve System CISO on aligning cyber risk management with transparency, trust Read More »

Most AI and SaaS apps are outside IT’s control

Compliance, cyber risk, cybersecurity, News, report, SaaS, survey / SecurityTicks

Most AI and SaaS apps are outside IT’s control 2025-06-26 at 07:08 By Help Net Security 60% of enterprise SaaS and AI applications operate outside IT’s visibility, according to CloudEagle.ai. This surge in invisible IT is fueling a crisis in AI identity governance, leading to increased breaches, audit failures, and compliance risk across enterprises. A

React to this headline:

Most AI and SaaS apps are outside IT’s control Read More »

Why banks’ tech-first approach leaves governance gaps

Banks, CIO, CISO, Compliance, CXO, cybersecurity, Don't miss, Features, financial industry, Hot stuff, Live Oak Bank, News, opinion, regulation, Risk Management, security metrics, strategy / SecurityTicks

Why banks’ tech-first approach leaves governance gaps 2025-06-16 at 09:06 By Mirko Zorz In this Help Net Security interview, Rich Friedberg, CISO at Live Oak Bank, discusses how banks can better align cybersecurity efforts with broader cyber governance and risk priorities. Banking institutions often falter when cybersecurity is siloed as purely a technical or compliance

React to this headline:

Why banks’ tech-first approach leaves governance gaps Read More »

Government Data Breaches Are Eroding Public Trust – It’s Time for Stronger Cybersecurity in the Public Sector

Compliance, data breach, Government / SecurityTicks

Government Data Breaches Are Eroding Public Trust – It’s Time for Stronger Cybersecurity in the Public Sector 2025-06-09 at 16:09 By Craig Searle The recent data breach at the Australian Human Rights Commission (AHRC) is a stark reminder of what’s at stake when public sector cybersecurity falls short. This article is an excerpt from Trustwave

React to this headline:

Government Data Breaches Are Eroding Public Trust – It’s Time for Stronger Cybersecurity in the Public Sector Read More »

Compyl Raises $12 Million for GRC Platform

complaince, Compliance, Compyl, Cybersecurity Funding, funding, GRC, Risk Management / SecurityTicks

Compyl Raises $12 Million for GRC Platform 2025-06-04 at 14:43 By Eduard Kovacs Compyl has raised $12 million in a Series A funding round that will be invested in go-to-market initiatives, hirings, and GRC platform expansion. The post Compyl Raises $12 Million for GRC Platform appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Compyl Raises $12 Million for GRC Platform Read More »

Regulations Rising, Risks Persisting: The Cybersecurity Crossroads Facing Australian Hospitality

Compliance, Vulnerabilities / SecurityTicks

Regulations Rising, Risks Persisting: The Cybersecurity Crossroads Facing Australian Hospitality 2025-05-30 at 22:22 By Craig Searle Australian hospitality is facing rising cyber threats as ransomware attacks, third-party breaches, and AI-enhanced phishing campaigns increase in frequency and sophistication. New regulations, including the Privacy Act reforms and critical infrastructure laws, are reshaping compliance expectations—but enforcement gaps and limited

React to this headline:

Regulations Rising, Risks Persisting: The Cybersecurity Crossroads Facing Australian Hospitality Read More »

Exchange 2016, 2019 support ends soon: What IT should do to stay secure

Compliance, Exchange, Microsoft, News, software, strategy, tips / SecurityTicks

Exchange 2016, 2019 support ends soon: What IT should do to stay secure 2025-05-30 at 07:33 By Help Net Security Microsoft is ending support for Exchange Server 2016, Exchange Server 2019, and Outlook 2016 on October 14, 2025. That date might seem far off, but if you’re managing email systems or Office deployments, it’s worth

React to this headline:

Exchange 2016, 2019 support ends soon: What IT should do to stay secure Read More »

Outsourcing cybersecurity: How SMBs can make smart moves

Compliance, ConnectWise, cybersecurity, MSP, News, SMBs, strategy, tips / SecurityTicks

Outsourcing cybersecurity: How SMBs can make smart moves 2025-05-23 at 08:32 By Anamarija Pogorelec Outsourcing cybersecurity can be a practical and affordable option. It allows small businesses to get the protection they need without straining their budgets, freeing up time and resources to focus on core operations. 76% of SMBs lack the in-house skills to

React to this headline:

Outsourcing cybersecurity: How SMBs can make smart moves Read More »

Why legal must lead on AI governance before it’s too late

CISO, Compliance, CXO, Don't miss, Features, Hot stuff, Ivanti, law, News, opinion, strategy / SecurityTicks

Why legal must lead on AI governance before it’s too late 2025-05-20 at 08:05 By Mirko Zorz In this Help Net Security interview, Brooke Johnson, Chief Legal Counsel and SVP of HR and Security, Ivanti, explores the legal responsibilities in AI governance, highlighting how cross-functional collaboration enables safe, ethical AI use while mitigating risk and

React to this headline:

Why legal must lead on AI governance before it’s too late Read More »

New UK Framework Pressures Vendors on SBOMs, Patching and Default MFA

CISA, Compliance, Government, IoT, NCSC, secure by design, Security Code of Practice / SecurityTicks

New UK Framework Pressures Vendors on SBOMs, Patching and Default MFA 2025-05-07 at 17:58 By Ryan Naraine By baking minimum expectations into procurement conversations, the plan is to steer software vendors to “secure-by-design and default” basics. The post New UK Framework Pressures Vendors on SBOMs, Patching and Default MFA appeared first on SecurityWeek. This article

React to this headline:

New UK Framework Pressures Vendors on SBOMs, Patching and Default MFA Read More »

TikTok Fined $600 Million for China Data Transfers That Broke EU Privacy Rules

Compliance, Data Protection, EU, fine, Privacy, Privacy & Compliance, TikTok / SecurityTicks

TikTok Fined $600 Million for China Data Transfers That Broke EU Privacy Rules 2025-05-05 at 11:02 By Associated Press EU privacy watchdog fined TikTok $600 million after a four-year investigation found that data transfers to China put users at risk of spying, in breach of strict EU data privacy rules. The post TikTok Fined $600

React to this headline:

TikTok Fined $600 Million for China Data Transfers That Broke EU Privacy Rules Read More »

Raytheon, Nightwing to Pay $8.4 Million in Settlement Over Cybersecurity Failures

Compliance, defense contractor, Raytheon, settlement / SecurityTicks

Raytheon, Nightwing to Pay $8.4 Million in Settlement Over Cybersecurity Failures 2025-05-02 at 15:50 By Ionut Arghire The US government says defense contractor Raytheon and Nightwing agreed to pay $8.4 million to settle False Claims Act allegations. The post Raytheon, Nightwing to Pay $8.4 Million in Settlement Over Cybersecurity Failures appeared first on SecurityWeek. This

React to this headline:

Raytheon, Nightwing to Pay $8.4 Million in Settlement Over Cybersecurity Failures Read More »

Half of red flags in third-party deals never reach compliance teams

Compliance, Gartner, News, report, Risk Management / SecurityTicks

Half of red flags in third-party deals never reach compliance teams 2025-05-02 at 07:32 By Help Net Security Third-party risk management (TPRM) is compromised in many organizations because those holding the relationship with the third-party (relationship owners) don’t escalate red flags to compliance teams reliably, according to Gartner. The post Half of red flags in

React to this headline:

Half of red flags in third-party deals never reach compliance teams Read More »