Cyber News

As risk and compliance management continues to grow in complexity, many organizations still rely on Excel spreadsheets and manual evidence collection, operating without real-time visibility. However, using a GRC (Governance, Risk & Compliance) tool is becoming essential...

New legislative requirements in the area of IT security are now an integral part of corporate governance. As a result, cybersecurity is no longer the sole preserve of the CISO, but is now a topic of interest and concern for executive committees and management teams, who need to have a clear understanding of the issues involved.

‍

Faced with increasingly numerous and sophisticated cyber threats, CISOs must add multiple layers of security in order to protect information systems from the risk of compromise.

A proliferation of technological tools that adds operational complexity to the daily challenges of cyber risk management.

Add to this a regulatory framework that is becoming increasingly dense, with ever stricter compliance requirements such as DORA, the Cyber Resilience Act, the GDPR, and soon NIS 2. All of these texts now impose obligations that are no longer limited to the implementation of security measures, but also concern aspects of documentation and traceability.

In this context, managing cybersecurity can be complicated for the CISO, and poor management can result in additional costs for the company. What are these costs? How can they be anticipated and avoided?

Tenacy, a SaaS platform for cybersecurity and compliance management, announces that it has raised €6 million in funding to accelerate its development in France and conquer the European market, starting with Benelux and Spain.

‍

What steps are involved in drafting a PSSI? What elements should it contain? And what pitfalls should be avoided? The answer in four steps.

As a CISO, your priority is to maintain the security of your company's information systems while constantly improving its cybersecurity performance.

But to improve performance, you need to monitor it: that's the purpose of key performance indicators (KPIs). Interpreting this data can be a daily challenge, especially for your senior management. So how can you tell if you have the right level of security, or if you are more vulnerable to attacks than other companies in your sector?

Mutuelle du Mans Assurance (MMA) in July 2020, Mutuelle Nationale des Hôpitaux in February 2021, Axa in May 2021, AssurOne in July 2021, April, Verlingue, Génération and Coverlife in November 2021, Caisse Centrale de Réassurance in July 2022, Emoa Mutuelle du Var in August 2022... The list of cyberattacks against insurers and mutual insurance companies continues to grow.

With the daily management of our personal and medical data, IT security is more than ever a major issue in the functioning of these industries. But what level of IT compliance must these sectors adhere to? And what are the challenges? Our IT compliance expert breaks it down.

The NIS Directive is the first European legislative act dedicated to cybersecurity.  Faced with a series of upheavals in the economic and security context of European Union member countries, the current directive is evolving to respond to these new challenges. What does the reform of this new version consist of? How will this directive be transposed into French legislation? Are you affected by the requirements relating to the security of networks and information systems? In this article, we will break down the changes to come.

To address current threats, you need to assess the security of your information system based on the challenges and risks facing your data. You must then define the security level of your IS and assess whether its assets are adequately secured. To help you with this process,the DICP risk analysis takes into account the various security requirements of your system and prioritizes them. You then analyze digital risks according to their availability, integrity, confidentiality, and evidence.

‍

Tenacy announces €2.5 million in funding to accelerate its growth in the cybersecurity and GRC (governance, risk management, and compliance) markets in France.

‍

Regulatory obligations, data-centric organization, storage cost optimization, data monetization... whatever your company's objectives, it all comes down to data. From collection to destruction, companies are responsible for the information and data they hold. That's why it's essential to define an effective data governance strategy.

The cybersecurity industry, and particularly the field of incident response, is an environment where all kinds of acronyms flourish. It's so easy to get lost. Standards, directives, laws, processes... Let's take a look at the definitions of six acronyms commonly used in compliance that no one should be unaware of.