All news with #grc tag

🛡️ The CISSP is an advanced cybersecurity certification from ISC2 that validates a professional's ability to design, implement, and manage enterprise security programs. Candidates typically need five years of relevant work experience or may apply as an Associate of ISC2 while gaining experience, and must pass a rigorous exam covering eight domains. Exam registration costs US$749 and certified holders pay an annual maintenance fee; official and third-party training options are widely available, and CISSP holders often see improved job prospects and higher salaries.

🔒 An Accenture report finds 88% of security leaders face significant challenges implementing zero trust. Respondents point to varying definitions, broad deployment scope across on-prem, cloud, IoT and legacy systems, poor visibility into data flows and device/user state, and resistance from business units. Experts recommend phased, use-case-driven rollouts and strong executive sponsorship, while noting meaningful programs can take years and may never be fully complete.

🔐 Certifications in cybersecurity validate expertise, increase credibility and can accelerate advancement into CISO roles. This article highlights five widely recognized credentials — CISSP, CCSP, CISM, CISA and the SANS/GIAC Strategic Planning, Policy and Leadership — and summarizes their primary focus areas and prerequisite experience. Experts advise selecting certifications that align with your career path, technical domain and leadership goals. While certifications are valued internationally (including in Germany), they complement rather than replace relevant experience and other leadership qualities.

🔒 This article outlines nine critical errors that can cost CISOs their positions, based on input from several industry leaders. It highlights risks such as overconfidence, unnecessary complexity, weak Governance, Risk & Compliance programs, and poor alignment with business priorities. The piece stresses practical prevention: prioritize access control and identity management, address the human factor, shrink stale data, break down silos, and avoid complacency to reduce breach risk and maintain executive trust.

🔒 Gainesville Regional Utilities (GRU) launched a Vendor Security Risk Assessment (VSRA) program in August 2023 to vet third-party suppliers that access its smart-grid, metering, and fiber-optic systems. The intake, triage, detailed questionnaire, technical review, and centralized recordkeeping ensure vendors meet rigorous security standards before onboarding. Automation and a vendor scoring system reduced manual work by 50% and accelerated decision-making while improving compliance.

🔒 The article highlights a growing succession problem in cybersecurity: although CISO turnover has eased (from 21% in 2022 to 12% in 2023 and an annualized 11% in H1 2024), most organizations still lack formal plans to prepare successors. The gap is less about technical ability and more about developing leaders who can align cybersecurity with business strategy, communicate with executives, and manage risk. Experts recommend early planning, creating a true deputy CISO, rotational assignments, and board exposure to build a resilient internal pipeline.

🔐 CISA and FEMA announced the availability of more than $100 million in grant funding to bolster state, local, and tribal cybersecurity capabilities. The FY2025 Notice of Funding Opportunity includes the State and Local Cybersecurity Grant Program (SLCGP) with $91.7 million and the Tribal Cybersecurity Grant Program (TCGP) with $12.1 million. Awards may support planning, exercises, hiring cybersecurity experts, network hardening, and improvements to services provided to citizens. Applicants should consult CISA application resources to prepare proposals.

⚠️Recent federal budget and workforce reductions, including cuts that affect CISA and related grant programs, risk degrading national and local cyber defenses and the flow of threat intelligence and best-practice guidance. Reduced government contracts will force some vendors to shrink R&D and headcount, slowing innovation and increasing monoculture risk. At the same time, MSPs and MDR providers may see greater demand as organizations shift to private-sector solutions.

📢 CISA, in partnership with SAFECOM and NCSWIC, released an updated Emergency Communications System Lifecycle Planning Guide and companion Lifecycle Planning Tool on July 2, 2025. The suite refreshes the 2011 and 2018 materials and incorporates public safety practitioners' experiences to inform system build, maintenance, operation, decommission, and replacement decisions. The Lifecycle Guide offers recommendations and the Lifecycle Planning Tool provides checklists for each lifecycle phase. Resources and funding guidance are aligned to help jurisdictions plan technology upgrades.