< ciso
brief />
Tag Banner

All news with #grc tag

125 articles · page 7 of 7

Gainesville Regional Utilities Tightens Vendor Risk Controls

🔒 Gainesville Regional Utilities (GRU) launched a Vendor Security Risk Assessment (VSRA) program in August 2023 to vet third-party suppliers that access its smart-grid, metering, and fiber-optic systems. The intake, triage, detailed questionnaire, technical review, and centralized recordkeeping ensure vendors meet rigorous security standards before onboarding. Automation and a vendor scoring system reduced manual work by 50% and accelerated decision-making while improving compliance.
read more →

CISO Succession Crisis: Lack of Plans Leaves Firms Exposed

🔒 The article highlights a growing succession problem in cybersecurity: although CISO turnover has eased (from 21% in 2022 to 12% in 2023 and an annualized 11% in H1 2024), most organizations still lack formal plans to prepare successors. The gap is less about technical ability and more about developing leaders who can align cybersecurity with business strategy, communicate with executives, and manage risk. Experts recommend early planning, creating a true deputy CISO, rotational assignments, and board exposure to build a resilient internal pipeline.
read more →

DHS Launches $100M+ Funding to Strengthen Cybersecurity

🔐 CISA and FEMA announced the availability of more than $100 million in grant funding to bolster state, local, and tribal cybersecurity capabilities. The FY2025 Notice of Funding Opportunity includes the State and Local Cybersecurity Grant Program (SLCGP) with $91.7 million and the Tribal Cybersecurity Grant Program (TCGP) with $12.1 million. Awards may support planning, exercises, hiring cybersecurity experts, network hardening, and improvements to services provided to citizens. Applicants should consult CISA application resources to prepare proposals.
read more →

How Government Cybersecurity Budget Cuts Affect Business

⚠️Recent federal budget and workforce reductions, including cuts that affect CISA and related grant programs, risk degrading national and local cyber defenses and the flow of threat intelligence and best-practice guidance. Reduced government contracts will force some vendors to shrink R&D and headcount, slowing innovation and increasing monoculture risk. At the same time, MSPs and MDR providers may see greater demand as organizations shift to private-sector solutions.
read more →

SAFECOM Updates Emergency Communications Lifecycle Guide

📢 CISA, in partnership with SAFECOM and NCSWIC, released an updated Emergency Communications System Lifecycle Planning Guide and companion Lifecycle Planning Tool on July 2, 2025. The suite refreshes the 2011 and 2018 materials and incorporates public safety practitioners' experiences to inform system build, maintenance, operation, decommission, and replacement decisions. The Lifecycle Guide offers recommendations and the Lifecycle Planning Tool provides checklists for each lifecycle phase. Resources and funding guidance are aligned to help jurisdictions plan technology upgrades.
read more →