risk management

CISOs need decision-grade risk intelligence, not another workflow

| | AI, risk management
In large enterprises, the hardest security decisions are rarely made in the SOC. They are made in board meetings, budget reviews, audit discussions, customer escalations. The most dire are often represented in ...
TrustCloud
The Business Case for Exceeding AML Compliance

The Business Case for Exceeding AML Compliance

| | aml compliance, anti money laundering, financial crime, Regulatory Compliance, risk management
Global money laundering is estimated to be between 2% and 5% of the world’s GDP, or roughly $800 billion to $2 trillion every year. Even after years of tighter regulation, these numbers ...
Security Boulevard
5 Steps to Turn Your RMF Backlog Into a Continuous ATO: The CSRMC Migration Playbook

5 Steps to Turn Your RMF Backlog Into a Continuous ATO: The CSRMC Migration Playbook

| | devops in government, DevSecOps, Federal, framework, government, risk management, Sonatype Guide, Sonatype Lifecycle
Let's be honest about the legacy Risk Management Framework (RMF): for the last decade, achieving an ATO has been less about actual cybersecurity and more about creative writing. We built three-year "snapshot" ...
2024 Sonatype Blog
Essay — Effort Is No Longer a Defense

Essay — Effort Is No Longer a Defense

| | NIS2 compliance, risk management, Verizon DBIR
No longer can you check a box and walk away. NIS2 is changing the game. Image: Nano Banana 2.From Board to Breach: The Accountability Chain NIS2 Just Made ExplicitFor nineteen years, Verizon’s Data Breach ...
Stories by Kai Roer on Medium
Managing Open Source Software Risks With the HeroDevs EOL Dashboard

Managing Open Source Software Risks With the HeroDevs EOL Dashboard

| | dashboard, dependencies, open source, open source risk, open source risk management, risk management, secure software supply chain, Sonatype Lifecycle
Modern software delivery runs on open source. But as dependency graphs expand and application lifecycles stretch across years, end-of-life (EOL) components are becoming a structural security challenge ...
2024 Sonatype Blog

Why strategic CISOs need proactive risk reduction, not reactive GRC reporting

| | risk management
Security and GRC teams have no shortage of risk mitigation activities. They are carrying more work than ever, yet many still lack confidence in the data and recommendations produced by all that ...
TrustCloud
From Agentic Attacks to Real-Time Risk & Regulatory Asymmetry: What’s Ahead in 2026

From Agentic Attacks to Real-Time Risk & Regulatory Asymmetry: What’s Ahead in 2026

| | Agentic AI, behavioral analytics, Compliance, fraud prevention, risk management
As digital economies mature, fraud no longer sits at the edges of the business. Instead, it shapes who wins or loses in entire markets. Over the next year, leaders will contend with ...
Security Boulevard
One step at a time

One step at a time

| | Cybersecurity, Human Behavior, Information Security, risk management, security
One step at time. Post 6 in the Factory Series.Factory Series Part 6In 2007, I walked into a Scandinavian food-production facility and reached the production floor in under an hour. No badge. No appointment ...
Stories by Kai Roer on Medium
The Compound Effect

The Compound Effect

| | Cybersecurity, risk management, Security Culture
When incidents stack, the effect is multiplied.The Factory Series — Part 5So far in this series, I’ve treated the threats one at a time. The physical walk-through. The geopolitical shift. The fuel reserves. The digital ...
Stories by Kai Roer on Medium
You Don’t Need Legs Anymore

You Don’t Need Legs Anymore

| | Board of Directors, Cybersecurity, iot, risk management
No physical access is required in 2026. Everything is connected.The Factory Series post 4In 2007, I walked into a food-processing factory in Northern Europe without showing identification to a single person. The only ...
Stories by Kai Roer on Medium
Load more