Security news aggregator

Latest coverage for Framework

Explore the latest frameworks in information security. Stay updated on guidelines to protect your digital assets and ensure data privacy.

113 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

A security framework is an organized set of principles, practices, and controls for managing information and technology risk. Frameworks such as the NIST Cybersecurity Framework, ISO/IEC 27001, and COBIT help organizations structure activities including identifying assets and risks, protecting systems, detecting events, responding to incidents, and recovering operations. They are reference models rather than automatically effective security programs: an organization must select and implement measures appropriate to its systems, threats, and risk tolerance.

Practitioners use frameworks to assign responsibilities, prioritize vulnerability remediation, assess suppliers and cloud services, and document why particular controls are in place. They also provide a common vocabulary for audits, regulatory or contractual evidence, and measuring improvement over time. News under this tag may concern revisions to framework requirements, mappings between frameworks, assessment findings, or failures caused by treating a framework checklist as proof that controls work. A framework can guide governance and security operations, but it does not replace technical testing, continuous monitoring, or judgment about specific attack surfaces.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 113 Filtered view
Bank Info Security 3 days, 21 hours ago

Illinois Enacts First US Law Mandating AI Safety Audits

SB 315 Requires Annual Independent Audits, 72-Hour Incident Reporting for AI GiantsGov. JB Pritzker signed bipartisan legislation making Illinois the first state to require annual independent safety audits of frontier AI developers, going beyond California and New York frameworks with incident reporting deadlines, whistleblower protections and penalties up to $3 million.

When You Consume AI, You Inherit Every Upstream Risk You Can't SeeMost enterprises don't build AI, they consume it through APIs, open-source models and orchestration frameworks. Each layer inherits upstream risk with little visibility. This piece maps the four-layer AI supply chain and the existing security disciplines that bring it under control.

Microsoft-Owned GitHub, Which Runs npm, Previews Supply-Chain Security FixesThe popular Mastra AI framework, used to build artificial intelligence agents, workflows and retrieval-augmented generation pipelines, has been poisoned by attackers, and Microsoft-owned GitHub has advised all developers to downgrade Mastra, pending compromised packages being found and eradicated.

Bank Info Security 1 month, 1 week ago

Security Leaders Must Stop Living by the Framework

Paul Watts of Keywords Studios on Business Alignment, AI Hype and Workforce RiskCybersecurity leaders who still operate through the lens of frameworks and risk registers could be irrelevant in a world where business moves without them, said Paul Watts, CISO at Keywords Studios. He recommends investing in both AI and people to sustain operations over the long haul, he said.

Bank Info Security 1 month, 2 weeks ago

AI Governance Playbook Calls for Enterprise Risk Controls

Healthcare Coordinating Council Highlights AI Risks, Potential Medical MishapsHealthcare organizations face an array of difficult cybersecurity, privacy, patient safety, supply chain and operational resiliency issues as they roll out artificial intelligence tools. A new Health Sector Coordinating Council playbook aims to help by providing a voluntary governance framework.

Bank Info Security 1 month, 2 weeks ago

Trump Signs Voluntary AI Cyber Review Order

White House Cuts Proposed AI Review Period From 90 Days to 30President Trump signed an executive order creating a voluntary framework for evaluating advanced AI systems with significant cybersecurity capabilities, directing NSA, Treasury and CISA to establish classified benchmarks while avoiding mandatory licensing or preclearance requirements.

Bank Info Security 1 month, 2 weeks ago

White House Faces Pressure to Rewrite AI Order

Analysts Say White House Must Quickly Replace Shelved AI FrameworkU.S. President Donald Trump's decision to abruptly shelve an artificial intelligence executive order aimed at creating a federal review process for frontier models doesn't annul the need for the federal government to work with frontier model makers to address risks, say cybersecurity experts.

Bank Info Security 1 month, 3 weeks ago

OMB Scraps Biden-Era Cyber Logging Rules

New Memo Replaces SolarWinds-Era Rules With Risk-Based ModelThe White House issued a new memo replacing SolarWinds-era logging mandates with a narrower framework focused on risk, threat hunting and forensic readiness as agencies confront faster artificial intelligence-enabled intrusions across federal networks.

License Frontier AI to Practice Medicine, Argues JAMA ArticleScrutiny is intensifying around the quickly evolving role that AI is playing in healthcare. That includes issues around the transparency and safety of consumer health chatbots and also whether a new clinical AI licensing framework is necessary to protect the integrity of medicine.

System Translates Detection Rules Across Security PlatformsResearchers developed an AI framework that converts threat detection rules between major SIEM platforms including Splunk, Microsoft Sentinel and QRadar. The system uses LLMs and automated validation steps to preserve detection logic during migrations that often require months of manual work.

Bank Info Security 2 months, 2 weeks ago

Breach Roundup: US Cyber Command Flags Election Threats

Also, HexDex Arrest, Black Axe Crackdown, LeRobot RCE FlawThis week, election threats resurfaced. A prolific hacker arrested. Black Axe network disrupted. China-linked disinformation targets Tibet. Exploited ScreenConnect and Windows flaws raise alarms. Minecraft gamers hit with stealer malware. A critical AI framework bug enables remote code execution.

Early Tests of New Anthropic AI Model Show Fast Detection, Better Flaw CorrelationCrowdStrike's early testing of Anthropic's new Claude Mythos Preview AI model shows faster vulnerability detection and improved cross-system context, signaling a shift toward AI-driven security operations that compress discovery-to-response timelines and force new defensive frameworks.

Bank Info Security 3 months, 1 week ago

Simplify Your Approach to Securing OT Networks

Why OT Security Comes Down to Risk Tolerance, Not Perfect DefenseSecuring OT networks isn't about eliminating risk. It's about managing it strategically. Learn how a three-pillar framework of risk assessment, tolerance and acceptance, paired with a phased approach to microsegmentation, can turn an overwhelming challenge into a manageable journey.

Bank Info Security 3 months, 3 weeks ago

How AI Agents Are Redefining the Insider Risk Threat Model

Proofpoint CEO Sumit Dhawan on Applying Human Insider Risk Safeguards to AI AgentsAI agents behave like humans and carry the same risk profile. They operate non-deterministically, can be manipulated through prompt engineering and lack any inherent code of conduct, so they require a purpose-built integrity framework to govern their behavior, says Sumit Dhawan, CEO at Proofpoint.

Bank Info Security 3 months, 3 weeks ago

Why AI Adoption Starts With Security

Meerah Rajavel of Palo Alto Networks on AI Security, Governance and Use-Case FitAs AI outpaces governance and security frameworks, enterprise leaders face a more pressing question: How can they move fast without losing control? Meerah Rajavel of Palo Alto Networks says organizations need security guardrails, clear use cases and firm limits on probabilistic AI.

Bank Info Security 3 months, 3 weeks ago

White House AI Policy Blueprint Leaves Key Risks Unresolved

Federal Proposal Pushes AI Adoption While Avoiding Regulatory DetailThe White House AI framework urges rapid deployment and federal alignment to counter China while proposing guardrails on fraud, safety and speech - but leaves unresolved conflicts on IP, content regulation and state preemption that Congress must navigate.

Bank Info Security 4 months, 1 week ago

Modernizing HIPAA: Are You Ready?

Key Challenges in the Proposed HIPAA Security Rule UpdateThe HIPAA Security Rule may soon undergo its first major overhaul in decades. Although finalization could come as early as May 2026, timelines remain uncertain as new requirements are grounded in modern cybersecurity practices and frameworks.

Fraud Specialist David Barnhardt on Addressing Authentication Risks of Agentic AIFinancial institutions are racing to deploy AI agents that can initiate payments, approve transactions and freeze accounts. But traditional authentication frameworks assume there's a human on the other end. As agentic AI use grows, banks are facing an authentication crisis that demands new controls.

Bank Info Security 5 months ago

Why Borderless AI Is Coming to an End

Countries Are Pouring Billions Into Domestic AI Stacks to Escape US-China DominanceBy 2027, more than one-third of the world's nations will be locked into region-specific AI platforms built on proprietary data, infrastructure and governance frameworks, according to Gartner. Nations are now safeguarding LLMs in the same way they do critical infrastructure.

Loading more headlines...