Ai Cybersecurity

Writing a SaaS vulnerability management policy using AI

Writing a SaaS vulnerability management policy using AI

Learn the basics of writing simple, ISO-compliant, vulnerability management policies for SaaS companies

A vulnerability management policy is a key component of an Information Security Management System (ISMS). This is especially true for SaaS companies selling cloud products. Before buying such products, customers will seek proof that product security vulnerabilities are consistently managed.

While a vulnerability management policy, on its own, cannot offer bullet proof guarantees, it is still considered a must-have. Any customer needing assurance that proper vulnerability management practices are being followed by suppliers will expect one.

Free SaaS ISMS quickstart

Free SaaS ISMS quickstart

Learn what it takes and what is needed to put together a free ISMS for SaaS companies

To carry out business, today’s SaaS organisations must demonstrate some level of compliance with internationally recognised cybersecurity standards. For SaaS companies, ISO 27001 is the certification that is most requested by customers. Obtaining such certification allows companies to demonstrate a systematic approach to information security supported by a credible commitment to employ best practices and continuously improve.

To obtain the certification companies must put in place an Information Security Management System (ISMS) conforming to the ISO 27001 standard. For SaaS companies, creating a basic ISMS should not require large investments. Knowing how to obtain ISO 27001 efficiently and an understanding of what a minimal implementation looks like is all that is required.

Creating an LLM AI security checklist for rapid fieldwork use

Creating an LLM AI security checklist for rapid fieldwork use

Learn how security teams can help companies safely adopt LLM AIs by using a fieldwork checklist based on OWASP

In 2023 the technology industry experienced a surge of open source LLM models being released. In the first half of 2024, many companies are now getting their hands on these open-source LLM models looking for ways to integrate them in their products and processes.

While the availability of open-source LLMs opens exciting possibilities for companies worldwide, for many security teams this poses a challenge: introducing these LLMs in a safe and compliant way within company products or processes.

How to run data breach simulations

How to run data breach simulations

Need to run a data breach simulation? Learn how to organise and execute them quickly and efficiently

Running effective incident simulations is an incredibly challenging task. Security teams often run at maximum capacity and have limited time for non-essential activities. This is especially true with data breach simulations. Security teams focus most energies on detecting and responding to malicious network activities occuring early during attacks. In this context, data breaches typically are the end result, rather than the trigger, of a successful network compromise. Because of these constraints and considerations, data breach simulations must perfectly balance planning efficiency, realism and value generation - fortunately, by using a few simple tricks, this balance is generally achievable for most security teams.