Featured Posts

Featured
How To Prepare For an Audit
Audit, Frameworks
How To Prepare For an Audit
Audit, Frameworks

Audit readiness isn’t about scrambling before the audit—it’s about building predictable, repeatable habits that align security, compliance, and business goals. Here’s how to build a framework that works year-round.

Audit, Frameworks
Regulatory Expectations for Startup and Community Banks
Banking
Regulatory Expectations for Startup and Community Banks
Banking

Startup and community banks face the same regulatory expectations as large financial institutions without the same resources. Many lean on hosted platforms, small tech teams, and outsourced vendors. But with rising cybersecurity risks, even minor disruptions can have outsized financial and reputational impacts. This post explores how smaller banks can right-size security, avoid common vendor pitfalls, and meet regulator expectations without overspending.

Banking
AI Risk in Banking: Preparing for Regulator Expectations
Banking, Artificial Intelligence, GenAI
AI Risk in Banking: Preparing for Regulator Expectations
Banking, Artificial Intelligence, GenAI

Artificial Intelligence in banking isn’t new, but its speed of deployment and regulatory scrutiny are unprecedented. Banks face a “bandwagon effect,” rushing AI initiatives while balancing risk management, governance, and consumer expectations. Key challenges like explainability and hallucinations require embedding AI into existing model risk frameworks, with strong controls, transparency, and incident readiness to safeguard compliance and trust.

Banking, Artificial Intelligence, GenAI
Comparing GenAI Governance Frameworks: OWASP, NIST AI RMF, ISO/IEC 42001, and CipherNorth’s Foundational Approach
GenAI, Artificial Intelligence, Frameworks
Comparing GenAI Governance Frameworks: OWASP, NIST AI RMF, ISO/IEC 42001, and CipherNorth’s Foundational Approach
GenAI, Artificial Intelligence, Frameworks

Generative AI governance is complex, with multiple frameworks available to address security, risk, ethics, and compliance. Compare OWASP LLM Top 10, NIST AI RMF & 600-1, ISO/IEC 42001:2023, and CipherNorth’s Foundational Framework to find the right approach for your organization’s maturity and goals.

GenAI, Artificial Intelligence, Frameworks
Incident Response Preparedness: Executive Management in a Crisis
Incident Response
Incident Response Preparedness: Executive Management in a Crisis
Incident Response

Executive reactions can make or break incident response. Learn how to manage roles, decisions, comms, and privilege for effective crisis leadership

Incident Response
Artificial Intelligence, GenAI, Risk Management, Third Party Risk Andrew Alaniz Artificial Intelligence, GenAI, Risk Management, Third Party Risk Andrew Alaniz

AI Browsers Are Changing the Game: But at What Cost?

AI browsers like Comet are revolutionizing how we research and work, summarizing data, automating analysis, and delivering instant insights. For startups, that’s game-changing. But for regulated industries like banking and healthcare, the promise comes with serious privacy tradeoffs. In this post, CipherNorth breaks down what Comet’s own privacy policies reveal and why enterprise leaders should think twice before letting AI browsers near sensitive data.

Read More
Risk Management, Frameworks Andrew Alaniz Risk Management, Frameworks Andrew Alaniz

An Overview of the Department of War's Cybersecurity Risk Management Construct

The Department of War’s new Cybersecurity Risk Management Construct (CSRMC) isn’t a revolution, it’s a reframing of existing ideas like continuous monitoring, automation, DevSecOps, and resilience. While the strategic direction is sound, CSRMC lacks the practical guidance such as control sets, telemetry standards, KPIs, and enforcement that operators and contractors need to act. Aligning CSRMC with well-established frameworks like NIST CSF, NIST SP 800-53, CMMC, and CIS Controls would turn vision into practice.

Read More