Blog

STRIDE Framework Threat Modeling and ISO/IEC 42001

The STRIDE framework is a structured approach to threat modeling that helps organizations identify and prioritize the most common and impactful cybersecurity threats. Originally developed by Microsoft, STRIDE remains widely used today to assess risks across modern systems, including AI-driven environments.

For organizations pursuing ISO/IEC 42001 compliance, STRIDE framework threat modeling plays an important role in AI risk identification, mitigation planning, and governance alignment. It supports proactive security decision-making while also helping organizations meet overlapping requirements found in other cybersecurity and risk management frameworks.

Is your organization prepared to apply STRIDE framework threat modeling effectively?
Schedule a consultation to assess your readiness and strengthen your AI risk management program.

(more…)

December 22, 2025
Weekly Threat Report: State-Backed Surveillance, Apple Threat Alerts, and the New Data Breach Reality
This week’s cybersecurity landscape isn’t defined by a single, high-profile incident but by a global pattern of silent, high-impact targeting that often goes unnoticed. Apple recently issued a new round of cyber threat alerts to users across dozens of countries, warning that they could be targets of state-backed hacking and surveillance campaigns. While these alerts may not resemble traditional data breach, they highlight some of the most dangerous forms of data exposure: quiet, persistent attacks aimed at high-value individuals.

For security and risk leaders, this evolving threat landscape raises three critical questions:
1. What do these Apple threat alerts reveal about potential data breach ?
2. How does state-backed surveillance change our understanding of data breach risks?
What steps should organizations take to protect high-risk users and sensitive data?

(more…)
December 12, 2025
Do You Need a SOC 2 Type 1 or SOC 2 Type 2 Report
Preparing for a SOC 2 audit? Determining whether you need a SOC 2 Type 1 or a SOC 2 Type 2 report is crucial for your compliance and client trust. Ask yourself the following questions to guide your decision:
- Do you need SOC 2 reporting at all for your organization?
- Would a SOC 2 Type 1 report be sufficient to meet your initial requirements?
- Do you require a SOC 2 Type 2 report to demonstrate ongoing security controls over time?
- Could your business benefit from having both a Type 1 and a Type 2 report?
(more…)
December 10, 2025
Weekly Threat Report: Coupang Breach, FFF Compromise, and the Global Rise of AI-Driven Cybercrime

This week’s cybersecurity landscape highlights the growing risk of data breaches and cyberattacks worldwide. A major Coupang data breach exposed sensitive information for millions of customers, while the French Football Federation experienced its latest targeted compromise. Meanwhile, security researchers warn that AI-powered cybercrime is accelerating across industries.
From digital marketplaces to national institutions, these incidents emphasize the urgent need for robust identity controls, insider risk mitigation, and AI-aware defensive strategies.

(more…)

December 4, 2025
NIST AI Risk Management Framework to ISO-IEC-42001 Crosswalk

Organizations implementing AI technologies must stay ahead of rapidly emerging governance and compliance requirements. Two of the most important frameworks are the NIST AI Risk Management Framework (NIST AI RMF) in the United States and the ISO/IEC 42001:2023 AI Management System standard used internationally. While each framework- serves a different regulatory environment, starting with the NIST AI Risk Management Framework provides a strong foundation that makes aligning with—and ultimately certifying against, ISO 42001 significantly easier.

Is your organization preparing for NIST or ISO AI compliance? Schedule a consultation to get expert guidance.

(more…)

December 2, 2025
ISO/IEC 42001 Webinar Recap: How to Implement Your AI Management System (AIMS)

Over the past three weeks, our ISO/IEC 42001 webinar series has laid the groundwork for responsible and scalable AI management system. We explored what ISO 42001 entails, how it aligns with the NIST AI Risk Management Framework, and its integration with existing programs like ISO 27001 and GDPR.

In this final session, we shifted from understanding why AI governance is essential to actionable implementation. Below is a detailed recap of our discussion, designed to guide teams in transforming awareness into practice and starting to build a functional, auditable AI management system (AIMS). (more…)

November 28, 2025
How San José Is Using the NIST AI RMF to Build Trustworthy AI

As artificial intelligence (AI) becomes increasingly embedded in government operations, cities across the U.S. face a critical challenge: ensuring these systems remain fair, safe, transparent, and trustworthy. The City of San José, California, one of the country’s leading technology hubs, has emerged as an early model for responsible public-sector AI. San José is one of the first municipalities to formally evaluate its AI programs using the NIST AI Risk Management Framework (AI RMF). Through a collaboration with the National Institute of Standards and Technology, the city applied the AI RMF to assess its AI governance maturity, identify risks, and strengthen safeguards across all AI-related activities.

This NIST AI RMF case study reveals not only what San José is doing well, but also where public-sector organizations must continue improving to deploy trustworthy, risk-aware AI systems. (more…)

November 24, 2025
The Importance of Having and Maintaining a Data Asset List and how to create one

Cybersecurity is no longer just about firewalls, antivirus tools, or encryption protocols. In 2025, with data breaches, regulatory pressure, and AI-driven threats at an all-time high, effective security starts with one essential task: understanding your data through a comprehensive data asset inventory.

Before you can protect sensitive information, you need to know what data you have, where it resides, who can access it, and how it flows across your environment. A well-maintained data asset inventory provides this visibility, helping organizations strengthen cybersecurity, streamline compliance, and improve operational oversight across every department. (more…)

November 21, 2025
Threat Report: Chinese Cyber Contractor Leak, Global Attack Surge, and Pakistan’s Escalating Threat Landscape

The world is facing escalating global cyber threats, as attackers grow more sophisticated and aggressive. This week, a leak from a Chinese hacking contractor exposed state-linked tools and target lists, while research shows a worldwide surge in cyber-attacks driven by ransomware and Gen AI. Pakistan alone reported over 5.3 million attacks in just nine months, highlighting how rapidly adversaries are expanding across emerging digital economies.
From governments to multinational enterprises, these developments underscore the rising complexity of attack campaigns and the urgent need for threat-informed defense programs that address today’s global cyber threats.

(more…)

November 20, 2025
Who Needs SOC 2 Compliance?
If you’re unsure whether SOC 2 compliance is necessary for your organization, ask yourself the following:
- Industry requirements: Which industries and niches specifically require SOC 2 compliance?
- Report types: Which type of SOC 2 report, Type I or Type II, best fits your needs?
- SOC framework differences: How does SOC 2 differ from SOC 1 and SOC 3?
Other Compliance frameworks: Are there other SOC or security frameworks that might apply to your organization?

(more…)
November 19, 2025