RSI Security

Blog

  • ISO/IEC 42001 Webinar Recap: How to Implement Your AI Management System (AIMS)

    ISO/IEC 42001 Webinar Recap: How to Implement Your AI Management System (AIMS)

    Over the past three weeks, our ISO/IEC 42001 webinar series has laid the groundwork for responsible and scalable AI management system. We explored what ISO 42001 entails, how it aligns with the NIST AI Risk Management Framework, and its integration with existing programs like ISO 27001 and GDPR.

    In this final session, we shifted from understanding why AI governance is essential to actionable implementation. Below is a detailed recap of our discussion, designed to guide teams in transforming awareness into practice and starting to build a functional, auditable AI management system (AIMS). (more…)

  • How San José Is Using the NIST AI RMF to Build Trustworthy AI

    How San José Is Using the NIST AI RMF to Build Trustworthy AI

    As artificial intelligence (AI) becomes increasingly embedded in government operations, cities across the U.S. face a critical challenge: ensuring these systems remain fair, safe, transparent, and trustworthy. The City of San José, California, one of the country’s leading technology hubs, has emerged as an early model for responsible public-sector AI. San José is one of the first municipalities to formally evaluate its AI programs using the NIST AI Risk Management Framework (AI RMF). Through a collaboration with the National Institute of Standards and Technology, the city applied the AI RMF to assess its AI governance maturity, identify risks, and strengthen safeguards across all AI-related activities.

    This NIST AI RMF case study reveals not only what San José is doing well, but also where public-sector organizations must continue improving to deploy trustworthy, risk-aware AI systems. (more…)

  • The Importance of Having and Maintaining a Data Asset List and how to create one

    The Importance of Having and Maintaining a Data Asset List and how to create one

    Cybersecurity is no longer just about firewalls, antivirus tools, or encryption protocols. In 2025, with data breaches, regulatory pressure, and AI-driven threats at an all-time high, effective security starts with one essential task: understanding your data through a comprehensive data asset inventory.

    Before you can protect sensitive information, you need to know what data you have, where it resides, who can access it, and how it flows across your environment. A well-maintained data asset inventory provides this visibility, helping organizations strengthen cybersecurity, streamline compliance, and improve operational oversight across every department. (more…)

  • Threat Report: Chinese Cyber Contractor Leak, Global Attack Surge, and Pakistan’s Escalating Threat Landscape

    Threat Report: Chinese Cyber Contractor Leak, Global Attack Surge, and Pakistan’s Escalating Threat Landscape

    The world is facing escalating global cyber threats, as attackers grow more sophisticated and aggressive. This week, a leak from a Chinese hacking contractor exposed state-linked tools and target lists, while research shows a worldwide surge in cyber-attacks driven by ransomware and Gen AI. Pakistan alone reported over 5.3 million attacks in just nine months, highlighting how rapidly adversaries are expanding across emerging digital economies.
    From governments to multinational enterprises, these developments underscore the rising complexity of attack campaigns and the urgent need for threat-informed defense programs that address today’s global cyber threats.

    (more…)

  • Generative Artificial Intelligence Risk & NIST AI RMF

    Generative Artificial Intelligence Risk & NIST AI RMF

    Generative Artificial Intelligence offers organizations across industries significant productivity and efficiency gains, but it also introduces new risks. The NIST AI RMF (AI Risk Management Framework) provides a structured approach to identify, assess, and mitigate these risks while maximizing the benefits of generative AI.
     Is your organization prepared for secure and compliant AI adoption? Schedule a consultation today to ensure your AI initiatives are safe, responsible, and aligned with industry standards.

    (more…)

  • Roadmap to Achieving NIST AI RMF

    Roadmap to Achieving NIST AI RMF

    Organizations embracing artificial intelligence (AI) to streamline operations must also prepare for the unique risks it. The NIST AI Risk Management Framework (AI RMF) provides a structured, trustworthy approach to identifying, evaluating, and mitigating these risks across the AI lifecycle. Implementing this framework helps internal teams establish clear governance and gives external stakeholders confidence in your organization’s responsible AI practices.

    Is your organization ready to align with the NIST AI Risk Management Framework? Schedule a consultation to get started.

     

    (more…)

  • 10 Common Questions About SOC 2 Compliance

    10 Common Questions About SOC 2 Compliance

    SOC 2 Compliance is a critical standard for service-oriented businesses aiming to protect client data and build trust. Developed by the American Institute of CPAs (AICPA), SOC 2 provides a framework for managing and securing sensitive information. While achieving SOC 2 compliance can seem complex, understanding its requirements is essential for safeguarding data, meeting client expectations, and demonstrating a strong commitment to cybersecurity.

    (more…)

  • Weekly Threat Report: Vendor Breaches, Healthcare Fallout, and Google’s Cybersecurity Wake-Up Call

    Weekly Threat Report: Vendor Breaches, Healthcare Fallout, and Google’s Cybersecurity Wake-Up Call

    Across industries, from higher education to healthcare and global tech, cybersecurity incidents this week highlight a critical lesson: organizations often overlook foundational risks. A mismanaged vendor handoff exposed hundreds of thousands of sensitive files, while new research revealed the financial and operational impact of healthcare cyber incidents. Even Google emphasized that security leaders should focus on essential controls rather than chasing hype, underscoring the importance of robust vendor risk management practices. (more…)

  • Who Needs to be SOC 2 Compliant?

    Who Needs to be SOC 2 Compliant?

    Depending on your business and the type of data you handle, you may need to be SOC 2 compliant to meet the security standards set by the American Institute of CPAs (AICPA). SOC reports, SOC 1, SOC 2, and SOC 3, apply mainly to service organizations that store, process, or manage customer data.

    So, who exactly needs to be SOC 2 compliant, and what does SOC 2 cover? Keep reading to find out everything you need to know about SOC 2 compliance and how it protects sensitive data

    (more…)

  • Cyber Risk: Strategic Insights and Industry Benchmarks from the X-Analytics 2025 Report

    Cyber Risk: Strategic Insights and Industry Benchmarks from the X-Analytics 2025 Report

    Cyber Risk is no longer just a technical concern; it’s a critical business and financial priority. The X-Analytics 2025 Annual Research Report highlights how modern organizations face evolving cyber threats, emphasizing that managing cyber risk is essential for strategic decision-making.

    Based on proprietary research from 118 data sources across 21 industries, the report doesn’t just offer insights; it challenges business leaders to treat cyber risk with the urgency and importance it demands. (more…)