DISC Infosec blog

GRC at Machine Speed: Four Anchors Reshaping Governance in the Cloud and AI Era

disc7 — Mon, 08 Jun 2026 16:11:51 +0000

GRC at Machine Speed: Four Anchors Reshaping Governance in the Cloud and AI Era For most of its history, Governance, Risk, and Compliance has run at the speed of paper. Spreadsheets tracked controls. Evidence arrived by email the week before an audit. Risk registers were reviewed quarterly, if that. The whole discipline was built around […]

The post GRC at Machine Speed: Four Anchors Reshaping Governance in the Cloud and AI Era appeared first on DISC InfoSec blog.

AI Can Pentest Your Network Now. That’s Not the Risk You Should Worry About

disc7 — Fri, 05 Jun 2026 20:04:16 +0000

Two Open-Source AI Pentesting Tools, One Governance Question: What METATRON and PentestSwarm Mean for SMEs Frontier AI has removed that friction from both sides of the table simultaneously. The same reasoning capability that lets a model chain reconnaissance, classify findings, and suggest exploit paths is now available in open-source tooling that an SME can run […]

The post AI Can Pentest Your Network Now. That’s Not the Risk You Should Worry About appeared first on DISC InfoSec blog.

GRC at Machine Speed: How AI Is Reshaping Governance, Risk, and Compliance

disc7 — Thu, 04 Jun 2026 15:28:43 +0000

AI is not simply another technology that GRC teams will govern — it will fundamentally reshape how GRC is practiced, measured, and delivered. From an AI governance perspective, the biggest shift over the next few years is that GRC will move from periodic, documentation-heavy activities toward continuous assurance. Traditional models built around annual assessments, point-in-time […]

The post GRC at Machine Speed: How AI Is Reshaping Governance, Risk, and Compliance appeared first on DISC InfoSec blog.

Building AI Governance That Actually Works: From Ethics to the Exam Room

disc7 — Wed, 03 Jun 2026 17:02:18 +0000

Below is the HTML format of our post. Click to view it in a separate window Four risks, three frameworks, and what real-world mapping across ISO 27001, ISO 42001, and NIST 800-53 Rev. 5 actually looks like The AI Governance Quick-Start: Defensible in 10 Days, Not 4 Quarters DISC InfoSec is an active ISO 42001 […]

The post Building AI Governance That Actually Works: From Ethics to the Exam Room appeared first on DISC InfoSec blog.

Corporate Visibility as an Attack Surface: Managing Risk in the AI Era

disc7 — Tue, 02 Jun 2026 16:12:28 +0000

Corporate visibility has become a business requirement rather than a marketing choice. Organizations publish employee profiles, leadership pages, technical blogs, social links, and recruiting content to build trust, attract talent, and improve customer confidence. However, every piece of public information expands the organization’s attack surface and creates intelligence opportunities for adversaries. The challenge is no […]

The post Corporate Visibility as an Attack Surface: Managing Risk in the AI Era appeared first on DISC InfoSec blog.

GRC Engineering Is the Future of Cloud Compliance

disc7 — Mon, 01 Jun 2026 19:41:47 +0000

Most GRC material stays stuck at the policy and framework level. This book is one of the few that actually tries to push the discipline into something the industry has been struggling with for years: engineering governance, risk, and compliance as a system—not a documentation exercise. GRC ENGINEERING FOR AWS: A Hands-On Guide to Governance, […]

The post GRC Engineering Is the Future of Cloud Compliance appeared first on DISC InfoSec blog.

Four risks, three frameworks, and what real-world mapping across ISO 27001, ISO 42001, and NIST 800-53 Rev. 5 actually looks like

disc7 — Mon, 01 Jun 2026 16:52:13 +0000

Your Risk Register Is Probably Built Backwards Four risks, three frameworks, and what mapping ISO 27001, ISO 42001, and NIST 800-53r5 actually looks like in practice. Most risk registers are built backwards. Someone exports a control list from a framework, generates a row for each control, and reverse-engineers a “risk” to justify it. The result […]

The post Four risks, three frameworks, and what real-world mapping across ISO 27001, ISO 42001, and NIST 800-53 Rev. 5 actually looks like appeared first on DISC InfoSec blog.

The Bus Factor Just Inverted: Governing the Agents Your Engineers Leave Behind

disc7 — Thu, 28 May 2026 15:56:21 +0000

Earning Cybersecurity Confidence in the Age of Agentic AI — A Practitioner’s Read Hrvoje Englman, CISO at Span, used his keynote at the Span Cyber Security Arena to describe a defender’s job that has been rewritten in roughly twenty-four months. Engineering teams are now writing their own software with AI coding assistants, spinning up agents […]

The post The Bus Factor Just Inverted: Governing the Agents Your Engineers Leave Behind appeared first on DISC InfoSec blog.

ISO 42001 Just Got Easier to Prove: Anthropic Opens Claude to 28 Security and Compliance Tools

disc7 — Wed, 27 May 2026 16:09:23 +0000

As enterprise adoption of generative AI accelerates, the operational gap between “AI as productivity tool” and “AI as governed enterprise application” has widened. Anthropic has moved to close that gap by introducing 28 integrations with security and compliance tools that allow IT and security teams to manage Claude in the same way they manage other […]

The post ISO 42001 Just Got Easier to Prove: Anthropic Opens Claude to 28 Security and Compliance Tools appeared first on DISC InfoSec blog.

Modern GRC Maturity: Connecting Governance, Risk, Controls, and Technology

disc7 — Tue, 26 May 2026 15:27:25 +0000

The Six Layers of a Mature GRC Operating Model In today’s rapidly evolving business environment, Governance, Risk, and Compliance (GRC) can no longer operate as disconnected activities managed by separate teams and spreadsheets. Organizations facing cyber threats, AI risks, regulatory pressure, and operational complexity need a unified GRC operating model that connects governance, risk management, […]

The post Modern GRC Maturity: Connecting Governance, Risk, Controls, and Technology appeared first on DISC InfoSec blog.

The One Security Book That Got Louder With Every Passing Year

disc7 — Fri, 22 May 2026 18:05:58 +0000

The One Security Book That Got Louder With Every Passing Year Why Click Here to Kill Everybody by Bruce Schneier belongs on every CISO’s, CAIO’s, and board director’s shelf — in that order There are security books you read once and shelve. And then there is Bruce Schneier’s Click Here to Kill Everybody, which somehow […]

The post The One Security Book That Got Louder With Every Passing Year appeared first on DISC InfoSec blog.

Microsoft Just Made AI Agent Security a CI/CD Problem — Here’s Why That Matters

disc7 — Fri, 22 May 2026 15:16:06 +0000

Microsoft Just Open-Sourced the Missing Piece of AI Agent Security: A Practitioner’s Take on RAMPART and Clarity On May 20, Microsoft’s AI Red Team released two open-source tools that should be on every CISO’s and AI program owner’s reading list this week: RAMPART, a continuous testing framework for AI agents, and Clarity, a structured design-review […]

The post Microsoft Just Made AI Agent Security a CI/CD Problem — Here’s Why That Matters appeared first on DISC InfoSec blog.

Free AI Governance Maturity Calculator for Modern Enterprises

disc7 — Thu, 21 May 2026 20:54:16 +0000

AI adoption is accelerating — but most organizations still lack a clear way to measure whether their AI governance program is secure, compliant, and audit-ready. That’s why DISC InfoSec created the free AI Governance Maturity Calculator — a practical assessment tool designed to help organizations benchmark their AI governance capabilities against leading frameworks including ISO/IEC […]

The post Free AI Governance Maturity Calculator for Modern Enterprises appeared first on DISC InfoSec blog.

Why ISO 42001 Will Be the Next SOC 2

disc7 — Thu, 21 May 2026 16:10:12 +0000

The Quiet Truth in the Gen AI Hype: Governance Is the Product I just finished Generative AI and LLMs For Dummies — a solid primer aimed at executives and non-technical leaders trying to understand what they’ve already bought into. Most of it is what you’d expect: foundation models, transformers, prompt engineering, RAG, vector embeddings. But […]

The post Why ISO 42001 Will Be the Next SOC 2 appeared first on DISC InfoSec blog.

Managing AI Risk: A Practical Approach to Secure, Responsible, and Effective AI Adoption

disc7 — Wed, 20 May 2026 15:04:32 +0000

Managing AI Risk: A Practical Approach to Secure, Responsible, and Effective AI Adoption Artificial Intelligence is transforming how organizations operate, compete, and innovate. From automating business workflows to enhancing cybersecurity detection and accelerating decision-making, AI offers enormous opportunities. Yet alongside these benefits comes a rapidly expanding landscape of risks that organizations can no longer ignore. […]

The post Managing AI Risk: A Practical Approach to Secure, Responsible, and Effective AI Adoption appeared first on DISC InfoSec blog.