You’ve got a system that needs to be tested, but you’re not really certain about which environment the testing should occur in. Or, maybe you’re feeling uneasy about testing within production. Many have been in your exact same shoes in the past -- below, we’ll help assist you in making this important decision.

As new cybersecurity legislation continues to roll out across the globe, Hong Kong is set to introduce its Protection of Critical Infrastructure Bill—the first of its kind for the region and a significant step in its efforts to strengthen its cyber resilience. Being such a milestone, it’s important that the critical infrastructure operators (CIOs) under the Bill’s purview understand its mandates regarding risk assessments, incident reporting, and preventative measures.

Though so much attention has been placed on secure coding to mitigate cyber threats to software, another emerging area of focus is the “software supply chain,” or the “software bill of materials” (SBOM). Why? Because software security doesn’t just depend on secure coding—the individual components of the software, or the SBOM—are equally critical.

ISO/IEC 42001:2023 has rapidly become the global standard for Artificial Intelligence (AI) governance. While it is a close cousin of ISO/IEC 27001:2022, ISO 42001—rather than focusing primarily on cyber and information security—takes a more holistic approach to risk management for AI systems.

Within a few months of their latest update to their Data Protection Requirements (DPR) to address a coding incident (version 9.1), Microsoft released a draft or “pre-read” for their version 10 requirements that will be utilized for its Supplier Security and Privacy Assurance (SSPA) process as of the 2025 fiscal year. Arguably the largest update to the DPR since September 2018, v10’s new mandates address artificial intelligence (AI) and include important references to ISO 42001 that suppliers may want to take advantage of during their next compliance cycle.

Underscoring the firm's commitment to responsible AI, this accreditation enables Schellman to certify organizations against the first global AI standard of its kind

In the healthcare industry, artificial intelligence (AI) is being used to save lives—using data sets, these systems are being trained to examine imaging and successfully detect potential health risks, like cancer. However, as with every technological development and shift in its use, new risks have also emerged related to the use of AI, as have measures to help mitigate them—one of which is the HITRUST AI Risk Management Assessment.

A question we receive frequently during scoping calls is “What tools does your team use during a penetration test?” The answer can depend on the scope, services, and situations we come across during the engagement. Additionally, there is constant industry and threat pressure to stay ahead of the curve. Our toolkit is constantly evolving to reflect the latest threats and techniques, ensuring we can simulate real-world attacks effectively.