Implementing ISO 27001:2022 Annex A.18 – Compliance Implementing ISO 27001:2022 Annex A.17 – Information Security Aspects of Business Continuity Management Implementing ISO 27001:2022 Annex A.16 – Information Security Incident Management…
NIS-2: 10 common misconceptions about the regulation NIS2: Perform a risk assessment NIS2: 3.Establish a cybersecurity framework NIS2: 2.Designate a responsible person or team How-To: NIS2 EU Directive Executive summary:…
Balancing functionality and privacy concerns in AI-based Endpoint Security solutions Artificial Intelligence vs. Machine Learning Thoughts on AI and Cybersecurity ChatGPT and copywriting ChatGPT and automotive cybersecurity #2/2: TISAX certification…
These days businesses are subject to increasing regulatory scrutiny, particularly regarding cybersecurity and operational resilience. Two significant EU regulations, NIS2 (Network and Information Systems Directive 2) and DORA (Digital Operational Resilience Act), outline mandatory requirements for organizations. Failure to comply can result in severe penalties. It is essential for executives to understand how these regulations […]
In the previous article, we explored how Scrum enables teams to add security to the backlog and prioritize it based on risk. Incorporating security into the SDLC ensures that security is not an afterthought but an integral part of the development process. Security User Stories are specific, actionable items that articulate the security needs of […]
I don’t usually write anymore about phishing attempts, but this one draw my attention due to large amount of emails and to variety of websites being used. Of course, I would not write “massive” if I would have received 1-10, but I receive about 10 a day. Fortunately, almost all go to Spam folder. Gmail […]
Agile Software Development: Why It’s Better Traditional development methodologies, such as the Waterfall model, struggle to keep up with the need for quick iterations, frequent releases, and adaptability to changing requirements. Agile software development addresses these challenges by emphasizing flexibility, collaboration, and continuous delivery. Agile methodologies break down the development process into smaller, manageable […]
The recent outage caused by Crowdstrike’s faulty update has create a lot of discussions. I wrote a post on LinkedIn where I asked the readers why are IT professionals using Crowdstrike on some systems that shouldn’t be in need of such protection in the first place. The answers in various groups were mostly related to: […]
Introduction ISO 27001:2022 and TISAX VDA ISA 6.0 are two prominent standards in the realm of information security management, particularly within the automotive industry. While ISO 27001 provides a global framework for establishing, implementing, maintaining, and continually improving an information security management system (ISMS), TISAX (Trusted Information Security Assessment Exchange), based on the VDA ISA […]
Introduction SOC 2 (Service Organization Control 2) certification is a framework designed by the American Institute of CPAs (AICPA) to help organizations manage customer data based on five Trust Service Criteria: , confidentiality,processing integrity, availability, security and privacy. This certification is crucial for service organizations that store or process customer data in the cloud. Comparison […]
What is Secure by Design? Secure by Design products are those where the security of the customers is a core business requirement, not just a technical feature. Secure by Design principles should be implemented during the design phase of a product’s development lifecycle to dramatically reduce the number of exploitable flaws before they are […]
We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we end the series with ISO 27001:2022 Annex A.18, “Compliance”, which addresses the importance of ensuring that organizations comply with relevant laws, regulations, contractual agreements, and other requirements related to information security. This annex focuses […]
We described here the process needed to perform a gap analysis for NIS2, but we did not add the details on how to approach this. This article references on the ISO27001:2022 series, especially on the description of the Annex A controls. Make sure you are familiar with the ISO 27oo1:2022 requirements and the with the […]
You must be logged in to post a comment.