Move fast and fail fast In software development, the mantra “move fast and fail fast” has become both a rallying cry and a source of considerable debate. It champions rapid iteration, prioritizing speed and output, often at the perceived expense of meticulous planning and architectural foresight. This approach, deeply intertwined with the principles of agile […]
They can’t mix, can they? Seems like a contradiction to talk about classical project management and the best agile software development methodology ? But let me ask you this: ever feel like traditional project management is great for mapping out the big picture but falls short when it comes to the nitty-gritty of execution? And […]
My company develops security products for all major operating systems. We work with startups and with big companies, all striving to develop features (functional and non-functional) as fast and as good as possible. While on the first view this seems like a contradiction, there are actually ways of implementing exactly this. For security software development […]
In the previous article, we explored how Scrum enables teams to add security to the backlog and prioritize it based on risk. Incorporating security into the SDLC ensures that security is not an afterthought but an integral part of the development process. Security User Stories are specific, actionable items that articulate the security needs of […]
I don’t usually write anymore about phishing attempts, but this one draw my attention due to large amount of emails and to variety of websites being used. Of course, I would not write “massive” if I would have received 1-10, but I receive about 10 a day. Fortunately, almost all go to Spam folder. Gmail […]
The recent outage caused by Crowdstrike’s faulty update has create a lot of discussions. I wrote a post on LinkedIn where I asked the readers why are IT professionals using Crowdstrike on some systems that shouldn’t be in need of such protection in the first place. The answers in various groups were mostly related to: […]
Introduction ISO 27001:2022 and TISAX VDA ISA 6.0 are two prominent standards in the realm of information security management, particularly within the automotive industry. While ISO 27001 provides a global framework for establishing, implementing, maintaining, and continually improving an information security management system (ISMS), TISAX (Trusted Information Security Assessment Exchange), based on the VDA ISA […]
We wrote here about NIS2 and we will continue to add more content about it. Because we are getting closer to October 17th, many people are getting more and more nervous about NIS2. Despite its significance, there are numerous misconceptions and misinterpretations circulating about the scope and implications of this regulation. This article aims to […]
We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.14, “System Acquisition, Development, and Maintenance”, which addresses the importance of ensuring the security of information systems throughout their lifecycle, from acquisition and development to maintenance and disposal. This annex provides […]
We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.13, “Communications Security”, which addresses the importance of securing information during its transmission over communication networks. This annex provides guidelines for implementing controls to protect the confidentiality, integrity, and availability of […]
You must be logged in to post a comment.