Endpoint Cybersecurity GmbH
- Understanding Defense in Depth in IT Security
- ISO 27001:2022 and TISAX: overlaps and differences
- Understanding the SOC 2 Certification
- Introduction to CISA’s Secure by Design Initiative
- Implementing ISO 27001:2022 Annex A.18 – Compliance
- Maping NIS2 requirements to the ISO 27001:2022 framework
- Implementing ISO 27001:2022 Annex A.17 – Information Security Aspects of Business Continuity Management
- Implementing ISO 27001:2022 Annex A.16 – Information Security Incident Management
- Executive summary: NIS2 Directive for the EU members (updated)
- NIS-2: 10 common misconceptions about the regulation
Understanding Defense in Depth in IT Security
/in EducationalThe recent outage caused by Crowdstrike’s faulty update has create a lot of discussions. I wrote a post on LinkedIn where I asked the readers why are IT professionals using Crowdstrike on some systems that shouldn’t be in need of such protection in the first place. The answers in various groups were mostly related to: […]
ISO 27001:2022 and TISAX: overlaps and differences
/in EducationalContents Toggle Introduction Overview of ISO 27001:2022 Overview of TISAX VDA ISA 6.0 Overlaps between ISO 27001:2022 and TISAX VDA ISA 6.0 Differences between ISO 27001:2022 and TISAX VDA ISA 6.0 Implementation of TISAX Using ISO 27001 Conclusion Introduction ISO 27001:2022 and TISAX VDA ISA 6.0 are two prominent standards in the realm of information […]
Understanding the SOC 2 Certification
/in EducationalContents Toggle Introduction Comparison of Various SOC Certification Versions SOC 1 (Service Organization Control 1) SOC 2 (Service Organization Control 2) Who Should Certify? Why Certify? What Is Certified? Topics Verified in SOC 2 Certification 1. Security 2. Availability 3. Processing Integrity 4. Confidentiality 5. Privacy Conclusion Introduction SOC 2 (Service Organization Control 2) certification […]
Introduction to CISA’s Secure by Design Initiative
/in EducationalContents Toggle What is Secure by Design? Who Should Be Interested? Why Is It Important? Focus of the Initiative Topics Covered by the Initiative Development and Implementation of Security Practices Stakeholder Collaboration Regulatory Compliance and Risk Management Implementation and Auditing How to Implement Auditing Responsibility and Governance Who Is Responsible? Governance Conclusion and further steps […]
Implementing ISO 27001:2022 Annex A.18 – Compliance
/in EducationalWe started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we end the series with ISO 27001:2022 Annex A.18, “Compliance”, which addresses the importance of ensuring that organizations comply with relevant laws, regulations, contractual agreements, and other requirements related to information security. This annex focuses […]