Endpoint Cybersecurity GmbH
- From Idea to Proof of Concept to MVP: The POC stage (2/3)
- From Idea to Proof of Concept to MVP: The Idea stage (1/3)
- Delivering often in small increments with Scrum
- Navigating AI Standards and Regulations
- Policy vs Standard vs Procedure: why, what, how
- Comparing Annex A in ISO/IEC 27001:2013 vs. ISO/IEC 27001:2022
- NIS2 Fulfillment through TISAX Assessment and ISA6
- Guide for delivering frequently software features that matter (series) #2/2: Challenges and the path forward
- Guide for delivering frequently software features that matter (series) #1/2: the Pillars of successful frequent delivery
- Guide for delivering frequently software features that matter (series)
How-To create Security User Stories
/in EducationalIn the previous article, we explored how Scrum enables teams to add security to the backlog and prioritize it based on risk. Incorporating security into the SDLC ensures that security is not an afterthought but an integral part of the development process. Security User Stories are specific, actionable items that articulate the security needs of […]
Delivering secure software in an agile way
/in EducationalContents Toggle Agile Software Development: Why It’s Better Using Scrum for software development Non-Functional features in Scrum Security in Software Development The challenge of adding security user stories to the backlog How to add security to the Scrum backlog Conclusions Agile Software Development: Why It’s Better Traditional development methodologies, such as the Waterfall model, […]
Understanding Defense in Depth in IT Security
/in EducationalThe recent outage caused by Crowdstrike’s faulty update has create a lot of discussions. I wrote a post on LinkedIn where I asked the readers why are IT professionals using Crowdstrike on some systems that shouldn’t be in need of such protection in the first place. The answers in various groups were mostly related to: […]
ISO 27001:2022 and TISAX: overlaps and differences
/in EducationalContents Toggle Introduction Overview of ISO 27001:2022 Overview of TISAX VDA ISA 6.0 Overlaps between ISO 27001:2022 and TISAX VDA ISA 6.0 Differences between ISO 27001:2022 and TISAX VDA ISA 6.0 Implementation of TISAX Using ISO 27001 Conclusion Introduction ISO 27001:2022 and TISAX VDA ISA 6.0 are two prominent standards in the realm of information […]
Understanding the SOC 2 Certification
/in EducationalContents Toggle Introduction Comparison of Various SOC Certification Versions SOC 1 (Service Organization Control 1) SOC 2 (Service Organization Control 2) Who Should Certify? Why Certify? What Is Certified? Topics Verified in SOC 2 Certification 1. Security 2. Availability 3. Processing Integrity 4. Confidentiality 5. Privacy Conclusion Introduction SOC 2 (Service Organization Control 2) certification […]