Endpoint Cybersecurity GmbH
- Policy vs Standard vs Procedure: why, what, how
- Comparing Annex A in ISO/IEC 27001:2013 vs. ISO/IEC 27001:2022
- NIS2 Fulfillment through TISAX Assessment and ISA6
- Guide for delivering frequently software features that matter (series) #2/2: Challenges and the path forward
- Guide for delivering frequently software features that matter (series) #1/2: the Pillars of successful frequent delivery
- Guide for delivering frequently software features that matter (series)
- Beyond “Move Fast and Fail Fast”: Balancing Speed, Security, and … Sanity in Software Development (with Podcast)
- Project management with Scrum (with Podcast)
- Comparing “Records of Processing Activities” (ROPA) and “Data Protection Impact Assessments” (DPIA) (with Podcast)
- AI vs. (secure) software developers
Understanding the SOC 2 Certification
/in EducationalContents Toggle Introduction Comparison of Various SOC Certification Versions SOC 1 (Service Organization Control 1) SOC 2 (Service Organization Control 2) Who Should Certify? Why Certify? What Is Certified? Topics Verified in SOC 2 Certification 1. Security 2. Availability 3. Processing Integrity 4. Confidentiality 5. Privacy Conclusion Introduction SOC 2 (Service Organization Control 2) certification […]
Introduction to CISA’s Secure by Design Initiative
/in EducationalContents Toggle What is Secure by Design? Who Should Be Interested? Why Is It Important? Focus of the Initiative Topics Covered by the Initiative Development and Implementation of Security Practices Stakeholder Collaboration Regulatory Compliance and Risk Management Implementation and Auditing How to Implement Auditing Responsibility and Governance Who Is Responsible? Governance Conclusion and further steps […]
Implementing ISO 27001:2022 Annex A.18 – Compliance
/in EducationalWe started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we end the series with ISO 27001:2022 Annex A.18, “Compliance”, which addresses the importance of ensuring that organizations comply with relevant laws, regulations, contractual agreements, and other requirements related to information security. This annex focuses […]
Maping NIS2 requirements to the ISO 27001:2022 framework
/in EducationalWe described here the process needed to perform a gap analysis for NIS2, but we did not add the details on how to approach this. This article references on the ISO27001:2022 series, especially on the description of the Annex A controls. Make sure you are familiar with the ISO 27oo1:2022 requirements and the with the […]
Implementing ISO 27001:2022 Annex A.17 – Information Security Aspects of Business Continuity Management
/in EducationalWe started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.17, “Information Security Aspects of Business Continuity Management” is crucial for organizations to ensure the resilience of their information security management systems (ISMS) in the face of disruptive events. This annex […]