Endpoint Cybersecurity GmbH
- Comparing Annex A in ISO/IEC 27001:2013 vs. ISO/IEC 27001:2022
- NIS2 Fulfillment through TISAX Assessment and ISA6
- Guide for delivering frequently software features that matter (series) #2/2: Challenges and the path forward
- Guide for delivering frequently software features that matter (series) #1/2: the Pillars of successful frequent delivery
- Guide for delivering frequently software features that matter (series)
- Beyond “Move Fast and Fail Fast”: Balancing Speed, Security, and … Sanity in Software Development (with Podcast)
- Project management with Scrum (with Podcast)
- Comparing “Records of Processing Activities” (ROPA) and “Data Protection Impact Assessments” (DPIA) (with Podcast)
- AI vs. (secure) software developers
- Accelerating feature delivery in software development
Authentication vs. Authorization
/in EducationalThese two fundamental concepts play a pivotal role in ensuring the integrity and security of digital systems. While these terms are often used interchangeably, they represent distinct and equally essential aspects in the world of identity and access management (IAM), which safeguards sensitive information and resources . Executive summary Authentication confirms that users are who they […]
Demystifying cybersecurity terms: Policy, Standard, Procedure, Controls, Framework, Zero Trust
/in EducationalI am often asked what is the difference between Policy, Standard, Procedure in cybersecurity. Well, here it is: 1. Cybersecurity Standard A cybersecurity standard is a set of guidelines, criteria, or best practices that organizations follow to ensure that their security controls and procedures align with industry standards or regulatory requirements. Standards provide a benchmark […]
Zero Trust in Cybersecurity: from myth to the guide
/in EducationalEvery single day I read news on various portals and on LinkedIn and I encounter a lot of buzz words. Most of the time I just smile recognizing the marketing b**it, and continue to scroll… This time, I found an article from the Germany’s Federal Bureau of Information Security (BSI) and it was about Zero […]
NIS2: 3.Establish a cybersecurity framework
/in EducationalWe wrote here https://www.sorinmustaca.com/how-to-nis2-eu-directive/ that the 3rd step in implementing the requirements of the directive is to establish a cybersecurity framework. If you haven’t read what a cybersecurity framework means, then you should read article: https://www.sorinmustaca.com/demystifying-cybersecurity-terms-policy-standard-procedure-controls-framework/ . Establishing a cybersecurity framework is critically important for organizations of all sizes and types because it is […]
How to implement an Information Security Management System (ISMS)
/in EducationalWe wrote here https://www.sorinmustaca.com/how-to-nis2-eu-directive/ that the 3rd step in implementing the requirements of the directive is to establish a cybersecurity framework. If you haven’t read what a cybersecurity framework means, then you should read article: https://www.sorinmustaca.com/demystifying-cybersecurity-terms-policy-standard-procedure-controls-framework/ . An ISMS is typically based on the ISO 27001 standard, which provides a framework for establishing, implementing, maintaining, […]