Endpoint Cybersecurity GmbH
- Policy vs Standard vs Procedure: why, what, how
- Comparing Annex A in ISO/IEC 27001:2013 vs. ISO/IEC 27001:2022
- NIS2 Fulfillment through TISAX Assessment and ISA6
- Guide for delivering frequently software features that matter (series) #2/2: Challenges and the path forward
- Guide for delivering frequently software features that matter (series) #1/2: the Pillars of successful frequent delivery
- Guide for delivering frequently software features that matter (series)
- Beyond “Move Fast and Fail Fast”: Balancing Speed, Security, and … Sanity in Software Development (with Podcast)
- Project management with Scrum (with Podcast)
- Comparing “Records of Processing Activities” (ROPA) and “Data Protection Impact Assessments” (DPIA) (with Podcast)
- AI vs. (secure) software developers
Policy vs Standard vs Procedure: why, what, how
/in EducationalEver wondered what the differences between these terms are? We use them in GRC very often, but we rarely think what they mean. This creates in time some stretching of these concepts, meaning that their meanings overlap to a certain degree. A Policy is a high-level, mandatory statement of principles and intent. A Standard […]
Comparing Annex A in ISO/IEC 27001:2013 vs. ISO/IEC 27001:2022
/in EducationalI wrote ages ago this article, where I compared briefly the Annex A in the two versions of the standard: https://www.sorinmustaca.com/annex-a-of-iso-27001-2022-explained/ But, I feel that there is still need to detail a bit the changes, especially that now more and more business are forced to re-audit for the newer standard. Overview of Annex A […]
NIS2 Fulfillment through TISAX Assessment and ISA6
/in EducationalENX has released an interesting article about how NIS2 requirements map to TISAX requirements. For this, there is a short introductory article called “TISAX and Cybersecurity in Industry – Expert Analysis Confirms NIS2 Coverage” and and a full article of 75 pages : https://enx.com/TISAX-NIS2-en.pdf An analysis conducted within ENX’s expert working groups examined how well […]
Guide for delivering frequently software features that matter (series) #2/2: Challenges and the path forward
/in EducationalClick below for the podcast version (AI generated): https://www.sorinmustaca.com/wp-content/uploads/2025/05/Guide-for-delivering-2.mp3 Challenges that stop teams to deliver and how to solve them Objection 1: “Our features are too complex for short sprints” This is the most common objection I hear, and it reveals a fundamental misunderstanding. The solution isn’t longer sprints or more sprints — it’s better […]
Guide for delivering frequently software features that matter (series) #1/2: the Pillars of successful frequent delivery
/in EducationalClick below for the podcast version (AI generated): https://www.sorinmustaca.com/wp-content/uploads/2025/05/guide-for-delivering-1.mp3 Guide for delivering frequently software features that matter: the three Pillars of successful frequent delivery If you’re a software engineer older than 30 years, then you definitely have worked following a non-agile methodology. Those methodologies are based on a fixed structure, a lot of planning, and […]