Endpoint Cybersecurity GmbH
- Accelerating feature delivery in software development
- How-To create Security User Stories
- Delivering secure software in an agile way
- Understanding Defense in Depth in IT Security
- ISO 27001:2022 and TISAX: overlaps and differences
- Understanding the SOC 2 Certification
- Introduction to CISA’s Secure by Design Initiative
- Implementing ISO 27001:2022 Annex A.18 – Compliance
- Maping NIS2 requirements to the ISO 27001:2022 framework
- Implementing ISO 27001:2022 Annex A.17 – Information Security Aspects of Business Continuity Management
Thoughts on AI and Cybersecurity
/in EducationalBeing an CSSLP gives me access to various emails from (ISC)2. One of these announced me that there is a recording of a webinar about AI and Cybersecurity held by Steve Piper from CyberEdge. Very nice presentation of 1h, and I found out that there is a sequel to that on November 1st. So, following […]
Authentication vs. Authorization
/in EducationalThese two fundamental concepts play a pivotal role in ensuring the integrity and security of digital systems. While these terms are often used interchangeably, they represent distinct and equally essential aspects in the world of identity and access management (IAM), which safeguards sensitive information and resources . Executive summary Authentication confirms that users are who they […]
Demystifying cybersecurity terms: Policy, Standard, Procedure, Controls, Framework, Zero Trust
/in EducationalI am often asked what is the difference between Policy, Standard, Procedure in cybersecurity. Well, here it is: 1. Cybersecurity Standard A cybersecurity standard is a set of guidelines, criteria, or best practices that organizations follow to ensure that their security controls and procedures align with industry standards or regulatory requirements. Standards provide a benchmark […]
Zero Trust in Cybersecurity: from myth to the guide
/in EducationalEvery single day I read news on various portals and on LinkedIn and I encounter a lot of buzz words. Most of the time I just smile recognizing the marketing b**it, and continue to scroll… This time, I found an article from the Germany’s Federal Bureau of Information Security (BSI) and it was about Zero […]
NIS2: 3.Establish a cybersecurity framework
/in EducationalWe wrote here https://www.sorinmustaca.com/how-to-nis2-eu-directive/ that the 3rd step in implementing the requirements of the directive is to establish a cybersecurity framework. If you haven’t read what a cybersecurity framework means, then you should read article: https://www.sorinmustaca.com/demystifying-cybersecurity-terms-policy-standard-procedure-controls-framework/ . Establishing a cybersecurity framework is critically important for organizations of all sizes and types because it is […]