Category: Endpoint Cybersecurity GmbH

Understanding Defense in Depth in IT Security

The recent outage caused by Crowdstrike’s faulty update has create a lot of discussions. I wrote a post on LinkedIn where I asked the readers why are IT professionals using Crowdstrike on some systems that shouldn’t be in need of…

Understanding the SOC 2 Certification

Contents Toggle Introduction Comparison of Various SOC Certification Versions SOC 1 (Service Organization Control 1) SOC 2 (Service Organization Control 2) Who Should Certify? Why Certify? What Is Certified? Topics Verified in SOC 2 Certification 1. Security 2. Availability 3.…

Understanding ISO 27001:2022 Annex A.8 – Asset Management

  ISO 27001:2022 Annex A.8, “Asset Management,” addresses the importance of identifying, classifying, and managing information assets within an organization. This annex emphasizes the need for organizations to establish processes for inventorying assets, assessing their value, and implementing appropriate controls…

ISO 27001:2022: chapter by chapter description

Contents Toggle What’s New in ISO 27001:2022 Chapter 1-3: Scope, Normative References and  Terms and Definitions Chapter 4: Context of the Organization Goal Actions Implementation Chapter 5: Leadership Goal Actions Implementation Chapter 6: Planning Goal Actions Implementation Chapter 7: Support…

The ISO 27000 family of protocols and their role in cybersecurity

The ISO 27000 family of protocols represent a series of standards developed by the International Organization for Standardization (ISO) to address various aspects of information security management. These standards provide a framework for organizations to establish, implement, maintain, and continually…

Thoughts on AI and Cybersecurity

Being an CSSLP gives me access to various emails from (ISC)2. One of these announced me that there is a recording of a webinar about AI and Cybersecurity held by Steve Piper from CyberEdge. Very nice presentation of 1h, and…

Authentication vs. Authorization

These two fundamental concepts play a pivotal role in ensuring the integrity and security of digital systems. While these terms are often used interchangeably, they represent distinct and equally essential aspects in the world of identity and access management (IAM),…

NIS2: 3.Establish a cybersecurity framework

We wrote here https://www.sorinmustaca.com/how-to-nis2-eu-directive/ that the 3rd  step in implementing the requirements of the directive is to establish a cybersecurity framework. If you haven’t read what a cybersecurity framework means, then you should read article: https://www.sorinmustaca.com/demystifying-cybersecurity-terms-policy-standard-procedure-controls-framework/ .   Establishing a…

How to implement an Information Security Management System (ISMS)

We wrote here https://www.sorinmustaca.com/how-to-nis2-eu-directive/ that the 3rd  step in implementing the requirements of the directive is to establish a cybersecurity framework. If you haven’t read what a cybersecurity framework means, then you should read article: https://www.sorinmustaca.com/demystifying-cybersecurity-terms-policy-standard-procedure-controls-framework/ . An ISMS is…

NIS2: 2.Designate a responsible person or team

We wrote here https://www.sorinmustaca.com/how-to-nis2-eu-directive/ that the second step in implementing NIS2 requirements is to designate a responsible person or team. Appointing an individual or a team responsible for overseeing the implementation of the NIS2 directive within your company is critical to…

NIS2: 1. Perform a gap analysis

We wrote here https://www.sorinmustaca.com/how-to-nis2-eu-directive/ that the first step in implementing NIS2 requirements is to perform a gap analysis.   The most critical part when performing a gap analysis is to define upfront against which standard or security framework are you…

How-To: NIS2 EU Directive

The NIS2 Directive is a European Union legislative text on cybersecurity that supersedes the first NIS (Network and Information Security) Directive, adopted in July 2016. NIS vs. NIS2 While the first NIS (Network and Information Security) Directive increased the Member…

Executive summary: NIS2 Directive for the EU members

The NIS 2 Directive is a set of cybersecurity guidelines and requirements established by the European Union (EU) . It replaces and repeals the NIS Directive (Directive 2016/1148/EC) . The full name of the directive is “Directive (EU) 2022/2555 of the European…

Strengthening the Security of Embedded Devices

Embedded devices are specialized computing systems designed to perform specific tasks or functions within a larger system. Unlike general-purpose computers, embedded devices are typically integrated into other devices or systems and are dedicated to carrying out a specific set of…

The Importance of Training Employees in Cybersecurity

In today’s increasingly interconnected world, cyber threats pose a significant risk to businesses of all sizes. As technology advances, cybercriminals become more sophisticated, making it imperative for organizations to prioritize cybersecurity measures. While investing in robust infrastructure and advanced tools…