Tag: Sorin Mustaca on Cybersecurity

Understanding NIS2 and DORA: What executives need to know

These days businesses are subject to increasing regulatory scrutiny, particularly regarding cybersecurity and operational resilience. Two significant EU regulations, NIS2 (Network and Information Systems Directive 2) and DORA (Digital Operational Resilience Act), outline mandatory requirements for organizations. Failure to comply…

How-To create Security User Stories

In the previous article, we explored how Scrum enables teams to add security to the backlog and prioritize it based on risk. Incorporating security into the SDLC ensures that security is not an afterthought but an integral part of the…

Delivering secure software in an agile way

  Agile Software Development: Why It’s Better Traditional development methodologies, such as the Waterfall model, struggle to keep up with the need for quick iterations, frequent releases, and adaptability to changing requirements. Agile software development addresses these challenges by emphasizing…

Understanding Defense in Depth in IT Security

The recent outage caused by Crowdstrike’s faulty update has create a lot of discussions. I wrote a post on LinkedIn where I asked the readers why are IT professionals using Crowdstrike on some systems that shouldn’t be in need of…

ISO 27001:2022 and TISAX: overlaps and differences

Introduction ISO 27001:2022 and TISAX VDA ISA 6.0 are two prominent standards in the realm of information security management, particularly within the automotive industry. While ISO 27001 provides a global framework for establishing, implementing, maintaining, and continually improving an information…

Understanding the SOC 2 Certification

Introduction SOC 2 (Service Organization Control 2) certification is a framework designed by the American Institute of CPAs (AICPA) to help organizations manage customer data based on five Trust Service Criteria: , confidentiality,processing integrity, availability, security and privacy. This certification…

Introduction to CISA’s Secure by Design Initiative

  What is Secure by Design? Secure by Design products are those where the security of the customers is a core business requirement, not just a technical feature. Secure by Design principles should be implemented during the design phase of…

Implementing ISO 27001:2022 Annex A.18 – Compliance

We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we end the series with ISO 27001:2022 Annex A.18, “Compliance”, which addresses the importance of ensuring that organizations comply with…

NIS-2: 10 common misconceptions about the regulation

We wrote here about NIS2 and we will continue to add more content about it. Because we are getting closer to October 17th, many people are getting more and more nervous about NIS2. Despite its significance, there are numerous misconceptions…

Google Ads for Bitbucket.org – malvertising at its best

  What is it? Malvertising : Malware delivered through  Advertising. These corrupted ads are designed to appear legitimate but they may serve malicious code, which can infect a user’s device simply through viewing or clicking on the ad. Malvertising exploits…

Understanding ISO 27001:2022 Annex A.13 – Communications Security

We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.13, “Communications Security”, which addresses the importance of securing information during its transmission over communication networks.…

Understanding ISO 27001:2022 Annex A.12 – Operations Security

We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.12, “Operations Security”, which focuses on ensuring secure operations of information systems and assets. This annex provides…

Understanding ISO 27001:2022 Annex A.10 – Cryptography

We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.10, “Cryptography”, which plays a vital role in ensuring the confidentiality, integrity, and authenticity of sensitive information.…

Understanding ISO 27001:2022 Annex A.9 – Access Control

We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.9, “Access Control”. Access control is a fundamental component of information security management systems (ISMS). It…

Understanding ISO 27001-2022 Annex A.9 – Access Control

We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.9, “Access Control”. Access control is a fundamental component of information security management systems (ISMS). It…

Understanding ISO 27001:2022 Annex A.8 – Asset Management

  ISO 27001:2022 Annex A.8, “Asset Management,” addresses the importance of identifying, classifying, and managing information assets within an organization. This annex emphasizes the need for organizations to establish processes for inventorying assets, assessing their value, and implementing appropriate controls…

ISO 27001:2022: chapter by chapter description

I’ve been asked many times by customers, especially those in automotive industry, who deal with the TISAX certification, which is based on ISO 27001,  if I can make them a summary of the ISO 27001 standard. It turns out that…

The ISO 27000 family of protocols and their role in cybersecurity

The ISO 27000 family of protocols represent a series of standards developed by the International Organization for Standardization (ISO) to address various aspects of information security management. These standards provide a framework for organizations to establish, implement, maintain, and continually…

TISAX: new Catalogue ISA v6 available

This post is more for me to quicker find the details. Source: ISA Version 6 Now Available · ENX Portal Here is a summary ISA 6: The latest version of the ISA catalogue, published in October 2023, with many changes and…

Thoughts on AI and Cybersecurity

Being an CSSLP gives me access to various emails from (ISC)2. One of these announced me that there is a recording of a webinar about AI and Cybersecurity held by Steve Piper from CyberEdge. Very nice presentation of 1h, and…

NIS2: 2.Designate a responsible person or team

We wrote here https://www.sorinmustaca.com/how-to-nis2-eu-directive/ that the second step in implementing NIS2 requirements is to designate a responsible person or team. Appointing an individual or a team responsible for overseeing the implementation of the NIS2 directive within your company is critical to…

NIS2: 1. Perform a gap analysis

We wrote here https://www.sorinmustaca.com/how-to-nis2-eu-directive/ that the first step in implementing NIS2 requirements is to perform a gap analysis.   The most critical part when performing a gap analysis is to define upfront against which standard or security framework are you…

How-To: NIS2 EU Directive

The NIS2 Directive is a European Union legislative text on cybersecurity that supersedes the first NIS (Network and Information Security) Directive, adopted in July 2016. NIS vs. NIS2 While the first NIS (Network and Information Security) Directive increased the Member…

Executive summary: NIS2 Directive for the EU members

The NIS 2 Directive is a set of cybersecurity guidelines and requirements established by the European Union (EU) . It replaces and repeals the NIS Directive (Directive 2016/1148/EC) . The full name of the directive is “Directive (EU) 2022/2555 of the European…

Strengthening the Security of Embedded Devices

Embedded devices are specialized computing systems designed to perform specific tasks or functions within a larger system. Unlike general-purpose computers, embedded devices are typically integrated into other devices or systems and are dedicated to carrying out a specific set of…

The Importance of Training Employees in Cybersecurity

In today’s increasingly interconnected world, cyber threats pose a significant risk to businesses of all sizes. As technology advances, cybercriminals become more sophisticated, making it imperative for organizations to prioritize cybersecurity measures. While investing in robust infrastructure and advanced tools…

I’ve been asked many times what are the steps to build your own business. This is not a post about “how to…”, the Internet and LinkedIn is full of them,  but more like a checklist with things you should consider…

ChatGPT and copywriting

I received a spam and the guy offered to have my corporate site re-written. He sent me an example of how it be like in a Google Docs document. The text was very artificial, kind of those written by ChatGPT…

I am worried: AV-Comparatives tests of Business Security products

Av-Comparatives did a long-term test of security Business Products. The details can be seen here: https://www.av-comparatives.org/tests/business-security-test-august-september-2022-factsheet/ Initially, I wanted to write about this test because I was surprised to see how well Microsoft Defender performed. But then, I started to…

I am worried: AV-Comparatives tests of Business Security products

Av-Comparatives did a long-term test of security Business Products. The details can be seen here: https://www.av-comparatives.org/tests/business-security-test-august-september-2022-factsheet/ Initially, I wanted to write about this test because I was surprised to see how well Microsoft Defender performed. But then, I started to…

I am worried: AV-Comparatives tests of Business Security products

Av-Comparatives did a long-term test of security Business Products. The details can be seen here: https://www.av-comparatives.org/tests/business-security-test-august-september-2022-factsheet/ Initially, I wanted to write about this test because I was surprised to see how well Microsoft Defender performed. But then, I started to…

(ISC)2 certification counts – how many CSSLP are out there?

This article has been indexed from Sorin Mustaca on Cybersecurity (ISC)2 maintains this page https://www.isc2.org/member-counts.aspx# with the counts of all certifications per country. I wrote before about this here https://www.sorinmustaca.com/how-many-certified-secure-software-lifecycle-professionals-are-out-there/, but this was back in 2013 (1.5 years after I…

Cyber Monday – enjoy the discounts safe !

This article has been indexed from Sorin Mustaca on Cybersecurity Today is Cyber Monday , a day when all webshops (and not only)  give big discounts to many products they sell. Even if the discount campaigns of some webshops are…

ENISA: ADVANCING SOFTWARE SECURITY IN THE EU

This article has been indexed from Sorin Mustaca on Cybersecurity While I was looking after some resources for a presentation, I found this interesting lecture from ENISA.   Advancing Software Security in the EU Download PDF document, 622 KB This…

The importance of user names in WordPress

This article has been indexed from Sorin Mustaca on Cybersecurity I have a plugin that prevents multiple unsuccessful logins. As can be seen, the spammers try several combinations like: admin (the default), then site name, and several others. It is…

BSI: Die Lage der IT-Sicherheit in Deutschland (German)

This article has been indexed from Sorin Mustaca on Cybersecurity Quelle: https://www.bsi.bund.de/DE/Service-Navi/Publikationen/Lagebericht/lagebericht_node.html   Malwarelage: Das vergangene Jahr war geprägt von einer deutlichen Ausweitung cyber-krimineller Erpressungsmethoden. Nicht nur die Anzahl der Schadprogramm-Varianten stieg zeitweise rasant an – mit bis zu 553.000…

CSSLP re-certified until 2024

This article has been indexed from Sorin Mustaca on Cybersecurity ISC2 requires a recertification every 3 years. For this, you need to pay your fees and to make proof that you were active in the profession. This can be done…

CSSLP re-certified until 2024

This article has been indexed from Sorin Mustaca on Cybersecurity ISC2 requires a recertification every 3 years. For this, you need to pay your fees and to make proof that you were active in the profession. This can be done…

Twitter is strange when it comes to business accounts

Read the original article: Twitter is strange when it comes to business accounts I created my company’s Twitter account, called  @EndpointCS . Obviously, I tried to add the birth date of the company: 1.1.2015. Well, imagine what happened next with…

Speaking at the Virus Bulletin Conference 2020: ‘One year later: Challenges for young anti-malware products today’

Read the original article: Speaking at the Virus Bulletin Conference 2020: ‘One year later: Challenges for young anti-malware products today’ Source: https://vblocalhost.com/presentations/one-year-later-challenges-for-young-anti-malware-products-today/ A year ago, at VB2019 we presented for the first time an overview of how the anti-malware world…

Facebook advertising at its best

Read the original article: Facebook advertising at its best It is known that the Facebook advertising is very aggressive sometimes and that it very often fails. Very often I find strange ads and I click on the details in order…

A brief history of software vulnerabilities in vehicles

Read the original article: A brief history of software vulnerabilities in vehicles Car Hacking News Timeline 2017-2019 [1] 2019: Hack of an OEM’s automotive cloud via third-party services and tier-1 supplier network 2019: Memory vulnerability at a cloud provider exposed…

A brief history of software vulnerabilities in vehicles

Read the original article: A brief history of software vulnerabilities in vehicles Car Hacking News Timeline 2017-2019 [1] 2019: Hack of an OEM’s automotive cloud via third-party services and tier-1 supplier network 2019: Memory vulnerability at a cloud provider exposed…

People have started to read more about security !

Remember by Free eBook “Improve your security” available for free at https://www.improve-your-security.org ? It looks like I started to get more customers since the Corona Pandemic.     There are almost 1000 readers ! Go ahead and download your copy…

How to stay safe when being exclusively online

EN https://www.europol.europa.eu/sites/default/files/documents/safe-at-home_final.pdf DE https://www.europol.europa.eu/sites/default/files/documents/safe-at-home_de.pdf RO https://www.europol.europa.eu/sites/default/files/documents/safe-at-home_ro.pdf More here: https://www.europol.europa.eu/activities-services/public-awareness-and-prevention-guides/make-your-home-cyber-safe-stronghold    Recommendations: Wi-Fi: always change the default router password Install antivirus software on all devices connected to the internet Choose strong and different passwords  for your email and social media accounts…

Nigerian Scam ? No, COVID-19 scam, from China

I sometimes can’t stop to ask myself if the scammers are actually human beings with feelings of loss and tragedy and if they have the same concerns as the normal citizens. I guess they are not, because otherwise you can’t…