We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. We start today with ISO 27001:2022 Annex A.6, “Organization of Information Security”, which outlines requirements for establishing an effective management framework to…
Tag: Sorin Mustaca on Cybersecurity
Understanding ISO 27001:2022 Annex A.5 – Information Security Policies
We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. We start today with A.5. Information Security Policies. Importance of Information Security Policies Information security policies are crucial…
Annex A of ISO 27001:2022 explained and tips to prepare for an audit
We wrote in the previous article ISO 27001:2022: chapter by chapter description about ISO 27001:2022 Annex A. Annex A of ISO 27001:2022 is a vital component of the standard, outlining a comprehensive set of controls that organizations can implement to mitigate…
Annex A of ISO 27001:2022 explained and tips to prepare for an audit
We wrote in the previous article ISO 27001:2022: chapter by chapter description about ISO 27001:2022 Annex A. Annex A of ISO 27001:2022 is a vital component of the standard, outlining a comprehensive set of controls that organizations can implement to mitigate…
ISO 27001:2022: chapter by chapter description
I’ve been asked many times by customers, especially those in automotive industry, who deal with the TISAX certification, which is based on ISO 27001, if I can make them a summary of the ISO 27001 standard. It turns out that…
The ISO 27000 family of protocols and their role in cybersecurity
The ISO 27000 family of protocols represent a series of standards developed by the International Organization for Standardization (ISO) to address various aspects of information security management. These standards provide a framework for organizations to establish, implement, maintain, and continually…
Risk Assessment of AWS services used in building a resilient Web App on AWS
We wrote here in the article “Building Resilient Web Applications on AWS: A Comprehensive Approach to Security” how to use certain AWS services to implement a resilient web based application. The services mentioned require also a brief analysis in respect to…
Building Resilient Web Applications on AWS: A Comprehensive Approach to Security
I have been asked by friends and customers what is the best way to implement a web based application with minimum costs and good security. Of course, the best way is to define exactly what you want to achieve…
Building Resilient Web Applications on AWS: A Comprehensive Approach to Security
I have been asked by friends and customers what is the best way to implement a web based application with minimum costs and good security. Of course, the best way is to define exactly what you want to achieve…
TISAX: new Catalogue ISA v6 available
This post is more for me to quicker find the details. Source: ISA Version 6 Now Available · ENX Portal Here is a summary ISA 6: The latest version of the ISA catalogue, published in October 2023, with many changes and…
Evolving beyond your core expertise: it’s time to add security
This post is for creators of digital services like optimization tools, VPN solutions, Backup and Disaster Recovery tools, Parental control tools, Identity protection tools, Privacy tools, Email clients, Browsers and many others. Your products are doing a good job in…
Evolving beyond your core expertise: it’s time to add security
This post is for creators of digital services like optimization tools, VPN solutions, Backup and Disaster Recovery tools, Parental control tools, Identity protection tools, Privacy tools, Email clients, Browsers and many others. Your products are doing a good job in…
Balancing functionality and privacy concerns in AI-based Endpoint Security solutions
The integration of Artificial Intelligence (AI) in endpoint security has revolutionized the way organizations protect their devices and data. Ok, let’s take a break here: have you read the article about Artificial Intelligence vs. Machine Learning ? By leveraging…
Artificial Intelligence vs. Machine Learning
I will write in the future a lot about AI and ML with focus on cybersecurity. I will mix AI and ML and other terms quite a lot, so I think it is necessary to have a base from where…
Thoughts on AI and Cybersecurity
Being an CSSLP gives me access to various emails from (ISC)2. One of these announced me that there is a recording of a webinar about AI and Cybersecurity held by Steve Piper from CyberEdge. Very nice presentation of 1h, and…
Zero Trust in Cybersecurity: from myth to the guide
Every single day I read news on various portals and on LinkedIn and I encounter a lot of buzz words. Most of the time I just smile recognizing the marketing b**it, and continue to scroll… This time, I found an…
NIS2: 2.Designate a responsible person or team
We wrote here https://www.sorinmustaca.com/how-to-nis2-eu-directive/ that the second step in implementing NIS2 requirements is to designate a responsible person or team. Appointing an individual or a team responsible for overseeing the implementation of the NIS2 directive within your company is critical to…