We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. We start today with A.5. Information Security Policies. Contents Toggle Importance of Information Security Policies Implementing Annex A.5 in…
Category: Endpoint Cybersecurity GmbH
Annex A of ISO 27001:2022 explained and tips to prepare for an audit
We wrote in the previous article ISO 27001:2022: chapter by chapter description about ISO 27001:2022 Annex A. Annex A of ISO 27001:2022 is a vital component of the standard, outlining a comprehensive set of controls that organizations can implement to mitigate…
ISO 27001:2022: chapter by chapter description
Contents Toggle What’s New in ISO 27001:2022 Chapter 1-3: Scope, Normative References and Terms and Definitions Chapter 4: Context of the Organization Goal Actions Implementation Chapter 5: Leadership Goal Actions Implementation Chapter 6: Planning Goal Actions Implementation Chapter 7: Support…
The ISO 27000 family of protocols and their role in cybersecurity
The ISO 27000 family of protocols represent a series of standards developed by the International Organization for Standardization (ISO) to address various aspects of information security management. These standards provide a framework for organizations to establish, implement, maintain, and continually…
Building Resilient Web Applications on AWS: A Comprehensive Approach to Security
Contents Toggle Securing the Presentation Layer Risk Assessment at the Presentation Layer Security practices Securing the Business Logic Layer Risk Assessment at the Business Logic Layer Securing the Database Level Risk Assessment at the Database Level Continuous Monitoring and Response…
Evolving beyond your core expertise: it’s time to add security
This post is for creators of digital services like optimization tools, VPN solutions, Backup and Disaster Recovery tools, Parental control tools, Identity protection tools, Privacy tools, Email clients, Browsers and many others. Your products are doing a good job in…
Thoughts on AI and Cybersecurity
Being an CSSLP gives me access to various emails from (ISC)2. One of these announced me that there is a recording of a webinar about AI and Cybersecurity held by Steve Piper from CyberEdge. Very nice presentation of 1h, and…
Balancing functionality and privacy concerns in AI-based Endpoint Security solutions
The integration of Artificial Intelligence (AI) in endpoint security has revolutionized the way organizations protect their devices and data. Ok, let’s take a break here: have you read the article about Artificial Intelligence vs. Machine Learning ? By leveraging…
Authentication vs. Authorization
These two fundamental concepts play a pivotal role in ensuring the integrity and security of digital systems. While these terms are often used interchangeably, they represent distinct and equally essential aspects in the world of identity and access management (IAM),…
Authentication vs. Authorization
These two fundamental concepts play a pivotal role in ensuring the integrity and security of digital systems. While these terms are often used interchangeably, they represent distinct and equally essential aspects in the world of identity and access management (IAM),…