Introduction SOC 2 (Service Organization Control 2) certification is a framework designed by the American Institute of CPAs (AICPA) to help organizations manage customer data based on five Trust Service Criteria: , confidentiality,processing integrity, availability, security and privacy. This certification…
Category: Sorin Mustaca on Cybersecurity
Introduction to CISA’s Secure by Design Initiative
What is Secure by Design? Secure by Design products are those where the security of the customers is a core business requirement, not just a technical feature. Secure by Design principles should be implemented during the design phase of…
Implementing ISO 27001:2022 Annex A.18 – Compliance
We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we end the series with ISO 27001:2022 Annex A.18, “Compliance”, which addresses the importance of ensuring that organizations comply with…
Maping NIS2 requirements to the ISO 27001:2022 framework
We described here the process needed to perform a gap analysis for NIS2, but we did not add the details on how to approach this. This article references on the ISO27001:2022 series, especially on the description of the Annex A…
Implementing ISO 27001:2022 Annex A.17 – Information Security Aspects of Business Continuity Management
We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.17, “Information Security Aspects of Business Continuity Management” is crucial for organizations to ensure the resilience…
Implementing ISO 27001:2022 Annex A.16 – Information Security Incident Management
We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.16, “Information Security Incident Management” is crucial for organizations to effectively detect, respond to, and recover from…
NIS-2: 10 common misconceptions about the regulation
We wrote here about NIS2 and we will continue to add more content about it. Because we are getting closer to October 17th, many people are getting more and more nervous about NIS2. Despite its significance, there are numerous misconceptions…
Google Ads for Bitbucket.org – malvertising at its best
What is it? Malvertising : Malware delivered through Advertising. These corrupted ads are designed to appear legitimate but they may serve malicious code, which can infect a user’s device simply through viewing or clicking on the ad. Malvertising exploits…
Implementing ISO 27001:2022 Annex A.15 – Supplier Relationships
We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.15, “Supplier Relationships”, which is crucial for organizations in order to ensure the security of information assets…
Understanding ISO 27001:2022 Annex A.14 – System Acquisition, Development, and Maintenance
We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.14, “System Acquisition, Development, and Maintenance”, which addresses the importance of ensuring the security of information…