Andrey Prozorov on LinkedIn: ISO 27001 vs NIST CSF 2.0 (2024)

The new version (8.1) of the CIS Critical Security Controls is available - https://lnkd.in/dGGFhN8vThe following updates:1. Realigned NIST CSF security function mappings to match NIST CSF 2.02. Included new and expanded glossary definitions for reserved words used throughout the Controls (e.g., plan, process, sensitive data)3. Revised asset classes, alongside new mappings to Safeguards4. Fixed minor typos in Safeguard descriptions5. Added clarification to a few anemic Safeguard descriptionsOne key improvement to CIS Controls v8.1 mapping is the addition of the “Governance” security function. Effective governance provides the structure needed to steer a cybersecurity program toward achieving their enterprise goals. The Controls were designed to be comprehensive enough to protect and defend cybersecurity programs for any size enterprise, while being prescriptive enough to ease implementation. With the update to CIS Controls v8.1, governance topics are now specifically identified as recommendations that can be implemented to enhance the governance of a cybersecurity program.#cybersecurity #cis #ciscontrolsP.S. My collection of cybersecurity, privacy, risk and project management mindmaps (standards and best practices) - https://lnkd.in/dRnn_Ng5

104

5 Comments

Why SAST + DAST can't be enough - https://lnkd.in/dUb7sxMnStatic and dynamic app testing are cornerstones for any comprehensive AppSec program, yet they rarely rise up to the challenges of fully securing modern software. Discover why secrets are one of their critical blind spots.#sast #dast #cybersecurity #appsec #devsecops #development

24

1 Comment

NIS2 Directive Reference Guide#nis2 #nis2directive #cybersecurity #europeNIS2 seeks to further enhance the work started in the NIS Directive to create a more resilient and secure cyber security environment within the European Union.__________P.S. Have you seen my NIS2-related documents on Patreon? - https://lnkd.in/d-TUuk5N

140

5 Comments

Third-Party Risk Management: good practices according to EU legislation (GDPR, NIS2, Data Governance Act & DORA)#dora #nis2 #DGA #tprm #cybersecurity

95

4 Comments

🇪🇺 EU DORA Implementation Checklist by XM Cyber - https://lnkd.in/dZsgWa3bThe Digital Operational Resilience Act (Regulation (EU) 2022/2554) addresses the topic of digital operational resilience for financial services. The DORA represents the EU’s most important regulatory initiative on operational resilience and cybersecurity.DORA has been designed to help Financial institutions maintain full control over Information and Communication Technology (ICT) risk, to establish comprehensive capabilities that have a positive effective ICT risk management. As well as specific mechanisms and policies for handling all ICT-related incidents and for reporting major ICT-related incidents. Likewise, financial institutes should have policies in place for the testing of ICT systems, controls, and processes, as well as for managing ICT third-party risk.#dora #eudora #ict #riskmanagement #grc #compliance #fintech

66

1 Comment

Digital Operational Resilience Act (DORA): Navigating the new regulatory landscape#DORA #EUDORA #cybersecurity #resilience #fintechDORA aims to provide for further harmonisation of the existing rules as well as to bring the EU regulatory framework on digital operational resilience in the financial sector onto the highest legislative footing – a directly applicable EU Regulation, leaving no space for national divergences in interpretation and transposition at the Member State level. Due to become operational on 17 January 2025, DORA puts new obligations on management of information communication technology (ICT) risks, ICT incidents and shortfalls, that financial institutions from almost every corner of the financial services industry will be required to comply with.

134

2 Comments

One of the challenges of implementing EU DORA is the large number of additional official recommendations available, comprising 20+ technical standards and guidelines totalling over 1,500 pages. To work with them efficiently, I have prepared a mindmap and made a mapping with the EU DORA domains ("pillars"):0. Governance - Governance and organisation1. ICT RMF - ICT risk management framework2. ICT IM - ICT-related incident management, classification and reporting3. DORT - Digital operational resilience testing4. ICT TPRM - Managing of ICT third-party risk5. ISA - Information-sharing arrangementsAll documents and links are available, as usual, on Patreon - https://lnkd.in/drarG__G__________P.S. You can also download all of my DORA-related documents - https://lnkd.in/dfiUYiPs1. EU DORA, mindmap2. EU DORA Guides and Links3. The full list of the DORA requirements for financial entities4. EU DORA and ISO 270015. Incident classification: PSD2 and DORA6. NIS 2 vs DORA7. EU DORA: ICT third-party risk management, mindmap 8. EU DORA: Register of information (contractual arrangements)9. EU DORA: Register of information, the official exercise10. EU DORA: An extended list of documents by types11. EU DORA: Technical Standards and Guidelines 12. EU DORA: Checklist on Internal Governance#dora #eudora #grc #compliance #fintech

35

1 Comment