Article Cybersecurity ECS General Security SSDLC

Accelerating feature delivery in software development

My company develops security products for all major operating systems. We work with startups and with big companies, all striving to develop features (functional and non-functional) as fast and as good as possible. While on the first view this seems like a contradiction, there are actually ways of implementing exactly this. For security software development […]

agile CSSLP ECS Educational Security SSDLC

Delivering secure software in an agile way

  Agile Software Development: Why It’s Better Traditional development methodologies, such as the Waterfall model, struggle to keep up with the need for quick iterations, frequent releases, and adaptability to changing requirements. Agile software development addresses these challenges by emphasizing flexibility, collaboration, and continuous delivery. Agile methodologies break down the development process into smaller, manageable […]

Article Cybersecurity ECS Educational ISMS ISO 27001 Security TISAX

ISO 27001:2022 and TISAX: overlaps and differences

Introduction ISO 27001:2022 and TISAX VDA ISA 6.0 are two prominent standards in the realm of information security management, particularly within the automotive industry. While ISO 27001 provides a global framework for establishing, implementing, maintaining, and continually improving an information security management system (ISMS), TISAX (Trusted Information Security Assessment Exchange), based on the VDA ISA […]

Cybersecurity ECS Educational ISO 27001 Security

Understanding ISO 27001:2022 Annex A.11 – Physical and Environmental Security

We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.11, “Physical and Environmental Security”, which addresses the importance of protecting physical assets, facilities, and infrastructure that house information systems and assets. This annex provides guidelines for implementing controls to safeguard […]

Cybersecurity ECS Educational ISMS ISO 27001 Security

Understanding ISO 27001:2022 Annex A.9 – Access Control

We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.9, “Access Control”. Access control is a fundamental component of information security management systems (ISMS). It provides guidelines for implementing controls to ensure that only authorized individuals have access to information […]

Article Cybersecurity ECS Educational General Security

Risk Assessment of AWS services used in building a resilient Web App on AWS

We wrote here in the article “Building Resilient Web Applications on AWS: A Comprehensive Approach to Security” how to use certain AWS services to implement a resilient web based application. The services mentioned require also a brief analysis in respect to Security, Confidentiality, Integrity, Availability and Privacy.   CloudTrail AWS CloudTrail records API calls and creates […]

Article Cybersecurity distributed systems ECS Educational Security SSDLC

Building Resilient Web Applications on AWS: A Comprehensive Approach to Security

  I have been asked by friends and customers what is the best way to implement a web based application with minimum costs and good security. Of course, the best way is to define exactly what you want to achieve and let professionals do it, while keeping an eye on the Secure Software Development Lifecycle. […]

Article Cybersecurity ECS Educational privacy Security

Evolving beyond your core expertise: it’s time to add security

This post is for creators of digital services like optimization tools,  VPN solutions, Backup and Disaster Recovery tools, Parental control tools, Identity protection tools, Privacy tools, Email clients, Browsers and many others. Your products are doing a good job in the dynamic landscape of digital services, and it is amazing of how much commitment and […]