Audit on Digitaliziran si

EU Cybersecurity Package and NIS2: What InfoSec Professionals Need to Know

Tue, 10 Feb 2026 09:00:00 +0000

As someone tracking EU regulatory developments alongside ISO compliance and cryptography standards, the revised Network and Information Security Directive (NIS2) represents the most comprehensive update to European cybersecurity requirements since the original 2016 directive. What makes this particularly relevant for InfoSec professionals is the explicit integration of post-quantum cryptography timelines into regulatory frameworks - a recognition that the threat landscape is evolving faster than many organizations realize.

Understanding the NIS2 Reforms

The revised NIS2 directive aims to clarify scope, enhance legal certainty, and promote EU-wide standards across 18 critical sectors. The reforms address three areas that will directly impact operational security:

The Silent Standard: Why ISO/IEC 42005 Could Be Your Agentic AI Safety Net

Thu, 14 Aug 2025 09:32:47 +0000

Are you prepared for the autonomous AI revolution that’s already knocking at your door? While Gartner identifies agentic AI as a strategic trend for 2025, there’s a critical piece of the puzzle that most professionals are overlooking: ISO/IEC 42005:2025.

The Agentic AI Reality Check

Agentic AI systems don’t just respond to prompts - they plan, execute, and act autonomously based on their environment. Think of them as digital employees who can book meetings, analyze data, and make decisions without constant supervision. But here’s the uncomfortable truth: this autonomy comes with unprecedented risks.

Post-Quantum Cryptography: Why the Threat is Already Here

Mon, 04 Aug 2025 10:55:00 +0000

A Practical Guide for InfoSec Professionals and Auditors

As someone working daily with ISO standards and AI governance frameworks, I’ve been closely following NIST’s post-quantum cryptography (PQC) standardization process. What I’ve discovered should concern every InfoSec professional: the threat to our current encryption isn’t waiting for some hypothetical quantum computer. It’s already growing in GPU farms around the world.

In this guide, I’ll break down what you need to know about post-quantum cryptography without the complex mathematics. More importantly, I’ll explain why this matters for your organization today, not in some distant quantum future.

Amazon's AI Assistant Nearly Wiped Developer Systems for 5 Days – Are Your Access Controls Ready?

Tue, 29 Jul 2025 19:14:46 +0000

Picture this scenario: You’re working late, relying on your trusted AI coding assistant to help debug a critical application. Unknown to you, that same assistant has been compromised and is quietly preparing to execute commands that could wipe your entire development environment – both local files and cloud infrastructure.

This isn’t a hypothetical nightmare. It actually happened to Amazon Q Developer Extension users for five consecutive days, and the implications should make every Chief Information Security Officer (CISO) reassess their AI integration strategies immediately.

Your AI Procurement Strategy Could Be Your Biggest Compliance Risk: What Financial Services Must Know

Tue, 01 Jul 2025 15:15:00 +0000

Are you rushing to procure AI solutions for your financial services firm without considering the legal minefield you’re entering? While competitors scramble to deploy the latest AI tools, smart institutions are discovering that procurement strategy - not just implementation - determines compliance success.

Most financial institutions approach AI procurement like any other technology purchase. This is a critical mistake. Unlike traditional software, AI systems in financial services must navigate an intricate web of regulations including the General Data Protection Regulation (GDPR) - the EU’s comprehensive data privacy law that governs how personal information must be handled - Digital Operational Resilience Act (DORA) - a new EU regulation requiring financial institutions to strengthen their digital resilience against cyber threats - and emerging AI-specific legislation like the EU AI Act.

Are Your AI Embeddings as Secure as You Think?

Thu, 12 Jun 2025 15:49:06 +0000

Are you confident that your organization’s AI embeddings are protecting sensitive information? A groundbreaking new research paper reveals a troubling reality: what you thought was secure data representation might be an open book to determined attackers.

What are AI embeddings? For readers new to this concept, embeddings are numerical representations that convert complex data like text, images, or audio into mathematical vectors that AI systems can process. Think of them as a way to translate human-readable information into a language that machines understand.

Secure Minions: The Game-Changer That Could Revolutionize Your AI Privacy Strategy

Mon, 09 Jun 2025 10:34:00 +0000

Are you unknowingly exposing your sensitive data every time you use cloud-based AI? A groundbreaking collaboration between Ollama and Stanford’s Hazy Research might have just solved one of AI’s most pressing privacy dilemmas.

The Privacy Problem You Didn’t Know You Had

Every time your organization sends data to cloud-based frontier models like GPT-4 or Claude, you’re essentially handing over your sensitive information to third parties. For businesses handling confidential data, this creates a compliance nightmare and potential security breach waiting to happen.

Are Your IT Audits Ready for the AI Revolution? Five Game-Changing Applications You Can't Ignore

Fri, 06 Jun 2025 10:12:00 +0000

Are you still conducting IT audits the traditional way while your competitors leverage artificial intelligence to uncover risks you might miss? A recent ISACA analysis reveals five transformative applications of AI in IT auditing that could revolutionize how you approach risk assessment and compliance.

The AI Audit Advantage: Beyond Human Limitations

Traditional auditing methods, while thorough, face inherent constraints: time limitations, human error, and the sheer volume of data in modern organizations. AI transforms these challenges into opportunities through risk analysis automation, intelligent evidence collection, continuous controls testing, real-time assurance monitoring, and comprehensive process automation.