Document classification
Do you classify your documents? Here’s what you should consider!
Do you classify your documents? Here’s what you should consider!
Enjoy the Easter weekend!If you haven’t done yet, this weekend could be an opportunity to update your passwords / authentication methods. Remember those 3 basic measures:
In discussions with manufacturers about the Cyber Resilience Act, one recurring theme is: “Compliance is expensive.” True, implementing CRA requirements does require significant investment. However, the costs of non-compliance and incidents can be far greater – and the financial risks are often underestimated. What I’ve observed in practice: Many manufacturers focus solely on the upfront…
An attack on the software build pipeline can to some degree be compared to an attack on your supply chain. Your code can be 100% reviewed, but still the end product will contain malicious code – a very dangerous situation. Defending software build pipelines from malicious attack – NCSC.GOV.UK
Most CRA conversations I have right now orbit around December 2027. That’s the wrong date to focus on first. Article 14 of the CRA – the reporting obligation for actively exploited vulnerabilities and severe incidents – applies from 11.09.2026. That’s roughly 5 months from now. And 15 months before the rest of the regulation kicks…
Cables for GSM-R were intentionally cut this morning in northern Germany. This is a very serious incident and has to be carefully investigated with regard to the motivation of the attackers. Link to article of German newspaper “Die Zeit” (08.10.2022)