ISO 42001: AI Risk Assessment vs. AI System Impact Assessment

1729124030349 1

AI Risk Assessment vs. AI System Impact Assessment: according to ISO 42001 ISO 42001, the international standard for AI management systems, requires organizations to conduct both an AI Risk Assessment and an AI System Impact Assessment. In this article, I would like to discuss the differences between these two assessments and which perspective each assessment […]

Pseudo-IT security – promoted and demanded by the CIO

1720291704492

I recently had an initial meeting with an interested party – a large medium-sized company from the manufacturing industry. The CIO reported that they had already implemented various IT security measures and now felt it was time to have their effectiveness reviewed by an independent body. The specific trigger was a recent ISO 27001 audit, […]

The sense and nonsense of compliance automation platforms

1738318407401

When looking for tools to help you implement ISO 27001 or SOC 2, you will also come across so-called (compliance) automation platforms that promise to take up to 90% of the work off your hands by integrating with your (cloud) services. In this article, I explain why this paints a somewhat too rosy picture. The […]

The dark side of video surveillance: How poorly implemented surveillance jeopardizes IT security

Video Surveillance Risks

Video surveillance is a common means of increasing security in companies. It is intended to prevent theft, protect employees and create a safe working environment overall. But what happens when video surveillance itself becomes a weak point? Poorly implemented surveillance systems can have significant negative effects on IT security and unintentionally reveal sensitive information. Unintentional […]

Bureaucracy in the company, part 98765: Travel expense accounting

1726056114144

I recently met a colleague who is CISO at a large corporation in Germany. In addition to all kinds of technical topics, at some point during the conversation we also got to talking about the administrative processes in his organization. At this point in the conversation, the colleague really vented his frustration: he told me […]

Funding for IT security measures

TEN IM Foerdermittel

Measures in small and medium-sized organisations that serve to increase IT security are often funded by the public sector. In order to strengthen the cyber resilience of these companies, various levels of government in Germany offer funding programmes. These programmes are designed to ease the financial burden of implementing advanced IT security measures and thus […]

Cyber attack with fake invoices

pexels mart production 8872400

Cybercrime only affects the big players? Certainly not! Last week, we witnessed live how an attacker – unfortunately successfully – defrauded the customers of a retailer and stole a considerable amount of money in the process. What happened? Previously unknown perpetrators have forged purchase contracts from a medium-sized trading company and replaced the bank details […]