In recent years, the European Union has significantly strengthened its cybersecurity regulatory framework. NIS2, the Cyber Resilience Act (CRA) and DORA are often discussed together, which leads many organisations to treat them as equivalent. They are not! Each of these regulations addresses different dimensions…
Vulnerability management is far from being a new problem, but even so, it continues to be one of the weakest points in most organisations. There are numerous tools and alerts, but the number of exposed vulnerabilities continues to grow, and incidents continue to…
The European Union has been consolidating a regulatory approach that places digital security at the centre of economic activity. Initiatives such as the Cyber Resilience Act (CRA), the NIS2 Directive and the DORA Regulation do not emerge in isolation; they…
We are proud to announce the recently formed partnership with Codacy, a global leader in Application Security and code quality. By combining their expertise, the two companies are dedicated to helping organizations establish trust in their software by taking a…
Portugal is not behind when it comes to cybersecurity. In recent years, the sector has shown progress and greater maturity in several areas, but even so, there is a common trait that runs across different organizations: the tendency to confuse…
Companies are increasingly investing in cybersecurity tools such as firewalls, antivirus solutions, EDR, SIEM and monitoring platforms, among other solutions, all of which are essential components of any digital ecosystem. However, it is important to keep in mind that technology,…
Although often associated, Pentesting and Red Teaming are distinct methodologies, with different objectives, scopes, and outcomes. The correct application of each can determine whether an organization merely identifies technical vulnerabilities or actually validates its ability to withstand real and persistent…
Generative AI is rapidly becoming part of companies’ daily operations. While some organizations are naturally more cautious than others, almost all end up using it for reasons of productivity and task simplification. The problem is that, in many cases, this…
In the context of cybersecurity, a recurring question about Pentesting is: “Why execute a Pentest on a recurring basis?” At first glance, it may seem only like an additional expense or an obligation resulting from regulatory requirements. However, Pentesting stands…
We are proud to announce our partnership with Quasinfalível, a company specialized in helping organizations achieve compliance with industry best practices, including ISO standards, Agile methodologies, and the CMMI model. This strategic alliance seamlessly blends Quasinfalível’s deep expertise in process and compliance…
Summary In summary, this article explains two regulations from the European Union, The Digital Operational Resilience Act (DORA) and NIS 2 Directive. DORA focuses on enhancing the digital resilience of financial entities, mandating robust risk management, system testing, and third-party…
Summary In summary, this article has the purpose to explain to the reader, the importance of Business Continuity Management (BCM) to ensure resilience. The article starts by explaining what a BCM is and the various concepts that it encompasses. With…
