In recent years, the European Union has significantly strengthened its cybersecurity regulatory framework. NIS2, the Cyber Resilience Act (CRA) and DORA are often discussed together, which leads many organisations to treat them as equivalent. They are not! Each of these regulations addresses different dimensions…
The European Union has been consolidating a regulatory approach that places digital security at the centre of economic activity. Initiatives such as the Cyber Resilience Act (CRA), the NIS2 Directive and the DORA Regulation do not emerge in isolation; they…
Risk management is often described as the heart of an information security management system. In the context of ISO 27001, this statement is not merely figurative — it is structural. Yet many organisations continue to associate risk management solely with the certification…
Business risk management is now a recurring topic in boardrooms, audits and strategic meetings, but it is also one of the least understood issues in organisations. In practice, many companies only start talking about risk when an audit, regulatory requirement or customer demand arises. In…
Risk management continues to be one of the most discussed topics in information security, yet it is not always understood in its full dimension. In many organisations, the term is still associated with reports, matrices and formal exercises carried out to satisfy audits…
Portugal is not behind when it comes to cybersecurity. In recent years, the sector has shown progress and greater maturity in several areas, but even so, there is a common trait that runs across different organizations: the tendency to confuse…
“The future of cybersecurity is not measured by the number of protective measures in place. It is measured by proven resilience and by the degree of return on security investment for the business.” In recent years, much has been said…
Last Friday, Portugal approved the legal framework transposing Directive (EU) 2022/2555 (NIS2). An important step, no doubt. But the real question is: what happens now? My opinion is clear: most organizations are not prepared. And it is not a matter…
Generative AI Figure 1 – AI evolution (Synoptek, 2023) In recent years, we have witnessed remarkable advances in the field of Artificial Intelligence (AI), driven by techniques such as Machine Learning (ML), Deep Learning (DL), and Generative Artificial Intelligence (GenAI). ML…
Summary In summary, this article explains two regulations from the European Union, The Digital Operational Resilience Act (DORA) and NIS 2 Directive. DORA focuses on enhancing the digital resilience of financial entities, mandating robust risk management, system testing, and third-party…
Summary In summary, this article has the purpose to explain to the reader, the importance of Business Continuity Management (BCM) to ensure resilience. The article starts by explaining what a BCM is and the various concepts that it encompasses. With…
Summary This article emphasizes the critical role of Governance, Risk, and Compliance (GRC) practices in preventing data loss exfiltration, particularly in the face of evolving cyber threats like ransomware. It begins by highlighting the increasing sophistication of cybercriminals and the…