Latest articles
News and analysis on NIS2, DORA and ICT asset management.
The Complete Information Network and Security Concepts in the Digital Age
Learn how the complete information network and security concepts according to BSI standards can support businesses.
DORA: Regulation and Adventures
A look at the latest developments in regulation by DORA and exciting adventures with Dora & Friends.
DORA: An Overview of the Information Register and Its Importance for ICT Service Providers
The DORA information register provides a comprehensive overview of ICT service providers in the financial sector and their contractual agreements.
New Information Register Under DORA: Deadlines and Requirements for Financial Companies
With the introduction of the DORA information register, financial companies are required to comprehensively document and report their IT service relationships. The new regulations come into effect in April 2025.
Decoding DORA, NIS2 & the EU AI Act: Key Insights You Need
An overview of key regulatory requirements and their impact on digital resilience and compliance.
Unlocking Regulatory Compliance with DORA, NIS2, and the EU AI Act: Strategies and Challenges
An overview of the challenges and strategies for compliance with DORA, NIS2, and the EU AI Act, including the role of AI and third-party risks.
DORA: Third-Party Risk Standards in 2025
A comprehensive guide to the DORA standards for third-party risk management coming into effect in 2025.
Third-Party Risk and DORA: A Guide for Financial Institutions
The Digital Operational Resilience Act (DORA) will impose significant requirements on financial institutions in the EU, especially regarding third-party risk management.
The Lifecycle of IT Assets: A Guide for Financial Institutions
This article discusses the importance of IT asset management and end-of-life management in financial institutions, particularly in the context of NIS2 and DORA regulations.
Navigating IT Modernization Projects in Compliance with BaFin and DORA: Challenges and Solutions
The Digital Operational Resilience Act (DORA) imposes new requirements on IT modernization in the financial sector. Companies must prepare for upcoming deadlines and compliance requirements.
BaFin Publishes DORA Guidance on Documentation Requirements
BaFin has published a structured overview of the documentation requirements of the Digital Operational Resilience Act (DORA) to assist financial companies in implementation.
Implementation of NIS2 and DORA in Germany: Challenges for Critical Infrastructures
The implementation of NIS2 and DORA brings new challenges and requirements for operators of critical infrastructures in Germany.
KRITIS and NIS2: Fundamentals and Compliance
An overview of the definition of KRITIS, the protection of critical infrastructures, and the requirements of the NIS2 directive.
Developing an Asset Inventory for NIS2: A Guide
An effective asset inventory is crucial for compliance with NIS2 requirements. Learn what assets should be included and how asset management can assist.
The NIS2 Directive: A Unified Cybersecurity Model for the EU
The NIS2 Directive establishes a common cybersecurity model in the EU, requiring member states to identify and classify risks.
Revised Cybersecurity Act by the European Commission to Enhance EU Cyber Resilience
The European Commission has proposed a revised Cybersecurity Act aimed at enhancing cybersecurity in the EU and securing ICT supply chains.
NCSC Issues Alert Following Global Targeting of Fortinet Firewalls and VPN Gateways
The NCSC has warned organizations to take action following a campaign threatening the security of Fortinet services.
Defensive Measures Against China-linked Covert Networks
International cyber agencies provide new advice to defend against tactics used by China-linked actors.
Innovative Security Technologies in Focus: SilentGlass and Current Cyber Threats
The NCSC has developed a groundbreaking device, SilentGlass, that secures vulnerable display connections. At the same time, the cyber chief warns of a 'perfect storm' situation for cybersecurity in the UK.
Cybersecurity: Warnings of Russian Military Intelligence and Vulnerabilities in Fortinet Devices
The UK government warns of cyber attacks by Russian military intelligence, while CISA recommends measures to secure Fortinet devices.
Security Vulnerabilities in Apollo Pharmacy Blood Glucose Monitoring System and Mitsubishi Electric MELSEC iQ-F Series
Two critical security vulnerabilities have been identified in medical devices from Apollo Pharmacy and Mitsubishi Electric, potentially compromising sensitive information and leading to denial-of-service attacks.
Schneider Electric and Rockwell Automation: Security Vulnerabilities in Critical Systems
Schneider Electric and Rockwell Automation have identified several security vulnerabilities in their products. These vulnerabilities could pose significant risks to critical infrastructures.
Security Vulnerabilities in AVer PTC Cameras and Schneider Electric EasyLogic T150
Current security vulnerabilities in AVer PTC cameras and Schneider Electric EasyLogic T150 require immediate risk mitigation measures.
Security Alerts: Critical Vulnerabilities in Red Hat, Webmin, and Gogs
Several critical vulnerabilities in common software applications have been discovered, potentially leading to serious security risks.
Security Alerts: Critical Vulnerabilities in HAProxy and ffmpeg, and Update on Red Hat OpenShift
Several critical vulnerabilities in HAProxy and ffmpeg allow attackers to execute denial of service attacks or arbitrary code. Additionally, there is an update on Red Hat OpenShift.
Security Alerts: Critical Vulnerabilities in Hitachi Storage, strongSwan, and IBM WebSphere
Recent vulnerabilities in Hitachi Storage, strongSwan, and IBM WebSphere Application Server pose significant security risks.
Navigating the New EU Regulation on Digital Operational Resilience (DORA)
The DORA regulation represents a significant step forward in enhancing digital resilience in the EU's financial sector.
The Impact of the Digital Operational Resilience Act (DORA) and NIS2 Directive on Businesses
The Digital Operational Resilience Act (DORA) and the NIS2 Directive impose new requirements on businesses in the EU. This article highlights the key aspects and preparations needed.
NCSC Warns of Global Attacks on Fortinet Firewalls and VPN Gateways
Following a global campaign affecting Fortinet services, the NCSC urges organizations to take immediate action.
Protective Measures Against China-linked Covert Networks
International cyber agencies provide new advice on protecting against covert networks linked to China.
Security Vulnerabilities in Apollo Pharmacy and Mitsubishi Electric Devices
Recent security advisories concern the Apollo Pharmacy Blood Glucose Monitoring System and Mitsubishi Electric's MELSEC iQ-F Series. Critical vulnerabilities could lead to data loss and service interruptions.
Schneider Electric and Rockwell Automation: Important Security Updates for Critical Infrastructures
Current security vulnerabilities in products from Schneider Electric and Rockwell Automation require urgent risk mitigation actions.
Security Alerts for AVer PTC Cameras and Schneider Electric EasyLogic T150
Recent security alerts concern AVer PTC cameras and Schneider Electric EasyLogic T150, which are vulnerable to critical weaknesses.
Security Alerts for Red Hat, Webmin, and Gogs: Critical Vulnerabilities Discovered
Recent security alerts highlight several critical vulnerabilities in Red Hat Enterprise Linux, Webmin, and Gogs that can be exploited by attackers.
Security Alerts: Critical Vulnerabilities in HAProxy and ffmpeg, and Update for Red Hat OpenShift
Several critical vulnerabilities in HAProxy and ffmpeg allow attackers to manipulate files and conduct Denial of Service attacks. An update for Red Hat OpenShift also addresses a Denial of Service vulnerability.
Current Security Alerts: Vulnerabilities in Hitachi Storage, strongSwan, and IBM WebSphere
Several critical vulnerabilities have been discovered in Hitachi Storage, strongSwan, and IBM WebSphere Application Server, which could potentially lead to serious security incidents.
Navigating the New EU Regulation on Digital Operational Resilience (DORA)
The DORA regulation represents a significant step forward in enhancing digital resilience in the EU's financial sector.
Introduction of the Digital Operational Resilience Act (DORA) and the NIS2 Directive
The Digital Operational Resilience Act (DORA) and the NIS2 Directive come into force to strengthen digital resilience in the EU.
NIS2 is here: Are you ready for the new cybersecurity requirements?
The NIS2 Directive introduces new cybersecurity requirements that are crucial for companies in Germany.
Why NIS2 Makes Physical Infrastructure Security Non-Negotiable
The NIS2 directive explicitly calls for asset management and access control policies as baseline security measures that every in-scope organization must implement.
NIS2 is here: Are you ready for the new cybersecurity requirements?
The NIS2 Directive introduces new cybersecurity requirements. Managing directors will be personally liable for compliance.
Why NIS2 Makes Physical Infrastructure Security Non-Negotiable
The NIS2 directive explicitly calls for the implementation of asset management and access control policies as baseline security measures.
Security Alerts: Critical Vulnerabilities in ffmpeg, Red Hat, and Webmin
Recent security alerts highlight serious vulnerabilities in ffmpeg, Red Hat Enterprise Linux, and Webmin that could lead to severe attacks.
Current Security Alerts: Gogs, HAProxy, and ffmpeg Affected
Several critical and high-severity vulnerabilities in Gogs, HAProxy, and ffmpeg threaten systems and require immediate action.
Security Alerts: Vulnerabilities in Red Hat OpenShift, Hitachi Storage, and strongSwan
Recent security alerts reveal critical vulnerabilities in Red Hat OpenShift, Hitachi Storage, and strongSwan that could potentially lead to Denial of Service and code execution.
Security Alerts: Vulnerabilities in IBM WebSphere and Fortinet Devices
Current security alerts concern critical vulnerabilities in IBM WebSphere Application Server and Fortinet devices, requiring immediate action.
Security Vulnerabilities in Apollo Pharmacy and Mitsubishi Electric Products
Two critical security vulnerabilities have been identified in medical devices from Apollo Pharmacy and Mitsubishi Electric, potentially compromising sensitive data and leading to denial-of-service attacks.
Schneider Electric and Rockwell Automation: Critical Security Vulnerabilities in ICS Products
Schneider Electric and Rockwell Automation have reported critical security vulnerabilities in their products that could lead to serious security risks.
Security Alerts for AVer PTC Cameras and Schneider Electric Products
Current security alerts concern AVer PTC cameras and Schneider Electric EasyLogic T150 and Saitel DP products. Critical vulnerabilities could lead to unauthorized access and code execution.
Cyber Threats and the Future of Authentication: A Look at Current Developments
An analysis of current cyber threats to critical infrastructures in the UK and the necessity of replacing passwords with more secure authentication methods.