Kordon - the straightforward GRC platform

𝗘𝘃𝗲𝗿 𝗳𝗲𝗲𝗹 𝗹𝗶𝗸𝗲 𝗮𝘂𝗱𝗶𝘁𝘀 𝗮𝗿𝗲 𝗷𝘂𝘀𝘁 𝗼𝗿𝗴𝗮𝗻𝗶𝘇𝗲𝗱 𝗰𝗵𝗮𝗼𝘀? 😅 If that sounds all too familiar, you're not alone. But what if you could turn that chaos into a more zen experience? 🧘♂️ Here’s a tip to save you time during your next audit: 📂 𝗨𝘀𝗲 𝘀𝗶𝗺𝗽𝗹𝗲, 𝗱𝗲𝘀𝗰𝗿𝗶𝗽𝘁𝗶𝘃𝗲 𝗳𝗶𝗹𝗲 𝗻𝗮𝗺𝗲𝘀 𝗮𝗻𝗱 𝘀𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗲𝗱 𝗳𝗼𝗹𝗱𝗲𝗿𝘀 𝗳𝗼𝗿 𝘆𝗼𝘂𝗿 𝗰𝗼𝗻𝘁𝗿𝗼𝗹𝘀 𝗮𝗻𝗱 𝘁𝗵𝗲𝗶𝗿 𝗲𝘃𝗶𝗱𝗲𝗻𝗰𝗲. Clear organization prevents confusion and wasted time when searching for specific documents, making the evidence collection process much smoother. ✅ #informationsecurity #grc #iso27001 #soc2

🕒 𝗧𝗶𝗿𝗲𝗱 𝗼𝗳 𝗮𝘂𝗱𝗶𝘁𝘀 𝗱𝗿𝗮𝗴𝗴𝗶𝗻𝗴 along? Did you know strategic planning can 𝗿𝗲𝗱𝘂𝗰𝗲 𝘆𝗼𝘂𝗿 𝗮𝘂𝗱𝗶𝘁 𝘁𝗶𝗺𝗲𝗹𝗶𝗻𝗲 𝗯𝘆 𝘂𝗽 𝘁𝗼 𝟯𝟬%? 🎯 Here are 𝘁𝘄𝗼 𝗰𝗿𝗶𝘁𝗶𝗰𝗮𝗹 𝘀𝘁𝗲𝗽𝘀 that we’ve seen to have the biggest impact: 📅 𝗔𝗹𝗶𝗴𝗻 𝘀𝗰𝗵𝗲𝗱𝘂𝗹𝗲𝘀: Ensure key people are available when needed (no long vacations) and have time in their schedules to support the audit (book time with them) 💬 𝗘𝘀𝘁𝗮𝗯𝗹𝗶𝘀𝗵 𝗼𝗽𝗲𝗻 𝗹𝗶𝗻𝗲𝘀: Use a dedicated channel for quick questions and clarifications, streamlining information exchange. Inefficiency in communication is the main culprit for the audit process dragging along. These are small steps but make a big difference in achieving a smoother, faster audit process. ⁉️ 𝗪𝗵𝗮𝘁’𝘀 𝗼𝗻𝗲 𝗽𝗹𝗮𝗻𝗻𝗶𝗻𝗴 𝘁𝗶𝗽 𝘆𝗼𝘂 𝘄𝗶𝘀𝗵 𝘆𝗼𝘂 𝗸𝗻𝗲𝘄 𝗯𝗲𝗳𝗼𝗿𝗲 𝘆𝗼𝘂𝗿 𝗳𝗶𝗿𝘀𝘁 𝗮𝘂𝗱𝗶𝘁? #informationsecurity #soc2 #iso27001 #grc

The 𝗘𝗨 𝗔𝗜 𝗿𝗲𝗴𝘂𝗹𝗮𝘁𝗶𝗼𝗻 took effect on 𝟭𝘀𝘁 𝗼𝗳 𝗔𝘂𝗴𝘂𝘀𝘁 and is 𝗺𝗮𝗻𝗱𝗮𝘁𝗼𝗿𝘆 for everyone 𝘀𝘁𝗮𝗿𝘁𝗶𝗻𝗴 𝗻𝗲𝘅𝘁 𝗙𝗲𝗯𝗿𝘂𝗮𝗿𝘆. Are you ready for it? 🐍 🐍 🐍 

Well, that was a wild weekend, wasn't it? I wonder who is winning this alternatives race?

It’s not a question of 𝘪𝘧 someone falls for a phishing campaign, it’s a matter of 𝘸𝘩𝘦𝘯. Here’s my story. ⏬ 📚 I work in information security, hold a 𝗺𝗮𝘀𝘁𝗲𝗿’𝘀 𝗱𝗲𝗴𝗿𝗲𝗲 in cyber security, have participated in an 𝗲𝗻𝗱𝗹𝗲𝘀𝘀 𝗮𝗺𝗼𝘂𝗻𝘁 𝗼𝗳 𝗰𝘆𝗯𝗲𝗿 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗮𝗻𝗻𝘂𝗮𝗹 𝘁𝗿𝗮𝗶𝗻𝗶𝗻𝗴𝘀, and have caught a lot of phishing emails... Yet, early Sunday morning, I was closer than ever to falling for a phishing campaign. 𝘛𝘰 𝘣𝘦 𝘩𝘰𝘯𝘦𝘴𝘵, I totally fell for it but got out at the very last minute. 🔍 I did my due diligence: I 𝗱𝗼𝘂𝗯𝗹𝗲-𝗰𝗵𝗲𝗰𝗸𝗲𝗱 the page to ensure it was legit, I checked the reputation of the domain of the “great offer,” and I was critical about the contents of the market research survey I was filling in. (As a product manager, I’d say the questions were very good for gaining insights.) But despite all these steps, it was a scam. I only realized it at the very last step when I recognized that the payment page actually wasn’t what I had used with that vendor before. ⚠️ 𝗦𝗼, 𝘁𝗵𝗲 𝗺𝗼𝗿𝗮𝗹 𝗼𝗳 𝘁𝗵𝗲 𝘀𝘁𝗼𝗿𝘆 𝗵𝗲𝗿𝗲 𝗶𝘀: no matter how educated, practiced, and clever the person, given the right circumstances, good timing, good offer, and good disguise, anyone could make a mistake and fall for it. 🛡️ And you, as the GRC person, need to be prepared for when that happens. So, every time you conduct phishing trainings and other trainings to avoid this, also invest the same amount of time in planning and practicing the recovery once everything else fails. 💡𝘞𝘩𝘢𝘵’𝘴 𝘺𝘰𝘶𝘳 𝘦𝘹𝘱𝘦𝘳𝘪𝘦𝘯𝘤𝘦? Do you believe it’s not a matter of if, but when? 𝗪𝗵𝗮𝘁’𝘀 𝘁𝗵𝗲 𝗺𝗼𝘀𝘁 𝗰𝗼𝗻𝘃𝗶𝗻𝗰𝗶𝗻𝗴 𝗽𝗵𝗶𝘀𝗵𝗶𝗻𝗴 𝗰𝗮𝗺𝗽𝗮𝗶𝗴𝗻 𝘆𝗼𝘂’𝘃𝗲 𝘀𝗲𝗲𝗻 𝗶𝗻 𝘆𝗼𝘂𝗿 𝗼𝗿𝗴𝗮𝗻𝗶𝘇𝗮𝘁𝗶𝗼𝗻? 𝗦𝗵𝗮𝗿𝗲 𝘆𝗼𝘂𝗿 𝘀𝘁𝗼𝗿𝗶𝗲𝘀 𝗮𝗻𝗱 𝗶𝗻𝘀𝗶𝗴𝗵𝘁𝘀 𝗯𝗲𝗹𝗼𝘄! ⬇️ #phishing #grc #informationsecurity

Last week our co-founder Martin Ojala joined the Estonian podcast Algorütm and spoke with Priit Liivak and Tiit Paananen about GRC in general and the ideas behind and plans with Kordon. Go and check it out and let us know what you think about the idea of GRC maffia ... https://lnkd.in/dXZuajnP

Too often, information security programs fall flat because they’re complicated, overwhelming, or simply not relatable. Employees see security as someone else’s job, leading to indifference and non-compliance. Here's how to change this and make your employees more engaged. #risk #grc #compliance

One of 𝗺𝘆 𝗳𝗮𝘃𝗼𝘂𝗿𝗶𝘁𝗲 𝗰𝗼𝗻𝗰𝗲𝗽𝘁𝘀 𝗼𝗳 𝗮𝗹𝗹 𝘁𝗶𝗺𝗲 is the concept of ⏬ ⏬ how 𝗱𝗼𝗶𝗻𝗴 𝗮 𝘀𝗺𝗮𝗹𝗹 𝟭% 𝗶𝗺𝗽𝗿𝗼𝘃𝗲𝗺𝗲𝗻𝘁 𝗲𝘃𝗲𝗿𝘆 𝗱𝗮𝘆 📅 𝗰𝗼𝗺𝗽𝗼𝘂𝗻𝗱𝘀 𝗶𝗻𝘁𝗼 𝟯𝟳𝘅 𝗶𝗺𝗽𝗿𝗼𝘃𝗲𝗺𝗲𝗻𝘁 𝗼𝘃𝗲𝗿 𝘁𝗵𝗲 𝗰𝗼𝘂𝗿𝘀𝗲 𝗼𝗳 𝗮 𝘆𝗲𝗮𝗿. Who wouldn’t want that? 🚀 Well 𝗜𝗦𝗢 𝟮𝟳𝟬𝟬𝟭 𝗮𝗯𝘀𝗼𝗹𝘂𝘁𝗲𝗹𝘆 𝗱𝗼𝗲𝘀 want it and that is why 𝗿𝗲𝗾𝘂𝗶𝗿𝗲𝗺𝗲𝗻𝘁 𝟭𝟬.𝟭 𝘀𝗮𝘆𝘀: The organization shall continually improve the suitability, adequacy and effectiveness of the information security management system 🔐. 𝗮𝗻𝗱 𝗻𝗼𝘄 𝘆𝗼𝘂 𝗸𝗻𝗼𝘄 𝘄𝗵𝘆.  ⬇️ Check out the first comment to learn the origins and the insane results this concept has yielded.💡

🌐 𝗧𝗵𝗲 𝗘𝗨 𝗵𝗮𝘀 𝗺𝗮𝗱𝗲 𝗮 𝘀𝗽𝗹𝗮𝘀𝗵 𝗶𝗻 𝗰𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗿𝗲𝗴𝘂𝗹𝗮𝘁𝗶𝗼𝗻 𝗮𝗻𝗱 𝘁𝗵𝗲 𝗮𝗳𝗳𝗲𝗰𝘁𝗲𝗱 𝘀𝗲𝗰𝘁𝗼𝗿𝘀 𝗵𝗮𝘃𝗲 𝗮 𝗯𝘂𝗻𝗰𝗵 𝗼𝗳 𝗰𝗹𝗲𝗮𝗻𝗶𝗻𝗴 𝘂𝗽 𝘁𝗼 𝗱𝗼 🌐 Tens of thousands of organisations are subject to NIS 2 directive and/or DORA regulations and need to figure out what to do. "𝗖𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝘁 𝘂𝗻𝘁𝗶𝗹 𝗽𝗿𝗼𝘃𝗲𝗻 𝗼𝘁𝗵𝗲𝗿𝘄𝗶𝘀𝗲" 𝗶𝘀 𝗼𝗻𝗲 𝗮𝗽𝗽𝗿𝗼𝗮𝗰𝗵... 𝗯𝘂𝘁 𝗽𝗿𝗼𝗯𝗮𝗯𝗹𝘆 𝗻𝗼𝘁 𝘁𝗵𝗲 𝗯𝗲𝘀𝘁 𝗼𝗻𝗲. If you'd like to make sure you're not in hot water when the supervisory authorities come knocking, we'll give you a hint - both laws have significant overlaps with ISO 27001 🤝🔐 𝗪𝗵𝗲𝗿𝗲 𝗰𝗮𝗻 𝗜𝗦𝗢 𝟮𝟳𝟬𝟬𝟭 𝗵𝗲𝗹𝗽 𝘄𝗶𝘁𝗵 𝗡𝗜𝗦𝟮/𝗗𝗢𝗥𝗔 𝗰𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝗰𝗲? 𝗥𝗶𝘀𝗸 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁:  All three frameworks emphasize a risk-based approach to cybersecurity. NIS 2 and DORA mandate that organizations identify, assess, and manage risks, aligning closely with ISO 27001’s risk management requirements. 𝗜𝗻𝗰𝗶𝗱𝗲𝗻𝘁 𝗥𝗲𝗽𝗼𝗿𝘁𝗶𝗻𝗴:  Timely incident reporting is a cornerstone of NIS 2 and DORA, aiming to ensure rapid response and minimize damage. ISO 27001 complements this by requiring incident management processes that include reporting mechanisms. 𝗚𝗼𝘃𝗲𝗿𝗻𝗮𝗻𝗰𝗲 𝗮𝗻𝗱 𝗣𝗼𝗹𝗶𝗰𝗶𝗲𝘀:  Strong governance and robust cybersecurity policies are at the heart of these regulations. They all stress the importance of establishing clear policies and procedures to manage cybersecurity risks and ensure compliance. 𝗧𝗵𝗶𝗿𝗱-𝗣𝗮𝗿𝘁𝘆 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁:  The interconnectedness of modern business means third-party risk is significant. DORA, NIS 2, and ISO 27001 require organizations to assess and manage risks associated with third-party providers. 💡 𝗪𝗵𝘆 𝗗𝗼𝗲𝘀 𝗧𝗵𝗶𝘀 𝗠𝗮𝘁𝘁𝗲𝗿? Laws don't really come with manuals on how to c̶o̶m̶p̶l̶y̶ ̶w̶i̶t̶h̶ 𝘪𝘮𝘱𝘭𝘦𝘮𝘦𝘯𝘵 them. But ISO 27001 does. And there are platforms (shameless plug - Kordon being one of them) that can help you out. 🔗 Follow our page for more insights on GRC, cybersecurity trends, and regulatory updates! 👥 𝗝𝗼𝗶𝗻 𝘁𝗵𝗲 𝗖𝗼𝗻𝘃𝗲𝗿𝘀𝗮𝘁𝗶𝗼𝗻! If your organisation is subject to NIS 2 and/or DORA, how do you go about compliance? Share your thoughts and let's discuss! 💬👇 #Cybersecurity #NIS2 #DORA #ISO27001 #RiskManagement #Compliance #GRC #DataProtection

Following up on our post from yesterday, our co-founder Martin Ojala shares a story that highlights the dangers of complying without thinking 👏 .