By:
On:
In: Artificial Intelligence, IT Security
With: 0 Comments

The rapid proliferation of Artificial Intelligence (AI) across enterprise value chains has fundamentally shifted the responsibilities of technology leaders. We are no longer operating in an era where deploying AI is solely a question of technical performance, algorithmic speed, or computational efficiency. Today, the defining question for the C-suite and GRC professionals is one of accountability: Just because we can build or deploy a system, what will its broader impact be? To transition from abstract ethical principles to rigorous, verifiable practices, organizations require structured frameworks. This is precisely where the newly released standard, ISO/IEC 42005:2025 (Information technology -— Artificial intelligence — Guidance on AI systemRead More →

By:
On:
In: Artificial Intelligence, Cybersecurity, IT Security
With: 0 Comments

Discover how ISO/IEC 23894:2023 extends traditional risk frameworks (ISO 31000) to tackle algorithmic bias, model drift, and opaque “black box” decisions. Learn how to turn AI risk management into a competitive advantage for 2026. Beyond Intuition: Why ISO/IEC 23894:2023 is the Strategic Engine for AI Risk Management For over a decade, enterprise risk management (ERM) has relied on deterministic systems. We managed known variables, established clear cause-and-effect relationships, and built robust barriers around predictable IT infrastructures. Artificial Intelligence changes the rules of the game completely. AI models are not static; they learn, adapt, and occasionally degrade. Traditional IT risk frameworks are fundamentally unequipped to handleRead More →

By:
On:
In: IT Security
With: 0 Comments

We can define 3 different areas of standards and regulations related to industrial cybersecurity. It is possible that we have to apply several simultaneously depending on the geography where we want to adapt to the standard and the customer. International standards of industrial cybersecurity:a. ISA/IEC 62443b. NIST SP 800-82 Rev.2 Regional industry regulation, critical infrastructure and services regulations and sector-specific regulations: (some examples)a. NERC CIP (Electrical Regulation for the United States)b. ANSSI (Electrical Regulation for France)c. ENS (Regulation of critical infrastructure in Spain)d. NCSC CAF Guidance (UK Critical Infrastructure Regulation)e. BSI (German Critical Infrastructure Regulation)f. Law 362/2019 (Regulation of critical infrastructure in Romania aligned withRead More →

By:
On:
In: IT Security
With: 0 Comments

ISO 22316:2017, was published in March 2017. Created by Technical Committee ‘ISO/TC 292 Security and resilience’.URL of ISO 22316:2017: https://www.iso.org/standard/50053.html This standard focused on improving culture within organizations in relation to building resilience. ISO 22316:2017 is the result of a long development process and represents the global consensus on the concept of organizational resilience. This regulation defines Organizational Resilience as: ‘the capacity of an organization to absorb and adapt in a changing environment’. ISO 22316:2017 has 6 main sections of requirements related to the orientation with which they should be implemented by an organization. Structure of this normative is: Introduction 1. Scope2. Normative references 3.Read More →

By:
On:
In: IT Governance, IT Security
With: 0 Comments

Cybersecurity has become an essential and omnipresent concept in our lives. Currently, everything is controlled by computer systems, which forces us to take good care of our best practices related to cybersecurity and the management of data privacy. I created a presentation about this, I would like to share with you. This presentation incluse all these topics: (document is in Spanish) 1. Introduction to cybersecurity 2. Security in the physical and logical world 3. Security in the professional and personal field 4. Evolution of threats. Digital threat 5. Origins of the attacks to our network and objective assets of the attacks 6. Social engineering, identityRead More →

By:
On:
In: Data Privacy, IT Security
With: 0 Comments

One of the procedural measures that have been introduced by Organic Law 13/2015, of October 5 (Spain), amending the Criminal Procedure Law for strengthening procedural safeguards and regulating technological research measures allows the Judicial Police The recording and recording of oral communications through the use of electronic devices and the use of technical devices for image capture, tracking and localization. The Judicial Police has all these technical tools: Tracking Devices Localization devices Image Capture Devices Voice Communication Intercept Devices Interception devices for telematic communications (eg, the possibility of identifying the IP, IMEI, device, etc.) Registration of Mass Storage Information Devices Remote logs on computer equipmentRead More →