Unpacking compliance, security and AI.
Our DPOs and CISOs regularly share their take on regulatory and technical news here: new CNPD guidelines, notable sanctions, incident lessons learned, evolutions on the AI Act, NIS 2 and DORA. To go beyond the press release.
6 articles found · #soc
Foxconn hit by Nitrogen: 8 TB stolen, plants slowed — SOC/NIS 2 in 24h
Ransomware group “Nitrogen” claims 8 TB and 11M+ files stolen at Foxconn, disrupting North American plants. In Europe, a managed SOC/SIEM is key to detect fast and notify the ILR within 24h (NIS 2, Art. 23).
FICOBA: 1.2M accounts exposed — IAM and least privilege
A compromised high-privilege account enabled access to ~1.2M FICOBA records. What happened and how least-privilege IAM addresses GDPR Art. 25 and NIS 2 Art. 21 requirements.
CNIL vs Free: €42M — why a 24/7 SOC is vital to meet NIS 2 Art. 23
After the €42M fine against Free/Free Mobile, slow detection proves costly. Under NIS 2 Art. 23, detecting and notifying within 24 hours is now an operational obligation in Luxembourg.
NIS 2 audit: method, pitfalls and quality criteria for measures
7-phase NIS 2 audit method, the 5 most common pitfalls, and the 6-criteria grid to distinguish a real SOC from a marketing product. For the 1,200+ Luxembourg entities concerned.
EDR/XDR: Continuous detection aligned with NIS 2 (Art. 21) and DORA (Art. 10)
Executives must demonstrate continuous and effective incident detection. A well‑deployed EDR/XDR stack meets NIS 2 Art. 21 and DORA Art. 10 requirements with auditable technical evidence.
TLPT (threat‑led red team): meeting DORA Articles 26‑27
DORA requires selected financial entities to run threat‑led penetration tests on production systems. This is how a structured TLPT implementation fulfils Articles 26‑27, step by step.