<?xml version="1.0" encoding="UTF-8" standalone="no"?><rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" version="2.0">

<channel>
	<title>DISC Infosec blog</title>
	<atom:link href="http://blog.deurainfosec.com/feed/" rel="self" type="application/rss+xml"/>
	<link>https://blog.deurainfosec.com/</link>
	<description>Dedicated to information security assurance&#13;
Information Security subject matter with related items</description>
	<lastBuildDate>Sun, 12 Jul 2026 23:02:51 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.1.10</generator>

<image>
	<url>https://blog.deurainfosec.com/wp-content/uploads/2023/05/disc-logo-144x144.jpg</url>
	<title>DISC InfoSec blog</title>
	<link>https://blog.deurainfosec.com/</link>
	<width>32</width>
	<height>32</height>
</image> 
	<xhtml:meta content="noindex" name="robots" xmlns:xhtml="http://www.w3.org/1999/xhtml"/><item>
		<title>The adversary that treats your balance sheet as the objective</title>
		<link>https://blog.deurainfosec.com/the-adversary-that-treats-your-balance-sheet-as-the-objective/</link>
					<comments>https://blog.deurainfosec.com/the-adversary-that-treats-your-balance-sheet-as-the-objective/#respond</comments>
		
		<dc:creator><![CDATA[disc7]]></dc:creator>
		<pubDate>Sun, 12 Jul 2026 23:02:49 +0000</pubDate>
				<category><![CDATA[Attack Matrix]]></category>
		<category><![CDATA[Cyber Threats]]></category>
		<category><![CDATA[Information Security]]></category>
		<category><![CDATA[Threat detection]]></category>
		<category><![CDATA[Threat Modeling]]></category>
		<category><![CDATA[Lazarus Group]]></category>
		<category><![CDATA[TTPS]]></category>
		<guid isPermaLink="false">https://blog.deurainfosec.com/?p=36225</guid>

					<description><![CDATA[<p>Download html file AI Attack Surface ScoreCard AI Vulnerability Scorecard: Discover Your AI Attack Surface Before Attackers Do Your Shadow AI Problem Has a Name-And Now It Has a Score Most AI Security Tools Won’t Pass an Audit. Here’s a 15-Minute Way to Find Out. AIMS and Data Governance – Managing data responsibly isn’t just [&#8230;]</p>
<p>The post <a rel="nofollow noopener noreferrer" href="https://blog.deurainfosec.com/the-adversary-that-treats-your-balance-sheet-as-the-objective/" data-wpel-link="internal" target="_blank">The adversary that treats your balance sheet as the objective</a> appeared first on <a rel="nofollow noopener noreferrer" href="https://blog.deurainfosec.com" data-wpel-link="internal" target="_blank">DISC InfoSec blog</a>.</p>
]]></description>
		
					<wfw:commentRss>https://blog.deurainfosec.com/the-adversary-that-treats-your-balance-sheet-as-the-objective/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Why Supplier Security Is Under the Spotlight — and How to Build a Vendor Management Program for the AI Era</title>
		<link>https://blog.deurainfosec.com/why-supplier-security-is-under-the-spotlight-and-how-to-build-a-vendor-management-program-for-the-ai-era/</link>
					<comments>https://blog.deurainfosec.com/why-supplier-security-is-under-the-spotlight-and-how-to-build-a-vendor-management-program-for-the-ai-era/#respond</comments>
		
		<dc:creator><![CDATA[disc7]]></dc:creator>
		<pubDate>Fri, 10 Jul 2026 14:22:30 +0000</pubDate>
				<category><![CDATA[AI]]></category>
		<category><![CDATA[AI Risk]]></category>
		<category><![CDATA[Vendor Assessment]]></category>
		<category><![CDATA[Vendor Management]]></category>
		<guid isPermaLink="false">https://blog.deurainfosec.com/?p=36209</guid>

					<description><![CDATA[<p>Why Supplier Security Is Under the Spotlight — and How to Build a Vendor Management Program for the AI Era Your security program is only as strong as the weakest vendor with access to your environment. That&#8217;s not a slogan anymore — it&#8217;s what the breach data says, it&#8217;s what regulators are writing into law, [&#8230;]</p>
<p>The post <a rel="nofollow noopener noreferrer" href="https://blog.deurainfosec.com/why-supplier-security-is-under-the-spotlight-and-how-to-build-a-vendor-management-program-for-the-ai-era/" data-wpel-link="internal" target="_blank">Why Supplier Security Is Under the Spotlight — and How to Build a Vendor Management Program for the AI Era</a> appeared first on <a rel="nofollow noopener noreferrer" href="https://blog.deurainfosec.com" data-wpel-link="internal" target="_blank">DISC InfoSec blog</a>.</p>
]]></description>
		
					<wfw:commentRss>https://blog.deurainfosec.com/why-supplier-security-is-under-the-spotlight-and-how-to-build-a-vendor-management-program-for-the-ai-era/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>GDPR Isn’t a Cookie Banner: The Audit Findings That Actually Get Companies Fined</title>
		<link>https://blog.deurainfosec.com/gdpr-isnt-a-cookie-banner-the-audit-findings-that-actually-get-companies-fined/</link>
					<comments>https://blog.deurainfosec.com/gdpr-isnt-a-cookie-banner-the-audit-findings-that-actually-get-companies-fined/#respond</comments>
		
		<dc:creator><![CDATA[disc7]]></dc:creator>
		<pubDate>Thu, 09 Jul 2026 17:44:39 +0000</pubDate>
				<category><![CDATA[GDPR]]></category>
		<category><![CDATA[Audit Findings]]></category>
		<category><![CDATA[gdpr]]></category>
		<guid isPermaLink="false">https://blog.deurainfosec.com/?p=36204</guid>

					<description><![CDATA[<p>GDPR Isn&#8217;t a Cookie Banner: The Audit Findings That Actually Get Companies Fined Seven years after GDPR took effect, most organizations still treat it like a checkbox they ticked in 2018. They dropped in a cookie banner, published a privacy policy their own lawyers haven&#8217;t read since, and moved on. Then a data subject access [&#8230;]</p>
<p>The post <a rel="nofollow noopener noreferrer" href="https://blog.deurainfosec.com/gdpr-isnt-a-cookie-banner-the-audit-findings-that-actually-get-companies-fined/" data-wpel-link="internal" target="_blank">GDPR Isn&#8217;t a Cookie Banner: The Audit Findings That Actually Get Companies Fined</a> appeared first on <a rel="nofollow noopener noreferrer" href="https://blog.deurainfosec.com" data-wpel-link="internal" target="_blank">DISC InfoSec blog</a>.</p>
]]></description>
		
					<wfw:commentRss>https://blog.deurainfosec.com/gdpr-isnt-a-cookie-banner-the-audit-findings-that-actually-get-companies-fined/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>ATT&amp;CK vs. ATLAS: Why Securing AI Systems Needs Its Own Playbook</title>
		<link>https://blog.deurainfosec.com/attck-vs-atlas-why-securing-ai-systems-needs-its-own-playbook/</link>
					<comments>https://blog.deurainfosec.com/attck-vs-atlas-why-securing-ai-systems-needs-its-own-playbook/#respond</comments>
		
		<dc:creator><![CDATA[disc7]]></dc:creator>
		<pubDate>Tue, 07 Jul 2026 20:04:42 +0000</pubDate>
				<category><![CDATA[Attack Matrix]]></category>
		<category><![CDATA[Information Security]]></category>
		<category><![CDATA[MITRE ATLAS]]></category>
		<category><![CDATA[MITRE ATT&CK]]></category>
		<guid isPermaLink="false">https://blog.deurainfosec.com/?p=36194</guid>

					<description><![CDATA[<p>MITRE ATLAS (Adversarial Threat Landscape for Artificial-Intelligence Systems) is specifically about attacks on AI and machine learning systems — things like data poisoning, model evasion, model extraction, and prompt injection. It&#8217;s modeled on the ATT&#38;CK structure (tactics and techniques) but applied to the AI/ML attack surface. The description in your source looks like it may [&#8230;]</p>
<p>The post <a rel="nofollow noopener noreferrer" href="https://blog.deurainfosec.com/attck-vs-atlas-why-securing-ai-systems-needs-its-own-playbook/" data-wpel-link="internal" target="_blank">ATT&amp;CK vs. ATLAS: Why Securing AI Systems Needs Its Own Playbook</a> appeared first on <a rel="nofollow noopener noreferrer" href="https://blog.deurainfosec.com" data-wpel-link="internal" target="_blank">DISC InfoSec blog</a>.</p>
]]></description>
		
					<wfw:commentRss>https://blog.deurainfosec.com/attck-vs-atlas-why-securing-ai-systems-needs-its-own-playbook/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>20 State Laws, One Enforcement Standard: Privacy by Design or Pay</title>
		<link>https://blog.deurainfosec.com/20-state-laws-one-enforcement-standard-privacy-by-design-or-pay/</link>
					<comments>https://blog.deurainfosec.com/20-state-laws-one-enforcement-standard-privacy-by-design-or-pay/#respond</comments>
		
		<dc:creator><![CDATA[disc7]]></dc:creator>
		<pubDate>Fri, 03 Jul 2026 17:19:46 +0000</pubDate>
				<category><![CDATA[Information Privacy]]></category>
		<category><![CDATA[ISO 27k]]></category>
		<category><![CDATA[ISO 27701]]></category>
		<category><![CDATA[PIMS]]></category>
		<guid isPermaLink="false">https://blog.deurainfosec.com/?p=36185</guid>

					<description><![CDATA[<p>Privacy Just Became Infrastructure. Most AI Programs Haven&#8217;t Noticed. By DISC InfoSec For twenty years, privacy compliance meant disclosure: post a policy, collect consent, answer the occasional access request. That era is over. In 2026, privacy is infrastructure — regulators are testing whether your controls actually work, not whether your privacy notice reads well. I [&#8230;]</p>
<p>The post <a rel="nofollow noopener noreferrer" href="https://blog.deurainfosec.com/20-state-laws-one-enforcement-standard-privacy-by-design-or-pay/" data-wpel-link="internal" target="_blank">20 State Laws, One Enforcement Standard: Privacy by Design or Pay</a> appeared first on <a rel="nofollow noopener noreferrer" href="https://blog.deurainfosec.com" data-wpel-link="internal" target="_blank">DISC InfoSec blog</a>.</p>
]]></description>
		
					<wfw:commentRss>https://blog.deurainfosec.com/20-state-laws-one-enforcement-standard-privacy-by-design-or-pay/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Compliance Event vs. Compliance Capability: Why ISO 42001 is How You Actually Meet the EU AI Act</title>
		<link>https://blog.deurainfosec.com/compliance-event-vs-compliance-capability-why-iso-42001-is-how-you-actually-meet-the-eu-ai-act/</link>
					<comments>https://blog.deurainfosec.com/compliance-event-vs-compliance-capability-why-iso-42001-is-how-you-actually-meet-the-eu-ai-act/#respond</comments>
		
		<dc:creator><![CDATA[disc7]]></dc:creator>
		<pubDate>Thu, 02 Jul 2026 16:50:10 +0000</pubDate>
				<category><![CDATA[ISO 42001]]></category>
		<category><![CDATA[EU AI Act]]></category>
		<guid isPermaLink="false">https://blog.deurainfosec.com/?p=36179</guid>

					<description><![CDATA[<p>How they relate The cleanest way to frame it: the EU AI Act defines outcomes; ISO 42001 supplies the machinery to produce them repeatedly. The Act (Regulation (EU) 2024/1689) is enforceable law with fines up to €35M or 7% of global turnover for prohibited practices. ISO 42001 is a voluntary, certifiable management system standard published [&#8230;]</p>
<p>The post <a rel="nofollow noopener noreferrer" href="https://blog.deurainfosec.com/compliance-event-vs-compliance-capability-why-iso-42001-is-how-you-actually-meet-the-eu-ai-act/" data-wpel-link="internal" target="_blank">Compliance Event vs. Compliance Capability: Why ISO 42001 is How You Actually Meet the EU AI Act</a> appeared first on <a rel="nofollow noopener noreferrer" href="https://blog.deurainfosec.com" data-wpel-link="internal" target="_blank">DISC InfoSec blog</a>.</p>
]]></description>
		
					<wfw:commentRss>https://blog.deurainfosec.com/compliance-event-vs-compliance-capability-why-iso-42001-is-how-you-actually-meet-the-eu-ai-act/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>The AI RMF Gap Nobody’s Talking About: Why GOVERN-Heavy Programs Still Fail Audits</title>
		<link>https://blog.deurainfosec.com/the-ai-rmf-gap-nobodys-talking-about-why-govern-heavy-programs-still-fail-audits/</link>
					<comments>https://blog.deurainfosec.com/the-ai-rmf-gap-nobodys-talking-about-why-govern-heavy-programs-still-fail-audits/#respond</comments>
		
		<dc:creator><![CDATA[disc7]]></dc:creator>
		<pubDate>Wed, 01 Jul 2026 15:04:23 +0000</pubDate>
				<category><![CDATA[AI]]></category>
		<category><![CDATA[AI Risk]]></category>
		<category><![CDATA[Risk Assessment]]></category>
		<category><![CDATA[AI RMF]]></category>
		<category><![CDATA[NIST AI RMF]]></category>
		<guid isPermaLink="false">https://blog.deurainfosec.com/?p=36173</guid>

					<description><![CDATA[<p>This is the AI RMF gap assessment, not the checklist version. Most write-ups treat GOVERN, MAP, MEASURE, and MANAGE as four boxes to tick. In practice, the interesting failure isn&#8217;t which box is empty — it&#8217;s the pattern across the boxes. That pattern is what tells you whether your AI program is actually managing risk [&#8230;]</p>
<p>The post <a rel="nofollow noopener noreferrer" href="https://blog.deurainfosec.com/the-ai-rmf-gap-nobodys-talking-about-why-govern-heavy-programs-still-fail-audits/" data-wpel-link="internal" target="_blank">&lt;strong&gt;The AI RMF Gap Nobody&#8217;s Talking About: Why GOVERN-Heavy Programs Still Fail Audits&lt;/strong&gt;</a> appeared first on <a rel="nofollow noopener noreferrer" href="https://blog.deurainfosec.com" data-wpel-link="internal" target="_blank">DISC InfoSec blog</a>.</p>
]]></description>
		
					<wfw:commentRss>https://blog.deurainfosec.com/the-ai-rmf-gap-nobodys-talking-about-why-govern-heavy-programs-still-fail-audits/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>ISO/IEC 27001:2022 — The Compliance Bedrock Every Serious InfoSec Program Is Built On</title>
		<link>https://blog.deurainfosec.com/iso-iec-270012022-the-compliance-bedrock-every-serious-infosec-program-is-built-on/</link>
					<comments>https://blog.deurainfosec.com/iso-iec-270012022-the-compliance-bedrock-every-serious-infosec-program-is-built-on/#respond</comments>
		
		<dc:creator><![CDATA[disc7]]></dc:creator>
		<pubDate>Mon, 29 Jun 2026 15:53:06 +0000</pubDate>
				<category><![CDATA[CISO]]></category>
		<category><![CDATA[Information Security]]></category>
		<category><![CDATA[ISO 27k]]></category>
		<category><![CDATA[vCISO]]></category>
		<category><![CDATA[isms]]></category>
		<category><![CDATA[iso 27001]]></category>
		<category><![CDATA[security program]]></category>
		<guid isPermaLink="false">https://blog.deurainfosec.com/?p=36149</guid>

					<description><![CDATA[<p>ISO/IEC 27001:2022 — The Compliance Bedrock Every Serious InfoSec Program Is Built On By Disc &#124; Principal Consultant, DISC InfoSec There&#8217;s a question I get from almost every B2B SaaS and financial services client at some point: &#8220;Which compliance framework should we start with?&#8221; My answer is almost always the same: ISO/IEC 27001. Not because [&#8230;]</p>
<p>The post <a rel="nofollow noopener noreferrer" href="https://blog.deurainfosec.com/iso-iec-270012022-the-compliance-bedrock-every-serious-infosec-program-is-built-on/" data-wpel-link="internal" target="_blank">ISO/IEC 27001:2022 — The Compliance Bedrock Every Serious InfoSec Program Is Built On</a> appeared first on <a rel="nofollow noopener noreferrer" href="https://blog.deurainfosec.com" data-wpel-link="internal" target="_blank">DISC InfoSec blog</a>.</p>
]]></description>
		
					<wfw:commentRss>https://blog.deurainfosec.com/iso-iec-270012022-the-compliance-bedrock-every-serious-infosec-program-is-built-on/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>One Audit – Four Standards – Zero Duplication</title>
		<link>https://blog.deurainfosec.com/one-audit-four-standards-zero-duplication/</link>
					<comments>https://blog.deurainfosec.com/one-audit-four-standards-zero-duplication/#respond</comments>
		
		<dc:creator><![CDATA[disc7]]></dc:creator>
		<pubDate>Fri, 26 Jun 2026 18:16:31 +0000</pubDate>
				<category><![CDATA[GDPR]]></category>
		<category><![CDATA[Information Security]]></category>
		<category><![CDATA[ISO 27k]]></category>
		<category><![CDATA[ISO 42001]]></category>
		<category><![CDATA[NIST CSF]]></category>
		<category><![CDATA[gdpr]]></category>
		<category><![CDATA[iso 27001]]></category>
		<category><![CDATA[NIST 800-53]]></category>
		<category><![CDATA[One Audit]]></category>
		<guid isPermaLink="false">https://blog.deurainfosec.com/?p=36134</guid>

					<description><![CDATA[<p>One Audit. Four Standards. Zero Duplication. How to Build a Master Questionnaire as Your Single Source of Truth for ISO 27001, ISO 42001, NIST 800-53, and GDPR I want to tell you about a problem that is quietly draining compliance teams at SaaS companies right now — and a structural fix that changed how we [&#8230;]</p>
<p>The post <a rel="nofollow noopener noreferrer" href="https://blog.deurainfosec.com/one-audit-four-standards-zero-duplication/" data-wpel-link="internal" target="_blank">One Audit &#8211; Four Standards &#8211; Zero Duplication</a> appeared first on <a rel="nofollow noopener noreferrer" href="https://blog.deurainfosec.com" data-wpel-link="internal" target="_blank">DISC InfoSec blog</a>.</p>
]]></description>
		
					<wfw:commentRss>https://blog.deurainfosec.com/one-audit-four-standards-zero-duplication/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>GDPR Isn’t a Checkbox. It’s the Privacy Standard Your Organization Can’t Afford to Ignore</title>
		<link>https://blog.deurainfosec.com/gdpr-isnt-a-checkbox-its-the-privacy-standard-your-organization-cant-afford-to-ignore/</link>
					<comments>https://blog.deurainfosec.com/gdpr-isnt-a-checkbox-its-the-privacy-standard-your-organization-cant-afford-to-ignore/#respond</comments>
		
		<dc:creator><![CDATA[disc7]]></dc:creator>
		<pubDate>Wed, 24 Jun 2026 16:46:49 +0000</pubDate>
				<category><![CDATA[GDPR]]></category>
		<category><![CDATA[Information Security]]></category>
		<category><![CDATA[gdpr]]></category>
		<category><![CDATA[Privacy Standard]]></category>
		<guid isPermaLink="false">https://blog.deurainfosec.com/?p=36108</guid>

					<description><![CDATA[<p>AI Attack Surface ScoreCard AI Vulnerability Scorecard: Discover Your AI Attack Surface Before Attackers Do Your Shadow AI Problem Has a Name-And Now It Has a Score Most AI Security Tools Won’t Pass an Audit. Here’s a 15-Minute Way to Find Out. AIMS and Data Governance – Managing data responsibly isn’t just good practice—it’s a [&#8230;]</p>
<p>The post <a rel="nofollow noopener noreferrer" href="https://blog.deurainfosec.com/gdpr-isnt-a-checkbox-its-the-privacy-standard-your-organization-cant-afford-to-ignore/" data-wpel-link="internal" target="_blank">GDPR Isn&#8217;t a Checkbox. It&#8217;s the Privacy Standard Your Organization Can&#8217;t Afford to Ignore</a> appeared first on <a rel="nofollow noopener noreferrer" href="https://blog.deurainfosec.com" data-wpel-link="internal" target="_blank">DISC InfoSec blog</a>.</p>
]]></description>
		
					<wfw:commentRss>https://blog.deurainfosec.com/gdpr-isnt-a-checkbox-its-the-privacy-standard-your-organization-cant-afford-to-ignore/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Most companies deploying AI in the EU still don’t know what tier they’re in</title>
		<link>https://blog.deurainfosec.com/most-companies-deploying-ai-in-the-eu-still-dont-know-what-tier-theyre-in/</link>
					<comments>https://blog.deurainfosec.com/most-companies-deploying-ai-in-the-eu-still-dont-know-what-tier-theyre-in/#respond</comments>
		
		<dc:creator><![CDATA[disc7]]></dc:creator>
		<pubDate>Tue, 23 Jun 2026 18:12:17 +0000</pubDate>
				<category><![CDATA[AI]]></category>
		<category><![CDATA[AI Risk]]></category>
		<category><![CDATA[Information Security]]></category>
		<category><![CDATA[EU AI Act]]></category>
		<category><![CDATA[EU AI Act classifier]]></category>
		<guid isPermaLink="false">https://blog.deurainfosec.com/?p=36095</guid>

					<description><![CDATA[<p>Most companies deploying AI in the EU still don&#8217;t know what tier they&#8217;re in Most companies deploying AI in the EU still don&#8217;t know what tier they&#8217;re in. That&#8217;s not an opinion. It&#8217;s what I see in every engagement. The EU AI Act (Reg. 2024/1689) has been in force since August 2024. Prohibited practices have [&#8230;]</p>
<p>The post <a rel="nofollow noopener noreferrer" href="https://blog.deurainfosec.com/most-companies-deploying-ai-in-the-eu-still-dont-know-what-tier-theyre-in/" data-wpel-link="internal" target="_blank">Most companies deploying AI in the EU still don’t know what tier they’re in</a> appeared first on <a rel="nofollow noopener noreferrer" href="https://blog.deurainfosec.com" data-wpel-link="internal" target="_blank">DISC InfoSec blog</a>.</p>
]]></description>
		
					<wfw:commentRss>https://blog.deurainfosec.com/most-companies-deploying-ai-in-the-eu-still-dont-know-what-tier-theyre-in/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>You Can’t Certify What You Haven’t Mapped: The Case for an ISO 27001 Gap Assessment</title>
		<link>https://blog.deurainfosec.com/you-cant-certify-what-you-havent-mapped-the-case-for-an-iso-27001-gap-assessment/</link>
					<comments>https://blog.deurainfosec.com/you-cant-certify-what-you-havent-mapped-the-case-for-an-iso-27001-gap-assessment/#respond</comments>
		
		<dc:creator><![CDATA[disc7]]></dc:creator>
		<pubDate>Mon, 22 Jun 2026 20:02:23 +0000</pubDate>
				<category><![CDATA[Information Security]]></category>
		<category><![CDATA[ISO 27k]]></category>
		<category><![CDATA[isms]]></category>
		<category><![CDATA[ISO 27001 2022]]></category>
		<category><![CDATA[ISO 27001 gap assessment]]></category>
		<guid isPermaLink="false">https://blog.deurainfosec.com/?p=36083</guid>

					<description><![CDATA[<p>You Can&#8217;t Certify What You Haven&#8217;t Mapped: The Case for an ISO 27001 Gap Assessment Every ISO 27001 certification journey starts the same way — with a question that sounds simple and isn&#8217;t: Where are we right now? That question is the gap assessment. And whether you&#8217;re a 20-person SaaS company trying to win enterprise [&#8230;]</p>
<p>The post <a rel="nofollow noopener noreferrer" href="https://blog.deurainfosec.com/you-cant-certify-what-you-havent-mapped-the-case-for-an-iso-27001-gap-assessment/" data-wpel-link="internal" target="_blank">You Can&#8217;t Certify What You Haven&#8217;t Mapped: The Case for an ISO 27001 Gap Assessment</a> appeared first on <a rel="nofollow noopener noreferrer" href="https://blog.deurainfosec.com" data-wpel-link="internal" target="_blank">DISC InfoSec blog</a>.</p>
]]></description>
		
					<wfw:commentRss>https://blog.deurainfosec.com/you-cant-certify-what-you-havent-mapped-the-case-for-an-iso-27001-gap-assessment/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>The New Identity Perimeter: Machines, Agents, and the Trust Problem</title>
		<link>https://blog.deurainfosec.com/the-new-identity-perimeter-machines-agents-and-the-trust-problem/</link>
					<comments>https://blog.deurainfosec.com/the-new-identity-perimeter-machines-agents-and-the-trust-problem/#respond</comments>
		
		<dc:creator><![CDATA[disc7]]></dc:creator>
		<pubDate>Tue, 16 Jun 2026 17:40:13 +0000</pubDate>
				<category><![CDATA[AI]]></category>
		<category><![CDATA[AI Governance]]></category>
		<category><![CDATA[AI Governance Enforcement]]></category>
		<category><![CDATA[AI Guardrails]]></category>
		<category><![CDATA[AI Risk]]></category>
		<category><![CDATA[Information Security]]></category>
		<category><![CDATA[The New Identity Perimeter]]></category>
		<guid isPermaLink="false">https://blog.deurainfosec.com/?p=35987</guid>

					<description><![CDATA[<p>The New Identity Perimeter: Machines, Agents, and the Trust Problem Identity security is entering a fundamentally new phase — one where protecting access is no longer just about people, but about the full ecosystem of entities, human and non-human, that touch enterprise data and systems. Delinea CPO Phil Calvin, in conversation with OWASP contributor Chris [&#8230;]</p>
<p>The post <a rel="nofollow noopener noreferrer" href="https://blog.deurainfosec.com/the-new-identity-perimeter-machines-agents-and-the-trust-problem/" data-wpel-link="internal" target="_blank">The New Identity Perimeter: Machines, Agents, and the Trust Problem</a> appeared first on <a rel="nofollow noopener noreferrer" href="https://blog.deurainfosec.com" data-wpel-link="internal" target="_blank">DISC InfoSec blog</a>.</p>
]]></description>
		
					<wfw:commentRss>https://blog.deurainfosec.com/the-new-identity-perimeter-machines-agents-and-the-trust-problem/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Securing the Agentic Enterprise: Where AI Autonomy Meets ISO 42001 and the EU AI Act</title>
		<link>https://blog.deurainfosec.com/securing-the-agentic-enterprise-where-ai-autonomy-meets-iso-42001-and-the-eu-ai-act/</link>
					<comments>https://blog.deurainfosec.com/securing-the-agentic-enterprise-where-ai-autonomy-meets-iso-42001-and-the-eu-ai-act/#respond</comments>
		
		<dc:creator><![CDATA[disc7]]></dc:creator>
		<pubDate>Mon, 15 Jun 2026 16:17:08 +0000</pubDate>
				<category><![CDATA[AI]]></category>
		<category><![CDATA[AI Guardrails]]></category>
		<category><![CDATA[AI Risk]]></category>
		<category><![CDATA[Information Security]]></category>
		<category><![CDATA[Agentic AI]]></category>
		<guid isPermaLink="false">https://blog.deurainfosec.com/?p=35862</guid>

					<description><![CDATA[<p>Architecting Secure Enterprise AI Agents: A Practitioner&#8217;s Guide to Building AI That Earns Trust The enterprise AI landscape has fundamentally shifted. We&#8217;ve moved beyond chatbots that answer questions to autonomous agents that perceive context, reason over goals, and take action through real tools and services. But here&#8217;s the uncomfortable truth that IBM&#8217;s recent guide (verified [&#8230;]</p>
<p>The post <a rel="nofollow noopener noreferrer" href="https://blog.deurainfosec.com/securing-the-agentic-enterprise-where-ai-autonomy-meets-iso-42001-and-the-eu-ai-act/" data-wpel-link="internal" target="_blank">Securing the Agentic Enterprise: Where AI Autonomy Meets ISO 42001 and the EU AI Act</a> appeared first on <a rel="nofollow noopener noreferrer" href="https://blog.deurainfosec.com" data-wpel-link="internal" target="_blank">DISC InfoSec blog</a>.</p>
]]></description>
		
					<wfw:commentRss>https://blog.deurainfosec.com/securing-the-agentic-enterprise-where-ai-autonomy-meets-iso-42001-and-the-eu-ai-act/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Regulatory Relief Is Not Risk Relief: The EU AI Act Delay Trap</title>
		<link>https://blog.deurainfosec.com/regulatory-relief-is-not-risk-relief-the-eu-ai-act-delay-trap/</link>
					<comments>https://blog.deurainfosec.com/regulatory-relief-is-not-risk-relief-the-eu-ai-act-delay-trap/#respond</comments>
		
		<dc:creator><![CDATA[disc7]]></dc:creator>
		<pubDate>Thu, 11 Jun 2026 15:18:12 +0000</pubDate>
				<category><![CDATA[AI]]></category>
		<category><![CDATA[AI Risk]]></category>
		<category><![CDATA[EU AI Act]]></category>
		<guid isPermaLink="false">https://blog.deurainfosec.com/?p=35878</guid>

					<description><![CDATA[<p>The Delay Trap: Why the EU AI Act Postponement Is the Most Dangerous Gift Your Compliance Program Ever Received Brussels just handed enterprises sixteen extra months. Most of them are about to spend it accumulating governance debt. On May 7, 2026, EU legislators reached a provisional agreement on the Digital Omnibus on AI — the [&#8230;]</p>
<p>The post <a rel="nofollow noopener noreferrer" href="https://blog.deurainfosec.com/regulatory-relief-is-not-risk-relief-the-eu-ai-act-delay-trap/" data-wpel-link="internal" target="_blank">Regulatory Relief Is Not Risk Relief: The EU AI Act Delay Trap</a> appeared first on <a rel="nofollow noopener noreferrer" href="https://blog.deurainfosec.com" data-wpel-link="internal" target="_blank">DISC InfoSec blog</a>.</p>
]]></description>
		
					<wfw:commentRss>https://blog.deurainfosec.com/regulatory-relief-is-not-risk-relief-the-eu-ai-act-delay-trap/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
	</channel>
</rss>