Securapilot (Kim Borg)

@securapilot@infosec.exchange
1 Followers
4 Following
3 Posts
Over 25 years as an IT leader across public and private sectors, including Group CIO for an international corporation in 8 countries and Head of IT in municipal government with responsibility for information security and NIS compliance. Complemented by 10+ years of hands-on software development, bridging strategic governance and technical implementation.
Securapilot (Kim Borg)4d ago

Sweden just launched a free national threat intelligence sharing platform and your country might have one too.

MISP SE, launched by Sweden's national CERT in December 2025, lets organizations access real-time indicators of compromise and feed them directly into security systems for automated blocking.

Sweden isn't alone. MISP is an open-source project from Luxembourg, with national instances across the EU. Outside Europe, the US runs CISA AIS and the UK has NCSC CISP, same concept, different packaging.

With NIS2 requiring systematic risk management across the EU, these platforms are becoming essential infrastructure.

Does your national CSIRT offer a MISP instance? Many do, and most are free.

#cybersecurity #NIS2 #threatintelligence #MISP

Securapilot (Kim Borg)Feb 3

🔐 Hot take: If your ISO 27001 Statement of Applicability still uses binary "Implemented / Not Implemented" for control status, you're losing valuable insight.

We've adopted the N-P-L-F scale from ISO/IEC 15504 (now 33020):

N – Not achieved (0–15%)
P – Partially achieved (>15–50%)
L – Largely achieved (>50–85%)
F – Fully achieved (>85–100%)

It turns the SOA from a checkbox exercise into a real maturity roadmap and auditors appreciate the transparency.

How do you handle implementation status in your SOA? Binary, CMMI-style levels or something else entirely? 😅

#ISO27001 #InfoSec #ISMS #GRC #Compliance #SecurityMaturity