Cyberday

29/05/2026

Both EU AI Act and ISO 42001 available in Cyberday! 🤖

The EU AI Act and ISO 42001 are often discussed together, but they serve different purposes.

🇪🇺 The EU AI Act is a legal framework that defines what organizations must do to use AI responsibly and comply with regulation.
📋 ISO 42001 is a voluntary management system standard that helps organizations build structured AI governance processes.

The good news? They overlap significantly in areas like risk management, documentation, human oversight, transparency, and accountability. ISO 42001 can provide a strong foundation for meeting many EU AI Act requirements, but certification alone does not guarantee compliance.

Read the full article → https://eu1.hubs.ly/H0vLsG80

EU AI Act vs ISO 42001: learn the key differences, where they overlap, and how to use both to build practical, compliant AI governance.

21/04/2026

How does ISO 27001 support GDPR?

Many teams treat them separately but they actually work well together. GDPR defines what’s required & ISO 27001 shows how to manage it.

ISO 27001 doesn't fully cover GDPR, but with ISO 27001, you build a structured ISMS to:

🔄 Manage risks continuously
🔍 Implement and monitor controls
🏆 Prove accountability

How are you handling this?

Read the full article →

In this blog, we'll quickly go over ISO 27001 standard and GDPR, look at their similarities, and discuss how ISO 27001 can be useful towards GDPR compliance. We will also take a peek to GDPR and ISO 27701 cooperation.

17/03/2026

Risk management doesn’t happen in a vacuum.

Effective risk management thrives when it connects with other key ISMS areas like controls, audits, incidents, and supplier assurance.

These aren’t separate tasks but sources of real insights that feed into better risk decisions and stronger security overall.

Learn how different parts of your ISMS can provide valuable input to risk management →
https://eu1.hubs.ly/H0s43H10

An ISMS only supports risk management if it’s actively used. When processes like incident management, change management, continuity planning, and continuous improvement are run in practice, they continuously generate input.

03/03/2026

Our latest user survey shows what many security teams already know: treating compliance as a one-time activity leads to gaps, stress, and missed risks.

True compliance requires ongoing effort, regular reviews, and tools that support consistent progress rather and living from audit to audit. If your team is managing compliance only at year-end, you might be solving yesterday’s problems instead of today’s.

Read the full insights →
https://eu1.hubs.ly/H0s45z70

Special thanks for the participants! ⭐️

27/02/2026

We’re excited to share that three new NIS2 national implementation frameworks are now available in Cyberday!

You can now access tailored guidance for:
🇵🇹 Portugal’s Regime Jurídico da Cibersegurança: https://eu1.hubs.ly/H0s43kN0
🇸🇮 Slovenia’s Zakon o informacijski varnosti (ZInfV-1): https://eu1.hubs.ly/H0s41Z50
🇸🇰 Slovakia’s Zákon o kybernetickej bezpečnosti: https://eu1.hubs.ly/H0s431f0

These additions strengthen our NIS2 local implementation library, helping teams understand who’s in scope, what controls are required, and how to act practically in each jurisdiction.

27/02/2026

Let's face it: perfect security simply doesn’t exist but smart decisions do. That’s where information security risk management comes in.

Our blog shows how organisations can shift from reacting to incidents, to making intentional, risk-based security decisions that align with business priorities.

Risk management:
• Helps you decide what to protect first even if you don’t have all the facts.
• Makes security trade-offs clear and easier to explain.
• Keeps security focused, consistent, and aligned with business goals.

Read the full article 🔗 https://eu1.hubs.ly/H0s41cs0

How you handle organization risk management? 🛡️Hopefully with Cyberday 😉

Clear, practical explanation of information security risk management, how it connects to security frameworks, and how to make risk-based security work in practice.

25/02/2026

Many organisations maintain a risk register, but not all truly manage it.

One of the most common failures in information security risk management is letting the risk register become static. When risks aren’t reviewed regularly, assessments become outdated, priorities shift unnoticed, and real-world changes aren’t reflected in decision-making.

Effective risk management is more about continuous evaluation.

Simple, structured and recurring reviews help ensure:
✔ Risks reflect the current operating environment
✔ Ownership stays clear
✔ Emerging issues are identified early

Consistent updates may seem routine, but they are what keep risk management aligned with reality and prevent avoidable incidents.

Read 10 reasons why risk management fails and how to avoid them:

Find the 10 most common failures in information security risk management and learn how teams can fix them to make risk management practical, decision-driven, and effective in everyday security work.

19/02/2026

Hourly rates create a conflict of interest between you and your client.

As a compliance consultant, being incentivized to take longer goes against the trust clients place in your expertise. Value-based pricing aligns incentives by focusing on shared goals and impactful results, not time spent.

Trust isn’t built on a ticking clock. → https://eu1.hubs.ly/H0kRSBF0

17/02/2026

What changes when security finally becomes manageable?

For Translator Scandinavia, it meant clarity, control and less stress.

How did they get there?

👉 Read how they turned Cyberday into a working system:
https://eu1.hubs.ly/H0rkq4D0

09/02/2026

Did you know that we are constantly publishing new frameworks based on customer requests? What should we publish next? 👀

In the meantime, let us introduce you to the three recently published frameworks!

🇬🇧 The Cyber Assessment Framework 4.0 is a structured approach developed in the United Kingdom to help organisations understand, assess and improve their management of cyber security risk: https://eu1.hubs.ly/H0rkqSS0

🇩🇰 ‍The Danish Executive Order on Resilience and Preparedness in the Energy Sector establishes binding requirements for how critical energy companies manage resilience, preparedness and crisis response: https://eu1.hubs.ly/H0rkpts0

🇸🇦 Saudi Arabia’s Personal Data Protection Law (PDPL) sets mandatory rules for how organizations collect, use, store, share and transfer personal data. It establishes individual rights and clear accountability for data controllers and processors: https://eu1.hubs.ly/H0rkpvn0