jonas.colmsjo.com
CPS-Threat-Intel
Ransomware
ITsec-Strategy
About
My Cybersecurity Blog
Cybersecurity insights focusing on Cyber-Physical Systems (CPS), ransomware threats, and threat intelligence by Jonas Colmsjo.
Categories
All
(11)
Automotive
(1)
CPS
(1)
GRC
(5)
Hunting
(3)
IoT
(1)
Practices
(1)
Agentic AI in Digital Forensics
Concerns, Safeguards, and Lessons from a Real Investigation
Hunting
Can agentic AI assist digital forensic investigators? This article examines concerns from peer-reviewed literature, surveys deployment options for sensitive data, and shares practical lessons from using Claude Code in a forensic investigation — including the open-source arti toolkit developed during the project.
Feb 25, 2026
EU vs US Cybersecurity Compliance: Two Stacks, One Problem
From ISO 27001 vs NIST CSF, through ISO 27002 vs CIS Controls and SP 800-53, to Certification vs SOC 2 — How Two Regulatory Cultures Build Different Compliance Architectures
GRC
A structural comparison of EU and US cybersecurity compliance stacks — from anchor frameworks like ISO 27001 and NIST CSF, through control catalogs like ISO 27002, CIS Controls, and SP 800-53, to trust mechanisms like ISO 27001 certification and SOC 2 reports — including the critical 2026 supply chain divergence where CRA and OMB M-26-05 move in opposite directions.
Feb 22, 2026
IT Security Strategy Framework
A Four-Layer Model for Organizational Security
GRC
A comprehensive IT security strategy framework synthesized from the literature and practical experience, organized into four layers: Strategy, Organization, Processes, and Technology.
Feb 11, 2026
The 2026 CIO/CISO Agenda: Eight Trends Reshaping IT and Security Leadership
From AI Disillusionment to Agentic Agents, Personal Liability to Geopolitical Realignment
GRC
A data-driven analysis of the eight forces reshaping the CIO and CISO agenda in 2026 — drawing on survey data from Gartner, Forrester, IDC, McKinsey, ISC2, and the World Economic Forum.
Feb 11, 2026
ISO 27001, NIST CSF, and CIS Controls: Three Lenses on Cybersecurity Practice
GRC
There’s a common misconception in cybersecurity discussions: that ISO 27001, NIST CSF, and CIS Controls are competing standards, and organizations must “choose” one to…
Jan 11, 2026
Password Hygiene
Practices
I’ve put together a simple generator for mobile friendly passwords and a password card that can be printed.
Dec 14, 2025
Cyber-Physical Systems Under Attack: From Critical Infrastructure to Automotive Security
CPS
Automotive
Cyber-physical systems (CPS) represent the convergence of computation, networking, and physical processes. These systems control critical infrastructure including power…
Dec 4, 2025
To what extent do the Swedish Cybersecurity strategy meet the EU NIS2 requirements?
GRC
The new Swedish Cybersecurity strategy, Nationell strategi för cybersäkerhet 2025-2029 (Skr 2024/25:121), was released on 20:th of March 2025. Here is a evaluation to what…
Apr 12, 2025
IoT Case Study: Smart Argicultare
IoT
Smart devices are currently flourishing in all parts of our society. There are many gadgets with questionable benefits but also applications with very real benefits. The…
Mar 12, 2025
Threat Hunting
Hunting
För att skydda sina servrar bör man givetvis uppgradera alla komponenter med jämna mellanrum och bevaka CVE:s för att kunna patcha allvarliga luckor som dokumenterats. Ofta…
Nov 27, 2024
Asset and Attack Surface Management
Hunting
Ett bra sätt att få en känsla för ett nytt område är att titta på jobb-annonser. Jag såg en annons från WSP där dom söker Attack Surface Reduction Analyst. WSP verkar arbeta…
Nov 17, 2024
No matching items
