https://ellipseproject.com/blog/ Ellipse Project — independent information security risk assessment, audit, and awareness consultancy for European mid-market organisations. en 2026-04-15 https://ellipseproject.com/blog/nis2-actually-different.html https://ellipseproject.com/blog/nis2-actually-different.html 2026-03-28 A practical reading of the directive for organisations that already had a working ISMS, and where the genuinely new requirements bite. Anna Kowalska https://ellipseproject.com/blog/dora-supplier-register.html https://ellipseproject.com/blog/dora-supplier-register.html 2026-02-14 Of all the obligations DORA imposes, the ICT supplier register and contractual review consistently consumes the most effort. Why, and what to do about it. Tomasz Lewandowski https://ellipseproject.com/blog/iso-27001-2022-transition.html https://ellipseproject.com/blog/iso-27001-2022-transition.html 2026-01-08 The transition deadline from ISO 27001:2013 to ISO 27001:2022 lands on 31 October 2025. Where remediation work tends to land in practice. Anna Kowalska https://ellipseproject.com/blog/awareness-training-second-year.html https://ellipseproject.com/blog/awareness-training-second-year.html 2025-12-02 Why most awareness programmes peak in year one and decline thereafter, and what to do about it. Dr Magdalena Wójcik https://ellipseproject.com/blog/incident-notification-clock.html https://ellipseproject.com/blog/incident-notification-clock.html 2025-10-15 NIS2 starts the early-warning clock at the moment of awareness. The definition has substantial interpretation latitude and high-stakes consequences. Pavel Novák