This post features regulations related to IT security. The post focuses on regulations that establish IT security controls. To read a more general post about compliance on general IT security regulations, visit this post. If you want to know regulations…
Microsoft Certified: Azure Security Engineer Associate (from now on, MCASEA) is a certification issued by Microsoft. It is an associate certification (level 2 out of 3) within the Microsoft certification scale. This certification was available from at least 2022, and…
Cyber Resilience Act (CRA) is a European Union (EU) regulation proposal. This post explains some aspects of CRA. Description of CRA CRA was proposed as a regulation by the European Commission in 2022. CRA is called in Spanish as Propuesta…
Infrastructure as Code (IaC) is the process of managing and provisioning computer data center resources through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools. IaC is a technology that is related to configuration management. You can…
Microsoft Certified: Azure Fundamentals (from now on, MCAF) is a certification issued by Microsoft. It is a fundamentals certification (level 1 out of 3) within the Microsoft certification scale. This certification was available from at least 2022, and its current…
Digital Operational Resilience Act (DORA) is an European Union regulation. This post is an introduction to DORA. Introduction to DORA Its full title is “Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on…
This post discusses some topics about information technology (IT) supplier risk management (SRM) or Supply Chain Risk Management (SCRM). This post can be considered part of the series about supply chain IT security. Related terms are provider management and IT…
Critical Entities Resilience (CER) is an European Union (EU) directive. This post is an introduction to this directive. Introduction to CER CER was promulgated on 14 December 2022, along with NIS2 and DORA. Its full title is “Directive (EU) 2022/2557…
This post features scoring systems for IT vulnerabilities. List of Vulnerability Scoring Systems These are the resources for vulnerability scoring systems: The most popular is CVSS. CVSS Common Vulnerability Scoring System (CVSS) is an open standard that provides an open…
IT risk is any risk that is specific to information technology. IT risk management deals with the IT risk within an organization. In an organization, IT risk management may be done by the IT security department or the risk department.…