Information security governance is a part of governance, risk and compliance (GRC). Information Security should take into account the organization objectives and identified risks to define information security objectives. To achieve these goals, the IS strategy must be defined. Information…
When assessing IT security of the providers of an organization, we may find ourselves in bothersome tasks like having to create custom questionnaires and review the answers sent by them. Some providers offer cybersecurity risk questionnaires. This is a non-exhaustive…
Secrets management is a practice that allows developers to securely store sensitive data such as passwords, keys, and tokens, in a secure environment with strict access controls. A common person connected to the internet must use a few dozen of…
This post summarizes ideas about microservices, that is a type of distributed system. This post is part of a series of articles about distributed systems. Description of Microservices IT microservices is a service-oriented architecture (SOA) where the application is splitted…
A software-defined network (SDN) is an approach to network management that enables dynamic and programmatically network configuration. This is a contrast with traditional networks, where the network is defined by using hardware components. An SDN looks like a single logical…
Virtual patching is an IT security control that can be applied when instead of applying a security patch, additional measures are applied to mitigate the risk of not applying this patch. The reasons why a patch is not applied could…
This post explains some aspects of IT security on databases. It is part of the main post about introduction to IT security. Database Controls Database controls featured on this post: Server-side input validation Please remind that client-side input validation is…
This post summarizes hints about how to choose a free and open source software (FOSS) license. Choosing a FOSS License There is no a perfect open source licenses that can is suitable for all situations. It depends on the biggest…
Certified Cloud Security Practitioner (CCSP) is a certification focused on cloud security and issued by American non-profit organization ISC(2) CCSP certification is more detailed than CCSK certificate, that is issued by Cloud Security Alliance (CSA). Some recommend to obtain CCSK…
This post summarizes some metadata file formats structures. List of Metadata File Formats Metadata formats: XMP Extended Metadata Platform (XMP) is published as the standard ISO 16684-1:2012. IPTC Information Interchange Model (IIM). IPTC has been largely superseded by XMP. Exif…