Virtual Patching
Virtual patching is an IT security control that can be applied when instead of applying a security patch, additional measures are applied to mitigate the risk of not applying this patch. The reasons why a patch is not applied could…
Category IT
Database Security
This post explains some aspects of IT security on databases. It is part of the main post about introduction to IT security. Database Controls Database controls featured on this post: Server-side input validation Please remind that client-side input validation is…
How to choose a Free and Open Source Software License
This post summarizes hints about how to choose a free and open source software (FOSS) license. Choosing a FOSS License There is no a perfect open source licenses that can is suitable for all situations. It depends on the biggest…
How to get the CCSP Certification
Certified Cloud Security Practitioner (CCSP) is a certification focused on cloud security and issued by American non-profit organization ISC(2) CCSP certification is more detailed than CCSK certificate, that is issued by Cloud Security Alliance (CSA). Some recommend to obtain CCSK…
Metadata File Formats
This post summarizes some metadata file formats structures. List of Metadata File Formats Metadata formats: XMP Extended Metadata Platform (XMP) is published as the standard ISO 16684-1:2012. IPTC Information Interchange Model (IIM). IPTC has been largely superseded by XMP. Exif…
Kerberos
Kerberos is both an ticket-based Authentication, Authorization and Accountability (AAA) network protocol and a SSO implementation: It is the most common ticket system, used for example in on-premise Windows networks. Kerberos issues tickets that can be presented to various services…
ExifTool
ExifTool is both command-line tool and a Perl library to work with file metadata. It is free and open-source software (FOSS), under a license GPLv1+ or Artistic License. Installing ExifTool You can install ExifTool on macOS by typing: Getting Support…
Data Science and Engineering
This post is about data science and engineering, that can be considered one of the main fields of information technology. You can read this post about information Technology DIKW Pyramid DIKW is ordered from top to bottom: Data Structures Data…
Business Intelligence
Business Intelligence (BI) Business Intelligence Software Products Business Intellegence Products: SpagoBI SpagoBI is FOSS under a license MPLv2. SpagoBI code repository Qlik Sense Qlik Sense is newer than QlikView, an it is SaaS exclusively. Qlik Sense official website Tableau Tableau…
Evidence in Digital Forensics
Evidence is an important part of digital forensics. Standard of Evidence The standard of evidence is the level of certainty and the degree of evidence necessary to establish proof in a proceeding. Evidence collected during investigations needs to follow standards…