ISO/IEC 15408, also known as Common Criteria for Information Technology Security Evaluation, Common Criteria or CC, is an international standard for testing and confirming the system security. Common Criteria supersedes the American TCSEC (Trusted Computer System Evaluation Criteria) or Orange…
This post features search engines for devices of the Internet of Things (IoT) List of IoT Search Engines IoT search engines featured on this post: Shodan Shodan is probably the most known IoT search engine. Official link FOFA FOFA is…
Single Sign-on (SSO) allows a user to access multiple applications with a single set of credentials. SSO Implementations SSO implementations: Kerberos Kerberos is both a SSO implementation and a AAA network protocol. You can read more about Kerberos on this…
This post is an introduction to network firewalls (FW). Firewalls should be complemented with other controls like antivirus scanners, data loss prevention (DLP) solutions and intrusion detection system (IDS) tools. Types of Firewall Firewall classification criteria: Types of Firewall by…
Extensive Authentication Protocol (EAP) is an authentication framework, not an actual protocol like PAP or CHAP. EAP allows customized authentication security solutions, such as supporting smartcards, tokens, and biometrics. EAP is often used in network communication protocols, such as those…
This post provides resources to create Information Security policies, standards, procedures and guidelines. Documenting IT Security Policy Frameworks IT Security Policy Framework Document Types IT security policy framework documents: Policy Policies would be like the constitution, while procedures are the…
This post features computer network authentication protocols. Do not confuse the authentication protocols with the Authentication, Authorization and Accountability (AAA) protocols like RADIUS or TACACS+. Authentication protocols works in the OSI layers 2 and 3, and AAA protocols in layer…
This post features some OT Security Communities. It is part of the main post about OT Security. List of OT Security Communities LinkedIn group “ICS OT Security IEC62443 Cyber and Physical” Official link LinkedIn group “OT Security” Official link Reddit…
The terms data privacy, information privacy, data protection refers to data related to individuals, or personal identifiable information (PII). A privacy impact assessment (PIA) has the following goals: Data Privacy Regulations by Country Countries featured on this post regarding IT…
Certificate of Cloud Security Knowledge (CCSK) is a certificate issued by the Cloud Security Alliance (CSA) that focuses on cloud security. CCSK is considered a good start towards the more advance ISACA’s certification CCSP. You can read more about how…