eIDAS (for “electronic IDentification, Authentication and trust Services”) is an European Union regulation. Electronic Signature Formats compatible with eIDAS eIDAS compelled the creation of electronic signature formats in order to comply with eIDAS regulation: There is no signature format compatible…
Internet Protocol Security (IPSec) is a standard of IP security extensions that comprises a collection of protocols and that is used as an add-on for IPv4 and integrated into IPv6. Each IPsec VPN uses two security associations, one for encrypted…
Cryptography is the practice and study of techniques for secure communication in the presence of adversarial behavior. Some aspects of IT security (specifically confidentiality, integrity, authentication and non-repudiation) are directly related to cryptography. Cryptographic Algorithms You can read about encryption…
This post summarizes certifications related to IT risk management that are aimed for professionals, and not certifications. List of IT Risk Management Certifications for Professionals List of IT Risk Management Certifications for Professionals: CRISC Certification in Risk Information Systems Control…
NIST Cybersecurity Framework (CSF) is a framework issued by American public organization NIST. You can find an external link to the NIST Cybersecurity Framework. NIST CSF Version As of March 2024, latest NIST CSF version is 2.0. You might also…
The frameworks featured on this post can be applied generally to process, but also to software. Because of this, they are sometimes confused with software development models. You can find an introduction to dedicated software development models on this post.…
Information security domains or areas are the different fields where the practice and studies of information security can be split. This post proposes different classifications for the security domains. Information Security Domain Proposals Information security domain proposals featured on this…
ISO/IEC 15408, also known as Common Criteria for Information Technology Security Evaluation, Common Criteria or CC, is an international standard for testing and confirming the system security. Common Criteria supersedes the American TCSEC (Trusted Computer System Evaluation Criteria) or Orange…
This post features search engines for devices of the Internet of Things (IoT) List of IoT Search Engines IoT search engines featured on this post: Shodan Shodan is probably the most known IoT search engine. Official link FOFA FOFA is…
Single Sign-on (SSO) allows a user to access multiple applications with a single set of credentials. SSO Implementations SSO implementations: Kerberos Kerberos is both a SSO implementation and a AAA network protocol. You can read more about Kerberos on this…