Kerberos is both an ticket-based Authentication, Authorization and Accountability (AAA) network protocol and a SSO implementation: It is the most common ticket system, used for example in on-premise Windows networks. Kerberos issues tickets that can be presented to various services…
Evidence is an important part of digital forensics. Standard of Evidence The standard of evidence is the level of certainty and the degree of evidence necessary to establish proof in a proceeding. Evidence collected during investigations needs to follow standards…
Computer forensics is a branch of digital forensics. Digital Forensics Concepts Digital forensics concepts: Evidence You can read more about evidence on this post. Digital Forensics Incident Response (DFIR) Digital Forensics Incident Response (DFIR) is a specialized field within cybersecurity…
eIDAS (for “electronic IDentification, Authentication and trust Services”) is a set of European Union regulations. eIDAS Regulations There are different eIDAS regulations: eIDAS1 is regulated in EU Regulation 910/2014, that derogated EU Directive 1999 It is completely applied since 1…
Internet Protocol Security (IPSec) is a standard of IP security extensions that comprises a collection of protocols and that is used as an add-on for IPv4 and integrated into IPv6. Each IPsec VPN uses two security associations, one for encrypted…
Cryptography is the practice and study of techniques for secure communication in the presence of adversarial behavior. Some aspects of IT security (specifically confidentiality, integrity, authentication and non-repudiation) are directly related to cryptography. Cryptographic Algorithms You can read about encryption…
This post summarizes certifications related to IT risk management that are aimed for professionals, and not certifications. List of IT Risk Management Certifications for Professionals List of IT Risk Management Certifications for Professionals: CRISC Certification in Risk Information Systems Control…
NIST Cybersecurity Framework (CSF) is a framework issued by American public organization NIST. You can find an external link to the NIST Cybersecurity Framework. NIST CSF Version As of March 2024, latest NIST CSF version is 2.0. You might also…
The frameworks featured on this post can be applied generally to process, but also to software. Because of this, they are sometimes confused with software development models. You can find an introduction to dedicated software development models on this post.…
ISO/IEC 15408, also known as Common Criteria for Information Technology Security Evaluation, Common Criteria or CC, is an international standard for testing and confirming the system security. Common Criteria supersedes the American TCSEC (Trusted Computer System Evaluation Criteria) or Orange…