Virtual Patching
Virtual patching is an IT security control that can be applied when instead of applying a security patch, additional measures are applied to mitigate the risk of not applying this patch. The reasons why a patch is not applied could…
Category Cybersecurity
Database Security
This post explains some aspects of IT security on databases. It is part of the main post about introduction to IT security. Database Controls Database controls featured on this post: Server-side input validation Please remind that client-side input validation is…
How to get the CCSP Certification
Certified Cloud Security Practitioner (CCSP) is a certification focused on cloud security and issued by American non-profit organization ISC(2) CCSP certification is more detailed than CCSK certificate, that is issued by Cloud Security Alliance (CSA). Some recommend to obtain CCSK…
Kerberos
Kerberos is both an ticket-based Authentication, Authorization and Accountability (AAA) network protocol and a SSO implementation: It is the most common ticket system, used for example in on-premise Windows networks. Kerberos issues tickets that can be presented to various services…
Evidence in Digital Forensics
Evidence is an important part of digital forensics. Standard of Evidence The standard of evidence is the level of certainty and the degree of evidence necessary to establish proof in a proceeding. Evidence collected during investigations needs to follow standards…
Digital Forensics
Computer forensics is a branch of digital forensics. Digital Forensics Concepts Digital forensics concepts: Evidence You can read more about evidence on this post. Digital Forensics Incident Response (DFIR) Digital Forensics Incident Response (DFIR) is a specialized field within cybersecurity…
eIDAS
eIDAS (for “electronic IDentification, Authentication and trust Services”) is a set of European Union regulations. eIDAS Regulations There are different eIDAS regulations: eIDAS1 is regulated in EU Regulation 910/2014, that derogated EU Directive 1999 It is completely applied since 1…
IPSec
Internet Protocol Security (IPSec) is a standard of IP security extensions that comprises a collection of protocols and that is used as an add-on for IPv4 and integrated into IPv6. Each IPsec VPN uses two security associations, one for encrypted…
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of adversarial behavior. Some aspects of IT security (specifically confidentiality, integrity, authentication and non-repudiation) are directly related to cryptography. Cryptographic Algorithms You can read about encryption…
IT Risk Management Certifications for Professionals
This post summarizes certifications related to IT risk management that are aimed for professionals, and not certifications. List of IT Risk Management Certifications for Professionals List of IT Risk Management Certifications for Professionals: CRISC Certification in Risk Information Systems Control…