This post features computer network authentication protocols. Do not confuse the authentication protocols with the Authentication, Authorization and Accountability (AAA) protocols like RADIUS or TACACS+. Authentication protocols works in the OSI layers 2 and 3, and AAA protocols in layer…
This post features some OT Security Communities. It is part of the main post about OT Security. List of OT Security Communities LinkedIn group “ICS OT Security IEC62443 Cyber and Physical” Official link LinkedIn group “OT Security” Official link Reddit…
The terms data privacy, information privacy, data protection refers to data related to individuals, or personal identifiable information (PII). A privacy impact assessment (PIA) has the following goals: Privacy by Design Privacy by Design (PbD) is based on the “Privacy…
Certificate of Cloud Security Knowledge (CCSK) is a certificate issued by the Cloud Security Alliance (CSA) that focuses on cloud security. CCSK is considered a good start towards the more advance ISACA’s certification CCSP. You can read more about how…
This post features some media or publications related to OT security. It is part of the main post about OT security. List of OT Security Media OT Security Media: Industrial Cyber Industrial Cyber is a journalistic medium based in Canada…
This post discusses some aspects related to IT or computer crime. The post focuses on regulations that prosecute malicious behavior related to computers or IT. If you want to read more about regulations concerning IT security focused on the implementation…
Software bill of materials (SBOM) is the list of components that conforms a given software. SBOM management should be part of the software development lifecycle (SDLC). SBOM may be compound by: There was an infamous security incident related to SolarWinds…
This post features some operational technology (OT) security frameworks and standards. List of OT Security Frameworks and Standards OT Security frameworks and standards that are featured on this post: ISA/IEC 62443 ISA/IEC 62443, sometimes referred as ISA 62443 or IEC…
This post summarizes some aspects of information security on computer networks. Network Security Controls Security Gateway Security gateway is a broad term to refer to a network edge security device. Firewall Firewall is a control. Proxy servers are a type…
Secure strings should be used. These user scenarios should be done securely: Get password from user securely You can use Get-Credential or Get-Credential-User (that accepts a text as a an argument, in case you want to add a custom message…