This post explains the concept of information security compliance and related topics. Compliance is one of the three sub-areas covered in Information Security area of GRC (Governance, Risk and Compliance). Sources of IT Security Compliance Compliance comes from the following…
The Network and Infrastructure Security 2 (NIS 2, often spelled as NIS2), coded Directive (EU) 2022/2555 is an European Union (EU) directive. This post explains some aspects about this directive and their transpositions by EU member states. Introduction NIS2 NIS2…
This post introduces to System and Organization Controls (SOC) reporting framework, in the context of compliance with US American law Sarbanes-Oxley Act (SOX). Regulation Context The Sarbanes-Oxley Act (SOX or Sarbox) is a United States of America federal law. It…
EC-Council is a private organization that issues certifications related to IT security and cybersecurity. Certified Ethical Hacker (CEH) is a certification issued by EC-Council that has a limited validity. This post explains how to maintain the Certificed Ethical Hacker (CEH)…
This post summarizes access control models, as considered in cybersecurity and access control. Acccess Control Concepts Permission refers to the access granted for an object and determine what you can do with it. Right refers to the ability to take…
This post summarizes Authentication, Authorization and Accountability (AAA) protocols or AAA network protocols. Do not confuse the AAA protocols with the authentication protocols like EAP, CHAP and PAP. Authentication protocols works in the OSI layers 2 and 3, and AAA…
Identity and Access Management (IAM) is one of the basics of information security. Concepts related to Authentication Continuous authentication Monitors user behavior continuously to ensure that the authenticated user remains the same throughout a session. Risk-based authentication analyzes user behavior…
This post lists some publishers about cybersecurity or based in Spain. List of Cybersecurity Book Publishers from Spain Cybersecurity Book Publishers from Spain: Anaya Multimedia Official web LID Official web
This post lists sources that broadcast news about information security and cybersecurity. List of Cybersecurity News Webs from Spain Cybersecurity News Web from Spain: RedSeguridad Official web Revista SIC Official web Ciberseguridad TIC Official web Securtecnia Official web CyberSecurityNews.es Official…
A key concept of zero trust security is that it assess security dynamically. Zero Trust Network (ZTN) Zero Trust Architecture (ZTA) Zero Trust Network Access (ZTNA) is an IT security solution that provides secure remote access to an organization’s applications,…