This post features some general-purpose risk management frameworks. For risk management frameworks specific for IT, please check this post. List of Risk Management Frameworks Risk management frameworks featured on this post: ISO 31000 ISO 31000 is a framework for risk…
This post features some media or magazines related to IT security or cybersecurity. For the media specific to operational technology (OT) security, please check this post. Media related to IT Security Media related to cybersecurity: The Hacker News The Hacker…
Threat modeling is the process of identifying, analyzing and categorizing threats. List of Cybersecurity Threat Models Cybersecurity Threat Models featured on this post: The most popular is MITTRE ATT&CK. MITRE ATT&CK MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) Matrix is…
This post explores some aspects of threat intelligence in the context of IT security. Concepts related to IT Threat Intelligence Tactics, techniques and procedures are commonly referred as TTPs. IT Thread Modelling Thread modelling is a process by which potential…
This post contains web-based Identity and Access Management (IAM) protocols. OpenID allows to use an account from another service. List of Web-based IAM Protocols Web-based Many of these protocols are used in combination to achieve Single Sign-on (SSO) or federation.…
This post explains the concept of information security compliance and related topics. Compliance is one of the three sub-areas covered in Information Security area of GRC (Governance, Risk and Compliance). Sources of IT Security Compliance Compliance comes from the following…
The Network and Infrastructure Security 2 (NIS 2, often spelled as NIS2), coded Directive (EU) 2022/2555 is an European Union (EU) directive. This post explains some aspects about this directive and their transpositions by EU member states. Introduction NIS2 NIS2…
This post introduces to System and Organization Controls (SOC) reporting framework, in the context of compliance with US American law Sarbanes-Oxley Act (SOX). Regulation Context The Sarbanes-Oxley Act (SOX or Sarbox) is a United States of America federal law. It…
EC-Council is a private organization that issues certifications related to IT security and cybersecurity. Certified Ethical Hacker (CEH) is a certification issued by EC-Council that has a limited validity. This post explains how to maintain the Certificed Ethical Hacker (CEH)…
This post summarizes access control models, as considered in cybersecurity and access control. Acccess Control Concepts Permission refers to the access granted for an object and determine what you can do with it. Right refers to the ability to take…