This post summarizes some relevant risk analysis methodologies. Do not confuse them with the IT risk management frameworks. List of Risk Analysis Methodologies List of IT risk analysis methodologies: Quantitative Qualitative Semi-quantitative Asset-based Vulnerability-based External References
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes. It is promulgated by the Payment Card Industry Security Standars Council (PCI SCC). PCI…
Magerit, sometimes written as MAGERIT, is a methodology to manage information technology (IT) risk that it is issued and managed by institutions related to the Goverment of Spain. Because of this, this IT risk analysis methodology is recommended to be…
This post lists some cybersecurity conventions or events that are celebrated in Spain. List of IT Security Conventions in Spain Cybersecurity Conventions in Spain, in order of recurrence: CIBERSEG Jornadas Seguridad y Defensa CIBERSEG. Alcalá de Henares, Madrid, Spain. Yearly…
This post summarizes some of the major conventions, conferences, congresses or other events related to cybersecurity and with an international scope. List of International Cybersecurity Conventions List of International Cybersecurity Events: Gartner Security & Risk Manageement Summit RSA Conference Black…
CMMI (Capability Maturity Model Integration) is a development model. It may be referred as SW-CMM. History of CMMI CMMI was created in 2006 by CMU (Carnegie Mellon University). It is currently administered by the CMMI Institute, a subsidiary of ISACA.…
This post explains what is an enterprise information security architecture framework, and summarizes some of the existing ones. IT security architecture frameworks are sometimes related to enterprise architecture frameworks. You can read more about them on this post. What is…
This post summarizes the steps to implement ISO/IEC 27001 in an organization. It pretends to be a high-level overview of the whole process and provide a holistic view. If you need further details on this, you may do some research…
ISO/IEC 27001 (sometimes shorted as ISO 27001) is an international standard on how to manage information security in an organization. The standard was originally published jointly by the International Organization for Standardization and the International Electrotechnical Commission in 2005, but…
This post lists some password manager applications. On premise Password Manager Applications On-premise password manager applications: KeePass Free and open source.Developed for Windows, and supports some portability for macOS and Linux using Mono. There are other unofficial ports. It was…