CISSP-ISSAP (Information Systems Security Architecture Professional) is a certification issued by (ISC)2. CISSP (Certified Information Systems Security Professional) is another certification issued by (ISC)2 that is a pre-requirement for CISSP-ISSAP. A certification that requires CISSP as a pre-requirement is called…
GIAC Defensible Security Architecture (GDSA) is an IT certification provided by Global Information Assurance Certification (GIAC), that is linked to training courses provided by SANS. This certificate was first issued in May 2019. The news about the launch can be…
GIAC Information Security Professional (GISP) is an IT certification provided by Global Information Assurance Certification (GIAC), that is linked to training courses provided by SANS. Do not confuse GIAC’s GISP with another certification related to GIS that shares the same…
When a wireless device has default settings from manufacturer, some info can be inferred from it. From a security point of view this is a weakness, because malicious users can leverage this data to identify quicker the possible vulnerabilities linked…
Wi-Fi Protected Access 2 (WPA2) is one of the most widespread security standards for wireless networks. It has been replaced by more recent WPA3, but as of 2021 WPA2 is still more spread. This post explains briefly what is WPA2,…
This post lists some of the most popular IT frameworks that can be used by an organization to implement their information security. You can read about related information security architecture frameworks on this post. List of IT Security Frameworks List…
Password hashing algorithms: PBKDF Family PBKDF1 PBKDF2 bcrypt scrypt List of Password Hashing Algorithms PBKDF1 Deprecated. PBKDF2 Supersedes PBKDF1. Use key stretching to increase the difficulty of attack. bcrypt Use key stretching to increase the difficulty of attack. scrypt Use…
Block ciphers are cryptographic algorithms that encrypt fixed-size blocks of data A cryptographic mode of operation for a block cipher describes the different ways that cryptographic algorithm may transform data to achieve sufficient complexity that offer protection against attacks. This…
CISSP (Certified Information Systems Security Professional) is a certification granted by the organization ISC2 (International Information System Security Certification Consortium). This post explains how you can prepare the exam to apply for CISSP certification. To find more information about the…
Digital certificates, also known as public key certificates or identity certificate, . When I explain what a digital certificate to someone without a strong IT background I like to compare it with a seal ring, like the ones used in…