This post explains some aspects of IT security on databases. It is part of the main post about introduction to IT security. Database Controls Database controls featured on this post: Server-side input validation Please remind that client-side input validation is…
Certified Cloud Security Practitioner (CCSP) is a certification focused on cloud security and issued by American non-profit organization ISC(2) CCSP certification is more detailed than CCSK certificate, that is issued by Cloud Security Alliance (CSA). Some recommend to obtain CCSK…
Kerberos is both an ticket-based Authentication, Authorization and Accountability (AAA) network protocol and a SSO implementation: It is the most common ticket system, used for example in on-premise Windows networks. Kerberos issues tickets that can be presented to various services…
Evidence is an important part of digital forensics. Standard of Evidence The standard of evidence is the level of certainty and the degree of evidence necessary to establish proof in a proceeding. Evidence collected during investigations needs to follow standards…
Computer forensics is a branch of digital forensics. Digital Forensics Concepts Digital forensics concepts: Evidence You can read more about evidence on this post. Digital Forensics Incident Response (DFIR) Digital Forensics Incident Response (DFIR) is a specialized field within cybersecurity…
eIDAS (for “electronic IDentification, Authentication and trust Services”) is a set of European Union regulations. eIDAS Regulations There are different eIDAS regulations: eIDAS1 is regulated in EU Regulation 910/2014, that derogated EU Directive 1999 It is completely applied since 1…
Internet Protocol Security (IPSec) is a standard of IP security extensions that comprises a collection of protocols and that is used as an add-on for IPv4 and integrated into IPv6. Each IPsec VPN uses two security associations, one for encrypted…
Cryptography is the practice and study of techniques for secure communication in the presence of adversarial behavior. Some aspects of IT security (specifically confidentiality, integrity, authentication and non-repudiation) are directly related to cryptography. Cryptographic Algorithms You can read about encryption…
This post summarizes certifications related to IT risk management that are aimed for professionals, and not certifications. List of IT Risk Management Certifications for Professionals List of IT Risk Management Certifications for Professionals: CRISC Certification in Risk Information Systems Control…
NIST Cybersecurity Framework (CSF) is a framework issued by American public organization NIST. You can find an external link to the NIST Cybersecurity Framework. NIST CSF Version As of March 2024, latest NIST CSF version is 2.0. You might also…