This post summarizes some certifications for organizations (and not for individuals or professionals) related somehow to information security or cybersecurity. List of Information Security Certifications for Organizations Information Security Certifications for Organizations featured on this post: ISO/IEC 27001 ISO/IEC…
This post summarizes organizations related to the Government of the United States of America (USA) that are related to information security or cybersecurity. List of USA Government Cybersecurity Organizations Non-exhaustive list of USA Government organizations related to cybersecurity: NIST CSRC…
This post summarizes organizations within or close to European Union (EU) that are related to information security or cybersecurity. List of European Union Cybersecurity Public Organizations Non-exhaustive list of European Union Cybersecurity Public Organizations: European Commission ENISA ECCC European Commission…
A Computer Emergency Response Team (CERT) is a group of experts that handles computer security incidents. The term CSIRT, as an acronym for Computer Security Incident Response Team or Cyber Security Incident Response Team is also used. As computer threads…
This post lists some secure development frameworks. Secure Development Frameworks List of Secure Development Frameworks: Secure Software Development Framework (SSDF) OWASP Security Knowledge Framework (OWASP-SKF) SEI CERT Coding Standards Secure Software Development Framework (SSDF) Secue Software Development Framework (SSDF)…
This post adds some comments on cloud security for Microsoft 365. Cloud Security for Microsoft 365 Products related to Microsoft 365 security: Microsoft 365 Defender Microsoft Secure Score Microsoft Secure Score Microsoft Secure Score is a Microsoft product that measures…
This post tries to make an overview about how to perform a risk assessment of information technology (IT) assets. Steps to perform an IT risk assessment The summary of steps to be done are: Define scope Select a risk assessment…
The ISO/IEC 27000-series is a set of standards related to information security and publish by ISO and IEC. It provides recommendations on information security, in the context of a Information Security Management System (ISMS). Standards included on ISO/IEC 27000-series As…
This post lists some websites that allows to assess suspicious IPs and provide other threat intelligence information. List of Threat Intelligence websites AbuseIPDB X-Force Exchange (XFE) AbuseIPDB X-Force Exchange (XFE) Owned by IBM. External references hslatman; “Awesome…
PCI DSS is an information security standard for organizations that handle branded credit cards from the major card schemes. You can check a general post about PCI DSS on this link. As the standard is updated regularly, there are different versions…