IT Vulnerability Scoring Systems

This post features scoring systems for IT vulnerabilities. List of Vulnerability Scoring Systems These are the resources for vulnerability scoring systems: The most popular is CVSS. CVSS Common Vulnerability Scoring System (CVSS) is an open standard that provides an open…

IT Risk Management

IT risk is any risk that is specific to information technology. IT risk management deals with the IT risk within an organization. In an organization, IT risk management may be done by the IT security department or the risk department.…

Cloud Security Compliance

This post summarizes some aspects of cloud security that need to be taken into account regarding compliance. To monitor cloud security compliance, we need to check all compliance sources and how they affect cloud security. Compliance sources: Limits of Cloud…

HTTP Traffic Interception Tools

This post features HTTP traffic interception tools for performing penetration tests. List of HTTP Traffic Interception Tools HTTP traffic interception tools: Burp Proxy Burp Proxy is a tool contained within Burp Suite. Proprietary and freemium. It is developed by British…

Software Versioning

Software versioning is the process of assigning version names or numbers to software Software created Visual Studio separates four numbers with dots. The meaning of each number is: Example: 4.5.13.89 Software Code Version Control System Some software assigns the version…

Risk Management Frameworks

This post features some general-purpose risk management frameworks. For risk management frameworks specific for IT, please check this post. List of Risk Management Frameworks Risk management frameworks featured on this post: ISO 31000 ISO 31000 is a framework for risk…

IT Security Media

This post features some media or magazines related to IT security or cybersecurity. For the media specific to operational technology (OT) security, please check this post. Media related to IT Security Media related to cybersecurity: The Hacker News The Hacker…

IT Security Threat Modeling

Threat modeling is the process of identifying, analyzing and categorizing threats. List of Cybersecurity Threat Models Cybersecurity Threat Models featured on this post: The most popular is MITTRE ATT&CK. MITRE ATT&CK MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) Matrix is…