Software development teams should follow some guidelines and practices in order to create safe software. When developing software, you should beware of leaving backdoors or maintenance hooks. Secure Software Development Frameworks You can read more about secure software development frameworks…
This post summarizes tools used in IT security. It pretends to be an index for other systems. IT Security Tools by Category Network Scanning Tools List of network scanning tools System Virtualization Security Tools List of system virtualization security tools…
Supply chain security is the part of supply chain management that focuses on the risk management of external suppliers, vendors, logistics and transportation. Its goal is to identify, analyze and mitigate the risks inherent in working with other organizations as…
In the context of IT security, a product compliance list (EPL) is a list of IT products that have been assessed and validated by a third-party considering that it meets all the necessary products. These parties are usually generally trusted…
This post explains the concept of log management and provides Description of Log Management A log is a registry produced by a device or application about its internal use. Logs are helpful for debugging or monitoring IT security. Log management…
Information security governance is a part of governance, risk and compliance (GRC). Information Security should take into account the organization objectives and identified risks to define information security objectives. To achieve these goals, the IS strategy must be defined. Information…
When assessing IT security of the providers of an organization, we may find ourselves in bothersome tasks like having to create custom questionnaires and review the answers sent by them. Some providers offer cybersecurity risk questionnaires. This is a non-exhaustive…
Virtual patching is an IT security control that can be applied when instead of applying a security patch, additional measures are applied to mitigate the risk of not applying this patch. The reasons why a patch is not applied could…
Certified Cloud Security Practitioner (CCSP) is a certification focused on cloud security and issued by American non-profit organization ISC(2) CCSP certification is more detailed than CCSK certificate, that is issued by Cloud Security Alliance (CSA). Some recommend to obtain CCSK…
Kerberos is both an ticket-based Authentication, Authorization and Accountability (AAA) network protocol and a SSO implementation: It is the most common ticket system, used for example in on-premise Windows networks. Kerberos issues tickets that can be presented to various services…