This post provides resources to create Information Security policies, standards, procedures and guidelines. Documenting IT Security Policy Frameworks IT Security Policy Framework Document Types IT security policy framework documents: Policy Policies would be like the constitution, while procedures are the…
This post summarizes some aspects of information security on computer networks. Network Security Controls Security Gateway Security gateway is a broad term to refer to a network edge security device. Firewall Firewall is a control. Proxy servers are a type…
Operational technologies (OT) are hardware and software that detects or causes a change, through the direct monitoring and/or control of industrial equipment, assets, processes and events.. You can read an introduction to OT on this post. OT Security (OT-Sec), Industrial…
ISA/IEC 62443 is a standard about industrial cybersecurity. ISA/IEC 62443 Cybersecurity Certificate Program is a family of certifications aimed for professionals and related to the ISA/IEC 62443 standard. The certificates are issued by the International Society of Automation (ISA). Take…
Digital Operational Resilience Act (DORA) is an European Union regulation. This post is an introduction to DORA. Introduction to DORA Its full title is “Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on…
Critical Entities Resilience (CER) is an European Union (EU) directive. This post is an introduction to this directive. Introduction to CER CER was promulgated on 14 December 2022, along with NIS2 and DORA. Its full title is “Directive (EU) 2022/2557…
This post summarizes some aspects of cloud security that need to be taken into account regarding compliance. To monitor cloud security compliance, we need to check all compliance sources and how they affect cloud security. Compliance sources: Limits of Cloud…
This post features HTTP traffic interception tools for performing penetration tests. List of HTTP Traffic Interception Tools HTTP traffic interception tools: Burp Proxy Burp Proxy is a tool contained within Burp Suite. Proprietary and freemium. It is developed by British…
Threat modeling is the process of identifying, analyzing and categorizing threats. List of Cybersecurity Threat Models Cybersecurity Threat Models featured on this post: The most popular is MITTRE ATT&CK. MITRE ATT&CK MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) Matrix is…
This post introduces to System and Organization Controls (SOC) reporting framework, in the context of compliance with US American law Sarbanes-Oxley Act (SOX). Regulation Context The Sarbanes-Oxley Act (SOX or Sarbox) is a United States of America federal law. It…