This post explains the concept of log management and provides Description of Log Management A log is a registry produced by a device or application about its internal use. Logs are helpful for debugging or monitoring IT security. Log management…
Open Security (OpenSSF) is a non-profit organization It is part of the Linux Foundation. It was founded in 2020. OpenSSF Notable Projects OpenSSF Scorecard is a vulnerability scanner of FOSS projects. OpenSSF on the Social Networks Links to Social Networks:…
This post is an index for the main topics related to information technology (IT) offered on this blog. Technical Fields of Information Technology Fields of information technology featured on this blog: Computer Hardware Computer hardware include the physical parts of…
Information security governance is a part of governance, risk and compliance (GRC). Information Security should take into account the organization objectives and identified risks to define information security objectives. To achieve these goals, the IS strategy must be defined. Information…
When assessing IT security of the providers of an organization, we may find ourselves in bothersome tasks like having to create custom questionnaires and review the answers sent by them. Some providers offer cybersecurity risk questionnaires. This is a non-exhaustive…
This post summarizes ideas about microservices, that is a type of distributed system. This post is part of a series of articles about distributed systems. Description of Microservices IT microservices is a service-oriented architecture (SOA) where the application is splitted…
Virtual patching is an IT security control that can be applied when instead of applying a security patch, additional measures are applied to mitigate the risk of not applying this patch. The reasons why a patch is not applied could…
This post summarizes hints about how to choose a free and open source software (FOSS) license. Choosing a FOSS License There is no a perfect open source licenses that can is suitable for all situations. It depends on the biggest…
Certified Cloud Security Practitioner (CCSP) is a certification focused on cloud security and issued by American non-profit organization ISC(2) CCSP certification is more detailed than CCSK certificate, that is issued by Cloud Security Alliance (CSA). Some recommend to obtain CCSK…
Kerberos is both an ticket-based Authentication, Authorization and Accountability (AAA) network protocol and a SSO implementation: It is the most common ticket system, used for example in on-premise Windows networks. Kerberos issues tickets that can be presented to various services…