This post discusses some aspects related to IT or computer crime. The post focuses on regulations that prosecute malicious behavior related to computers or IT. If you want to read more about regulations concerning IT security focused on the implementation…
This post features some operational technology (OT) security frameworks and standards. List of OT Security Frameworks and Standards OT Security frameworks and standards that are featured on this post: ISA/IEC 62443 ISA/IEC 62443, sometimes referred as ISA 62443 or IEC…
This post summarizes some aspects of information security on computer networks. Network Security Controls Security Gateway Security gateway is a broad term to refer to a network edge security device. Firewall Firewall is a control. Proxy servers are a type…
ISA/IEC 62443 is a standard about industrial cybersecurity. ISA/IEC 62443 Cybersecurity Certificate Program is a family of certifications aimed for professionals and related to the ISA/IEC 62443 standard. The certificates are issued by the International Society of Automation (ISA). Take…
Microsoft Certified: Azure Security Engineer Associate (from now on, MCASEA) is a certification issued by Microsoft. It is an associate certification (level 2 out of 3) within the Microsoft certification scale. This certification was available from at least 2022, and…
Microsoft Certified: Azure Fundamentals (from now on, MCAF) is a certification issued by Microsoft. It is a fundamentals certification (level 1 out of 3) within the Microsoft certification scale. This certification was available from at least 2022, and its current…
Digital Operational Resilience Act (DORA) is an European Union regulation. This post is an introduction to DORA. Introduction to DORA Its full title is “Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on…
Critical Entities Resilience (CER) is an European Union (EU) directive. This post is an introduction to this directive. Introduction to CER CER was promulgated on 14 December 2022, along with NIS2 and DORA. Its full title is “Directive (EU) 2022/2557…
This post summarizes some aspects of cloud security that need to be taken into account regarding compliance. To monitor cloud security compliance, we need to check all compliance sources and how they affect cloud security. Compliance sources: Limits of Cloud…
This post features HTTP traffic interception tools for performing penetration tests. List of HTTP Traffic Interception Tools HTTP traffic interception tools: Burp Proxy Burp Proxy is a tool contained within Burp Suite. Proprietary and freemium. It is developed by British…