Digital Operational Resilience Act (DORA) is an European Union regulation. This post is an introduction to DORA. Introduction to DORA Its full title is “Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on…
Critical Entities Resilience (CER) is an European Union (EU) directive. This post is an introduction to this directive. Introduction to CER CER was promulgated on 14 December 2022, along with NIS2 and DORA. Its full title is “Directive (EU) 2022/2557…
This post summarizes some aspects of cloud security that need to be taken into account regarding compliance. To monitor cloud security compliance, we need to check all compliance sources and how they affect cloud security. Compliance sources: Limits of Cloud…
This post features HTTP traffic interception tools for performing penetration tests. List of HTTP Traffic Interception Tools HTTP traffic interception tools: Burp Proxy Burp Proxy is a tool contained within Burp Suite. Proprietary and freemium. It is developed by British…
Software versioning is the process of assigning version names or numbers to software. Software Version Assignment Some software assigns the version to the software automatically. Software created Visual Studio separates four numbers with dots. The meaning of each number is:…
Threat modeling is the process of identifying, analyzing and categorizing threats. List of Cybersecurity Threat Models Cybersecurity Threat Models featured on this post: The most popular is MITTRE ATT&CK. MITRE ATT&CK MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) Matrix is…
This post explores some aspects of threat intelligence in the context of IT security. Concepts related to IT Threat Intelligence Tactics, techniques and procedures are commonly referred as TTPs. IT Thread Modelling Thread modelling is a process by which potential…
This post is an introduction to the ecosystem of the C++ programming language. The term “ecosystem” is used here to refer to the programming language specification itself and other topics relevant to developers, like runtime environments and tools. It was…
This post explains the concept of information security compliance and related topics. Compliance is one of the three sub-areas covered in Information Security area of GRC (Governance, Risk and Compliance). Sources of IT Security Compliance Compliance comes from the following…
This post provides resources to identify the name of a computer font given a text with a specific typeface. Webs for Font Identification List of webs for font identification: Identifont Whatfontis The Font Finder service is included in Whatfontis…