This post provides resources to security aspects of domain network system (DNS). This post assumes that you already know how a DNS works. You can read an introduction to DNS on this post. Security Controls for DNS Security controls specific…
This post summarizes tools used in IT security. It pretends to be an index for other systems. IT Security Tools by Category Network Scanning Tools List of network scanning tools System Virtualization Security Tools List of system virtualization security tools…
Supply chain security is the part of supply chain management that focuses on the risk management of external suppliers, vendors, logistics and transportation. Its goal is to identify, analyze and mitigate the risks inherent in working with other organizations as…
This post explains the concept of log management and provides Description of Log Management A log is a registry produced by a device or application about its internal use. Logs are helpful for debugging or monitoring IT security. Log management…
Open Security (OpenSSF) is a non-profit organization It is part of the Linux Foundation. It was founded in 2020. OpenSSF Notable Projects OpenSSF Scorecard is a vulnerability scanner of FOSS projects. OpenSSF on the Social Networks Links to Social Networks:…
Information security governance is a part of governance, risk and compliance (GRC). Information Security should take into account the organization objectives and identified risks to define information security objectives. To achieve these goals, the IS strategy must be defined. Information…
Certified Cloud Security Practitioner (CCSP) is a certification focused on cloud security and issued by American non-profit organization ISC(2) CCSP certification is more detailed than CCSK certificate, that is issued by Cloud Security Alliance (CSA). Some recommend to obtain CCSK…
Information security domains or areas are the different fields where the practice and studies of information security can be split. This post proposes different classifications for the security domains. Information Security Domain Proposals Information security domain proposals featured on this…
This post summarizes some aspects of information security on computer networks. Network Security Controls Security Gateway Security gateway is a broad term to refer to a network edge security device. Firewall Firewall is a control. Proxy servers are a type…
Digital Operational Resilience Act (DORA) is an European Union regulation. This post is an introduction to DORA. Introduction to DORA Its full title is “Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on…