Tag nist

Information Security Controls

This post summarizes information security or cybersecurity control inventories. List of Information Security Control Catalogues Information Security Control Catalogues: ISO/IEC 27002 ISO/IEC 27002 is officially titled “Information security, cybersecurity and privacy protection — Information security controls”, but it can be…

Secure Development Frameworks

This post lists some secure development frameworks. Secure Development Frameworks List of Secure Development Frameworks: Secure Software Development Framework (SSDF) OWASP Security Knowledge Framework (OWASP-SKF) SEI CERT Coding Standards Secure Software Development Framework (SSDF) Secue Software Development Framework (SSDF)…

Windows 10 Security

This post summarizes some tools, courses, certifications and hardening guides related to Windows 10. As Windows 10 and 11 are very similar, this post applies to both operating systems. Windows 10 Security Tools There are different security tools and functionalities…

Data Roles

This post summarizes the roles involved in managing data in IT systems, according to USA’s NIST SP 800-18 Rev. 1 “Guide for Developing Security Plans for Federal Information Systems” or European Union’s General Data Protection Regulation (GDPR). This data roles…

List of Penetration Testing Methodologies

This post lists some industry-standard penetration testing methodologies. OWASP Web Security Testing Guide OSSTMM NIST SP 800-115 FedRAMP Penetration Test Guidance PCI DSS Information Supplement on Penetration Testing List of industry-standard penetration testing methodologies OWASP Web Security Testing Guide …