This post summarizes some aspects of information security on computer networks. Network Security Controls Security Gateway Security gateway is a broad term to refer to a network edge security device. Firewall Firewall is a control. Proxy servers are a type…
ISA/IEC 62443 is a standard about industrial cybersecurity. ISA/IEC 62443 Cybersecurity Certificate Program is a family of certifications aimed for professionals and related to the ISA/IEC 62443 standard. The certificates are issued by the International Society of Automation (ISA). Take…
Digital Operational Resilience Act (DORA) is an European Union regulation. This post is an introduction to DORA. Introduction to DORA Its full title is “Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on…
Critical Entities Resilience (CER) is an European Union (EU) directive. This post is an introduction to this directive. Introduction to CER CER was promulgated on 14 December 2022, along with NIS2 and DORA. Its full title is “Directive (EU) 2022/2557…
This post features HTTP traffic interception tools for performing penetration tests. List of HTTP Traffic Interception Tools HTTP traffic interception tools: Burp Proxy Burp Proxy is a tool contained within Burp Suite. Proprietary and freemium. It is developed by British…
This post summarizes regulations related to IT Security. IT Security Regulations by Subjects Regulation subjects related to IT security featured on this post: IT Security Regulations You can read about critical infrastructure regulations on this post. Critical Infrastructure Regulations You…
Threat modeling is the process of identifying, analyzing and categorizing threats. List of Cybersecurity Threat Models Cybersecurity Threat Models featured on this post: The most popular is MITTRE ATT&CK. MITRE ATT&CK MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) Matrix is…
This post explains the concept of information security compliance and related topics. Compliance is one of the three sub-areas covered in Information Security area of GRC (Governance, Risk and Compliance). Sources of IT Security Compliance Compliance comes from the following…
This post introduces to System and Organization Controls (SOC) reporting framework, in the context of compliance with US American law Sarbanes-Oxley Act (SOX). Regulation Context The Sarbanes-Oxley Act (SOX or Sarbox) is a United States of America federal law. It…
EC-Council is a private organization that issues certifications related to IT security and cybersecurity. Certified Ethical Hacker (CEH) is a certification issued by EC-Council that has a limited validity. This post explains how to maintain the Certificed Ethical Hacker (CEH)…