Open Security (OpenSSF) is a non-profit organization It is part of the Linux Foundation. It was founded in 2020. OpenSSF Notable Projects OpenSSF Scorecard is a vulnerability scanner of FOSS projects. OpenSSF on the Social Networks Links to Social Networks:…
Information security governance is a part of governance, risk and compliance (GRC). Information Security should take into account the organization objectives and identified risks to define information security objectives. To achieve these goals, the IS strategy must be defined. Information…
When assessing IT security of the providers of an organization, we may find ourselves in bothersome tasks like having to create custom questionnaires and review the answers sent by them. Some providers offer cybersecurity risk questionnaires. This is a non-exhaustive…
Virtual patching is an IT security control that can be applied when instead of applying a security patch, additional measures are applied to mitigate the risk of not applying this patch. The reasons why a patch is not applied could…
This post explains some aspects of IT security on databases. It is part of the main post about introduction to IT security. Database Controls Database controls featured on this post: Server-side input validation Please remind that client-side input validation is…
Certified Cloud Security Practitioner (CCSP) is a certification focused on cloud security and issued by American non-profit organization ISC(2) CCSP certification is more detailed than CCSK certificate, that is issued by Cloud Security Alliance (CSA). Some recommend to obtain CCSK…
Kerberos is both an ticket-based Authentication, Authorization and Accountability (AAA) network protocol and a SSO implementation: It is the most common ticket system, used for example in on-premise Windows networks. Kerberos issues tickets that can be presented to various services…
This post provides resources to create Information Security policies, standards, procedures and guidelines. Documenting IT Security Policy Frameworks IT Security Policy Framework Document Types IT security policy framework documents: Policy Policies would be like the constitution, while procedures are the…
This post features some OT Security Communities. It is part of the main post about OT Security. List of OT Security Communities LinkedIn group “ICS OT Security IEC62443 Cyber and Physical” Official link LinkedIn group “OT Security” Official link Reddit…
This post features some operational technology (OT) security frameworks and standards. List of OT Security Frameworks and Standards OT Security frameworks and standards that are featured on this post: ISA/IEC 62443 ISA/IEC 62443, sometimes referred as ISA 62443 or IEC…