Virtual Patching
Virtual patching is an IT security control that can be applied when instead of applying a security patch, additional measures are applied to mitigate the risk of not applying this patch. The reasons why a patch is not applied could…
Tag security
Database Security
This post explains some aspects of IT security on databases. It is part of the main post about introduction to IT security. Database Controls Database controls featured on this post: Server-side input validation Please remind that client-side input validation is…
How to get the CCSP Certification
Certified Cloud Security Practitioner (CCSP) is a certification focused on cloud security and issued by American non-profit organization ISC(2) CCSP certification is more detailed than CCSK certificate, that is issued by Cloud Security Alliance (CSA). Some recommend to obtain CCSK…
Kerberos
Kerberos is both an ticket-based Authentication, Authorization and Accountability (AAA) network protocol and a SSO implementation: It is the most common ticket system, used for example in on-premise Windows networks. Kerberos issues tickets that can be presented to various services…
Information Security Policy Frameworks
This post provides resources to create Information Security policies, standards, procedures and guidelines. Documenting IT Security Policy Frameworks IT Security Policy Framework Document Types IT security policy framework documents: Policy Policies would be like the constitution, while procedures are the…
OT Security Communities
This post features some OT Security Communities. It is part of the main post about OT Security. List of OT Security Communities LinkedIn group “ICS OT Security IEC62443 Cyber and Physical” Official link LinkedIn group “OT Security” Official link Reddit…
OT Security Frameworks
This post features some operational technology (OT) security frameworks and standards. List of OT Security Frameworks and Standards OT Security frameworks and standards that are featured on this post: ISA/IEC 62443 ISA/IEC 62443, sometimes referred as ISA 62443 or IEC…
Computer Network Security
This post summarizes some aspects of information security on computer networks. Network Security Controls Security Gateway Security gateway is a broad term to refer to a network edge security device. Firewall Firewall is a control. Proxy servers are a type…
ISA’s ISA/IEC 62443 Certificate Program
ISA/IEC 62443 is a standard about industrial cybersecurity. ISA/IEC 62443 Cybersecurity Certificate Program is a family of certifications aimed for professionals and related to the ISA/IEC 62443 standard. The certificates are issued by the International Society of Automation (ISA). Take…
Digital Operational Resilience Act (DORA)
Digital Operational Resilience Act (DORA) is an European Union regulation. This post is an introduction to DORA. Introduction to DORA Its full title is “Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on…