Critical Entities Resilience (CER) is an European Union (EU) directive. This post is an introduction to this directive. Introduction to CER CER was promulgated on 14 December 2022, along with NIS2 and DORA. Its full title is “Directive (EU) 2022/2557…
This post features HTTP traffic interception tools for performing penetration tests. List of HTTP Traffic Interception Tools HTTP traffic interception tools: Burp Proxy Burp Proxy is a tool contained within Burp Suite. Proprietary and freemium. It is developed by British…
IT Compliance with Regulations is part of IT Security Compliance. You can read a more general post about this topic on this post. This is a non-exhaustive list of compliance regulations that may be taken into account in an organization.…
Threat modeling is the process of identifying, analyzing and categorizing threats. List of Cybersecurity Threat Models Cybersecurity Threat Models featured on this post: The most popular is MITTRE ATT&CK. MITRE ATT&CK MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) Matrix is…
This post explains the concept of information security compliance and related topics. Compliance is one of the three sub-areas covered in Information Security area of GRC (Governance, Risk and Compliance). Sources of IT Security Compliance Compliance comes from the following…
This post introduces to System and Organization Controls (SOC) reporting framework, in the context of compliance with US American law Sarbanes-Oxley Act (SOX). Regulation Context The Sarbanes-Oxley Act (SOX or Sarbox) is a United States of America federal law. It…
EC-Council is a private organization that issues certifications related to IT security and cybersecurity. Certified Ethical Hacker (CEH) is a certification issued by EC-Council that has a limited validity. This post explains how to maintain the Certificed Ethical Hacker (CEH)…
This post summarizes access control models, as considered in cybersecurity and access control. Acccess Control Concepts Permission refers to the access granted for an object and determine what you can do with it. Right refers to the ability to take…
This post summarizes Authentication, Authorization and Accountability (AAA) protocols or AAA network protocols. Do not confuse the AAA protocols with the authentication protocols like EAP, CHAP and PAP. Authentication protocols works in the OSI layers 2 and 3, and AAA…
Identity and Access Management (IAM) is one of the basics of information security. Concepts related to Authentication Continuous authentication Monitors user behavior continuously to ensure that the authenticated user remains the same throughout a session. Risk-based authentication analyzes user behavior…