The ISO/IEC 27000-series is a set of standards related to information security and publish by ISO and IEC. It provides recommendations on information security, in the context of a Information Security Management System (ISMS). Standards included on ISO/IEC 27000-series As…
This post summarizes some tools, courses, certifications and hardening guides related to Windows 10. As Windows 10 and 11 are very similar, this post applies to both operating systems. Windows 10 Security Tools There are different security tools and functionalities…
Operational technologies, often referred with the acronym OT, is hardware and software that detects or causes a change, through the direct monitoring and/or control of industrial equipment, assets, processes and events. The industrial context is basic on this definition of OT.…
Compliance management solutions provide templates, assessment tools and other functionalities to help an organization to meet compliance with some of the most popular standards. This post lists some Compliance Management Solutions. List of IT Compliance Management Solutions Providers List of…
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes. It is promulgated by the Payment Card Industry Security Standars Council (PCI SCC). PCI…
This post lists some cybersecurity conventions or events that are celebrated in Spain. List of IT Security Conventions in Spain Cybersecurity Conventions in Spain, in order of recurrence: CIBERSEG Jornadas Seguridad y Defensa CIBERSEG. Alcalá de Henares, Madrid, Spain. Yearly…
This post summarizes some of the major conventions, conferences, congresses or other events related to cybersecurity and with an international scope. List of International Cybersecurity Conventions List of International Cybersecurity Events: Gartner Security & Risk Manageement Summit RSA Conference Black…
This post explains what is an enterprise information security architecture framework, and summarizes some of the existing ones. IT security architecture frameworks are sometimes related to enterprise architecture frameworks. You can read more about them on this post. What is…
An endpoint, in the context of a computer network, is a remote computing device that communicates back and forth with a network to which it is connected. Examples of endpoints are: In a more extended definition of endpoint, it may include…
Application Security Testing (AST) is the process of checking an application in order to identify potencial vulnerabilities and set points for security improvements. They are different to code testing solutions, as AST focus on security, not other aspects like performance…