This post summarizes some cryptographic standards and guidelines. List of Cryptographic Standards and Guidelines Cryptographic Standards and Guidelines featured on this post: NIST’s Cryptographic Standards and Guidelines ENISA’s Recommended Cryptographic Measures CCN’s CCN-STIC 807 “Criptología de empleo en…
This post covers some aspects of information security related to cloud services. Cloud Security Components On this section you can find different components that are relevant to cloud security. A Cloud Access Security Broker (CASB) scans the security between on-premise…
Business continuity should make focus on incidents that are not frequent but may cause a big impact on the organization. A Business Continuity Plan (BPC) is a plan used by an organization to respond to disruption of critical business process.…
This post discusses about policies, standards or guidelines to establish secure passwords in an IT system. List of Password Definition Standards List of password generation standards: NIST 800-63B NIST 800-63B is titled “Digital Identity Guidelines“. Official web SANS SPT Password…
This post summarizes some relevant IT risk analysis and management frameworks or methodologies. Please do not confuse them with risk analysis methodologies. List IT of Risk Management frameworks List of IT risk analysis frameworks: ISO/IEC 27005 The title of ISO/IEC…
This post summarizes libraries to create 3D or 2D graphics and sound. For those libraries to create both graphics and sound toghether, you can check this post. Graphics and multimedia libraries should not be confused with game engines. You can…
This post summarizes some certifications for organizations (and not for individuals or professionals) related somehow to information security or cybersecurity. List of Information Security Certifications for Organizations Information Security Certifications for Organizations featured on this post: ISO/IEC 27001 ISO/IEC 27701…
This post lists some secure software development frameworks. Secure Development Frameworks List of Secure Development Frameworks: Secure Software Development Framework (SSDF) Secue Software Development Framework (SSDF) is issued by NIST. As of November 2022, the latest SSDF publication SP 800-218…
The ISO/IEC 27000-series is a set of standards related to information security and publish by ISO and IEC. It provides recommendations on information security, in the context of a Information Security Management System (ISMS). Standards included on ISO/IEC 27000-series As…
This post lists some industry-standard penetration testing methodologies. OWASP Web Security Testing Guide OSSTMM NIST SP 800-115 FedRAMP Penetration Test Guidance PCI DSS Information Supplement on Penetration Testing List of industry-standard penetration testing methodologies OWASP Web Security Testing Guide …