Sistema de blogs Diarium
Universidad de Salamanca
Pablo Gallardo's Blog
My professional web log about IT, Cybersecurity & Project Management
 
Archive | IT Security RSS feed for this section

Incident Response

CERT is the acronym for Computer Emergency Response Team. Some countries have an international scope: FIRST https://www.first.org/ SEI CERT https://www.sei.cmu.edu/about/divisions/cert/index.cfm Most countries have an official CERT. DKCERT (Denmark) esCERT (Spain) IRIS-CERT (Spain, RedIRIS CERT) https://www.rediris.es/cert/

Comments { 0 }

Secure Development Frameworks

This post lists some secure development frameworks. Secure Development Frameworks List of Secure Development Frameworks: Secure Software Development Framework (SSDF) OWASP Security Knowledge Framework (OWASP-SKF) SEI CERT Coding Standards Secure Software Development Framework (SSDF) https://owasp.org/www-project-security-knowledge-framework/ SSDF is issued by NIST. OWASP Security Knowledge Framework (OWASP-SKF) https://owasp.org/www-project-security-knowledge-framework/ OWASP Security Knowledge Framework (OWASP-SKF) is issued by OWASP. […]

Comments { 0 }

Cloud Security for Microsoft 365

This post adds some comments on cloud security for Microsoft 365. Cloud Security for Microsoft 365 Products related to Microsoft 365 security: Microsoft 365 Defender Microsoft Secure Score Microsoft Secure Score Microsoft Secure Score is a Microsoft product that measures the organization’s security posture regarding specific Microsoft 365 products and displays the results on a […]

Comments { 0 }

How to perform an IT Risk Assessment

This post tries to make an overview about how to perform a risk assessment of information technology (IT) assets. Steps to perform an IT risk assessment The summary of steps to be done are: Define scope Select a risk assessment methodology Identify asset types Identify threats Identify vulnerabilities List controls Assign controls to threats Identify […]

Comments { 0 }

ISO/IEC 27000-series

The ISO/IEC 27000-series is a set of standards related to information security and publish by ISO and IEC. It provides recommendations on information security, in the context of a Information Security Management System (ISMS). Standards included on ISO/IEC 27000-series As of 2022, there are 63 different standards belonging to ISO/IEC 27000-series. All of them start […]

Comments { 0 }

Lists of Threat Intelligence websites

  This post lists some websites that allows to assess suspicious IPs and provide other threat intelligence information. List of Threat Intelligence websites AbuseIPDB X-Force Exchange (XFE) AbuseIPDB https://www.abuseipdb.com X-Force Exchange (XFE) https://exchange.xforce.ibmcloud.com Owned by IBM.   External references hslatman; “Awesome threat intelligence“; GitHub

Comments { 0 }

Differences between PCI DSS 3.2.1 and 4.0

PCI DSS is an information security standard for organizations that handle branded credit cards from the major card schemes. You can check a general post about PCI DSS on this link. As the standard is updated regularly, there are different versions of this standard. PCI DSS 3.2.1 was issued on May 2018. Valid PCI DSS audits […]

Comments { 0 }

Operational Technologies

Operational technologies, often referred with the acronym OT, is hardware and software that detects or causes a change, through the direct monitoring and/or control of industrial equipment, assets, processes and events. The industrial context is basic on this definition of OT. OT is often used as a counterpart of information technologies (IT), to refer the technologies […]

Comments { 0 }

List of SIEM Solutions

SIEM is an acronym that means Security Information and Event Management. This post lists some SIEM solutions. List of SIEM solutions List of SIEM solutions: QRadar Splunk Azure Sentinel Arcsight Splunk You might find interesting this article “Is Splunk a SIEM?”   You might be interested in… Splunk External references Gartner; “Security Information and Event […]

Comments { 0 }

Splunk

What is Splunk? There is a free course from Splunk explaining what it is. It is called “What is Splunk?“, and it is available online.   Splunk Certifications There are different certifications provided by Splunk. You can find these certifications on this link. You can filter using the dropdown list “Certificates”.   External references Splunk; […]

Comments { 0 }
Política de privacidad
Studii Salmantini. Campus de excelencia internacional