Cyber Resilience Act (CRA) is a European Union (EU) regulation proposal. This post explains some aspects of CRA. Description of CRA CRA was proposed as a regulation by the European Commission in 2022. CRA is called in Spanish as Propuesta…
Digital Operational Resilience Act (DORA) is an European Union regulation. This post is an introduction to DORA. Introduction to DORA Its full title is “Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on…
Critical Entities Resilience (CER) is an European Union (EU) directive. This post is an introduction to this directive. Introduction to CER CER was promulgated on 14 December 2022, along with NIS2 and DORA. Its full title is “Directive (EU) 2022/2557…
This post summarizes some aspects of cloud security that need to be taken into account regarding compliance. To monitor cloud security compliance, we need to check all compliance sources and how they affect cloud security. Compliance sources: Limits of Cloud…
This post explains the concept of information security compliance and related topics. Compliance is one of the three sub-areas covered in Information Security area of GRC (Governance, Risk and Compliance). Sources of IT Security Compliance Compliance comes from the following…
The Network and Infrastructure Security 2 (NIS 2, often spelled as NIS2), coded Directive (EU) 2022/2555 is an European Union (EU) directive. This post explains some aspects about this directive and their transpositions by EU member states. Introduction NIS2 NIS2…
This post summarizes hardening guides, security baselines, guidelines or standards for Windows 10. List of Windows 10 Hardening Guides This section summarizes some guides, guidelines, recommendations or baselines to harden Windows 10 endpoints: Microsoft Security Baselines Microsoft Baselines are included in…
UNECE (United Nations Economic Commission for Europe) is one of the five regional commissions under the jurisdiction of the United Nations Economic and Social Council. United Nations (UN) Regulation No. 155, shorten as UNECE/R155, is an international regulation about cybersecurity…
This post summarizes some certifications for organizations (and not for individuals or professionals) related somehow to information security or cybersecurity. List of Information Security Certifications for Organizations Information Security Certifications for Organizations featured on this post: ISO/IEC 27001 ISO/IEC 27001…
PCI DSS is an information security standard for organizations that handle branded credit cards from the major card schemes. You can check a general post about PCI DSS on this link. As the standard is updated regularly, there are different versions…