Tag cybersecurity

Cloud Security Compliance

This post summarizes some aspects of cloud security that need to be taken into account regarding compliance. To monitor cloud security compliance, we need to check all compliance sources and how they affect cloud security. Compliance sources: Limits of Cloud…

HTTP Traffic Interception Tools

This post features HTTP traffic interception tools for performing penetration tests. List of HTTP Traffic Interception Tools HTTP traffic interception tools: Burp Proxy Burp Proxy is a tool contained within Burp Suite. Proprietary and freemium. It is developed by British…

Cybersecurity Threat Modeling

Threat modeling is the process of identifying, analyzing and categorizing threats. List of Cybersecurity Threat Models Cybersecurity Threat Models featured on this post: The most popular is MITTRE ATT&CK. MITRE ATT&CK MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) Matrix is…

SOC Reporting Framework

This post introduces to System and Organization Controls (SOC) reporting framework, in the context of compliance with US American law Sarbanes-Oxley Act (SOX). Regulation Context The Sarbanes-Oxley Act (SOX or Sarbox) is a United States of America federal law. It…

International Cybersecurity Organizations

This post features international cybersecurity organizations. To find European Union cybersecurity organizations, please check this post. List of International Cybersecurity Organizations List of International Cybersecurity Organizations: FIRST FIRST (Forum of Incident Response and Security Teams) is a global association of…

Access Control Models

This post summarizes access control models, as considered in cybersecurity and access control. Acccess Control Concepts Permission refers to the access granted for an object and determine what you can do with it. Right refers to the ability to take…

AAA Network Protocols

This post summarizes Authentication, Authorization and Accountability (AAA) protocols or AAA network protocols. Do not confuse the AAA protocols with the authentication protocols like EAP, CHAP and PAP. Authentication protocols works in the OSI layers 2 and 3, and AAA…