Sistema de blogs Diarium
Universidad de Salamanca
Pablo Gallardo's Blog
My professional web log about IT, Cybersecurity & Project Management
 
Tag Archives | security

Compliance Management Solutions

Compliance management solutions provide templates, assessment tools and other functionalities to help an organization to meet compliance with some of the most popular standards. This post lists some Compliance Management Solutions.   Popular Compliance Standards List of some popular compliance standards: Payment Card Industry Data Security Standard (PCI DSS) International Standard Organizations (ISO) Standards, like […]

Comments { 0 }

List of IT Risk Analysis Methodologies

This post summarizes some relevant IT risk analysis methodologies.   IT risk analysis methodologies List of IT risk analysis methodologies: Magerit Mehari NIST 800-30 Microsoft’s Security Management Guide   Majerit Majerit, sometimes written as MAJERIT, is issued and managed by institutions related to the Goverment of Spain You can find a complete post about Magerit on […]

Comments { 0 }

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes. PCI DSS applies for: Online payments Point-of-Sales etc. SAQ = Self-Assessment Questionnaire  PCI DSS establish different types of SAQs, depending on security level. SAQ-A SAQ-B Etc. Qualified Security Assessor […]

Comments { 0 }

Cybersecurity Conventions in Spain

This post lists some cybersecurity conventions or events that are celebrated in Spain. List of Cybersecurity Conventions in Spain Cybersecurity Conventions in Spain, in order of recurrency: RootedCON JNIC Securmática Navaja negra STIC CCN-CERT Conferences RootedCON https://www.rootedcon.com/ Madrid, Spain. Yearly in March. It is probably the biggest cybersecurity event in Spain. JNIC https://www.incibe.es/red-excelencia-idi-ciberseguridad/jnic JNIC (Jornadas […]

Comments { 0 }

International Cybersecurity Conventions

List of International Cybersecurity Conventions List of International Cybersecurity Events: DEF CON (ISC)2 Security Congress RSA Conference   RSA Conference (RSAC) USA https://www.rsaconference.com Yearly in June. 4 days. At San Francisco, California, USA. The name of RSA Conference stands from the popular encryption algorithm RSA (Rivest-Shamir-Adleman), though it covers many cybersecurity topics apart from encryption. RSA […]

Comments { 0 }

Enterprise IT Security Architecture Framework

List of Enterprise IT Security Architecture Frameworks The most popular are: Zachman Framework SABSA TOGAF COBIT Alternative architectures are: AGATE Integrated Architecture Framwork of Capgemini IDABC MIKI 2.0 SAFF MDA NIH Enterprise Architecture Framework OBASHI Open Security Architecture SOMF MODAF DoDAF FEA Zachman Framework https://www.zachman.com/about-the-zachman-framework/ SABSA https://sabsa.org/ SABSA stands for Sherwood Applied Business Security Architecture. […]

Comments { 0 }

Endpoint Security

An endpoint, in the context of a computer network, is a remote computing device that communicates back and forth with a network to which it is connected. Examples of endpoints are desktop computers and smartphones. In the context of an organization, term “endpoint” is used to differenciate these devices mostly from servers, firewalls and other network […]

Comments { 0 }

List of Application Security Testing (AST) Solutions

Application Security Testing (AST) is the process of checking an application in order to identify potencial vulnerabilities and set points for security improvements. Types of AST: Static AST (SAST) Dynamic AST (DAST) Interactive AST (IAST)   List of Application Security Testing (AST) Solutions AST Solutions: SonarQube CheckPoint SonarQube https://www.sonarqube.org/ OpenSource platform Checkmarx SAST https://checkmarx.com/product/cxsast-source-code-scanning/ Developed […]

Comments { 0 }

DLL Side-loading Attack

This post explains what is a DLL side-loading attack in the context of IT security.   What is a DLL Side-loading Attack? A Dynamic Linked Library (DLL) is a file that is used on Windows systems to group functions. By using DLLs, common functionality can be isolated and re-usability is enabled. As DLL are particular […]

Comments { 0 }

ISO/IEC 27001 Lead Implementer Certifications

ISO/IEC 27001 is an international standard to implement an ISMS in an organizations. Professionals that want to get the knowledge to implement ISO/IEC 27001  and be able to prove it to third parties may look for a certification on this subject.This post lists some popular ISO/IEC 27001 Lead Implement Certifications. IAF (International Accreditation Forum) issued […]

Comments { 0 }
Política de privacidad
Studii Salmantini. Campus de excelencia internacional