La Estrategia Nacional de Ciberseguridad, establecida por el Poder Ejecutivo Nacional, sienta los principios rectores y desarrolla los objetivos centrales que permitirán fijar las previsiones nacionales...
Day: November 29, 2023
TEST RESULTSON SOME ATTACKS LEVERAGING ROGUE DEVICES SUCH AS POPULAR HACKING AND PEN-TEST TOOLS
Threats Posed by Rogue Devices on Organizations This executive summary provides an overview of the threats of rogue devices, explicitly focusing on popular pen-testing tools such...
Full Steam Ahead: Enhancing Maritime Cybersecurity
Since its inception, the United States has been a maritime nation dependent on its maritime transportation system (MTS) as vessels evolved from manpower-intensive wooden sailing ships...
Future of Memory Safety
Challenges and Recommendations On October 27th, 2022, Consumer Reports hosted an online convening to discuss ways to encourage widespread adoption of code written in memory-safe languages....
GDPR CASE STUDIES
2018 – 2023 The mission of the Data Protection Commission (DPC) is to uphold the consistent application of data protection law through engagement, supervision and enforcement,...
GDPR Compliance Project Initiation Document
The General Data Protection Regulation (GDPR) is one of the most significant pieces of legislation to be created by the European Union (EU) in recent years....
Generative Artificial Intelligence and Data Privacy: A Primer
Since the public release of Open AI’s ChatGPT, Google’s Bard, and other similar systems, some Members of Congress have expressed interest in the risks associated with...
Go Language Guide
Web Application Secure Coding Practice Go Language – Web Application Secure Coding Practices is a guide written for anyone who is using the Go Programming Language...
MITIGACIÓN DE RIESGOS, PREVENCIÓN Y NEUTRALIZACIÓN DE LAS INTRUSIONES
El ransomware, que en su día simplemente era una molesta cepa de malware que utilizaban los ciberdelincuentes para restringir el acceso a archivos y datos a...
Guía de configuración segura para AWS
Guía de seguridad de las TIC CCN-STIC 887A El contenido de esta guía muestra el despliegue y configuración para cargas de trabajo en la nube pública...
Guía de iniciación en la Seguridad aplicada al DevOps
Tradicionalmente, la creación de nuevos sistemas en el ámbito de las tecnologías de la información hainvolucrado a perfiles con necesidades y objetivos muy diferentes. Por un...
CHARTE D’UTILISATION DES MOYENS INFORMATIQUES ET DES OUTILS NUMÉRIQUES
L’élaboration d’une charte d’utilisation des moyens informatiques et sa mise à disposition auprès des utilisateurs figurent parmi les bonnes pratiques à mettre en œuvre dans toute...
GUIDE ON SECURITY CONTROLS IN OT SYSTEMS
Undoubtedly, information and communication technologies (ICTs) today support the vast majority of services provided worldwide. There are still very few essential human services that do not...
A 10 step guide to implementing an ISO 27001 Information Security Management System (ISMS)
The ISO27001 standard is recognized worldwide as one of the foremost information security frameworks. Adopted by organizations small and large across a wide variety of industries,...
GUIDELINES FOR DIGITAL FORENSICS FIRST RESPONDERS
Best practices for search and seizure of electronic and digital evidence In pursuit of providing guidance and support to law enforcement agencies across the globe, the...
Guidelines for Secure Application Design, Development, Implementation & Operations
One of the key reason for vulnerabilities in the applications are lack of secure design, development, implementation, and operations. Relying solely on post-development audits for security...
Hacking with Go
This is my attempt at filling the gap in Go security tooling. When starting to learn Go, I learned from a lot of tutorials but I...
How Adopting A Zero Trust Architecture Can Help Protect Against Digital Supply Chain Management Attacks
Supply Chain Attack is “A cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain.”Supply Chain attacks can occur across...
How to Analyze Java
Malware – A Case Study of STRRAT STRRAT is a Java-based malware that executes multiple commands transmitted by the C2 server. The JAR file was obfuscated...
How Top CISOs Are Transforming Third-Party Risk Management
The consensus in the ESAF community of CISOs is that traditional third-party risk management in information security is ineffective. Traditional methods, centered around self-assessment questionnaires and...
Code of Best Practices of Corporate Governance
Since its first edition in 1999, the IBGC’s Code of Best Practices of Corporate Governance has been an important consultation and reference tool for organizations of...
Threat landscape for industrial automation systems
Statistics for H1 2023 The report presents the findings of the analysis of statistical data obtained using the Kaspersky Security Network (KSN) distributed antivirus network. The...