Home / Blog / Filter / Blog
Subscribe to INCIBE-CERT - Blog RSS

Blog

Specialized blog with informative contents destined to a public with marked technical profile, in order to improve knowledge and create a culture about the security in Internet.
Post related to: Best practices
IMC ANTICIPATING

ANTICIPATING: one of the four goals of cyberresilience

Posted on 06/11/2020, by INCIBE
Anticipating is one of the four aims of cyberresilience. It consists of maintaining a state of informed readiness, in order to prevent essential services from being compromised in the event of a cyberattack. To measure the objectives of this aim, its three functional domains are analysed: cybersecurity policies, risk management and cybersecurity training.
Tags: 
Best practices
Critical infrastructures
Policies
Studies & stats
Preventing the leaking of information in ICS

Preventing the leaking of information in ICS

Posted on 05/28/2020, by INCIBE
Exfiltration of data, or information leakage, poses a threat to all companies throughout the world. It is important to know the possible ways information can get out to control them and avoid a loss of information in our organisation. Since in industry the most important factor is availability, this threat has to be put into perspective.
Tags: 
Bastioning procedures
Best practices
Continuity
Data protection
Incident
Industrial Control System
Cyber-resilience

Cyber-resilience: the key to overcoming incidents

Posted on 05/14/2020, by INCIBE
The goal of cyber-resilience for an organization, whether or not it belongs to a strategic sector, whether or not it provides one of these digital services, is to maintain its primary purpose and integrity in the face of a cybersecurity threat or attack to an ideal level. Continuous detection processes must be established given that total prevention will never be guaranteed.
Tags: 
Best practices
Industrial Control System
Policies
Studies & stats
Busybox

Attacking a BusyBox, the small Gaulish village

Posted on 09/05/2019, by INCIBE
A BusyBox is software or a program that combines several functionalities in a small executable. This small tool was created for use in integrated operating systems with very limited resources, and they are usually used in control systems. But, as in all tools, you have to know what security level they have and if it can be improved.
Tags: 
Bastioning procedures
Best practices
Embedded systems
Industrial Control System
Linux
CVSS3.1

Measuring the severity of vulnerabilities: changes in CVSS 3.1

Posted on 08/01/2019, by Hugo Rodríguez Santos (INCIBE)
The open and most-widely-used framework for communication and vulnerability scoring, the CVSS (Common Vulnerability Scoring System), has been updated, incorporating improvements in its new version 3.1 with respect to the previous one. This standard assesses the severity of computer systems vulnerabilities and assigns them a score of 0 to 10.
Tags: 
Best practices
Pentesting
Policies
Threats
Vulnerability
active defense

Active defence and intelligence: from theory to practice

Posted on 08/02/2018, by INCIBE
The concept of defence in industrial environments is changing. Just as the attacks are increasingly more sophisticated, the protection systems tend to be more flexible and more evolved. Being able to strengthen the upper levels, such as active defence and intelligence, is essential, whilst always maintaining a solid base of the lower levels (passive defence and secure architecture).
Tags: 
Best practices
Industrial Control System
Problems in the industry

Mitigating availability problems in the industry

Posted on 07/19/2018, by INCIBE
Given that availability is always a critical point to take into account for within industrial environments, it is necessary to prevent the attacks that denial of services cause and that affect these environments. The means of giving way to a denial of service can be diverse, much like the means of mitigating these problems. This article will review all of these points, as well as the way in which the risks derived from these attacks can be reduced.
Tags: 
Best practices
Botnet
Incident
Industrial Control System
Industrial protocol
Threats
Vulnerability

Pages