Home / Segmented / Audit and consulting

Audit and consulting

This section provides content of interest to professionals who understand and audit legal and regulatory compliance in cybersecurity, risk management, internal policies management and compliance, or are responsible for internal training in cybersecurity.

technologies shaping the electricity grid of the future

Technologies shaping the electricity grid of the future

Posted on 04/29/2021, by INCIBE
In recent years we have witnessed the evolution of the electrical grid and the development of new technologies produce what we know today as the smart grid. This evolution continues to this day and the trend seems to point to greater interconnection between end consumers and the grid, which increases possible attack vectors. Over the course of this article, we shall see the security measures that will be used in the electrical grid of the future.
Tags: 
Best practices
Continuity
Critical infrastructures
Data protection
Industrial protocol
IoT
SCADA
Smart Grid
Threat intelligence
Threats
Wireless
DrDoS: characteristics and operation

DrDoS: characteristics and operation

Posted on 04/22/2021, by INCIBE
This article reviews the origin and development of the best-known types of denial-of-service attacks, placing special emphasis on Reflected Distributed Denial of Service attacks, analysing their main characteristics, operation, and consequences, as well as the measures necessary to mount a good defence against them.
Tags: 
Bastioning procedures
Botnet
Continuity
Critical infrastructures
Cybercrime
Data protection
DrDoS
Incident
IoT
Networking
Threats
Threat analysis studies image

Threat analysis studies: Mekotio, FluBot, Cring and WannaMine

Posted on 04/15/2021, by INCIBE
Various studies with threat analysis or malware distribution campaigns affecting Spain and identified through incident management undertaken by INCIBE-CERT. The aim is to increase knowledge of the more technical details and characteristics of the threats so that organisations can implement appropriate detection and protection measures.
Tags: 
Android
Antiforensic
Antivirus
Botnet
Cryptography
Cybercrime
DFIR
Forensics
Incident
Linux
Malware
Networking
Pentesting
Phishing
Reversing
Safe development
Social engineering
Studies & stats
Threat intelligence
Threats
Vulnerability
Windows
secure remote access in ICS

Secure remote access in ICS

Posted on 03/04/2021, by INCIBE
With the arrival of industry 4.0 to companies’ productive processes, including IIoT and Cloud, the need to control and monitor the ICS that remotely make them up arises. However, said access points should be established securely and in a controlled manner, mainly due to the criticality of these assets. This article discusses good practices, tools and methods that can be used to establish remote connections to OT networks as securely as possible.
Tags: 
Best practices
Cloud computing
Critical infrastructures
Data protection
Firewall
Identity management
IIoT
Industrial Control System
Services deployment
Virtualization
Wireless
dangers of drones in industrial settings

Dangers of drones in industrial settings

Posted on 01/21/2021, by INCIBE
The attacks on the Saudi Aramco oil refinery have highlighted the vulnerabilities of these plants against physical attacks using drones. There’s a wide variety of physical and cyber attacks that use drones, from launching explosives, to capturing images, invasion of privacy or taking screenshots of Wi-Fi traffic, so companies should take new defense measures in order to protect their assets
Tags: 
Critical infrastructures
Incident
Industrial Control System
IoT
Legal compliance
Threats

Pages