Home / Segmented / Audit and consulting

Audit and consulting

This section provides content of interest to professionals who understand and audit legal and regulatory compliance in cybersecurity, risk management, internal policies management and compliance, or are responsible for internal training in cybersecurity.


Security in the GOOSE protocol

Posted on 08/06/2020, by INCIBE
After the articles “IEC 61850 Standard, all for one and one for all” and “Multicast security in IEC 61850”, it is useful to add more information about the cybersecurity guidelines set out in the IEC 62351 standard with respect to the GOOSE protocol. An explanation will be made of the operation of the protocol, the weaknesses it presents and the appropriate security measures to protect it against possible attackers.

ANTICIPATING: one of the four goals of cyberresilience

Posted on 06/11/2020, by INCIBE
Anticipating is one of the four aims of cyberresilience. It consists of maintaining a state of informed readiness, in order to prevent essential services from being compromised in the event of a cyberattack. To measure the objectives of this aim, its three functional domains are analysed: cybersecurity policies, risk management and cybersecurity training.
Preventing the leaking of information in ICS

Preventing the leaking of information in ICS

Posted on 05/28/2020, by INCIBE
Exfiltration of data, or information leakage, poses a threat to all companies throughout the world. It is important to know the possible ways information can get out to control them and avoid a loss of information in our organisation. Since in industry the most important factor is availability, this threat has to be put into perspective.

Cyber-resilience: the key to overcoming incidents

Posted on 05/14/2020, by INCIBE
The goal of cyber-resilience for an organization, whether or not it belongs to a strategic sector, whether or not it provides one of these digital services, is to maintain its primary purpose and integrity in the face of a cybersecurity threat or attack to an ideal level. Continuous detection processes must be established given that total prevention will never be guaranteed.