Home / Segmented / Audit and consulting

Audit and consulting

This section provides content of interest to professionals who understand and audit legal and regulatory compliance in cybersecurity, risk management, internal policies management and compliance, or are responsible for internal training in cybersecurity.

Internet users

Web tracking of the Internet users

Posted on 12/01/2015, by Antonio López (INCIBE)
Nowadays, data obtained through the identification and tracking of Internet users have a great value to achieve different objectives. Online sales, advertising campaigns, social studies and personal tracking are some of the motivations behind the information extracted by web tracking techniques. the web tracking. This article will discuss about these techniques.
Logjam

Logjam and other vulnerabilities in Spanish domains

Posted on 08/11/2015, by Santiago González (INCIBE)
After the discovery of several vulnerabilities associated related to the SSL/TLS protocol in 2014 and the first trimester of 2015, in the middle of last May “Logjam”, was disclosed, a new vulnerability that affects the security of Internet communications. Let's analyze its impact in Spanish domains
What is a correlation? And data analysis tools

What is a correlation? And data analysis tools

Posted on 07/09/2015, by Héctor R. Suárez (INCIBE)
When information of a dataset are analysed, whose origin or “feed” may be a database, information of raw files, logs, spreadsheet data, etc. one of the most powerful tools for drawing conclusions is to carry out correlations. In the post “The importance of language, binary diffing and other “One Day” stories”, we highlighted that the term “correlation” has begun to be heard frequently. However,...
Candado amarillo

The importance of system hardening

Posted on 05/18/2015, by Lorenzo Martínez Rodríguez
Complaining is part of human nature. When it rains, why is it raining? When it is hot, why is it hot? When Real Madrid wins, why does Barcelona not lose, and vice-versa? The issue is that we complain. However, we do not always think what we can do to change or improve the causes of our complaints. Of course, not everything is under our control or in our hands, but we can do a lot, beginning...
Study of the security in cloud storage services

Study of the security in cloud storage services: Analysis of Dropbox and Mega

Posted on 01/27/2015, by Jesús Díaz (INCIBE)
Cloud storage services are receiving increasing popularity. But, how to choose among al the available alternatives? In this study, the main factors affecting security are described, creating a common framework for their analysis. Subsequently, these principles are applied for analyzing two of the main current solutions: Dropbox and Mega.
Abuse of DNS

Use and Abuse of DNS

Posted on 10/02/2014, by Antonio López (INCIBE)
DNS is a protocol present in almost all network communications and therefore very attractive as a tool of attack and / or distribute malicious software such as viruses, botnets and malware. In this article some both offensive and defensive strategies based on the use of DNS are briefly outlined.

Pages