Home / Segmented / Audit and consulting

Audit and consulting

This section provides content of interest to professionals who understand and audit legal and regulatory compliance in cybersecurity, risk management, internal policies management and compliance, or are responsible for internal training in cybersecurity.

Candado amarillo

The importance of system hardening

Posted on 05/18/2015, by Lorenzo Martínez Rodríguez
Complaining is part of human nature. When it rains, why is it raining? When it is hot, why is it hot? When Real Madrid wins, why does Barcelona not lose, and vice-versa? The issue is that we complain. However, we do not always think what we can do to change or improve the causes of our complaints. Of course, not everything is under our control or in our hands, but we can do a lot, beginning...
Study of the security in cloud storage services

Study of the security in cloud storage services: Analysis of Dropbox and Mega

Posted on 01/27/2015, by Jesús Díaz (INCIBE)
Cloud storage services are receiving increasing popularity. But, how to choose among al the available alternatives? In this study, the main factors affecting security are described, creating a common framework for their analysis. Subsequently, these principles are applied for analyzing two of the main current solutions: Dropbox and Mega.
Abuse of DNS

Use and Abuse of DNS

Posted on 10/02/2014, by Antonio López (INCIBE)
DNS is a protocol present in almost all network communications and therefore very attractive as a tool of attack and / or distribute malicious software such as viruses, botnets and malware. In this article some both offensive and defensive strategies based on the use of DNS are briefly outlined.

Pages