Common Criteria Recognition Arrangement is an international agreement for mutual recognition of IT security certificates issued on the basis of the Common Criteria (CC). Signatory states recognize certificates of products and Protection Profiles issued by different national certification bodies. A distinction is made between Certificate Producer and Certificate Consumer among the participating states of the … Read more
Security Assurance Methodology is a framework developed by the 3rd Generation Partnership Project (3GPP) to assure and evaluate the security of network products used in the mobile communications sector. An important partner in the development and implementation of the framework is the GSM Association (GSMA). SECAM provides general, testable security requirements and security properties for … Read more
Increasing digitization is raising the demands on IT security. However, incomplete digitization of processes in terms of security means that the ever-increasing threats directly impact information security and processes in companies. However, with solid security awareness combined with secure automated processes and solutions, companies can build their security from the inside. In this way, dangers … Read more
A network domain is an administratively delimited network area that can be used to logically map the organizational structures of a company. Security policies, user rights, and user roles are managed centrally via a domain controller. A user logs on to a domain via the domain controller. Domains have unique names and are structured hierarchically. … Read more
In today’s digital age, information security has become paramount for businesses and organizations worldwide. With the increasing frequency and sophistication of cyber threats, safeguarding sensitive data and ensuring the confidentiality, integrity, and availability of information has become a top priority. This is where ISO 27002 comes into play. ISO 27002, also known as ISO/IEC 27002:2013, … Read more
In the computer environment, the user name enables logging into a protected area of a computer, a service, a website, or a program. As a rule, the user name is used in combination with a password to authenticate oneself against the protected area. A username serves as an essential identifier for individuals or entities accessing … Read more
BSI Standard 200-1, along with Standards 200-2 and 200-3, is an elementary component of the BSI’s IT-Grundschutz methodology. It defines the general requirements for information security management systems (ISMS – information security management systems) and is compatible with ISO standard 27001. The aim of the BSI standard is to make the business processes of companies … Read more
A DDoS attack attempts to cause the unavailability of Internet service through a deliberately induced overload. Usually, botnets consisting of a multitude of individual systems are used for the attack. The target of the attack can be servers or other network components. DDoS attacks have become increasingly common in today’s digital landscape, posing significant threats … Read more
In a penetration test, IT systems or networks are subjected to a comprehensive examination designed to determine their susceptibility to attack. A pentest uses methods and techniques that real attackers or hackers use. In today’s digital landscape, where cyber threats are on the rise, organizations need to be proactive in identifying vulnerabilities in their systems … Read more
To detect and defend against cyberattacks earlier, you need to understand the attackers’ objectives and approach and build defenses accordingly. The Lockheed Martin Cyber Kill Chain is a multi-step model for analyzing attacks and building defenses along with the attack steps. Cyber attacks have become increasingly sophisticated and prevalent. Understanding the methods employed by attackers … Read more
Air Gap is a security concept that meets the highest security requirements. It describes the complete physical and logical isolation of computers from each other and from networks. Information exchange between systems is possible, for example, via transportable storage media. Methods such as side-channel attacks exist to overcome an air gap. What is Air Gap? … Read more
The Point-to-Point Tunneling Protocol (PPTP) can be used to implement virtual private networks over IP-based networks such as the Internet. It is an extension of the Point-to-Point Protocol and is implemented in many operating systems. Due to known vulnerabilities, PPTP is no longer considered secure today. Secure communication plays a vital role in safeguarding our … Read more
Security by Design is a design concept applied in hardware and software development. The security of hardware or software is already considered in the development process and integrated into the complete life cycle of a product. Design criteria include, for example, minimizing the attack surface, using encryption and authentication, and isolating security-relevant areas. Security is … Read more
Common Vulnerabilities and Exposures (CVE) is a standardized list of vulnerabilities and security risks of computer systems. Thanks to the unique naming, the exchange of data about vulnerabilities and security risks is simplified. Sequential numbers uniquely identify the various entries. In the ever-evolving landscape of cybersecurity, vulnerabilities pose a significant threat to the integrity and … Read more
IT governance is an essential part of corporate governance and is the responsibility of management. IT governance is used to ensure that IT optimally supports corporate goals and corporate strategy. Information technology (IT) plays a crucial role in the success and efficiency of businesses. However, the increasing reliance on technology also brings forth various challenges … Read more
A public key infrastructure (PKI) is a security infrastructure that provides services for the secure exchange of data between communication partners. With the help of the PKI, certificates and the affiliation of public keys can be verified. What is PKI? PKI stands for Public Key Infrastructure. It is a framework of technologies, policies, and procedures … Read more
The Certified Information Systems Security Professional (CISSP) certification provides IT professionals with evidence of comprehensive knowledge in the area of IT security. The certification was developed by the Information Systems Security Certification Consortium (ISC)². To obtain the certification, theoretical knowledge and practical experience must be demonstrated. Cybersecurity plays a critical role in safeguarding sensitive information … Read more
With the help of a command-and-control server, botmasters control the infected computers of a botnet. Commands can be sent to individual or all computers, for example, to launch distributed denial of service (DDoS) attacks. Receiving data from the botnet computers and other activities are also possible. The number and structure of networking of C&C servers … Read more
Businesses face an ever-growing number of sophisticated cyber threats that can compromise their sensitive data, disrupt operations, and damage their reputation. To combat these threats, organizations require advanced security solutions that go beyond traditional approaches. One such solution gaining prominence is Extended Detection and Response (XDR). In this article, we will explore the concept of … Read more
Threats are everywhere in today’s world. From cyberattacks to natural disasters, organizations and individuals face a wide range of risks that can disrupt operations, cause financial loss, or harm people’s well-being. In order to effectively protect themselves, it is crucial to have a clear understanding of potential threats and develop strategies to mitigate them. This … Read more