Following our last topic, risk analysis, in this new post I would like to remark there are different risk analysis metodologies, but finally all of them are tools which give us the way to do a revision of our situation, with the objective of reduce our residual risk with the use of controls in an efficient way. Normally is difficult to justify the investment of money in Cybersecurity. Using a risk analysis metodology, we can justify in an easier way our CAPEX because these metodologies could be a part of a business case (we can calculate our asset value and also possible impact and risk).Read More →

Risk Analysis is one of the first steps to do when we want to create: An ISMS (Information Security Management System) An BCMS (Business Continuity Management System) An BIA (Business Impact Analysis) A PIA (Private Impact Analysis) A Project Etc. In the moment of doing a risk analysis, we are in the first step of a PDCA process (Plan – do – check – act, also called Deming circle) so it is very important to do a good analysis. All the other processes depends on our first analysis. I created 2 presentations about Risk Analysis & Risk Management; this is the first of these 2 documents.Read More →

One of the procedural measures that have been introduced by Organic Law 13/2015, of October 5 (Spain), amending the Criminal Procedure Law for strengthening procedural safeguards and regulating technological research measures allows the Judicial Police The recording and recording of oral communications through the use of electronic devices and the use of technical devices for image capture, tracking and localization. The Judicial Police has all these technical tools: Tracking Devices Localization devices Image Capture Devices Voice Communication Intercept Devices Interception devices for telematic communications (eg, the possibility of identifying the IP, IMEI, device, etc.) Registration of Mass Storage Information Devices Remote logs on computer equipmentRead More →

In the last years we are reading more and more news about massive (millions) breach of passwords in web services as communities, emails services, cloud services and others. Hackers simply are obtaining money stealing passwords and selling or misusing them. This presentation is focus on how to protect our accounts and with this also keep sure our digital identity, our image and also our money safe from hackers businesses. You can see my presentation here:    Read More →

During 2017 we will suffer ‘old’ threats like ransomware, cyber espionage and ‘hacktivist’ exposing privacy issues but in addition to known them, our threats list will upgrade so much adding new concepts like machine learning accelerates social engineering attacks or cloud computing providers infection. The list is a very long, so a big effort (time, money, people) is needed to mitigate all these risks. After reading more than 10 different reports about Cyber Security Threats 2017 published in Internet I did my own version. I hope you like it. You can see my presentation here: Cyber security threats for 2017 from Ramiro Cid  Read More →

Every year, the challenge of protecting our IT assets from growing threats and cyber attacks is growing. Once some malicious application is in our network and later can quickly move with traffic and produce a big impact in our the network. These attacks can be devastating. I created a presentation where I explain in details this topic, you can see my presentation here (in Spanish): ¿Cuáles son los peligros a los que se enfrenta su sistema informático? from Ramiro CidRead More →