What is the relation between change management, patch management and configuration management?
How are:
change management
patch management
configuration management
related to each other and what is the security team’s role in them?
Category Archives: terminology
French translation of technical words [closed]
While writing a memoir on Network Security I’ve encountered the following expressions:
pervasive mechanism
trusted functionality
event detection
security label
The online translation provided is apparently completely wrong.
Can someone h… Continue reading French translation of technical words [closed]
What are symmetric and asymmetric encryption and what would be a good example from daily life? [duplicate]
I understand that to "encrypt" something means to "code" it, to make it understandable for two parties, giver and receiver and generally only for them, but I don’t know what it means when this is being done symmetricall… Continue reading What are symmetric and asymmetric encryption and what would be a good example from daily life? [duplicate]
Is it that a pair of a locking device and an opening device is asymmetric, and a single device which can both lock and open is symmetric? [closed]
I understand that a pair of a locking device and an opening device is asymmetric, and a single device which can both lock and open is symmetric.
Is that correct?
What is dynamic code analysis? Is it the same as DAST?
I’m confused a bit between the terms. What I know is that there is SAST and DAST. SAST is scanning code statically for possible vulnerabilities, equivalent to static code analysis. This is usually done with automated tools. And there is DA… Continue reading What is dynamic code analysis? Is it the same as DAST?
MITRE ATT&CK framework concept doubts between tactics
I am studying the MITRE ATT&CK framework and I am confused with the following tactics: Reconnaissance, Discovery, and Resource Development.
What are the differences between these 3 tactics? According to the study material:
Reconnaissa… Continue reading MITRE ATT&CK framework concept doubts between tactics
MITRE ATT&CK framework concept doubts between tactics
I am studying the MITRE ATT&CK framework and I am confused with the following tactics: Reconnaissance, Discovery, and Resource Development.
What are the differences between these 3 tactics? According to the study material:
Reconnaissa… Continue reading MITRE ATT&CK framework concept doubts between tactics
Difference between SASE and SSE? [closed]
Could anyone provide a bird’s eye view of these two industry defining terms?
SASE stands for Secure Access Service Edge
SSE stands for Security Service Edge
I read this article which attempts to identify the difference but I didn’t underst… Continue reading Difference between SASE and SSE? [closed]
What is it called when you only use a user account for a specific task in your OS?
I’ve noticed that people don’t use a user account for a specific task;
I keep thinking the concept is called a "service account"
But it causes a lot of issues surrounding security; for instance one should not use their general ad… Continue reading What is it called when you only use a user account for a specific task in your OS?
How does NIST or any other standard define Digital Security? [closed]
How does NIST (or any other formal/widely respected body like NIST) define Digital Security?
I just need a formal definition to put in slides. If I paste a definition from the internet, my boss will say, which standard says so? So I need a… Continue reading How does NIST or any other standard define Digital Security? [closed]