by Alexander | 17 February 2025
DevSecOps (Development, Security, and Operations) is an approach that integrates security at the beginning of the software development cycle, rather than adding it at the end. It aims to automate security controls and integrate secure practices throughout the development, testing, deployment and operations process.
The aim of DevSecOps is to detect and correct vulnerabilities as early as possible, by adopting a collaborative approach between developers, security teams and IT operations.
by Alexander | 3 June 2025
Data Loss Prevention (DLP) is a cybersecurity strategy designed to detect, monitor and prevent the leakage, loss or unauthorised use of sensitive data. It is based on policies, processes and technologies designed to protect critical information, whether it is stored, in transit or in use.
by Alexander | 13 February 2025
Personal data refers to any information relating to an identified or identifiable natural person.
A person is considered identifiable if he or she can be recognised directly (surname, first name) or indirectly (IP address, telephone number, fingerprint, etc.) from a combination of data.
by Alexander | 14 February 2025
Sensitive data is a special category of personal data. It is data which, if disclosed, could cause harm to an individual or an organisation. It is...
by Alexander | 3 June 2025
Double extortion is a technique used in ransomware attacks, where cybercriminals combine two forms of blackmail to put pressure on the victim:
Data encryption: as in a classic ransomware attack, the victim's files are encrypted, making it impossible to access them without a decryption key that the attackers promise to provide in exchange for a ransom.
Theft and threat of disclosure: before or during encryption, attackers exfiltrate (steal) sensitive data. They then threaten to publish it on the Internet (or sell it) if the victim does not pay the ransom - even if the victim can restore the data via backups.
