Security Compliance

16 articles available

How-to guides for security compliance, risk management, and security architecture with interactive planning tools

How to Assess and Score Supply Chain Risk

intermediate

Assess cybersecurity supply chain risk using NIST SP 800-161 controls and vendor scoring. Build vendor inventories, calculate portfolio risk, and prioritize remediation.

10 minUpdated 2026-01-27
Read Article

How to Build a STRIDE Threat Model for Application Security

intermediate

Learn to build STRIDE threat models with DREAD scoring for application security risk assessment. Step-by-step guide with examples and prioritization.

12 minUpdated 2026-01-27
Read Article

How to Build and Test Firewall Rules

intermediate

Design firewall rulesets using least privilege, test rule logic before deployment, and manage ongoing rule reviews for PCI-DSS compliance.

10 minUpdated 2026-01-27
Read Article

How to Choose a Disaster Recovery Site Strategy

intermediate

Compare hot, warm, cold, and cloud DR sites with RTO/RPO alignment, total cost of ownership analysis, and DR testing strategies.

10 minUpdated 2026-01-27
Read Article

How to Choose a Media Sanitization Method Using NIST 800-88

beginner

Select the right Clear, Purge, or Destroy sanitization method per NIST SP 800-88 for HDD, SSD, tape, and optical media. Includes verification and compliance guidance.

8 minUpdated 2026-01-27
Read Article

How to Conduct a Quantitative Risk Analysis with SLE and ALE

intermediate

Calculate Single Loss Expectancy and Annualized Loss Expectancy for risk-based security decisions. Step-by-step formulas, worked examples, and ROI analysis.

10 minUpdated 2026-01-27
Read Article

How to Design a Data Classification Policy

intermediate

Create a data classification policy with government and commercial schemes, handling rules, compliance overlays, and labeling standards for enterprise data protection.

12 minUpdated 2026-01-27
Read Article

How to Design a Wireless Security Architecture

intermediate

Design secure wireless networks with WPA3, 802.1X authentication, network segmentation, rogue AP detection, and wireless IDS/IPS controls.

10 minUpdated 2026-01-27
Read Article

How to Detect Database Inference and Aggregation Attacks

advanced

Detect and prevent database inference and aggregation attacks using query restriction, noise injection, polyinstantiation, and audit techniques.

10 minUpdated 2026-01-27
Read Article

How to Evaluate Biometric System Performance

intermediate

Evaluate biometric authentication using FAR, FRR, and CER metrics to select the right modality and operating threshold for your environment.

8 minUpdated 2026-01-27
Read Article

How to Map GDPR Roles and Set Data Retention Periods

intermediate

Determine GDPR controller and processor roles, map Article 30 records of processing activities, and calculate data retention periods for full GDPR compliance.

10 minUpdated 2026-01-27
Read Article

How to Plan Physical Security Using CPTED Principles

intermediate

Design physical security controls using CPTED principles including security zones, barriers, surveillance, fire suppression, and environmental controls.

10 minUpdated 2026-01-27
Read Article

How to Scope a Penetration Testing Engagement

intermediate

Scope penetration tests with methodology selection, target definition, effort estimation, rules of engagement, and SOW generation guidance.

10 minUpdated 2026-01-27
Read Article

How to Select the Right Security Model for Your Organization

advanced

Compare Bell-LaPadula, Biba, Clark-Wilson, and Brewer-Nash formal security models to find the right fit for your organizational requirements.

12 minUpdated 2026-01-27
Read Article

How to Select a Federated Identity Protocol

intermediate

Compare SAML, OpenID Connect, OAuth 2.0, and Kerberos for enterprise federated identity and SSO implementations with decision criteria.

12 minUpdated 2026-01-27
Read Article

How to Understand Cryptographic Modes and Why ECB Is Insecure

intermediate

Compare ECB, CBC, CTR, and GCM block cipher modes with detailed security analysis and practical selection guidance for FIPS compliance.

10 minUpdated 2026-01-27
Read Article