This article explains what log auditing is, why a unified audit platform is essential for compliance and security operations, outlines its core goals, main functions such as unified collection, correlation analysis, real‑time alerts, forensic reporting, and describes typical deployment architectures and modules.
This article details a compliance‑driven solution that records, replays, and merges user interaction videos across multiple insurance web pages by leveraging rrweb for event capture, Puppeteer for automated playback, and FFmpeg for video stitching, while addressing performance, storage, and privacy challenges.
This guide provides system administrators with a step‑by‑step checklist to audit and harden Linux operating systems, covering account management, password policies, service restrictions, filesystem permissions, logging configuration, and practical command examples for comprehensive security compliance.
The article explains how DevSecOps extends DevOps by embedding security controls throughout the software lifecycle, outlines its key components, adoption steps, essential tools, implementation capabilities, and the business benefits of merging security with development and operations.
The article explains how data security diagrams map which participants can access specific enterprise data, discusses best practices such as using focused participant‑centric or external‑access diagrams, presents example tables and UML/BPMN and Archimate visualizations, and highlights their role in compliance and trust management.
This article introduces an open‑source security compliance auditing platform built with Django, MongoDB and Redis, detailing its architecture, data synchronization methods, configurable audit strategies, asset inventory, policy configuration, task scheduling, and provides deployment instructions and sample API usage for automating compliance checks across applications, databases and operating systems.
This guide explains what technical risk is, why it matters, and provides a step‑by‑step methodology for assessing, mitigating, and managing technology‑related risks—including lifecycle, compliance, and complexity considerations—to improve cost efficiency, agility, and security across the enterprise.
Docker’s updated service terms clarify that while its commercial services are subject to U.S. export controls and cannot be used in embargoed countries, the open‑source Docker engine itself remains unrestricted, and the article explains the legal background, relevant regulations, and industry impact.
The article outlines enterprise data‑security risks and regulatory demands, reviews symmetric, asymmetric and hash techniques, highlights cloud‑encryption and key‑management challenges, and presents Tencent Cloud’s comprehensive solutions—including KMS, BYOK, white‑box keys, virtual HSMs, and integrated database encryption—to protect data throughout its lifecycle.
A Cloud Access Security Broker (CASB) sits between cloud service consumers and providers to enforce security, compliance, and governance policies, offering visibility, data protection, threat detection, and control over shadow IT, with various deployment modes and integration options for modern cloud environments.
The Zhengda Hospital HIS database outage, caused by unauthorized scripts and poor permission controls, sparked a detailed discussion on how to prevent reckless production testing, enforce proper authorization, design efficient yet secure workflows, improve outsourcing oversight, and build robust emergency and compliance practices.
This article explains why enterprises need information security, outlines the core security requirements such as data protection and business continuity, and presents a phased ISO 27001‑based roadmap—including short‑term, medium‑term goals, management policies, network segmentation, third‑party compliance, and budgeting—to establish a comprehensive security architecture.
China’s mandatory Cybersecurity Graded Protection System 2.0, effective Dec 1 2019, classifies information systems into five security levels, imposes legally enforceable technical and management controls—including encryption, trusted computing, and cloud requirements—and outlines a five‑step assessment, registration, remediation, and supervision process for enterprises to achieve compliance quickly.
GitHub detailed its response to US trade sanctions, outlining how its services—including GitHub.com and GitHub Enterprise Server—are subject to export regulations, what restrictions apply to users in sanctioned regions, and how developers can navigate compliance and appeal processes.
The article explains China’s Network Security Level Protection 2.0 standard, its differences from 1.0, and provides practical guidance for internet companies on key compliance areas such as identity authentication, access control, security auditing, dynamic monitoring, and cloud security to strengthen overall cyber defenses.
This article chronicles the origins, standardization process, historical milestones, learning resources, and conformance challenges of SQL standards, highlighting key ISO/IEC versions, the roles of major vendors, and the growing complexity of the language over more than three decades.
The article examines recent U.S. export control measures targeting Huawei, their ripple effects on global chip and software suppliers, and the newly updated GitHub user agreement that subjects hosted code to U.S. export regulations, raising concerns about the safety and accessibility of open‑source projects for developers worldwide.
This article explains how large enterprises such as BAT and banks implement strict auditing and supervision of operational privileges, using personal accounts, command logging, OSSEC monitoring, firewall limits, and cross‑team oversight to enforce the principle of least privilege.
This talk outlines Alibaba’s massive global host infrastructure, the evolving security governance from manual controls to data‑driven, automated systems, the challenges of compliance and operational efficiency, and future directions such as zero‑trust and invisible security.
This article summarizes essential DevSecOps concepts from the DevOps Handbook, explaining how to embed security throughout the software lifecycle—from making security a shared responsibility to integrating automated checks in development, testing, deployment pipelines, and change management—while highlighting real‑world examples and practical recommendations.
Oracle announced that after January 2019 Java SE 8 will no longer receive public updates without a commercial license, prompting organizations to assess their Java usage, distinguish between general‑computing‑free and paid scenarios, and evaluate potential licensing costs and migration paths.
The EU’s General Data Protection Regulation, effective May 25, dramatically expands data‑privacy rights, imposes strict obligations on all companies handling EU personal data—including non‑EU firms—introduces hefty fines, and reshapes how the internet industry balances advertising revenue with user protection.
This article examines why many organizations doubt the feasibility of DevOps and continuous delivery, analyzes the root causes behind those doubts, and demonstrates through five detailed case studies how regulated environments, non‑web systems, legacy platforms, and cultural factors can all successfully adopt DevOps practices.
The article outlines Apple’s App Store Review Guidelines across safety, performance, business, design, and legal categories, highlights frequent iPhone client rejections such as metadata errors, preview video ads, IAP icon duplication, and missing UGC reporting, and proposes training, risk reporting, and a knowledge base to prevent future violations.
This article explains how MongoDB’s security features—including access control, authentication, encryption, data discovery, retention policies, zone sharding, backup, monitoring, and audit logging—help organizations meet GDPR requirements while minimizing operational overhead and ensuring data sovereignty.
This article explains GDPR's key principles, the Discover‑Defend‑Detect framework, and concrete database controls such as data identification, retention, pseudonymisation, encryption, access control, disaster recovery, and audit logging needed to achieve compliance.
