Cybersecurity Guides

In-depth, citable technical content on the topics that matter most — written by the people who implement security for fintechs, crypto, apps and e-commerces.

Cybersecurity

What cybersecurity is and how to protect your business

Understand what cybersecurity is, the CIA triad, the main threats (ransomware, phishing, social engineering), the NIST CSF 2.0 and how to protect your business.

Read guide
Information Security

Information security: what it is, its pillars and how to apply it

Information security is the set of practices that protect data from unauthorized access, alteration and unavailability. Understand the CIA triad and ISO.

Read guide
Digital Security

Digital security: what it is and how to stay safe online

Digital security protects your accounts, devices and data from scams, viruses and leaks. A complete guide with practical steps, based on CERT.br and the LGPD.

Read guide
Start Free

How to Monitor Your Company's Threats and Leaks for Free

Learn how to monitor your company's data leaks, credentials, and dark web exposure for free with the Decripte Intelligence Center. No card, no technical team.

Read guide
Offensive Security

Pentest: what it is and how a penetration test works

Understand what a pentest is, its types (black/grey/white box), methodologies (OWASP, PTES, NIST), the test phases, the report to expect and how often to run one.

Read guide
API Security

API Security (REST and GraphQL): technical protection guide, OWASP API Top 10 and pentesting

Technical API security guide: OWASP API Top 10 2023, BOLA/IDOR, OAuth2, JWT, mTLS, rate limiting, WAAP and API pentesting for fintechs and apps.

Read guide
Incident Response

How to reduce cyber incident response time

Technical guide to cyber incident response: the NIST cycle, how to reduce MTTR, ANPD deadlines, forensics and when to bring in an external IR team.

Read guide
Ransomware

How to protect your company against ransomware: prevention, response and recovery

Technical guide to protect your company against ransomware: attack chain, prevention with MFA and immutable backup, incident response and ANPD notification.

Read guide
24x7 Detection

SOC and SIEM: what a Security Operations Center is and how 24/7 detection works

Understand what a SOC is, how a SIEM detects threats, the difference between EDR, XDR, NDR and SOAR, and when outsourcing 24/7 monitoring is worth it.

Read guide
Cloud

Cloud Security: How to Protect AWS, Azure and GCP Environments

Technical cloud security guide: shared responsibility model, risks, CSPM, CNAPP, CIEM, containers, least privilege and CIS Benchmarks.

Read guide
Third-Party Risk

TPRM — Third-Party Cybersecurity Risk Management: How to Assess and Monitor Your Vendors

Complete TPRM guide: third-party risk lifecycle, SIG questionnaires, cyber ratings, continuous monitoring, and the ISO 27036 and NIST 800-161 frameworks.

Read guide
Architecture

Zero Trust in practice: how to implement a Zero Trust architecture in your company

Technical guide to implementing Zero Trust in your company without halting operations: NIST SP 800-207 pillars, CISA model, identity, MFA, microsegmentation and PAM.

Read guide
Compliance

LGPD in practice: how to bring your company into compliance with Brazil's data protection law

How to bring your company into LGPD compliance: legal bases, DPO, data mapping, ANPD fines and 3-business-day incident notification. Full technical guide.

Read guide
Awareness

How to protect your company against phishing and social engineering

Technical guide to defend your company from phishing and social engineering: DMARC, FIDO2 MFA, simulations, incident response and AI-driven attacks. Decripte voice.

Read guide
Reference

Cybersecurity Glossary: Precise Definitions of the Most-Searched Terms

Technical cybersecurity glossary with precise, citable definitions of SIEM, EDR, XDR, Zero Trust, Threat Hunting, MITRE ATT&CK, DFIR, and more.

Read guide