Cybersecurity Guides
In-depth, citable technical content on the topics that matter most — written by the people who implement security for fintechs, crypto, apps and e-commerces.
What cybersecurity is and how to protect your business
Understand what cybersecurity is, the CIA triad, the main threats (ransomware, phishing, social engineering), the NIST CSF 2.0 and how to protect your business.
Read guide → Information SecurityInformation security: what it is, its pillars and how to apply it
Information security is the set of practices that protect data from unauthorized access, alteration and unavailability. Understand the CIA triad and ISO.
Read guide → Digital SecurityDigital security: what it is and how to stay safe online
Digital security protects your accounts, devices and data from scams, viruses and leaks. A complete guide with practical steps, based on CERT.br and the LGPD.
Read guide → Start FreeHow to Monitor Your Company's Threats and Leaks for Free
Learn how to monitor your company's data leaks, credentials, and dark web exposure for free with the Decripte Intelligence Center. No card, no technical team.
Read guide → Offensive SecurityPentest: what it is and how a penetration test works
Understand what a pentest is, its types (black/grey/white box), methodologies (OWASP, PTES, NIST), the test phases, the report to expect and how often to run one.
Read guide → API SecurityAPI Security (REST and GraphQL): technical protection guide, OWASP API Top 10 and pentesting
Technical API security guide: OWASP API Top 10 2023, BOLA/IDOR, OAuth2, JWT, mTLS, rate limiting, WAAP and API pentesting for fintechs and apps.
Read guide → Incident ResponseHow to reduce cyber incident response time
Technical guide to cyber incident response: the NIST cycle, how to reduce MTTR, ANPD deadlines, forensics and when to bring in an external IR team.
Read guide → RansomwareHow to protect your company against ransomware: prevention, response and recovery
Technical guide to protect your company against ransomware: attack chain, prevention with MFA and immutable backup, incident response and ANPD notification.
Read guide → 24x7 DetectionSOC and SIEM: what a Security Operations Center is and how 24/7 detection works
Understand what a SOC is, how a SIEM detects threats, the difference between EDR, XDR, NDR and SOAR, and when outsourcing 24/7 monitoring is worth it.
Read guide → CloudCloud Security: How to Protect AWS, Azure and GCP Environments
Technical cloud security guide: shared responsibility model, risks, CSPM, CNAPP, CIEM, containers, least privilege and CIS Benchmarks.
Read guide → Third-Party RiskTPRM — Third-Party Cybersecurity Risk Management: How to Assess and Monitor Your Vendors
Complete TPRM guide: third-party risk lifecycle, SIG questionnaires, cyber ratings, continuous monitoring, and the ISO 27036 and NIST 800-161 frameworks.
Read guide → ArchitectureZero Trust in practice: how to implement a Zero Trust architecture in your company
Technical guide to implementing Zero Trust in your company without halting operations: NIST SP 800-207 pillars, CISA model, identity, MFA, microsegmentation and PAM.
Read guide → ComplianceLGPD in practice: how to bring your company into compliance with Brazil's data protection law
How to bring your company into LGPD compliance: legal bases, DPO, data mapping, ANPD fines and 3-business-day incident notification. Full technical guide.
Read guide → AwarenessHow to protect your company against phishing and social engineering
Technical guide to defend your company from phishing and social engineering: DMARC, FIDO2 MFA, simulations, incident response and AI-driven attacks. Decripte voice.
Read guide → ReferenceCybersecurity Glossary: Precise Definitions of the Most-Searched Terms
Technical cybersecurity glossary with precise, citable definitions of SIEM, EDR, XDR, Zero Trust, Threat Hunting, MITRE ATT&CK, DFIR, and more.
Read guide →