Get started
Bring yourself up to speed with our introductory content.
Data Security and Cloud Computing
honeypot (computing)
A honeypot is a network-attached system set up as a decoy to lure cyber attackers and detect, deflect and study hacking attempts to gain unauthorized access to information systems. Continue Reading
spam trap
A spam trap is an email address that is used to identify and monitor spam email. Continue Reading
cracker
A cracker is someone who breaks into someone else's computer system, often on a network; bypasses passwords or licenses in computer programs; or in other ways intentionally breaches computer security. Continue Reading
-
Threat detection and response demands proactive stance
Threats change with passing years, but has your cybersecurity program? Detection and response tools are consolidating, and new methods to prevent alert fatigue are here. Continue Reading
digital signature
A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document. Continue Reading
cybersecurity
Cybersecurity is the protection of internet-connected systems such as hardware, software and data from cyberthreats.Continue Reading
whaling attack (whaling phishing)
A whaling attack, also known as whaling phishing or a whaling phishing attack, is a specific type of phishing attack that targets high-profile employees, such as the CEO or CFO, in order to steal sensitive information from a company.Continue Reading
How to develop a cybersecurity strategy: Step-by-step guide
A cybersecurity strategy isn't meant to be perfect, but it must be proactive, effective, actively supported and evolving. Here are the four steps required to get there.Continue Reading
SolarWinds supply chain attack explained: Need-to-know info
The SolarWinds supply chain breach is the talk of the town -- and will be for months and years to come. Get informed and be part of the conversation with our guide.Continue Reading
The 5 different types of firewalls explained
Read up on the five different firewalls' similarities and differences, the three firewall deployment models and tips for choosing the firewall that best meets your company's needs.Continue Reading
-
backdoor (computing)
A backdoor is a means to access a computer system or encrypted data that bypasses the system's customary security mechanisms.Continue Reading
Cybersecurity career path: 5-step guide to success
Taking the lead from ISSA's framework, here's a guide to how you can map out a long and profitable career in cybersecurity.Continue Reading
Top 10 cybersecurity interview questions and answers
Interviewing for a job in cybersecurity? Memorizing 100-plus security definitions won't cut it. Here are the 10 interview questions you should be ready for -- and how to answer them.Continue Reading
Explore benefits and challenges of cloud penetration testing
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help inform cloud pen test strategies.Continue Reading
post-quantum cryptography
Post-quantum cryptography, also called quantum encryption, is the development of cryptographic systems for classical computers that are able to prevent attacks launched by quantum computers.Continue Reading
10 must-have cybersecurity skills for career success
Looking to advance your cybersecurity career? Here are the skills you'll need to win that CISO job, land a gig as a threat hunter and snag other security positions in high demand.Continue Reading
6 common types of cyber attacks and how to prevent them
To prevail in the battle against cybercrime, companies must understand how they are being attacked. Here are the six most damaging types of cyber attacks and how to prevent them.Continue Reading
Review 6 phases of incident response for GCIH exam prep
'GCIH GIAC Certified Incident Handler All-in-One Exam Guide' takes a deep dive into the six phases of incident response to help security pros with GCIH exam prep and certification.Continue Reading
Preparing for GIAC Certified Incident Handler certification
The author of 'GCIH GIAC Certified Incident Handler All-in-One Exam Guide' shares advice on how to prepare for the exam and why an incident response career can be so rewarding.Continue Reading
Insider threat vs. insider risk: What's the difference?
Identifying, managing and mitigating insider threats is far different than protecting against insider risks. Read up on the difference and types of internal risks here.Continue Reading
Endpoint security quiz: Test your knowledge
Test your knowledge of SASE, split tunneling, and device discovery tool capabilities and best practices in this endpoint security quiz for IT professionals.Continue Reading
Quiz: Web application security threats and vulnerabilities
Applications are still the biggest attack vector for malicious actors -- can you protect them? Test your knowledge with this web application security quiz.Continue Reading
Top 10 cybersecurity online courses for 2021
Our panel of leading experts picked the best free and paid online cybersecurity courses for working professionals advancing their careers and newbies breaking into the field.Continue Reading
cybercrime
Cybercrime is any criminal activity that involves a computer, networked device or a network.Continue Reading
CVSS (Common Vulnerability Scoring System)
The Common Vulnerability Scoring System (CVSS) is a public framework for rating the severity of security vulnerabilities in software.Continue Reading
5 essential programming languages for cybersecurity pros
Coding is an important skill across almost every technology discipline today, and cybersecurity is no exception. Learn about the top programming languages for security professionals.Continue Reading
Dridex malware
Dridex is a form of malware that targets its victim's banking information.Continue Reading
Inbound vs. outbound firewall rules: What are the differences?
Explore the differing roles of inbound versus outbound firewall rules for enterprise network security and the varying use cases for each.Continue Reading
Practice Certified Ethical Hacker exam questions
Preparing for your Certified Ethical Hacker certification? Assess your knowledge of topics on the CEH exam with these practice test questions.Continue Reading
Ethical hacker career path advice: Getting started
Matt Walker, author of a Certified Ethical Hacker exam guide and practice exam book, offers advice to career hopefuls on the profession, CEH certification and more.Continue Reading
Pros and cons of an outsourced SOC vs. in-house SOC
Security operations centers have become an essential element of threat detection. Here's how to decide whether to build one in-house or outsource SOC capabilities.Continue Reading
identity management (ID management)
Identity management (ID management) is the organizational process for ensuring that individuals have the appropriate access to technology resources.Continue Reading
SOAR (Security Orchestration, Automation and Response)
SOAR (Security Orchestration, Automation and Response) is a solution stack of compatible software programs that allow an organization to collect data about security threats, and respond to low-level security events without human assistance.Continue Reading
Certified Information Systems Auditor (CISA)
The Certified Information Systems Auditor (CISA) is a certification and globally recognized standard for appraising an IT auditor's knowledge, expertise and skill in assessing vulnerabilities and instituting IT controls in an enterprise environment. Continue Reading
Cyber insurance 101: Timely guidance on an essential tool
No one hopes for a breach, but as they become more common, any responsible cybersecurity team must anticipate one. One key element: choosing the right cyber insurance policy.Continue Reading
Application, database and data security quiz
Are you up to speed with database and application security know-how? Test your comprehension of best practices, emerging threats and more with this data security quiz.Continue Reading
Data breach response: How to plan and recover
Download a planning guide from CompTIA to ensure your company and your customers are prepared and can respond when a ransomware attack or data breach strikes.Continue Reading
Try this cybersecurity quiz, test your cyberdefense smarts
Based on the November 2020 issue of Information Security magazine, this 10-question quiz lets you check your comprehensive knowledge of current security issues and earn CPE credit too.Continue Reading
malware
Malware, or malicious software, is any program or file that is harmful to a computer user.Continue Reading
incident response team
An incident response team is a group of IT professionals in charge of preparing for and reacting to any type of organizational emergency.Continue Reading
AI in security analytics is the enhancement you need
AI-powered analytics is critical to an effective, proactive security strategy. Learn how AI-enabled tools work and what your organization needs to do to reap their benefits.Continue Reading
Benefits of virtual SOCs: Enterprise-run vs. fully managed
A virtual security operations center, be it managed in-house or by a third party, is becoming an increasingly popular option to save money and improve reliability.Continue Reading
Understanding the zero trust-SDP relationship
Zero trust is a complicated framework that spans the IT stack. Find out how software-defined perimeter can address zero trust's network-level access requirements.Continue Reading
tokenization
Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.Continue Reading
incident response
Incident response is an organized approach to addressing and managing the aftermath of a security breach or cyberattack, also known as an IT incident, computer incident or security incident.Continue Reading
The 5 principles of zero-trust security
Zero trust is a journey, not a destination. Ensure your corporate network is safe from internal and external threats by implementing these five principles of zero-trust security.Continue Reading
Changing the culture of information sharing for cybersecurity
Dan Young explains why it's time for the cybersecurity industry to come together regarding information sharing and how insurance providers, regulators and others could assist.Continue Reading
Developing a cyber resilience plan for today's threat landscape
A cyber resilience plan should complement a company's cybersecurity strategy so that the security culture and cyber hygiene is thought through in all IT and cybersecurity initiatives.Continue Reading
Quiz: Network security authentication methods
There are many methods available to authenticate users requesting access to an organization's systems. Test your knowledge with this quiz on authentication in network security.Continue Reading
What are the top secure data transmission methods?
Safe information transfer is a must for modern organizations, but not all secure data transmission methods are equal. Explore your secure data transfer options in this tip.Continue Reading
How self-sovereign identity principles suit the modern world
There are several core self-sovereign identity principles to consider before the concept can benefit the enterprise. Learn about the implications of SSI advancements in this Q&A.Continue Reading
5 key enterprise SOC team roles and responsibilities
Review the key players in the 2020 SOC and their specific responsibilities, as well as best practices to ensure effective teamwork for a secure organization.Continue Reading
Format-preserving encryption use cases, benefits, alternative
With format-preserving encryption, a ciphertext's format is the same as its plaintext's. Read up on the benefits of this cryptography method, NIST FPE methods, vendors and more.Continue Reading
Federal Information Security Management Act (FISMA)
The Federal Information Security Management Act (FISMA) is United States legislation that defines a framework of guidelines and security standards to protect government information, operations and assets.Continue Reading
Top 4 firewall-as-a-service security features and benefits
Firewall-as-a-service offerings implement security policies across consolidated traffic headed to all locations. Learn about four security features and benefits of FWaaS.Continue Reading
Best practices for ethically teaching cybersecurity skills
Jonathan Meyers has recommendations that teachers and students can use to enhance their teaching and learning of cybersecurity skills to remain relevant in this fast-paced industry.Continue Reading
CISO as a service (vCISO, virtual CISO, fractional CISO)
A CISO as a service (CISOaaS) is the outsourcing of CISO (chief information security officer) and information security leadership responsibilities to a third-party provider.Continue Reading
access control
Access control is a security technique that regulates who or what can view or use resources in a computing environment.Continue Reading
advanced persistent threat (APT)
An advanced persistent threat (APT) is a prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period of time.Continue Reading
biometrics
Biometrics is the measurement and statistical analysis of people's unique physical and behavioral characteristics.Continue Reading
zero-day (computer)
Zero-day is a flaw in software, hardware or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw.Continue Reading
CISSP practice exam questions and answers
Test your knowledge and preparedness for the CISSP exam with 16 questions taken directly from the latest 'CISSP All-in-One Exam Guide' from McGraw Hill.Continue Reading
PCI DSS 12 requirements
PCI DSS 12 requirements is a set of security controls that businesses are required to implement to protect credit card data and comply with the Payment Card Industry Data Security Standard (PCI DSS).Continue Reading
How to send secure email attachments
Sending sensitive information in attachments is inherently unsafe, and the main way to secure them -- encryption -- can be implemented inconsistently, negating security benefits.Continue Reading
Test your cybersecurity knowledge with this quick ISM quiz
Read our August 2020 e-zine, and then take this short quiz to test your knowledge of cybersecurity awareness training and other issues -- from types of CISOs to talent recruitment.Continue Reading
Which type of CISO are you? Company fit matters
Incompatibility between CISOs and their companies can lead to stress, frustration, burnout and rapid turnover. Identify your CISO style to target the ideal role and environment for you.Continue Reading
How to start an enterprise bug bounty program and why
Incentivizing researchers for finding software vulnerabilities can be advantageous for vendors and participants. Here's what to know before starting a bug bounty program.Continue Reading
IDS/IPS quiz: Intrusion detection and prevention systems
Want a baseline of your intrusion detection and prevention system knowledge? Test your insights with this IDS/IPS quiz.Continue Reading
vulnerability assessment (vulnerability analysis)
A vulnerability assessment is the process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructures.Continue Reading
X.509 certificate
An X.509 certificate is a digital certificate that uses the widely accepted international X.509 public key infrastructure standard to verify that a public key belongs to the user, computer or service identity contained within the certificate.Continue Reading
Stateful vs. stateless firewalls: Understanding the differences
Examine the important differences between stateful and stateless firewalls, and learn when each type of firewall should be used in an enterprise setting.Continue Reading
Navigate the DOD's Cybersecurity Maturity Model Certification
The Cybersecurity Maturity Model Certification requires DOD contractors to achieve baseline security standards. Explore the five levels of certification and how to achieve them.Continue Reading
How to use a public key and private key in digital signatures
Ensuring authenticity of online communications is critical to conduct business. Learn how to use a public key and private key in digital signatures to manage electronic documents.Continue Reading
Trojan horse (computing)
In computing, a Trojan horse is a program downloaded and installed on a computer that appears harmless, but is, in fact, malicious.Continue Reading
Identity management vs. authentication: Know the difference
Andrew Froehlich breaks down how authentication and identity management differ and how each of them are intrinsic to an identity and access management framework.Continue Reading
identity theft
Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable information (PII), such as Social Security or driver's license numbers, in order to impersonate someone else.Continue Reading
integrated risk management (IRM)
Integrated risk management (IRM) is a set of coordinated business practices and supporting software tools that contribute to an organization's ability to understand and manage risk holistically across all departments and third-party dependencies.Continue Reading
Test your cyber-smarts with this network security quiz
Show what you know about the topics covered in the May 2020 issue of Information Security magazine. If you get nine of 10 answers right, you'll also receive CPE credit!Continue Reading
The what, why and how of the Spring Security architecture
Like any framework, Spring Security requires writing less code to implement the desired functionality. Learn how to implement the Spring Security architecture in this book excerpt.Continue Reading
phishing
Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels.Continue Reading
The state of cybersecurity risk: Detection and mitigation
Hackers will always try to creep in, and many will succeed. That's why effective detection and mitigation are essential. How are enterprises faring?Continue Reading
AI-powered cyberattacks force change to network security
Companies now face sophisticated enemies using AI and machine learning tools for their attacks. It's a world of new dangers for those defending network systems and data.Continue Reading
Plan now for the future of network security
How to battle well-funded, technologically sophisticated threats and ensure high-quality network performance? CISOs need a plan to meet network challenges now and in the future.Continue Reading
Telework security requires meticulous caution, communication
Organizations that are proactive about telework security may enjoy a more resilient network environment. Follow five steps in this webinar to ensure secure remote work.Continue Reading
Words to go: Types of phishing scams
IT teams must take proactive measures to address security awareness when it comes to email. Learn about the types of phishing scams to mitigate risk.Continue Reading
Comparing policies, standards, procedures and technical controls
Infosec pros may have -- incorrectly -- heard the terms standard and policy used interchangeably. Examine the differences among a policy, standard, procedure and technical control.Continue Reading
Advanced Encryption Standard (AES)
The Advanced Encryption Standard (AES) is a symmetric block cipher chosen by the U.S. government to protect classified information.Continue Reading
encryption
Encryption is the method by which information is converted into secret code that hides the information's true meaning.Continue Reading
single sign-on (SSO)
Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials -- for example, a name and password -- to access multiple applications.Continue Reading
remote access
Remote access is the ability for an authorized person to access a computer or a network from a geographical distance through a network connection. Remote access enables users to connect to the systems they need when they are physically far away. ...Continue Reading
SSL VPN (Secure Sockets Layer virtual private network)
An SSL VPN is a type of virtual private network (VPN) that uses the Secure Sockets Layer (SSL) protocol -- or, more often, its successor, the Transport Layer Security (TLS) protocol -- in standard web browsers to provide secure, remote-access VPN ...Continue Reading
firewall
A firewall is software or firmware that prevents unauthorized access to a network.Continue Reading
cryptography
Cryptography is a method of protecting information and communications through the use of codes so that only those for whom the information is intended can read and process it.Continue Reading
Certified Information Security Manager (CISM)
Certified Information Security Manager (CISM) is an advanced certification which indicates that an individual possesses the knowledge and experience required to develop and manage an enterprise information security (infosec) program.Continue Reading
two-factor authentication (2FA)
Two-factor authentication (2FA) is a verification process in which the user provides two different authentication factors to prove their identity. Credentials can be based on knowledge, possession, inherence, location or time.Continue Reading
Secure Shell (SSH)
SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.Continue Reading
Considering the differences in LAN vs. WAN security
Given the differences in the security of LAN and WAN, enterprises need to guard against insider threats, secure against unauthorized access and potentially secure the edge, too.Continue Reading
risk analysis
Risk analysis is the process of identifying and analyzing potential issues that could negatively impact key business initiatives or projects.Continue Reading
CISA exam preparation requires learning ethics, standards, new vocab
The CISA certification is proof of an auditor's knowledge and skills. However, the exam isn't easy and requires some heavy learning -- especially when it comes to vocabulary.Continue Reading
CISA practice questions to prep for the exam
Ready to take the Certified Information Systems Auditor exam? Use these CISA practice questions to test your knowledge of the audit process job practice domain.Continue Reading