Get started

Data Security and Cloud Computing

• identity management (ID management)

  Identity management (ID management) is the organizational process for ensuring that individuals have the appropriate access to technology resources. Continue Reading

• SOAR (Security Orchestration, Automation and Response)

  SOAR (Security Orchestration, Automation and Response) is a solution stack of compatible software programs that allow an organization to collect data about security threats, and respond to low-level security events without human assistance. Continue Reading

• Certified Information Systems Auditor (CISA)

  The Certified Information Systems Auditor (CISA) is a certification and globally recognized standard for appraising an IT auditor's knowledge, expertise and skill in assessing vulnerabilities and instituting IT controls in an enterprise environment.  Continue Reading

• Cyber insurance 101: Timely guidance on an essential tool

  No one hopes for a breach, but as they become more common, any responsible cybersecurity team must anticipate one. One key element: choosing the right cyber insurance policy. Continue Reading

• Application, database and data security quiz

  Are you up to speed with database and application security know-how? Test your comprehension of best practices, emerging threats and more with this data security quiz. Continue Reading

• Definitions to Get Started

  • identity management (ID management)
  • SOAR (Security Orchestration, Automation and Response)
  • Certified Information Systems Auditor (CISA)
  • malware

  • incident response team
  • tokenization
  • incident response
  • Federal Information Security Management Act (FISMA)

  View All Definitions

• Data breach response: How to plan and recover

  Download a planning guide from CompTIA to ensure your company and your customers are prepared and can respond when a ransomware attack or data breach strikes.Continue Reading

• Try this cybersecurity quiz, test your cyberdefense smarts

  Based on the November 2020 issue of Information Security magazine, this 10-question quiz lets you check your comprehensive knowledge of current security issues and earn CPE credit too.Continue Reading

• malware

  Malware, or malicious software, is any program or file that is harmful to a computer user.Continue Reading

• incident response team

  An incident response team is a group of IT professionals in charge of preparing for and reacting to any type of organizational emergency.Continue Reading

• AI in security analytics is the enhancement you need

  AI-powered analytics is critical to an effective, proactive security strategy. Learn how AI-enabled tools work and what your organization needs to do to reap their benefits.Continue Reading

• Benefits of virtual SOCs: Enterprise-run vs. fully managed

  A virtual security operations center, be it managed in-house or by a third party, is becoming an increasingly popular option to save money and improve reliability.Continue Reading

• Understanding the zero trust-SDP relationship

  Zero trust is a complicated framework that spans the IT stack. Find out how software-defined perimeter can address zero trust's network-level access requirements.Continue Reading

• tokenization

  Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.Continue Reading

• incident response

  Incident response is an organized approach to addressing and managing the aftermath of a security breach or cyberattack, also known as an IT incident, computer incident or security incident.Continue Reading

• The 5 principles of zero-trust security

  Zero trust is a journey, not a destination. Ensure your corporate network is safe from internal and external threats by implementing these five principles of zero-trust security.Continue Reading

• Changing the culture of information sharing for cybersecurity

  Dan Young explains why it's time for the cybersecurity industry to come together regarding information sharing and how insurance providers, regulators and others could assist.Continue Reading

• Developing a cyber resilience plan for today's threat landscape

  A cyber resilience plan should complement a company's cybersecurity strategy so that the security culture and cyber hygiene is thought through in all IT and cybersecurity initiatives.Continue Reading

• Quiz: Network security authentication methods

  There are many methods available to authenticate users requesting access to an organization's systems. Test your knowledge with this quiz on authentication in network security.Continue Reading

• What are the top secure data transmission methods?

  Safe information transfer is a must for modern organizations, but not all secure data transmission methods are equal. Explore your secure data transfer options in this tip.Continue Reading

• How self-sovereign identity principles suit the modern world

  There are several core self-sovereign identity principles to consider before the concept can benefit the enterprise. Learn about the implications of SSI advancements in this Q&A.Continue Reading

• 5 key enterprise SOC team roles and responsibilities

  Review the key players in the 2020 SOC and their specific responsibilities, as well as best practices to ensure effective teamwork for a secure organization.Continue Reading

• Format-preserving encryption use cases, benefits, alternative

  With format-preserving encryption, a ciphertext's format is the same as its plaintext's. Read up on the benefits of this cryptography method, NIST FPE methods, vendors and more.Continue Reading

• Federal Information Security Management Act (FISMA)

  The Federal Information Security Management Act (FISMA) is United States legislation that defines a framework of guidelines and security standards to protect government information, operations and assets.Continue Reading

• Top 4 firewall-as-a-service security features and benefits

  Firewall-as-a-service offerings implement security policies across consolidated traffic headed to all locations. Learn about four security features and benefits of FWaaS.Continue Reading

• Best practices for ethically teaching cybersecurity skills

  Jonathan Meyers has recommendations that teachers and students can use to enhance their teaching and learning of cybersecurity skills to remain relevant in this fast-paced industry.Continue Reading

• CISO as a service (vCISO, virtual CISO, fractional CISO)

  A CISO as a service (CISOaaS) is the outsourcing of CISO (chief information security officer) and information security leadership responsibilities to a third-party provider.Continue Reading

• access control

  Access control is a security technique that regulates who or what can view or use resources in a computing environment.Continue Reading

• advanced persistent threat (APT)

  An advanced persistent threat (APT) is a prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period of time.Continue Reading

• biometrics

  Biometrics is the measurement and statistical analysis of people's unique physical and behavioral characteristics.Continue Reading

• zero-day (computer)

  Zero-day is a flaw in software, hardware or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw.Continue Reading

• CISSP practice exam questions and answers

  Test your knowledge and preparedness for the CISSP exam with 16 questions taken directly from the latest 'CISSP All-in-One Exam Guide' from McGraw Hill.Continue Reading

• PCI DSS 12 requirements

  PCI DSS 12 requirements is a set of security controls that businesses are required to implement to protect credit card data and comply with the Payment Card Industry Data Security Standard (PCI DSS).Continue Reading

• How to send secure email attachments

  Sending sensitive information in attachments is inherently unsafe, and the main way to secure them -- encryption -- can be implemented inconsistently, negating security benefits.Continue Reading

• Test your cybersecurity knowledge with this quick ISM quiz

  Read our August 2020 e-zine, and then take this short quiz to test your knowledge of cybersecurity awareness training and other issues -- from types of CISOs to talent recruitment.Continue Reading

• Which type of CISO are you? Company fit matters

  Incompatibility between CISOs and their companies can lead to stress, frustration, burnout and rapid turnover. Identify your CISO style to target the ideal role and environment for you.Continue Reading

• How to start an enterprise bug bounty program and why

  Incentivizing researchers for finding software vulnerabilities can be advantageous for vendors and participants. Here's what to know before starting a bug bounty program.Continue Reading

• IDS/IPS quiz: Intrusion detection and prevention systems

  Want a baseline of your intrusion detection and prevention system knowledge? Test your insights with this IDS/IPS quiz.Continue Reading

• vulnerability assessment (vulnerability analysis)

  A vulnerability assessment is the process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructures.Continue Reading

• X.509 certificate

  An X.509 certificate is a digital certificate that uses the widely accepted international X.509 public key infrastructure standard to verify that a public key belongs to the user, computer or service identity contained within the certificate.Continue Reading

• Stateful vs. stateless firewalls: Understanding the differences

  Examine the important differences between stateful and stateless firewalls, and learn when each type of firewall should be used in an enterprise setting.Continue Reading

• Navigate the DOD's Cybersecurity Maturity Model Certification

  The Cybersecurity Maturity Model Certification requires DOD contractors to achieve baseline security standards. Explore the five levels of certification and how to achieve them.Continue Reading

• How to use a public key and private key in digital signatures

  Ensuring authenticity of online communications is critical to conduct business. Learn how to use a public key and private key in digital signatures to manage electronic documents.Continue Reading

• Trojan horse (computing)

  In computing, a Trojan horse is a program downloaded and installed on a computer that appears harmless, but is, in fact, malicious.Continue Reading

• Identity management vs. authentication: Know the difference

  Andrew Froehlich breaks down how authentication and identity management differ and how each of them are intrinsic to an identity and access management framework.Continue Reading

• identity theft

  Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable information (PII), such as Social Security or driver's license numbers, in order to impersonate someone else.Continue Reading

• integrated risk management (IRM)

  Integrated risk management (IRM) is a set of proactive, business-wide practices that contribute to an organization's security, risk tolerance profile, and strategic decisions.Continue Reading

• Test your cyber-smarts with this network security quiz

  Show what you know about the topics covered in the May 2020 issue of Information Security magazine. If you get nine of 10 answers right, you'll also receive CPE credit!Continue Reading

• The what, why and how of the Spring Security architecture

  Like any framework, Spring Security requires writing less code to implement the desired functionality. Learn how to implement the Spring Security architecture in this book excerpt.Continue Reading

• phishing

  Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels.Continue Reading

• The state of cybersecurity risk: Detection and mitigation

  Hackers will always try to creep in, and many will succeed. That's why effective detection and mitigation are essential. How are enterprises faring?Continue Reading

• AI-powered cyberattacks force change to network security

  Companies now face sophisticated enemies using AI and machine learning tools for their attacks. It's a world of new dangers for those defending network systems and data.Continue Reading

• Plan now for the future of network security

  How to battle well-funded, technologically sophisticated threats and ensure high-quality network performance? CISOs need a plan to meet network challenges now and in the future.Continue Reading

• Telework security requires meticulous caution, communication

  Organizations that are proactive about telework security may enjoy a more resilient network environment. Follow five steps in this webinar to ensure secure remote work.Continue Reading

• Words to go: Types of phishing scams

  IT teams must take proactive measures to address security awareness when it comes to email. Learn about the types of phishing scams to mitigate risk.Continue Reading

• Comparing policies, standards, procedures and technical controls

  Infosec pros may have -- incorrectly -- heard the terms standard and policy used interchangeably. Examine the differences among a policy, standard, procedure and technical control.Continue Reading

• Advanced Encryption Standard (AES)

  The Advanced Encryption Standard (AES) is a symmetric block cipher chosen by the U.S. government to protect classified information.Continue Reading

• single sign-on (SSO)

  Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials -- for example, a name and password -- to access multiple applications.Continue Reading

• encryption

  Encryption is the method by which information is converted into secret code that hides the information's true meaning.Continue Reading

• remote access

  Remote access is the ability for an authorized person to access a computer or a network from a geographical distance through a network connection. Remote access enables users to connect to the systems they need when they are physically far away. ...Continue Reading

• SSL VPN (Secure Sockets Layer virtual private network)

  An SSL VPN is a type of virtual private network (VPN) that uses the Secure Sockets Layer (SSL) protocol -- or, more often, its successor, the Transport Layer Security (TLS) protocol -- in standard web browsers to provide secure, remote-access VPN ...Continue Reading

• firewall

  A firewall is software or firmware that prevents unauthorized access to a network.Continue Reading

• cryptography

  Cryptography is a method of protecting information and communications through the use of codes so that only those for whom the information is intended can read and process it.Continue Reading

• Certified Information Security Manager (CISM)

  Certified Information Security Manager (CISM) is an advanced certification which indicates that an individual possesses the knowledge and experience required to develop and manage an enterprise information security (infosec) program.Continue Reading

• digital signature

  A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document.Continue Reading

• Secure Shell (SSH)

  SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.Continue Reading

• two-factor authentication (2FA)

  Two-factor authentication (2FA) is a verification process in which the user provides two different authentication factors to prove their identity. Credentials can be based on knowledge, possession, inherence, location or time.Continue Reading

• What is cybersecurity? Everything you need to know

  Cybersecurity is the protection of internet-connected systems -- including hardware, software and data -- from cyberattacks.Continue Reading

• Considering the differences in LAN vs. WAN security

  Given the differences in the security of LAN and WAN, enterprises need to guard against insider threats, secure against unauthorized access and potentially secure the edge, too.Continue Reading

• risk analysis

  Risk analysis is the process of identifying and analyzing potential issues that could negatively impact key business initiatives or projects.Continue Reading

• CISA exam preparation requires learning ethics, standards, new vocab

  The CISA certification is proof of an auditor's knowledge and skills. However, the exam isn't easy and requires some heavy learning -- especially when it comes to vocabulary.Continue Reading

• CISA practice questions to prep for the exam

  Ready to take the Certified Information Systems Auditor exam? Use these CISA practice questions to test your knowledge of the audit process job practice domain.Continue Reading

• asymmetric cryptography (public key cryptography)

  Asymmetric cryptography, also known as public-key cryptography, is a process that uses a pair of related keys -- one public key and one private key -- to encrypt and decrypt a message and protect it from unauthorized access or use.Continue Reading

• Symmetric vs. asymmetric encryption: Decipher the differences

  Explore the differences between symmetric vs. asymmetric encryption algorithms, including common uses and examples of both, as well as their pros and cons.Continue Reading

• Risk management vs. risk assessment vs. risk analysis

  Understanding risk is the first step to making informed budget and security decisions. Explore the differences between risk management vs. risk assessment vs. risk analysis.Continue Reading

• 6 cybersecurity strategies to solidify personal data protection

  As consumers add more connected devices to personal networks, cybersecurity risk is hitting close to home. Here are steps individuals can take to ensure personal data protection.Continue Reading

• personally identifiable information (PII)

  Personally identifiable information (PII) is any data that could potentially identify a specific individual.Continue Reading

• Advanced cybersecurity fraud and how to fight it

  Cybersecurity fraud's roots run deep, with fraudsters forever after the same thing: tricking others out of their valuable assets. Learn how to keep defenses high.Continue Reading

• juice jacking

  Juice jacking is a security exploit in which an infected USB charging station is used to compromise connected devices. The exploit takes advantage of the fact that a mobile device’s power supply passes over the same USB cable the connected device ...Continue Reading

• Software security testing and software stress testing basics

  In this excerpt from Ric Messier's book, learn why software security testing and stress testing are critical components of an enterprise infosec program.Continue Reading

• Wired vs. wireless network security: Best practices

  Explore the differences between wired and wireless network security, and read up on best practices to ensure security with or without wires.Continue Reading

• DNS attack

  A DNS attack is an exploit in which an attacker takes advantage of vulnerabilities in the domain name system (DNS).Continue Reading

• What are the 7 core zero-trust pillars?

  Learn how Forrester's seven pillars of zero trust model can help IT leaders identify, organize and implement the appropriate cybersecurity tools for a zero-trust framework.Continue Reading

• intrusion detection system (IDS)

  An intrusion detection system (IDS) is a system that monitors network traffic for suspicious activity and alerts when such activity is discovered.Continue Reading

• security information and event management (SIEM)

  Security information and event management (SIEM) is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system.Continue Reading

• Try this cybersecurity quiz to test your (threat) intelligence

  Check out our latest issue, and then test your understanding of the material. By passing this quiz, you'll solidify your knowledge and earn CPE credit, too.Continue Reading

• 2 components of detection and threat intelligence platforms

  Deploying threat detection and intelligence platforms is one of the smartest ways to protect your organization's valuable assets. Make sure you know how to choose the best tool.Continue Reading

• keylogger (keystroke logger or system monitor)

  A keylogger, sometimes called a keystroke logger or system monitor, is a type of surveillance technology used to monitor and record each keystroke typed on a specific computer's keyboard.Continue Reading

• In-house vs. outsourced cybersecurity operations center capabilities

  Cybersecurity operations centers have become an essential element of threat detection. Here's how to decide whether to build one in-house or outsource these capabilities.Continue Reading

• Cryptography basics: Symmetric key encryption algorithms

  Scrambling plaintext into ciphertext is essential to ensure data cannot be read or used by the wrong people. Learn the basics of symmetric key encryption algorithms here.Continue Reading

• 'Computer Security Fundamentals:' Quantum security to certifications

  New topics, from security engineering to quantum computing, are covered in 'Computer Security Fundamentals,' but the book's author suggests readers review some basic topics, too.Continue Reading

• How does antimalware software work and what are the detection types?

  Virus detection techniques used by antimalware tools can be a huge boost to enterprise cybersecurity programs. Learn how antimalware software works and its benefits in this tip.Continue Reading

• 3 tips for writing a quality penetration testing report

  Writing a penetration testing report might not be the most fun part of the job, but it's a critical component. These tips will help you write a good one.Continue Reading

• What are the most common digital authentication methods?

  In order to build and maintain a comprehensive access management program, enterprise leaders must get to know the various forms of digital authentication at their disposal.Continue Reading

• cybercrime

  Cybercrime is any criminal activity that involves a computer, networked device or a network.Continue Reading

• Put application security testing at the top of your do-now list

  It's time to take a new attitude toward application security. Learn what must be tested and the specific steps that will take your apps from vulnerable to fortified.Continue Reading

• Craft an effective application security testing process

  For many reasons, only about half of all web apps get proper security evaluation and testing. Here's how to fix that stat and better protect your organization's systems and data.Continue Reading

• The who, what, why -- and challenges -- of CISM certification

  Think you're ready for the CISM certification exam? Peter Gregory, author of CISM: Certified Information Security Manager Practice Exams, has some pointers for you.Continue Reading

• cybersecurity insurance (cybersecurity liability insurance)

  Cybersecurity insurance, also called cyber liability insurance or cyber insurance, is a contract that an entity can purchase to help reduce the financial risks associated with doing business online.Continue Reading

• Comparing inbound and outbound firewall rules for the enterprise

  Explore the differing roles of inbound versus outbound firewall rules for enterprise network security and the varying use cases for each.Continue Reading

• COBIT

  COBIT is a framework for developing, implementing, monitoring and improving information technology (IT) governance and management best practices.Continue Reading