Get started

Data Security and Cloud Computing

• How to use a public key and private key in digital signatures

  Ensuring authenticity of online communications is critical to conduct business. Learn how to use a public key and private key in digital signatures to manage electronic documents. Continue Reading

• Trojan horse (computing)

  In computing, a Trojan horse is a program downloaded and installed on a computer that appears harmless, but is, in fact, malicious. Continue Reading

• Identity management vs. authentication: Know the difference

  Andrew Froehlich breaks down how authentication and identity management differ and how each of them are intrinsic to an identity and access management framework. Continue Reading

• identity theft

  Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable information (PII), such as Social Security or driver's license numbers, in order to impersonate someone else. Continue Reading

• integrated risk management (IRM)

  Integrated risk management (IRM) is an approach to risk management that uses a set of practices and processes to improve an organization's security, risk tolerance profile and strategic decision-making. Continue Reading

• Definitions to Get Started

  • Trojan horse (computing)
  • identity theft
  • integrated risk management (IRM)
  • phishing

  • Advanced Encryption Standard (AES)
  • encryption
  • single sign-on (SSO)
  • remote access

  View All Definitions

• Test your cyber-smarts with this network security quiz

  Show what you know about the topics covered in the May 2020 issue of Information Security magazine. If you get nine of 10 answers right, you'll also receive CPE credit!Continue Reading

• The what, why and how of the Spring Security architecture

  Like any framework, Spring Security requires writing less code to implement the desired functionality. Learn how to implement the Spring Security architecture in this book excerpt.Continue Reading

• phishing

  Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels.Continue Reading

• The state of cybersecurity risk: Detection and mitigation

  Hackers will always try to creep in, and many will succeed. That's why effective detection and mitigation are essential. How are enterprises faring?Continue Reading

• AI-powered cyberattacks force change to network security

  Companies now face sophisticated enemies using AI and machine learning tools for their attacks. It's a world of new dangers for those defending network systems and data.Continue Reading

• Plan now for the future of network security

  How to battle well-funded, technologically sophisticated threats and ensure high-quality network performance? CISOs need a plan to meet network challenges now and in the future.Continue Reading

• Telework security requires meticulous caution, communication

  Organizations that are proactive about telework security may enjoy a more resilient network environment. Follow five steps in this webinar to ensure secure remote work.Continue Reading

• Words to go: Types of phishing scams

  IT teams must take proactive measures to address security awareness when it comes to email. Learn about the types of phishing scams to mitigate risk.Continue Reading

• Comparing policies, standards, procedures and technical controls

  Infosec pros may have -- incorrectly -- heard the terms standard and policy used interchangeably. Examine the differences among a policy, standard, procedure and technical control.Continue Reading

• When, why and how to start an enterprise bug bounty program

  Incentivizing researchers for finding software vulnerabilities can be advantageous for vendors and participants. Here's what to know before starting a bug bounty program.Continue Reading

• Advanced Encryption Standard (AES)

  The Advanced Encryption Standard (AES) is a symmetric block cipher chosen by the U.S. government to protect classified information.Continue Reading

• single sign-on (SSO)

  Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials -- for example, a name and password -- to access multiple applications.Continue Reading

• encryption

  Encryption is the method by which information is converted into secret code that hides the information's true meaning.Continue Reading

• remote access

  Remote access is the ability for an authorized person to access a computer or a network from a geographical distance through a network connection. Remote access enables users to connect to the systems they need when they are physically far away. ...Continue Reading

• SSL VPN (Secure Sockets Layer virtual private network)

  An SSL VPN is a type of virtual private network (VPN) that uses the Secure Sockets Layer (SSL) protocol -- or, more often, its successor, the Transport Layer Security (TLS) protocol -- in standard web browsers to provide secure, remote-access VPN ...Continue Reading

• firewall

  A firewall is software or firmware that prevents unauthorized access to a network.Continue Reading

• digital signature

  A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document.Continue Reading

• cryptography

  Cryptography is a method of protecting information and communications through the use of codes so that only those for whom the information is intended can read and process it.Continue Reading

• Certified Information Security Manager (CISM)

  Certified Information Security Manager (CISM) is an advanced certification which indicates that an individual possesses the knowledge and experience required to develop and manage an enterprise information security (infosec) program.Continue Reading

• Secure Shell (SSH)

  SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.Continue Reading

• two-factor authentication (2FA)

  Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication, is a security process in which users provide two different authentication factors to verify themselves.Continue Reading

• What is cybersecurity? Everything you need to know

  Cybersecurity is the protection of internet-connected systems -- including hardware, software and data -- from cyberattacks.Continue Reading

• Considering the differences in LAN vs. WAN security

  Given the differences in the security of LAN and WAN, enterprises need to guard against insider threats, secure against unauthorized access and potentially secure the edge, too.Continue Reading

• risk analysis

  Risk analysis is the process of identifying and analyzing potential issues that could negatively impact key business initiatives or projects.Continue Reading

• CISA exam preparation requires learning ethics, standards, new vocab

  The CISA certification is proof of an auditor's knowledge and skills. However, the exam isn't easy and requires some heavy learning -- especially when it comes to vocabulary.Continue Reading

• CISA practice questions to prep for the exam

  Ready to take the Certified Information Systems Auditor exam? Use these CISA practice questions to test your knowledge of the audit process job practice domain.Continue Reading

• asymmetric cryptography (public key cryptography)

  Asymmetric cryptography, also known as public-key cryptography, is a process that uses a pair of related keys -- one public key and one private key -- to encrypt and decrypt a message and protect it from unauthorized access or use.Continue Reading

• Symmetric vs. asymmetric encryption: Decipher the differences

  Explore the differences between symmetric vs. asymmetric encryption algorithms, including common uses and examples of both, as well as their pros and cons.Continue Reading

• Risk management vs. risk assessment vs. risk analysis

  Understanding risk is the first step to making informed budget and security decisions. Explore the differences between risk management vs. risk assessment vs. risk analysis.Continue Reading

• 6 cybersecurity strategies to solidify personal data protection

  As consumers add more connected devices to personal networks, cybersecurity risk is hitting close to home. Here are steps individuals can take to ensure personal data protection.Continue Reading

• personally identifiable information (PII)

  Personally identifiable information (PII) is any data that could potentially identify a specific individual.Continue Reading

• Advanced cybersecurity fraud and how to fight it

  Cybersecurity fraud's roots run deep, with fraudsters forever after the same thing: tricking others out of their valuable assets. Learn how to keep defenses high.Continue Reading

• juice jacking

  Juice jacking is a security exploit in which an infected USB charging station is used to compromise connected devices. The exploit takes advantage of the fact that a mobile device’s power supply passes over the same USB cable the connected device ...Continue Reading

• Software security testing and software stress testing basics

  In this excerpt from Ric Messier's book, learn why software security testing and stress testing are critical components of an enterprise infosec program.Continue Reading

• Wired vs. wireless network security: Best practices

  Explore the differences between wired and wireless network security, and read up on best practices to ensure security with or without wires.Continue Reading

• DNS attack

  A DNS attack is an exploit in which an attacker takes advantage of vulnerabilities in the domain name system (DNS).Continue Reading

• What are the most important pillars of a zero-trust framework?

  Learn how the ZTX model can help IT leaders identify, organize and implement the appropriate cybersecurity tools to satisfy seven pillars of a zero-trust framework.Continue Reading

• intrusion detection system (IDS)

  An intrusion detection system (IDS) is a system that monitors network traffic for suspicious activity and alerts when such activity is discovered.Continue Reading

• security information and event management (SIEM)

  Security information and event management (SIEM) is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system.Continue Reading

• Try this cybersecurity quiz to test your (threat) intelligence

  Check out our latest issue, and then test your understanding of the material. By passing this quiz, you'll solidify your knowledge and earn CPE credit, too.Continue Reading

• 2 components of detection and threat intelligence platforms

  Deploying threat detection and intelligence platforms is one of the smartest ways to protect your organization's valuable assets. Make sure you know how to choose the best tool.Continue Reading

• keylogger (keystroke logger or system monitor)

  A keylogger, sometimes called a keystroke logger or system monitor, is a type of surveillance technology used to monitor and record each keystroke typed on a specific computer's keyboard.Continue Reading

• In-house vs. outsourced cybersecurity operations center capabilities

  Cybersecurity operations centers have become an essential element of threat detection. Here's how to decide whether to build one in-house or outsource these capabilities.Continue Reading

• Cryptography basics: Symmetric key encryption algorithms

  Scrambling plaintext into ciphertext is essential to ensure data cannot be read or used by the wrong people. Learn the basics of symmetric key encryption algorithms here.Continue Reading

• 'Computer Security Fundamentals:' Quantum security to certifications

  New topics, from security engineering to quantum computing, are covered in 'Computer Security Fundamentals,' but the book's author suggests readers review some basic topics, too.Continue Reading

• How does antimalware software work and what are the detection types?

  Virus detection techniques used by antimalware tools can be a huge boost to enterprise cybersecurity programs. Learn how antimalware software works and its benefits in this tip.Continue Reading

• 3 tips for writing a quality penetration testing report

  Writing a penetration testing report might not be the most fun part of the job, but it's a critical component. These tips will help you write a good one.Continue Reading

• What are the most common digital authentication methods?

  In order to build and maintain a comprehensive access management program, enterprise leaders must get to know the various forms of digital authentication at their disposal.Continue Reading

• cybercrime

  Cybercrime is any criminal activity that involves a computer, networked device or a network.Continue Reading

• Put application security testing at the top of your do-now list

  It's time to take a new attitude toward application security. Learn what must be tested and the specific steps that will take your apps from vulnerable to fortified.Continue Reading

• Craft an effective application security testing process

  For many reasons, only about half of all web apps get proper security evaluation and testing. Here's how to fix that stat and better protect your organization's systems and data.Continue Reading

• The who, what, why -- and challenges -- of CISM certification

  Think you're ready for the CISM certification exam? Peter Gregory, author of CISM: Certified Information Security Manager Practice Exams, has some pointers for you.Continue Reading

• cybersecurity insurance (cybersecurity liability insurance)

  Cybersecurity insurance, also called cyber liability insurance or cyber insurance, is a contract that an entity can purchase to help reduce the financial risks associated with doing business online.Continue Reading

• Comparing inbound and outbound firewall rules for the enterprise

  Explore the differing roles of inbound versus outbound firewall rules for enterprise network security and the varying use cases for each.Continue Reading

• COBIT

  COBIT is a framework for developing, implementing, monitoring and improving information technology (IT) governance and management best practices.Continue Reading

• The ins and outs of cyber insurance coverage

  Cyber insurance coverage can help companies successfully navigate the aftereffects of a data breach. However, choosing a policy in the first place can be confusing.Continue Reading

• Port Scan

  A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services -- each associated with a "well-known" port number -- the computer provides.Continue Reading

• DMZ (networking)

  In computer networks, a DMZ (demilitarized zone), also sometimes known as a perimeter network or a screened subnetwork, is a physical or logical subnet that separates an internal local area network (LAN) from other untrusted networks -- usually the ...Continue Reading

• quantum supremacy

  Quantum supremacy is the experimental demonstration of a quantum computer's dominance and advantage over classic computers by performing calculations that were previously impossible at unmatched speeds.Continue Reading

• What is the role of CISO in network security?

  The role of CISO in network security goes beyond risk management. It also requires understanding compliance regulations and business needs, as well as the ability to communicate security policies to nontechnical employees.Continue Reading

• Key features in building a security operations center

  Building a security operations center means understanding the key features you need to ensure your network remains protected against threats.Continue Reading

• Do you have the right set of penetration tester skills?

  Pen testing is more than just the fun of breaking into systems. Learn about the critical penetration tester skills potential candidates must master to become proficient in their career path.Continue Reading

• Comparing Diffie-Hellman vs. RSA key exchange algorithms

  See which encryption method uses digital signatures, symmetric key exchanges, bulk encryption and much more in this Diffie-Hellman vs. RSA showdown.Continue Reading

• Raise enterprise network visibility, and security rises too

  The need to improve network visibility has bedeviled IT teams for years. Better tools offer hope but there are privacy and ethical concerns that come with responsible use.Continue Reading

• Web application firewall (WAF)

  A web application firewall (WAF) is a firewall that monitors, filters and blocks data packets as they travel to and from a website or web application.Continue Reading

• spyware

  Spyware is a type of malicious software -- or malware -- that is installed on a computing device without the end user's knowledge.Continue Reading

• application whitelisting

  Application whitelisting is the practice of specifying an index of approved software applications or executable files that are permitted to be present and active on a computer system.Continue Reading

• Test your grasp of AI threats, privacy regulations and more

  Test your grasp of current security topics like AI in cybersecurity and what privacy regulations require. Then receive CPE credit by passing this quiz.Continue Reading

• Enterprises feel the pain of cybersecurity staff shortages

  It's hard enough keeping up with today's threats on a good day. But when your IT organization is spread thin, especially in terms of cybersecurity staff, the challenges mount.Continue Reading

• botnet

  A botnet is a network of infected smart computing devices controlled by a common type of malware. The term botnet is derived from the words robot and network. A robot, in this context, is a malicious program that operates as an agent for a human ...Continue Reading

• CompTIA PenTest+ practice test questions to assess your knowledge

  Think you're ready to take the CompTIA PenTest+ certification exam? Test your skill set with some of the sample multiple-choice questions you may be facing.Continue Reading

• 6 different types of hackers, from black hat to red hat

  Black, white and grey hats are familiar to security pros, but as the spectrum evolves to include green, blue and red, things get muddled. Brush up on types of hackers, new and old.Continue Reading

• identity provider

  An identity provider is a system component that is able to provide an end user or internet-connected device with a single set of login credentials that will ensure the entity is who or what it says it is across multiple platforms, applications and ...Continue Reading

• What types of cybersecurity insurance coverage are available?

  Cybersecurity insurance coverage could prove invaluable to risk mitigation -- if it's chosen carefully. Find out which type of insurance plan is right for your organization.Continue Reading

• The 3 pillars of a DevSecOps model

  In this excerpt from Chapter 1 of Securing DevOps: Security in the Cloud, author Julien Vehent describes three principles critical to the DevSecOps model.Continue Reading

• The 3 types of DNS servers and how they work

  DNS is a core internet technology, instrumental in mapping human-readable domains into corresponding IP addresses. Learn about the three DNS server types and their roles in the internet.Continue Reading

• Penetration testing vs. red team: What's the difference?

  Is penetration testing the same as red team engagement? There are similarities, but they're not the same. Understand the differences to improve your organization's cyberdefenses.Continue Reading

• IT/OT convergence is necessary, desirable, but not so simple

  A secure IT/OT convergence requires a strategy that takes into account compliance requirements and likely threats and recognizes the critical role of people.Continue Reading

• Create a manageable, secure IT/OT convergence strategy in 3 steps

  An effective IT/OT strategy requires at least three things: an evangelist, an infrastructure reference architecture and a plan to sanely divide operations between IT and OT.Continue Reading

• Cybersecurity frameworks hold key to solid security strategy

  Cybersecurity frameworks take work, but they help organizations clarify their security strategies. If you don't have one, here's what to consider, even for emerging perimeterless security options.Continue Reading

• What's the purpose of CAPTCHA technology and how does it work?

  Learn about the purpose of CAPTCHA challenges that enable websites to differentiate bots from authentic users to stop spammers from hijacking forums and blog comment sections.Continue Reading

• Test your infosec smarts about IAM and other key subjects

  Solidify your knowledge and get CPE credits by taking this quiz on IAM, security frameworks, IoT third-party risks and more.Continue Reading

• computer worm

  A computer worm is a type of malicious software program whose primary function is to infect other computers while remaining active on infected systems.Continue Reading

• What are the benefits and challenges of cloud penetration testing?

  Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help inform cloud pen test strategies.Continue Reading

• What it takes to be a DevSecOps engineer

  To address security early in the application development process, DevSecOps requires a litany of skills and technology literacy. Learn what it takes to be a DevSecOps engineer.Continue Reading

• How does AttackSurfaceMapper help with attack surface mapping?

  A new open source pen testing tool expedites attack surface mapping -- one of the most important aspects of any penetration testing engagement.Continue Reading

• How to navigate the often challenging CISO career path

  There's no clear-cut path to becoming a CISO. However, the right security certifications, an ever-questioning attitude and a strong network of CISO peers can help prepare you for the journey.Continue Reading

• Certified Information Systems Auditor (CISA)

  Certified Information Systems Auditor (CISA) is a certification issued by ISACA to people in charge of ensuring that an organization's IT and business systems are monitored, managed and protected; the certification is presented after completion of a...Continue Reading

• New network traffic analysis tools focus on security

  Companies have used traffic data analytics to improve bandwidth and network performance. Now, though, a new class of tools taps network data to improve security.Continue Reading

• Network traffic analysis tools secure a new, crucial role

  Gartner just produced its first-ever guide to network traffic analytics security tools. Learn how the analysis of network traffic is broadening to include network security.Continue Reading

• How to build an enterprise penetration testing plan

  Simulating an attack against your network is one of the best ways to remediate security holes before the bad guys find them. Here, learn penetration testing basics and how it can help keep your enterprise safe.Continue Reading

• Wireshark tutorial: How to use Wireshark to sniff network traffic

  Learn how to use the Wireshark packet analyzer to monitor network traffic, as well as how to use the Wireshark packet sniffer for network traffic analysis and inspection.Continue Reading

• How to start building a DevSecOps model

  To help transition to a DevSecOps model to protect enterprises, security teams need to identify key stakeholders, provide examples of specific company security events and work toward creating crossover teams.Continue Reading

• The must-have skills for cybersecurity aren't what you think

  The most critical skills that cybersecurity lacks -- like leadership buy-in, people skills and the ability to communicate -- are not the ones you hear about. That needs to change.Continue Reading

• New tech steers identity and access management evolution

  IAM is evolving to incorporate new technologies -- like cloud-based services and containerization -- promising more secure, granular management of access to company IT assets.Continue Reading