Get started
Bring yourself up to speed with our introductory content.
Data Security and Cloud Computing
CISSP Domain 5 quiz: Types of access control systems
Get ready for the CISSP exam with this 10-question practice quiz covering key concepts in Domain 5, including access control, identity, authentication and more. Continue Reading
What GDPR privacy requirements mean for U.S. businesses
Prospects of GDPR enforcement may be sowing fear, uncertainty and doubt. But the policy is also sending a clear message to companies: protect customer privacy, or else. Continue Reading
Will it last? The marriage between UBA tools and SIEM
The failure to detect insider threats and a growing need to store and sort through massive amounts of data have drawn attention to user behavior analytics, sometimes called user and entity behavior analytics. According to Gartner, UBA tools deliver ... Continue Reading
-
Cyberthreats, cyber vulnerabilities, and how to fight back
The key to countering cyberthreats today is to first understand your biggest vulnerabilities and then research the most effective countermeasures available to minimize them. Continue Reading
principle of least privilege (POLP)
The principle of least privilege (POLP), an important concept in computer security, is the practice of limiting access rights for users to the bare minimum permissions they need to perform their work. Continue Reading
identity management (ID management)
Identity management (ID management) is the organizational process for identifying, authenticating and authorizing individuals or groups of people to have access to applications, systems or networks by associating user rights and restrictions with ...Continue Reading
zero-day (computer)
A zero-day vulnerability, also known as a computer zero day, is a flaw in software, hardware or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw.Continue Reading
encryption
In computing, encryption is the method by which plaintext or any other type of data is converted from a readable form to an encoded version that can only be decoded by another entity if they have access to a decryption key.Continue Reading
Security Controls Evaluation, Testing, and Assessment Handbook
In this excerpt from chapter 11 of Security Controls Evaluation, Testing, and Assessment Handbook, author Leighton Johnson discusses access control.Continue Reading
identity and access management (IAM)
Identity and access management (IAM) is a framework for business processes that facilitates the management of electronic or digital identities.Continue Reading
-
How to add HTTP security headers to various types of servers
Expert Judith Myerson outlines the different types of HTTP security headers and how to add them to different servers, including Apache, Ngnix and Microsoft IIS Manager.Continue Reading
How to prevent password attacks and other exploits
Prevention is essential to protection against various types of password attacks, unauthorized access and related threats. Expert Adam Gordon outlines how to proactively bolster your defenses.Continue Reading
The best email security comes through strategy and tactics
The best email security policy requires a holistic approach of the issue, understanding both the problem's scope and the most likely threats.Continue Reading
Why threat models are crucial for secure software development
Threat modeling is an important component of the secure software development process. Steve Lipner of SafeCode explains how threat models benefit software security.Continue Reading
Learn how to identify and prevent access control attacks
Once an attacker has gained entry to a network, the consequences can be severe. Find out how the right access control tools can help prevent that from happening.Continue Reading