Get started

Data security strategies and governance

• 6 cybersecurity strategies to solidify personal data protection

  As consumers add more connected devices to personal networks, cybersecurity risk is hitting close to home. Here are steps individuals can take to ensure personal data protection. Continue Reading

• What are the most important pillars of a zero-trust framework?

  Learn how the ZTX model can help IT leaders identify, organize and implement the appropriate cybersecurity tools to satisfy seven pillars of a zero-trust framework. Continue Reading

• 2 components of detection and threat intelligence platforms

  Deploying threat detection and intelligence platforms is one of the smartest ways to protect your organization's valuable assets. Make sure you know how to choose the best tool. Continue Reading

• Cryptography basics: Symmetric key encryption algorithms

  Scrambling plaintext into ciphertext is essential to ensure data cannot be read or used by the wrong people. Learn the basics of symmetric key encryption algorithms here. Continue Reading

• The ins and outs of cyber insurance coverage

  Cyber insurance coverage can help companies successfully navigate the aftereffects of a data breach. However, choosing a policy in the first place can be confusing. Continue Reading

• Definitions to Get Started

  • identity and access management (IAM)
  • information security (infosec)
  • steganography
  • pen test (penetration testing)

  • honeypot (computing)
  • National Security Agency (NSA)
  • physical security
  • user account provisioning

  View All Definitions

• What is the role of CISO in network security?

  The role of CISO in network security goes beyond risk management. It also requires understanding compliance regulations and business needs, as well as the ability to communicate security policies to nontechnical employees.Continue Reading

• Key features in building a security operations center

  Building a security operations center means understanding the key features you need to ensure your network remains protected against threats.Continue Reading

• What types of cybersecurity insurance coverage are available?

  Cybersecurity insurance coverage could prove invaluable to risk mitigation -- if it's chosen carefully. Find out which type of insurance plan is right for your organization.Continue Reading

• New network traffic analysis tools focus on security

  Companies have used traffic data analytics to improve bandwidth and network performance. Now, though, a new class of tools taps network data to improve security.Continue Reading

• Network traffic analysis tools secure a new, crucial role

  Gartner just produced its first-ever guide to network traffic analytics security tools. Learn how the analysis of network traffic is broadening to include network security.Continue Reading

• How does an island hopping attack work?

  Hackers know better than to directly attack a well-defended target; learn how they use island hopping attack strategies to elude defenders -- and how best to repel them.Continue Reading

• 5 ways to achieve a risk-based security strategy

  Learn five steps to implement a risk-based security strategy that naturally delivers compliance as a consequence of an improved security posture.Continue Reading

• Top 7 IT security frameworks and standards explained

  Several IT security frameworks and cybersecurity standards are available to help protect company data. Here's advice for choosing the right one for your organization.Continue Reading

• identity and access management (IAM)

  Identity and access management (IAM) is a framework of business processes, policies and technologies that facilitates the management of electronic or digital identities.Continue Reading

• Huawei ban highlights 5G security issues CISOs must tackle

  Why worry over Huawei? A U.S. ban of this Chinese company's products should remind CISOs that now is the time to consider security issues related to the rollout of the 5G network.Continue Reading

• information security (infosec)

  Information security (infosec) is a set of strategies for managing the processes, tools and policies necessary to prevent, detect, document and counter threats to digital and non-digital information.Continue Reading

• How to perform an ICS risk assessment in an industrial facility

  An important step to secure an industrial facility is performing an ICS risk assessment. Expert Ernie Hayden outlines the process and why each step matters.Continue Reading

• steganography

  Steganography (pronounced STEHG-uh-NAH-gruhf-ee, from Greek steganos, or "covered," and graphie, or "writing") is the hiding of a secret message within an ordinary message and the extraction of it at its destination.Continue Reading

• pen test (penetration testing)

  Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit.Continue Reading

• honeypot (computing)

  A honeypot is a network-attached system set up as a decoy to lure cyberattackers and to detect, deflect or study hacking attempts in order to gain unauthorized access to information systems.Continue Reading

• Cybersecurity defense in depth means more than ticking boxes

  F-Secure's Tom Van de Wiele explains the realities of cybersecurity defense in depth, and why companies need to have the right attitude to defend against cyberattacks.Continue Reading

• How to do risk management in cybersecurity using ERM

  Perfect security is impossible, but using risk management in cybersecurity using a range of strategies can significantly reduce your organization’s risk.Continue Reading

• Cyber-risk strategies and models for a post-perimeter age

  Cyber-risky business: The notion of the security perimeter has grown quaint. If a firewall is insufficient, where does IT turn to answers on how to protect assets?Continue Reading

• National Security Agency (NSA)

  The National Security Agency is the official U.S. cryptologic organization of the United States Intelligence Community under the Department of Defense.Continue Reading

• Are you next-gen secure? Defense-in-depth security key to IT

  The notion of a defensible security perimeter is outmoded, but that doesn't mean the goal of IT security is unattainable. Laying on defenses is what's needed now.Continue Reading

• The CISO job seems to be finally getting the credit it's due

  The CISO job has risen from the trenches of the IT department to a seat at the C-suite decision-makers' table. But time in the spotlight comes with great risk and responsibilities.Continue Reading

• The chief information security officer role grows in stature

  No longer do CISOs hunt for a seat at the decision-maker's table. But with increased recognition of their vital role comes vast responsibilities and need for a big skill set.Continue Reading

• What does a CISO do now? It's a changing, increasingly vital role

  What does a CISO do in this day and age? The responsibilities of a chief information security officer, the senior executive responsible for an organization's information security program, are growing dramatically. Once relegated to the IT department...Continue Reading

• CISSP Domain 3: Security systems engineering

  Planning to take the CISSP exam? Brush up on essential concepts and vocabulary in security systems engineering, covered in Domain 3, in this Security School.Continue Reading

• CISSP Domain 2 quiz: Data security control, asset protection

  Domain 2 of the CISSP exam, known as asset security, covers data security control, classification, ownership and more. Test your knowledge with this 10-question practice quiz.Continue Reading

• CISSP Domain 2: Asset security

  This Security School will help prepare you for Domain 2 of the CISSP exam, providing overviews of data encryption methods, data ownership concepts and asset protection.Continue Reading

• Identify and maintain ownership of data: A guide for CISSPs

  CISSPs must lead the way in driving good data management, which begins with defining data ownership and access policies. Learn more in this video with infosec expert Adam Gordon.Continue Reading

• What you need to know about setting up a SOC

  Setting up a SOC is different for every enterprise, but there are some fundamental steps with which to start. Expert Steven Weil outlines the basics for a security operations center.Continue Reading

• Security analysis principles and techniques for IT pros

  The drive for greater security fuels IT more than ever, but fighting infosec threats depends on locating the right data sets and analyzing them efficiently.Continue Reading

• Tactics for security threat analysis tools and better protection

  Threat analysis tools need to be in top form to counter a deluge of deadly security issues. Here are tips for getting the most from your analytics tool.Continue Reading

• Data obfuscation techniques: Best practices and design approaches

  Expert Ajay Kumar revisits the topic of data obfuscation techniques and explores the architectures, approaches and best practices for protecting enterprise data.Continue Reading

• physical security

  Physical security is the protection of people and systems from damage or loss due to physical events such as fire, flood, disasters, crimes or accidents.Continue Reading

• Information Governance and Security: Protecting and Managing Your Company's Proprietary

  In this excerpt of Information Governance and Security, authors John G. Iannarelli and Michael O'Shaughnessy offer tips for establishing guidelines for all departments or sectors of a business.Continue Reading

• Comparing the best data loss prevention products

  Expert Bill Hayes examines the strengths and weaknesses of top-rated data loss prevention (DLP) products to help enterprises make the right purchasing decision.Continue Reading

• Improve corporate data protection with foresight, action

  Better corporate data protection demands foresight and concrete action. Learn why breach training, monitoring and early detection capabilities can minimize damage when hackers attack.Continue Reading

• Learn from the past: Ensure a secure future of information security

  To ensure the future of information security, enterprises must learn from the past, launch proper training and install the right technologies.Continue Reading

• Tips for creating a data classification policy

  Before deploying and implementing a data loss prevention product, enterprises should have an effective data classification policy in place. Expert Bill Hayes explains how that can be done.Continue Reading

• How to keep track of sensitive data with a data flow map

  Expert Bill Hayes describes how to create a data flow map to visualize where sensitive data is processed, how it transits the network and where it's stored.Continue Reading

• Three usage scenarios for deploying data loss prevention products

  Expert Bill Hayes details usage scenarios for deploying data loss prevention: standalone suites, integrated tools and standalone/integrated DLP combined.Continue Reading

• The business case for data loss prevention products

  Data loss prevention (DLP) can help any organization where the loss of sensitive information could seriously impact continued operation, explains Bill Hayes.Continue Reading

• Introduction to data loss prevention products

  Expert Bill Hayes describes how data loss prevention (DLP) products can help identify and plug information leaks and improve enterprise security.Continue Reading

• The top full disk encryption products on the market today

  Full disk encryption can be a key component of an enterprise's desktop and laptop security strategy. Here's a look at some of the top FDE products in the industry.Continue Reading

• How does the Melbourne Shuffle prevent data access pattern recognition?

  Access pattern recognition in the cloud is becoming an enterprise risk. Expert Michael Cobb explains how the Melbourne Shuffle can improve access pattern security.Continue Reading

• Beyond PCI: Out-of-band security tips for credit card data protection

  Securing credit card data -- both online and at brick-and-mortar stores -- requires security measures beyond those mandated by PCI DSS. Expert Philip Alexander outlines six out-of-band security controls to consider.Continue Reading

• Inside DLP: Full-suite products, DLP lite, content analysis

  Data loss prevention (DLP) can be a confusing technology. Security expert Rich Mogull discusses the difference between DLP and DLP lite, as well as the ins and outs of content analysis.Continue Reading

• Figuring out the definition of data loss prevention

  The term 'data loss prevention' can be difficult to understand as it is used very broadly in the security industry. Learn the true definition of DLP and uncover why it is often the cause of confusion.Continue Reading

• PCI analysis: Marcus Ranum on why PCI DSS sets the bar too low

  Tenable CSO Marcus Ranum says Target-like breaches occurred even with PCI compliance because PCI established only a minimal set of requirements.Continue Reading

• PCI 3.0 special report: Reviewing the state of payment card compliance

  Get an in-depth analysis of PCI DSS 3.0, an illustrated history of PCI DSS and insights on the future of enterprise payment card compliance.Continue Reading

• Book chapter: Browser security principles, same-origin policy exceptions

  This is an excerpt from the book Web Application Security: A Beginner’s Guide that describes the intricacies of using script code within the framework of a same-origin policy.Continue Reading

• user account provisioning

  User account provisioning is a business process for creating and managing access to resources in an information technology (IT) system. To be effective, an account provisioning process should ensure that the creation of accounts and provisioning of...Continue Reading

• National Computer Security Center (NCSC)

  The National Computer Security Center (NCSC) is a U.S. government organization within the National Security Agency (NSA) that evaluates computing equipment for high security applications to ensure that facilities processing classified or other ...Continue Reading

• data masking

  Data masking is a method of creating a structurally similar but inauthentic version of an organization's data that can be used for purposes such as software testing and user training. The purpose is to protect the actual data while having a ...Continue Reading

• deperimeterization

  In network security, deperimeterization is a strategy for protecting a company's data on multiple levels by using encryption and dynamic data-level authentication.Continue Reading

• snooping

  Snooping, in a security context, is unauthorized access to another person's or company's data. The practice is similar to eavesdropping but is not necessarily limited to gaining access to data during its transmission. Snooping can include casual ...Continue Reading

• Google hacking (Google scanning or Engine hacking)

  Google hacking is the use of a search engine, such as Google, to locate a security vulnerability on the Internet...Continue Reading

• masquerade

  In general, a masquerade is a disguise.Continue Reading

• cut-and-paste attack

  A cut-and-paste attack is an assault on the integrity of a security system in which the attacker substitutes a section of ciphertext (encrypted text) with a different section that looks like (but is not the same as) the one removed.Continue Reading

• data splitting

  Data splitting is an approach to protecting sensitive data from unauthorized access by encrypting the data and storing different portions of a file on different servers.Continue Reading

• Information Security Governance Guide

  This guide provides an introduction to what information security governance and a security program are, and examines how to deploy security policies within any environment.Continue Reading

• minutiae

  In the biometric process of fingerscanning, minutiae are specific points in a finger image.Continue Reading