Get started

Get started

Bring yourself up to speed with our introductory content.

• What is MTA-STS and how will it improve email security?

  Discover how the MTA-STS specification will improve email security by encrypting messages and enabling secure, authenticated email transfers between SMTP servers. Continue Reading

• 5 ways to achieve a risk-based security strategy

  Learn five steps to implement a risk-based security strategy that naturally delivers compliance as a consequence of an improved security posture. Continue Reading

• How can SIEM and SOAR software work together?

  Many security pros initially thought SOAR software could replace SIEM. Our security expert advocates learning how SIEM and SOAR can work together. Continue Reading

• Top 7 IT security frameworks and standards explained

  Several IT security frameworks and cybersecurity standards are available to help protect company data. Here's advice for choosing the right one for your organization. Continue Reading

• The future of SIEM: What needs to change for it to stay relevant?

  Compared to security orchestration, automation and response (SOAR) software, SIEM systems are dated. Expert Andrew Froehlich explains how SIEM needs to adapt to keep up. Continue Reading

• Definitions to Get Started

  • PKI (public key infrastructure)
  • obfuscation
  • dumpster diving
  • cyber hijacking

  • challenge-response authentication
  • antimalware (anti-malware)
  • botnet
  • SOAR (security orchestration, automation and response)

  View All Definitions

• How to find an MSP to protect you from outsourcing IT risks

  Check out what questions to ask MSPs to make sure they have the right security systems in place to protect your organization against outsourcing IT risks.Continue Reading

• How do buffer overflow attacks work?

  Buffer overflow attacks are simple exploits that can give an attacker control over a program or process. Learn how these attacks work and how to make sure they don't happen to you.Continue Reading

• cyberwarfare

  Cyberwarfare is computer- or network-based conflict involving politically motivated attacks by a nation-state on another nation-state.Continue Reading

• spear phishing

  Spear phishing is an email spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information.Continue Reading

• bridge

  A bridge is a class of network device that’s designed to connect networks at OSI Level 2, which is the data link layer of a local-area network (LAN).Continue Reading

• cyberterrorism

  According to the U.S. Federal Bureau of Investigation, cyberterrorism is any 'premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by ...Continue Reading

• CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart)

  A CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) is a type of challenge-response system designed to differentiate humans from robotic software programs.Continue Reading

• Why EDR technologies are essential for endpoint protection

  In this post-perimeter era, endpoint detection and response tools can provide essential protection to thwart advanced persistent threats. Learn what EDR offers.Continue Reading

• Endpoint security tools get an essential upgrade

  Malware, APTs and other threats are getting smarter, but so are endpoint detection and response products. Learn what the latest versions can do to keep threats away.Continue Reading

• data breach

  A data breach is a confirmed incident in which sensitive, confidential or otherwise protected data has been accessed and/or disclosed in an unauthorized fashion.Continue Reading

• private key

  A private key, also known as a secret key, is a variable in cryptography that is used with an algorithm to encrypt and decrypt code.Continue Reading

• How to perform a building security assessment

  There are four major systems to review in a building security assessment. Learn what they are and how to review their potential cyber and physical risks.Continue Reading

• How to conduct a security risk review on a large building

  Assessors cannot dive into a security risk review of a large building; they have to prepare and strategize ahead of time. Learn how to get ready for this type of security assessment.Continue Reading

• cryptographic nonce

  A nonce is a random or semi-random number that is generated for a specific use, typically related to cryptographic communication or information technology.Continue Reading

• 5 common authentication factors to know

  Multifactor authentication is a security system that requires two or more authentication steps to verify the user's identity. Discover the most important terms related to MFA.Continue Reading

• How to manage application security best practices and risks

  The reality of application security risks requires software developers to be mindful of testing, tools and best practices to improve user experience and information security.Continue Reading

• Take this cybersecurity-challenges quiz and score CPE credit

  Just finished ISM's May 2019 issue? Solidify your knowledge, and get CPE credits too, by passing this 10-question quiz.Continue Reading

• Huawei ban highlights 5G security issues CISOs must tackle

  Why worry over Huawei? A U.S. ban of this Chinese company's products should remind CISOs that now is the time to consider security issues related to the rollout of the 5G network.Continue Reading

• Conquering cloud security threats with awareness and tools

  Continue Reading

• key fob

  A key fob is a small, programmable hardware device that provides access to a physical object. Key fobs, are used to provide one-factor authentication for objects such as doors or automobiles. They are also used as an authentication factor for ...Continue Reading

• How to put AI security to work in your organization

  Countering cyberthreats through human effort alone is impossible; you need to add AI and machine learning products to your security program. Here's how to get started.Continue Reading

• Transport Layer Security (TLS)

  Transport Layer Security (TLS) is a protocol that provides authentication, privacy, and data integrity between two communicating computer applications.Continue Reading

• van Eck phreaking

  Van Eck phreaking is a form of electronic eavesdropping that reverse engineers the electromagnetic fields (EM fields) produced by a computing device.Continue Reading

• distributed denial of service (DDoS) attack

  A distributed denial-of-service (DDoS) attack is an attack in which multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource.Continue Reading

• checksum

  A checksum is a value that represents the number of bits in a transmission message and is used by IT professionals to detect high-level errors within data transmissions.Continue Reading

• logic bomb

  A logic bomb, sometimes referred to as slag code, is a string of malicious code used to cause harm to a network when the programmed conditions are met.Continue Reading

• information security (infosec)

  Information security (infosec) is a set of strategies for managing the processes, tools and policies necessary to prevent, detect, document and counter threats to digital and non-digital information.Continue Reading

• payload (computing)

  In computing, a payload is the carrying capacity of a packet or other transmission data unit. The term has its roots in the military and is often associated with the capacity of executable malicious code  to do damage. Technically, the payload of a ...Continue Reading

• passphrase

  A passphrase is a string of characters longer than the usual password (which is typically from four to 16 characters long) that is used in creating a digital signature (an encoded signature that proves to someone that it was really you who sent a ...Continue Reading

• Mimikatz tutorial: How it hacks Windows passwords, credentials

  In this Mimikatz tutorial, learn about the password and credential dumping program, where you can acquire it and how easy it makes it to compromise system passwords.Continue Reading

• Diffie-Hellman key exchange (exponential key exchange)

  Diffie-Hellman key exchange, also called exponential key exchange, is a method of digital encryption that uses a number raised to specific powers to produce decryption keys that are never directly transmitted, making the task of a would-be code ...Continue Reading

• cache poisoning (DNS poisoning, web cache poisoning)

  Cache poisoning is an attack vector that exploits the way domain name system (DNS) clients and web servers improve performance by saving old responses for a specified period of time in a temporary storage area called cache.Continue Reading

• Try this quiz on cybersecurity problems to earn CPE credit

  This quiz tests your understanding of key cybersecurity issues in 2019 covered in the February issue of 'Information Security' magazine. Pass the quiz and earn CPE credit.Continue Reading

• How to comply with the California privacy act

  Organizations that handle California consumer data have a year to comply with CCPA. Expert Steven Weil discusses what enterprises need to know about the California privacy law.Continue Reading

• Three examples of multifactor authentication use cases

  When evaluating the business case for multifactor authentication, an organization must first identify how these three operational scenarios apply to a potential implementation.Continue Reading

• Exploring multifactor authentication benefits and technology

  Take a look at multifactor authentication benefits and methods, as well as how the technologies have evolved from key fobs to smartphones, mobile devices and the cloud.Continue Reading

• How to perform an ICS risk assessment in an industrial facility

  An important step to secure an industrial facility is performing an ICS risk assessment. Expert Ernie Hayden outlines the process and why each step matters.Continue Reading

• Customer identity and access management: Why now and how?

  There's an important distinction between consumers and customers; just as crucial is understanding the difference between customer IAM and traditional IAM.Continue Reading

• brute force attack

  Brute force (also known as brute force cracking) is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than ...Continue Reading

• steganography

  Steganography (pronounced STEHG-uh-NAH-gruhf-ee, from Greek steganos, or "covered," and graphie, or "writing") is the hiding of a secret message within an ordinary message and the extraction of it at its destination.Continue Reading

• PCI DSS merchant levels

  Merchant levels are used by the payment card industry (PCI) to determine risk levels and determine the appropriate level of security for their businesses. Specifically, merchant levels determine the amount of assessment and security validation that ...Continue Reading

• sandbox (software testing and security)

  A sandbox is an isolated testing environment that enables users to run programs or execute files without affecting the application, system or platform on which they run.Continue Reading

• SSL (Secure Sockets Layer)

  Secure Sockets Layer (SSL) is a networking protocol designed for securing connections between web clients and web servers over an insecure network, such as the internet.Continue Reading

• Certified Information Systems Security Professional (CISSP)

  Certified Information Systems Security Professional (CISSP) is an information security certification developed by the International Information Systems Security Certification Consortium, also known as (ISC)².Continue Reading

• What Moody's cyber-risk ratings mean for enterprises

  Moody's announced it will soon begin composing cyber-risk ratings for enterprises. Kevin McDonald explores the move and what it could mean for enterprises and the infosec industry.Continue Reading

• 5 actionable deception-tech steps to take to fight hackers

  Consider taking these five 'deceptive' steps to make your detection and response capabilities speedier, more effective and to improve your company's security posture.Continue Reading

• RSA algorithm (Rivest-Shamir-Adleman)

  The RSA algorithm is the basis of a cryptosystem -- a suite of cryptographic algorithms that are used for specific security services or purposes -- which enables public key encryption and is widely used to secure sensitive data, particularly when it...Continue Reading

• IP Spoofing

  IP spoofing is the crafting of Internet Protocol (IP) packets with a source IP address that has been modified to impersonate another computer system, or to hide the identity of the sender, or both.Continue Reading

• Testing email security products: Challenges and methodologies

  Kevin Tolly of the Tolly Group offers a look at how his company set out to test several email security products, as well as the challenges it faced to come up with sound methodologies.Continue Reading

• smart card

  A smart card is a physical card that has an embedded integrated chip that acts as a security token.Continue Reading

• cipher

  In cryptology, the discipline concerned with the study of cryptographic algorithms, a cipher is an algorithm for encrypting and decrypting data.Continue Reading

• one-time password (OTP)

  A one-time password (OTP) is an automatically generated numeric or alphanumeric string of characters that authenticates the user for a single transaction or login session.Continue Reading

• pen test (penetration testing)

  Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit.Continue Reading

• NIST incident response plan: 4 steps to better incident handling

  The NIST incident response plan involves four phases enterprises can take to improve security incident handling. Expert Mike O. Villegas reviews each step.Continue Reading

• How to protect enterprise ICS networks with firewalls

  ICS network security can be improved using firewalls. Expert Ernie Hayden explains how ICS-specific firewalls can help keep ICS networks strong and protected.Continue Reading

• How Shodan helps identify ICS cybersecurity vulnerabilities

  Shodan can be a helpful tool for security pros to locate ICS cybersecurity vulnerabilities. Expert Ernie Hayden explains how Shodan works and how it can be used for security.Continue Reading

• denial-of-service attack

  A denial-of-service attack is a security event that occurs when an attacker prevents legitimate users from accessing specific computer systems, devices, services or other IT resources.Continue Reading

• role-based access control (RBAC)

  Role-based access control (RBAC) is a method of restricting network access based on the roles of individual users within an enterprise.Continue Reading

• How does the SynAck ransomware use Process Doppelgänging?

  A technique called Process Doppelgänging was used by the SynAck ransomware to bypass security software. Expert Michael Cobb explains how this technique works and why it's unique.Continue Reading

• ethical hacker

  An ethical hacker, also referred to as a white hat hacker, is an information security expert who systematically attempts to penetrate a computer system, network, application or other computing resource on behalf of its owners -- and with their ...Continue Reading

• WannaCry ransomware

  The WannaCry ransomware is a worm that spreads by exploiting vulnerabilities in the Windows operating system.Continue Reading

• digital certificate

  A digital certificate, also known as a public key certificate, is used to cryptographically link ownership of a public key with the entity that owns it.Continue Reading

• SIEM evaluation criteria: Choosing the right SIEM products

  Establishing solid SIEM evaluation criteria and applying them to an organization's business needs goes far when selecting the right SIEM products. Here are the questions to ask.Continue Reading

• Advances in access governance strategy and technology

  Recent advances in IAM policy, strategy and technology are raising companies' ability authenticate identities and manage access to their systems and data.Continue Reading

• SIEM benefits include efficient incident response, compliance

  SIEM tools enable centralized reporting, which is just one of the many SIEM benefits. Others include real-time incident response, as well as insight for compliance reporting.Continue Reading

• certificate authority (CA)

  A certificate authority (CA) is a trusted entity that issues digital certificates, which are data files used to cryptographically link an entity with a public key.Continue Reading

• hacktivism

  Hacktivism is the act of hacking, or breaking into a computer system, for a politically or socially motivated purpose.Continue Reading

• A comprehensive guide to SIEM products

  Expert Karen Scarfone examines security information and event management systems and explains why SIEM systems and SIEM products are crucial for enterprise security.Continue Reading

• Endgame's Devon Kerr on what it takes to be a threat hunter

  Threat hunting goes beyond mere monitoring and detection. Endgame's Devon Kerr explains tomorrow's threat hunters and the keys to successful cyberthreat hunting.Continue Reading

• Fine-tuning incident response automation for optimal results

  Wondering where to apply automation to incident response in order to achieve the best results? The variety of options might be greater than you imagine. Read on to learn more.Continue Reading

• Certified Cloud Security Professional (CCSP)

  The Certified Cloud Security Professional (CCSP) certification is intended for experienced IT professionals who have a minimum of five years of experience in the industry with three of those years being in information security and one year in one of...Continue Reading

• federated identity management

  Federated identity management (FIM) is an arrangement that can be made between multiple enterprises to let subscribers use the same identification data to obtain access to the networks of all the enterprises in the group.Continue Reading

• next-generation firewall (NGFW)

  A next-generation firewall (NGFW) is a part of the third generation of firewall technology that is implemented in either hardware or software and is capable of detecting and blocking sophisticated attacks by enforcing security policies at the ...Continue Reading

• Know your enemy: Understanding insider attacks

  Insider attacks are a significant threat to enterprises. Expert Ernie Hayden provides an introduction to insider threats and how organizations can protect themselves.Continue Reading

• AI and machine learning in network security advance detection

  Applying AI, and specifically machine learning, in network security helps protect enterprises against advanced persistent threats and sophisticated cybercriminals.Continue Reading

• Insider threat report tracks annual cost of theft, carelessness

  The Ponemon Institute study "2018 Cost of Insider Threats" examines the cost to companies victimized by material insider threat incidents during the past 12 months.Continue Reading

• IPsec (Internet Protocol Security)

  IPsec, also known as the Internet Protocol Security or IP Security protocol, defines the architecture for security services for IP network traffic.Continue Reading

• McAfee CISO explains why diversity in cybersecurity matters

  Improving diversity in cybersecurity teams can help improve their ability to address cybersecurity challenges through diversity of thought, suggests McAfee CISO Grant Bourzikas.Continue Reading

• authentication

  Authentication is the process of determining whether someone or something is, in fact, who or what it declares itself to be.Continue Reading

• email virus

  An email virus consists of malicious code that is distributed in email messages, and it can be activated when a user clicks on a link in an email message, opens an email attachment or interacts in some other way with the infected email message.Continue Reading

• claims-based identity

  Claims-based identity is a means of authenticating an end user, application or device to another system in a way that abstracts the entity's specific information while providing data that authorizes it for appropriate and relevant interactions.Continue Reading

• social engineering

  Social engineering is an attack vector that relies heavily on human interaction and often involves manipulating people into breaking normal security procedures and best practices in order to gain access to systems, networks or physical locations, or...Continue Reading

• How security operations centers work to benefit enterprises

  One key support system for enterprises is security operations centers. Expert Ernie Hayden reviews the basic SOC framework and the purposes they can serve.Continue Reading

• How to best secure DNS? There's more than one approach

  Few aspects of the internet are as crucial as the domain name system. It may be that a 'passive' approach to DNS security is the most effective approach.Continue Reading

• Protecting the DNS protocol: How DNSSEC can help

  Securing the DNS protocol is no joke. Learn what the DNS Security Extensions are and the efforts the United States government is taking to push DNSSEC adoption.Continue Reading

• Ways to solve DNS security issues in your organization

  Get up to speed fast on means and methods for reducing or eliminating security-related issues in DNS, an integral service upon which the internet depends.Continue Reading

• How the BloodHound tool can improve Active Directory security

  Auditing Active Directory can be made easier with tools like the open source BloodHound tool. Expert Joe Granneman looks at the different functions of the tool and how it can help.Continue Reading

• evil maid attack

  An evil maid attack is a security exploit that targets a computing device that has been shut down and left unattended.  An evil maid attack is characterized by the attacker's ability to physically access the target multiple times without the owner's...Continue Reading

• What is included in the mPOS security standard from PCI SSC?

  The PCI SSC developed an mPOS security standard to improve mobile payment and PIN systems. Expert Michael Cobb looks at what the requirements are and how they help.Continue Reading

• Common Body of Knowledge (CBK)

  In security, Common Body of Knowledge (CBK) is a comprehensive framework of all the relevant subjects a security professional should be familiar with, including skills, techniques and best practices.Continue Reading

• Metamorphic virus

  A metamorphic virus is a type of malware that is capable of changing its code and signature patterns with each iteration.Continue Reading

• Self-sovereign identity: How will regulations affect it?

  Will laws like GDPR and PSD2 force enterprises to change their identity management strategies? Expert Bianca Lopes talks regulations, self-sovereign identity and blockchain.Continue Reading

• Cybersecurity defense in depth means more than ticking boxes

  F-Secure's Tom Van de Wiele explains the realities of cybersecurity defense in depth, and why companies need to have the right attitude to defend against cyberattacks.Continue Reading

• How to do risk management in cybersecurity using ERM

  Perfect security is impossible, but using risk management in cybersecurity using a range of strategies can significantly reduce your organization’s risk.Continue Reading

• Cyber-risk strategies and models for a post-perimeter age

  Cyber-risky business: The notion of the security perimeter has grown quaint. If a firewall is insufficient, where does IT turn to answers on how to protect assets?Continue Reading