Get started
Bring yourself up to speed with our introductory content.
Get started
Bring yourself up to speed with our introductory content.
Pros and cons of an outsourced SOC vs. in-house SOC
Security operations centers have become an essential element of threat detection. Here's how to decide whether to build one in-house or outsource SOC capabilities. Continue Reading
How to pass the AWS Certified Security - Specialty exam
Author of 'AWS Certified Security - Specialty Exam Guide' Stuart Scott shares insights on how to prepare for the exam and reap the professional benefits of certification. Continue Reading
Practice AWS Certified Security - Specialty exam questions
Explore the security and compliance capabilities of the AWS Config service to prepare for the wide-ranging AWS Certified Security - Specialty certification exam. Continue Reading
-
Cyber insurance 101: Timely guidance on an essential tool
No one hopes for a breach, but as they become more common, any responsible cybersecurity team must anticipate one. One key element: choosing the right cyber insurance policy. Continue Reading
Try this cybersecurity quiz, test your cyberdefense smarts
Based on the November 2020 issue of Information Security magazine, this 10-question quiz lets you check your comprehensive knowledge of current security issues and earn CPE credit too. Continue Reading
AI in security analytics is the enhancement you need
AI-powered analytics is critical to an effective, proactive security strategy. Learn how AI-enabled tools work and what your organization needs to do to reap their benefits.Continue Reading
Benefits of virtual SOCs: Enterprise-run vs. fully managed
A virtual security operations center, be it managed in-house or by a third party, is becoming an increasingly popular option to save money and improve reliability.Continue Reading
Understanding the zero trust-SDP relationship
Zero trust is a complicated framework that spans the IT stack. Find out how software-defined perimeter can address zero trust's network-level access requirements.Continue Reading
How to prepare for a zero-trust model in the cloud
Zero-trust security in the cloud is different than it is on premises. Learn the concepts and policies to effectively achieve a zero-trust model in the cloud.Continue Reading
Changing the culture of information sharing for cybersecurity
Dan Young explains why it's time for the cybersecurity industry to come together regarding information sharing and how insurance providers, regulators and others could assist.Continue Reading
-
Developing a cyber resilience plan for today's threat landscape
A cyber resilience plan should complement a company's cybersecurity strategy so that the security culture and cyber hygiene is thought through in all IT and cybersecurity initiatives.Continue Reading
Quiz: Network security authentication methods
There are many methods available to authenticate users requesting access to an organization's systems. Test your knowledge with this quiz on authentication in network security.Continue Reading
What are the top secure data transmission methods?
Safe information transfer is a must for modern organizations, but not all secure data transmission methods are equal. Explore your secure data transfer options in this tip.Continue Reading
How self-sovereign identity principles suit the modern world
There are several core self-sovereign identity principles to consider before the concept can benefit the enterprise. Learn about the implications of SSI advancements in this Q&A.Continue Reading
5 key enterprise SOC team roles and responsibilities
Review the key players in the 2020 SOC and their specific responsibilities, as well as best practices to ensure effective teamwork for a secure organization.Continue Reading
Format-preserving encryption use cases, benefits, alternative
With format-preserving encryption, a ciphertext's format is the same as its plaintext's. Read up on the benefits of this cryptography method, NIST FPE methods, vendors and more.Continue Reading
Federal Information Security Management Act (FISMA)
The Federal Information Security Management Act (FISMA) is United States legislation that defines a framework of guidelines and security standards to protect government information, operations and assets.Continue Reading
Top 4 firewall-as-a-service security features and benefits
Firewall-as-a-service offerings implement security policies across consolidated traffic headed to all locations. Learn about four security features and benefits of FWaaS.Continue Reading
Test your cloud security smarts with these CCSP exam questions
Read up on cloud-based BCDR in this excerpt from Chapter 4 of 'CCSP Certified Cloud Security Professional All-in-One Guide,' then quiz yourself to see what you've learned.Continue Reading
Cloud computing security technology quiz
As companies migrate to the cloud to improve accessibility and scalability, there are many aspects of security to consider. Test your cloud security knowledge with this quiz.Continue Reading
Best practices for ethically teaching cybersecurity skills
Jonathan Meyers has recommendations that teachers and students can use to enhance their teaching and learning of cybersecurity skills to remain relevant in this fast-paced industry.Continue Reading
CISSP practice exam questions and answers
Test your knowledge and preparedness for the CISSP exam with 16 questions taken directly from the latest 'CISSP All-in-One Exam Guide' from McGraw Hill.Continue Reading
How to send secure email attachments
Sending sensitive information in attachments is inherently unsafe, and the main way to secure them -- encryption -- can be implemented inconsistently, negating security benefits.Continue Reading
Test your cybersecurity knowledge with this quick ISM quiz
Read our August 2020 e-zine, and then take this short quiz to test your knowledge of cybersecurity awareness training and other issues -- from types of CISOs to talent recruitment.Continue Reading
Which type of CISO are you? Company fit matters
Incompatibility between CISOs and their companies can lead to stress, frustration, burnout and rapid turnover. Identify your CISO style to target the ideal role and environment for you.Continue Reading
How to start an enterprise bug bounty program and why
Incentivizing researchers for finding software vulnerabilities can be advantageous for vendors and participants. Here's what to know before starting a bug bounty program.Continue Reading
Cloud security quiz: Application security best practices
Think you know all there is to know about securing apps in the cloud? Test your grasp of cloud application security best practices with this quiz.Continue Reading
IDS/IPS quiz: Intrusion detection and prevention systems
Want a baseline of your intrusion detection and prevention system knowledge? Test your insights with this IDS/IPS quiz.Continue Reading
Navigate the DOD's Cybersecurity Maturity Model Certification
The Cybersecurity Maturity Model Certification requires DOD contractors to achieve baseline security standards. Explore the five levels of certification and how to achieve them.Continue Reading
Identity management vs. authentication: Know the difference
Andrew Froehlich breaks down how authentication and identity management differ and how each of them are intrinsic to an identity and access management framework.Continue Reading
Use these CCSK practice questions to prep for the exam
Virtualization and container security are key topics in the Certificate of Cloud Security Knowledge credential. Test your knowledge with these CCSK practice questions.Continue Reading
Test your cyber-smarts with this network security quiz
Show what you know about the topics covered in the May 2020 issue of Information Security magazine. If you get nine of 10 answers right, you'll also receive CPE credit!Continue Reading
The what, why and how of the Spring Security architecture
Like any framework, Spring Security requires writing less code to implement the desired functionality. Learn how to implement the Spring Security architecture in this book excerpt.Continue Reading
The state of cybersecurity risk: Detection and mitigation
Hackers will always try to creep in, and many will succeed. That's why effective detection and mitigation are essential. How are enterprises faring?Continue Reading
AI-powered cyberattacks force change to network security
Companies now face sophisticated enemies using AI and machine learning tools for their attacks. It's a world of new dangers for those defending network systems and data.Continue Reading
Plan now for the future of network security
How to battle well-funded, technologically sophisticated threats and ensure high-quality network performance? CISOs need a plan to meet network challenges now and in the future.Continue Reading
Telework security requires meticulous caution, communication
Organizations that are proactive about telework security may enjoy a more resilient network environment. Follow five steps in this webinar to ensure secure remote work.Continue Reading
Words to go: Types of phishing scams
IT teams must take proactive measures to address security awareness when it comes to email. Learn about the types of phishing scams to mitigate risk.Continue Reading
The differences between web roles and worker roles in Azure
What sets web roles and worker roles apart in Microsoft's Azure Cloud Services? Here's a look at how they are different.Continue Reading
Comparing SASE vs. traditional network security architectures
Today's dispersed environments need stronger networking and security architectures. Enter cloud-based Secure Access Service Edge -- a new model for secure network access.Continue Reading
Considering the differences in LAN vs. WAN security
Given the differences in the security of LAN and WAN, enterprises need to guard against insider threats, secure against unauthorized access and potentially secure the edge, too.Continue Reading
CISA exam preparation requires learning ethics, standards, new vocab
The CISA certification is proof of an auditor's knowledge and skills. However, the exam isn't easy and requires some heavy learning -- especially when it comes to vocabulary.Continue Reading
CISA practice questions to prep for the exam
Ready to take the Certified Information Systems Auditor exam? Use these CISA practice questions to test your knowledge of the audit process job practice domain.Continue Reading
Get to know the elements of Secure Access Service Edge
Cloud services use cases continue to expand, but implementation challenges remain. Discover Secure Access Service Edge, or SASE, offerings and how they can simplify connectivity.Continue Reading
Risk management vs. risk assessment vs. risk analysis
Understanding risk is the first step to making informed budget and security decisions. Explore the differences between risk management vs. risk assessment vs. risk analysis.Continue Reading
6 cybersecurity strategies to solidify personal data protection
As consumers add more connected devices to personal networks, cybersecurity risk is hitting close to home. Here are steps individuals can take to ensure personal data protection.Continue Reading
Advanced cybersecurity fraud and how to fight it
Cybersecurity fraud's roots run deep, with fraudsters forever after the same thing: tricking others out of their valuable assets. Learn how to keep defenses high.Continue Reading
Software security testing and software stress testing basics
In this excerpt from Ric Messier's book, learn why software security testing and stress testing are critical components of an enterprise infosec program.Continue Reading
Wired vs. wireless network security: Best practices
Explore the differences between wired and wireless network security, and read up on best practices to ensure security with or without wires.Continue Reading
Try this cybersecurity quiz to test your (threat) intelligence
Check out our latest issue, and then test your understanding of the material. By passing this quiz, you'll solidify your knowledge and earn CPE credit, too.Continue Reading
2 components of detection and threat intelligence platforms
Deploying threat detection and intelligence platforms is one of the smartest ways to protect your organization's valuable assets. Make sure you know how to choose the best tool.Continue Reading
Cryptography basics: Symmetric key encryption algorithms
Scrambling plaintext into ciphertext is essential to ensure data cannot be read or used by the wrong people. Learn the basics of symmetric key encryption algorithms here.Continue Reading
'Computer Security Fundamentals:' Quantum security to certifications
New topics, from security engineering to quantum computing, are covered in 'Computer Security Fundamentals,' but the book's author suggests readers review some basic topics, too.Continue Reading
How does antimalware software work and what are the detection types?
Virus detection techniques used by antimalware tools can be a huge boost to enterprise cybersecurity programs. Learn how antimalware software works and its benefits in this tip.Continue Reading
How to write a quality penetration testing report
Writing a penetration testing report might not be the most fun part of the job, but it's a critical component. These tips will help you write a good one.Continue Reading
What are the most common digital authentication methods?
In order to build and maintain a comprehensive access management program, enterprise leaders must get to know the various forms of digital authentication at their disposal.Continue Reading
Understanding the CSA Cloud Controls Matrix and CSA CAIQ
Uncover how the CSA Cloud Controls Matrix and CSA CAIQ can be used to assess cloud providers' controls and risk models, ensure cloud compliance and more.Continue Reading
Put application security testing at the top of your do-now list
It's time to take a new attitude toward application security. Learn what must be tested and the specific steps that will take your apps from vulnerable to fortified.Continue Reading
Craft an effective application security testing process
For many reasons, only about half of all web apps get proper security evaluation and testing. Here's how to fix that stat and better protect your organization's systems and data.Continue Reading
The who, what, why -- and challenges -- of CISM certification
Think you're ready for the CISM certification exam? Peter Gregory, author of CISM: Certified Information Security Manager Practice Exams, has some pointers for you.Continue Reading
How to keep each cloud workload accessible and secure
Cloud security long operated on a shared-responsibility model, but lately that burden has shifted to the shoulders of the in-house security team.Continue Reading
Learn some key cloud workload protection best practices
Learn key practices to protect cloud workloads whether using VMs, endpoints or containers. And don't forget to consider the best means for building a fruitful feedback loop.Continue Reading
What cloud workload security tools and controls work best?
Read on to learn how to build a cloud security model that allows your team to embed controls and monitor deployment without getting in the way of business processes.Continue Reading
The ins and outs of cyber insurance coverage
Cyber insurance coverage can help companies successfully navigate the aftereffects of a data breach. However, choosing a policy in the first place can be confusing.Continue Reading
How to implement zero-trust cloud security
The nature of cloud environments and workloads is changing. Security team approaches must evolve in response. Learn how to implement zero-trust cloud security from expert Dave Shackleford.Continue Reading
What is the role of CISO in network security?
The role of CISO in network security goes beyond risk management. It also requires understanding compliance regulations and business needs, as well as the ability to communicate security policies to nontechnical employees.Continue Reading
Building a security operations center with these features
Building a security operations center means understanding the key features you need to ensure your network remains protected against threats.Continue Reading
Do you have the right set of penetration tester skills?
Pen testing is more than just the fun of breaking into systems. Learn about the critical penetration tester skills potential candidates must master to become proficient in their career path.Continue Reading
Comparing Diffie-Hellman vs. RSA key exchange algorithms
See which encryption method uses digital signatures, symmetric key exchanges, bulk encryption and much more in this Diffie-Hellman vs. RSA showdown.Continue Reading
Raise enterprise network visibility, and security rises too
The need to improve network visibility has bedeviled IT teams for years. Better tools offer hope but there are privacy and ethical concerns that come with responsible use.Continue Reading
application whitelisting
Application whitelisting is the practice of specifying an index of approved software applications or executable files that are permitted to be present and active on a computer system.Continue Reading
Test your grasp of AI threats, privacy regulations and more
Test your grasp of current security topics like AI in cybersecurity and what privacy regulations require. Then receive CPE credit by passing this quiz.Continue Reading
Enterprises feel the pain of cybersecurity staff shortages
It's hard enough keeping up with today's threats on a good day. But when your IT organization is spread thin, especially in terms of cybersecurity staff, the challenges mount.Continue Reading
CompTIA PenTest+ practice test questions to assess your knowledge
Think you're ready to take the CompTIA PenTest+ certification exam? Test your skill set with some of the sample multiple-choice questions you may be facing.Continue Reading
6 different types of hackers, from black hat to red hat
Black, white and grey hats are familiar to security pros, but as the spectrum evolves to include green, blue and red, things get muddled. Brush up on types of hackers, new and old.Continue Reading
What types of cybersecurity insurance coverage are available?
Cybersecurity insurance coverage could prove invaluable to risk mitigation -- if it's chosen carefully. Find out which type of insurance plan is right for your organization.Continue Reading
The 3 pillars of a DevSecOps model
In this excerpt from Chapter 1 of Securing DevOps: Security in the Cloud, author Julien Vehent describes three principles critical to the DevSecOps model.Continue Reading
The 3 types of DNS servers and how they work
DNS is a core internet technology, instrumental in mapping human-readable domains into corresponding IP addresses. Learn about the three DNS server types and their roles in the internet.Continue Reading
Penetration testing vs. red team: What's the difference?
Is penetration testing the same as red team engagement? There are similarities, but they're not the same. Understand the differences to improve your organization's cyberdefenses.Continue Reading
Create a manageable, secure IT/OT convergence strategy in 3 steps
An effective IT/OT strategy requires at least three things: an evangelist, an infrastructure reference architecture and a plan to sanely divide operations between IT and OT.Continue Reading
Cybersecurity frameworks hold key to solid security strategy
Cybersecurity frameworks take work, but they help organizations clarify their security strategies. If you don't have one, here's what to consider, even for emerging perimeterless security options.Continue Reading
What's the purpose of CAPTCHA technology and how does it work?
Learn about the purpose of CAPTCHA challenges that enable websites to differentiate bots from authentic users to stop spammers from hijacking forums and blog comment sections.Continue Reading
Test your infosec smarts about IAM and other key subjects
Solidify your knowledge and get CPE credits by taking this quiz on IAM, security frameworks, IoT third-party risks and more.Continue Reading
What it takes to be a DevSecOps engineer
To address security early in the application development process, DevSecOps requires a litany of skills and technology literacy. Learn what it takes to be a DevSecOps engineer.Continue Reading
How to build and maintain a multi-cloud security strategy
When using multiple cloud service providers, it's critical to consider your enterprise's cloud scope and the specifics of each cloud service to maintain security.Continue Reading
How does AttackSurfaceMapper help with attack surface mapping?
A new open source pen testing tool expedites attack surface mapping -- one of the most important aspects of any penetration testing engagement.Continue Reading
How to navigate the often challenging CISO career path
There's no clear-cut path to becoming a CISO. However, the right security certifications, an ever-questioning attitude and a strong network of CISO peers can help prepare you for the journey.Continue Reading
New network traffic analysis tools focus on security
Companies have used traffic data analytics to improve bandwidth and network performance. Now, though, a new class of tools taps network data to improve security.Continue Reading
Network traffic analysis tools secure a new, crucial role
Gartner just produced its first-ever guide to network traffic analytics security tools. Learn how the analysis of network traffic is broadening to include network security.Continue Reading
How to build an enterprise penetration testing plan
Simulating an attack against your network is one of the best ways to remediate security holes before the bad guys find them. Here, learn penetration testing basics and how it can help keep your enterprise safe.Continue Reading
How to start building a DevSecOps model
To help transition to a DevSecOps model to protect enterprises, security teams need to identify key stakeholders, provide examples of specific company security events and work toward creating crossover teams.Continue Reading
The must-have skills for cybersecurity aren't what you think
The most critical skills that cybersecurity lacks -- like leadership buy-in, people skills and the ability to communicate -- are not the ones you hear about. That needs to change.Continue Reading
New tech steers identity and access management evolution
IAM is evolving to incorporate new technologies -- like cloud-based services and containerization -- promising more secure, granular management of access to company IT assets.Continue Reading
How to pass the CISSP exam on your first try: Tips to get a good score
Want to become a CISSP? Here's everything you need to know, such as how difficult the exam is, tips for studying, what's needed to obtain a passing score and more.Continue Reading
How to limit the cloud security blast radius of credential attacks
Explore how the security blast radius concept, which has admins evaluating how to assess and limit the damage of a threat, can be applied to cloud identity and access management.Continue Reading
Portrait of a CISO: Roles and responsibilities
Success in the role of CISO requires security experts to wear many hats. Couple that with changes in compliance regulations and sophisticated cyberthreats, and CISOs are left with a full plate.Continue Reading
How does an island hopping attack work?
Hackers know better than to directly attack a well-defended target; learn how they use island hopping attack strategies to elude defenders -- and how best to repel them.Continue Reading
Building a threat intelligence framework: Here's how
A robust threat intelligence framework is a critical part of a cybersecurity plan. A top researcher discusses what companies need to know.Continue Reading
What are the core components of a cybersecurity framework?
Cybersecurity frameworks differ from one company to another, but each plan has four fundamental stages. Find out what you need to know.Continue Reading
Strategies to mitigate cybersecurity incidents need holistic plans
Every organization needs strategies to mitigate cybersecurity incidents, but what areas should the strategies address? Find out what experts suggest to protect the entire organization.Continue Reading