Topics Archive

Topics Archive News

October 27, 2020 27 Oct'20
Mitre ATT&CK: How it has evolved and grown

Adoption of the Mitre ATT&CK framework, which saw version 8.0 released Tuesday, has grown rapidly over the last years, though challenges still remain for enterprise users.
February 26, 2019 26 Feb'19
CERT/CC's Art Manion says CVSS scoring needs to be replaced

Security expert Art Manion discusses what he calls major problems within the Common Vulnerability Scoring System and explains why CVSS needs to be replaced.
August 03, 2018 03 Aug'18
Five things to watch for at Black Hat USA this year

As Black Hat USA 2018 approaches, we take a quick look at trends in the conference agenda and sessions not to miss.
April 30, 2018 30 Apr'18
Algorithmic discrimination: A coming storm for security?

Following several RSA Conference 2018 talks on machine learning and AI, it's worth asking how algorithmic discrimination might manifest in the infosec industry.

Bring yourself up to speed with our introductory content

cipher

In cryptography, a cipher is an algorithm for encrypting and decrypting data. Continue Reading
cryptographic nonce

A nonce is a random or semi-random number that is generated for a specific use. Continue Reading
SSL VPN (Secure Sockets Layer virtual private network)

An SSL VPN is a type of virtual private network (VPN) that uses the Secure Sockets Layer (SSL) protocol -- or, more often, its successor, the Transport Layer Security (TLS) protocol -- in standard web browsers to provide secure, remote access VPN ... Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

Site-to-site VPN security benefits and potential risks

Not every enterprise needs the functionality of a standard VPN client. A site-to-site VPN may be a better choice for some companies, but it's not without risk. Continue Reading
Top 3 advantages of smart cards -- and potential disadvantages

As smart card adoption increases, it is prudent to take a closer look at how this technology can improve data security. Here, read more about the benefits of smart cards. Continue Reading
Is VPN split tunneling worth the security risks?

Enabling VPN split tunneling may increase speed and decrease bandwidth use and costs, but it also increases the number of security vulnerabilities faced. Continue Reading

Learn to apply best practices and optimize your operations.

Certified Information Security Manager (CISM)

Certified Information Security Manager (CISM) is an advanced certification that indicates that an individual possesses the knowledge and experience required to develop and manage an enterprise information security (infosec) program. Continue Reading
identity management (ID management)

Identity management (ID management) is the organizational process for ensuring that individuals have the appropriate access to technology resources. Continue Reading
federated identity management (FIM)

Federated identity management (FIM) is an arrangement between multiple enterprises or domains that enables their users to use the same identification data (digital identity) to access all their networks. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

How to defend against TCP port 445 and other SMB exploits

Keeping TCP port 445 and other SMB ports open is necessary for resource sharing, yet this can create an easy target for attackers without the proper protections in place. Continue Reading
How to rank enterprise network security vulnerabilities

Risk management programs yield massive data on network security vulnerabilities. Infosec pros must rank risks to prioritize remediation efforts. Continue Reading
The top 6 SSH risks and how regular assessments cut danger

By performing ongoing risk assessments, organizations can keep their SSH vulnerabilities at a minimum and ensure their remote access foundation is secure. Continue Reading