Browse Definitions:

SearchSecurity

SearchSecurity provides immediate access to breaking industry news, virus alerts, new hacker threats and attacks, security certification training resources, security standard compliance, webcasts, white papers, podcasts, Security Schools, a selection of highly focused security newsletters and more -- all at no cost. Nowhere else will you find such a highly targeted combination of resources specifically dedicated to the success of today's IT-security professional.

View the complete archive of Enterprise Information Security news, research and expert advice.

Go to:  SearchSecurity

Recently on  SearchSecurity

Okiru malware puts billions of connected devices at risk

News roundup: Okiru, a new Mirai variant, could put over 1.5 billion devices at risk of a botnet. Plus, G Suite Enterprise now comes with a security center, and more.

More Highlights
Definitions
  • security information and event management (SIEM)

    Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of organization’s information technology (IT) security. 

  • polymorphic virus

    A polymorphic virus is a harmful, destructive or intrusive type of malware that can change or 'morph,' making it difficult to detect with antimalware programs.

  • cyberterrorism

    According to the U.S. Federal Bureau of Investigation, cyberterrorism is any 'premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents.'

Browse Security Topics

Data security

In an era when data theft and security breaches are daily occurrences, secure data storage is a key component of a security infrastructure. This introduction to enterprise data security and protection strategies offers advice on how to lock down stored data, data backup and recovery, disk and file encryption and database security.

Recent Definitions

  • data breach

    A data breach is a confirmed incident in which sensitive, confidential or otherwise protected data has been accessed and/or disclosed in an unauthorized fashion.

  • zero-day (computer)

    A zero-day vulnerability, also known as a computer zero day, is a flaw in software, hardware or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw.

  • encryption

    In computing, encryption is the method by which plaintext or any other type of data is converted from a readable form to an encoded version that can only be decoded by another entity if they have access to a decryption key.

Highlights

More Data security Topics

Back to Top

Identity and access management

Identity and access management tools are integral to maintaining data security in the enterprise. Here you'll find information on passwords, authentication and Web access control. Browse the identity management and access control topics below for the latest news, expert advice, learning tools and more.

Recent Definitions

  • facial recognition

    Facial recognition (or face recognition) is a type of biometric software application that can identify a specific individual in a digital image by analyzing and comparing patterns.

  • biometrics

    Biometrics is the measurement and statistical analysis of people's unique physical and behavioral characteristics.

  • principle of least privilege (POLP)

    The principle of least privilege (POLP), an important concept in computer security, is the practice of limiting access rights for users to the bare minimum permissions they need to perform their work.

Highlights

More Identity and access management Topics

Back to Top

Network security

Recent Definitions

  • security information and event management (SIEM)

    Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of organization’s information technology (IT) security. 

  • Stuxnet

    The Stuxnet worm is a rootkit exploit that targets supervisory control and data acquisition (SCADA) systems.

  • encryption

    In computing, encryption is the method by which plaintext or any other type of data is converted from a readable form to an encoded version that can only be decoded by another entity if they have access to a decryption key.

Highlights

More Network security Topics

Back to Top

Security training and jobs

The information security careers, training and certification resource center provides the latest news, expert advice and learning tools to help you make informed career choices, learn about CISSP, SANS and CISA certification, and the training required for information security jobs.

Recent Definitions

  • hacker

    A hacker is an individual who uses computer, networking or other skills to overcome a technical problem.

  • CSO (Chief Security Officer)

    A Chief Security Officer (CSO) is the employee responsible for the physical security of a company, including its communication and business systems.

  • CISO (chief information security officer)

    The CISO (chief information security officer) is a senior-level executive responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats.

Highlights

More Security training and jobs Topics

Back to Top

Infosec programs

CISOs and information security programs are vital to protecting enterprises against today's cyber threats. In this resource centers, get the latest news and advice about CISO practices, infosec prrogram management and more.

Recent Definitions

  • cyberterrorism

    According to the U.S. Federal Bureau of Investigation, cyberterrorism is any 'premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents.'

  • principle of least privilege (POLP)

    The principle of least privilege (POLP), an important concept in computer security, is the practice of limiting access rights for users to the bare minimum permissions they need to perform their work.

  • encryption

    In computing, encryption is the method by which plaintext or any other type of data is converted from a readable form to an encoded version that can only be decoded by another entity if they have access to a decryption key.

Highlights

More Infosec programs Topics

Back to Top

Risk management strategies

A risk management program is a key component for enterprise security. This section offers insight on security risk management frameworks and strategies as well as best practices on conducting effective risk assessments, vulnerability assessments, penetration tests and more.

Recent Definitions

  • user behavior analytics (UBA)

    User behavior analytics (UBA) is a process in which security teams use monitoring tools to track, collect and assess the network activities of all individuals accessing those system to detect potentially malicious activity.

  • red team-blue team

    Red team-blue team is a simulation and training exercise where members of an organization are divided into teams to compete in combative exercises. In information security (infosec), the exercise is designed to identify vulnerabilities and find security holes in a company's infrastructure.

  • phishing

    Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels.

Highlights

More Risk management strategies Topics

Back to Top

Information security threats

Mitigating information security threats is an ongoing battle. Here you'll find information on the latest malware and cyberattacks facing enterprises, from viruses and Trojans to social engineering techniques, as well as news, expert advice and learning tools to address these threats.

Recent Definitions

  • Stuxnet

    The Stuxnet worm is a rootkit exploit that targets supervisory control and data acquisition (SCADA) systems.

  • polymorphic virus

    A polymorphic virus is a harmful, destructive or intrusive type of malware that can change or 'morph,' making it difficult to detect with antimalware programs.

  • cyberterrorism

    According to the U.S. Federal Bureau of Investigation, cyberterrorism is any 'premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents.'

Highlights

More Information security threats Topics

Back to Top

Network threat detection

Get news, tips and expert advice on network threat detection. This resource will cover the latest trends and technology around network threats and threat detection systems and services. Learn how to uncover, analyze and address network vulnerabilities to mitigate the risk of cyberattacks.

Recent Definitions

  • intrusion detection system (IDS)

    An intrusion detection system (IDS) is a system that monitors network traffic for suspicious activity and issues alerts when such activity is discovered.

  • security information and event management (SIEM)

    Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of organization’s information technology (IT) security. 

  • behavior blacklisting

    Behavior blacklisting is a security method based on detecting specified suspicious actions on the part of software or human agents and blocking access accordingly.

Highlights

More Network threat detection Topics

Back to Top

Platform security

Get the latest news, advice and best practices for platform security. Here you'll find information on vulnerability and threat management, operating system security fundamentals, virtualization security basics, Web security and more.

Recent Definitions

  • principle of least privilege (POLP)

    The principle of least privilege (POLP), an important concept in computer security, is the practice of limiting access rights for users to the bare minimum permissions they need to perform their work.

  • VMware AppDefense

    VMware AppDefense is a data center security service designed to protect virtualized applications running in an enterprise data center in order to improve the protection and threat response performance of an enterprise security operations center (SOC).

  • Windows 10 Isolated User Mode (IUM)

    Windows 10 Isolated User Mode (IUM) is a virtualization-based security feature in Windows 10 that uses secure kernels to keep business data and processes separate from the underlying OS.

Highlights

More Platform security Topics

Back to Top

Security compliance

Get tips from the experts on security audits, compliance and standards. Advice is offered on data privacy and theft, audit planning and management, how to work with auditors, and compliance with standards, regulations and guidelines such as PCI DSS, GLBA, HIPPA, SOX, FISMA, ISO 17799 and COBIT.

Recent Definitions

  • security information and event management (SIEM)

    Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of organization’s information technology (IT) security. 

  • ingress filtering

    Ingress filtering is a method used by enterprises and internet service providers (ISPs) to prevent suspicious traffic from entering a network.

  • MD5

    The MD5 hashing algorithm is a one-way cryptographic function that accepts a message of any length as input and returns as output a fixed-length digest value to be used for authenticating the original message.

Highlights

More Security compliance Topics

Back to Top

Software security

Get advice on software application security. Here you'll find information on software vulnerability and threat management, application attacks, software security tools, application firewalls, software patching and more.

Recent Definitions

  • cyberterrorism

    According to the U.S. Federal Bureau of Investigation, cyberterrorism is any 'premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents.'

  • zero-day (computer)

    A zero-day vulnerability, also known as a computer zero day, is a flaw in software, hardware or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw.

  • backdoor (computing)

    A backdoor is a means to access a computer system or encrypted data that bypasses the system's customary security mechanisms.

Highlights

More Software security Topics

Back to Top

Web security tools

Get news and expert advice on Web security tools and threats. Find out about current threats against Web applications, web security tools, SSL and TLS encryption, Web services, SOA, web access control, web server security, URL filtering, content filtering and browser security.

Recent Definitions

  • browser hijacker (browser hijacking)

    A browser hijacker is a malware program that modifies web browser settings without the user's permission and redirects the user to websites the user had not intended to visit.

  • Web application firewall (WAF)

    A Web application firewall (WAF) is a firewall that monitors, filters or blocks traffic to and from a Web application. WAFs are especially useful to companies that provide products or services over the Internet.

  • supercookie

    A supercookie is a type of tracking cookie inserted into an HTTP header by an internet service provider to collect data about a user's internet browsing history and habits.

Highlights

More Web security tools Topics

Back to Top

Wireless and mobile security

In this guide, get advice on tools, software and tactics for wireless network security and wireless mobile device security. Learn how to build and maintain a secure wireless LAN, how to protect mobile devices, and how to successfully configure, implement and manage a solid wireless network.

Recent Definitions

  • mobile app reputation

    Mobile app reputation is an assessment of the security and privacy of an app, typically expressed as a numerical rating.

  • rolling code

    Rolling code, also known as hopping code, is an encryption technique commonly used to provide a fresh code for each use of a passive keyless entry (PKE) system.

  • mobile number privacy

    Mobile number privacy is the protection of the phone user’s number from unwanted access.

Highlights

More Wireless and mobile security Topics

Back to Top

-ADS BY GOOGLE

SearchCompliance

  • internal audit (IA)

    An internal audit (IA) is an organizational initiative to monitor and analyze its own business operations in order to determine ...

  • pure risk (absolute risk)

    Pure risk, also called absolute risk, is a category of threat that is beyond human control and has only one possible outcome if ...

  • risk assessment

    Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business.

SearchSecurity

  • security information and event management (SIEM)

    Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of ...

  • polymorphic virus

    A polymorphic virus is a harmful, destructive or intrusive type of malware that can change or 'morph,' making it difficult to ...

  • cyberterrorism

    According to the U.S. Federal Bureau of Investigation, cyberterrorism is any 'premeditated, politically motivated attack against ...

SearchHealthIT

  • accountable care organization (ACO)

    An accountable care organization (ACO) is an association of hospitals, healthcare providers and insurers in which all parties ...

  • patient engagement

    Patient engagement is an ideal healthcare situation in which people are well-informed about -- and motivated to be involved -- in...

  • personal health record (PHR)

    A personal health record (PHR) is a collection of health-related information that is documented and maintained by the individual ...

SearchDisasterRecovery

  • business continuity and disaster recovery (BCDR)

    Business continuity and disaster recovery (BCDR) are closely related practices that describe an organization's preparation for ...

  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • call tree

    A call tree -- sometimes referred to as a phone tree -- is a telecommunications chain for notifying specific individuals of an ...

SearchStorage

SearchSolidStateStorage

  • hybrid hard disk drive (HDD)

    A hybrid hard disk drive is an electromechanical spinning hard disk that contains some amount of NAND Flash memory.

Close