Browse Definitions:

SearchSecurity

SearchSecurity provides immediate access to breaking industry news, virus alerts, new hacker threats and attacks, security certification training resources, security standard compliance, webcasts, white papers, podcasts, Security Schools, a selection of highly focused security newsletters and more -- all at no cost. Nowhere else will you find such a highly targeted combination of resources specifically dedicated to the success of today's IT-security professional.

View the complete archive of Enterprise Information Security news, research and expert advice.

Go to:  SearchSecurity

Recently on  SearchSecurity

How can users tell if Windows SMB v1 is on their systems?

US-CERT encouraged users to use newer versions of Windows SMB, since version one is out of date. Expert Matthew Pascucci explains how to tell if SMB v1 is on your systems.

More Highlights
Definitions
  • Advanced Encryption Standard (AES)

    The Advanced Encryption Standard, or AES, is a symmetric block cipher used by the U.S. government to protect classified information and is implemented in software and hardware throughout the world to encrypt sensitive data.

  • identity theft

    Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable information, such as Social Security or driver's license numbers, in order to impersonate someone else.

  • spear phishing

    Spear phishing is an email-spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information.

Browse Security Topics

Application and Platform Security

Get advice on application and platform security. Here you'll find information on vulnerability and threat management, operating system security and storage security, application firewalls, email protection, IM security, Web security and more.

Recent Definitions

  • holistic security

    Holistic security is an approach that seeks to integrate all the elements designed to safeguard an organization, considering them as a complex and interconnected system.

  • runtime application self-protection (RASP)

    Runtime application self-protection (RASP) is security software that monitors application inputs and behavior and takes action to deal with suspicious events automatically or, if necessary, alert an administrator.

  • distributed denial of service (DDoS) attack

    A distributed denial-of-service attack occurs when an attack originates from multiple computers or devices, usually from multiple different locations or networks.

Highlights

More Application and Platform Security Topics

Back to Top

Enterprise Data Protection

In an era when data theft and security breaches are daily occurrences, secure data storage is a key component of a security infrastructure. This introduction to enterprise data protection offers advice on how to lock down stored data, data backup and recovery, disk and file encryption and database security.

Recent Definitions

  • Advanced Encryption Standard (AES)

    The Advanced Encryption Standard, or AES, is a symmetric block cipher used by the U.S. government to protect classified information and is implemented in software and hardware throughout the world to encrypt sensitive data.

  • identity theft

    Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable information, such as Social Security or driver's license numbers, in order to impersonate someone else.

  • security

    Security, in information technology (IT), is the defense of digital information and IT assets against internal and external, malicious and accidental threats.

Highlights

More Enterprise Data Protection Topics

Back to Top

Enterprise Identity and Access Management

Identity management and access control are integral in maintaining data security. Here you'll find information on passwords, authentication and Web access control. Browse the identity management and access control topics below for the latest news, expert advice, learning tools and more.

Recent Definitions

  • access governance (AG)

    Access governance (AG) is an aspect of information technology (IT) security management that seeks to reduce the risks associated with excessive access rights, inactive users and orphan accounts.

  • single sign-on (SSO)

    Single sign-on is a session and user authentication process in which a user can access multiple applications with one name and password.

  • Certificate Revocation List (CRL)

    A Certificate Revocation List (CRL) is a list of digital certificates that have been revoked by the issuing Certificate Authority and should not be trusted. Web browsers use CRLs to determine whether a website's digital certificate is still valid and trustworthy.

Highlights

More Enterprise Identity and Access Management Topics

Back to Top

Enterprise Network Security

Network security is a critical aspect of enterprise security. Here you'll find network security solution for several areas, such as, network architecture, software and policies, VPNs, device management, network prevention and intrusion detection and wireless security. Browse the network security topics below to find the latest news, expert advice, learning tools and more.

Recent Definitions

  • Advanced Encryption Standard (AES)

    The Advanced Encryption Standard, or AES, is a symmetric block cipher used by the U.S. government to protect classified information and is implemented in software and hardware throughout the world to encrypt sensitive data.

  • holistic security

    Holistic security is an approach that seeks to integrate all the elements designed to safeguard an organization, considering them as a complex and interconnected system.

  • Secure Sockets Layer (SSL)

    Secure Sockets Layer (SSL) is a computer networking protocol for securing connections between network application clients and servers over an insecure network, such as the internet.

Highlights

More Enterprise Network Security Topics

Back to Top

Government IT security

Government IT security management news and analysis covering information security in the federal government and its agencies as well as state and local governments, national initiatives to secure cyberspace, public-private cooperation and the government's role in helping enterprises protect the data of U.S. citizens.

Recent Definitions

  • Office of Personnel Management (OPM)

    The Office of Personnel Management (OPM) is an independent agency of the United States government that is tasked with the oversight of civil service hirings.

  • Cybersecurity Information Sharing Act (CISA)

    Cybersecurity Information Sharing Act (CISA) is proposed legislation that will allow United States government agencies and non-government entities to share information with each other as they investigate cyberattacks.

  • EINSTEIN

    EINSTEIN monitors and analyzes Internet traffic when it moves in and out of U.S. federal computer networks.

Highlights

Back to Top

Information Security Careers, Training and Certifications

The information security careers, training and certification resource center provides the latest news, expert advice and learning tools to help you make informed career choices, learn about CISSP, SANS and CISA certification, and the training required for information security jobs.

Recent Definitions

  • CISO (chief information security officer)

    The CISO (chief information security officer) is a senior-level executive responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats.

  • Certified Information Systems Security Professional (CISSP)

    Certified Information Systems Security Professional (CISSP) is an information security certification developed by the International Information Systems Security Certification Consortium, also known as (ISC)².

  • Certified Information Systems Auditor (CISA)

    Certified Information Systems Auditor is a credential that demonstrates an IT professional's ability to assess risk and institute technology controls. The certification is intended for IT auditors, audit managers, consultants and security professionals.

Highlights

More Information Security Careers, Training and Certifications Topics

Back to Top

Information Security Management

Conquer the challenges of enterprise information security management with helpful information on regulatory compliance, risk management, information security standards, security frameworks, disaster recovery and more. Browse the security management topics below for news, expert advice and online learning seminars.

Recent Definitions

  • email spam

    Email spam, or junk email, is unsolicited bulk messages sent through email with commercial, fraudulent or malicious intent.

  • security

    Security, in information technology (IT), is the defense of digital information and IT assets against internal and external, malicious and accidental threats.

  • adaptive security

    Adaptive security is an approach to safeguarding systems and data by recognizing threat-related behaviors rather than the files and code used by virus definitions.

Highlights

More Information Security Management Topics

Back to Top

Information Security Threats

Mitigating information security threats is an ongoing battle. Here you'll find information on ID theft, data security breaches, viruses, email threats, Web threats, hacking tools and more. Browse the information security threats topics below for news, expert advice and learning tools.

Recent Definitions

  • identity theft

    Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable information, such as Social Security or driver's license numbers, in order to impersonate someone else.

  • romance scam

    A romance scam is a fraudulent scheme in which a swindler pretends romantic interest in a target, establishes a relationship and then attempts to get money or sensitive information from the target under various false pretenses.

  • Facebook cloning

    Facebook cloning is a scam in which the attacker copies the profile picture of an authorized user, creates a new account using that person’s name and sends friend requests to people on the user’s list.

Highlights

More Information Security Threats Topics

Back to Top

Security Audit, Compliance and Standards

Get tips from the experts on security audits, compliance and standards. Advice is offered on data privacy and theft, audit planning and management, how to work with auditors, and compliance with standards, regulations and guidelines such as PCI DSS, GLBA, HIPPA, SOX, FISMA, ISO 17799 and COBIT.

Recent Definitions

  • Advanced Encryption Standard (AES)

    The Advanced Encryption Standard, or AES, is a symmetric block cipher used by the U.S. government to protect classified information and is implemented in software and hardware throughout the world to encrypt sensitive data.

  • compensating control (alternative control)

    A compensating control, also called an alternative control, is a mechanism that is put in place to satisfy the requirement for a security measure that is deemed too difficult or impractical to implement at the present time.

  • single sign-on (SSO)

    Single sign-on is a session and user authentication process in which a user can access multiple applications with one name and password.

Highlights

More Security Audit, Compliance and Standards Topics

Back to Top

-ADS BY GOOGLE

SearchCompliance

  • PCAOB (Public Company Accounting Oversight Board)

    The Public Company Accounting Oversight Board (PCAOB) is a Congressionally-established nonprofit that assesses audits of public ...

  • cyborg anthropologist

    A cyborg anthropologist is an individual who studies the interaction between humans and technology, observing how technology can ...

  • RegTech

    RegTech, or regulatory technology, is a term used to describe technology that is used to help streamline the process of ...

SearchSecurity

  • Advanced Encryption Standard (AES)

    The Advanced Encryption Standard, or AES, is a symmetric block cipher used by the U.S. government to protect classified ...

  • identity theft

    Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable ...

  • spear phishing

    Spear phishing is an email-spoofing attack that targets a specific organization or individual, seeking unauthorized access to ...

SearchHealthIT

SearchDisasterRecovery

  • call tree

    A call tree -- sometimes referred to as a phone tree -- is a telecommunications chain for notifying specific individuals of an ...

  • mass notification system (MNS)

    A mass notification system is a platform that sends one-way messages to inform employees and the public of an emergency.

  • disaster recovery as a service (DRaaS)

    One approach to a strong disaster recovery plan is DRaaS, where companies offload data replication and restoration ...

SearchStorage

  • ZFS

    ZFS is a local file system and logical volume manager created by Sun Microsystems to control the placement, storage and retrieval...

  • CIFS (Common Internet File System)

    CIFS (Common Internet File System) is a protocol that gained popularity around the year 2000, as vendors worked to establish an ...

  • GlusterFS (Gluster File System)

    GlusterFS (Gluster File System) is an open source distributed file system that can scale out in building-block fashion to store ...

SearchSolidStateStorage

  • Tier 0

    Tier 0 (tier zero) is a level of data storage that is faster, and perhaps more expensive, than any other level in the storage ...

  • PCIe SSD (PCIe solid-state drive)

    A PCIe SSD (PCIe solid-state drive) is a high-speed expansion card that attaches a computer to its peripherals.

  • SSD caching

    SSD caching, also known as flash caching, is the temporary storage of data on NAND flash memory chips in a solid-state drive so ...

SearchCloudStorage

  • RESTful API

    A RESTful application program interface breaks down a transaction to create a series of small modules, each of which addresses an...

  • cloud storage infrastructure

    Cloud storage infrastructure is the hardware and software framework that supports the computing requirements of a private or ...

  • Zadara VPSA and ZIOS

    Zadara Storage provides block, file or object storage with varying levels of compute and capacity through its ZIOS and VPSA ...

Close