Recently on SearchSecurity
Cyberinsurance carrier Chubb investigating possible data breach
Insurance giant Chubb confirmed it is investigating an incident that may involve the Maze ransomware group, which claims to have stolen sensitive data from the company.
More Highlights
- AI Security Alliance urges clarity for buying AI security tools
Vendors and customers must be aware of potential gaps between expectations and reality in the sale or purchase of AI cybersecurity products, AI security expert advises.
- Risk & Repeat: COVID-19 boosting social engineering attacks
This episode of the Risk & Repeat podcast looks at how social engineering attacks have become more successful by taking advantage of the coronavirus pandemic.
- CISA exam preparation requires learning ethics, standards, new vocab
The CISA certification is proof of an auditor's knowledge and skills. However, the exam isn't easy and requires some heavy learning -- especially when it comes to vocabulary.
Definitions
- asymmetric cryptography (public key cryptography)
Asymmetric cryptography, also known as public-key cryptography, is a process that uses a pair of related keys -- one public key and one private key -- to encrypt and decrypt a message and protect it from unauthorized access or use.
- Evil Corp
Evil Corp is an international cybercrime network that uses malicious software to steal money from its victims' bank accounts.
- Plundervolt
Plundervolt is a method of hacking that involves depriving an Intel chip of power so that processing errors occur.
Browse Security Topics
Data security
In an era when data theft and security breaches are daily occurrences, secure data storage is a key component of a security infrastructure. This introduction to enterprise data security and protection strategies offers advice on how to lock down stored data, data backup and recovery, disk and file encryption and database security.
Recent Definitions
- asymmetric cryptography (public key cryptography)
Asymmetric cryptography, also known as public-key cryptography, is a process that uses a pair of related keys -- one public key and one private key -- to encrypt and decrypt a message and protect it from unauthorized access or use.
- NIST Privacy Framework
The NIST Privacy Framework is a voluntary tool created by the National Institute of Standards and Technology, which lays out strategies for private sector organizations to improve their data risk management practices.
- Advanced Encryption Standard (AES)
The Advanced Encryption Standard, or AES, is a symmetric block cipher chosen by the U.S. government to protect classified information and is implemented in software and hardware throughout the world to encrypt sensitive data.
Highlights
- Explore 7 data loss prevention tools for utmost security
- Answering the top IoT risk management questions
- Canon breach exposes General Electric employee data
More Data security Topics
- Data loss prevention technology
- Data security and cloud computing
- Data security breaches
- Data security strategies and governance
- Disk and file encryption tools
Identity and access management
Identity and access management tools are integral to maintaining data security in the enterprise. Here you'll find information on passwords, authentication and Web access control. Browse the identity management and access control topics below for the latest news, expert advice, learning tools and more.
Recent Definitions
- two-factor authentication (2FA)
Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication, is a security process in which users provide two different authentication factors to verify themselves.
- identity provider
An identity provider is a system component that is able to provide an end user or internet-connected device with a single set of login credentials that will ensure the entity is who or what it says it is across multiple platforms, applications and networks. When a third-party website prompts end users to log in with their Google Account, for example, Google Sign-In is the identity provider.
- unique identifier (UID)
A unique identifier (UID) is a numeric or alphanumeric string that is associated with a single entity within a given system.
Highlights
- RSA Conference 2020 guide: Highlighting security's human element
- Analyzing the top 2019 data breach disclosures: Hindsight in 2020
- The future of facial recognition after the Clearview AI data breach
More Identity and access management Topics
- Active Directory security
- Biometric technology
- Password management and policy
- PKI and digital certificates
- Privileged access management
- Single-sign on (SSO) and federated identity
- Two-factor and multifactor authentication strategies
- Web authentication and access control
Network security
Recent Definitions
- DNS attack
A DNS attack is an exploit in which an attacker takes advantage of vulnerabilities in the domain name system (DNS).
- Advanced Encryption Standard (AES)
The Advanced Encryption Standard, or AES, is a symmetric block cipher chosen by the U.S. government to protect classified information and is implemented in software and hardware throughout the world to encrypt sensitive data.
- Secure Shell (SSH)
SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.
Highlights
- Answering the top IoT risk management questions
- 4 tips to ensure secure remote working during COVID-19 pandemic
- Amid expansion, BlackBerry security faces branding dilemma
More Network security Topics
- DDoS attack detection and prevention
- Endpoint protection and client security
- IoT security issues
- IPv6 security and network protocols security
- Network Access Control technologies
- Network device security: Appliances, firewalls and switches
- Secure remote access
- Software-defined security best practices
- VPN security
Security training and jobs
The information security careers, training and certification resource center provides the latest news, expert advice and learning tools to help you make informed career choices, learn about CISSP, SANS and CISA certification, and the training required for information security jobs.
Recent Definitions
- Certified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) is a certification issued by ISACA to people in charge of ensuring that an organization's IT and business systems are monitored, managed and protected; the certification is presented after completion of a comprehensive testing and application process.
- Computer Emergency Response Team (CERT)
A Computer Emergency Response Team (CERT) is a group of information security experts responsible for the protection against, detection of and response to an organization’s cybersecurity incidents.
- Security Operations Center (SOC)
A security operations center (SOC) is a command center facility for a team of IT professionals with expertise in information security that is responsible for monitoring, analyzing and protecting an organization from cyber attacks.
Highlights
- CISA exam preparation requires learning ethics, standards, new vocab
- CISA practice questions to prep for the exam
- RSA Conference 2020 guide: Highlighting security's human element
More Security training and jobs Topics
Back to TopInfosec programs
CISOs and information security programs are vital to protecting enterprises against today's cyber threats. In this resource centers, get the latest news and advice about CISO practices, infosec prrogram management and more.
Recent Definitions
- Secure Shell (SSH)
SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.
- cybercrime
Cybercrime is any criminal activity that involves a computer, networked device or a network.
- cybersecurity insurance (cybersecurity liability insurance)
Cybersecurity insurance, also called cyber liability insurance or cyber insurance, is a contract that an entity can purchase to help reduce the financial risks associated with doing business online.
Highlights
- AI Security Alliance urges clarity for buying AI security tools
- Risk & Repeat: COVID-19 boosting social engineering attacks
- Canon breach exposes General Electric employee data
More Infosec programs Topics
- Government information security management
- Information security incident response
- Information security laws, investigations and ethics
- Information security policies, procedures and guidelines
- Security automation systems, tools and tactics
- Security industry market trends, predictions and forecasts
- Security vendor mergers and acquisitions
Risk management strategies
A risk management program is a key component for enterprise security. This section offers insight on security risk management frameworks and strategies as well as best practices on conducting effective risk assessments, vulnerability assessments, penetration tests and more.
Recent Definitions
- Plundervolt
Plundervolt is a method of hacking that involves depriving an Intel chip of power so that processing errors occur.
- Pen Testing as a Service (PTaaS)
Pen testing as a service (PTaaS) is a cloud service that provides information technology (IT) professionals with the resources they need to conduct and act upon point-in-time and continuous penetration tests.
- cybersecurity insurance (cybersecurity liability insurance)
Cybersecurity insurance, also called cyber liability insurance or cyber insurance, is a contract that an entity can purchase to help reduce the financial risks associated with doing business online.
Highlights
- RSA Conference 2020 guide: Highlighting security's human element
- 4 tips to ensure secure remote working during COVID-19 pandemic
- ITOps security requires attention to training
More Risk management strategies Topics
- Penetration testing, ethical hacking and vulnerability assessments
- Risk assessments, metrics and frameworks
- Security awareness training and insider threats
Information security threats
Mitigating information security threats is an ongoing battle. Here you'll find information on the latest malware and cyberattacks facing enterprises, from viruses and Trojans to social engineering techniques, as well as news, expert advice and learning tools to address these threats.
Recent Definitions
- island hopping attack
In this type of backdoor attack, the threat actor exploits a weakness downstream from the actual target and uses it as a launching point to reach the intended target. The label 'island hopping' is inspired by a military strategy used in the Pacific theater during World War II.
- juice jacking
Juice jacking is a security exploit in which an infected USB charging station is used to compromise connected devices. The exploit takes advantage of the fact that a mobile device’s power supply passes over the same USB cable the connected device uses to sync data.
- DNS attack
A DNS attack is an exploit in which an attacker takes advantage of vulnerabilities in the domain name system (DNS).
Highlights
- Cyberinsurance carrier Chubb investigating possible data breach
- Risk & Repeat: COVID-19 boosting social engineering attacks
- Coronavirus phishing scams increase amid pandemic's spread
More Information security threats Topics
- Cyberespionage and nation-state cyberattacks
- Email and messaging threats
- Emerging cyberattacks and threats
- Hacker tools and techniques: Underground hacking sites
- Malware, virus, Trojan and spyware protection and removal
Network threat detection
Get news, tips and expert advice on network threat detection. This resource will cover the latest trends and technology around network threats and threat detection systems and services. Learn how to uncover, analyze and address network vulnerabilities to mitigate the risk of cyberattacks.
Recent Definitions
- Evil Corp
Evil Corp is an international cybercrime network that uses malicious software to steal money from its victims' bank accounts.
- intrusion detection system (IDS)
An intrusion detection system (IDS) is a system that monitors network traffic for suspicious activity and alerts when such activity is discovered.
- intrusion prevention system (IPS)
An intrusion prevention system (IPS) is a network security and threat prevention tool.
Highlights
- Cisco security GM discusses plan for infosec domination
- Cisco launches SecureX platform for integrated security
- AI-driven cybersecurity teams are all about human augmentation
More Network threat detection Topics
- Network intrusion detection and prevention (IDS-IPS)
- Real-time network monitoring and forensics
- SIEM, log management and big data security analytics
- Threat intelligence sharing and services
Platform security
Get the latest news, advice and best practices for platform security. Here you'll find information on vulnerability and threat management, operating system security fundamentals, virtualization security basics, Web security and more.
Recent Definitions
- Secure Shell (SSH)
SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.
- quantum supremacy
Quantum supremacy is the experimental demonstration of a quantum computer's dominance and advantage over classic computers by performing calculations that were previously impossible at unmatched speeds.
- application whitelisting
Application whitelisting is the practice of specifying an index of approved software applications or executable files that are permitted to be present and active on a computer system.
Highlights
- Microsoft discloses wormable SMBv3 flaw without a patch
- Windows IIS server hardening checklist
- How to use and manage BitLocker encryption
More Platform security Topics
- Alternative operating system security
- Microsoft Windows security
- Virtualization security issues and threats
Security compliance
Get tips from the experts on security audits, compliance and standards. Advice is offered on data privacy and theft, audit planning and management, how to work with auditors, and compliance with standards, regulations and guidelines such as PCI DSS, GLBA, HIPPA, SOX, FISMA, ISO 17799 and COBIT.
Recent Definitions
- privacy compliance
Privacy compliance is a company's accordance with established personal information protection guidelines, specifications or legislation.
- Advanced Encryption Standard (AES)
The Advanced Encryption Standard, or AES, is a symmetric block cipher chosen by the U.S. government to protect classified information and is implemented in software and hardware throughout the world to encrypt sensitive data.
- security information and event management (SIEM)
Security information and event management (SIEM) is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system.
Highlights
- CISA exam preparation requires learning ethics, standards, new vocab
- CISA practice questions to prep for the exam
- Explore 7 data loss prevention tools for utmost security
More Security compliance Topics
- Data privacy issues and compliance
- HIPAA
- IT security audits and audit frameworks
- PCI Data Security Standard
Software security
Get advice on software application security. Here you'll find information on software vulnerability and threat management, application attacks, software security tools, application firewalls, software patching and more.
Recent Definitions
- Secure Shell (SSH)
SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.
- two-factor authentication (2FA)
Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication, is a security process in which users provide two different authentication factors to verify themselves.
- debugging
Debugging, in computer programming and engineering, is a multistep process that involves identifying a problem, isolating the source of the problem, and then either correcting the problem or determining a way to work around it.
Highlights
- How to prevent buffer overflow attacks
- Analyzing the top 2019 data breach disclosures: Hindsight in 2020
- Microsoft discloses wormable SMBv3 flaw without a patch
More Software security Topics
- Application attacks (buffer overflows, cross-site scripting)
- Application firewall security
- Database security
- Microsoft Patch Tuesday and patch management
- Open source security tools and software
- Productivity apps and messaging security
- Secure SaaS: Cloud application security
- Secure software development
- Social media security risks
Web security tools
Get news and expert advice on Web security tools and threats. Find out about current threats against Web applications, web security tools, SSL and TLS encryption, Web services, SOA, web access control, web server security, URL filtering, content filtering and browser security.
Recent Definitions
- API management
API management is the process of overseeing application program interfaces (APIs) in a secure, scalable environment.
- Web server
A Web server is a program that uses the client/server model and the Hypertext Transfer Protocol (HTTP) to serve the files that form Web pages to users, whose computers contain HTTP clients that forward their requests.
- Web application firewall (WAF)
A web application firewall (WAF) is a firewall that monitors, filters and blocks data packets as they travel to and from a website or web application.
Highlights
- How to prevent buffer overflow attacks
- RSA Conference 2020 guide: Highlighting security's human element
- Windows IIS server hardening checklist
More Web security tools Topics
- Web application and API security best practices
- Web browser security
- Web server threats and application attacks
Wireless and mobile security
In this guide, get advice on tools, software and tactics for wireless network security and wireless mobile device security. Learn how to build and maintain a secure wireless LAN, how to protect mobile devices, and how to successfully configure, implement and manage a solid wireless network.
Recent Definitions
- Wi-Fi Pineapple
A Wi-Fi Pineapple is a wireless auditing platform from Hak5 that allows network security administrators to conduct penetration tests.
- spyware
Spyware is a type of malicious software -- or malware -- that is installed on a computing device without the end user's knowledge.
- GPS jamming
GPS jamming is the process of using a frequency transmitting device to block or interfere with radio communications.
Highlights
- RSA Conference 2020 guide: Highlighting security's human element
- 5G network slicing security benefits IoT, mobile
- Wired vs. wireless network security: Best practices
More Wireless and mobile security Topics
- BYOD and mobile device security best practices
- Mobile application security best practices
- Mobile security threats and prevention
- Wireless network security