SearchSecurity

Identity and access management

Identity and access management tools are integral to maintaining data security in the enterprise. Here you'll find information on passwords, authentication and Web access control. Browse the identity management and access control topics below for the latest news, expert advice, learning tools and more.

Recent Definitions

• single sign-on (SSO)

  Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials -- for example, a name and password -- to access multiple applications.

• remote access

  Remote access is the ability for an authorized person to access a computer or a network from a geographical distance through a network connection. Remote access enables users to connect to the systems they need when they are physically far away. This is especially important for employees who work at branch offices, are traveling or telecommute to work.

• digital signature

  A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document.

Highlights

• Cybercriminals auction off admin credentials for $3,000
• How IAM systems support compliance
• How to use a public key and private key in digital signatures

More Identity and access management Topics

• Active Directory security
• Biometric technology
• Password management and policy
• PKI and digital certificates
• Privileged access management
• Single-sign on (SSO) and federated identity
• Two-factor and multifactor authentication strategies
• Web authentication and access control

Network security

Recent Definitions

• Trojan horse (computing)

  In computing, a Trojan horse is a program downloaded and installed on a computer that appears harmless, but is, in fact, malicious.

• identity theft

  Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable information (PII), such as Social Security or driver's license numbers, in order to impersonate someone else.

• DNS over HTTPS (DoH)

  DNS over HTTPS (DoH) is a relatively new protocol that encrypts domain name system traffic by passing DNS queries through a Hypertext Transfer Protocol Secure encrypted session.

Highlights

• Stateful vs. stateless firewalls: Understanding the differences
• 3 must-ask post-pandemic questions for CISOs
• Record-setting DDoS attacks indicate troubling trend

More Network security Topics

• DDoS attack detection and prevention
• Endpoint protection and client security
• IoT security issues
• IPv6 security and network protocols security
• Network Access Control technologies
• Network device security: Appliances, firewalls and switches
• Secure remote access
• Software-defined security best practices
• VPN security

Security training and jobs

The information security careers, training and certification resource center provides the latest news, expert advice and learning tools to help you make informed career choices, learn about CISSP, SANS and CISA certification, and the training required for information security jobs.

Recent Definitions

• Certified Information Security Manager (CISM)

  Certified Information Security Manager (CISM) is an advanced certification which indicates that an individual possesses the knowledge and experience required to develop and manage an enterprise information security (infosec) program.

• Certified Information Systems Auditor (CISA)

  Certified Information Systems Auditor (CISA) is a certification issued by ISACA to people in charge of ensuring that an organization's IT and business systems are monitored, managed and protected; the certification is presented after completion of a comprehensive testing and application process.

• Computer Emergency Response Team (CERT)

  A Computer Emergency Response Team (CERT) is a group of information security experts responsible for the protection against, detection of and response to an organization’s cybersecurity incidents.

Highlights

• Navigate the DOD's Cybersecurity Maturity Model Certification
• Why COVID-19 won't stop cybersecurity jobs and recruitment
• Invest in new security talent with cybersecurity mentorships

More Security training and jobs Topics

• CISSP certification
• Security industry certifications

Infosec programs

CISOs and information security programs are vital to protecting enterprises against today's cyber threats. In this resource centers, get the latest news and advice about CISO practices, infosec prrogram management and more.

Recent Definitions

• Advanced Encryption Standard (AES)

  The Advanced Encryption Standard (AES) is a symmetric block cipher chosen by the U.S. government to protect classified information.

• encryption

  Encryption is the method by which information is converted into secret code that hides the information's true meaning.

• crisis management

  Crisis management is the application of strategies designed to help an organization deal with a sudden and significant negative event.

Highlights

• 5 steps to help prevent supply chain cybersecurity threats
• Navigate the DOD's Cybersecurity Maturity Model Certification
• Why COVID-19 won't stop cybersecurity jobs and recruitment

More Infosec programs Topics

• Government information security management
• Information security incident response
• Information security laws, investigations and ethics
• Information security policies, procedures and guidelines
• Security automation systems, tools and tactics
• Security industry market trends, predictions and forecasts
• Security vendor mergers and acquisitions

Risk management strategies

A risk management program is a key component for enterprise security. This section offers insight on security risk management frameworks and strategies as well as best practices on conducting effective risk assessments, vulnerability assessments, penetration tests and more.

Recent Definitions

• integrated risk management (IRM)

  Integrated risk management (IRM) is an approach to risk management that uses a set of practices and processes to improve an organization's security, risk tolerance profile and strategic decision-making.

• phishing

  Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels.

• What is cybersecurity? Everything you need to know

  Cybersecurity is the protection of internet-connected systems -- including hardware, software and data -- from cyberattacks.

Highlights

• Microsoft fixes Windows Codecs flaws with emergency patches
• 3 must-ask post-pandemic questions for CISOs
• ZDI drops 10 zero-day vulnerabilities in Netgear router

More Risk management strategies Topics

• Penetration testing, ethical hacking and vulnerability assessments
• Risk assessments, metrics and frameworks
• Security awareness training and insider threats

Information security threats

Mitigating information security threats is an ongoing battle. Here you'll find information on the latest malware and cyberattacks facing enterprises, from viruses and Trojans to social engineering techniques, as well as news, expert advice and learning tools to address these threats.

Recent Definitions

• Trojan horse (computing)

  In computing, a Trojan horse is a program downloaded and installed on a computer that appears harmless, but is, in fact, malicious.

• identity theft

  Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable information (PII), such as Social Security or driver's license numbers, in order to impersonate someone else.

• phishing

  Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels.

Highlights

• Cybercriminals auction off admin credentials for $3,000
• Data theft in ransomware attacks may change disclosure game
• How cyber warfare laws limit risk on a digital battleground

More Information security threats Topics

• Cyberespionage and nation-state cyberattacks
• Email and messaging threats
• Emerging cyberattacks and threats
• Hacker tools and techniques: Underground hacking sites
• Malware, virus, Trojan and spyware protection and removal

Network threat detection

Get news, tips and expert advice on network threat detection. This resource will cover the latest trends and technology around network threats and threat detection systems and services. Learn how to uncover, analyze and address network vulnerabilities to mitigate the risk of cyberattacks.

Recent Definitions

• real-time monitoring

  Real-time (data) monitoring is the delivery of continuously updated information streaming at zero or low latency.

• Evil Corp

  Evil Corp is an international cybercrime network that uses malicious software to steal money from its victims' bank accounts.

• intrusion detection system (IDS)

  An intrusion detection system (IDS) is a system that monitors network traffic for suspicious activity and alerts when such activity is discovered.

Highlights

• How to prevent network eavesdropping attacks
• Unpack the use of AI in cybersecurity, plus pros and cons
• How to get actionable threat intelligence from tech tools

More Network threat detection Topics

• Network intrusion detection and prevention (IDS-IPS)
• Real-time network monitoring and forensics
• SIEM, log management and big data security analytics
• Threat intelligence sharing and services

Platform security

Get the latest news, advice and best practices for platform security. Here you'll find information on vulnerability and threat management, operating system security fundamentals, virtualization security basics, Web security and more.

Recent Definitions

• Secure Shell (SSH)

  SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.

• quantum supremacy

  Quantum supremacy is the experimental demonstration of a quantum computer's dominance and advantage over classic computers by performing calculations that were previously impossible at unmatched speeds.

• application whitelisting

  Application whitelisting is the practice of specifying an index of approved software applications or executable files that are permitted to be present and active on a computer system.

Highlights

• CISA warns Microsoft SMB v3 vulnerability is under attack
• VMware vulnerability enables takeover of cloud infrastructure
• IT and security teams collide as companies work from home

More Platform security Topics

• Alternative operating system security
• Microsoft Windows security
• Virtualization security issues and threats

Security compliance

Get tips from the experts on security audits, compliance and standards. Advice is offered on data privacy and theft, audit planning and management, how to work with auditors, and compliance with standards, regulations and guidelines such as PCI DSS, GLBA, HIPPA, SOX, FISMA, ISO 17799 and COBIT.

Recent Definitions

• PCI DSS (Payment Card Industry Data Security Standard)

  The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information.

• Advanced Encryption Standard (AES)

  The Advanced Encryption Standard (AES) is a symmetric block cipher chosen by the U.S. government to protect classified information.

• single sign-on (SSO)

  Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials -- for example, a name and password -- to access multiple applications.

Highlights

• Navigate the DOD's Cybersecurity Maturity Model Certification
• How IAM systems support compliance
• How to use a public key and private key in digital signatures

More Security compliance Topics

• Data privacy issues and compliance
• HIPAA
• IT security audits and audit frameworks
• PCI Data Security Standard

Software security

Get advice on software application security. Here you'll find information on software vulnerability and threat management, application attacks, software security tools, application firewalls, software patching and more.

Recent Definitions

• Zoombombing

  Zoombombing is a type of cyber-harassment in which an individual or a group of unwanted and uninvited users interrupt online meetings over the Zoom video conference app.

• process hollowing

  Process hollowing is a security exploit in which an attacker removes code in an executable file and replaces it with malicious code.

• Secure Shell (SSH)

  SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.

Highlights

• Microsoft seizes malicious domains used in COVID-19 phishing
• Stateful vs. stateless firewalls: Understanding the differences
• Critical F5 Networks vulnerability under attack

More Software security Topics

• Application attacks (buffer overflows, cross-site scripting)
• Application firewall security
• Database security
• Microsoft Patch Tuesday and patch management
• Open source security tools and software
• Productivity apps and messaging security
• Secure SaaS: Cloud application security
• Secure software development
• Social media security risks

Web security tools

Get news and expert advice on Web security tools and threats. Find out about current threats against Web applications, web security tools, SSL and TLS encryption, Web services, SOA, web access control, web server security, URL filtering, content filtering and browser security.

Recent Definitions

• digital signature

  A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document.

• API management

  API management is the process of overseeing application program interfaces (APIs) in a secure, scalable environment.

• Web server

  A Web server is a program that uses the client/server model and the Hypertext Transfer Protocol (HTTP) to serve the files that form Web pages to users, whose computers contain HTTP clients that forward their requests.

Highlights

• AI-powered cyberattacks force change to network security
• Plan now for the future of network security
• SSL certificate best practices for 2020 and beyond

More Web security tools Topics

• Web application and API security best practices
• Web browser security
• Web server threats and application attacks

Wireless and mobile security

In this guide, get advice on tools, software and tactics for wireless network security and wireless mobile device security. Learn how to build and maintain a secure wireless LAN, how to protect mobile devices, and how to successfully configure, implement and manage a solid wireless network.

Recent Definitions

• Wi-Fi Pineapple

  A Wi-Fi Pineapple is a wireless auditing platform from Hak5 that allows network security administrators to conduct penetration tests.

• spyware

  Spyware is a type of malicious software -- or malware -- that is installed on a computing device without the end user's knowledge.

• GPS jamming

  GPS jamming is the process of using a frequency transmitting device to block or interfere with radio communications.

Highlights

• 3 must-ask post-pandemic questions for CISOs
• ZDI drops 10 zero-day vulnerabilities in Netgear router
• Top 3 advantages of smart cards -- and potential disadvantages

More Wireless and mobile security Topics

• BYOD and mobile device security best practices
• Mobile application security best practices
• Mobile security threats and prevention
• Wireless network security