Browse Definitions :

SearchSecurity

SearchSecurity provides immediate access to breaking industry news, virus alerts, new hacker threats and attacks, security certification training resources, security standard compliance, webcasts, white papers, podcasts, Security Schools, a selection of highly focused security newsletters and more -- all at no cost. Nowhere else will you find such a highly targeted combination of resources specifically dedicated to the success of today's IT-security professional.

View the complete archive of Enterprise Information Security news, research and expert advice.

Go to:  SearchSecurity

Recently on  SearchSecurity

2019's top email security best practices for employees

Attackers exploit email every day to break into your network, but you can reduce risk for everyone by promoting these email security strategies for employees.

More Highlights
Definitions
  • Cybercrime

    Cybercrime is any criminal activity that involves a computer, networked device or a network.

  • data breach

    A data breach is a confirmed incident in which sensitive, confidential or otherwise protected data has been accessed and/or disclosed in an unauthorized fashion.

  • zero-day (computer)

    A zero-day vulnerability, also known as a computer zero day, is a flaw in software, hardware or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw.

Browse Security Topics

Data security

In an era when data theft and security breaches are daily occurrences, secure data storage is a key component of a security infrastructure. This introduction to enterprise data security and protection strategies offers advice on how to lock down stored data, data backup and recovery, disk and file encryption and database security.

Recent Definitions

  • data breach

    A data breach is a confirmed incident in which sensitive, confidential or otherwise protected data has been accessed and/or disclosed in an unauthorized fashion.

  • zero-day (computer)

    A zero-day vulnerability, also known as a computer zero day, is a flaw in software, hardware or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw.

  • identity and access management (IAM)

    Identity and access management (IAM) is a framework of business processes, policies and technologies that facilitates the management of electronic or digital identities.

Highlights

More Data security Topics

Back to Top

Identity and access management

Identity and access management tools are integral to maintaining data security in the enterprise. Here you'll find information on passwords, authentication and Web access control. Browse the identity management and access control topics below for the latest news, expert advice, learning tools and more.

Recent Definitions

  • identity and access management (IAM)

    Identity and access management (IAM) is a framework of business processes, policies and technologies that facilitates the management of electronic or digital identities.

  • private key

    A private key, also known as a secret key, is a variable in cryptography that is used with an algorithm to encrypt and decrypt code.

  • self-sovereign identity

    Self-sovereign identity (SSI) is a model for managing digital identities in which an individual or business has sole ownership over the ability to control their accounts and personal data. 

Highlights

More Identity and access management Topics

Back to Top

Network security

Recent Definitions

  • Transport Layer Security (TLS)

    Transport Layer Security (TLS) is a protocol that provides authentication, privacy, and data integrity between two communicating computer applications.

  • zero-trust model (zero trust network)

    The zero trust model is a security model used by IT professionals that requires strict identity and device verification regardless of the user’s location in relation to the network perimeter.

  • distributed denial of service (DDoS) attack

    A distributed denial-of-service (DDoS) attack is an attack in which multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource.

Highlights

More Network security Topics

Back to Top

Security training and jobs

The information security careers, training and certification resource center provides the latest news, expert advice and learning tools to help you make informed career choices, learn about CISSP, SANS and CISA certification, and the training required for information security jobs.

Recent Definitions

  • Certified Information Systems Security Professional (CISSP)

    Certified Information Systems Security Professional (CISSP) is an information security certification developed by the International Information Systems Security Certification Consortium, also known as (ISC)².

  • ethical hacker

    An ethical hacker, also referred to as a white hat hacker, is an information security expert who systematically attempts to penetrate a computer system, network, application or other computing resource on behalf of its owners -- and with their permission -- to find security vulnerabilities that a malicious hacker could potentially exploit.

  • Cloud Security Alliance (CSA)

    The Cloud Security Alliance (CSA) is a nonprofit organization that promotes research into best practices for securing cloud computing and the use of cloud technologies to secure other forms of computing.

Highlights

More Security training and jobs Topics

Back to Top

Infosec programs

CISOs and information security programs are vital to protecting enterprises against today's cyber threats. In this resource centers, get the latest news and advice about CISO practices, infosec prrogram management and more.

Recent Definitions

  • Cybercrime

    Cybercrime is any criminal activity that involves a computer, networked device or a network.

  • USA Patriot Act

    The USA Patriot Act is a law enacted in 2001, granting new and extended data-collection abilities to federal agencies in an effort to combat terrorism after the September 11 attacks.

  • information security (infosec)

    Information security (infosec) is a set of strategies for managing the processes, tools and policies necessary to prevent, detect, document and counter threats to digital and non-digital information.

Highlights

More Infosec programs Topics

Back to Top

Risk management strategies

A risk management program is a key component for enterprise security. This section offers insight on security risk management frameworks and strategies as well as best practices on conducting effective risk assessments, vulnerability assessments, penetration tests and more.

Recent Definitions

  • credential theft

    Credential theft is a type of cybercrime that involves stealing the proof of identity of the victim, which can be either an individual or a business. Once credential theft has been successful, the attacker will have the same account privileges as the victim. Stealing credentials is the first stage in a credential-based attack.

  • security debt

    Security debt is a variant of technical debt that occurs when organizations do not invest enough money or resources into security efforts upfront. The term compares the pressures of monetary debt with the long-term burden developers and IT teams face when security shortcuts are taken.

  • orphan account

    An orphan account, also referred to as an orphaned account, is a user account that can provide access to corporate systems, services and applications but does not have a valid owner.

Highlights

More Risk management strategies Topics

Back to Top

Information security threats

Mitigating information security threats is an ongoing battle. Here you'll find information on the latest malware and cyberattacks facing enterprises, from viruses and Trojans to social engineering techniques, as well as news, expert advice and learning tools to address these threats.

Recent Definitions

  • zero-day (computer)

    A zero-day vulnerability, also known as a computer zero day, is a flaw in software, hardware or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw.

  • Cybercrime

    Cybercrime is any criminal activity that involves a computer, networked device or a network.

  • side-channel attack

    A side-channel attack (SCA) is a security exploit that involves collecting information about what a computing device does when it is performing cryptographic operations and using that information to reverse engineer the device's cryptography system.

Highlights

More Information security threats Topics

Back to Top

Network threat detection

Get news, tips and expert advice on network threat detection. This resource will cover the latest trends and technology around network threats and threat detection systems and services. Learn how to uncover, analyze and address network vulnerabilities to mitigate the risk of cyberattacks.

Recent Definitions

  • fraud detection

    Fraud detection is a set of activities undertaken to prevent money or property from being obtained through false pretenses. Fraud is a criminal act of deception done by unjustly claiming accomplishments or qualities for financial or personal gain.

  • cryptographic nonce

    A nonce is a random or semi-random number that is generated for a specific use, typically related to cryptographic communication or information technology.

  • information security (infosec)

    Information security (infosec) is a set of strategies for managing the processes, tools and policies necessary to prevent, detect, document and counter threats to digital and non-digital information.

Highlights

More Network threat detection Topics

Back to Top

Platform security

Get the latest news, advice and best practices for platform security. Here you'll find information on vulnerability and threat management, operating system security fundamentals, virtualization security basics, Web security and more.

Recent Definitions

  • Windows Defender Exploit Guard

    Windows Defender Exploit Guard (EG) is an anti-malware software developed by Microsoft that provides intrusion protection for users with the Windows 10 operating system (OS).

  • Meltdown and Spectre flaws

    Meltdown and Spectre flaws are variations on vulnerabilities to most computer chips manufactured in the past 20 years that can gain access to data and information stored on the device.

  • Google Chrome Enterprise

    Google Chrome Enterprise is the business-focused solution for Chrome devices, Chrome browser and Chrome OS. Chrome Enterprise offers cloud-based management tools, integrations with third party products and 24/7 support for IT administrators.

Highlights

More Platform security Topics

Back to Top

Security compliance

Get tips from the experts on security audits, compliance and standards. Advice is offered on data privacy and theft, audit planning and management, how to work with auditors, and compliance with standards, regulations and guidelines such as PCI DSS, GLBA, HIPPA, SOX, FISMA, ISO 17799 and COBIT.

Recent Definitions

  • double blind test

    Double blind test is an experiment where both the subject and observer are unaware that the exercise in practice is a test. Double blind testing is referred to as the gold standard of testing.

  • checksum

    A checksum is a value that represents the number of bits in a transmission message and is used by IT professionals to detect high-level errors within data transmissions.

  • payload (computing)

    In computing, a payload is the carrying capacity of a packet or other transmission data unit. The term has its roots in the military and is often associated with the capacity of executable malicious code  to do damage. Technically, the payload of a specific packet or other protocol data unit (PDU) is the actual transmitted data sent by communicating endpoints.

Highlights

More Security compliance Topics

Back to Top

Software security

Get advice on software application security. Here you'll find information on software vulnerability and threat management, application attacks, software security tools, application firewalls, software patching and more.

Recent Definitions

  • zero-day (computer)

    A zero-day vulnerability, also known as a computer zero day, is a flaw in software, hardware or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw.

  • Malwarebytes software

    Malwarebytes is a cross-platform anti-malware program that detects and removes malware and other rogue software.

  • distributed denial of service (DDoS) attack

    A distributed denial-of-service (DDoS) attack is an attack in which multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource.

Highlights

More Software security Topics

Back to Top

Web security tools

Get news and expert advice on Web security tools and threats. Find out about current threats against Web applications, web security tools, SSL and TLS encryption, Web services, SOA, web access control, web server security, URL filtering, content filtering and browser security.

Recent Definitions

  • cryptographic nonce

    A nonce is a random or semi-random number that is generated for a specific use, typically related to cryptographic communication or information technology.

  • Transport Layer Security (TLS)

    Transport Layer Security (TLS) is a protocol that provides authentication, privacy, and data integrity between two communicating computer applications.

  • distributed denial of service (DDoS) attack

    A distributed denial-of-service (DDoS) attack is an attack in which multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource.

Highlights

More Web security tools Topics

Back to Top

Wireless and mobile security

In this guide, get advice on tools, software and tactics for wireless network security and wireless mobile device security. Learn how to build and maintain a secure wireless LAN, how to protect mobile devices, and how to successfully configure, implement and manage a solid wireless network.

Recent Definitions

  • man-in-the-disk (MITD) attack

    Man-in-the-disk (MITD) is an attack vector that allows an intruder to intercept and potentially alter data as it moves between Android external storage and an installed app.

  • secure container

    A secure container is a lightweight, executable software package that has been isolated from other software or processes running on the same virtual or physical host.

  • WPA3

    WPA3, also known as Wi-Fi Protected Access 3, is the third version of the security certification program developed by the Wi-Fi Alliance that works to secure wireless networks and ensure Wi-Fi related products meet a common standard.

Highlights

More Wireless and mobile security Topics

Back to Top

-ADS BY GOOGLE

SearchCompliance

  • compliance audit

    A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines.

  • regulatory compliance

    Regulatory compliance is an organization's adherence to laws, regulations, guidelines and specifications relevant to its business...

  • Whistleblower Protection Act

    The Whistleblower Protection Act of 1989 is a law that protects federal government employees in the United States from ...

SearchSecurity

  • Cybercrime

    Cybercrime is any criminal activity that involves a computer, networked device or a network.

  • data breach

    A data breach is a confirmed incident in which sensitive, confidential or otherwise protected data has been accessed and/or ...

  • zero-day (computer)

    A zero-day vulnerability, also known as a computer zero day, is a flaw in software, hardware or firmware that is unknown to the ...

SearchHealthIT

SearchDisasterRecovery

  • cloud insurance

    Cloud insurance is any type of financial or data protection obtained by a cloud service provider. 

  • business continuity software

    Business continuity software is an application or suite designed to make business continuity planning/business continuity ...

  • business continuity policy

    Business continuity policy is the set of standards and guidelines an organization enforces to ensure resilience and proper risk ...

SearchStorage

  • business impact analysis (BIA)

    Business impact analysis (BIA) is a systematic process to determine and evaluate the potential effects of an interruption to ...

  • RAID (redundant array of independent disks)

    RAID (redundant array of independent disks) is a way of storing the same data in different places on multiple hard disks to ...

  • dedicated cloud

    A dedicated cloud is a single-tenant cloud infrastructure, which essentially acts as an isolated, single-tenant public cloud.

Close