Recently on SearchSecurity
2019's top email security best practices for employees
Attackers exploit email every day to break into your network, but you can reduce risk for everyone by promoting these email security strategies for employees.
More Highlights
- What makes BSA's secure software development framework unique?
BSA rolled out a new secure software development framework in an effort to promote best practices for secure software development and improve security for all.
- Why EDR technologies are essential for endpoint protection
In this post-perimeter era, endpoint detection and response tools can provide essential protection to thwart advanced persistent threats. Learn what EDR offers.
- Endpoint security tools get an essential upgrade
Malware, APTs and other threats are getting smarter, but so are endpoint detection and response products. Learn what the latest versions can do to keep threats away.
Definitions
- Cybercrime
Cybercrime is any criminal activity that involves a computer, networked device or a network.
- data breach
A data breach is a confirmed incident in which sensitive, confidential or otherwise protected data has been accessed and/or disclosed in an unauthorized fashion.
- zero-day (computer)
A zero-day vulnerability, also known as a computer zero day, is a flaw in software, hardware or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw.
Browse Security Topics
Data security
In an era when data theft and security breaches are daily occurrences, secure data storage is a key component of a security infrastructure. This introduction to enterprise data security and protection strategies offers advice on how to lock down stored data, data backup and recovery, disk and file encryption and database security.
Recent Definitions
- data breach
A data breach is a confirmed incident in which sensitive, confidential or otherwise protected data has been accessed and/or disclosed in an unauthorized fashion.
- zero-day (computer)
A zero-day vulnerability, also known as a computer zero day, is a flaw in software, hardware or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw.
- identity and access management (IAM)
Identity and access management (IAM) is a framework of business processes, policies and technologies that facilitates the management of electronic or digital identities.
Highlights
- What makes BSA's secure software development framework unique?
- Words to go: GPS tracking security
- Building a cybersecurity awareness training program
More Data security Topics
- Data loss prevention technology
- Data security and cloud computing
- Data security breaches
- Data security strategies and governance
- Disk and file encryption tools
Identity and access management
Identity and access management tools are integral to maintaining data security in the enterprise. Here you'll find information on passwords, authentication and Web access control. Browse the identity management and access control topics below for the latest news, expert advice, learning tools and more.
Recent Definitions
- identity and access management (IAM)
Identity and access management (IAM) is a framework of business processes, policies and technologies that facilitates the management of electronic or digital identities.
- private key
A private key, also known as a secret key, is a variable in cryptography that is used with an algorithm to encrypt and decrypt code.
- self-sovereign identity
Self-sovereign identity (SSI) is a model for managing digital identities in which an individual or business has sole ownership over the ability to control their accounts and personal data.
Highlights
- How Google turned 1.5 billion Android phones into 2FA keys
- How does an identity and access management framework work?
- What are the key identity and access management benefits?
More Identity and access management Topics
- Active Directory security
- Biometric technology
- Password management and policy
- PKI and digital certificates
- Privileged access management
- Single-sign on (SSO) and federated identity
- Two-factor and multifactor authentication strategies
- Web authentication and access control
Network security
Recent Definitions
- Transport Layer Security (TLS)
Transport Layer Security (TLS) is a protocol that provides authentication, privacy, and data integrity between two communicating computer applications.
- zero-trust model (zero trust network)
The zero trust model is a security model used by IT professionals that requires strict identity and device verification regardless of the user’s location in relation to the network perimeter.
- distributed denial of service (DDoS) attack
A distributed denial-of-service (DDoS) attack is an attack in which multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource.
Highlights
- 6 firewall selection criteria to purchase NGFWs
- DDoS attacks among top 5G security concerns
- The 5 different types of firewalls
More Network security Topics
- DDoS attack detection and prevention
- Endpoint protection and client security
- IoT security issues
- IPv6 security and network protocols security
- Network Access Control technologies
- Network device security: Appliances, firewalls and switches
- Secure remote access
- Software-defined security best practices
- VPN security
Security training and jobs
The information security careers, training and certification resource center provides the latest news, expert advice and learning tools to help you make informed career choices, learn about CISSP, SANS and CISA certification, and the training required for information security jobs.
Recent Definitions
- Certified Information Systems Security Professional (CISSP)
Certified Information Systems Security Professional (CISSP) is an information security certification developed by the International Information Systems Security Certification Consortium, also known as (ISC)².
- ethical hacker
An ethical hacker, also referred to as a white hat hacker, is an information security expert who systematically attempts to penetrate a computer system, network, application or other computing resource on behalf of its owners -- and with their permission -- to find security vulnerabilities that a malicious hacker could potentially exploit.
- Cloud Security Alliance (CSA)
The Cloud Security Alliance (CSA) is a nonprofit organization that promotes research into best practices for securing cloud computing and the use of cloud technologies to secure other forms of computing.
Highlights
- Women in cybersecurity work to grow voice in US lawmaking
- Effects of cybersecurity skills shortage worsening, new study says
- Study: Cybersecurity professionals taking on more data privacy duties
More Security training and jobs Topics
Back to TopInfosec programs
CISOs and information security programs are vital to protecting enterprises against today's cyber threats. In this resource centers, get the latest news and advice about CISO practices, infosec prrogram management and more.
Recent Definitions
- Cybercrime
Cybercrime is any criminal activity that involves a computer, networked device or a network.
- USA Patriot Act
The USA Patriot Act is a law enacted in 2001, granting new and extended data-collection abilities to federal agencies in an effort to combat terrorism after the September 11 attacks.
- information security (infosec)
Information security (infosec) is a set of strategies for managing the processes, tools and policies necessary to prevent, detect, document and counter threats to digital and non-digital information.
Highlights
- What makes BSA's secure software development framework unique?
- New executive order moves to ban Huawei
- Women in cybersecurity work to grow voice in US lawmaking
More Infosec programs Topics
- Government information security management
- Information security incident response
- Information security laws, investigations and ethics
- Information security policies, procedures and guidelines
- Security automation systems, tools and tactics
- Security industry market trends, predictions and forecasts
- Security vendor mergers and acquisitions
Risk management strategies
A risk management program is a key component for enterprise security. This section offers insight on security risk management frameworks and strategies as well as best practices on conducting effective risk assessments, vulnerability assessments, penetration tests and more.
Recent Definitions
- credential theft
Credential theft is a type of cybercrime that involves stealing the proof of identity of the victim, which can be either an individual or a business. Once credential theft has been successful, the attacker will have the same account privileges as the victim. Stealing credentials is the first stage in a credential-based attack.
- security debt
Security debt is a variant of technical debt that occurs when organizations do not invest enough money or resources into security efforts upfront. The term compares the pressures of monetary debt with the long-term burden developers and IT teams face when security shortcuts are taken.
- orphan account
An orphan account, also referred to as an orphaned account, is a user account that can provide access to corporate systems, services and applications but does not have a valid owner.
Highlights
- Building a cybersecurity awareness training program
- How to perform a building security assessment
- How to conduct a security risk review on a large building
More Risk management strategies Topics
- Penetration testing, ethical hacking and vulnerability assessments
- Risk assessments, metrics and frameworks
- Security awareness training and insider threats
Information security threats
Mitigating information security threats is an ongoing battle. Here you'll find information on the latest malware and cyberattacks facing enterprises, from viruses and Trojans to social engineering techniques, as well as news, expert advice and learning tools to address these threats.
Recent Definitions
- zero-day (computer)
A zero-day vulnerability, also known as a computer zero day, is a flaw in software, hardware or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw.
- Cybercrime
Cybercrime is any criminal activity that involves a computer, networked device or a network.
- side-channel attack
A side-channel attack (SCA) is a security exploit that involves collecting information about what a computing device does when it is performing cryptographic operations and using that information to reverse engineer the device's cryptography system.
Highlights
- 2019's top email security best practices for employees
- ZombieLoad: More side channel attacks put Intel chips at risk
- Verizon DBIR: Ransomware still a major threat, despite reports
More Information security threats Topics
- Cyberespionage and nation-state cyberattacks
- Email and messaging threats
- Emerging cyberattacks and threats
- Hacker tools and techniques: Underground hacking sites
- Malware, virus, Trojan and spyware protection and removal
Network threat detection
Get news, tips and expert advice on network threat detection. This resource will cover the latest trends and technology around network threats and threat detection systems and services. Learn how to uncover, analyze and address network vulnerabilities to mitigate the risk of cyberattacks.
Recent Definitions
- fraud detection
Fraud detection is a set of activities undertaken to prevent money or property from being obtained through false pretenses. Fraud is a criminal act of deception done by unjustly claiming accomplishments or qualities for financial or personal gain.
- cryptographic nonce
A nonce is a random or semi-random number that is generated for a specific use, typically related to cryptographic communication or information technology.
- information security (infosec)
Information security (infosec) is a set of strategies for managing the processes, tools and policies necessary to prevent, detect, document and counter threats to digital and non-digital information.
Highlights
- 2019's top 5 free enterprise network intrusion detection tools
- Blue Hexagon bets on deep learning AI in cybersecurity
- DHS-led agency works to visualize, share cyber-risk information
More Network threat detection Topics
- Network intrusion detection and prevention (IDS-IPS)
- Real-time network monitoring and forensics
- SIEM, log management and big data security analytics
- Threat intelligence sharing and services
Platform security
Get the latest news, advice and best practices for platform security. Here you'll find information on vulnerability and threat management, operating system security fundamentals, virtualization security basics, Web security and more.
Recent Definitions
- Windows Defender Exploit Guard
Windows Defender Exploit Guard (EG) is an anti-malware software developed by Microsoft that provides intrusion protection for users with the Windows 10 operating system (OS).
- Meltdown and Spectre flaws
Meltdown and Spectre flaws are variations on vulnerabilities to most computer chips manufactured in the past 20 years that can gain access to data and information stored on the device.
- Google Chrome Enterprise
Google Chrome Enterprise is the business-focused solution for Chrome devices, Chrome browser and Chrome OS. Chrome Enterprise offers cloud-based management tools, integrations with third party products and 24/7 support for IT administrators.
Highlights
- Google focuses more on steering the Android ship than righting it
- 4 steps to ensure virtual machine security in cloud computing
- Google Play security improved by targeting repeat offenders
More Platform security Topics
- Alternative operating system security
- Microsoft Windows security
- Virtualization security issues and threats
Security compliance
Get tips from the experts on security audits, compliance and standards. Advice is offered on data privacy and theft, audit planning and management, how to work with auditors, and compliance with standards, regulations and guidelines such as PCI DSS, GLBA, HIPPA, SOX, FISMA, ISO 17799 and COBIT.
Recent Definitions
- double blind test
Double blind test is an experiment where both the subject and observer are unaware that the exercise in practice is a test. Double blind testing is referred to as the gold standard of testing.
- checksum
A checksum is a value that represents the number of bits in a transmission message and is used by IT professionals to detect high-level errors within data transmissions.
- payload (computing)
In computing, a payload is the carrying capacity of a packet or other transmission data unit. The term has its roots in the military and is often associated with the capacity of executable malicious code to do damage. Technically, the payload of a specific packet or other protocol data unit (PDU) is the actual transmitted data sent by communicating endpoints.
Highlights
- 6 firewall selection criteria to purchase NGFWs
- Google I/O 2019 keynote brings focus on security and privacy
- Next-generation firewalls vs. traditional and UTMs
More Security compliance Topics
- Data privacy issues and compliance
- HIPAA
- IT security audits and audit frameworks
- PCI Data Security Standard
Software security
Get advice on software application security. Here you'll find information on software vulnerability and threat management, application attacks, software security tools, application firewalls, software patching and more.
Recent Definitions
- zero-day (computer)
A zero-day vulnerability, also known as a computer zero day, is a flaw in software, hardware or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw.
- Malwarebytes software
Malwarebytes is a cross-platform anti-malware program that detects and removes malware and other rogue software.
- distributed denial of service (DDoS) attack
A distributed denial-of-service (DDoS) attack is an attack in which multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource.
Highlights
- WannaCry infections continue to spread 2 years later
- The 5 different types of firewalls
- Cisco SSH vulnerability sparks debate over backdoors
More Software security Topics
- Application attacks (buffer overflows, cross-site scripting)
- Application firewall security
- Database security
- Microsoft Patch Tuesday and patch management
- Open source security tools and software
- Productivity apps and messaging security
- Secure SaaS: Cloud application security
- Secure software development
- Social media security risks
Web security tools
Get news and expert advice on Web security tools and threats. Find out about current threats against Web applications, web security tools, SSL and TLS encryption, Web services, SOA, web access control, web server security, URL filtering, content filtering and browser security.
Recent Definitions
- cryptographic nonce
A nonce is a random or semi-random number that is generated for a specific use, typically related to cryptographic communication or information technology.
- Transport Layer Security (TLS)
Transport Layer Security (TLS) is a protocol that provides authentication, privacy, and data integrity between two communicating computer applications.
- distributed denial of service (DDoS) attack
A distributed denial-of-service (DDoS) attack is an attack in which multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource.
Highlights
- How to manage application security best practices and risks
- Putting cybersecurity for healthcare on solid footing
- A recent history of Facebook security and privacy issues
More Web security tools Topics
- Web application and API security best practices
- Web browser security
- Web server threats and application attacks
Wireless and mobile security
In this guide, get advice on tools, software and tactics for wireless network security and wireless mobile device security. Learn how to build and maintain a secure wireless LAN, how to protect mobile devices, and how to successfully configure, implement and manage a solid wireless network.
Recent Definitions
- man-in-the-disk (MITD) attack
Man-in-the-disk (MITD) is an attack vector that allows an intruder to intercept and potentially alter data as it moves between Android external storage and an installed app.
- secure container
A secure container is a lightweight, executable software package that has been isolated from other software or processes running on the same virtual or physical host.
- WPA3
WPA3, also known as Wi-Fi Protected Access 3, is the third version of the security certification program developed by the Wi-Fi Alliance that works to secure wireless networks and ensure Wi-Fi related products meet a common standard.
Highlights
- Why EDR technologies are essential for endpoint protection
- Endpoint security tools get an essential upgrade
- How Google turned 1.5 billion Android phones into 2FA keys
More Wireless and mobile security Topics
- BYOD and mobile device security best practices
- Mobile application security best practices
- Mobile security threats and prevention
- Wireless network security