Recently on SearchSecurity
Standardize cybersecurity terms to get everyone correct service
Some cybersecurity terms can refer to multiple service offerings, which can be confusing for companies looking to implement them as well as the companies providing them.
More Highlights
- SolarWinds breach news center
The massive SolarWinds supply-chain attack continues to invade networks. Here's the latest news on the breach, how the malware infiltrates systems and the IT industry response.
- Adopting threat hunting techniques, tactics and strategy
Adopt threat hunting techniques that analyze the right data, detect anomalies, use frameworks and compare success metrics, combining manual techniques with AI and machine learning.
- FireEye releases new tool to fight SolarWinds hackers
The new tool, dubbed Azure AD Investigator, will help audit Microsoft 365 environments for techniques used by the nation-state actors behind the SolarWinds supply chain attack.
Definitions
- cyber attack
A cyber attack is any attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage.
- backdoor (computing)
A backdoor is a means to access a computer system or encrypted data that bypasses the system's customary security mechanisms.
- post-quantum cryptography
Post-quantum cryptography, also called quantum encryption, is the development of cryptographic systems for classical computers that are able to prevent attacks launched by quantum computers.
Browse Security Topics
Data security
In an era when data theft and security breaches are daily occurrences, secure data storage is a key component of a security infrastructure. This introduction to enterprise data security and protection strategies offers advice on how to lock down stored data, data backup and recovery, disk and file encryption and database security.
Recent Definitions
- cyber attack
A cyber attack is any attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage.
- prime number
A prime number is a whole number greater than 1 whose only factors are 1 and itself. A factor is a whole numbers that can be divided evenly into another number.
- Certified Information Systems Auditor (CISA)
The Certified Information Systems Auditor (CISA) is a certification and globally recognized standard for appraising an IT auditor's knowledge, expertise and skill in assessing vulnerabilities and instituting IT controls in an enterprise environment.
Highlights
- Standardize cybersecurity terms to get everyone correct service
- Malwarebytes breached by SolarWinds hackers
- FBI warns against vishing attacks targeting enterprises
More Data security Topics
- Data loss prevention technology
- Data security and cloud computing
- Data security breaches
- Data security strategies and governance
- Disk and file encryption tools
Identity and access management
Identity and access management tools are integral to maintaining data security in the enterprise. Here you'll find information on passwords, authentication and Web access control. Browse the identity management and access control topics below for the latest news, expert advice, learning tools and more.
Recent Definitions
- identity management (ID management)
Identity management (ID management) is the organizational process for ensuring that individuals have the appropriate access to technology resources.
- What is zero trust? Ultimate guide to the network security model
Zero trust is a security strategy that assumes all users, devices and transactions are already compromised. The zero trust model requires strict identity and device verification, regardless of the user’s location in relation to the network perimeter.
- tokenization
Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.
Highlights
- FireEye releases new tool to fight SolarWinds hackers
- Select a customer IAM architecture to boost business, security
- 5 cybersecurity vendors to watch in 2021
More Identity and access management Topics
- Active Directory security
- Biometric technology
- Password management and policy
- PKI and digital certificates
- Privileged access management
- Single-sign on (SSO) and federated identity
- Two-factor and multifactor authentication strategies
- Web authentication and access control
Network security
Recent Definitions
- backdoor (computing)
A backdoor is a means to access a computer system or encrypted data that bypasses the system's customary security mechanisms.
- What is SecOps? Everything you need to know
SecOps, formed from a combination of security and IT operations staff, is a highly skilled team focused on monitoring and assessing risk and protecting corporate assets, often operating from a security operations center, or SOC.
- What is zero trust? Ultimate guide to the network security model
Zero trust is a security strategy that assumes all users, devices and transactions are already compromised. The zero trust model requires strict identity and device verification, regardless of the user’s location in relation to the network perimeter.
Highlights
- Standardize cybersecurity terms to get everyone correct service
- SolarWinds breach news center
- The 5 different types of firewalls explained
More Network security Topics
- DDoS attack detection and prevention
- Endpoint protection and client security
- IoT security issues
- IPv6 security and network protocols security
- Network Access Control technologies
- Network device security: Appliances, firewalls and switches
- Secure remote access
- Software-defined security best practices
- VPN security
Security training and jobs
The information security careers, training and certification resource center provides the latest news, expert advice and learning tools to help you make informed career choices, learn about CISSP, SANS and CISA certification, and the training required for information security jobs.
Recent Definitions
- Certified Information Systems Auditor (CISA)
The Certified Information Systems Auditor (CISA) is a certification and globally recognized standard for appraising an IT auditor's knowledge, expertise and skill in assessing vulnerabilities and instituting IT controls in an enterprise environment.
- security operations center (SOC)
A security operations center (SOC) is a command center facility for a team of IT professionals with expertise in information security who monitors, analyzes and protects an organization from cyber attacks.
- Certified Information Security Manager (CISM)
Certified Information Security Manager (CISM) is an advanced certification which indicates that an individual possesses the knowledge and experience required to develop and manage an enterprise information security (infosec) program.
Highlights
- Cybersecurity career path: 5-step guide to success
- Top 10 cybersecurity interview questions and answers
- 10 must-have cybersecurity skills for career success
More Security training and jobs Topics
Back to TopInfosec programs
CISOs and information security programs are vital to protecting enterprises against today's cyber threats. In this resource centers, get the latest news and advice about CISO practices, infosec prrogram management and more.
Recent Definitions
- cybercrime
Cybercrime is any criminal activity that involves a computer, networked device or a network.
- security operations center (SOC)
A security operations center (SOC) is a command center facility for a team of IT professionals with expertise in information security who monitors, analyzes and protects an organization from cyber attacks.
- incident response team
An incident response team is a group of IT professionals in charge of preparing for and reacting to any type of organizational emergency.
Highlights
- How to develop a cybersecurity strategy: Step-by-step guide
- SolarWinds supply chain attack explained: Need-to-know info
- FBI warns against vishing attacks targeting enterprises
More Infosec programs Topics
- Government information security management
- Information security incident response
- Information security laws, investigations and ethics
- Information security policies, procedures and guidelines
- Security automation systems, tools and tactics
- Security industry market trends, predictions and forecasts
- Security vendor mergers and acquisitions
Risk management strategies
A risk management program is a key component for enterprise security. This section offers insight on security risk management frameworks and strategies as well as best practices on conducting effective risk assessments, vulnerability assessments, penetration tests and more.
Recent Definitions
- cyber attack
A cyber attack is any attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage.
- post-quantum cryptography
Post-quantum cryptography, also called quantum encryption, is the development of cryptographic systems for classical computers that are able to prevent attacks launched by quantum computers.
- CVSS (Common Vulnerability Scoring System)
The Common Vulnerability Scoring System (CVSS) is a public framework for rating the severity of security vulnerabilities in software.
Highlights
- Adopting threat hunting techniques, tactics and strategy
- How to develop a cybersecurity strategy: Step-by-step guide
- SolarWinds supply chain attack explained: Need-to-know info
More Risk management strategies Topics
- Penetration testing, ethical hacking and vulnerability assessments
- Risk assessments, metrics and frameworks
- Security awareness training and insider threats
Information security threats
Mitigating information security threats is an ongoing battle. Here you'll find information on the latest malware and cyberattacks facing enterprises, from viruses and Trojans to social engineering techniques, as well as news, expert advice and learning tools to address these threats.
Recent Definitions
- cyber attack
A cyber attack is any attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage.
- backdoor (computing)
A backdoor is a means to access a computer system or encrypted data that bypasses the system's customary security mechanisms.
- What is SecOps? Everything you need to know
SecOps, formed from a combination of security and IT operations staff, is a highly skilled team focused on monitoring and assessing risk and protecting corporate assets, often operating from a security operations center, or SOC.
Highlights
- SolarWinds breach news center
- FireEye releases new tool to fight SolarWinds hackers
- How to develop a cybersecurity strategy: Step-by-step guide
More Information security threats Topics
- Cyberespionage and nation-state cyberattacks
- Email and messaging threats
- Emerging cyberattacks and threats
- Hacker tools and techniques: Underground hacking sites
- Malware, virus, Trojan and spyware protection and removal
Network threat detection
Get news, tips and expert advice on network threat detection. This resource will cover the latest trends and technology around network threats and threat detection systems and services. Learn how to uncover, analyze and address network vulnerabilities to mitigate the risk of cyberattacks.
Recent Definitions
- What is SecOps? Everything you need to know
SecOps, formed from a combination of security and IT operations staff, is a highly skilled team focused on monitoring and assessing risk and protecting corporate assets, often operating from a security operations center, or SOC.
- SOAR (Security Orchestration, Automation and Response)
SOAR (Security Orchestration, Automation and Response) is a solution stack of compatible software programs that allow an organization to collect data about security threats, and respond to low-level security events without human assistance.
- What is zero trust? Ultimate guide to the network security model
Zero trust is a security strategy that assumes all users, devices and transactions are already compromised. The zero trust model requires strict identity and device verification, regardless of the user’s location in relation to the network perimeter.
Highlights
- Standardize cybersecurity terms to get everyone correct service
- SolarWinds breach news center
- Adopting threat hunting techniques, tactics and strategy
More Network threat detection Topics
- Network intrusion detection and prevention (IDS-IPS)
- Real-time network monitoring and forensics
- SIEM, log management and big data security analytics
- Threat intelligence sharing and services
Platform security
Get the latest news, advice and best practices for platform security. Here you'll find information on vulnerability and threat management, operating system security fundamentals, virtualization security basics, Web security and more.
Recent Definitions
- cyber attack
A cyber attack is any attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage.
- Secure Shell (SSH)
SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.
- quantum supremacy
Quantum supremacy is the experimental demonstration of a quantum computer's dominance and advantage over classic computers by performing calculations that were previously impossible at unmatched speeds.
Highlights
- Key SOC metrics and KPIs: How to define and use them
- New Microsoft Teams RCE vulnerability also wormable
- Microsoft detects Netlogon vulnerability exploitation in the wild
More Platform security Topics
- Alternative operating system security
- Microsoft Windows security
- Virtualization security issues and threats
Security compliance
Get tips from the experts on security audits, compliance and standards. Advice is offered on data privacy and theft, audit planning and management, how to work with auditors, and compliance with standards, regulations and guidelines such as PCI DSS, GLBA, HIPPA, SOX, FISMA, ISO 17799 and COBIT.
Recent Definitions
- tokenization
Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.
- RFC 1918
Request for Comment 1918 (RFC 1918), “Address Allocation for Private Internets,” is the Internet Engineering Task Force (IETF) memorandum on methods of assigning of private IP addresses on TCP/IP networks.
- PCI DSS 12 requirements
PCI DSS 12 requirements is a set of security controls that businesses are required to implement to protect credit card data and comply with the Payment Card Industry Data Security Standard (PCI DSS).
Highlights
- How to develop a cybersecurity strategy: Step-by-step guide
- 7 cybersecurity priorities CISOs should focus on for 2021
- 8 benefits of a security operations center
More Security compliance Topics
- Data privacy issues and compliance
- HIPAA
- IT security audits and audit frameworks
- PCI Data Security Standard
Software security
Get advice on software application security. Here you'll find information on software vulnerability and threat management, application attacks, software security tools, application firewalls, software patching and more.
Recent Definitions
- backdoor (computing)
A backdoor is a means to access a computer system or encrypted data that bypasses the system's customary security mechanisms.
- zero-day (computer)
Zero-day is a flaw in software, hardware or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw.
- Zoombombing
Zoombombing is a type of cyber-harassment in which an individual or a group of unwanted and uninvited users interrupt online meetings over the Zoom video conference app.
Highlights
- The 5 different types of firewalls explained
- Tenable: Vulnerability disclosures skyrocketed over last 5 years
- Quiz: Web application security threats and vulnerabilities
More Software security Topics
- Application attacks (buffer overflows, cross-site scripting)
- Application firewall security
- Database security
- Microsoft Patch Tuesday and patch management
- Open source security tools and software
- Productivity apps and messaging security
- Secure SaaS: Cloud application security
- Secure software development
- Social media security risks
Web security tools
Get news and expert advice on Web security tools and threats. Find out about current threats against Web applications, web security tools, SSL and TLS encryption, Web services, SOA, web access control, web server security, URL filtering, content filtering and browser security.
Recent Definitions
- web server
A web server is software and hardware that uses HTTP (Hypertext Transfer Protocol) and other protocols to respond to client requests made over the World Wide Web.
- digital signature
A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document.
- API management
API management is the process of overseeing application program interfaces (APIs) in a secure, scalable environment.
Highlights
- How to identify bloatware, then uninstall it
- Quiz: Web application security threats and vulnerabilities
- 5 essential programming languages for cybersecurity pros
More Web security tools Topics
- Web application and API security best practices
- Web browser security
- Web server threats and application attacks
Wireless and mobile security
In this guide, get advice on tools, software and tactics for wireless network security and wireless mobile device security. Learn how to build and maintain a secure wireless LAN, how to protect mobile devices, and how to successfully configure, implement and manage a solid wireless network.
Recent Definitions
- Wi-Fi Pineapple
A Wi-Fi Pineapple is a wireless auditing platform from Hak5 that allows network security administrators to conduct penetration tests.
- spyware
Spyware is a type of malicious software -- or malware -- that is installed on a computing device without the end user's knowledge.
- GPS jamming
GPS jamming is the process of using a frequency transmitting device to block or interfere with radio communications.
Highlights
- 2021 IT priorities require security considerations
- 10 cybersecurity best practices and tips for businesses
- How to identify bloatware, then uninstall it
More Wireless and mobile security Topics
- BYOD and mobile device security best practices
- Mobile application security best practices
- Mobile security threats and prevention
- Wireless network security