Get started

Get started

Bring yourself up to speed with our introductory content.

• incident response

  Incident response is an organized approach to addressing and managing the aftermath of a security breach or cyberattack, also known as an IT incident, computer incident or security incident. Continue Reading

• The 5 principles of zero-trust security

  Zero trust is a journey, not a destination. Ensure your corporate network is safe from internal and external threats by implementing these five principles of zero-trust security. Continue Reading

• Why zero trust requires microsegmentation

  Microsegmentation is a key security technique that enables organizations to achieve a zero-trust model and helps ensure the security of workloads regardless of where they are located. Continue Reading

• Zero trust vs. defense in depth: What are the differences?

  Security administrators don't have to choose between zero-trust and defense-in-depth cybersecurity methodologies. Learn how the two frameworks complement each other. Continue Reading

• How to get into cybersecurity with no experience

  Cybersecurity needs new talent now more than ever, but landing that first job without a computer science degree can still be difficult. Here are five tips for getting in the door. Continue Reading

• Definitions to Get Started

  • incident response
  • MICR (magnetic ink character recognition)
  • What is cybersecurity?
  • Android System WebView

  • data masking
  • computer worm
  • corporate governance
  • cyber attack

  View All Definitions

• MICR (magnetic ink character recognition)

  MICR (magnetic ink character recognition) is a technology invented in the 1950s that's used to verify the legitimacy or originality of checks and other paper documents.Continue Reading

• What is cybersecurity?

  Cybersecurity is the protection of internet-connected systems such as hardware, software and data from cyberthreats.Continue Reading

• Android System WebView

  Android System WebView is a system component for the Android operating system (OS) that allows Android apps to display web content directly inside an application.Continue Reading

• How DKIM records reduce email spoofing, phishing and spam

  Learn how implementing DomainKeys Identified Mail helps protect against phishing, spam and email forgery by digitally signing outgoing messages.Continue Reading

• Cybersecurity career path: 5-step guide to success

  Taking the lead from ISSA's framework, here's a guide to how you can map out a long and profitable career in cybersecurity.Continue Reading

• How to develop a cybersecurity strategy: Step-by-step guide

  A cybersecurity strategy isn't meant to be perfect, but it must be proactive, effective, actively supported and evolving. Here are the four steps required to get there.Continue Reading

• data masking

  Data masking is a method of creating a structurally similar but inauthentic version of an organization's data that can be used for purposes such as software testing and user training.Continue Reading

• Cloud detection and response: CDR vs. EDR vs. NDR vs. XDR

  Cloud detection and response is the latest detection and response abbreviation. Explore how it differs from endpoint, network and extended detection and response.Continue Reading

• How to become a CISO

  The chief information security officer role is growing in profile and importance. Explore six actionable tips for aspiring CISOs as they work toward cybersecurity's top job.Continue Reading

• computer worm

  A computer worm is a type of malware whose primary function is to self-replicate and infect other computers while remaining active on infected systems.Continue Reading

• How to prepare for post-quantum computing security

  One of the biggest fears about quantum computing is its ability to break encryption algorithms more easily. Learn why and how to start making quantum security preparations now.Continue Reading

• Sample CompTIA CASP+ practice questions with answers

  Preparing for the CompTIA Advanced Security Practitioner certification or refreshing your knowledge to renew your cert? Use these CASP+ practice questions to test your smarts.Continue Reading

• How to prepare for the CompTIA CASP+ exam

  Are you pursuing the CompTIA Advanced Security Practitioner certification? The author of a CASP+ cert guide offers advice on how to prepare for the exam.Continue Reading

• How to create and add an SPF record for email authentication

  Learn how to create Sender Policy Framework records to list authenticated mail servers for an email domain to fight spam, phishing, email forgery and other malicious email.Continue Reading

• How to start developing a plan for SASE implementation

  From prioritizing business problems to identifying future initiatives to assessing critical tool gaps, learn how to create a realistic SASE implementation roadmap.Continue Reading

• 10 must-have cybersecurity skills for career success in 2022

  Looking to advance your cybersecurity career? Here are the skills you'll need to win that CISO job, land a gig as a threat hunter and snag other security positions in high demand.Continue Reading

• corporate governance

  Corporate governance is the combination of rules, processes and laws by which businesses are operated, regulated and controlled.Continue Reading

• How SPF records prevent email spoofing, phishing and spam

  Forged email has long been used by hackers to break into protected systems. Learn how the Sender Policy Framework protocol helps stop spoofing, phishing and other malicious mail.Continue Reading

• cyber attack

  A cyber attack is any attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage.Continue Reading

• homomorphic encryption

  Homomorphic encryption is the conversion of data into ciphertext that can be analyzed and worked with as if it were still in its original form.Continue Reading

• 13 common types of cyber attacks and how to prevent them

  To prevail in the battle against cybercrime, companies must understand how they are being attacked. Here are the most damaging types of cyber attacks and how to prevent them.Continue Reading

• Email authentication: How SPF, DKIM and DMARC work together

  Internet protocols for email authentication -- SPF, DKIM and DMARC -- coordinate defense against spammers, phishing and other spoofed email problems.Continue Reading

• Top 10 cybersecurity interview questions and answers

  Interviewing for a job in cybersecurity? Memorizing 100-plus security definitions won't cut it. Here are the 10 interview questions you should be ready for -- and how to answer them.Continue Reading

• What is identity sprawl and how can it be managed?

  With identity-based attacks on the rise, organizations need to prioritize identity management. Learn about identity sprawl, why it's a risk and how it can be managed.Continue Reading

• How to create a threat profile, with template

  Read five key steps on how to create a threat profile, and get started making them customized to your organization with our free template.Continue Reading

• DomainKeys Identified Mail (DKIM)

  DomainKeys Identified Mail (DKIM) is a protocol for authenticating email messages using public key cryptography to protect against forged emails.Continue Reading

• Domain-based Message Authentication, Reporting and Conformance (DMARC)

  The Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol is one leg of the tripod of internet protocols that support email authentication methods.Continue Reading

• Is ethical hacking legal? And more ethical hacking advice

  Is ethical hacking legal? Learn about the legality of ethical hacking, why it's important, its benefits and what organizations should look for when hiring an ethical hacker.Continue Reading

• Ethical hacking: How to conduct a Sticky Keys hack

  Physical security is often overlooked by cybersecurity teams. Learn about physical cybersecurity attacks in step-by-step instruction on how to conduct a Windows Sticky Keys hack.Continue Reading

• Data masking vs. data encryption: How do they differ?

  Discover how the data security techniques of data masking and data encryption compare, while also learning about different types of both and their use cases.Continue Reading

• How to develop a data breach response plan: 5 steps

  A data breach response plan outlines how a business will react to a breach. Follow these five steps, and use our free template to develop your organization's plan.Continue Reading

• SSH2 vs. SSH1 and why SSH versions still matter

  The Secure Shell protocol, SSH, was redesigned and released as SSH2 in 2006. While SSH1 lingers for legacy uses, find out how the protocols differ and why it's important.Continue Reading

• data breach

  A data breach is a cyber attack in which sensitive, confidential or otherwise protected data has been accessed or disclosed in an unauthorized fashion.Continue Reading

• Symmetric vs. asymmetric encryption: What's the difference?

  Explore the differences between symmetric vs. asymmetric encryption, including how they work and common algorithms, as well as their pros and cons.Continue Reading

• insider threat

  An insider threat is a category of risk posed by those who have access to an organization's physical or digital assets.Continue Reading

• How to create a data security policy, with template

  Are you looking to create or update your organization's data security policy? Learn about the key elements of a data security policy, and use our free template to get started.Continue Reading

• data compliance

  Data compliance is a process that identifies the applicable governance for data protection, security, storage and other activities and establishes policies, procedures and protocols ensuring data is fully protected from unauthorized access and use, ...Continue Reading

• crypto wallet (cryptocurrency wallet)

  A crypto wallet (cryptocurrency wallet) is software or hardware that enables users to store and use cryptocurrency.Continue Reading

• VMDR: Inside vulnerability management, detection and response

  VMDR offers automated asset identification, threat prioritization and patch management. But do companies need another vulnerability management tool?Continue Reading

• user behavior analytics (UBA)

  User behavior analytics (UBA) is the tracking, collecting and assessing of user data and activities using monitoring systems.Continue Reading

• Pen testing vs. vulnerability scanning: What’s the difference?

  Confused by the differences between pen tests and vulnerability scans? You're not alone. Learn the key differences between the two and when each should be used.Continue Reading

• 3 steps for getting started with security service edge

  Before getting started with security service edge (SSE), formulate a migration strategy. Check out these three expert tips for tackling SSE with maximum efficiency and ease.Continue Reading

• SecOps vs. CloudSecOps: What does a CloudSecOps team do?

  Now, more than ever, organizations need to build controls, monitor and enact security response activities for the cloud. This is where the CloudSecOps team comes into play.Continue Reading

• How to use SSH tunnels to cross network boundaries

  The Secure Shell protocol authenticates and encrypts network connections. Find out how it's used to build tunnels while crossing private networks and even firewalls.Continue Reading

• Top 7 types of data security technology

  These seven types of data security technologies -- from encryption to masking -- will better protect customer and enterprise data from inappropriate and unauthorized access and use.Continue Reading

• How to create a critical infrastructure incident response plan

  Does your organization have an incident response plan for disruptions to critical infrastructure? Learn how to write a successful plan for your company.Continue Reading

• access control

  Access control is a security technique that regulates who or what can view or use resources in a computing environment.Continue Reading

• blended threat

  A blended threat is an exploit that combines elements of multiple types of malware and usually employs various attack vectors to increase the severity of damage and the speed of contagion.Continue Reading

• How to conduct a cyber-resilience assessment

  It's a good cyber hygiene practice to periodically review your organization's cybersecurity plans and procedures. Use this checklist to guide your cyber-resilience assessment.Continue Reading

• Negotiating a golden parachute clause in a CISO contract

  If a CISO becomes the company scapegoat after a security incident, a strong golden parachute clause can mean the difference between a soft landing and a hard crash.Continue Reading

• encryption

  Encryption is the method by which information is converted into secret code that hides the information's true meaning.Continue Reading

• How to determine out-of-scope bug bounty assets

  What happens when a security researcher discovers a bug in an out-of-scope asset? Learn how to handle bug bounty scope in this excerpt from 'Corporate Cybersecurity.'Continue Reading

• Use ssh-keygen to create SSH key pairs and more

  Learn how to use ssh-keygen to create new key pairs, copy host keys, use a single login key pair for multiple hosts, retrieve key fingerprints and more in this tutorial.Continue Reading

• 7 enterprise patch management best practices

  It might not be the most exciting responsibility, but the value of a well-executed patch management strategy can't be denied. Use these best practices to build a smooth process.Continue Reading

• X.509 certificate

  An X.509 certificate is a digital certificate that uses the widely accepted international X.509 public key infrastructure (PKI) standard to verify that a public key belongs to the user, computer or service identity contained within the certificate.Continue Reading

• directory traversal

  Directory traversal is a type of HTTP exploit in which a hacker uses the software on a web server to access data in a directory other than the server's root directory.Continue Reading

• malware

  Malware, or malicious software, is any program or file that is intentionally harmful to a computer, network or server.Continue Reading

• 3 types of PKI certificates and their use cases

  Public key infrastructure helps authenticate senders via cryptography and digital certificates. Learn about three types of PKI certificates and their use cases.Continue Reading

• How to get started with multi-cloud threat hunting

  More clouds mean a bigger attack surface. It also complicates how companies can accurately hunt for potential threats. But there are steps to take that can reduce the risk.Continue Reading

• How to conduct a cyber-war gaming exercise

  A successful cyber-war game can help organizations find weaknesses in their system but only if the right participants are involved and an after-action review is completed.Continue Reading

• man in the browser (MitB)

  Man in the browser (MitB) is a security attack where the perpetrator installs a Trojan horse on the victim's computer that is capable of modifying that user's web transactions.Continue Reading

• Zero trust vs. zero-knowledge proof: What's the difference?

  Zero-knowledge proofs can help companies implement a zero-trust framework. Learn about the two concepts and how they come together to better secure networks.Continue Reading

• Patch Tuesday

  Patch Tuesday is the unofficial name of Microsoft's monthly scheduled release of security fixes for the Windows operating system (OS) and other Microsoft software.Continue Reading

• parameter tampering

  Parameter tampering is a type of web-based cyber attack in which certain parameters in a URL are changed without a user's authorization.Continue Reading

• SYN flood attack

  A SYN flood attack is a type of denial-of-service (DoS) attack on a computer server.Continue Reading

• Cyber-war gaming: A cybersecurity tabletop exercise

  Based off military war games, cyber-war gaming examines a company's security posture. Learn how it works, the readiness needed, who should be involved and more.Continue Reading

• Sender Policy Framework (SPF)

  Sender Policy Framework (SPF) is a protocol designed to restrict who can use an organization's domain as the source of an email message.Continue Reading

• How to conduct Linux privilege escalations

  Learn how to conduct Linux kernel exploitation with Metasploit and manually, as well as how to identify vulnerabilities on Linux using enumeration scripts.Continue Reading

• An introduction to binary diffing for ethical hackers

  Binary diffing is a useful tool in the ethical hacker's arsenal. This excerpt teaches aspiring penetration testers and red teamers how to get started.Continue Reading

• security information management (SIM)

  Security information management (SIM) is the practice of collecting, monitoring and analyzing security-related data from computer logs and various other data sources.Continue Reading

• WLAN Authentication and Privacy Infrastructure (WAPI)

  WLAN Authentication and Privacy Infrastructure (WAPI) is a wireless local area network security standard officially supported by the Chinese government.Continue Reading

• mail bomb

  A mail bomb is a form of a denial-of-service (DoS) attack designed to overwhelm an inbox or inhibit a server by sending a massive number of emails to a specific person or system.Continue Reading

• What is cybersecurity mesh and how can it help you?

  The concept of cybersecurity mesh could help solve and simplify issues created by multi-cloud deployments and the increase in remote work environments.Continue Reading

• Pen testing guide: Types, steps, methodologies and frameworks

  Penetration testing helps organizations find security vulnerabilities before hackers do. Uncover details about pen testing steps, methodologies, frameworks and standards.Continue Reading

• Open System Authentication (OSA)

  Open System Authentication (OSA) is a process by which a computer could gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol.Continue Reading

• AAA server (authentication, authorization and accounting)

  An AAA server is a server program that handles user requests for access to computer resources and, for an enterprise, provides authentication, authorization and accounting (AAA) services.Continue Reading

• content filtering

  Content filtering is a process involving the use of software or hardware to screen and/or restrict access to objectionable email, webpages, executables and other suspicious items.Continue Reading

• SOC 1 (System and Organization Controls 1)

  System and Organization Controls 1, or SOC 1 (pronounced "sock one"), aims to control objectives within a SOC 1 process area and documents internal controls relevant to an audit of a user entity's financial statements.Continue Reading

• How to implement OpenID Connect for single-page applications

  The OpenID Connect authentication protocol can be used to secure a variety of applications. This excerpt teaches developers how it works with single-page applications.Continue Reading

• How to use OpenID Connect for authentication

  OpenID Connect has become a trusted protocol to connect with identity providers. Explore how to use it for IAM, common threats to be aware of and how to connect to multiple IdPs.Continue Reading

• Luhn algorithm (modulus 10)

  The Luhn algorithm, also called modulus 10 or modulus 10 algorithm, is a simple mathematical formula used to validate a user's identification numbers.Continue Reading

• authentication server

  An authentication server is an application that facilitates the authentication of an entity that attempts to access a network.Continue Reading

• PA-DSS (Payment Application Data Security Standard)

  Payment Application Data Security Standard (PA-DSS) is a set of requirements intended to help software vendors develop secure payment applications for credit card transactions.Continue Reading

• mutual authentication

  Mutual authentication, also called two-way authentication, is a process or technology in which both entities in a communications link authenticate each other.Continue Reading

• How to write an information security policy, plus templates

  Infosec policies are key to any enterprise security program. Read up on types of security policies and how to write one, and download free templates to start the drafting process.Continue Reading

• screened subnet

  A screened subnet, or triple-homed firewall, refers to a network architecture where a single firewall is used with three network interfaces.Continue Reading

• How to build a security champions program

  Security champions are key to promoting and creating a security-first company. Learn how to build a security champions program using these four steps.Continue Reading

• metamorphic and polymorphic malware

  Metamorphic and polymorphic malware are two types of malicious software (malware) that can change their code as they propagate through a system.Continue Reading

• Explaining the differences between SASE vs. SSE

  Most security professionals are familiar with Secure Access Service Edge, but now there's a new tool for administrators to consider: security service edge.Continue Reading

• security identifier (SID)

  In the context of Windows computing and Microsoft Active Directory (AD), a security identifier (SID) is a unique value that is used to identify any security entity that the operating system (OS) can authenticate.Continue Reading

• North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP)

  The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) plan is a set of standards aimed at regulating, enforcing, monitoring and managing the security of the Bulk Electric System (BES) in North America.Continue Reading

• Tips for creating a cybersecurity resume

  Resumes help candidates leave an impression on potential employers. But did you know one resume often isn't enough? Learn this and other tips for creating a cybersecurity resume.Continue Reading

• How to manage imposter syndrome in cybersecurity

  The imposter syndrome phenomenon is readily apparent in cybersecurity. Learn how to manage it, along with mishaps to avoid during the job hunt and other career advice.Continue Reading

• Privacy-enhancing technology types and use cases

  Data is key to companies' success, but maintaining its privacy and ensuring regulatory compliance is difficult. Learn about privacy-enhancing technologies that keep data protected.Continue Reading

• Internet Key Exchange (IKE)

  Internet Key Exchange (IKE) is a standard protocol used to set up a secure and authenticated communication channel between two parties via a virtual private network (VPN).Continue Reading