Get started

Get started

Bring yourself up to speed with our introductory content.

• biometric payment

  Biometric payment is a point-of-sale (POS) technology that uses biometric authentication physical characteristics to identify the user and authorize the deduction of funds from a bank account. Continue Reading

• Melissa virus

  Melissa was a type of email virus that initially become an issue in early 1999. Continue Reading

• Twofish

  Twofish is a symmetric-key block cipher with a block size of 128 bits and variable-length key of size 128, 192 or 256 bits. Continue Reading

• How to create a company password policy, with template

  Use these guidelines and our free template to ensure your company's password policy sets the ground rules for strong and effective password creation and use. Continue Reading

• walled garden

  On the internet, a walled garden is an environment that controls the user's access to network-based content and services. Continue Reading

• Definitions to Get Started

  • biometric payment
  • Melissa virus
  • Twofish
  • walled garden

  • potentially unwanted program (PUP)
  • plaintext
  • black hat hacker
  • cookie poisoning

  View All Definitions

• potentially unwanted program (PUP)

  A potentially unwanted program (PUP) is a program that may be unwanted, despite the possibility that users consented to download it.Continue Reading

• Elastic Stack Security tutorial: How to create detection rules

  This excerpt from 'Threat Hunting with Elastic Stack' provides step-by-step instructions to create detection rules and monitor network security events data.Continue Reading

• plaintext

  In cryptography, plaintext is usually ordinary readable text before it is encrypted into ciphertext or after it is decrypted.Continue Reading

• black hat hacker

  A black hat hacker has been historically used to describe one who has malicious intent -- such as theft of information, fraud or disrupting systems -- but increasingly, more specific terms are being used to describe those people.Continue Reading

• cookie poisoning

  Cookie poisoning is a type of cyber attack in which a bad actor hijacks, forges, alters or manipulates a cookie to gain unauthorized access to a user's account, open a new account in the user's name or steal the user's information for purposes such ...Continue Reading

• footprinting

  Footprinting is an ethical hacking technique used to gather as much data as possible about a specific targeted computer system, an infrastructure and networks to identify opportunities to penetrate them.Continue Reading

• What are the most important email security protocols?

  Email was designed without security considerations, but these top email security protocols add mechanisms to keep messaging safe from threats.Continue Reading

• snooping

  Snooping, in a security context, is unauthorized access to another person's or company's data.Continue Reading

• Nimda

  First appearing on September 18, 2001, Nimda is a computer virus that caused traffic slowdowns as it rippled across the internet.Continue Reading

• content filtering

  On the internet, content filtering -- also known as information filtering -- is the use of a program to screen and exclude from access or availability webpages or email that is deemed objectionable.Continue Reading

• CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart)

  A CAPTCHA is a type of challenge-response system designed to differentiate humans from robotic computer programs.Continue Reading

• virus hoax

  A virus hoax is a false warning about a computer virus.Continue Reading

• Security Assertion Markup Language (SAML)

  Security Assertion Markup Language (SAML) is an open standard for sharing security information about identity, authentication and authorization across different systems.Continue Reading

• cache poisoning

  Cache poisoning is a type of cyber attack in which attackers insert fake information into a domain name system (DNS) cache or web cache for the purpose of harming users.Continue Reading

• cross-site scripting (XSS)

  Cross-site scripting (XSS) is a type of injection attack in which a threat actor inserts data, such as a malicious script, into content from otherwise trusted websites.Continue Reading

• vulnerability disclosure

  Vulnerability disclosure is the practice of reporting security flaws in computer software or hardware.Continue Reading

• RSA algorithm (Rivest-Shamir-Adleman)

  The RSA algorithm (Rivest-Shamir-Adleman) is the basis of a cryptosystem -- a suite of cryptographic algorithms that are used for specific security services or purposes -- which enables public key encryption and is widely used to secure sensitive ...Continue Reading

• What is multifactor authentication and how does it work?

  Multifactor authentication (MFA) is a security technology that requires more than one method of authentication from independent categories of credentials to verify a user's identity for a login or other transaction.Continue Reading

• Report on Compliance (ROC)

  A Report on Compliance (ROC) is a form that must be completed by all Level 1 Visa merchants undergoing a PCI DSS (Payment Card Industry Data Security Standard) audit.Continue Reading

• What is biometric authentication?

  Biometric authentication is a security process that relies on the unique biological characteristics of individuals to verify they are who they say they are.Continue Reading

• shoulder surfing

  Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information.Continue Reading

• adware

  Adware is any software application in which an advertising banner or other advertising material displays or downloads while a program is running.Continue Reading

• Securities and Exchange Commission (SEC)

  The Securities and Exchange Commission (SEC) is the U.S. government agency that oversees the nation's securities industry.Continue Reading

• Digital Signature Standard (DSS)

  The Digital Signature Standard (DSS) is a digital signature algorithm (DSA) developed by the U.S. National Security Agency (NSA) as a means of authentication for electronic documents.Continue Reading

• encryption key

  In cryptography, an encryption key is a variable value that is applied using an algorithm to a string or block of unencrypted text to produce encrypted text or to decrypt encrypted text.Continue Reading

• payload (computing)

  In computing, a payload is the carrying capacity of a packet or other transmission data unit.Continue Reading

• script kiddie

  Script kiddie is a derogative term that computer hackers coined to refer to immature, but often just as dangerous, exploiters of internet security weaknesses.Continue Reading

• cipher

  In cryptography, a cipher is an algorithm for encrypting and decrypting data.Continue Reading

• What is risk analysis?

  Risk analysis is the process of identifying and analyzing potential issues that could negatively impact key business initiatives or projects.Continue Reading

• What is cybersecurity insurance (cybersecurity liability insurance)?

  Cybersecurity insurance, also called cyber liability insurance or cyber insurance, is a contract that an entity can purchase to help reduce the financial risks associated with doing business online.Continue Reading

• What is integrated risk management (IRM)?

  Integrated risk management (IRM) is a set of coordinated business practices and supporting software tools that contribute to an organization's ability to understand and manage risk holistically across all departments and third-party dependencies.Continue Reading

• CISO as a service (vCISO, virtual CISO, fractional CISO)

  A CISO as a service (CISOaaS) is the outsourcing of CISO (chief information security officer) and information security leadership responsibilities to a third-party provider.Continue Reading

• 4 types of ransomware and a timeline of attack examples

  There are four main types of ransomware, but many examples of ransomware strains. Learn how the ransomware types work, and review notable ransomware attacks and variants.Continue Reading

• cryptographic nonce

  A nonce is a random or semi-random number that is generated for a specific use.Continue Reading

• The history and evolution of ransomware

  Ransomware has evolved from a malicious floppy disk demanding $189 in ransom to a trillion-dollar industry with ransom for rent, sophisticated techniques and big-name victims.Continue Reading

• decompression bomb (zip bomb, zip of death attack)

  A decompression bomb -- also known as a zip bomb or zip of death attack -- is a malicious archive file containing a large amount of compressed data.Continue Reading

• SSL VPN (Secure Sockets Layer virtual private network)

  An SSL VPN is a type of virtual private network (VPN) that uses the Secure Sockets Layer (SSL) protocol -- or, more often, its successor, the Transport Layer Security (TLS) protocol -- in standard web browsers to provide secure, remote access VPN ...Continue Reading

• next-generation firewall (NGFW)

  A next-generation firewall (NGFW) is part of the third generation of firewall technology that can be implemented in hardware or software.Continue Reading

• intrusion detection system (IDS)

  An intrusion detection system (IDS) is a system that monitors network traffic for suspicious activity and alerts when such activity is discovered.Continue Reading

• CISO (chief information security officer)

  The CISO (chief information security officer) is a senior-level executive responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and ...Continue Reading

• advanced persistent threat (APT)

  An advanced persistent threat (APT) is a prolonged and targeted cyber attack in which an intruder gains access to a network and remains undetected for an extended period of time.Continue Reading

• Certified Information Systems Auditor (CISA)

  Certified Information Systems Auditor (CISA) is a certification and globally recognized standard for appraising an IT auditor's knowledge, expertise and skill in assessing vulnerabilities and instituting IT controls in an enterprise environment.Continue Reading

• DNS attack

  A DNS attack is an exploit in which an attacker takes advantage of vulnerabilities in the domain name system (DNS).Continue Reading

• keylogger (keystroke logger or system monitor)

  A keylogger, sometimes called a keystroke logger or keyboard capture, is a type of surveillance technology used to monitor and record each keystroke on a specific computer.Continue Reading

• Certified Information Security Manager (CISM)

  Certified Information Security Manager (CISM) is an advanced certification that indicates that an individual possesses the knowledge and experience required to develop and manage an enterprise information security (infosec) program.Continue Reading

• cryptanalysis

  Cryptanalysis is the study of ciphertext, ciphers and cryptosystems with the aim of understanding how they work and finding and improving techniques for defeating or weakening them.Continue Reading

• IP spoofing

  Internet Protocol (IP) spoofing is a type of malicious attack where the threat actor hides the true source of IP packets to make it difficult to know where they came from.Continue Reading

• How to use Ghidra for malware analysis, reverse-engineering

  The Ghidra malware analysis tool helps infosec beginners learn reverse-engineering quickly. Get help setting up a test environment and searching for malware indicators.Continue Reading

• Get started with the Ghidra reverse-engineering framework

  Malware analysts use Ghidra to examine code to better understand how it works. Learn what to expect from the reverse-engineering framework, how to start using it and more.Continue Reading

• Patch Tuesday

  Patch Tuesday is the unofficial name of Microsoft's monthly scheduled release of security fixes for the Windows operating system (OS) and other Microsoft software.Continue Reading

• 10 CIPP/US practice questions to test your privacy knowledge

  Advance your privacy career by becoming a Certified Information Privacy Professional. Use these 10 practice questions from Wiley's IAPP CIPP/US study guide to prepare for the exam.Continue Reading

• How to prepare for the CIPP/US exam

  The co-authors of a CIPP/US study guide offer advice on the IAPP certification, including career benefits, how to prepare and how the U.S. exam differs from other regions' exams.Continue Reading

• RADIUS (Remote Authentication Dial-In User Service)

  RADIUS (Remote Authentication Dial-In User Service) is a client-server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or ...Continue Reading

• Secure Electronic Transaction (SET)

  Secure Electronic Transaction (SET) is a system and electronic protocol to ensure the integrity and security of transactions conducted over the internet.Continue Reading

• identity management (ID management)

  Identity management (ID management) is the organizational process for ensuring that individuals have the appropriate access to technology resources.Continue Reading

• one-time password (OTP)

  A one-time password (OTP) is an automatically generated numeric or alphanumeric string of characters that authenticates the user for a single transaction or login session.Continue Reading

• identity provider

  An identity provider (IdP) is a system component that provides an end user or internet-connected device with a single set of login credentials that ensures the entity is who or what it says it is across multiple platforms, applications and networks.Continue Reading

• remote access

  Remote access is the ability for an authorized person to access a computer or network from a geographical distance through a network connection.Continue Reading

• malware

  Malware, or malicious software, is any program or file that is intentionally harmful to a computer, network or server.Continue Reading

• asymmetric cryptography (public key cryptography)

  Asymmetric cryptography, also known as public-key cryptography, is a process that uses a pair of related keys -- one public key and one private key -- to encrypt and decrypt a message and protect it from unauthorized access or use.Continue Reading

• cryptography

  Cryptography is a method of protecting information and communications through the use of codes, so that only those for whom the information is intended can read and process it.Continue Reading

• WannaCry ransomware

  The WannaCry ransomware is a worm that spreads by exploiting vulnerabilities in the Windows operating system.Continue Reading

• What is extortionware? How does it differ from ransomware?

  Prevention is the only line of defense against an extortionware attack. Learn how extortionware works and why it can be more damaging than ransomware.Continue Reading

• brute-force attack

  A brute-force attack is a trial-and-error method used by application programs to decode login information and encryption keys to use them to gain unauthorized access to systems.Continue Reading

• authentication

  Authentication is the process of determining whether someone or something is, in fact, who or what it says it is.Continue Reading

• Secure Shell (SSH)

  SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.Continue Reading

• NIST Cybersecurity Framework

  The NIST Cybersecurity Framework (NIST CSF) is a policy framework surrounding IT infrastructure security.Continue Reading

• personally identifiable information (PII)

  Personally identifiable information (PII) is any data that could potentially identify a specific individual.Continue Reading

• Advanced Encryption Standard (AES)

  The Advanced Encryption Standard (AES) is a symmetric block cipher chosen by the U.S. government to protect classified information.Continue Reading

• vulnerability assessment (vulnerability analysis)

  A vulnerability assessment is the process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructures.Continue Reading

• sandbox (software testing and security)

  A sandbox is an isolated testing environment that enables users to run programs or open files without affecting the application, system or platform on which they run.Continue Reading

• role-based access control (RBAC)

  Role-based access control (RBAC) is a method of restricting network access based on the roles of individual users within an enterprise.Continue Reading

• Zoombombing

  Zoombombing is a type of cyber-harassment in which an individual or a group of unwanted and uninvited users interrupt online meetings over the Zoom video conference app.Continue Reading

• digital certificate

  A digital certificate, also known as a public key certificate, is used to cryptographically link ownership of a public key with the entity that owns it.Continue Reading

• cybercrime

  Cybercrime is any criminal activity that involves a computer, networked device or a network.Continue Reading

• key fob

  A key fob is a small, programmable device that provides access to a physical object.Continue Reading

• email virus

  An email virus consists of malicious code distributed in email messages to infect one or more devices.Continue Reading

• identity theft

  Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable information (PII), such as Social Security or driver's license numbers, to impersonate someone else.Continue Reading

• COBIT

  COBIT is an IT governance framework for businesses wanting to implement, monitor and improve IT management best practices.Continue Reading

• security policy

  A security policy is a document that states in writing how a company plans to protect its physical and information technology (IT) assets.Continue Reading

• email spam

  Email spam, also known as junk email, refers to unsolicited email messages, usually sent in bulk to a large list of recipients.Continue Reading

• shadow password file

  A shadow password file, also known as /etc/shadow, is a system file in Linux that stores encrypted user passwords and is accessible only to the root user, preventing unauthorized users or malicious actors from breaking into the system.Continue Reading

• browser hijacker (browser hijacking)

  A browser hijacker is a malware program that modifies web browser settings without the user's permission and redirects the user to websites the user had not intended to visit.Continue Reading

• Kerberos

  Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet.Continue Reading

• SIEM vs. SOAR vs. XDR: Evaluate the differences

  SIEM, SOAR and XDR share similar definitions, but each has distinct drawbacks. Learn what each offers and how they differ for help deciding which to deploy in your company.Continue Reading

• promiscuous mode

  In computer networking, promiscuous mode is a mode of operation, as well as a security, monitoring and administration technique.Continue Reading

• macro virus

  A macro virus is a computer virus written in the same macro language used to create software programs such as Microsoft Excel or Word.Continue Reading

• certificate authority (CA)

  A certificate authority (CA) is a trusted entity that issues Secure Sockets Layer (SSL) certificates.Continue Reading

• How to use Metasploit commands and exploits for pen tests

  These step-by-step instructions demonstrate how to use the Metasploit Framework for enterprise vulnerability and penetration testing.Continue Reading

• federated identity management (FIM)

  Federated identity management (FIM) is an arrangement between multiple enterprises or domains that enables their users to use the same identification data (digital identity) to access all their networks.Continue Reading

• Malware analysis for beginners: Getting started

  With the cybersecurity industry struggling to fill open positions, now is the time to start in the field. Infosec expert Dylan Barker shares what you should know to be a malware analyst.Continue Reading

• Top static malware analysis techniques for beginners

  Malware will eventually get onto an endpoint, server or network. Using static analysis can help find known malware variants before they cause damage.Continue Reading

• logic bomb

  A logic bomb is a string of malicious code that is inserted intentionally into a program to harm a network when certain conditions are met.Continue Reading

• Electronic Code Book (ECB)

  Electronic Code Book (ECB) is a simple mode of operation with a block cipher that's mostly used with symmetric key encryption.Continue Reading

• Wired Equivalent Privacy (WEP)

  Wired Equivalent Privacy (WEP) is a security protocol, specified in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11b.Continue Reading