Get started
Bring yourself up to speed with our introductory content.
Get started
Bring yourself up to speed with our introductory content.
credential theft
Credential theft is a type of cybercrime that involves stealing a victim's proof of identity. Continue Reading
self-sovereign identity
Self-sovereign identity (SSI) is a model for managing digital identities in which individuals or businesses have sole ownership over the ability to control their accounts and personal data. Continue Reading
Certified Information Systems Security Professional (CISSP)
Certified Information Systems Security Professional (CISSP) is an information security certification developed by the International Information Systems Security Certification Consortium, also known as (ISC)². Continue Reading
-
privilege creep
Privilege creep is the gradual accumulation of access rights beyond what individuals need to do their job. Continue Reading
10 must-have cybersecurity skills for career success in 2023
Looking to advance your cybersecurity career? Here are the skills you'll need to win that CISO job, land a gig as a threat hunter and snag other security positions in high demand. Continue Reading
What enumeration attacks are and how to prevent them
Web applications may be vulnerable to user enumeration attacks. Learn how these brute-forcing attacks work and how to prevent them.Continue Reading
GPS jamming
GPS jamming is the act of using a frequency transmitting device to block or interfere with radio communications.Continue Reading
Top 12 online cybersecurity courses for 2023
Our panel of experts picked the best free and paid online cybersecurity courses for working professionals looking to advance their careers and for newbies breaking into the field.Continue Reading
What are the differences between su and sudo commands?
Linux administrators have choices when deciding how to delegate privileges. Learn about the options they can take while ensuring their operations remain secure.Continue Reading
12 types of wireless network attacks and how to prevent them
From packet sniffing and rogue access points to spoofing attacks and encryption cracking, learn about common wireless network attacks and how to prevent them.Continue Reading
-
checksum
A checksum is a value that represents the number of bits in a transmission message and is used by IT professionals to detect high-level errors within data transmissions.Continue Reading
security information and event management (SIEM)
Security information and event management (SIEM) is an approach to security management that combines security information management (SIM) and security event management (SEM) functions into one security management system.Continue Reading
How to use the Hydra password-cracking tool
Need help brute-forcing passwords? Get started by learning how to use the open source Hydra tool with these step-by-step instructions and companion video.Continue Reading
Evil Corp
Evil Corp is an international cybercrime network that uses malicious software to steal money from victims' bank accounts and to mount ransomware attacks.Continue Reading
Trojan horse
In computing, a Trojan horse is a program downloaded and installed on a computer that appears harmless, but is, in fact, malicious.Continue Reading
7 steps to implementing a successful XDR strategy
There's still confusion around what extended detection and response is, but it will play a key role in enterprise security. To successfully implement XDR, follow these steps.Continue Reading
Top 5 key ethical hacker skills
Ethical hacking can be a rewarding career, but it requires tenacity, curiosity and creativity, among other traits. Oh, and you better be a good writer, too.Continue Reading
quantum key distribution (QKD)
Quantum key distribution (QKD) is a secure communication method for exchanging encryption keys only known between shared parties.Continue Reading
Common Body of Knowledge (CBK)
In security, the Common Body of Knowledge (CBK) is a comprehensive framework of all the relevant subjects a security professional should be familiar with, including skills, techniques and best practices.Continue Reading
buffer underflow
A buffer underflow, also known as a buffer underrun or a buffer underwrite, is when the buffer -- the temporary holding space during data transfer -- is fed data at a lower rate than it is being read from.Continue Reading
single sign-on (SSO)
Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials -- for example, a name and password -- to access multiple applications.Continue Reading
pen testing (penetration testing)
A penetration test, also called a pen test or ethical hacking, is a cybersecurity technique that organizations use to identify, test and highlight vulnerabilities in their security posture.Continue Reading
time-based one-time password
A time-based one-time password (TOTP) is a temporary passcode generated by an algorithm that uses the current time of day as one of its authentication factors.Continue Reading
5 essential programming languages for cybersecurity pros
Coding is an important skill across almost every technology discipline today, and cybersecurity is no exception. Learn about the top programming languages for security professionals.Continue Reading
The 7 core pillars of a zero-trust architecture
Learn how Forrester's seven pillars of zero trust model can help IT leaders identify, organize and implement the appropriate cybersecurity tools for a zero-trust framework.Continue Reading
Equipment to include in a computer forensic toolkit
Computer forensic investigators require more than software to do their job. Learn what equipment constitutes a complete computer forensic toolkit.Continue Reading
Advice for beginner computer forensic investigators
For those interesting in becoming a computer forensics investigator, learn about the career and what to expect, as well as why digital evidence is the most volatile evidence.Continue Reading
RAT (remote access Trojan)
A RAT (remote access Trojan) is malware an attacker uses to gain full administrative privileges and remote control of a target computer.Continue Reading
Top 10 pen testing interview questions with answers
Are you pursuing a career in pen testing? Prepare with this list of 10 pen testing interview questions and answers created by three security experts.Continue Reading
Top IT security manager interview questions
Are you looking for a leadership role in cybersecurity? Three security experts offer their advice on how to answer the most common IT security manager interview questions.Continue Reading
Diffie-Hellman key exchange (exponential key exchange)
Diffie-Hellman key exchange is a method of digital encryption that securely exchanges cryptographic keys between two parties over a public channel without their conversation being transmitted over the internet.Continue Reading
How to configure and customize Kali Linux
Learning how to use Kali Linux for ethical hacking and penetration testing? Read step by step how to configure and customize the distribution.Continue Reading
An overview of the CISA Zero Trust Maturity Model
A zero-trust framework blocks all attempts to access internal infrastructure without authentication. The CISA Zero Trust Maturity Model is a roadmap to get there.Continue Reading
The 5 principles of zero-trust security
Zero trust is a journey, not a destination. Ensure your corporate network is safe from internal and external threats by implementing these five principles of zero-trust security.Continue Reading
Why zero trust requires microsegmentation
Microsegmentation is a key security technique that enables organizations to achieve a zero-trust model and helps ensure the security of workloads regardless of where they are located.Continue Reading
Zero trust vs. defense in depth: What are the differences?
Security administrators don't have to choose between zero-trust and defense-in-depth cybersecurity methodologies. Learn how the two frameworks complement each other.Continue Reading
How to get into cybersecurity with no experience
Cybersecurity needs new talent now more than ever, but landing that first job without a computer science degree can still be difficult. Here are five tips for getting in the door.Continue Reading
MICR (magnetic ink character recognition)
MICR (magnetic ink character recognition) is a technology invented in the 1950s that's used to verify the legitimacy or originality of checks and other paper documents.Continue Reading
Android System WebView
Android System WebView is a system component for the Android operating system (OS) that allows Android apps to display web content directly inside an application.Continue Reading
How DKIM records reduce email spoofing, phishing and spam
Learn how implementing DomainKeys Identified Mail helps protect against phishing, spam and email forgery by digitally signing outgoing messages.Continue Reading
Cybersecurity career path: 5-step guide to success
Taking the lead from ISSA's framework, here's a guide to how you can map out a long and profitable career in cybersecurity.Continue Reading
data masking
Data masking is a method of creating a structurally similar but inauthentic version of an organization's data that can be used for purposes such as software testing and user training.Continue Reading
Cloud detection and response: CDR vs. EDR vs. NDR vs. XDR
Cloud detection and response is the latest detection and response abbreviation. Explore how it differs from endpoint, network and extended detection and response.Continue Reading
How to become a CISO
The chief information security officer role is growing in profile and importance. Explore six actionable tips for aspiring CISOs as they work toward cybersecurity's top job.Continue Reading
computer worm
A computer worm is a type of malware whose primary function is to self-replicate and infect other computers while remaining active on infected systems.Continue Reading
How to prepare for post-quantum computing security
One of the biggest fears about quantum computing is its ability to break encryption algorithms more easily. Learn why and how to start making quantum security preparations now.Continue Reading
Sample CompTIA CASP+ practice questions with answers
Preparing for the CompTIA Advanced Security Practitioner certification or refreshing your knowledge to renew your cert? Use these CASP+ practice questions to test your smarts.Continue Reading
How to prepare for the CompTIA CASP+ exam
Are you pursuing the CompTIA Advanced Security Practitioner certification? The author of a CASP+ cert guide offers advice on how to prepare for the exam.Continue Reading
How to create and add an SPF record for email authentication
Learn how to create Sender Policy Framework records to list authenticated mail servers for an email domain to fight spam, phishing, email forgery and other malicious email.Continue Reading
How to start developing a plan for SASE implementation
From prioritizing business problems to identifying future initiatives to assessing critical tool gaps, learn how to create a realistic SASE implementation roadmap.Continue Reading
corporate governance
Corporate governance is the combination of rules, processes and laws by which businesses are operated, regulated and controlled.Continue Reading
How SPF records prevent email spoofing, phishing and spam
Forged email has long been used by hackers to break into protected systems. Learn how the Sender Policy Framework protocol helps stop spoofing, phishing and other malicious mail.Continue Reading
cyber attack
A cyber attack is any attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage.Continue Reading
homomorphic encryption
Homomorphic encryption is the conversion of data into ciphertext that can be analyzed and worked with as if it were still in its original form.Continue Reading
13 common types of cyber attacks and how to prevent them
To stop cybercrime, companies must understand how they're being attacked. Here are the most damaging types of cyber attacks and what to do to prevent them.Continue Reading
Email authentication: How SPF, DKIM and DMARC work together
Internet protocols for email authentication -- SPF, DKIM and DMARC -- coordinate defense against spammers, phishing and other spoofed email problems.Continue Reading
Top 10 cybersecurity interview questions and answers
Interviewing for a job in cybersecurity? Memorizing security terms won't cut it. Here are the 10 interview questions you should be ready for -- and how to answer them.Continue Reading
What is identity sprawl and how can it be managed?
With identity-based attacks on the rise, organizations need to prioritize identity management. Learn about identity sprawl, why it's a risk and how it can be managed.Continue Reading
How to create a threat profile, with template
Read five key steps on how to create a threat profile, and get started making them customized to your organization with our free template.Continue Reading
DomainKeys Identified Mail (DKIM)
DomainKeys Identified Mail (DKIM) is a protocol for authenticating email messages using public key cryptography to protect against forged emails.Continue Reading
Domain-based Message Authentication, Reporting and Conformance (DMARC)
The Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol is one leg of the tripod of internet protocols that support email authentication methods.Continue Reading
Is ethical hacking legal? And more ethical hacking advice
Is ethical hacking legal? Learn about the legality of ethical hacking, why it's important, its benefits and what organizations should look for when hiring an ethical hacker.Continue Reading
Ethical hacking: How to conduct a Sticky Keys hack
Physical security is often overlooked by cybersecurity teams. Learn about physical cybersecurity attacks in step-by-step instruction on how to conduct a Windows Sticky Keys hack.Continue Reading
Data masking vs. data encryption: How do they differ?
Discover how the data security techniques of data masking and data encryption compare, while also learning about different types of both and their use cases.Continue Reading
How to develop a data breach response plan: 5 steps
A data breach response plan outlines how a business will react to a breach. Follow these five steps, and use our free template to develop your organization's plan.Continue Reading
SSH2 vs. SSH1 and why SSH versions still matter
The Secure Shell protocol, SSH, was redesigned and released as SSH2 in 2006. While SSH1 lingers for legacy uses, find out how the protocols differ and why it's important.Continue Reading
data breach
A data breach is a cyber attack in which sensitive, confidential or otherwise protected data has been accessed or disclosed in an unauthorized fashion.Continue Reading
Symmetric vs. asymmetric encryption: What's the difference?
Explore the differences between symmetric vs. asymmetric encryption, including how they work and common algorithms, as well as their pros and cons.Continue Reading
insider threat
An insider threat is a category of risk posed by those who have access to an organization's physical or digital assets.Continue Reading
How to create a data security policy, with template
Are you looking to create or update your organization's data security policy? Learn about the key elements of a data security policy, and use our free template to get started.Continue Reading
data compliance
Data compliance is a process that identifies the applicable governance for data protection, security, storage and other activities and establishes policies, procedures and protocols ensuring data is fully protected from unauthorized access and use, ...Continue Reading
VMDR: Inside vulnerability management, detection and response
VMDR offers automated asset identification, threat prioritization and patch management. But do companies need another vulnerability management tool?Continue Reading
Pen testing vs. vulnerability scanning: What’s the difference?
Confused by the differences between pen tests and vulnerability scans? You're not alone. Learn the key differences between the two and when each should be used.Continue Reading
user behavior analytics (UBA)
User behavior analytics (UBA) is the tracking, collecting and assessing of user data and activities using monitoring systems.Continue Reading
3 steps for getting started with security service edge
Before getting started with security service edge (SSE), formulate a migration strategy. Check out these three expert tips for tackling SSE with maximum efficiency and ease.Continue Reading
SecOps vs. CloudSecOps: What does a CloudSecOps team do?
Now, more than ever, organizations need to build controls, monitor and enact security response activities for the cloud. This is where the CloudSecOps team comes into play.Continue Reading
How to use SSH tunnels to cross network boundaries
The Secure Shell protocol authenticates and encrypts network connections. Find out how it's used to build tunnels while crossing private networks and even firewalls.Continue Reading
Top 7 types of data security technology
These seven types of data security technologies -- from encryption to masking -- will better protect customer and enterprise data from inappropriate and unauthorized access and use.Continue Reading
How to create a critical infrastructure incident response plan
Does your organization have an incident response plan for disruptions to critical infrastructure? Learn how to write a successful plan for your company.Continue Reading
access control
Access control is a security technique that regulates who or what can view or use resources in a computing environment.Continue Reading
blended threat
A blended threat is an exploit that combines elements of multiple types of malware and usually employs various attack vectors to increase the severity of damage and the speed of contagion.Continue Reading
Negotiating a golden parachute clause in a CISO contract
If a CISO becomes the company scapegoat after a security incident, a strong golden parachute clause can mean the difference between a soft landing and a hard crash.Continue Reading
encryption
Encryption is the method by which information is converted into secret code that hides the information's true meaning.Continue Reading
How to determine out-of-scope bug bounty assets
What happens when a security researcher discovers a bug in an out-of-scope asset? Learn how to handle bug bounty scope in this excerpt from 'Corporate Cybersecurity.'Continue Reading
Use ssh-keygen to create SSH key pairs and more
Learn how to use ssh-keygen to create new key pairs, copy host keys, use a single login key pair for multiple hosts, retrieve key fingerprints and more in this tutorial.Continue Reading
7 enterprise patch management best practices
It might not be the most exciting responsibility, but the value of a well-executed patch management strategy can't be denied. Use these best practices to build a smooth process.Continue Reading
X.509 certificate
An X.509 certificate is a digital certificate that uses the widely accepted international X.509 public key infrastructure (PKI) standard to verify that a public key belongs to the user, computer or service identity contained within the certificate.Continue Reading
directory traversal
Directory traversal is a type of HTTP exploit in which a hacker uses the software on a web server to access data in a directory other than the server's root directory.Continue Reading
malware
Malware, or malicious software, is any program or file that is intentionally harmful to a computer, network or server.Continue Reading
3 types of PKI certificates and their use cases
Public key infrastructure helps authenticate senders via cryptography and digital certificates. Learn about three types of PKI certificates and their use cases.Continue Reading
How to get started with multi-cloud threat hunting
More clouds mean a bigger attack surface. It also complicates how companies can accurately hunt for potential threats. But there are steps to take that can reduce the risk.Continue Reading
How to conduct a cyber-war gaming exercise
A successful cyber-war game can help organizations find weaknesses in their system but only if the right participants are involved and an after-action review is completed.Continue Reading
man in the browser (MitB)
Man in the browser (MitB) is a security attack where the perpetrator installs a Trojan horse on the victim's computer that is capable of modifying that user's web transactions.Continue Reading
Zero trust vs. zero-knowledge proof: What's the difference?
Zero-knowledge proofs can help companies implement a zero-trust framework. Learn about the two concepts and how they come together to better secure networks.Continue Reading
Patch Tuesday
Patch Tuesday is the unofficial name of Microsoft's monthly scheduled release of security fixes for the Windows operating system (OS) and other Microsoft software.Continue Reading
parameter tampering
Parameter tampering is a type of web-based cyber attack in which certain parameters in a URL are changed without a user's authorization.Continue Reading
SYN flood attack
A SYN flood attack is a type of denial-of-service (DoS) attack on a computer server.Continue Reading
Cyber-war gaming: A cybersecurity tabletop exercise
Based off military war games, cyber-war gaming examines a company's security posture. Learn how it works, the readiness needed, who should be involved and more.Continue Reading
Sender Policy Framework (SPF)
Sender Policy Framework (SPF) is a protocol designed to restrict who can use an organization's domain as the source of an email message.Continue Reading
How to conduct Linux privilege escalations
Learn how to conduct Linux kernel exploitation with Metasploit and manually, as well as how to identify vulnerabilities on Linux using enumeration scripts.Continue Reading