Get started
Bring yourself up to speed with our introductory content.
Get started
Bring yourself up to speed with our introductory content.
content filtering
Content filtering is a process involving the use of software or hardware to screen and/or restrict access to objectionable email, webpages, executables and other suspicious items. Continue Reading
SOC 1 (System and Organization Controls 1)
System and Organization Controls 1, or SOC 1 (pronounced "sock one"), aims to control objectives within a SOC 1 process area and documents internal controls relevant to an audit of a user entity's financial statements. Continue Reading
How to implement OpenID Connect for single-page applications
The OpenID Connect authentication protocol can be used to secure a variety of applications. This excerpt teaches developers how it works with single-page applications. Continue Reading
-
How to use OpenID Connect for authentication
OpenID Connect has become a trusted protocol to connect with identity providers. Explore how to use it for IAM, common threats to be aware of and how to connect to multiple IdPs. Continue Reading
Luhn algorithm (modulus 10)
The Luhn algorithm, also called modulus 10 or modulus 10 algorithm, is a simple mathematical formula used to validate a user's identification numbers. Continue Reading
-
Definitions to Get Started
- NICE Framework (National Initiative for Cybersecurity Education Cybersecurity Workforce Framework)
- application blacklisting (application blocklisting)
- juice jacking
- hypervisor security
- claims-based identity
- Certified Cloud Security Professional (CCSP)
- password manager
- Hash-based Message Authentication Code (HMAC)
authentication server
An authentication server is an application that facilitates the authentication of an entity that attempts to access a network.Continue Reading
PA-DSS (Payment Application Data Security Standard)
Payment Application Data Security Standard (PA-DSS) is a set of requirements intended to help software vendors develop secure payment applications for credit card transactions.Continue Reading
mutual authentication
Mutual authentication, also called two-way authentication, is a process or technology in which both entities in a communications link authenticate each other.Continue Reading
How to write an information security policy, plus templates
Infosec policies are key to any enterprise security program. Read up on types of security policies and how to write one, and download free templates to start the drafting process.Continue Reading
screened subnet
A screened subnet, or triple-homed firewall, refers to a network architecture where a single firewall is used with three network interfaces.Continue Reading
-
How to build a security champions program
Security champions are key to promoting and creating a security-first company. Learn how to build a security champions program using these four steps.Continue Reading
metamorphic and polymorphic malware
Metamorphic and polymorphic malware are two types of malicious software (malware) that can change their code as they propagate through a system.Continue Reading
Explaining the differences between SASE vs. SSE
Most security professionals are familiar with Secure Access Service Edge, but now there's a new tool for administrators to consider: security service edge.Continue Reading
security identifier (SID)
In the context of Windows computing and Microsoft Active Directory (AD), a security identifier (SID) is a unique value that is used to identify any security entity that the operating system (OS) can authenticate.Continue Reading
North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP)
The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) plan is a set of standards aimed at regulating, enforcing, monitoring and managing the security of the Bulk Electric System (BES) in North America.Continue Reading
Tips for creating a cybersecurity resume
Resumes help candidates leave an impression on potential employers. But did you know one resume often isn't enough? Learn this and other tips for creating a cybersecurity resume.Continue Reading
How to manage imposter syndrome in cybersecurity
The imposter syndrome phenomenon is readily apparent in cybersecurity. Learn how to manage it, along with mishaps to avoid during the job hunt and other career advice.Continue Reading
Privacy-enhancing technology types and use cases
Data is key to companies' success, but maintaining its privacy and ensuring regulatory compliance is difficult. Learn about privacy-enhancing technologies that keep data protected.Continue Reading
Internet Key Exchange (IKE)
Internet Key Exchange (IKE) is a standard protocol used to set up a secure and authenticated communication channel between two parties via a virtual private network (VPN).Continue Reading
passphrase
A passphrase is a sentencelike string of words used for authentication that is longer than a traditional password, easy to remember and difficult to crack.Continue Reading
Shared Key Authentication (SKA)
Shared Key Authentication (SKA) is a process by which a computer can gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol.Continue Reading
How to use PKI to secure remote network access
Public key infrastructure is a more secure option than password-based or multifactor authentication. Learn how those benefits can extend to remote employees and access.Continue Reading
security clearance
A security clearance is an authorization that allows access to information that would otherwise be forbidden.Continue Reading
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is an encryption protocol based on the U.S. federal government's Advanced Encryption Standard (AES) algorithm and uses the Counter Mode with CBC-MAC (CCM) mode of ...Continue Reading
A day in the life of a cybersecurity manager
The role of a cybersecurity leader is often misunderstood. Experience a day in the life of a cybersecurity manager with this breakdown of a security leader's typical schedule.Continue Reading
How to prepare for malicious insider threats
Stopping malicious insider threats is just as important as preventing external ones. Uncover what to look for and strategies to prevent insider threats before they cause damage.Continue Reading
Include defensive security in your cybersecurity strategy
Is your company's cybersecurity strategy comprehensive enough to protect against an expanding threat landscape? Learn how developing defensive security strategies can help.Continue Reading
Nmap use cases, tools and product comparisons
Nmap is historically known for port scanning, but thanks to several subprojects, its use cases have expanded. Learn how Nmap is used, along with other comparable tools.Continue Reading
quantum cryptography
Quantum cryptography is a method of encryption that uses the naturally occurring properties of quantum mechanics to secure and transmit data.Continue Reading
How to use Nmap to scan for open ports
One of Nmap's primary functions is conducting port scans. In this walkthrough, learn how to launch a default scan, along with other options that affect Nmap port scan behavior.Continue Reading
one-time pad
In cryptography, a one-time pad is a system in which a randomly generated private key is used only once to encrypt a message that is then decrypted by the receiver using a matching one-time pad and key.Continue Reading
What does an IT security manager do?
IT security managers need to have a passion for learning and critical-thinking skills, as well as understand intrusion prevention and detection.Continue Reading
What is shellcode and how is it used?
Shellcode is a set of instructions that executes a command in software to take control of or exploit a compromised machine. Read up on the malware term and how to mitigate the risk.Continue Reading
How to start implementing passwordless authentication today
Everyone is tired of passwords, but a truly passwordless world isn't quite there yet. Learn what options companies currently have to implement passwordless authentication.Continue Reading
Top cloud security standards and frameworks to consider
Cloud security standards and frameworks are key to securing systems and maintaining privacy. Read up on available options and advice for selecting the best for your organization.Continue Reading
Introduction to automated penetration testing
Automated penetration testing, which speeds up the process for companies and vendors, is maturing. Is it ready to close the time gap between vulnerability discovery and mitigation?Continue Reading
Pretty Good Privacy (PGP)
Pretty Good Privacy or PGP was a popular program used to encrypt and decrypt email over the internet, as well as authenticate messages with digital signatures and encrypted stored files.Continue Reading
Blowfish
Blowfish is a variable-length, symmetric, 64-bit block cipher.Continue Reading
cyberterrorism
Cyberterrorism is often defined as any premeditated, politically motivated attack against information systems, programs and data that threatens violence or results in violence.Continue Reading
Cloud-native security architecture principles and controls
Building a sound cloud security framework is challenging, and it's even more so when implementing a cloud-native architecture. Here are steps you can take to make the job easier.Continue Reading
click fraud (pay-per-click fraud)
Click fraud -- sometimes called 'pay-per-click fraud' -- is a type of fraud that artificially inflates traffic statistics for online advertisements.Continue Reading
Rijndael
Rijndael (pronounced rain-dahl) is an Advanced Encryption Standard (AES) algorithm.Continue Reading
Public-Key Cryptography Standards (PKCS)
Public-Key Cryptography Standards (PKCS) are a set of standard protocols, numbered from 1 to 15.Continue Reading
Allowlisting vs. blocklisting: Benefits and challenges
Allowlisting and blocklisting are key components of access control. Learn the benefits and challenges of each approach and why a combination of the two is often the best strategy.Continue Reading
honeynet
A honeynet is a network set up with intentional vulnerabilities hosted on a decoy server to attract hackers.Continue Reading
trusted computing base (TCB)
A trusted computing base (TCB) is everything in a computing system that provides a secure environment for operations.Continue Reading
access log
An access log is a list of all requests for individual files -- such as Hypertext Markup Language files, their embedded graphic images and other associated files that get transmitted -- that people or bots have made from a website.Continue Reading
elliptical curve cryptography (ECC)
Elliptical curve cryptography (ECC) is a public key encryption technique based on elliptic curve theory that can be used to create faster, smaller and more efficient cryptographic keys.Continue Reading
ciphertext feedback (CFB)
In cryptography, ciphertext feedback (CFB), also known as cipher feedback, is a mode of operation for a block cipher.Continue Reading
Editor's picks: Top cybersecurity articles of 2021
As we call it a wrap on 2021, SearchSecurity looks at the top articles from the last 12 months and their sweeping trends, including ransomware, career planning and more.Continue Reading
cryptographic checksum
Generated by a cryptographic algorithm, a cryptographic checksum is a mathematical value assigned to a file sent through a network for verifying that the data contained in that file is unchanged.Continue Reading
smart card
A smart card is a physical card that has an embedded integrated chip that acts as a security token.Continue Reading
white hat hacker
A white hat hacker -- or ethical hacker -- is an individual who uses hacking skills to identify security vulnerabilities in hardware, software or networks.Continue Reading
International Data Encryption Algorithm (IDEA)
The International Data Encryption Algorithm (IDEA) is a symmetric key block cipher encryption algorithm designed to encrypt text to an unreadable format for transmission via the internet.Continue Reading
Encrypting File System (EFS)
Encrypting File System (EFS) provides an added layer of protection by encrypting files or folders on various versions of the Microsoft Windows OS.Continue Reading
Types of cybersecurity controls and how to place them
A unilateral cybersecurity approach is ineffective in today's threat landscape. Learn why organizations should implement security controls based on the significance of each asset.Continue Reading
Top infosec best practices, challenges and pain points
Weak infosec practices can have irrevocable consequences. Read up on infosec best practices and challenges, as well as the importance of cybersecurity controls and risk management.Continue Reading
10 common types of malware attacks and how to prevent them
The umbrella term malware is one of the greatest cybersecurity threats enterprises face. Learn about 10 common types of malware and how to prevent them.Continue Reading
Top 10 IT security frameworks and standards explained
Several IT security frameworks and cybersecurity standards are available to help protect company data. Here's advice for choosing the right one for your organization.Continue Reading
copyright
Copyright is a legal term describing ownership of control of the rights to the use and distribution of certain works of creative expression, including books, video, motion pictures, musical compositions and computer programs.Continue Reading
security awareness training
Security awareness training is a formal process for educating employees and third-party stakeholders, like contractors and business partners, how to protect an organization's computer systems, along with its data, people and other assets, from ...Continue Reading
stealth virus
A stealth virus is a computer virus that uses various mechanisms to avoid detection by antivirus software.Continue Reading
spam filter
A spam filter is a program used to detect unsolicited, unwanted and virus-infected emails and prevent those messages from getting to a user's inbox.Continue Reading
micro VM (micro virtual machine)
A micro VM (micro virtual machine) is a virtual machine program that serves to isolate an untrusted computing operation from a computer's host operating system.Continue Reading
Chernobyl virus
The Chernobyl virus is a computer virus with a potentially devastating payload that destroys all computer data when an infected file is executed.Continue Reading
Why you need an email security policy and how to build one
Companies must have an effective security policy in place to keep email protected from cybercriminals and employee misuse. Learn the best route to build one for your company.Continue Reading
password salting
Password salting is a technique to protect passwords stored in databases by adding a string of 32 or more characters and then hashing them.Continue Reading
virtual local area network hopping (VLAN hopping)
Virtual local area network hopping (VLAN hopping) is a method of attacking the network resources of a VLAN by sending packets to a port not usually accessible from an end system.Continue Reading
evil twin attack
An evil twin attack is a rogue Wi-Fi access point (AP) that masquerades as a legitimate one, enabling an attacker to gain access to sensitive information without the end user's knowledge.Continue Reading
OCSP (Online Certificate Status Protocol)
OCSP (Online Certificate Status Protocol) is one of two common schemes used to maintain the security of a server and other network resources.Continue Reading
Elk Cloner
Elk Cloner is the first personal computer virus or self-replicating program known to have spread in the wild on a large scale.Continue Reading
Melissa virus
Melissa was a type of email virus that initially become an issue in early 1999.Continue Reading
biometric payment
Biometric payment is a point-of-sale (POS) technology that uses biometric authentication physical characteristics to identify the user and authorize the deduction of funds from a bank account.Continue Reading
Twofish
Twofish is a symmetric-key block cipher with a block size of 128 bits and variable-length key of size 128, 192 or 256 bits.Continue Reading
How to create a company password policy, with template
Use these guidelines and our free template to ensure your company's password policy sets the ground rules for strong and effective password creation and use.Continue Reading
walled garden
On the internet, a walled garden is an environment that controls the user's access to network-based content and services.Continue Reading
potentially unwanted program (PUP)
A potentially unwanted program (PUP) is a program that may be unwanted, despite the possibility that users consented to download it.Continue Reading
Elastic Stack Security tutorial: How to create detection rules
This excerpt from 'Threat Hunting with Elastic Stack' provides step-by-step instructions to create detection rules and monitor network security events data.Continue Reading
plaintext
In cryptography, plaintext is usually ordinary readable text before it is encrypted into ciphertext or after it is decrypted.Continue Reading
black hat hacker
A black hat hacker has been historically used to describe one who has malicious intent -- such as theft of information, fraud or disrupting systems -- but increasingly, more specific terms are being used to describe those people.Continue Reading
cookie poisoning
Cookie poisoning is a type of cyber attack in which a bad actor hijacks, forges, alters or manipulates a cookie to gain unauthorized access to a user's account, open a new account in the user's name or steal the user's information for purposes such ...Continue Reading
footprinting
Footprinting is an ethical hacking technique used to gather as much data as possible about a specific targeted computer system, an infrastructure and networks to identify opportunities to penetrate them.Continue Reading
What are the most important email security protocols?
Email was designed without security considerations, but these top email security protocols add mechanisms to keep messaging safe from threats.Continue Reading
snooping
Snooping, in a security context, is unauthorized access to another person's or company's data.Continue Reading
Nimda
First appearing on September 18, 2001, Nimda is a computer virus that caused traffic slowdowns as it rippled across the internet.Continue Reading
ISO 31000 Risk Management
The ISO 31000 Risk Management framework is an international standard that provides businesses with guidelines and principles for risk management from the International Organization for Standardization.Continue Reading
CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart)
A CAPTCHA is a type of challenge-response system designed to differentiate humans from robotic computer programs.Continue Reading
virus hoax
A virus hoax is a false warning about a computer virus.Continue Reading
Security Assertion Markup Language (SAML)
Security Assertion Markup Language (SAML) is an open standard for sharing security information about identity, authentication and authorization across different systems.Continue Reading
cross-site scripting (XSS)
Cross-site scripting (XSS) is a type of injection attack in which a threat actor inserts data, such as a malicious script, into content from otherwise trusted websites.Continue Reading
cache poisoning
Cache poisoning is a type of cyber attack in which attackers insert fake information into a domain name system (DNS) cache or web cache for the purpose of harming users.Continue Reading
vulnerability disclosure
Vulnerability disclosure is the practice of reporting security flaws in computer software or hardware.Continue Reading
RSA algorithm (Rivest-Shamir-Adleman)
The RSA algorithm (Rivest-Shamir-Adleman) is the basis of a cryptosystem -- a suite of cryptographic algorithms that are used for specific security services or purposes -- which enables public key encryption and is widely used to secure sensitive ...Continue Reading
What is multifactor authentication and how does it work?
Multifactor authentication (MFA) is a security technology that requires more than one method of authentication from independent categories of credentials to verify a user's identity for a login or other transaction.Continue Reading
Report on Compliance (ROC)
A Report on Compliance (ROC) is a form that must be completed by all Level 1 Visa merchants undergoing a PCI DSS (Payment Card Industry Data Security Standard) audit.Continue Reading
What is biometric authentication?
Biometric authentication is a security process that relies on the unique biological characteristics of individuals to verify they are who they say they are.Continue Reading
shoulder surfing
Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information.Continue Reading
adware
Adware is any software application in which an advertising banner or other advertising material displays or downloads while a program is running.Continue Reading
Securities and Exchange Commission (SEC)
The Securities and Exchange Commission (SEC) is the U.S. government agency that oversees the nation's securities industry.Continue Reading
Digital Signature Standard (DSS)
The Digital Signature Standard (DSS) is a digital signature algorithm (DSA) developed by the U.S. National Security Agency (NSA) as a means of authentication for electronic documents.Continue Reading