Get started
Bring yourself up to speed with our introductory content.
Get started
Bring yourself up to speed with our introductory content.
What are cloud security frameworks and how are they useful?
Cloud security frameworks help CSPs and customers alike, providing easy-to-understand security baselines, validations and certifications. Continue Reading
threat modeling
Threat modeling is a procedure for optimizing application, system or business process security by identifying objectives and vulnerabilities, and then defining countermeasures to prevent or mitigate the effects of threats to the system. Continue Reading
social engineering
Social engineering is an attack vector that relies heavily on human interaction and often involves manipulating people into breaking normal security procedures and best practices to gain unauthorized access to systems, networks or physical locations... Continue Reading
-
distributed denial-of-service (DDoS) attack
A distributed denial-of-service (DDoS) attack is one in which multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource. Continue Reading
MDM vs. MAM: What are the key differences?
Mobile workers are productive and even essential to business success. But IT has to protect corporate apps and data -- as well as worker privacy -- via MDM, MAM or both. Continue Reading
-
Definitions to Get Started
- timing attack
- privileged identity management (PIM)
- possession factor
- CISO as a service (vCISO, virtual CISO, fractional CISO)
- cardholder data environment (CDE)
- mandatory access control (MAC)
- threat detection and response (TDR)
- Common Vulnerabilities and Exposures (CVE)
password cracking
Password cracking is the process of using an application program to identify an unknown or forgotten password to a computer or network resource.Continue Reading
3 steps to zero-day threat protection
Don't let a zero-day threat bring down your networks. Follow these three steps to prepare for the unknown and minimize potential damage.Continue Reading
National Security Agency (NSA)
The National Security Agency (NSA) is a federal government intelligence agency that is part of the United States Department of Defense and is managed under the authority of the director of national intelligence (DNI).Continue Reading
Try this cloud identity and access management quiz
Remote work and increased cloud adoption have dramatically changed identity and access management. Take this cloud IAM quiz for infosec pros to see if your knowledge is up to date.Continue Reading
Cryptography quiz questions and answers: Test your smarts
Put your encryption knowledge to the test, and perhaps even learn a new word or concept in the process with these cryptography quiz questions.Continue Reading
-
ethical hacker
An ethical hacker, or white hat hacker, is an information security expert authorized by an organization to penetrate computing infrastructure to find security vulnerabilities a malicious hacker could exploit.Continue Reading
hacktivism
Hacktivism is the act of misusing a computer system or network for a socially or politically motivated reason.Continue Reading
How to secure remote access for the hybrid work model
With the post-COVID-19 hybrid work model taking shape, discover the technologies and trends analysts and IT leaders view as the anchors to ensure secure remote access.Continue Reading
Create a remote access security policy with this template
The expansion of remote work has created complicated security risks. Get help developing and updating a remote access security policy. Download our free template to get started.Continue Reading
cipher block chaining (CBC)
Cipher block chaining (CBC) is a mode of operation for a block cipher -- one in which a sequence of bits are encrypted as a single unit, or block, with a cipher key applied to the entire block.Continue Reading
What's the difference between sandboxes vs. containers?
Understanding the differences between sandboxes vs. containers for security can help companies determine which best suits their particular use cases.Continue Reading
block cipher
A block cipher is a method of encrypting data in blocks to produce ciphertext using a cryptographic key and algorithm.Continue Reading
hacker
A hacker is an individual who uses computer, networking or other skills to overcome a technical problem.Continue Reading
Extensible Authentication Protocol (EAP)
The Extensible Authentication Protocol (EAP) is a protocol for wireless networks that expands the authentication methods used by the Point-to-Point Protocol (PPP), a protocol often used when connecting a computer to the internet.Continue Reading
From EDR to XDR: Inside extended detection and response
As the definition of endpoints evolves, so too must the technology to protect them. Enter extended detection and response, or XDR -- one of cybersecurity's hottest acronyms.Continue Reading
session key
A session key is an encryption and decryption key that is randomly generated to ensure the security of a communications session between a user and another computer or between two computers.Continue Reading
computer forensics (cyber forensics)
Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law.Continue Reading
Types of MDR security services: MEDR vs. MNDR vs. MXDR
Organizations considering MDR security services should look into more tightly focused options hitting the market to find the best one for their security program's needs.Continue Reading
pass the hash attack
A pass the hash attack is an exploit in which an attacker steals a hashed user credential and -- without cracking it -- reuses it to trick an authentication system into creating a new authenticated session on the same network.Continue Reading
watering hole attack
A watering hole attack is a security exploit in which the attacker seeks to compromise a specific group of end users by infecting websites that members of the group are known to visit.Continue Reading
stream cipher
A stream cipher is a method of encrypting text (to produce ciphertext) in which a cryptographic key and algorithm are applied to each binary digit in a data stream, one bit at a time.Continue Reading
computer cracker
A computer cracker is an outdated term used to describe someone who broke into computer systems, bypassed passwords or licenses in computer programs, or in other ways intentionally breached computer security.Continue Reading
pharming
Pharming is a scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent websites without their knowledge or consent.Continue Reading
IPsec (Internet Protocol Security)
IPsec (Internet Protocol Security) is a suite of protocols and algorithms for securing data transmitted over the internet or any public network.Continue Reading
denial-of-service attack
A denial-of-service (DoS) attack is a security event that occurs when an attacker makes it impossible for legitimate users to access computer systems, devices, services or other IT resources.Continue Reading
Get to know cloud-based identity governance capabilities
As enterprise cloud adoption increases, the market for cloud identity governance is expected to expand. Learn more about the use cases, benefits and available product options.Continue Reading
user authentication
User authentication verifies the identity of a user attempting to gain access to a network or computing resource by authorizing a human-to-machine transfer of credentials during interactions on a network to confirm a user's authenticity.Continue Reading
Sample CCISO exam questions on security project management
This excerpt of 'CCISO Certified Chief Information Security Officer All-In-One Exam Guide' explains security project management fundamentals and provides practice CCISO exam questions.Continue Reading
physical security
Physical security is the protection of personnel, hardware, software, networks and data from physical actions and events that could cause serious loss or damage to an enterprise, agency or institution.Continue Reading
unified threat management (UTM)
Unified threat management (UTM) describes an information security (infosec) system that provides a single point of protection against threats, including viruses, worms, spyware and other malware, and network attacks.Continue Reading
attack vector
An attack vector is a path or means by which an attacker or hacker can gain access to a computer or network server in order to deliver a payload or malicious outcome.Continue Reading
Advice on how to prepare for the CompTIA Security+ exam
The CompTIA Security+ certification is a smart starting point for cybersecurity career hopefuls. Learn how to prepare for the exam, what to expect post-certification and more.Continue Reading
Sample CompTIA Security+ exam questions and answers
The CompTIA Security+ exam covers a wide swath of topics, from threats to compliance to architecture. Test what you know about malware with these sample test questions.Continue Reading
endpoint detection and response (EDR)
Endpoint detection and response (EDR) is a system to gather and analyze security threat-related information from computer workstations and other endpoints, with the goal of finding security breaches as they happen and facilitating a quick response ...Continue Reading
Transport Layer Security (TLS)
Transport Layer Security (TLS) is an Internet Engineering Task Force (IETF) standard protocol that provides authentication, privacy and data integrity between two communicating computer applications.Continue Reading
PKI (public key infrastructure)
PKI (public key infrastructure) is the underlying framework that enables entities -- users and servers -- to securely exchange information using digital certificates.Continue Reading
obfuscation
Obfuscation means to make something difficult to understand.Continue Reading
MDR vs. MSSP: Why it's vital to know the difference
When assessing MDR vs. MSSP, the key is understanding why the two aren't interchangeable and how each handles response.Continue Reading
dumpster diving
Dumpster diving is looking for treasure in someone else's trash.Continue Reading
cyber hijacking
Cyber hijacking, or computer hijacking, is a type of network security attack in which the attacker takes control of computer systems, software programs and/or network communications.Continue Reading
antimalware (anti-malware)
Antimalware is a type of software program created to protect IT systems and individual computers from malicious software, or malware.Continue Reading
challenge-response authentication
In computer security, challenge-response authentication is a set of protocols used to protect digital assets and services from unauthorized users, programs or activities.Continue Reading
Data loss prevention quiz: Test your training on DLP features
Data loss prevention tools can help infosec manage insider threat, shadow IT and compliance initiatives. Test your know-how with this DLP quiz.Continue Reading
botnet
A botnet is a collection of internet-connected devices, which may include personal computers (PCs), servers, mobile devices and internet of things (IoT) devices, that are infected and controlled by a common type of malware, often unbeknownst to ...Continue Reading
email spoofing
Email spoofing is a form of cyber attack in which a hacker sends an email that has been manipulated to seem as if it originated from a trusted source.Continue Reading
How to set up Palo Alto security profiles
Learning how to build and implement security profiles and policies can help novice admins make sure they use Palo Alto Networks firewalls effectively to protect their network.Continue Reading
Author's advice on Palo Alto firewall, getting started
Interfaces, licenses, policies -- getting started with a Palo Alto Networks firewall can be confusing. Here, the author of 'Mastering Palo Alto Networks' offers his advice.Continue Reading
With 5G, security by design is a must
New tech means new security strategies. Deloitte's Wendy Frank and Shehadi Dayekh explain why this is especially true with 5G. Security by design, they advise, is a critical approach.Continue Reading
Information security quizzes to test your cybersecurity smarts
Test your knowledge of everything cybersecurity, from network security to regulatory compliance, with our collection of information security quizzes.Continue Reading
Rebuild security and compliance foundations with automation
Instead of patchwork security fixes, financial organizations need to embrace automation, create and deploy secure software and address implementation problems.Continue Reading
How to become a threat hunter
Top threat hunters are creative and slightly contrarian, enabling them to think outside the box -- much like the best cybercriminals, according to one expert.Continue Reading
virus (computer virus)
A computer virus is malicious code that replicates by copying itself to another program, computer boot sector or document and changes how a computer works.Continue Reading
spam trap
A spam trap is an email address that is used to identify and monitor spam email.Continue Reading
honeypot (computing)
A honeypot is a network-attached system set up as a decoy to lure cyber attackers and detect, deflect and study hacking attempts to gain unauthorized access to information systems.Continue Reading
What is CIEM and why should CISOs care?
Cloud infrastructure entitlement management offers companies an edge in the cloud permissions gap challenge. Mahendra Ramsinghani explains how CIEM differs from SIEM.Continue Reading
cloud security
Cloud security, also known as cloud computing security, is the practice of protecting cloud-based data, applications and infrastructure from cyberthreats and cyber attacks.Continue Reading
4 steps toward cloud security automation
Automating security in the cloud can be invaluable for threat detection and mitigation. Explore the four key areas where security professionals should implement automation.Continue Reading
whaling attack (whaling phishing)
A whaling attack, also known as whaling phishing or a whaling phishing attack, is a specific type of phishing attack that targets high-profile employees, such as the CEO or CFO, in order to steal sensitive information from a company.Continue Reading
How to create a cloud security policy, step by step
Read up on the components of a cloud security policy, what policies cover and why your organization needs them, and download a handy template to get the process started.Continue Reading
SolarWinds supply chain attack explained: Need-to-know info
The SolarWinds supply chain breach is the talk of the town -- and will be for months and years to come. Get informed and be part of the conversation with our guide.Continue Reading
The 5 different types of firewalls explained
Read up on the five different firewalls' similarities and differences, the three firewall deployment models and tips for choosing the firewall that best meets your company's needs.Continue Reading
Explore benefits and challenges of cloud penetration testing
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help inform cloud pen test strategies.Continue Reading
Organize a cloud IAM team to secure software-defined assets
Building a cloud IAM team with the necessary technical expertise and soft skills is key to securely managing IAM in complex cloud environments.Continue Reading
Review 6 phases of incident response for GCIH exam prep
'GCIH GIAC Certified Incident Handler All-in-One Exam Guide' takes a deep dive into the six phases of incident response to help security pros with GCIH exam prep and certification.Continue Reading
Preparing for GIAC Certified Incident Handler certification
The author of 'GCIH GIAC Certified Incident Handler All-in-One Exam Guide' shares advice on how to prepare for the exam and why an incident response career can be so rewarding.Continue Reading
Insider threat vs. insider risk: What's the difference?
Identifying, managing and mitigating insider threats is far different than protecting against insider risks. Read up on the difference and types of internal risks here.Continue Reading
Endpoint security quiz: Test your knowledge
Test your knowledge of SASE, split tunneling, and device discovery tool capabilities and best practices in this endpoint security quiz for IT professionals.Continue Reading
Quiz: Web application security threats and vulnerabilities
Applications are still the biggest attack vector for malicious actors -- can you protect them? Test your knowledge with this web application security quiz.Continue Reading
Inbound vs. outbound firewall rules: What are the differences?
Explore the differing roles of inbound versus outbound firewall rules for enterprise network security and the varying use cases for each.Continue Reading
Practice Certified Ethical Hacker exam questions
Preparing for your Certified Ethical Hacker certification? Assess your knowledge of topics on the CEH exam with these practice test questions.Continue Reading
Ethical hacker career path advice: Getting started
Matt Walker, author of a Certified Ethical Hacker exam guide and practice exam book, offers advice to career hopefuls on the profession, CEH certification and more.Continue Reading
Pros and cons of an outsourced SOC vs. in-house SOC
Security operations centers have become an essential element of threat detection. Here's how to decide whether to build one in-house or outsource SOC capabilities.Continue Reading
How to pass the AWS Certified Security - Specialty exam
Author of 'AWS Certified Security - Specialty Exam Guide' Stuart Scott shares insights on how to prepare for the exam and reap the professional benefits of certification.Continue Reading
Practice AWS Certified Security - Specialty exam questions
Explore the security and compliance capabilities of the AWS Config service to prepare for the wide-ranging AWS Certified Security - Specialty certification exam.Continue Reading
Cyber insurance 101: Timely guidance on an essential tool
No one hopes for a breach, but as they become more common, any responsible cybersecurity team must anticipate one. One key element: choosing the right cyber insurance policy.Continue Reading
Data protection impact assessment tips and templates
Conducting a data protection impact assessment is key to evaluating potential risk factors that could pose a serious threat to individuals and their personal information.Continue Reading
Try this cybersecurity quiz, test your cyberdefense smarts
Based on the November 2020 issue of Information Security magazine, this 10-question quiz lets you check your comprehensive knowledge of current security issues and earn CPE credit too.Continue Reading
AI in security analytics is the enhancement you need
AI-powered analytics is critical to an effective, proactive security strategy. Learn how AI-enabled tools work and what your organization needs to do to reap their benefits.Continue Reading
Benefits of virtual SOCs: Enterprise-run vs. fully managed
A virtual security operations center, be it managed in-house or by a third party, is becoming an increasingly popular option to save money and improve reliability.Continue Reading
Understanding the zero trust-SDP relationship
Zero trust is a complicated framework that spans the IT stack. Find out how software-defined perimeter can address zero trust's network-level access requirements.Continue Reading
How to prepare for a zero-trust model in the cloud
Zero-trust security in the cloud is different than it is on premises. Learn the concepts and policies to effectively achieve a zero-trust model in the cloud.Continue Reading
Changing the culture of information sharing for cybersecurity
Dan Young explains why it's time for the cybersecurity industry to come together regarding information sharing and how insurance providers, regulators and others could assist.Continue Reading
Developing a cyber resilience plan for today's threat landscape
A cyber resilience plan should complement a company's cybersecurity strategy so that the security culture and cyber hygiene is thought through in all IT and cybersecurity initiatives.Continue Reading
Quiz: Network security authentication methods
There are many methods available to authenticate users requesting access to an organization's systems. Test your knowledge with this quiz on authentication in network security.Continue Reading
What are the top secure data transmission methods?
Safe information transfer is a must for modern organizations, but not all secure data transmission methods are equal. Explore your secure data transfer options in this tip.Continue Reading
How self-sovereign identity principles suit the modern world
There are several core self-sovereign identity principles to consider before the concept can benefit the enterprise. Learn about the implications of SSI advancements in this Q&A.Continue Reading
5 key enterprise SOC team roles and responsibilities
Review the key players in the 2020 SOC and their specific responsibilities, as well as best practices to ensure effective teamwork for a secure organization.Continue Reading
Format-preserving encryption use cases, benefits, alternative
With format-preserving encryption, a ciphertext's format is the same as its plaintext's. Read up on the benefits of this cryptography method, NIST FPE methods, vendors and more.Continue Reading
Federal Information Security Management Act (FISMA)
The Federal Information Security Management Act (FISMA) is United States legislation that defines a framework of guidelines and security standards to protect government information, operations and assets.Continue Reading
Top 4 firewall-as-a-service security features and benefits
Firewall-as-a-service offerings implement security policies across consolidated traffic headed to all locations. Learn about four security features and benefits of FWaaS.Continue Reading
Test your cloud security smarts with these CCSP exam questions
Read up on cloud-based BCDR in this excerpt from Chapter 4 of 'CCSP Certified Cloud Security Professional All-in-One Guide,' then quiz yourself to see what you've learned.Continue Reading
Cloud computing security technology quiz
As companies migrate to the cloud to improve accessibility and scalability, there are many aspects of security to consider. Test your cloud security knowledge with this quiz.Continue Reading
Best practices for ethically teaching cybersecurity skills
Jonathan Meyers has recommendations that teachers and students can use to enhance their teaching and learning of cybersecurity skills to remain relevant in this fast-paced industry.Continue Reading
CISSP practice exam questions and answers
Test your knowledge and preparedness for the CISSP exam with 16 questions taken directly from the latest 'CISSP All-in-One Exam Guide' from McGraw Hill.Continue Reading
How to send secure email attachments
Sending sensitive information in attachments is inherently unsafe, and the main way to secure them -- encryption -- can be implemented inconsistently, negating security benefits.Continue Reading