Get started

Get started

Bring yourself up to speed with our introductory content.

• How to use Metasploit commands and exploits for pen tests

  These step-by-step instructions demonstrate how to use the Metasploit Framework for enterprise vulnerability and penetration testing. Continue Reading

• Malware analysis for beginners: Getting started

  With the cybersecurity industry struggling to fill open positions, now is the time to start in the field. Infosec expert Dylan Barker shares what you should know to be a malware analyst. Continue Reading

• Top static malware analysis techniques for beginners

  Malware will eventually get onto an endpoint, server or network. Using static analysis can help find known malware variants before they cause damage. Continue Reading

• logic bomb

  A logic bomb is a string of malicious code that is inserted intentionally into a program to harm a network when certain conditions are met. Continue Reading

• Electronic Code Book (ECB)

  Electronic Code Book (ECB) is a simple mode of operation with a block cipher that's mostly used with symmetric key encryption. Continue Reading

• Definitions to Get Started

  • What is a buffer overflow? How do these types of attacks work?
  • What is elliptical curve cryptography (ECC)?
  • What is pharming?
  • What is a pass-the-hash attack?

  • What is a rootkit?
  • What is a copyright?
  • What is Kerberos and how does it work?
  • What is a certificate authority (CA)?

  View All Definitions

• Wired Equivalent Privacy (WEP)

  Wired Equivalent Privacy (WEP) is a security protocol, specified in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11b.Continue Reading

• electronic discovery (e-discovery or ediscovery)

  Electronic discovery -- also called e-discovery or ediscovery -- refers to any process of obtaining and exchanging evidence in a civil or criminal legal case.Continue Reading

• spear phishing

  Spear phishing is a malicious email spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information.Continue Reading

• MD5

  The MD5 (message-digest algorithm) hashing algorithm is a one-way cryptographic function that accepts a message of any length as input and returns as output a fixed-length digest value to be used for authenticating the original message.Continue Reading

• ILOVEYOU virus

  The ILOVEYOU virus comes in an email with 'ILOVEYOU' in the subject line and contains an attachment that, when opened, results in the message being re-sent to everyone in the recipient's Microsoft Outlook address book.Continue Reading

• nonrepudiation

  Nonrepudiation ensures that no party can deny that it sent or received a message via encryption and/or digital signatures or approved some information.Continue Reading

• How to use the NIST framework for cloud security

  Aligning the NIST Cybersecurity Framework with cloud services such as AWS, Azure and Google Cloud can improve cloud security. Read how to best use the framework for the cloud.Continue Reading

• How to prepare for the CompTIA CySA+ exam

  The author of the CompTIA CySA+ certification guide offers advice on how to prepare for the exam, discusses the benefits of the cert and more.Continue Reading

• Sample CompTIA CySA+ test questions with answers

  Going for your CompTIA CySA+ certification? Test what you know before taking the exam with these sample test questions on vulnerability assessment output.Continue Reading

• Keycloak tutorial: How to secure different application types

  IT pros and developers can secure applications with the open source IAM tool Keycloak. When you don't need to worry about passwords, it reduces the potential attack surface.Continue Reading

• Secure applications with Keycloak authentication tool

  As we look toward the future of authentication, open source tools, such as Keycloak, provide companies a way to secure applications to its specific needs.Continue Reading

• Mitigating risk-based vulnerability management challenges

  An onslaught of threats combined with constrained budgets leaves security teams wondering which risks to prioritize and how. Enter risk-based vulnerability management.Continue Reading

• Test yourself with this e-learning authentication quizlet

  Integrity and authentication are two evergreen security topics. Try this quick quiz from Technic Publication's PebbleU, and see where to focus your continuing education.Continue Reading

• What is the BISO role and is it necessary?

  Relatively new and somewhat controversial, the business information security officer, or BISO, acts as the CISO's tactical and operations-level ambassador to the business units.Continue Reading

• Common Linux vulnerabilities admins need to detect and fix

  Server admins need to prepare for a variety of common Linux vulnerabilities, from software and hardware vulnerabilities to employee-created ones and even digital espionage.Continue Reading

• How to implement Linux security best practices

  When setting up security for a company's infrastructure, admins need to focus on backups, patch management and regular vulnerability scans.Continue Reading

• What are cloud containers and how do they work?

  Containers in cloud computing have evolved from a security buzzword. Deployment of cloud containers is now an essential element of IT infrastructure protection.Continue Reading

• end-to-end encryption (E2EE)

  End-to-end encryption (E2EE) is a method of secure communication that prevents third parties from accessing data while it's transferred from one end system or device to another.Continue Reading

• security

  Security for information technology (IT) refers to the methods, tools and personnel used to defend an organization's digital assets.Continue Reading

• How to get started with security chaos engineering

  Introducing security chaos engineering: the latest methodology security teams can implement to proactively discover vulnerabilities or weaknesses in a company's system.Continue Reading

• distributed denial-of-service (DDoS) attack

  A distributed denial-of-service (DDoS) attack is one in which multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource.Continue Reading

• MDM vs. MAM: What are the key differences?

  Mobile workers are productive and even essential to business success. But IT has to protect corporate apps and data -- as well as worker privacy -- via MDM, MAM or both.Continue Reading

• 3 steps to zero-day threat protection

  Don't let a zero-day threat bring down your networks. Follow these three steps to prepare for the unknown and minimize potential damage.Continue Reading

• Cryptography quiz questions and answers: Test your smarts

  Put your encryption knowledge to the test, and perhaps even learn a new word or concept in the process with these cryptography quiz questions.Continue Reading

• Try this cloud identity and access management quiz

  Remote work and increased cloud adoption have dramatically changed identity and access management. Take this cloud IAM quiz for infosec pros to see if your knowledge is up to date.Continue Reading

• ethical hacker

  An ethical hacker, or white hat hacker, is an information security expert authorized by an organization to penetrate computing infrastructure to find security vulnerabilities a malicious hacker could exploit.Continue Reading

• How to secure remote access for the hybrid work model

  With the post-COVID-19 hybrid work model taking shape, discover the technologies and trends analysts and IT leaders view as the anchors to ensure secure remote access.Continue Reading

• Create a remote access security policy with this template

  The expansion of remote work has created complicated security risks. Get help developing and updating a remote access security policy. Download our free template to get started.Continue Reading

• What's the difference between sandboxes vs. containers?

  Understanding the differences between sandboxes vs. containers for security can help companies determine which best suits their particular use cases.Continue Reading

• hacker

  A hacker is an individual who uses computer, networking or other skills to overcome a technical problem.Continue Reading

• From EDR to XDR: Inside extended detection and response

  As the definition of endpoints evolves, so too must the technology to protect them. Enter extended detection and response, or XDR -- one of cybersecurity's hottest acronyms.Continue Reading

• computer cracker

  A computer cracker is an outdated term used to describe someone who broke into computer systems, bypassed passwords or licenses in computer programs, or in other ways intentionally breached computer security.Continue Reading

• Get to know cloud-based identity governance capabilities

  As enterprise cloud adoption increases, the market for cloud identity governance is expected to expand. Learn more about the use cases, benefits and available product options.Continue Reading

• Sample CCISO exam questions on security project management

  This excerpt of 'CCISO Certified Chief Information Security Officer All-In-One Exam Guide' explains security project management fundamentals and provides practice CCISO exam questions.Continue Reading

• Advice on how to prepare for the CompTIA Security+ exam

  The CompTIA Security+ certification is a smart starting point for cybersecurity career hopefuls. Learn how to prepare for the exam, what to expect post-certification and more.Continue Reading

• Sample CompTIA Security+ exam questions and answers

  The CompTIA Security+ exam covers a wide swath of topics, from threats to compliance to architecture. Test what you know about malware with these sample test questions.Continue Reading

• MDR vs. MSSP: Why it's vital to know the difference

  When assessing MDR vs. MSSP, the key is understanding why the two aren't interchangeable and how each handles response.Continue Reading

• dumpster diving

  Dumpster diving is looking for treasure in someone else's trash.Continue Reading

• Data loss prevention quiz: Test your training on DLP features

  Data loss prevention tools can help infosec manage insider threat, shadow IT and compliance initiatives. Test your know-how with this DLP quiz.Continue Reading

• How to set up Palo Alto security profiles

  Learning how to build and implement security profiles and policies can help novice admins make sure they use Palo Alto Networks firewalls effectively to protect their network.Continue Reading

• Author's advice on Palo Alto firewall, getting started

  Interfaces, licenses, policies -- getting started with a Palo Alto Networks firewall can be confusing. Here, the author of 'Mastering Palo Alto Networks' offers his advice.Continue Reading

• With 5G, security by design is a must

  New tech means new security strategies. Deloitte's Wendy Frank and Shehadi Dayekh explain why this is especially true with 5G. Security by design, they advise, is a critical approach.Continue Reading

• Information security quizzes to test your cybersecurity smarts

  Test your knowledge of everything cybersecurity, from network security to regulatory compliance, with our collection of information security quizzes.Continue Reading

• Rebuild security and compliance foundations with automation

  Instead of patchwork security fixes, financial organizations need to embrace automation, create and deploy secure software and address implementation problems.Continue Reading

• How to become a threat hunter

  Top threat hunters are creative and slightly contrarian, enabling them to think outside the box -- much like the best cybercriminals, according to one expert.Continue Reading

• What is CIEM and why should CISOs care?

  Cloud infrastructure entitlement management offers companies an edge in the cloud permissions gap challenge. Mahendra Ramsinghani explains how CIEM differs from SIEM.Continue Reading

• SolarWinds supply chain attack explained: Need-to-know info

  The SolarWinds supply chain breach is the talk of the town -- and will be for months and years to come. Get informed and be part of the conversation with our guide.Continue Reading

• Explore benefits and challenges of cloud penetration testing

  Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help inform cloud pen test strategies.Continue Reading

• Organize a cloud IAM team to secure software-defined assets

  Building a cloud IAM team with the necessary technical expertise and soft skills is key to securely managing IAM in complex cloud environments.Continue Reading

• Review 6 phases of incident response for GCIH exam prep

  'GCIH GIAC Certified Incident Handler All-in-One Exam Guide' takes a deep dive into the six phases of incident response to help security pros with GCIH exam prep and certification.Continue Reading

• Preparing for GIAC Certified Incident Handler certification

  The author of 'GCIH GIAC Certified Incident Handler All-in-One Exam Guide' shares advice on how to prepare for the exam and why an incident response career can be so rewarding.Continue Reading

• Insider threat vs. insider risk: What's the difference?

  Identifying, managing and mitigating insider threats is far different than protecting against insider risks. Read up on the difference and types of internal risks here.Continue Reading

• Endpoint security quiz: Test your knowledge

  Test your knowledge of SASE, split tunneling, and device discovery tool capabilities and best practices in this endpoint security quiz for IT professionals.Continue Reading

• Quiz: Web application security threats and vulnerabilities

  Applications are still the biggest attack vector for malicious actors -- can you protect them? Test your knowledge with this web application security quiz.Continue Reading

• Practice Certified Ethical Hacker exam questions

  Preparing for your Certified Ethical Hacker certification? Assess your knowledge of topics on the CEH exam with these practice test questions.Continue Reading

• Ethical hacker career path advice: Getting started

  Matt Walker, author of a Certified Ethical Hacker exam guide and practice exam book, offers advice to career hopefuls on the profession, CEH certification and more.Continue Reading

• Pros and cons of an outsourced SOC vs. in-house SOC

  Security operations centers have become an essential element of threat detection. Here's how to decide whether to build one in-house or outsource SOC capabilities.Continue Reading

• How to pass the AWS Certified Security - Specialty exam

  Author of 'AWS Certified Security - Specialty Exam Guide' Stuart Scott shares insights on how to prepare for the exam and reap the professional benefits of certification.Continue Reading

• Practice AWS Certified Security - Specialty exam questions

  Explore the security and compliance capabilities of the AWS Config service to prepare for the wide-ranging AWS Certified Security - Specialty certification exam.Continue Reading

• Cyber insurance 101: Timely guidance on an essential tool

  No one hopes for a breach, but as they become more common, any responsible cybersecurity team must anticipate one. One key element: choosing the right cyber insurance policy.Continue Reading

• Try this cybersecurity quiz, test your cyberdefense smarts

  Based on the November 2020 issue of Information Security magazine, this 10-question quiz lets you check your comprehensive knowledge of current security issues and earn CPE credit too.Continue Reading

• AI in security analytics is the enhancement you need

  AI-powered analytics is critical to an effective, proactive security strategy. Learn how AI-enabled tools work and what your organization needs to do to reap their benefits.Continue Reading

• Benefits of virtual SOCs: Enterprise-run vs. fully managed

  A virtual security operations center, be it managed in-house or by a third party, is becoming an increasingly popular option to save money and improve reliability.Continue Reading

• Understanding the zero trust-SDP relationship

  Zero trust is a complicated framework that spans the IT stack. Find out how software-defined perimeter can address zero trust's network-level access requirements.Continue Reading

• How to prepare for a zero-trust model in the cloud

  Zero-trust security in the cloud is different than it is on premises. Learn the concepts and policies to effectively achieve a zero-trust model in the cloud.Continue Reading

• Changing the culture of information sharing for cybersecurity

  Dan Young explains why it's time for the cybersecurity industry to come together regarding information sharing and how insurance providers, regulators and others could assist.Continue Reading

• Developing a cyber resilience plan for today's threat landscape

  A cyber resilience plan should complement a company's cybersecurity strategy so that the security culture and cyber hygiene is thought through in all IT and cybersecurity initiatives.Continue Reading

• Quiz: Network security authentication methods

  There are many methods available to authenticate users requesting access to an organization's systems. Test your knowledge with this quiz on authentication in network security.Continue Reading

• What are the top secure data transmission methods?

  Safe information transfer is a must for modern organizations, but not all secure data transmission methods are equal. Explore your secure data transfer options in this tip.Continue Reading

• How self-sovereign identity principles suit the modern world

  There are several core self-sovereign identity principles to consider before the concept can benefit the enterprise. Learn about the implications of SSI advancements in this Q&A.Continue Reading

• 5 key enterprise SOC team roles and responsibilities

  Review the key players in the 2020 SOC and their specific responsibilities, as well as best practices to ensure effective teamwork for a secure organization.Continue Reading

• Format-preserving encryption use cases, benefits, alternative

  With format-preserving encryption, a ciphertext's format is the same as its plaintext's. Read up on the benefits of this cryptography method, NIST FPE methods, vendors and more.Continue Reading

• Top 4 firewall-as-a-service security features and benefits

  Firewall-as-a-service offerings implement security policies across consolidated traffic headed to all locations. Learn about four security features and benefits of FWaaS.Continue Reading

• Test your cloud security smarts with these CCSP exam questions

  Read up on cloud-based BCDR in this excerpt from Chapter 4 of 'CCSP Certified Cloud Security Professional All-in-One Guide,' then quiz yourself to see what you've learned.Continue Reading

• Cloud computing security technology quiz

  As companies migrate to the cloud to improve accessibility and scalability, there are many aspects of security to consider. Test your cloud security knowledge with this quiz.Continue Reading

• Best practices for ethically teaching cybersecurity skills

  Jonathan Meyers has recommendations that teachers and students can use to enhance their teaching and learning of cybersecurity skills to remain relevant in this fast-paced industry.Continue Reading

• CISSP practice exam questions and answers

  Test your knowledge and preparedness for the CISSP exam with 16 questions taken directly from the latest 'CISSP All-in-One Exam Guide' from McGraw Hill.Continue Reading

• How to send secure email attachments

  Sending sensitive information in attachments is inherently unsafe, and the main way to secure them -- encryption -- can be implemented inconsistently, negating security benefits.Continue Reading

• Test your cybersecurity knowledge with this quick ISM quiz

  Read our August 2020 e-zine, and then take this short quiz to test your knowledge of cybersecurity awareness training and other issues -- from types of CISOs to talent recruitment.Continue Reading

• Which type of CISO are you? Company fit matters

  Incompatibility between CISOs and their companies can lead to stress, frustration, burnout and rapid turnover. Identify your CISO style to target the ideal role and environment for you.Continue Reading

• How to start an enterprise bug bounty program and why

  Incentivizing researchers for finding software vulnerabilities can be advantageous for vendors and participants. Here's what to know before starting a bug bounty program.Continue Reading

• Cloud security quiz: Application security best practices

  Think you know all there is to know about securing apps in the cloud? Test your grasp of cloud application security best practices with this quiz.Continue Reading

• IDS/IPS quiz: Intrusion detection and prevention systems

  Want a baseline of your intrusion detection and prevention system knowledge? Test your insights with this IDS/IPS quiz.Continue Reading

• Navigate the DOD's Cybersecurity Maturity Model Certification

  The Cybersecurity Maturity Model Certification requires DOD contractors to achieve baseline security standards. Explore the five levels of certification and how to achieve them.Continue Reading

• Use these CCSK practice questions to prep for the exam

  Virtualization and container security are key topics in the Certificate of Cloud Security Knowledge credential. Test your knowledge with these CCSK practice questions.Continue Reading

• Test your cyber-smarts with this network security quiz

  Show what you know about the topics covered in the May 2020 issue of Information Security magazine. If you get nine of 10 answers right, you'll also receive CPE credit!Continue Reading

• The what, why and how of the Spring Security architecture

  Like any framework, Spring Security requires writing less code to implement the desired functionality. Learn how to implement the Spring Security architecture in this book excerpt.Continue Reading

• The state of cybersecurity risk: Detection and mitigation

  Hackers will always try to creep in, and many will succeed. That's why effective detection and mitigation are essential. How are enterprises faring?Continue Reading

• AI-powered cyberattacks force change to network security

  Companies now face sophisticated enemies using AI and machine learning tools for their attacks. It's a world of new dangers for those defending network systems and data.Continue Reading

• Plan now for the future of network security

  How to battle well-funded, technologically sophisticated threats and ensure high-quality network performance? CISOs need a plan to meet network challenges now and in the future.Continue Reading

• Telework security requires meticulous caution, communication

  Organizations that are proactive about telework security may enjoy a more resilient network environment. Follow five steps in this webinar to ensure secure remote work.Continue Reading

• Words to go: Types of phishing scams

  IT teams must take proactive measures to address security awareness when it comes to email. Learn about the types of phishing scams to mitigate risk.Continue Reading

• The differences between web roles and worker roles in Azure

  What sets web roles and worker roles apart in Microsoft's Azure Cloud Services? Here's a look at how they are different.Continue Reading

• Comparing SASE vs. traditional network security architectures

  Today's dispersed environments need stronger networking and security architectures. Enter cloud-based Secure Access Service Edge -- a new model for secure network access.Continue Reading

• Considering the differences in LAN vs. WAN security

  Given the differences in the security of LAN and WAN, enterprises need to guard against insider threats, secure against unauthorized access and potentially secure the edge, too.Continue Reading