Author: Josh Fruhlinger

Viruses and other malware spreading for sinister or baffling reasons has been a staple of cyberpunk novels and real-life news stories alike for decades. And in truth, there have been computer viruses on the internet since before it was the internet….

Read more →

What is SSO?
Single sign-on (SSO) is a centralized session and user authentication service in which one set of login credentials can be used to access multiple applications. Its beauty is in its simplicity; the service authenticates you on one desig…

Read more →

What is a logic bomb?
A logic bomb is a piece of code left lying in wait on a computer that will execute under certain specified conditions and take actions the owner of that computer would consider malicious. The actual code that does the dirty wor…

Read more →

What is SAML and what is it used for?
The Security Assertion Markup Language (SAML) is an open standard that allows security credentials to be shared by multiple computers across a network. It describes a framework that allows one computer to perfor…

Read more →

Computer virus definition
A computer virus is a form of malicious software that piggybacks onto legitimate application code in order to spread and reproduce itself.Like other types of malware, a virus is deployed by attackers to damage or take contr…

Read more →

Spear phishing definition
Spear phishing is a targeted email attack purporting to be from a trusted sender.In spear phishing attacks, attackers often use information gleaned from research to put the recipient at ease. The ultimate aim is to either i…

Read more →

SSL and its descendent, TLS, are protocols that encrypt internet traffic, making secure internet communication and ecommerce possible.The decades-long history of these protocols has been marked by continuous updates that aim to keep pace with increa…

Read more →

Anyone who follows cybersecurity is aware of the steady drumbeat of data breaches and attacks. So, an attack needs to really stand out to earn the name “disaster.”We’ve assembled eight truly disastrous IT security failures over the past decade, with…

Read more →

Security information and event management (SIEM) tools collect and aggregate log and event data to help identify and track breaches. They are powerful systems that give enterprise security professionals both insight into what’s happening in their IT…

Read more →

Cross-site scripting (XSS) is a cyberattack in which a hacker enters malicious code into a web form or web application url. This malicious code, written in a scripting language like JavaScript or PHP, can do anything from vandalizing the website you…

Read more →

What is a DDoS attack?
A distributed denial of service (DDoS) attack is when an attacker, or attackers, attempt to make it impossible for a service to be delivered. This can be achieved by thwarting access to virtually anything: servers, devices, se…

Read more →

As we enter the second year of the pandemic, it’s not an exaggeration to say that COVID-19 has impacted every aspect of our personal and professional lives. When it comes to trends in enterprise security, the pandemic has been a gamechanger.To read thi…

Read more →

PII definition: What is personally identifiable information?
PII, or personally identifiable information, is any piece of data that someone could use to figure out who you are. Some types of PII are obvious, such as your name or Social Security numb…

Read more →

What is IPsec?
IPsec is a suite of protocols that are used to secure internet communications—in fact, the name itself is an abbreviation for Internet Protocol Security.  IPsec was first codified in the ’90s, spurred on by the dawning realization tha…

Read more →

Penetration testing, sometimes called ethical hacking or red team hacking, is an exciting career path in which you simulate cyberattacks on target systems in order to test (and, ultimately, improve) their security. It’s a job that lots of people cur…

Read more →

What is penetration testing?
Definition: Penetration testing is a process in which a security professional simulates an attack on a network or computer system to evaluate its security—with the permission of that system’s owners.Don’t let the word “s…

Read more →

The security analyst is the backbone of a company’s day-to-day IT security. Whether they’re monitoring network infrastructure for breaches and intrusions as part of a security operations center, performing internal security audits, or analyzing past…

Read more →

The smartphone revolution was supposed to provide a second chance for the tech industry to roll out a secure computing platform. These new devices were purported to be locked down and immune to malware, unlike buggy PCs and vulnerable servers.But it…

Read more →

Every organization wants to keep its employees’ cybersecurity skills up to date, but for many, the cost of advanced formal trainings can break the budget. At the SANS Institute, for instance, considered by many to be the gold standard for profession…

Read more →

What is SAML?
The Security Assertion Markup Language (SAML) is an open standard that allows security credentials to be shared by multiple computers across a network. It describes a framework that allows one computer to perform some security function…

Read more →

What is CRISC?
Certified in Risk and Information Systems Control (CRISC) is a certification that focuses on enterprise IT risk management. It’s offered by ISACA, a nonprofit professional association focused on IT governance with a number of certific…

Read more →

Social engineering definition
Social engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems or data.For example, instead of trying to find a software vulnerability, a soc…

Read more →

What is the CDPSE certification?
The Certified Data Privacy Solutions Engineer (CDPSE) certification focuses on the implementation of privacy solutions, from both a technical and governance perspective. It is offered by ISACA, a nonprofit profession…

Read more →

What is a security engineer?
A security engineer is a cybersecurity professional who helps develop and implement strategies and systems to protect their organization’s infrastructure from cyberattacks. This is a role in an organization for someone w…

Read more →

What is the CCSP certification?CCSP is a cloud-focused security certification for experienced security pros offered by the International Information System Security Certification Consortium, or (ISC)2. CCSP stands for Certified Cloud Security Profes…

Read more →