What are IT Security Training Topics for Employees? Human risk management (HRM) is a strategy for businesses to understand, reduce, and monitor their employee IT security risks. An important aspect of HRM is providing IT security awareness training so that employees are able to identify and address threats and to ensure that they have the […]
Category: IT Security
Categories
Malicious PDFs
What are Malicious PDFs? Portable Document Format (PDF) files were once considered to be immune to viruses, but PDF documents have evolved to incorporate more components that can make them vulnerable to viruses and other malicious content. These are a few PDF features and associations that can have underlying vulnerabilities: Multimedia content. PDF documents that […]
Categories
Buffer Overflow Attack
What is a Buffer Overflow Attack? In a buffer overflow attack, an application receives more input than it expects, which results in an error that exposes the system memory to malicious threats. While the buffer overflow is not a cause of damage, it does create a vulnerability that can be exploited by cyberattackers. One method […]
What is Cross-Site Request Forgery? Cross-site request forgery (CSRF) cyberattacks are common web application vulnerabilities that take advantage of the trust that a website has already granted a user and their browser by tricking the web browser into executing an unwanted action in an application that the user is already logged in to. CSRF cyberattacks […]
Categories
Cryptography
What is Cryptography? Cryptography is the study of secure communication techniques that allow only the sender and intended recipient of a message to view it. The term is derived from the Greek word kryptos, which means hidden. Cryptography uses mathematical techniques to transform data and prevent it from being read or manipulated by unauthorized parties. […]
Categories
FinTech
What is FinTech? FinTech (financial technology) is a term broadly referring to software, mobile applications, and other technologies created to improve and automate traditional forms of finance for individuals and businesses. A FinTech company refers to any business that uses technology to modify, enhance, or automate financial services for businesses or consumers.1 Examples of FinTech […]
What is Enterprise Security Risk Management? Enterprise Security Risk Management (ESRM) is a strategic approach to security management through the use of risk management principles. This management philosophy can be applied to any area of security and any task performed by security, such as physical security, cybersecurity, information security, investigations, loss prevention, organizational resilience, brand […]
Categories
Insider Threats
What are Insider Threats? The Department of Homeland Security (DHS) defines an insider threat as the “…threat that an employee or a contractor will use his or her authorized access, wittingly or unwittingly, to do harm to the security of the United States.”1 Insider threats are not only threats to national security, but they are […]
What is Intentional Electromagnetic Interference? Electromagnetic interference (EMI) is all around us, in both natural and man-made forms. EMI is unwanted noise or interference in an electrical path or circuit that is caused by an outside source. EMI can cause electronics to malfunction or to fail. Examples of EMI sources include lightning, solar flares, radio […]
What are Enterprise Threats from Social Media Phishing? Social media phishing refers to a cyberattack executed through social media platforms such as Instagram, Facebook, LinkedIn, and Twitter. The purpose of social media cyberattacks are to steal personal data or to gain control of social media accounts. Social media phishing cyberattacks are a type of social […]