What is Multi-Persona Impersonation? Multi-Personal Impersonation (MPI) is a new email phishing technique that can make detection even more difficult for email users. The MPI technique uses the psychology principle of “social proof” to increase the perception of authenticity of emails, increasing the likelihood that unsuspecting recipients will click on them.1 The principle of social […]
What are Cybersecurity Risk Assessments? There are several tools available for assessing both specific and broad cybersecurity risks. Consider performing risk assessments at the organizational level as well as subscribing to alerts regarding larger-scale threats. The following risk assessment may be used to classify risks to systems in your organization1: The Center for Internet Security […]
Categories
Business VPNs
What are Business VPNs? Virtual private networks (VPNs) allow users to safely connect to another network on over the internet by encrypting the connection from their device, making the internet connection more secure and private. Organizations use VPNs to secure remote connections to the internet to protect their data from being compromised. Business VPNs are […]
Categories
CIA Triad
What is the CIA Triad? The CIA triad is a well-known model in information security that is used in the development of security policies. CIA stands for confidentiality, integrity, and availability, and refers to the core components of data and information protection. The data that organizations manage comes from various sources such as personal data, […]
Categories
Emotet
What is Emotet? Emotet is a computer malware program that was originally developed in 2014 as a banking Trojan. The goal of the malware was to access foreign devices and spy on sensitive private data. Once a device is infected, the malware spreads like a computer worm and attempts to infiltrate other computers on the […]
What are Digital Forensics and Incident Response? Digital Forensics and Incident Response (DFIR) is a cybersecurity field that focuses on the identification, investigation, and remediation of cyberattacks. The two main components of DFIR are: Digital Forensics. The application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the […]
Categories
NICE Framework
What is the NICE Framework? With the large talent gap in the cybersecurity workforce, it is increasingly important that employers and employees are able to clearly express their needs and expectations regarding cybersecurity jobs. The National Initiative for Cybersecurity Education (NICE) is led by the National Institute of Standards and Technology (NIST) and is a […]
Categories
IoT Botnets
What are IoT Botnets? IoT. With the rising number of Internet of Things (IoT) devices, there is a concurrent rise in IoT botnet threats from cyberattackers. IoT refers to the interconnection and communication between internet-enabled physical devices. The growth of such devices has been explosive, as smart devices such as wearables, sensors, phones, cars, appliances, […]
Categories
Malicious Code
What is Malicious Code? Malicious code refers to unwanted files or programs that can cause harm to a computer or compromise data that is stored on a computer1. Malicious code are auto-executable applications that take many forms such as Java applets, ActiveX controls, pushed content, plug-ins, scripting languages, and other languages that are designed to […]
Categories
Traffic Light Protocol 2.0
What is TLP 2.0? The Forum of Incident Response and Security Teams (FIRST) created the Traffic Light Protocol (TLP) standard which is used in the computer security incident response team (CSIRT) community to facilitate greater sharing of potentially sensitive information, more effective communication, and indicates any sharing limitations that recipients must consider when communicating potentially […]