What is Application Programming Interface Security? An Application Programming Interface (API) is a set of rules that enables a software program to transmit data to another software program. APIs enable developers to avoid redundant work by incorporating new and existing applications instead of building and rebuilding application functions that already exist. This is done by […]
Categories
Metadata
What is Metadata? Metadata is data which provides information about other data. Metadata is most often used in digital files where it is used to describe information about the file, such as the file’s author and creation date. It can include other types of data as well, depending on the metadata type. Types of metadata […]
Categories
Just-in-Time Access
What is Just-in-Time Access? Just-in-time (JIT) access is a privileged access management (PAM) component that orchestrates users, applications, and/or system access privileges on an as-needed basis, or for a specified duration. JIT access is practiced as part of an identity and access management (IAM) strategy that ensures the resources are available to those who need […]
Categories
Platform-as-a-Service
What is Platform-as-a-Service? Platform-as-a-Service (PaaS) is a method of delivery in which an organization’s developers can access software and tools through the web, instead of accessing them on local machines or computing environments. A PaaS solution works by combining cloud infrastructure and software with a graphic user interface (GUI). Your cloud infrastructure through PaaS includes […]
Categories
Enterprise Risk Profile
What is an Enterprise Risk Profile? Enterprise Risk Management (ERM) is a strategic approach to security management through the use of risk management principles. This management philosophy can be applied to any area of risk including operational, financial, security, compliance, legal risks, and more. Examples of security risks include physical security, cybersecurity, information security, investigations, […]
What is Formjacking? Formjacking is a type of cyberattack that steals credit card details by inserting malicious JavaScript code into online payment forms. This malicious code operates covertly in the background on payment form web pages that are often served to the victim from a third-party payment processing company, but can also be found in: […]
What are Machine Learning and Artificial Intelligence Threats? As machine learning (ML) and artificial intelligence (AI) become more prevalent in our daily lives and digital world, it is important to consider the concerns associated with adopting these technologies. The following are security risks to be aware of: Data poisoning and model poisoning. ML systems rely […]
Categories
Privacy Risk Management
What is Privacy Risk Management? Privacy risk is the potential loss of control over personal information. Personally identifiable information (PII) refers to any information about an individual maintained by an agency, including any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of […]
Categories
Pseudonymization
What is Pseudonymization? The General Data Protection Regulation (GDPR) is a privacy and security law from the European Union (EU) that imposes obligations anywhere in the world where data from EU citizens is targeted and/or collected. The GDPR will levy harsh fines against those who violate their privacy and security standards, regardless of whether the […]
Categories
Inadequate Patch Management
What is Inadequate Patch Management? Patch management is a critical function of maintaining a robust and secure IT infrastructure. Patch management involves identifying, testing, and deploying updates to help keep systems protected from known vulnerabilities. With so many different devices of different types in an organization, it is a difficult task to ensure that they […]