A Best Practice for Information Security and Compliance Text The principle of least privilege is the idea that at any user, program, or process should have only the bare minimum privileges necessary to perform its...

Protecting Data in POS Environments Text POS security, or point-of-sale security, is the prevention of unauthorized access to electronic payment systems by individuals who are typically looking to steal customers’...

A Definition and Best Practices for Defending Against Polymorphic Malware Text Polymorphic malware is a type of malware that constantly changes its identifiable features in order to evade detection. Many of the...

A Definition of Phishing Text The United States Computer Emergency Readiness Team (US-CERT) defines phishing as a form of social engineering that uses email or malicious websites (among other channels) to solicit...

A Definition of Personally Identifiable Information Text The United States Department of Labor defines personally identifiable information as: “Any representation of information that permits the identity of an...

What is PCI Compliance? Text The Payment Card Industry Data Security Standard (PCI DSS), a set of requirements intended to ensure that all companies that process, store, or transmit credit card information maintain a...

Definition of Operational Security Text Operational security (OPSEC), also known as procedural security, is a risk management process that encourages managers to view operations from the perspective of an adversary...

A New Cybersecurity Compliance Requirement for Financial Institutions Text The NYDFS Cybersecurity Regulation (23 NYCRR 500) is a new set of regulations from the NY Department of Financial Services (NYDFS) that...

Definition and Tips for NIST SP 800-53 Compliance Text NIST SP 800-53 is shorthand for the National Institute of Standards and Technology Special Publication 800-53, Security and Privacy Controls for Federal...

What is NIST Compliance? Text The National Institute of Standards and Technology is a non-regulatory government agency that develops technology, metrics, and standards to drive innovation and economic competitiveness...

Definition, Requirements, Penalties, Best Practices for Compliance, and More Text The Directive on security of network and information systems (NIS Directive) is the first piece of cybersecurity legislation passed by...

What is Network Data Loss Prevention? Text Network data loss prevention is a technology for securing an organization’s network communications, including email, web applications, and traditional data transfer...

Definition, Benefits, How to Choose a Vendor, and More Text According to Gartner, managed detection and response (MDR) vendors provide services to companies and organizations that aim to improve the way they detect...

A Definition of Malware Text Malware is software that is intended to damage or disable computers and computer systems without the owner’s knowledge. Malware is the shortened term for “malicious software,” and it...

What is Log Analysis? Text Computers, networks, and other IT systems generate records called audit trail records or logs that document system activities. Log analysis is the evaluation of these records and is used by...

A Definition of Insider Threat Text An insider threat is most simply defined as a security threat that originates from within the organization being attacked or targeted, often an employee or officer of an...

A Definition of HIPAA Compliance Text The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for sensitive patient data protection. Companies that deal with protected health information ...

Understanding the Data Protection Requirements of the Gramm-Leach-Bliley Act Text The Gramm-Leach-Bliley Act (GLB Act or GLBA) is also known as the Financial Modernization Act of 1999. It is a United States federal...

What is GDPR (General Data Protection Regulation)? Text The General Data Protection Regulation (GDPR), agreed upon by the European Parliament and Council in April 2016, will replace the Data Protection Directive 95...

FISMA Definition, Requirements, Penalties, and More Text The Federal Information Security Management Act (FISMA) is a United States federal law passed in 2002 that made it a requirement for federal agencies to...