Knowledge Base

What is the Principle of Least Privilege (POLP)?

A Best Practice for Information Security and Compliance Text The principle of least privilege is the idea that at any user, program, or process should have only the bare minimum privileges necessary to perform its...

What is POS Security?

Protecting Data in POS Environments Text POS security, or point-of-sale security, is the prevention of unauthorized access to electronic payment systems by individuals who are typically looking to steal customers’...

What is Polymorphic Malware?

A Definition and Best Practices for Defending Against Polymorphic Malware Text Polymorphic malware is a type of malware that constantly changes its identifiable features in order to evade detection. Many of the...

What is a Phishing Attack?

A Definition of Phishing Text The United States Computer Emergency Readiness Team (US-CERT) defines phishing as a form of social engineering that uses email or malicious websites (among other channels) to solicit...

What Is Personally Identifiable Information?

A Definition of Personally Identifiable Information Text The United States Department of Labor defines personally identifiable information as: “Any representation of information that permits the identity of an...

What is PCI Compliance?

What is PCI Compliance? Text The Payment Card Industry Data Security Standard (PCI DSS), a set of requirements intended to ensure that all companies that process, store, or transmit credit card information maintain a...

What is Operational Security?

Definition of Operational Security Text Operational security (OPSEC), also known as procedural security, is a risk management process that encourages managers to view operations from the perspective of an adversary...

What is the NYDFS Cybersecurity Regulation?

A New Cybersecurity Compliance Requirement for Financial Institutions Text The NYDFS Cybersecurity Regulation (23 NYCRR 500) is a new set of regulations from the NY Department of Financial Services (NYDFS) that...

What is NIST SP 800-53?

Definition and Tips for NIST SP 800-53 Compliance Text NIST SP 800-53 is shorthand for the National Institute of Standards and Technology Special Publication 800-53, Security and Privacy Controls for Federal...

What is NIST Compliance?

What is NIST Compliance? Text The National Institute of Standards and Technology is a non-regulatory government agency that develops technology, metrics, and standards to drive innovation and economic competitiveness...

What is the NIS Directive?

Definition, Requirements, Penalties, Best Practices for Compliance, and More Text The Directive on security of network and information systems (NIS Directive) is the first piece of cybersecurity legislation passed by...

What is Network Data Loss Prevention?

What is Network Data Loss Prevention? Text Network data loss prevention is a technology for securing an organization’s network communications, including email, web applications, and traditional data transfer...

What is Managed Detection and Response?

Definition, Benefits, How to Choose a Vendor, and More Text According to Gartner, managed detection and response (MDR) vendors provide services to companies and organizations that aim to improve the way they detect...

What is HIPAA Compliance?

A Definition of HIPAA Compliance Text The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for sensitive patient data protection. Companies that deal with protected health information ...

What is GDPR (General Data Protection Regulation)?

What is GDPR (General Data Protection Regulation)? Text The General Data Protection Regulation (GDPR), agreed upon by the European Parliament and Council in April 2016, will replace the Data Protection Directive 95...

What is FISMA Compliance?

FISMA Definition, Requirements, Penalties, and More Text The Federal Information Security Management Act (FISMA) is a United States federal law passed in 2002 that made it a requirement for federal agencies to...