A process for enhancing the security posture of software. The process typically involves: threat modeling, design reviews, finding security bugs through tools/testing (IAST, RASP, SAST, DAST, manual, etc), and then fixing the security bugs in the software development lifecycle (SDL). Application security is being adapted in to more streamlined ‘DevSecOps’ processes in today’s development world.
Emerging technology that allows us to access our files and/or services through the internet from anywhere in the world. Technically speaking, it’s a collection of computers with large storage capabilities that remotely serve requests.
An emerging discipline used to accurately understand and reduce cyber risk. This approach is key to helping companies safeguard valuable assets and become more cyber secure by providing holistic visibility into the various digital compute platforms and assets that make up the modern attack surface. The Cyber Exposure process takes the whole life cycle into account, allowing companies to determine where they are exposed, where they should prioritize based on risk and how they are reducing exposure over time.
A Cyber Exposure approach builds on the roots of vulnerability management for traditional IT systems, but also includes:
- Live discovery of every modern asset across any computing environment
- Continuous visibility into where an asset is secure, or exposed, and to what extent
- Added context to help prioritize and select the appropriate remediation technique
- A framework to accurately represent and communicate cyber risk to business
- Tools to apply Cyber Exposure data as a key risk metric for strategic decision support
A cybersecurity roadmap helps businesses align their planned cybersecurity investments with their future business goals. Once businesses know which security risks threaten their growth, they can make more strategic cybersecurity investments.
Data archiving involves storing historical data on a separate storage system. Data should be archived when it’s no longer being used, but must be saved for record-keeping and/or to maintain regulatory compliance.
Endpoint refers to any device that connects to a network and can serve as an entry point for security threats. Devices such as smartphones, tablets and laptops are all endpoints that must be secured to block unauthorized access to company networks. Endpoint security also can prevent the internal theft of sensitive data.
A specific class of computer software, firmware provides the low-level control for the hardware of an IoT device.
Internet of Things (IoT) security includes both the physical security of internet-connected devices and the network security to which each IoT ‘thing’ connects.
A unique series of numbers that identifies a device connected to the Internet or a local network. Allows systems to be recognized by other systems via Internet Protocol
Exploits are a program or piece of computer code that takes advantage of a security flaw in an application or system. Known exploits are exploits that have been identified, documented and publicly reported by security researchers.
“Malware, or malicious software, is any program or file that is written with the intent of doing harm to data, devices or to people. Common types of malware include computer viruses, Trojan horses and spyware.” — Dunlap
MSSP stands for ‘managed security service providers.’ They provide outsourced monitoring and management of security devices and systems. MSSP can be outsourced or managed in-house. Services include firewall management, vulnerability scanning, and anti-viral protection.
Hackers use this technique to ‘trick’ people into giving them sensitive information. Can come as emails with sketchy links, or be websites that look legit but are fake sites to obtain your information.
A form of malware that infects your device and prevents or limits users from accessing their systems until a ‘ransom’ is paid.
A technique used by attackers to obtain sensitive information. Traditionally executed using highly targeted email messages designed to trick people into divulging personal or confidential data.
Third-Party Risk, or supply chain risk, is the probability of a cybersecurity event affecting your company that is caused by a third party, such as a vendor partner, supplier, or contractor with whom you do business. The greater the number of partners, the higher the risk.
Virtual Private Network
A tool that allows the user to remain anonymous while using the internet by masking the location and encrypting traffic.
Zero Day Exploits
A cyberattack on a software or hardware vulnerability before it can be detected and fixed. Attackers exploit the security flaw by releasing malware that can take control of your computer, steal your data, corrupt files, access your contacts, and send spam messages from your account.