Biometrics is the technical term for body measurements and calculations, and human characteristics. Biometric authentication if a form of identification and access control. As biometric identifiers are unique to individuals, they are seen as more reliable for verifying one's identity than traditional token-based identification systems such as a passport, as well as knowledge-based identification systems such as a password.
Cyber risk is defined as exposure to harm or loss resulting from data breaches or cyber attacks on information systems, information technology and information security. However, this definition must be broadened. A better, more encompassing definition is the risk of financial loss, disruption or reputational damage due to the failure of an organization's cybersecurity strategy.
Corporate espionage is espionage conducted for commercial or financial purposes. Corporate espionage is also known as industrial espionage, economic espionage or corporate spying. That said, economic espionage is orchestrated by governments and is international in scope, while industrial or corporate espionage generally occurs between organizations.
Operations security (OPSEC) is a process that identifies friendly actions that could be useful for a potential attacker if properly analyzed and grouped with other data to reveal critical information or sensitive data. OPSEC uses countermeasures to reduce or eliminate adversary exploitation.
Third-party vendors are an important source of strategic advantage, cost savings and expertise. Yet outsourcing is not without cybersecurity risk. As organizations' reliance on third-parties grow, so too does their exposure to third-party risk and fourth-party risk. In fact, a recent HSB survey found nearly half of data breaches in 2017 were caused by a third-party vendor or contractor.
The purpose of a vendor management policy is to identify which vendors put your organization at risk and then define controls to minimize third-party and fourth-party risk. It starts with due diligence and assessing whether a third-party vendor should have access to sensitive data.
Internet Protocol (IP) attribution is the attempt to identify a device ID or individual responsible for a cyber attack (e.g. ransomware or other types of malware) based on the origin of a network packet. An IP address is given to a system for a period of time that enables them to exchange data to and from other devices on networks.
Service Organization Control 2 (SOC 2) is an auditing standard developed by the American Institute of Certified Public Accountants (AICPA). It is designed to ensure service providers and third-party vendors are protecting sensitive data and personal information from unauthorized access.
Defense in depth is a cyber security strategy that uses a series of layered, redundant defensive measures to protect sensitive data, personally identifiable information (PII) and information technology assets. If one security control fails, the next security layer thwarts the potential cyber attack. This multi-layered approach reduces the cyber threat of a particular vulnerability exploit being successful, improving the security of the system as a whole and greatly reducing cybersecurity risk.
Common Vulnerabilities and Exposures (CVE) is a list of publicly disclosed information security vulnerabilities and exposures. CVE was launched in 1999 by the MITRE corporation to identify and categorize vulnerabilities in software and firmware. CVE provides a free dictionary for organizations to improve their cyber security. MITRE is a nonprofit that operates federally funded research and development centers in the United States.
Email spoofing is the creation of emails with a forged sender address. Because core email protocols lack authentication, phishing attacks and spam emails can spoof the email header to mislead the recipient about the sender of the email. The goal of email spoofing is to get recipients to open, respond and engage with the email message. Email spoofing can greatly increase the effectiveness of phishing and other email-based cyber attacks by tricking the recipient into trusting the email and its sender.
Network security is the process of using physical and software security solutions to protect the underlying network infrastructure from unauthorized access, misuse, malfunction, modification, destruction or improper disclosure, creating a secure platform for computers, users and programs to perform their functions in a secure environment.
Malware, or malicious software, is any program or file that harms a computer or its user. Common types of malware include computer viruses, ransomware, worms, trojan horses and spyware. These malicious programs can steal, encrypt or delete sensitive data, alter or hijack key computing functions and to monitor the victim's computer activity.
Digital forensics or digital forensic science is a branch of forensic science focused on the recovery and investigation of material found in digital devices and cybercrimes. Digital forensics was originally used as a synonym for computer forensics but has expanded to cover the investigation of all devices that store digital data. As society increases reliance on computer systems and cloud computing, digital forensics becomes a crucial aspect of law enforcement agencies and businesses.
