Indicators of compromise (IOCs) are pieces of forensic data, such as system log entries, system files or network traffic that identify potentially malicious activity on a system or network. Digital forensics security analysts and information security professionals use indicators of compromise to detect data breaches, malware infections and other security incidents.
Spyware is unwanted software, a type of malicious software or malware, designed to expose sensitive information, steal internet usage data, gain access to or damage your computing device. Any software downloaded to a user's device without authorization can be classified as spyware. Even spyware programs installed for innocuous reasons often violate end user privacy agreements and have the potential for abuse.
A zero-day (0-day) is an unpatched security vulnerability that is unknown to the software, hardware or firmware developer, and the exploit attackers use to take advantage of the security hole. In general, zero-day refers to two things: Zero day gets its name from the number of days that a patch has existed for the flaw: zero. Zero-day threats represent significant cybersecurity risk because they are unknown to the party who is responsible for patching the flaw and may already be being exploited.
The Federal Information Security Management Act of 2002 (FISMA) is a United States federal law that defines a comprehensive framework to protect government information, operations and assets against natural and manmade threats. FISMA was enacted as part of the E-Government Act of 2002.
The Gramm-Leach-Bliley Act (GLBA, GLB Act or the Financial Services Modernization Act of 1999) is a United States federal law requiring financial institutions to explain how they share and protect their customers' nonpublic personal information (NPI).
The Personal Information Protection and Electronic Documents Act (PIPEDA) is the federal privacy legislation for private-sector organizations in Canada. PIPEDA became law in April 13, 2000 to promote trust and data privacy in ecommerce and has since expanded to include industries like banking, broadcasting and the health sector.
In cryptography, encryption is the process of encoding information or sensitive data so only authorized parties can access it. Encryption does not itself prevent interference and man-in-the-middle attacks, but denies intelligible content to the interceptor.
Ransomware, a type of malicious software or malware, is designed to deny access to computer systems or sensitive data until ransom is paid. While ransomware has been around for decades, ransomware attacks are becoming more sophisticated, spreading through phishing emails, spear phishing, email attachments, vulnerability exploits, computer worms and other attack vectors.
The NIST Cybersecurity Framework provides a framework, based on existing standards, guidelines and practices for private sector organizations in the United States to better manage and reduce cybersecurity risk. In addition to helping organizations prevent, detect and respond to cyber threats and cyber attacks, it was designed to improve cybersecurity and risk management communications among internal and external stakeholders. The framework is increasingly adopted as best practice, with 30% of U.S.
Psychographic data is information about a person's values, attitudes, interests and personality traits that is used to build a profile of how an individual views the world, the things that interest them and what triggers motivate them to action.
