A vCISO (virtual Chief Information Security Officer), provides cybersecurity leadership to businesses virtually at a fraction of the cost if hiring them full-time. By hiring a third-party provider to manage …

pdf file

PDF (Portable Document Format)

A PDF (Portable Document Format) is a file format designed to present documents consistently across multiple devices and platforms. Since developed by Adobe 1992, it’s become one of the most …

malicious URLs

Malicious URL

A Malicious URL is a link created with the purpose of promoting scams, attacks, and fraud. By clicking on an infected URL, you may download malware or a trojan that …

ssae soc 1

SSAE Compliance

SSAE Compliance, also known as Statement on Standards for Attestation Engagements and Compliance, is a collection of auditing standards and guidance using standards published by the Auditing Standards Board (ASB) …

All-Source Analysis

All-Source Analysis is the analysis of threat information from multiple sources, disciplines, and agencies across the Intelligence Community. Analysts use this strategy to synthesize and group intelligence data gathered to …

wifi 6e

Wi-Fi 6E

Wi-Fi 6E is a new extension to the Wi-Fi 6 standard ratified unanimously by the FCC in April of 2020 which opens up unused spectrum in the 6 GHz band. …

soc 3


SOC 3 isn’t an of upgrade over the SOC 2 report. It may have some of the components of SOC 2; still, it is entirely a different ball game. SOC …

soc 1


Systems and Organizational Controls (SOC) is an auditing standard that has its roots in financial systems and auditing. SOC audits come in three (3) flavors with SOC Type 1 being …

soc 2


SOC 2 is the most commonly achieved audit report of the three SOC audit types. SOC 2 audits are quite common when working with service providers. It’s common for people …

cyber insurance

Cyber Insurance

Cyber Insurance is a form of insurance for businesses and individuals against Internet-based threats. Many high profile data breaches have prompted insurance companies to offer cyber insurance policies to protect …

Digital Content Management (DCM)

Digital Content Management (DCM) is the process for collection, delivery, retrieval, governance and overall management of information in any digital format. The term is generally used in reference to administration …

cyberwarfare cybrary


Nation states have taken heavily to cyberwarfare over the past 20 years. Some flex their muscles openly such as when Russia invaded Georgia a few years back and took out their critical infrastructure through Cyberwarfare before they rolled their tanks in. Others do so more stealthily with false flags and more. The only certainty is you must protect yourself, because no-one else will or can. Learn how at CyberHoot.


Application Programming Interface (API)

An Application Programming Interface (API) is a set of definitions and protocols for building and integrating application software. APIs let your product communicate with other products and services without having …

tor browser cybrary

Tor Browser

The Tor Browser is a web browser designed for anonymous web browsing and protection against traffic capture, providing some level of privacy protection for individuals who us it.  The Tor …

digital rights management drm

Digital Rights Management (DRM)

Digital Rights Management (DRM) are measures taken to protect digital media copyrights. DRM tries to prevent unauthorized redistribution of digital media and places restrictions on the ways consumers can copy …

cyber spill cybrary

Data Spill

A Data Spill, or Data Leak, is the accidental or deliberate exposure of information into an unauthorized environment. Data spillage is often the result of hackers breaking into company networks …

paste attack cybrary


A Paste is information that has been “pasted” to a public facing website designed to share content such as Pastebin. These public forums are frequently used by hackers for their …

quality of service QoS

Quality of Service (QoS)

Quality of Service (QoS) is a technology that manages and prioritizes certain types of data traffic on a network with the goal of reducing packet loss, latency and jitters for …

network behavior analysis

Network Behavior Analysis (NBA)

Network Behavior Analysis (NBA), also known as “Behavior Monitoring” is the collection and analysis of internal network data to identify malicious or unusual activity. Behavioral monitoring tools analyze information from …

Multiple Internet Pipes help Network Redundancy


Bandwidth is foundational to any company’s Internet presence and function. Having enough bandwidth and reliable connectivity to the Internet can ensure smooth operations. This article gives a high level overview of your Bandwidth needs, planning considerations, and troubleshooting tools.

blended threat cybrary

Blended Threat

A Blended Threat is a computer network attack that seeks to maximize the severity of damage and speed of contagion by combining methods—for example, using characteristics of both viruses and …

data normalization cybrary

Data Normalization

Data Normalization is a process of reorganizing information in a database to meet two requirements: data is only stored in one place (reducing the data) and all related data items …

catfish cybrary term


Catfishing is a common technique used on social media sites to attack victims through fake personalities and accounts. This technique is also used on dating sites, playing on people’s emotions, …

identity theft cybrary

Identity Theft

Identity Theft is when a hacker uses your personal identifying information and pretends to be you in order to commit fraud or to gain other financial benefits. Thieves look to …

data aggregation

Data Aggregation

The world of big data swirls around all of us online today. Data Aggregation (DA) is how big data is analyses for meaningful relationships and then converted into actionable intelligence. Learn more at CyberHoot.

cyber threat actor

Threat Actor

A Threat Actor is a person or group performing malicious or hostile actions which cause harm to the victims computers, devices, systems, or networks. Threat Actors are categorized into groups …



JavaScript is a programming language developed by Netscape commonly used in web development; used to add dynamic and interactive elements to web pages. The coding language is a “client-side” language …

cyberspace cybrary


Cyberspace is the complex environment of interdependent networks of IT infrastructures including the public Internet, various private “Internets” such as Internet2 or the US military’s Secret Internet Protocol Router Network (SIPRNet), telecommunications …

application hacked

JBOH (JavaScript-Binding-Over-HTTP)

JBOH (JavaScript-Binding-Over-HTTP) is a mobile device attack that enables an attacker to execute arbitrary code on a previously compromised device. These attacks are known to be deployed through malicious JBOH …

situational awareness cybrary

Situational Awareness

Situational awareness is knowledge combined with attitudes and behaviors that work to protect our IT assets. Being aware in cybersecurity means you understand what the threats you face are and …

cryptanalysis cybrary


Cryptanalysis is the decryption and analysis of codes, ciphers or encrypted text. Cryptanalysis uses mathematical formulas to search for algorithm vulnerabilities, attempting to break into a cryptographic system. The goal …

bloatware cybrary term


Bloatware is software that comes pre-installed with the purchase of a new computer or device. Many vendors include dozens of “utilities” and sometimes even “3rd Party software solutions” which add …

trialware cybrary term


Trialware is software that can be used for a short period of time before it expires. In order to keep using the software, the user must purchase an authentication key …

piggybacking cybrary


Piggybacking is a form of cyber attack where a hacker(s) gain access to an unauthorized network, computing resource, or even a physical building.  They do this by leveraging an insecure …

adware cybrary term


Adware makes the Internet go round. However, excessive adware and madware (mobile adware) can lead to productivity damage or worse, malware. Learn all about adware and how to avoid it at CyberHoot.

disinformation cybrary term


Disinformation is closely aligned to social engineering. When combined the two can have very believable and devastating consequences. Develop a healthy skepticism towards online content. To avoid being taken advantage of, seek to validate sources, facts, and authors.

cookie cybrary term


A Cookie, or web cookie, is a small data file used by computers to track website communications and sessions. When you visit a website, it sends a cookie to your …

recovery point objective rpo

Recovery Point Objective (RPO)

A Recovery Point Objective (RPO) is the maximum amount of data that your company is willing to lose in a disaster. Most businesses backup their data at specific intervals (hourly, …

rto recovery time objective

Recovery Time Objective (RTO)

A Recovery Time Objective (RTO) is a metric used to measure how fast you can recover your IT infrastructure and services following an incident or outage (business continuity). RTO is …

recaptcha cybrary term


reCAPTCHA is a (presently) free security tool from Google which helps separate automated Bots from real humans wanting to interact with your website whether to purchase, query, complete a form. or register for something. Enabling reCAPTCHA can greatly reduce nuisances in your website from hackers and provide SMBs peace-of-mind.

cyber patch term


A Patch is a software component that is installed onto a device that modifies files or device settings. Patches are typically done to fix an issue with a device or …

restore recovery cybrary

Restore (Recovery)

When -planning for risks to your small to medium sized business, you need to include data backups and recovery processes. Test that these work at least annually and be aware that some new hacking attacks cannot be addressed by simply restoring data from a strong backup strategy because of threats to your data’s confidentiality.

eavesdropping cybrary term


Eavesdropping in the cybersecurity world refers to the interception of communication between two parties by a malicious third party (hackers). Eavesdropping is similar to a sniffing attack, where software applications …

POS Intrusions

A POS Intrusion is an attack that happens at the Point-of-Sale device. The POS device in retail stores process credit card transactions at check out. Newer devices allow you to …

cyber espionage cybrary

Cyber Espionage

Cyber Espionage is a cyber attack that leads to stolen classified, sensitive, or critical data often in the form of intellectual property in order to gain a competitive advantage over …

data mining cybrary

Data Mining

Examining the data you collect to run your business can lead to greater efficiency, shorter periods of down-time, and better predictive models surrounding demand for your products and services. This is known as data mining.

cyber ecosystem cybrary

Cybersecurity Ecosystem

Whether you like it or not, you and your business are part of an online Cybersecurity ecosystem. There are predators (hackers) and the hunted (businesses and individuals). You can sit passively and idly by hoping no predators see you, or you can build your defenses by training your employees and evaluating your cybersecurity maturity to ensure you can run faster than the person or business next to you. Inaction is no longer an option. Do something at

Password Sniffing

Password Sniffing is a hacking technique that uses a special software application that allows a hacker to steal usernames and passwords simply by observing and passively recording network traffic.  This …