What is Business Email Compromise?

Identity and Access Management

Identity and Access Management (IAM) are the methods and processes used to manage subjects and their authentication and authorizations to access specific objects. What Does This Mean For An SMB? …

Cybersecurity

Cybersecurity

Cybersecurity is the activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use …

Incident

An incident is an occurrence that actually or potentially results in adverse consequences to (adverse effects on) (poses a threat to) an information system or the information that the system …

Event

An event in cybersecurity is an observable occurrence in an information system or network. This sometimes provides an indication that an incident is occurring or at least raise the suspicion …

Incident Management

Incident Management

Incident Management is the management and coordination of activities associated with an actual or potential occurrence of an event that may result in adverse consequences to information or information systems. …

Incident Response Plan

An Incident Response Plan is a set of predetermined and documented procedures to detect and respond to a cyber incident. This is the actual procedure carried out if there is …

Information Assurance

Information Assurance are the measures that protect and defend information and information systems by ensuring their availability, integrity, and confidentiality. What Should My SMB Do? If you own a business, …

Information Assurance Compliance

Information Assurance Compliance in cybersecurity work is where a person: Oversees, evaluates, and supports the documentation, validation, and accreditation processes necessary to assure that new IT systems meet the organization’s …

Information Sharing

Information Sharing is an exchange of data, information, and/or knowledge to manage risks or respond to incidents. This is commonly done when there has been a breach in technology that …

Information System Resilience

Information System Resilience is the ability of an information system to: (1) continue to operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining …

Security Automation and Operations

Information Systems Security Operations

Information Systems Security Operations in cybersecurity work is where a person: Oversees the information assurance program of an information system in or outside the network environment; may include procurement duties (e.g., …

What is Interoperability

Interoperability

Interoperability is the ability of two or more systems or components to exchange information and to use the information that has been exchanged. What Does This Mean For An SMB? …

Key

A key is the numerical value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature verification. Without a proper key, one would not be able to …

cyber intrusion

Intrusion

Secure your business with CyberHoot Today!!! Sign Up Now A cyber Intrusion is any unwanted, unauthorized, and forced entry into a network or device. Network intrusions involve breaching the security controls …

IDS

Network-Based Intrusion Prevention

Network-based Intrusion Prevention Services (aka NIPS) is a preemptive approach to network security used to identify potential threats and respond to them swiftly. Like network intrusion detection systems (NIDS), Network-based Intrusion Prevention System (NIPS) monitors …

IDS

Intrusion Detection

Intrusion Detection is the process and methods for analyzing information from networks and information systems to determine if a security breach or security violation has occurred. What Does This Mean …

Information Technology

Information Technology (IT) is any equipment or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information. What Does This Mean For My SMB? SMBs …

ICT

Information and Communication(s) Technology

Information and Communication(s) Technology (ICT) is any information technology, equipment, or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information. What Does This Mean …

DeepFakes

Deepfake

Watch this video on YouTube A Deepfake is typically used to refer to a video that has been edited using an Artificial Intelligence (AI) algorithm to replace the person in …

Machine Learning and Evolution

Machine Learning and Evolution is a field concerned with designing and developing artificial intelligence algorithms for automated knowledge discovery and innovation by information systems. What Does This Mean For An …

Moving Target Defense

A Moving Target Defense (MTD) is the presentation of a dynamic attack surface, increasing an adversary’s work factor necessary to probe, attack, or maintain a presence in a cyber target. …

Physical Security Awareness Training for Employees

Network Services

Network Services in cybersecurity work is where a person installs, configures, tests, operates, maintains, and manages networks and their firewalls, including hardware (e.g., hubs, bridges, switches, multiplexers, routers, cables, proxy servers, …

Network Resilience

Network Resilience is the ability of a network to: (1) provide continuous operation (i.e., highly resistant to disruption and able to operate in a degraded mode if damaged); (2) recover …

electronic signature cybrary

Electronic Signature

Secure your business with CyberHoot Today!!! Sign Up Now An Electronic Signature, also known as an eSignature, is an efficient, legally binding way to get approval on electronic documents. Secure …

Authenticity

Authenticity

Authenticity is a property achieved through cryptographic methods of being genuine and being able to be verified and trusted, resulting in confidence in the validity of a transmission, information or …

Non-Repudiation

Non-Repudiation is a property achieved through cryptographic methods to protect against an individual or entity falsely denying having performed a particular action related to data. This provides the capability to …

Operate and Maintain

Operate & Maintain refers to activities providing the support, administration, and maintenance necessary to ensure effective and efficient IT system operation, performance and security. What Should My SMB Do? If …

Operations Technology

Operations Technology is the programmable systems or devices that interact with physical environments (or manage devices that interact with the physical environment). These systems/devices detect or cause a direct change …

malicious code cybrary

Malicious Code

Secure your business with CyberHoot Today!!! Sign Up Now Malicious Code is harmful computer code or web script designed to create system vulnerabilities leading to backdoors, security breaches, information/data theft, …

How to Protect Yourself From Malware

Malware

Malware is software that compromises the operation of a system by performing an unauthorized function or process. Malware includes viruses, worms, and trojan horses. What Does This Mean For An …

Insider Threat

An Insider Threat is a person or group of persons within an organization who pose a potential risk of harm to a company. That harm can be in the form …

Outsider Threat

An Outsider Threat is a person or group of persons external to an organization who are not authorized to access its assets and pose a potential risk to the organization …

Oversight & Development

Oversight & Development is a category consisting of specialty areas providing leadership, management, direction, and/or development and advocacy so that all individuals and the organization may effectively conduct cybersecurity work. …

active attack cybrary

Active Attack

An Active Attack is a network exploit where hackers strive to change or exfiltrate data on the target’s network or device. There are several different types of active attacks or …

Passive Attack

A Passive Attack is an actual assault perpetrated by an intentional threat source that attempts to learn or make use of information from a system, but does not attempt to …

Indicator

An indicator is an occurrence or sign that an incident may have occurred or may be in progress. What Does This Mean For An SMB? Your business needs to take …

How Password Managers Work (an 11 min deep dive)

Password

A password is a string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization. Early password advice from NIST in 2003 was …

Availability

Availability is one of three security terms in the trifecta of data protection. The other two being Integrity and confidentiality.

Integrity

Integrity is the property whereby information (data), an information system, or a component of a system has not been modified or destroyed in an unauthorized manner. It is also a …

Confidentiality

Confidentiality is one of three critical data protections in cybersecurity. The other two are Integrity and Availability.  (see links below for those Cybrary pages).  Confidentiality seeks to ensure that information …

Privacy

Privacy is the assurance that the confidentiality of, and access to, certain information about an entity is protected. In the cyber world, it is about the ability of individuals to …

social engineering

Social Engineering

Social Engineering in the context of cyber security, is when one uses psychological manipulation to have people perform specific actions or to give out confidential information. This differs from the …

Attack Signature

An Attack Signature is an arrangement of information that can be used to identify an attacker or hackers attempt to exploit a known operating system or application vulnerability. Intrusion detection …

Digital Signature

A Digital Signature is a value computed with a cryptographic process using a private key and then appended to a data object, thereby digitally signing the data. This is essentially …

Key Pair

A Key Pair is a public key and its corresponding private key. The purpose of this is to have two mathematically related keys having the property that one key can …

Ciphertext

Ciphertext is data or information in its encrypted form. Ciphertext is the output when an encyption process is deployed. Encryption is done when important information must be safeguarded against attackers. …

Plaintext

Plaintext is unencrypted information. Plaintext is the precursor to ciphertext. It is also the output of decrypting of an encrypted message. Cryptography protects data confidentiality and integrity but not necessarily …

Encryption

Encryption is the process of transforming plaintext into ciphertext. This is done by converting data into an unreadable form using an encryption cipher with variable key lengths. Assuming one is …

Cryptography turns Plaintext into Ciphertext

Cryptography

Cryptography is the use of mathematical techniques to provide security services, such as confidentiality, data integrity, entity authentication, and data origin authentication. Cryptography is the science that converts plaintext into …

Penetration Testing

Penetration Testing

Penetration Testing is an evaluation methodology whereby ethical hackers search for vulnerabilities within technology systems and attempt to circumvent the security features of a network and/or information system. This is …