The Federal Information Security Management Act of 2002 (FISMA) is a United States federal law that defines a comprehensive framework to protect government information, operations and assets against natural and manmade threats. FISMA was enacted as part of the E-Government Act of 2002.
The Gramm-Leach-Bliley Act (GLBA, GLB Act or the Financial Services Modernization Act of 1999) is a United States federal law requiring financial institutions to explain how they share and protect their customers' nonpublic personal information (NPI).
The Personal Information Protection and Electronic Documents Act (PIPEDA) is the federal privacy legislation for private-sector organizations in Canada. PIPEDA became law in April 13, 2000 to promote trust and data privacy in ecommerce and has since expanded to include industries like banking, broadcasting and the health sector.
In cryptography, encryption is the process of encoding information or sensitive data so only authorized parties can access it. Encryption does not itself prevent interference and man-in-the-middle attacks, but denies intelligible content to the interceptor.
Ransomware, a type of malicious software or malware, is designed to deny access to computer systems or sensitive data until ransom is paid. While ransomware has been around for decades, ransomware attacks are becoming more sophisticated, spreading through phishing emails, spear phishing, email attachments, vulnerability exploits, computer worms and other attack vectors.
The NIST Cybersecurity Framework provides a framework, based on existing standards, guidelines and practices for private sector organizations in the United States to better manage and reduce cybersecurity risk. In addition to helping organizations prevent, detect and respond to cyber threats and cyber attacks, it was designed to improve cybersecurity and risk management communications among internal and external stakeholders. The framework is increasingly adopted as best practice, with 30% of U.S.
Psychographic data is information about a person's values, attitudes, interests and personality traits that is used to build a profile of how an individual views the world, the things that interest them and what triggers motivate them to action.
The principle of least privilege (POLP), an important concept of computer security, is the practice of limiting access rights for users, accounts and computing processes to only those needed to do the job at hand. Privilege refers to the authorization to bypass certain security restraints. When applied to people, minimal privilege, means enforcing the minimal level of user rights that still allow the user to perform their job function.
A computer worm is a type of malicious software that self-replicates, infecting other computers while remaining active on infected systems. Worms can often go unnoticed until their uncontrolled replication process consumes system resources, halting or slowing the infected computer. Along with computing resources, networks can become congested by traffic associated with worm propagation.
Formulating an IT security risk assessment methodology is a key part of building a robust information security risk management program. The two most popular types of risk assessment methodologies used by assessors are: A risk assessment is a process that aims to identify cybersecurity risks, their sources and how to mitigate them to an acceptable level of risk.
