In cybersecurity, the term open port refers to a TCP or UDP port number that is configured to accept packets. In contrast, a port which rejects connections or ignores all packets, is a closed port. Ports are an integral part of the Internet's communication model. All communication over the Internet is exchanged via ports. Every IP address contains two kinds of ports, UDP and TCP ports, and there are up to 65,535 of each for any given IP address.
The Consensus Assessments Initiative Questionnaire (CAIQ) is a security assessment provided by the Cloud Security Alliance (CSA) for cloud consumers and auditors to assess information security capabilities of cloud providers.
The Standardized Information Gathering (SIG) questionnaire is used to perform an initial assessment of vendors, gathering information to determine how security risks are managed across 18 different risk domains. SIG was developed by Shared Assessments and is a holistic tool for risk management assessments of cybersecurity, IT, privacy, data security, and business resiliency. The SIG questionnaire was created by Shared Assessments.
The Vendor Security Alliance (VSA) questionnaire was created by a coalition of companies committed to improving Internet security. It is one of the most well-known, highly respected security questionnaires, alongside: The VSA questionnaire is free to use and accessible on the VSA website.
The Higher Education Community Vendor Assessment Tool (HECVAT) is a security assessment template that attempts to generalize higher education information security and data protection questions and issues regarding cloud services for consistency and ease of use. HECVAT has various versions that are free to use and provide a consistent, streamlined third-party risk assessment framework.
Data loss prevention (DLP) is a set of processes and technologies that ensure sensitive data is not lost, misused or exposed to unauthorized users by end-users or misconfiguration. Most data loss prevention solutions rely on data classification. This means that sensitive data is grouped into different buckets, e.g. regulated, confidential, financial data, intellectual property, and business-critical data.
Cross-site scripting (XSS) is a type of security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users and may be used to bypass access control, such as the same-origin policy. The impact of XSS can range from a small nuisance to significant cybersecurity risk, depending on the sensitivity of data handled by the vulnerable website, and the nature of any mitigations implemented.
The OWASP Top 10 is a regularly-updated report outlining the top 10 list of security concerns for web application security. The report is put together by a team of security experts around the world. OWASP refers to the Top 10 as an 'awareness document' and they recommend all companies incorporate the report's findings into the cybersecurity processes.
A whaling attack is a type of phishing attack that targets high-level executives, such as the CEO or CFO, to steal sensitive information from a company. This could include financial information or employees' personal information. The reason whaling attacks target high-ranking employees is because they hold power in companies and often have complete access to sensitive data.
The Standards for Privacy of Individually Identifiable Health Information (Privacy Rule) establishes a set of national standards for the protection of patients' rights and certain health information. Its standards address the use and disclosure of individuals' health information, known as protected health information or PHI by organizations subject to the Privacy Rule, as well as standards for an individual's rights to understand and control how their health data is used.
