In a penetration test, IT systems or networks are subjected to a comprehensive examination designed to determine their susceptibility to attack. A pentest uses methods and techniques that are used by real attackers or hackers. What is a penetration test? With the help of a penetration test, often called a pentest, IT experts try to … Read more
Operational technology includes software and hardware for monitoring and controlling industrial plants or physical machines and their processes. In the past, these were often proprietary solutions operated in isolated environments. Digitization and the Internet of Things are merging traditional IT with operational technology. This fusion is referred to as IT/OT convergence. What is Operational Technology … Read more
Mobile Information Management (MIM) ensures the secure provision of corporate data on mobile devices. Along with Mobile Device Management (MDM) and Mobile Application Management (MAM), it is another important component of Enterprise Mobility Management. MIM leverages technologies and practices such as encryption, cloud services, sandboxing, containers and others. What is MIM (Mobile Information Management)? The … Read more
A bot is a computer program that independently performs tasks in an automated manner without the involvement of a user. There are different types of bots that perform different tasks. They range from social bots to chatbots to search engine bots. Bots can be useful or malicious. When bots communicate over a network, it is … Read more
To detect and defend against cyberattacks earlier, you need to understand the attackers’ objectives and approach and build defenses accordingly. The Lockheed Martin Cyber Kill Chain is a multi-step model for analyzing attacks and building defenses along with the attack steps. Cyber Kill Chain – Basics, Application, and Development Detecting and disabling attackers is not … Read more
CEO Fraud is a fraud method in which the attacker pretends to be a CEO, manager, or boss and asks employees to transfer money to a specific account, for example. If the attacker uses email as a means of communication, CEO Fraud is a form of Business Email Compromise (BEC). However, other attack vectors are … Read more
A sandbox is an isolated area, sealed off from the system environment, in which software can be executed in a protected manner. Sandboxes can be used, for example, to test software or to protect the underlying system from changes. What is a sandbox? A sandbox is an isolated area in which software can be executed … Read more
Meltdown is a security vulnerability published in 2018 together with Spectre. It is due to a vulnerability in the hardware architecture of processors and allows unauthorized reading of the memory contents of third-party processes. Processors from various manufacturers such as x86 processors from Intel are affected. Software patches to fix the problem cause performance degradation. … Read more
A DDoS attack attempts to cause the unavailability of Internet service through a deliberately induced overload. Usually, botnets consisting of a multitude of individual systems are used for the attack. The target of the attack can be servers or other network components. What is a DDoS attack (Distributed Denial of Service (DDoS)? The acronym DDoS … Read more
Air Gap is a security concept that meets the highest security requirements. It describes the complete physical and logical isolation of computers from each other and from networks. Information exchange between systems is possible, for example, via transportable storage media. Methods such as side-channel attacks exist to overcome an air gap. What is Air Gap? … Read more
Patch management is nowadays an integral part of system management. It deals with the procurement, testing, and installation of required updates for applications, drivers, and operating systems of computers. What is Patch Management? The literal translation of the English term “to patch” is “to mend”. Transferred to the world of programming, patch refers to software … Read more
Phishing describes the attempt to steal identities and passwords via the Internet by sending fake e-mails or text messages. Internet users are lured by cybercriminals to fake websites of banks, online stores, or other online services by means of deceptively real fake e-mails in order to get hold of their user IDs and passwords. The … Read more
Cyber Resilience is a holistic strategy to strengthen the resilience of an organization’s IT against cyber attacks. Among other things, cyber resilience includes the concepts of cyber security and business continuity management. It is designed to prevent attacks on IT and ensure secure continued operations and rapid resumption of operations. What is Cyber Resilience? Cyber … Read more
Data protection, i.e. the protection of personal data, secures the fundamental right of individuals to informational self-determination. This gives people the freedom to determine how their data is handled. Personal rights and privacy are to be preserved. What is data protection? Data protection does not protect the data itself, but rather the freedom of people … Read more
The IT contingency plan is a kind of manual that contains instructions for action and emergency measures in the event of problems with IT. With the help of the IT contingency plan, downtime can be shortened and the damage caused by IT problems can be minimized. What is an IT contingency plan? The IT contingency … Read more
An Endpoint Protection Platform (EPP) is designed to protect the various endpoints in an enterprise IT environment, such as PCs, laptops, tablets, or smartphones, from various threats. The software has functions to protect against viruses, malware, spyware, or phishing. In addition, firewall or IPS and IDS functions, as well as other security technologies, can be … Read more
A network domain is an administratively delimited network area that can be used to logically map the organizational structures of a company. Security policies, user rights, and user roles are managed centrally via a domain controller. A user logs on to a domain via the domain controller. Domains have unique names and are structured hierarchically. … Read more
DevSecOps extends the DevOps concept to include aspects of software security. The artificial word is made up of the individual terms development, security, and operations. It is a holistic approach that takes security into account in all phases of the software lifecycle and integrates it into the processes. What is DevSecOps? DevSecOps is a made-up … Read more
Business continuity describes measures and processes that are intended to maintain IT operations under crisis situations or ensure trouble-free start-up after a failure. Business continuity is intended to minimize risks and damages for companies and organizations. What is Business Continuity? Business continuity includes strategies, plans, measures, and processes to minimize damage caused by the interruption … Read more
In the computer environment, the user name enables logging into a protected area of a computer, a service, a website, or a program. As a rule, the user name is used in combination with a password to authenticate oneself against the protected area. Alternative terms for username are username, user name, user ID, user ID, … Read more
