chơi xổ số keno trực tuyến

{"appState":{"pageLoadApiCallsStatus":true},"categoryState":{"relatedCategories":{"headers":{"timestamp":"2025-01-31T04:01:06+00:00"},"categoryId":33537,"data":{"title":"Cybersecurity","slug":"cybersecurity","image":{"src":null,"width":0,"height":0},"breadcrumbs":[{"name":"Technology","_links":{"self":"//dummies-api.coursofppt.com/v2/categories/33512"},"slug":"technology","categoryId":33512},{"name":"Cybersecurity","_links":{"self":"//dummies-api.coursofppt.com/v2/categories/33537"},"slug":"cybersecurity","categoryId":33537}],"parentCategory":{"categoryId":33512,"title":"Technology","slug":"technology","_links":{"self":"//dummies-api.coursofppt.com/v2/categories/33512"}},"childCategories":[],"description":"Batten down the (virtual) hatches with these rock-solid strategies for protecting your privacy and security.","relatedArticles":{"self":"//dummies-api.coursofppt.com/v2/articles?category=33537&offset=0&size=5"},"hasArticle":true,"hasBook":true,"articleCount":55,"bookCount":14},"_links":{"self":"//dummies-api.coursofppt.com/v2/categories/33537"}},"relatedCategoriesLoadedStatus":"success"},"listState":{"list":{"count":10,"total":55,"items":[{"headers":{"creationTime":"2024-08-02T19:59:28+00:00","modifiedTime":"2025-01-16T16:21:34+00:00","timestamp":"2025-01-16T18:01:10+00:00"},"data":{"breadcrumbs":[{"name":"Technology","_links":{"self":"//dummies-api.coursofppt.com/v2/categories/33512"},"slug":"technology","categoryId":33512},{"name":"Cybersecurity","_links":{"self":"//dummies-api.coursofppt.com/v2/categories/33537"},"slug":"cybersecurity","categoryId":33537}],"title":"Data Security Posture Management (DSPM) For Dummies","strippedTitle":"data security posture management (dspm) for dummies","slug":"data-security-posture-management-dspm-for-dummies","canonicalUrl":"","查找传奇游戏检索平台改善":{"metaDescription":"Enhance your data security with DSPM - understand its importance, benefits, and capabilities. Discover how to effectively manage your sensitive data and improve your overall cybersecurity posture.","noIndex":0,"noFollow":0},"content":"In this article you will learn:\r\n<ul>\r\n \t<li><a href=\"#definition\">what DSPM is</a></li>\r\n \t<li><a href=\"#why\">why you need DSPM</a></li>\r\n \t<li><a href=\"#what\">what you can do with DSPM</a></li>\r\n \t<li><a href=\"#capabilities\">ten must-have capabilities to look for in a DSPM solution</a></li>\r\n \t<li><a href=\"#started\">how to get started with DSPM</a></li>\r\n</ul>\r\nData is the lifeblood of modern business and data security in the cloud is top of mind for organizations everywhere. Data security posture management (DSPM) solutions address the need for an automated, scalable, and agile system across the full data security lifecycle — from discovery, classification, cataloging, and risk prioritization to access control, policy enforcement, remediation, and real-time monitoring. This helps organizations reduce risks and costs associated with cloud data security while improving their overall cybersecurity posture.\r\n\r\n[caption id=\"attachment_300034\" align=\"aligncenter\" width=\"630\"]<img class=\"size-full wp-image-300034\" src=\"//coursofppt.com/wp-content/uploads/IT-technician-adobeStock_298063823.jpg\" alt=\"Security expert working on DSPM solution\" width=\"630\" height=\"420\" /> ©Deagreez / Adobe Stock[/caption]\r\n\r\n<div id=\"definition\"></div>\r\n<h2 id=\"tab1\" >What is DSPM?</h2>\r\nData security posture management empowers organizations to implement a data-centric security strategy by first providing an accurate inventory of their sensitive data and identifying where it violates data security policies, thereby enhancing overall data security posture.\r\n<p class=\"article-tips remember\">A data-centric security strategy emphasizes the importance of protecting your valuable data rather than focusing on systems and infrastructure.</p>\r\nKey capabilities in a DSPM solution include the following:\r\n<ul>\r\n \t<li><strong>Global data visibility</strong> provides organizations with a comprehensive view of their sensitive data. This involves identifying the location and type of sensitive data to ensure proper protection measures are in place. All clouds — including infrastructure-as-a-service (IaaS), platform-as-service (PaaS), and software-as-a-service (SaaS) resources — need to be covered. The appropriate data owners must also be identified, to facilitate efficient communication of any data-related security or privacy issues.</li>\r\n \t<li><strong>Data hygiene</strong> is about keeping your data clean and healthy. It encompasses various actions that help organizations maintain clean and organized data in accordance with their data governance framework. This includes addressing and remediating misplaced, redundant, and obsolete data to streamline maintenance, optimize storage resources, and reduce potential security risks. Purging outdated or irrelevant data is another essential part of good data hygiene, resulting in the retention of only accurate and useful data.</li>\r\n \t<li><strong>Data security risk control </strong>involves immediately detecting and proactively remediating data risk factors to prevent data breaches. This capability detects and addresses three key data postures:\r\n<ul>\r\n \t<li><em>Overexposed data</em>, such as public read access, or permissive access rights, which should be identified and mitigated to reduce the likelihood of unauthorized access or data breaches</li>\r\n \t<li><em>Underprotected data</em>, where there are missing controls like encryption, masking, or proper retention policies</li>\r\n \t<li><em>Misplaced data</em>, such as cardholder data subject to the Payment Card Industry Data Security Standards (PCI DSS) in an unauthorized environment or PII data in a development environment</li>\r\n</ul>\r\n</li>\r\n \t<li><strong>Data access governance </strong>manages and controls access to sensitive data. This involves:\r\n<ul>\r\n \t<li>Identifying all internal and external users, roles, and resources with access to sensitive data</li>\r\n \t<li>Monitoring and controlling access patterns based on their roles and responsibilities</li>\r\n \t<li>Ensuring that only authorized users have access to sensitive assets</li>\r\n \t<li>Regularly reviewing and updating access permissions based on actual usage</li>\r\n</ul>\r\n</li>\r\n \t<li><strong>Privacy and compliance </strong>ensure that organizations adhere to data privacy regulations and industry standards, and make audits more manageable (and perhaps a little less painful and costly). Providing objective evidence for audits can be challenging, but having reporting from DSPM that shows you know where your data is and understand that its security posture can significantly ease compliance.</li>\r\n</ul>\r\n<div id=\"why\"></div>\r\n<h2 id=\"tab2\" >Why do you need DSPM?</h2>\r\nFor modern enterprises, data is fuel for innovation. These companies understand that data is a key asset and a source of competitive differentiation. They democratize data to unleash its full potential and make it accessible for application developers, data scientists, and business users. However, as data proliferates, security doesn’t travel with it — and adding the pace of change to the sprawl of cloud technology means that data security teams just can’t keep up. Malicious actors constantly target this new threat vector — the “innovation attack surface” — which has emerged as a result of several key trends:\r\n<ul>\r\n \t<li><strong>Cloud transformation and data democratization: </strong>The cloud has enabled widespread data democratization, enabling easy access to data for developers, data scientists, and business users to support their innovation efforts. However, this freedom to access and use data without oversight creates unknown, unmanaged, and unprotected cloud data sources.</li>\r\n \t<li><strong>Technology sprawl and complexity: </strong>In the public cloud, each cloud service is configured and used differently, and each introduces new and unique risks. The ever-changing architectures are confusing and complex, and if you’re not careful, this can lead to some costly and even devastating mistakes with sensitive data stored in the cloud.</li>\r\n \t<li><strong>Cloud data proliferation: </strong>Nearly half of all data (48 percent) is stored in the public cloud today, and it’s only increasing, according to the Flexera <em>2022 State of the Cloud Report</em>. Unfortunately, traditional data security controls are unable to keep up with the dynamic movement of data, so they must be configured from scratch every time data is created, copied, shared, or moved.</li>\r\n \t<li><strong>Death of the traditional perimeter: </strong>One of the many benefits of the cloud is that it is accessible from anywhere. Thus, the notion of a network perimeter — an on-premises data center protected by a firewall — has all but disappeared. The lack of a single choke point (a firewall) means sensitive data is exposed by design because anyone can access it from anywhere with the proper credentials (whether authorized or stolen).</li>\r\n \t<li><strong>Faster rate of change: </strong>Release cycles now happen in weeks, days, and hours rather than months and years. Unfortunately, security teams are usually not on that same quick schedule and still rely on slower manual approaches.</li>\r\n \t<li><strong>The changing role of security: </strong>In cloud computing, data security teams must evolve to securely enable the business rather than just slowing everyone down or letting risk grow exponentially. Data security in cloud computing must focus on protecting data from breaches and compromises while also empowering users to be productive.</li>\r\n</ul>\r\n<div id=\"what\"></div>\r\n<h2 id=\"tab3\" >What can you do with DSPM?</h2>\r\nData security, governance, and privacy teams can use DSPM to help keep their organization secure and compliant. Some common use cases for DSPM include the following:\r\n<ul>\r\n \t<li><strong>Automating data discovery and classification: </strong>DSPM helps organizations automatically and continuously discover, classify, and categorize all of their known and unknown data — including sensitive, proprietary, regulated, abandoned, and shadow data — across multicloud environments, such as Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Snowflake, Microsoft 365, and more.</li>\r\n \t<li><strong>Enforcing data security policies automatically: </strong>DPSM automatically enforces data security policies at scale for all of your data as it travels through the cloud. DSPM converts data policies into specific technical configurations and shows where data security policies are violated. It also prioritizes issues for resolution and helps you fix those issues with clear, specific technical remediation instructions.</li>\r\n \t<li><strong> Controlling data exposure: </strong>As data rapidly proliferates in the cloud, security does not follow that data, often leading to crucial business data being exposed. DSPM pinpoints all of your exposed sensitive data that can lead to data breaches, ransomware attacks, and noncompliance penalties — whether it’s misplaced data (for example, sensitive data mistakenly stored in public buckets), misconfigured controls (for example, third-party access granted to sensitive data), or overly permissive access.</li>\r\n \t<li><strong> Controlling datacentric environment segmentation: </strong>DSPM helps you segment your cloud environments and apply location controls to comply with security and regulatory requirements. You can detect and receive alerts when sensitive or regulated data is placed in untrusted and/or unauthorized environments, review violations, and take action to remove the data or authorize the new environment.</li>\r\n \t<li><strong>Complying with data privacy and compliance frameworks: </strong>DSPM streamlines evidence collection for internal and external privacy and governance stakeholders through autonomous data discovery and classification of your sensitive and regulated data. A DSPM data policy engine continuously enforces regulatory compliance and standards requirements for data, regardless of the underlying technology or location.</li>\r\n</ul>\r\n<div id=\"capabilities\"></div>\r\n<h2 id=\"tab4\" >Ten must-have capabilities to look for in a DSPM solution</h2>\r\nWhen considering a DSPM solution for your organization, be sure to select one with the following important capabilities and features:\r\n<ul>\r\n \t<li><strong>Autonomous: </strong>Automatically discover unknown, new, and modified data stores across all of your clouds — without needing credentials or manual configuration.</li>\r\n \t<li><strong>Continuous: </strong>Change is constant — especially in the public cloud — so your DSPM solution must be able to continuously monitor your environment for changes and automatically scan new cloud accounts, new data stores, and new data added to existing data stores.</li>\r\n \t<li><strong>Secure by design: </strong>Look for a solution that doesn’t extract data from your environment. Your DSPM should use the cloud service provider’s (CSP) application programming interface (API) and ephemeral serverless functions in your cloud account to scan your data.</li>\r\n \t<li><strong>Breadth and depth of coverage: </strong>Whether you’re using Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP), Snowflake, Microsoft 365, or practically any combination of various cloud database, storage services, or software as a service (SaaS) apps, you need a single and consistent view of your data across clouds, geographies, and organizational boundaries to evaluate the risk to your data across all clouds.</li>\r\n \t<li><strong>Intelligent classification: </strong>Look for a solution that utilizes multistep contextual analysis to automatically identify sensitive data with low false positive (FP) and false negative (FN) rates. The solution should also include hundreds of predefined classification rules, data validators, and classification algorithms that extract the data insights you need without having to locate the data owner.</li>\r\n \t<li><strong>Extensive set of built-in datacentric policies: </strong>Look for a solution that provides out-of-the-box datacentric policies for common use cases like data security, proper governance, and privacy.</li>\r\n \t<li><strong>Customization features: </strong>You need a solution with robust customization features that are flexible and powerful enough to match your data taxonomy and address any unique requirements your organization may have such as sensitivity levels/definitions, data types, and custom industry policies.</li>\r\n \t<li><strong> Guided remediation: </strong>Look for a solution that provides a full analysis of why a security or compliance violation exists, evidence of its existence, and technical recommendations on how to fix it based on policy and environment.</li>\r\n \t<li><strong>Simple and quick deployment process: </strong>Your DSPM solution should be agentless and connectorless to simplify and accelerate the deployment process. Look for a solution that can be deployed in minutes and delivers time-to-value in a few days.</li>\r\n \t<li><strong>Easy integration with your ecosystem: </strong>Look for a DSPM solution with extensive integrations that include third-party systems such as IT service management (ITSM), security information and event management (SIEM), cloud security posture management (CSPM), extended detection and response (XDR), and data catalogs.</li>\r\n</ul>\r\n<div id=\"started\"></div>\r\n<h2 id=\"tab5\" >Getting started</h2>\r\nVisit <a href=\"//laminarsecurity.com/\" target=\"_blank\" rel=\"noopener\">laminarsecurity.com</a> to learn more. Download your free copy of <a href=\"//laminarsecurity.com/forms/data-security-posture-management-dspm-for-dummies/\" target=\"_blank\" rel=\"noopener\"><em>Data Security Posture Management For Dummies</em></a> to learn more about how DSPM enables organizations to harness the power of cloud data securely and efficiently.","description":"In this article you will learn:\r\n<ul>\r\n \t<li><a href=\"#definition\">what DSPM is</a></li>\r\n \t<li><a href=\"#why\">why you need DSPM</a></li>\r\n \t<li><a href=\"#what\">what you can do with DSPM</a></li>\r\n \t<li><a href=\"#capabilities\">ten must-have capabilities to look for in a DSPM solution</a></li>\r\n \t<li><a href=\"#started\">how to get started with DSPM</a></li>\r\n</ul>\r\nData is the lifeblood of modern business and data security in the cloud is top of mind for organizations everywhere. Data security posture management (DSPM) solutions address the need for an automated, scalable, and agile system across the full data security lifecycle — from discovery, classification, cataloging, and risk prioritization to access control, policy enforcement, remediation, and real-time monitoring. This helps organizations reduce risks and costs associated with cloud data security while improving their overall cybersecurity posture.\r\n\r\n[caption id=\"attachment_300034\" align=\"aligncenter\" width=\"630\"]<img class=\"size-full wp-image-300034\" src=\"//coursofppt.com/wp-content/uploads/IT-technician-adobeStock_298063823.jpg\" alt=\"Security expert working on DSPM solution\" width=\"630\" height=\"420\" /> ©Deagreez / Adobe Stock[/caption]\r\n\r\n<div id=\"definition\"></div>\r\n<h2 id=\"tab1\" >What is DSPM?</h2>\r\nData security posture management empowers organizations to implement a data-centric security strategy by first providing an accurate inventory of their sensitive data and identifying where it violates data security policies, thereby enhancing overall data security posture.\r\n<p class=\"article-tips remember\">A data-centric security strategy emphasizes the importance of protecting your valuable data rather than focusing on systems and infrastructure.</p>\r\nKey capabilities in a DSPM solution include the following:\r\n<ul>\r\n \t<li><strong>Global data visibility</strong> provides organizations with a comprehensive view of their sensitive data. This involves identifying the location and type of sensitive data to ensure proper protection measures are in place. All clouds — including infrastructure-as-a-service (IaaS), platform-as-service (PaaS), and software-as-a-service (SaaS) resources — need to be covered. The appropriate data owners must also be identified, to facilitate efficient communication of any data-related security or privacy issues.</li>\r\n \t<li><strong>Data hygiene</strong> is about keeping your data clean and healthy. It encompasses various actions that help organizations maintain clean and organized data in accordance with their data governance framework. This includes addressing and remediating misplaced, redundant, and obsolete data to streamline maintenance, optimize storage resources, and reduce potential security risks. Purging outdated or irrelevant data is another essential part of good data hygiene, resulting in the retention of only accurate and useful data.</li>\r\n \t<li><strong>Data security risk control </strong>involves immediately detecting and proactively remediating data risk factors to prevent data breaches. This capability detects and addresses three key data postures:\r\n<ul>\r\n \t<li><em>Overexposed data</em>, such as public read access, or permissive access rights, which should be identified and mitigated to reduce the likelihood of unauthorized access or data breaches</li>\r\n \t<li><em>Underprotected data</em>, where there are missing controls like encryption, masking, or proper retention policies</li>\r\n \t<li><em>Misplaced data</em>, such as cardholder data subject to the Payment Card Industry Data Security Standards (PCI DSS) in an unauthorized environment or PII data in a development environment</li>\r\n</ul>\r\n</li>\r\n \t<li><strong>Data access governance </strong>manages and controls access to sensitive data. This involves:\r\n<ul>\r\n \t<li>Identifying all internal and external users, roles, and resources with access to sensitive data</li>\r\n \t<li>Monitoring and controlling access patterns based on their roles and responsibilities</li>\r\n \t<li>Ensuring that only authorized users have access to sensitive assets</li>\r\n \t<li>Regularly reviewing and updating access permissions based on actual usage</li>\r\n</ul>\r\n</li>\r\n \t<li><strong>Privacy and compliance </strong>ensure that organizations adhere to data privacy regulations and industry standards, and make audits more manageable (and perhaps a little less painful and costly). Providing objective evidence for audits can be challenging, but having reporting from DSPM that shows you know where your data is and understand that its security posture can significantly ease compliance.</li>\r\n</ul>\r\n<div id=\"why\"></div>\r\n<h2 id=\"tab2\" >Why do you need DSPM?</h2>\r\nFor modern enterprises, data is fuel for innovation. These companies understand that data is a key asset and a source of competitive differentiation. They democratize data to unleash its full potential and make it accessible for application developers, data scientists, and business users. However, as data proliferates, security doesn’t travel with it — and adding the pace of change to the sprawl of cloud technology means that data security teams just can’t keep up. Malicious actors constantly target this new threat vector — the “innovation attack surface” — which has emerged as a result of several key trends:\r\n<ul>\r\n \t<li><strong>Cloud transformation and data democratization: </strong>The cloud has enabled widespread data democratization, enabling easy access to data for developers, data scientists, and business users to support their innovation efforts. However, this freedom to access and use data without oversight creates unknown, unmanaged, and unprotected cloud data sources.</li>\r\n \t<li><strong>Technology sprawl and complexity: </strong>In the public cloud, each cloud service is configured and used differently, and each introduces new and unique risks. The ever-changing architectures are confusing and complex, and if you’re not careful, this can lead to some costly and even devastating mistakes with sensitive data stored in the cloud.</li>\r\n \t<li><strong>Cloud data proliferation: </strong>Nearly half of all data (48 percent) is stored in the public cloud today, and it’s only increasing, according to the Flexera <em>2022 State of the Cloud Report</em>. Unfortunately, traditional data security controls are unable to keep up with the dynamic movement of data, so they must be configured from scratch every time data is created, copied, shared, or moved.</li>\r\n \t<li><strong>Death of the traditional perimeter: </strong>One of the many benefits of the cloud is that it is accessible from anywhere. Thus, the notion of a network perimeter — an on-premises data center protected by a firewall — has all but disappeared. The lack of a single choke point (a firewall) means sensitive data is exposed by design because anyone can access it from anywhere with the proper credentials (whether authorized or stolen).</li>\r\n \t<li><strong>Faster rate of change: </strong>Release cycles now happen in weeks, days, and hours rather than months and years. Unfortunately, security teams are usually not on that same quick schedule and still rely on slower manual approaches.</li>\r\n \t<li><strong>The changing role of security: </strong>In cloud computing, data security teams must evolve to securely enable the business rather than just slowing everyone down or letting risk grow exponentially. Data security in cloud computing must focus on protecting data from breaches and compromises while also empowering users to be productive.</li>\r\n</ul>\r\n<div id=\"what\"></div>\r\n<h2 id=\"tab3\" >What can you do with DSPM?</h2>\r\nData security, governance, and privacy teams can use DSPM to help keep their organization secure and compliant. Some common use cases for DSPM include the following:\r\n<ul>\r\n \t<li><strong>Automating data discovery and classification: </strong>DSPM helps organizations automatically and continuously discover, classify, and categorize all of their known and unknown data — including sensitive, proprietary, regulated, abandoned, and shadow data — across multicloud environments, such as Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Snowflake, Microsoft 365, and more.</li>\r\n \t<li><strong>Enforcing data security policies automatically: </strong>DPSM automatically enforces data security policies at scale for all of your data as it travels through the cloud. DSPM converts data policies into specific technical configurations and shows where data security policies are violated. It also prioritizes issues for resolution and helps you fix those issues with clear, specific technical remediation instructions.</li>\r\n \t<li><strong> Controlling data exposure: </strong>As data rapidly proliferates in the cloud, security does not follow that data, often leading to crucial business data being exposed. DSPM pinpoints all of your exposed sensitive data that can lead to data breaches, ransomware attacks, and noncompliance penalties — whether it’s misplaced data (for example, sensitive data mistakenly stored in public buckets), misconfigured controls (for example, third-party access granted to sensitive data), or overly permissive access.</li>\r\n \t<li><strong> Controlling datacentric environment segmentation: </strong>DSPM helps you segment your cloud environments and apply location controls to comply with security and regulatory requirements. You can detect and receive alerts when sensitive or regulated data is placed in untrusted and/or unauthorized environments, review violations, and take action to remove the data or authorize the new environment.</li>\r\n \t<li><strong>Complying with data privacy and compliance frameworks: </strong>DSPM streamlines evidence collection for internal and external privacy and governance stakeholders through autonomous data discovery and classification of your sensitive and regulated data. A DSPM data policy engine continuously enforces regulatory compliance and standards requirements for data, regardless of the underlying technology or location.</li>\r\n</ul>\r\n<div id=\"capabilities\"></div>\r\n<h2 id=\"tab4\" >Ten must-have capabilities to look for in a DSPM solution</h2>\r\nWhen considering a DSPM solution for your organization, be sure to select one with the following important capabilities and features:\r\n<ul>\r\n \t<li><strong>Autonomous: </strong>Automatically discover unknown, new, and modified data stores across all of your clouds — without needing credentials or manual configuration.</li>\r\n \t<li><strong>Continuous: </strong>Change is constant — especially in the public cloud — so your DSPM solution must be able to continuously monitor your environment for changes and automatically scan new cloud accounts, new data stores, and new data added to existing data stores.</li>\r\n \t<li><strong>Secure by design: </strong>Look for a solution that doesn’t extract data from your environment. Your DSPM should use the cloud service provider’s (CSP) application programming interface (API) and ephemeral serverless functions in your cloud account to scan your data.</li>\r\n \t<li><strong>Breadth and depth of coverage: </strong>Whether you’re using Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP), Snowflake, Microsoft 365, or practically any combination of various cloud database, storage services, or software as a service (SaaS) apps, you need a single and consistent view of your data across clouds, geographies, and organizational boundaries to evaluate the risk to your data across all clouds.</li>\r\n \t<li><strong>Intelligent classification: </strong>Look for a solution that utilizes multistep contextual analysis to automatically identify sensitive data with low false positive (FP) and false negative (FN) rates. The solution should also include hundreds of predefined classification rules, data validators, and classification algorithms that extract the data insights you need without having to locate the data owner.</li>\r\n \t<li><strong>Extensive set of built-in datacentric policies: </strong>Look for a solution that provides out-of-the-box datacentric policies for common use cases like data security, proper governance, and privacy.</li>\r\n \t<li><strong>Customization features: </strong>You need a solution with robust customization features that are flexible and powerful enough to match your data taxonomy and address any unique requirements your organization may have such as sensitivity levels/definitions, data types, and custom industry policies.</li>\r\n \t<li><strong> Guided remediation: </strong>Look for a solution that provides a full analysis of why a security or compliance violation exists, evidence of its existence, and technical recommendations on how to fix it based on policy and environment.</li>\r\n \t<li><strong>Simple and quick deployment process: </strong>Your DSPM solution should be agentless and connectorless to simplify and accelerate the deployment process. Look for a solution that can be deployed in minutes and delivers time-to-value in a few days.</li>\r\n \t<li><strong>Easy integration with your ecosystem: </strong>Look for a DSPM solution with extensive integrations that include third-party systems such as IT service management (ITSM), security information and event management (SIEM), cloud security posture management (CSPM), extended detection and response (XDR), and data catalogs.</li>\r\n</ul>\r\n<div id=\"started\"></div>\r\n<h2 id=\"tab5\" >Getting started</h2>\r\nVisit <a href=\"//laminarsecurity.com/\" target=\"_blank\" rel=\"noopener\">laminarsecurity.com</a> to learn more. Download your free copy of <a href=\"//laminarsecurity.com/forms/data-security-posture-management-dspm-for-dummies/\" target=\"_blank\" rel=\"noopener\"><em>Data Security Posture Management For Dummies</em></a> to learn more about how DSPM enables organizations to harness the power of cloud data securely and efficiently.","blurb":"","authors":[],"primaryCategoryTaxonomy":{"categoryId":33537,"title":"Cybersecurity","slug":"cybersecurity","_links":{"self":"//dummies-api.coursofppt.com/v2/categories/33537"}},"secondaryCategoryTaxonomy":{"categoryId":0,"title":null,"slug":null,"_links":null},"tertiaryCategoryTaxonomy":{"categoryId":0,"title":null,"slug":null,"_links":null},"trendingArticles":null,"inThisArticle":[{"label":"What is DSPM?","target":"#tab1"},{"label":"Why do you need DSPM?","target":"#tab2"},{"label":"What can you do with DSPM?","target":"#tab3"},{"label":"Ten must-have capabilities to look for in a DSPM solution","target":"#tab4"},{"label":"Getting started","target":"#tab5"}],"relatedArticles":{"fromBook":[],"fromCategory":[{"articleId":300402,"title":"Implementing Sustainable Cloud Security to Stop Remediation Nightmares","slug":"implementing-sustainable-cloud-security-to-stop-remediation-nightmares","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/300402"}},{"articleId":299346,"title":"Why Your Company Needs a Modern Data Loss Prevention System","slug":"why-your-company-needs-a-modern-data-loss-prevention-system","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/299346"}},{"articleId":296631,"title":"Cybersecurity All-in-One For Dummies Cheat Sheet","slug":"cybersecurity-all-in-one-for-dummies-cheat-sheet","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/296631"}},{"articleId":291466,"title":"Security Awareness For Dummies Cheat Sheet","slug":"security-awareness-for-dummies-cheat-sheet","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/291466"}},{"articleId":290240,"title":"Cloud Security For Dummies Cheat Sheet","slug":"cloud-security-for-dummies-cheat-sheet","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/290240"}}]},"hasRelatedBookFromSearch":false,"relatedBook":{"bookId":0,"slug":null,"isbn":null,"categoryList":null,"amazon":null,"image":null,"title":null,"testBankPinActivationLink":null,"bookOutOfPrint":false,"authorsInfo":null,"authors":null,"_links":null},"collections":[],"articleAds":{"footerAd":"<div class=\"du-ad-region row\" id=\"article_page_adhesion_ad\"><div class=\"du-ad-unit col-md-12\" data-slot-id=\"article_page_adhesion_ad\" data-refreshed=\"false\" \r\n data-target = \"[{&quot;key&quot;:&quot;cat&quot;,&quot;values&quot;:[&quot;technology&quot;,&quot;cybersecurity&quot;]},{&quot;key&quot;:&quot;isbn&quot;,&quot;values&quot;:[null]},{&quot;key&quot;:&quot;sponsored&quot;,&quot;values&quot;:[&quot;customsolutions&quot;]}]\" id=\"du-slot-65a6c466b5466\"></div></div>","rightAd":"<div class=\"du-ad-region row\" id=\"article_page_right_ad\"><div class=\"du-ad-unit col-md-12\" data-slot-id=\"article_page_right_ad\" data-refreshed=\"false\" \r\n data-target = \"[{&quot;key&quot;:&quot;cat&quot;,&quot;values&quot;:[&quot;technology&quot;,&quot;cybersecurity&quot;]},{&quot;key&quot;:&quot;isbn&quot;,&quot;values&quot;:[null]},{&quot;key&quot;:&quot;sponsored&quot;,&quot;values&quot;:[&quot;customsolutions&quot;]}]\" id=\"du-slot-65a6c466b6d75\"></div></div>"},"articleType":{"articleType":"Articles","articleList":null,"content":null,"videoInfo":{"videoId":null,"name":null,"accountId":null,"playerId":null,"thumbnailUrl":null,"description":null,"uploadDate":null}},"sponsorship":{"sponsorshipPage":true,"backgroundImage":{"src":null,"width":0,"height":0},"brandingLine":"Brought to you by Laminar","brandingLink":"//laminarsecurity.com/","brandingLogo":{"src":"//coursofppt.com/wp-content/uploads/laminar-logo-lockup-default-270x47.png","width":270,"height":47},"sponsorAd":"","sponsorEbookTitle":"Data Security Posture Management (DSPM) For Dummies","sponsorEbookLink":"//laminarsecurity.com/forms/data-security-posture-management-dspm-for-dummies/","sponsorEbookImage":{"src":"//coursofppt.com/wp-content/uploads/data-security-posture-management-dspm-for-dummies-cover-9781394181063-165x255.jpg","width":165,"height":255}},"primaryLearningPath":"Solve","lifeExpectancy":"One year","lifeExpectancySetFrom":"2024-08-04T00:00:00+00:00","dummiesForKids":"no","sponsoredContent":"yes","adInfo":"","adPairKey":[{"adPairKey":"sponsored","adPairValue":"customsolutions"}]},"status":"publish","visibility":"public","articleId":300029},{"headers":{"creationTime":"2024-08-30T19:18:17+00:00","modifiedTime":"2024-09-05T18:58:44+00:00","timestamp":"2024-09-05T21:01:02+00:00"},"data":{"breadcrumbs":[{"name":"Technology","_links":{"self":"//dummies-api.coursofppt.com/v2/categories/33512"},"slug":"technology","categoryId":33512},{"name":"Cybersecurity","_links":{"self":"//dummies-api.coursofppt.com/v2/categories/33537"},"slug":"cybersecurity","categoryId":33537}],"title":"Implementing Sustainable Cloud Security to Stop Remediation Nightmares","strippedTitle":"implementing sustainable cloud security to stop remediation nightmares","slug":"implementing-sustainable-cloud-security-to-stop-remediation-nightmares","canonicalUrl":"","查找传奇游戏检索平台改善":{"metaDescription":"The modern cloud environment is enabling game-changing innovation — that’s clear. Mobile devices have an app for virtually anything, Internet of Things technolo","noIndex":0,"noFollow":0},"content":"The modern cloud environment is enabling game-changing innovation — that’s clear. Mobile devices have an app for virtually anything, Internet of Things technologies are dazzling users, widely dispersed workers are collaborating more effectively than ever, countless things are now available “as a Service,” and the list could go on forever.\r\n\r\nBut with the growth, sprawl, and speed of cloud development, many organizations’ cloud-enabled software development life cycles are increasingly at risk, with an ever-expanding attack surface and the danger of missteps.\r\n\r\nOver the next few years, the vast majority of cloud data security breaches — most the result of misconfigurations and coding mistakes — will be totally preventable with detection tools aiming to try to catch issues before they turn into nightmares. But these helpful detection tools can create an unhelpful avalanche of alerts that overwhelm security and development teams and get in the way of real cloud security efficiency.\r\n\r\nHow can you successfully use the detection tools you have in place in order to figure out which alerts matter most to your business and then quickly fix them before you find yourself with gaps that could be exploited? In this article, you take a look at some of the main pain points in cloud security remediation today and what can be done.\r\n<div id=\"pain-points\"></div>\r\n<h2 id=\"tab1\" >Experiencing the Big Pain Points</h2>\r\nToday’s engineering teams have created vast continuous-integration pipelines that tap into code repositories, continuous-integration platforms, and tools for testing, orchestration, and monitoring. They all live within and across cloud platforms, so things are speedy and efficient.\r\n\r\nThat’s great for business but a nightmare when it comes to keeping data secure in the cloud because everything from applications to developers to production environments are more distributed and complex than they used to be in the good old datacenter days. This situation creates seven pain points:\r\n<ul>\r\n \t<li><strong>Overlapping tools with duplicate alerts:</strong> Many effective security tools exist, but because the attack surface is so broad and complex, those tools overlap one another. A single event can trigger alerts in several different detection tools, and you don’t have a unified view into what the concerns are.</li>\r\n \t<li><strong>Too many false alarms:</strong> The problem of alert overload from multiple tools is worsened by false positives that are then multiplied. In many cases a single root cause is at the heart of multiple different issues, along with multiple alerts — even from within the same product. Auto-scaling containers in the cloud can also auto-scale the alert load, unfortunately.</li>\r\n \t<li><strong>Too few hours in the day for the security team:</strong> The blizzard of information makes it less likely that your security team will be able to keep up. They may spend a massive amount of time manually investigating threats and prioritizing risks, and by the time they’ve figured that out, there’s not enough bandwidth left for strategic issues.</li>\r\n \t<li><strong>Difficulty </strong><strong>finding the right fixer:</strong> An architecture based on microservices means a lot of folks are working independently, as individuals or distributed engineering teams, developing and releasing services on their own. That makes it more challenging to figure out who has an action item.</li>\r\n \t<li><strong>Lurking shadow pipelines and exploitable secrets:</strong> Cloud container technologies let your developers spin up applications so quickly that the security team sometimes doesn’t even know they exist. Without a way to see “code to cloud,” you may not be aware of shadow DevOps activities and exploitable secrets.</li>\r\n \t<li><strong>Not enough context on problem:</strong> The code owner, once identified, often must dig into each issue from scratch. There may be little or no context to help figure out the cause and solution.</li>\r\n \t<li><strong>One-off solutions to zombie problems:</strong> After the fix has been devised, it may be implemented in a bespoke, one-off way. With no centralized view and no automation, there’s no guarantee that a problem that gets fixed today won’t crop up again tomorrow.</li>\r\n</ul>\r\n<div id=\"wish-list\"></div>\r\n<h2 id=\"tab2\" >Building Sustainable Cloud Security</h2>\r\nAs your teams struggle with these pain points in cloud network security, take comfort in the fact that a certified cloud security professional can, indeed, deliver sustainable cloud security remediation. Here’s a four-point wish list of what a solution must be able to do:\r\n<ul>\r\n \t<li><strong>Map and visualize:</strong> Your solution must paint a great picture of the code-to-production pipeline and all its resources. It should create a heat map showing how code moves through the pipeline and where along the path the security issues are arising.</li>\r\n \t<li><strong>Deduplicate:</strong> Your solution must be able to normalize and deduplicate the vast number of alerts that your detection tools are ringing. It should do this by comparing details about code flaws and misconfigurations to trim the list into unique alerts.</li>\r\n \t<li><strong>Find the root cause and the owner:</strong> For every unique issue, you need to know the root cause, the code owner, and the configuration drift. You need all the context you can get, including issue severity, exploitation, and relationships. By correlating information from code and cloud resources, you can cut out a lot of manual work.</li>\r\n \t<li><strong>Streamline the fix:</strong> Regardless of the alert source, the cloud provider, the configuration, or the language in which the code is written, a sustainable solution needs to aggregate and make sense of the data to recommend fixes on the most critical issues. And preferably, it should be able to auto-generate those fixes.</li>\r\n</ul>\r\n<div id=\"dazz\"></div>\r\n<h2 id=\"tab3\" >How Dazz Fits into the Picture</h2>\r\nThe Dazz Remediation Cloud is a cloud security solution that tackles issue remediation as a data problem. Its agentless, SaaS platform uses patented artificial intelligence (AI), data correlation, root-cause analysis, and automation capabilities to help resource-constrained security teams quickly prioritize and fix the vulnerabilities that matter most in collaboration with their engineers.\r\n\r\nHere’s how it works:\r\n<ul>\r\n \t<li><strong>Graphing the pipeline:</strong> Dazz automatically gathers a wealth of information by way of its API connections to all critical points in the code-to-cloud process. It maps everything into a pipeline graph that connects all the dots, documenting every path that code follows from development to cloud deployment, and every resource that touches it along the way.</li>\r\n \t<li><strong>Contextualizing security:</strong> Because it has created a big picture from multiple sources, the Dazz Remediation Cloud can analyze and backtrack each security issue to its source and eliminate duplicates. Dazz receives an alert from a cloud security tool, determines the specific cloud resource that caused the security issue, and traces the cloud resource back to the pipeline used to deploy it. Dazz figures out which vulnerable artifact was deployed and what triggered its build.</li>\r\n \t<li><strong>Automating root cause analysis:</strong> Dazz Remediation Cloud uses a root-cause analysis engine to automate the next steps of investigating and prioritizing cloud security issues. It continuously ingests security risks and automatically investigates them. It quickly discerns the identity of code owners, a root cause context, and a fix suggestion. Dazz can determine how exploitable a code vulnerability is, which developer is responsible for the fix, where in the software development life cycle to make the fix — and perhaps most important, how to ensure you’re taking care of the root cause once and for all.</li>\r\n \t<li><strong>Tapping the remediation knowledge base:</strong> Dazz suggests fixes by tapping into a remediation knowledge base. It’s generated by using threat intelligence, program analysis, and AI. Behind the scenes, it automatically tests thousands of new options of fixes for emerging vulnerabilities and builds a template to suggest the best remediation steps for whatever security issues it’s bringing to your attention.</li>\r\n \t<li><strong>Adopting solid governance and reporting:</strong> Dazz builds in its own set of best-practice policies for pipeline governance. As part of its proactive monitoring, it’s continually on the lookout for violations and unapproved practices, and it facilitates reporting that your risk and compliance team will greatly appreciate. The solution helps users adopt best practices such as standard cloud configurations, right-sized privileged access, and full auditing.</li>\r\n</ul>\r\nBy understanding the top remediation pain points and how you can begin to address them, your remediation nightmares can turn into soothing dreams with well-connected, automated solutions for a secure cloud.\r\n\r\nDownload <a href=\"//www.dazz.io/dummiesguide\" target=\"_blank\" rel=\"noopener\"><em>Cloud Security Remediation For Dummies,</em> Dazz Special Edition,</a> today, and discover how to start creating sustainable cloud security remediation.","description":"The modern cloud environment is enabling game-changing innovation — that’s clear. Mobile devices have an app for virtually anything, Internet of Things technologies are dazzling users, widely dispersed workers are collaborating more effectively than ever, countless things are now available “as a Service,” and the list could go on forever.\r\n\r\nBut with the growth, sprawl, and speed of cloud development, many organizations’ cloud-enabled software development life cycles are increasingly at risk, with an ever-expanding attack surface and the danger of missteps.\r\n\r\nOver the next few years, the vast majority of cloud data security breaches — most the result of misconfigurations and coding mistakes — will be totally preventable with detection tools aiming to try to catch issues before they turn into nightmares. But these helpful detection tools can create an unhelpful avalanche of alerts that overwhelm security and development teams and get in the way of real cloud security efficiency.\r\n\r\nHow can you successfully use the detection tools you have in place in order to figure out which alerts matter most to your business and then quickly fix them before you find yourself with gaps that could be exploited? In this article, you take a look at some of the main pain points in cloud security remediation today and what can be done.\r\n<div id=\"pain-points\"></div>\r\n<h2 id=\"tab1\" >Experiencing the Big Pain Points</h2>\r\nToday’s engineering teams have created vast continuous-integration pipelines that tap into code repositories, continuous-integration platforms, and tools for testing, orchestration, and monitoring. They all live within and across cloud platforms, so things are speedy and efficient.\r\n\r\nThat’s great for business but a nightmare when it comes to keeping data secure in the cloud because everything from applications to developers to production environments are more distributed and complex than they used to be in the good old datacenter days. This situation creates seven pain points:\r\n<ul>\r\n \t<li><strong>Overlapping tools with duplicate alerts:</strong> Many effective security tools exist, but because the attack surface is so broad and complex, those tools overlap one another. A single event can trigger alerts in several different detection tools, and you don’t have a unified view into what the concerns are.</li>\r\n \t<li><strong>Too many false alarms:</strong> The problem of alert overload from multiple tools is worsened by false positives that are then multiplied. In many cases a single root cause is at the heart of multiple different issues, along with multiple alerts — even from within the same product. Auto-scaling containers in the cloud can also auto-scale the alert load, unfortunately.</li>\r\n \t<li><strong>Too few hours in the day for the security team:</strong> The blizzard of information makes it less likely that your security team will be able to keep up. They may spend a massive amount of time manually investigating threats and prioritizing risks, and by the time they’ve figured that out, there’s not enough bandwidth left for strategic issues.</li>\r\n \t<li><strong>Difficulty </strong><strong>finding the right fixer:</strong> An architecture based on microservices means a lot of folks are working independently, as individuals or distributed engineering teams, developing and releasing services on their own. That makes it more challenging to figure out who has an action item.</li>\r\n \t<li><strong>Lurking shadow pipelines and exploitable secrets:</strong> Cloud container technologies let your developers spin up applications so quickly that the security team sometimes doesn’t even know they exist. Without a way to see “code to cloud,” you may not be aware of shadow DevOps activities and exploitable secrets.</li>\r\n \t<li><strong>Not enough context on problem:</strong> The code owner, once identified, often must dig into each issue from scratch. There may be little or no context to help figure out the cause and solution.</li>\r\n \t<li><strong>One-off solutions to zombie problems:</strong> After the fix has been devised, it may be implemented in a bespoke, one-off way. With no centralized view and no automation, there’s no guarantee that a problem that gets fixed today won’t crop up again tomorrow.</li>\r\n</ul>\r\n<div id=\"wish-list\"></div>\r\n<h2 id=\"tab2\" >Building Sustainable Cloud Security</h2>\r\nAs your teams struggle with these pain points in cloud network security, take comfort in the fact that a certified cloud security professional can, indeed, deliver sustainable cloud security remediation. Here’s a four-point wish list of what a solution must be able to do:\r\n<ul>\r\n \t<li><strong>Map and visualize:</strong> Your solution must paint a great picture of the code-to-production pipeline and all its resources. It should create a heat map showing how code moves through the pipeline and where along the path the security issues are arising.</li>\r\n \t<li><strong>Deduplicate:</strong> Your solution must be able to normalize and deduplicate the vast number of alerts that your detection tools are ringing. It should do this by comparing details about code flaws and misconfigurations to trim the list into unique alerts.</li>\r\n \t<li><strong>Find the root cause and the owner:</strong> For every unique issue, you need to know the root cause, the code owner, and the configuration drift. You need all the context you can get, including issue severity, exploitation, and relationships. By correlating information from code and cloud resources, you can cut out a lot of manual work.</li>\r\n \t<li><strong>Streamline the fix:</strong> Regardless of the alert source, the cloud provider, the configuration, or the language in which the code is written, a sustainable solution needs to aggregate and make sense of the data to recommend fixes on the most critical issues. And preferably, it should be able to auto-generate those fixes.</li>\r\n</ul>\r\n<div id=\"dazz\"></div>\r\n<h2 id=\"tab3\" >How Dazz Fits into the Picture</h2>\r\nThe Dazz Remediation Cloud is a cloud security solution that tackles issue remediation as a data problem. Its agentless, SaaS platform uses patented artificial intelligence (AI), data correlation, root-cause analysis, and automation capabilities to help resource-constrained security teams quickly prioritize and fix the vulnerabilities that matter most in collaboration with their engineers.\r\n\r\nHere’s how it works:\r\n<ul>\r\n \t<li><strong>Graphing the pipeline:</strong> Dazz automatically gathers a wealth of information by way of its API connections to all critical points in the code-to-cloud process. It maps everything into a pipeline graph that connects all the dots, documenting every path that code follows from development to cloud deployment, and every resource that touches it along the way.</li>\r\n \t<li><strong>Contextualizing security:</strong> Because it has created a big picture from multiple sources, the Dazz Remediation Cloud can analyze and backtrack each security issue to its source and eliminate duplicates. Dazz receives an alert from a cloud security tool, determines the specific cloud resource that caused the security issue, and traces the cloud resource back to the pipeline used to deploy it. Dazz figures out which vulnerable artifact was deployed and what triggered its build.</li>\r\n \t<li><strong>Automating root cause analysis:</strong> Dazz Remediation Cloud uses a root-cause analysis engine to automate the next steps of investigating and prioritizing cloud security issues. It continuously ingests security risks and automatically investigates them. It quickly discerns the identity of code owners, a root cause context, and a fix suggestion. Dazz can determine how exploitable a code vulnerability is, which developer is responsible for the fix, where in the software development life cycle to make the fix — and perhaps most important, how to ensure you’re taking care of the root cause once and for all.</li>\r\n \t<li><strong>Tapping the remediation knowledge base:</strong> Dazz suggests fixes by tapping into a remediation knowledge base. It’s generated by using threat intelligence, program analysis, and AI. Behind the scenes, it automatically tests thousands of new options of fixes for emerging vulnerabilities and builds a template to suggest the best remediation steps for whatever security issues it’s bringing to your attention.</li>\r\n \t<li><strong>Adopting solid governance and reporting:</strong> Dazz builds in its own set of best-practice policies for pipeline governance. As part of its proactive monitoring, it’s continually on the lookout for violations and unapproved practices, and it facilitates reporting that your risk and compliance team will greatly appreciate. The solution helps users adopt best practices such as standard cloud configurations, right-sized privileged access, and full auditing.</li>\r\n</ul>\r\nBy understanding the top remediation pain points and how you can begin to address them, your remediation nightmares can turn into soothing dreams with well-connected, automated solutions for a secure cloud.\r\n\r\nDownload <a href=\"//www.dazz.io/dummiesguide\" target=\"_blank\" rel=\"noopener\"><em>Cloud Security Remediation For Dummies,</em> Dazz Special Edition,</a> today, and discover how to start creating sustainable cloud security remediation.","blurb":"","authors":[{"authorId":35217,"name":"Steve Kaelble","slug":"steve-kaelble","description":"","hasArticle":false,"_links":{"self":"//dummies-api.coursofppt.com/v2/authors/35217"}}],"primaryCategoryTaxonomy":{"categoryId":33537,"title":"Cybersecurity","slug":"cybersecurity","_links":{"self":"//dummies-api.coursofppt.com/v2/categories/33537"}},"secondaryCategoryTaxonomy":{"categoryId":0,"title":null,"slug":null,"_links":null},"tertiaryCategoryTaxonomy":{"categoryId":0,"title":null,"slug":null,"_links":null},"trendingArticles":null,"inThisArticle":[{"label":"Experiencing the Big Pain Points","target":"#tab1"},{"label":"Building Sustainable Cloud Security","target":"#tab2"},{"label":"How Dazz Fits into the Picture","target":"#tab3"}],"relatedArticles":{"fromBook":[],"fromCategory":[{"articleId":300029,"title":"Data Security Posture Management (DSPM) For Dummies","slug":"data-security-posture-management-dspm-for-dummies","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/300029"}},{"articleId":299346,"title":"Why Your Company Needs a Modern Data Loss Prevention System","slug":"why-your-company-needs-a-modern-data-loss-prevention-system","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/299346"}},{"articleId":296631,"title":"Cybersecurity All-in-One For Dummies Cheat Sheet","slug":"cybersecurity-all-in-one-for-dummies-cheat-sheet","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/296631"}},{"articleId":291466,"title":"Security Awareness For Dummies Cheat Sheet","slug":"security-awareness-for-dummies-cheat-sheet","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/291466"}},{"articleId":290240,"title":"Cloud Security For Dummies Cheat Sheet","slug":"cloud-security-for-dummies-cheat-sheet","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/290240"}}]},"hasRelatedBookFromSearch":false,"relatedBook":{"bookId":0,"slug":null,"isbn":null,"categoryList":null,"amazon":null,"image":null,"title":null,"testBankPinActivationLink":null,"bookOutOfPrint":false,"authorsInfo":null,"authors":null,"_links":null},"collections":[],"articleAds":{"footerAd":"<div class=\"du-ad-region row\" id=\"article_page_adhesion_ad\"><div class=\"du-ad-unit col-md-12\" data-slot-id=\"article_page_adhesion_ad\" data-refreshed=\"false\" \r\n data-target = \"[{&quot;key&quot;:&quot;cat&quot;,&quot;values&quot;:[&quot;technology&quot;,&quot;cybersecurity&quot;]},{&quot;key&quot;:&quot;isbn&quot;,&quot;values&quot;:[null]},{&quot;key&quot;:&quot;sponsored&quot;,&quot;values&quot;:[&quot;customsolutions&quot;]}]\" id=\"du-slot-64f7970edff1b\"></div></div>","rightAd":"<div class=\"du-ad-region row\" id=\"article_page_right_ad\"><div class=\"du-ad-unit col-md-12\" data-slot-id=\"article_page_right_ad\" data-refreshed=\"false\" \r\n data-target = \"[{&quot;key&quot;:&quot;cat&quot;,&quot;values&quot;:[&quot;technology&quot;,&quot;cybersecurity&quot;]},{&quot;key&quot;:&quot;isbn&quot;,&quot;values&quot;:[null]},{&quot;key&quot;:&quot;sponsored&quot;,&quot;values&quot;:[&quot;customsolutions&quot;]}]\" id=\"du-slot-64f7970ee07ab\"></div></div>"},"articleType":{"articleType":"Articles","articleList":null,"content":null,"videoInfo":{"videoId":null,"name":null,"accountId":null,"playerId":null,"thumbnailUrl":null,"description":null,"uploadDate":null}},"sponsorship":{"sponsorshipPage":true,"backgroundImage":{"src":null,"width":0,"height":0},"brandingLine":"Brought to you by Dazz","brandingLink":"//www.dazz.io/","brandingLogo":{"src":"//coursofppt.com/wp-content/uploads/dazz-logo-229x55-1.png","width":229,"height":55},"sponsorAd":"","sponsorEbookTitle":"Cloud Security Remediation For Dummies, Dazz Special Edition","sponsorEbookLink":"//www.dazz.io/dummiesguide","sponsorEbookImage":{"src":"//coursofppt.com/wp-content/uploads/cloud-security-remediation-for-dummies-jazz-special-edition-9781394202621-166x255.jpg","width":166,"height":255}},"primaryLearningPath":"Solve","lifeExpectancy":"One year","lifeExpectancySetFrom":"2024-08-31T00:00:00+00:00","dummiesForKids":"no","sponsoredContent":"no","adInfo":"","adPairKey":[{"adPairKey":"sponsored","adPairValue":"customsolutions"}]},"status":"publish","visibility":"public","articleId":300402},{"headers":{"creationTime":"2020-11-27T15:23:09+00:00","modifiedTime":"2024-08-31T14:14:28+00:00","timestamp":"2024-08-31T15:01:04+00:00"},"data":{"breadcrumbs":[{"name":"Technology","_links":{"self":"//dummies-api.coursofppt.com/v2/categories/33512"},"slug":"technology","categoryId":33512},{"name":"Cybersecurity","_links":{"self":"//dummies-api.coursofppt.com/v2/categories/33537"},"slug":"cybersecurity","categoryId":33537}],"title":"What Is Cybersecurity?","strippedTitle":"what is cybersecurity?","slug":"what-is-cybersecurity","canonicalUrl":"","查找传奇游戏检索平台改善":{"metaDescription":"Cybersecurity involves the mitigation of risks posed by technology. But, that definition can have different implications for various people. Find out more.","noIndex":0,"noFollow":0},"content":"While <em>cybersecurity</em> may sound like a simple enough term to define, in actuality, from a practical standpoint, it means quite different things to different people in different situations, leading to extremely varied relevant policies, procedures, and practices.\r\n\r\nAn individual who wants to protect their social media accounts from hacker takeovers, for example, is exceedingly unlikely to assume many of the cybersecurity approaches and technologies used by Pentagon workers to secure classified networks.\r\n\r\n[caption id=\"attachment_266201\" align=\"aligncenter\" width=\"556\"]<img class=\"wp-image-266201 size-full\" src=\"//coursofppt.com/wp-content/uploads/cybersecurity-definition.jpg\" alt=\"what is cybersecurity\" width=\"556\" height=\"312\" /> ©Shutterstock/BeeBright[/caption]\r\n\r\nTypically, <em>cybersecurity</em> means the following:\r\n<ul>\r\n \t<li>For <strong>individuals, </strong>cybersecurity means that their personal data is not accessible to anyone other than themselves and others who they have so authorized, and that their computing devices work properly and are free from malware.</li>\r\n \t<li>For <strong>small business owners,</strong> cybersecurity may include ensuring that credit card data is properly protected and that standards for data security are properly implemented at point-of-sale registers.</li>\r\n \t<li>For <strong>firms conducting online business,</strong> cybersecurity may include protecting servers that untrusted outsiders regularly interact with.</li>\r\n \t<li><strong>For shared service providers,</strong> cybersecurity may entail protecting numerous data centers that house numerous servers that, in turn, host many virtual servers belonging to many different organizations.</li>\r\n \t<li>For the <strong>government, </strong>cybersecurity may include establishing different classifications of data, each with its own set of related laws, policies, procedures, and technologies.</li>\r\n</ul>\r\n<p class=\"article-tips remember\">The bottom line is that while the word cybersecurity is easy to define, the practical expectations that enters people's minds when they hear the word vary quite a bit.</p>\r\nTechnically speaking, <a href=\"//coursofppt.com/article/technology/cybersecurity/cybersecurity-for-dummies-cheat-sheet-264354/\">cybersecurity</a> is the subset of information security that addresses information and information systems that store and process data in electronic form, whereas <em>information security</em> encompasses the security of all forms of data (for example, securing a paper file and a filing cabinet).\r\n\r\nThat said, today, many people colloquially interchange the terms, often referring to aspects of information security that are technically not part of cybersecurity as being part of the latter. Such usage also results from the blending of the two in many situations.\r\n\r\nFor example, if someone writes down a password on a piece of paper and leaves the paper on their desk where other people can see the password instead of placing the paper in a safe deposit box or safe, they have violated a principle of information security, not of cybersecurity, even though their actions may result in serious cybersecurity repercussions.\r\n<h2 id=\"tab1\" >The risks that cybersecurity mitigates</h2>\r\nPeople sometimes explain the reason that cybersecurity is important as being “because it prevents hackers from breaking into systems and stealing data and money.” But such a description dramatically understates the role that cybersecurity plays in keeping the modern home, business, or even world running.\r\n\r\nIn fact, the role of cybersecurity can be looked at from a variety of different vantage points, with each presenting a different set of goals. Of course the following lists aren’t complete, but they should provide food for thought and underscore the importance of understanding how to cybersecure yourself and your loved ones.\r\n<h3>The goal of cybersecurity: The CIA triad</h3>\r\nCybersecurity professionals often explain that the goal of cybersecurity is to ensure the Confidentiality, Integrity, and Availability (CIA) of data, sometimes referred to as the CIA Triad, with the pun lovingly intended:\r\n<ul>\r\n \t<li><strong>Confidentiality</strong> refers to ensuring that information isn’t disclosed or in any other way made available to unauthorized entities (including people, organizations, or computer processes).\r\n<p class=\"article-tips warning\">Don’t confuse confidentially with privacy: Confidentiality is a subset of the realm of privacy. It deals specifically with protecting data from unauthorized viewers, whereas privacy in general encompasses much more.</p>\r\nHackers that steal data undermine confidentiality.</li>\r\n</ul>\r\n<ul>\r\n \t<li><strong>Integrity</strong> refers to ensuring that data is both accurate and complete.\r\n<p class=\"article-tips tip\">Accurate means, for example, that the data is never modified in any way by any unauthorized party or by a technical glitch. Complete refers to, for example, data that has had no portion of itself removed by any unauthorized party or technical glitch.</p>\r\nIntegrity also includes ensuring <em>nonrepudiation,</em> meaning that data is created and handled in such a fashion that nobody can reasonably argue that the data is not authentic or is inaccurate.\r\n\r\nCyberattacks that intercept data and modify it before relaying it to its destination — sometimes known as <em>man-in-the-middle attacks</em> — undermine integrity.</li>\r\n</ul>\r\n<ul>\r\n \t<li><strong>Availability</strong> refers to ensuring that information, the systems used to store and process it, the communication mechanisms used to access and relay it, and all associated security controls function correctly to meet some specific benchmark (for example, 99.99 percent uptime). People outside of the cybersecurity field sometimes think of availability as a secondary aspect of information security after confidentiality and integrity. In fact, ensuring availability is an integral part of cybersecurity. Doing so, though, is sometimes more difficult than ensuring confidentiality or integrity.\r\n<p class=\"article-tips tip\">One reason for this is that maintaining availability often requires involving many more noncybersecurity professionals, leading to a “too many cooks in the kitchen” type challenge, especially in larger organizations.</p>\r\nDistributed Denial of Service attacks attempt to undermine availability. Also, consider that attacks often use large numbers of stolen computer power and bandwidth to launch DDoS attacks, but responders who seek to ensure availability can only leverage the relatively small amount of resources that they can afford.</li>\r\n</ul>\r\n<h3>What cybersecurity means from a human perspective</h3>\r\nThe risks that cybersecurity addresses can also be thought of in terms better reflecting the human experience:\r\n<ul>\r\n \t<li><strong>Privacy risks:</strong> Risks emanating from the potential loss of <a href=\"//coursofppt.com/article/academics-the-arts/study-skills-test-prep/cissp/data-security-controls-225525/\">adequate control over, or misuse of, personal or other confidential information</a>.</li>\r\n \t<li><strong>Financial risks: </strong>Risks of financial losses due to hacking. Financial losses can include both those that are direct — for example, the theft of money from someone’s bank account by a hacker who hacked into the account — and those that are indirect, such as the loss of customers who no longer trust a small business after the latter suffers a security breach.</li>\r\n \t<li><strong>Professional risks: </strong>Risks to one’s professional career that stem from breaches. Obviously, cybersecurity professionals are at risk for career damage if a breach occurs under their watch and is determined to have happened due to negligence, but other types of professionals can suffer career harm due to a breach as well. C-level executives can be fired, board members can be sued, and so on. Professional damage can also occur if hackers release private communications or data that shows someone in a bad light — for example, records that a person was disciplined for some inappropriate action, sent an email containing objectionable material, and so on.</li>\r\n \t<li><strong>Business risks: </strong>Risks to a business similar to the professional risks to an individual. Internal documents leaked after breach of Sony Pictures painted various the firm in a negative light vis-à-vis some of its compensation practices.</li>\r\n \t<li><strong>Personal risks: </strong>Many people store private information on their electronic devices, from explicit photos to records of participation in activities that may not be deemed respectable by members of their respective social circles. Such data can sometimes cause significant harm to personal relationships if it leaks. Likewise, stolen personal data can help criminals steal people’s identities, which can result in all sorts of personal problems.</li>\r\n</ul>\r\nUltimately, cybersecurity will have different implications depending on the industry you’re operating in and the challenges you are facing.","description":"While <em>cybersecurity</em> may sound like a simple enough term to define, in actuality, from a practical standpoint, it means quite different things to different people in different situations, leading to extremely varied relevant policies, procedures, and practices.\r\n\r\nAn individual who wants to protect their social media accounts from hacker takeovers, for example, is exceedingly unlikely to assume many of the cybersecurity approaches and technologies used by Pentagon workers to secure classified networks.\r\n\r\n[caption id=\"attachment_266201\" align=\"aligncenter\" width=\"556\"]<img class=\"wp-image-266201 size-full\" src=\"//coursofppt.com/wp-content/uploads/cybersecurity-definition.jpg\" alt=\"what is cybersecurity\" width=\"556\" height=\"312\" /> ©Shutterstock/BeeBright[/caption]\r\n\r\nTypically, <em>cybersecurity</em> means the following:\r\n<ul>\r\n \t<li>For <strong>individuals, </strong>cybersecurity means that their personal data is not accessible to anyone other than themselves and others who they have so authorized, and that their computing devices work properly and are free from malware.</li>\r\n \t<li>For <strong>small business owners,</strong> cybersecurity may include ensuring that credit card data is properly protected and that standards for data security are properly implemented at point-of-sale registers.</li>\r\n \t<li>For <strong>firms conducting online business,</strong> cybersecurity may include protecting servers that untrusted outsiders regularly interact with.</li>\r\n \t<li><strong>For shared service providers,</strong> cybersecurity may entail protecting numerous data centers that house numerous servers that, in turn, host many virtual servers belonging to many different organizations.</li>\r\n \t<li>For the <strong>government, </strong>cybersecurity may include establishing different classifications of data, each with its own set of related laws, policies, procedures, and technologies.</li>\r\n</ul>\r\n<p class=\"article-tips remember\">The bottom line is that while the word cybersecurity is easy to define, the practical expectations that enters people's minds when they hear the word vary quite a bit.</p>\r\nTechnically speaking, <a href=\"//coursofppt.com/article/technology/cybersecurity/cybersecurity-for-dummies-cheat-sheet-264354/\">cybersecurity</a> is the subset of information security that addresses information and information systems that store and process data in electronic form, whereas <em>information security</em> encompasses the security of all forms of data (for example, securing a paper file and a filing cabinet).\r\n\r\nThat said, today, many people colloquially interchange the terms, often referring to aspects of information security that are technically not part of cybersecurity as being part of the latter. Such usage also results from the blending of the two in many situations.\r\n\r\nFor example, if someone writes down a password on a piece of paper and leaves the paper on their desk where other people can see the password instead of placing the paper in a safe deposit box or safe, they have violated a principle of information security, not of cybersecurity, even though their actions may result in serious cybersecurity repercussions.\r\n<h2 id=\"tab1\" >The risks that cybersecurity mitigates</h2>\r\nPeople sometimes explain the reason that cybersecurity is important as being “because it prevents hackers from breaking into systems and stealing data and money.” But such a description dramatically understates the role that cybersecurity plays in keeping the modern home, business, or even world running.\r\n\r\nIn fact, the role of cybersecurity can be looked at from a variety of different vantage points, with each presenting a different set of goals. Of course the following lists aren’t complete, but they should provide food for thought and underscore the importance of understanding how to cybersecure yourself and your loved ones.\r\n<h3>The goal of cybersecurity: The CIA triad</h3>\r\nCybersecurity professionals often explain that the goal of cybersecurity is to ensure the Confidentiality, Integrity, and Availability (CIA) of data, sometimes referred to as the CIA Triad, with the pun lovingly intended:\r\n<ul>\r\n \t<li><strong>Confidentiality</strong> refers to ensuring that information isn’t disclosed or in any other way made available to unauthorized entities (including people, organizations, or computer processes).\r\n<p class=\"article-tips warning\">Don’t confuse confidentially with privacy: Confidentiality is a subset of the realm of privacy. It deals specifically with protecting data from unauthorized viewers, whereas privacy in general encompasses much more.</p>\r\nHackers that steal data undermine confidentiality.</li>\r\n</ul>\r\n<ul>\r\n \t<li><strong>Integrity</strong> refers to ensuring that data is both accurate and complete.\r\n<p class=\"article-tips tip\">Accurate means, for example, that the data is never modified in any way by any unauthorized party or by a technical glitch. Complete refers to, for example, data that has had no portion of itself removed by any unauthorized party or technical glitch.</p>\r\nIntegrity also includes ensuring <em>nonrepudiation,</em> meaning that data is created and handled in such a fashion that nobody can reasonably argue that the data is not authentic or is inaccurate.\r\n\r\nCyberattacks that intercept data and modify it before relaying it to its destination — sometimes known as <em>man-in-the-middle attacks</em> — undermine integrity.</li>\r\n</ul>\r\n<ul>\r\n \t<li><strong>Availability</strong> refers to ensuring that information, the systems used to store and process it, the communication mechanisms used to access and relay it, and all associated security controls function correctly to meet some specific benchmark (for example, 99.99 percent uptime). People outside of the cybersecurity field sometimes think of availability as a secondary aspect of information security after confidentiality and integrity. In fact, ensuring availability is an integral part of cybersecurity. Doing so, though, is sometimes more difficult than ensuring confidentiality or integrity.\r\n<p class=\"article-tips tip\">One reason for this is that maintaining availability often requires involving many more noncybersecurity professionals, leading to a “too many cooks in the kitchen” type challenge, especially in larger organizations.</p>\r\nDistributed Denial of Service attacks attempt to undermine availability. Also, consider that attacks often use large numbers of stolen computer power and bandwidth to launch DDoS attacks, but responders who seek to ensure availability can only leverage the relatively small amount of resources that they can afford.</li>\r\n</ul>\r\n<h3>What cybersecurity means from a human perspective</h3>\r\nThe risks that cybersecurity addresses can also be thought of in terms better reflecting the human experience:\r\n<ul>\r\n \t<li><strong>Privacy risks:</strong> Risks emanating from the potential loss of <a href=\"//coursofppt.com/article/academics-the-arts/study-skills-test-prep/cissp/data-security-controls-225525/\">adequate control over, or misuse of, personal or other confidential information</a>.</li>\r\n \t<li><strong>Financial risks: </strong>Risks of financial losses due to hacking. Financial losses can include both those that are direct — for example, the theft of money from someone’s bank account by a hacker who hacked into the account — and those that are indirect, such as the loss of customers who no longer trust a small business after the latter suffers a security breach.</li>\r\n \t<li><strong>Professional risks: </strong>Risks to one’s professional career that stem from breaches. Obviously, cybersecurity professionals are at risk for career damage if a breach occurs under their watch and is determined to have happened due to negligence, but other types of professionals can suffer career harm due to a breach as well. C-level executives can be fired, board members can be sued, and so on. Professional damage can also occur if hackers release private communications or data that shows someone in a bad light — for example, records that a person was disciplined for some inappropriate action, sent an email containing objectionable material, and so on.</li>\r\n \t<li><strong>Business risks: </strong>Risks to a business similar to the professional risks to an individual. Internal documents leaked after breach of Sony Pictures painted various the firm in a negative light vis-à-vis some of its compensation practices.</li>\r\n \t<li><strong>Personal risks: </strong>Many people store private information on their electronic devices, from explicit photos to records of participation in activities that may not be deemed respectable by members of their respective social circles. Such data can sometimes cause significant harm to personal relationships if it leaks. Likewise, stolen personal data can help criminals steal people’s identities, which can result in all sorts of personal problems.</li>\r\n</ul>\r\nUltimately, cybersecurity will have different implications depending on the industry you’re operating in and the challenges you are facing.","blurb":"","authors":[{"authorId":33198,"name":"Joseph Steinberg","slug":"joseph-steinberg","description":" <p>This All-in-One gathers the expertise of the leading <i>For Dummies</i> authors in the world of cybersecurity, including <b>Joseph Steinberg,</b> author of <i>Cybersecurity For Dummies</i>; <b>Kevin Beaver,</b> author of <i>Hacking For Dummies</i>; <b>Ted Coombs,</b> author of <i>Cloud Security For Dummies</i>; and <b>Ira Winkler,</b> author of <i>Security Awareness For Dummies</i>. ","hasArticle":false,"_links":{"self":"//dummies-api.coursofppt.com/v2/authors/33198"}}],"primaryCategoryTaxonomy":{"categoryId":33537,"title":"Cybersecurity","slug":"cybersecurity","_links":{"self":"//dummies-api.coursofppt.com/v2/categories/33537"}},"secondaryCategoryTaxonomy":{"categoryId":0,"title":null,"slug":null,"_links":null},"tertiaryCategoryTaxonomy":{"categoryId":0,"title":null,"slug":null,"_links":null},"trendingArticles":null,"inThisArticle":[{"label":"The risks that cybersecurity mitigates","target":"#tab1"}],"relatedArticles":{"fromBook":[{"articleId":266359,"title":"User-Specific Cybersecurity Policies","slug":"user-specific-cybersecurity-policies","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/266359"}},{"articleId":266350,"title":"Types of Social Engineering Attacks","slug":"types-of-social-engineering-attacks","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/266350"}},{"articleId":266345,"title":"Types of Malware Cybersecurity Professionals Should Know","slug":"types-of-malware-cybersecurity-professionals-should-know","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/266345"}},{"articleId":266228,"title":"Getting End Users to Comply with Cybersecurity Efforts in Small Businesses","slug":"getting-end-users-to-comply-with-cybersecurity-efforts-in-small-businesses","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/266228"}},{"articleId":266223,"title":"Cybersecurity Job and Career Options","slug":"cybersecurity-job-and-career-options","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/266223"}}],"fromCategory":[{"articleId":300402,"title":"Implementing Sustainable Cloud Security to Stop Remediation Nightmares","slug":"implementing-sustainable-cloud-security-to-stop-remediation-nightmares","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/300402"}},{"articleId":300029,"title":"Data Security Posture Management (DSPM) For Dummies","slug":"data-security-posture-management-dspm-for-dummies","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/300029"}},{"articleId":299346,"title":"Why Your Company Needs a Modern Data Loss Prevention System","slug":"why-your-company-needs-a-modern-data-loss-prevention-system","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/299346"}},{"articleId":296631,"title":"Cybersecurity All-in-One For Dummies Cheat Sheet","slug":"cybersecurity-all-in-one-for-dummies-cheat-sheet","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/296631"}},{"articleId":291466,"title":"Security Awareness For Dummies Cheat Sheet","slug":"security-awareness-for-dummies-cheat-sheet","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/291466"}}]},"hasRelatedBookFromSearch":false,"relatedBook":{"bookId":281675,"slug":"cybersecurity-for-dummies","isbn":"9781119867180","categoryList":["technology","cybersecurity"],"amazon":{"default":"//www.amazon.com/gp/product/1119867185/ref=as_li_tl?ie=UTF8&tag=wiley01-20","ca":"//www.amazon.ca/gp/product/1119867185/ref=as_li_tl?ie=UTF8&tag=wiley01-20","indigo_ca":"//www.tkqlhce.com/click-9208661-13710633?url=//www.chapters.indigo.ca/en-ca/books/product/1119867185-item.html&cjsku=978111945484","gb":"//www.amazon.co.uk/gp/product/1119867185/ref=as_li_tl?ie=UTF8&tag=wiley01-20","de":"//www.amazon.de/gp/product/1119867185/ref=as_li_tl?ie=UTF8&tag=wiley01-20"},"image":{"src":"//coursofppt.com/wp-content/uploads/9781119867180-203x255.jpg","width":203,"height":255},"title":"Cybersecurity For Dummies","testBankPinActivationLink":"","bookOutOfPrint":true,"authorsInfo":"<p><p>This All-in-One gathers the expertise of the leading <i>For Dummies</i> authors in the world of cybersecurity, including <b><b data-author-id=\"33198\">Joseph Steinberg</b>,</b> author of <i>Cybersecurity For Dummies</i>; <b>Kevin Beaver,</b> author of <i>Hacking For Dummies</i>; <b>Ted Coombs,</b> author of <i>Cloud Security For Dummies</i>; and <b>Ira Winkler,</b> author of <i>Security Awareness For Dummies</i>.</p>","authors":[{"authorId":33198,"name":"Joseph Steinberg","slug":"joseph-steinberg","description":" <p>This All-in-One gathers the expertise of the leading <i>For Dummies</i> authors in the world of cybersecurity, including <b>Joseph Steinberg,</b> author of <i>Cybersecurity For Dummies</i>; <b>Kevin Beaver,</b> author of <i>Hacking For Dummies</i>; <b>Ted Coombs,</b> author of <i>Cloud Security For Dummies</i>; and <b>Ira Winkler,</b> author of <i>Security Awareness For Dummies</i>. ","hasArticle":false,"_links":{"self":"//dummies-api.coursofppt.com/v2/authors/33198"}}],"_links":{"self":"//dummies-api.coursofppt.com/v2/books/"}},"collections":[],"articleAds":{"footerAd":"<div class=\"du-ad-region row\" id=\"article_page_adhesion_ad\"><div class=\"du-ad-unit col-md-12\" data-slot-id=\"article_page_adhesion_ad\" data-refreshed=\"false\" \r\n data-target = \"[{&quot;key&quot;:&quot;cat&quot;,&quot;values&quot;:[&quot;technology&quot;,&quot;cybersecurity&quot;]},{&quot;key&quot;:&quot;isbn&quot;,&quot;values&quot;:[&quot;9781119867180&quot;]}]\" id=\"du-slot-64f0ab3054ceb\"></div></div>","rightAd":"<div class=\"du-ad-region row\" id=\"article_page_right_ad\"><div class=\"du-ad-unit col-md-12\" data-slot-id=\"article_page_right_ad\" data-refreshed=\"false\" \r\n data-target = \"[{&quot;key&quot;:&quot;cat&quot;,&quot;values&quot;:[&quot;technology&quot;,&quot;cybersecurity&quot;]},{&quot;key&quot;:&quot;isbn&quot;,&quot;values&quot;:[&quot;9781119867180&quot;]}]\" id=\"du-slot-64f0ab3055440\"></div></div>"},"articleType":{"articleType":"Articles","articleList":null,"content":null,"videoInfo":{"videoId":null,"name":null,"accountId":null,"playerId":null,"thumbnailUrl":null,"description":null,"uploadDate":null}},"sponsorship":{"sponsorshipPage":false,"backgroundImage":{"src":null,"width":0,"height":0},"brandingLine":"","brandingLink":"","brandingLogo":{"src":null,"width":0,"height":0},"sponsorAd":"","sponsorEbookTitle":"","sponsorEbookLink":"","sponsorEbookImage":{"src":null,"width":0,"height":0}},"primaryLearningPath":"Advance","lifeExpectancy":"One year","lifeExpectancySetFrom":"2022-12-06T00:00:00+00:00","dummiesForKids":"no","sponsoredContent":"no","adInfo":"","adPairKey":[]},"status":"publish","visibility":"public","articleId":266200},{"headers":{"creationTime":"2024-06-20T21:06:57+00:00","modifiedTime":"2024-06-21T19:14:36+00:00","timestamp":"2024-06-21T21:01:02+00:00"},"data":{"breadcrumbs":[{"name":"Technology","_links":{"self":"//dummies-api.coursofppt.com/v2/categories/33512"},"slug":"technology","categoryId":33512},{"name":"Cybersecurity","_links":{"self":"//dummies-api.coursofppt.com/v2/categories/33537"},"slug":"cybersecurity","categoryId":33537}],"title":"Why Your Company Needs a Modern Data Loss Prevention System","strippedTitle":"why your company needs a modern data loss prevention system","slug":"why-your-company-needs-a-modern-data-loss-prevention-system","canonicalUrl":"","查找传奇游戏检索平台改善":{"metaDescription":"In this article you will learn: What the problem is with legacy data loss prevention systems How modern data loss prevention works How to download a free eBook ","noIndex":0,"noFollow":0},"content":"In this article you will learn:\r\n<ul>\r\n \t<li><a href=\"#legacy\">What the problem is with legacy data loss prevention systems</a></li>\r\n \t<li><a href=\"#modern\">How modern data loss prevention works</a></li>\r\n \t<li><a href=\"#download\">How to download a free eBook to learn more about moving to a modern data loss prevention solution</a></li>\r\n</ul>\r\nThat successful data breaches can have devastating consequences for a business is not new news. The risks from insiders (whether malicious or negligent) are as dangerous to your business as attacks from nefarious outside actors. All threaten to expose sensitive information — personal data/information of customers and employees, financial documents, intellectual property, and so on. This is why your company needs a modern data loss prevention (DLP) system.\r\n\r\n[caption id=\"attachment_299362\" align=\"aligncenter\" width=\"630\"]<img src=\"//coursofppt.com/wp-content/uploads/computer-technician-adobeStock_92564034.jpg\" alt=\"security specialist works on server\" width=\"630\" height=\"419\" class=\"size-full wp-image-299362\" /> ©Cookiecutter / Adobe Stock[/caption]\r\n\r\nSecurity professionals were once confident that the valuable data they protected was safely tucked away inside heavily fortified data centers. But as businesses, both large and small, undergo digital transformation, moving their data to the cloud and across distributed locations, the demands placed on legacy data protection systems have changed drastically.\r\n\r\nThe reality is that most legacy data loss prevention tools are not designed to handle cloud and hybrid work use cases, which require integrations and capabilities with cloud services that legacy DLP systems simply don’t readily support.\r\n\r\nConsequently, you need to rethink your approach to DLP and consider using modern DLP security technologies. These are systems designed to automatically discover and protect the storage, flow, and use of sensitive data — anywhere across an organization’s networks, users, and services.\r\n<div id=\"legacy\"></div>\r\n<h2 id=\"tab1\" >The problem with legacy DLP systems</h2>\r\nAlthough legacy data loss prevention solutions have been around for more than ten years, they’ve gained a reputation for being complex to implement and manage. They’re also considered costly, limited in scope, less and less accurate, and not able to provide the comprehensive coverage needed for today’s current work-from-anywhere world.\r\n\r\nLegacy data loss prevention software was designed with a perimeter-based security model that assumes all data is stored within the corporate network and managed environments, a model that is no longer sufficient. We are now in the cloud era, when data is stored in multiple cloud-based locations and accessed by users and devices outside the corporate network.\r\n\r\nAdditionally, legacy DLP systems were not designed to integrate with the wide range of cloud services and infrastructures that are now in use. This makes it difficult, or even impossible, to provide comprehensive protection for data in the cloud.\r\n\r\nAdding extra technologies to an outdated DLP approach doesn’t make it cloud-ready; it only adds complexity and additional strain on what might be an already-stretched IT department.\r\n<div id=\"modern\"></div>\r\n<h2 id=\"tab2\" >How modern DLP works</h2>\r\nTo effectively prevent data loss, a DLP system should be integrated and automated to continuously monitor and verify the identity of authorized individuals and devices, their behavior, their collaboration and external data sharing, the applications they’re using and their risks, and many other contextual factors.\r\n\r\nA modern DLP system performs several critical functions, including the following:\r\n<ul>\r\n \t<li>Identifies sensitive data wherever it resides and moves, whether it’s data in motion (crossing the Internet, networks, apps, and devices); data at rest (being stored); or data in use (being collaborated on, printed, or faxed).</li>\r\n \t<li>Monitors the data environment to detect who’s accessing data and what they’re doing with it. By monitoring actions, DLP can detect incidents — such as unauthorized sharing of confidential information — that may be in violation of corporate policy and take action to address them.</li>\r\n \t<li>Automatically takes action to enforce policies by, for example, stopping the data flow, encrypting the data, quarantining the confidential information, or unsharing the data on software as a service (SaaS) application.</li>\r\n \t<li>Provides user coaching by automatically notifying users of violations and the reasons behind them, while educating them on safe data-handling practices. Notification also helps to instantly educate users on security policies, reducing the need for incident response teams to manually triage issues.</li>\r\n</ul>\r\n<div id=\"download\"></div>\r\nTo read more about moving to a modern DLP solution that supports your business goals and protects your company, download <a class=\"bookSponsor-btn\" href=\"//www.netskope.com/resources/ebooks/modern-data-loss-prevention-dlp-for-dummies\" target=\"_blank\" rel=\"noopener\" data-testid=\"bookSponsorDownloadButton\"><em>Modern Data Loss Prevention (DLP) For Dummies,</em> Netskope Special Edition</a>.","description":"In this article you will learn:\r\n<ul>\r\n \t<li><a href=\"#legacy\">What the problem is with legacy data loss prevention systems</a></li>\r\n \t<li><a href=\"#modern\">How modern data loss prevention works</a></li>\r\n \t<li><a href=\"#download\">How to download a free eBook to learn more about moving to a modern data loss prevention solution</a></li>\r\n</ul>\r\nThat successful data breaches can have devastating consequences for a business is not new news. The risks from insiders (whether malicious or negligent) are as dangerous to your business as attacks from nefarious outside actors. All threaten to expose sensitive information — personal data/information of customers and employees, financial documents, intellectual property, and so on. This is why your company needs a modern data loss prevention (DLP) system.\r\n\r\n[caption id=\"attachment_299362\" align=\"aligncenter\" width=\"630\"]<img src=\"//coursofppt.com/wp-content/uploads/computer-technician-adobeStock_92564034.jpg\" alt=\"security specialist works on server\" width=\"630\" height=\"419\" class=\"size-full wp-image-299362\" /> ©Cookiecutter / Adobe Stock[/caption]\r\n\r\nSecurity professionals were once confident that the valuable data they protected was safely tucked away inside heavily fortified data centers. But as businesses, both large and small, undergo digital transformation, moving their data to the cloud and across distributed locations, the demands placed on legacy data protection systems have changed drastically.\r\n\r\nThe reality is that most legacy data loss prevention tools are not designed to handle cloud and hybrid work use cases, which require integrations and capabilities with cloud services that legacy DLP systems simply don’t readily support.\r\n\r\nConsequently, you need to rethink your approach to DLP and consider using modern DLP security technologies. These are systems designed to automatically discover and protect the storage, flow, and use of sensitive data — anywhere across an organization’s networks, users, and services.\r\n<div id=\"legacy\"></div>\r\n<h2 id=\"tab1\" >The problem with legacy DLP systems</h2>\r\nAlthough legacy data loss prevention solutions have been around for more than ten years, they’ve gained a reputation for being complex to implement and manage. They’re also considered costly, limited in scope, less and less accurate, and not able to provide the comprehensive coverage needed for today’s current work-from-anywhere world.\r\n\r\nLegacy data loss prevention software was designed with a perimeter-based security model that assumes all data is stored within the corporate network and managed environments, a model that is no longer sufficient. We are now in the cloud era, when data is stored in multiple cloud-based locations and accessed by users and devices outside the corporate network.\r\n\r\nAdditionally, legacy DLP systems were not designed to integrate with the wide range of cloud services and infrastructures that are now in use. This makes it difficult, or even impossible, to provide comprehensive protection for data in the cloud.\r\n\r\nAdding extra technologies to an outdated DLP approach doesn’t make it cloud-ready; it only adds complexity and additional strain on what might be an already-stretched IT department.\r\n<div id=\"modern\"></div>\r\n<h2 id=\"tab2\" >How modern DLP works</h2>\r\nTo effectively prevent data loss, a DLP system should be integrated and automated to continuously monitor and verify the identity of authorized individuals and devices, their behavior, their collaboration and external data sharing, the applications they’re using and their risks, and many other contextual factors.\r\n\r\nA modern DLP system performs several critical functions, including the following:\r\n<ul>\r\n \t<li>Identifies sensitive data wherever it resides and moves, whether it’s data in motion (crossing the Internet, networks, apps, and devices); data at rest (being stored); or data in use (being collaborated on, printed, or faxed).</li>\r\n \t<li>Monitors the data environment to detect who’s accessing data and what they’re doing with it. By monitoring actions, DLP can detect incidents — such as unauthorized sharing of confidential information — that may be in violation of corporate policy and take action to address them.</li>\r\n \t<li>Automatically takes action to enforce policies by, for example, stopping the data flow, encrypting the data, quarantining the confidential information, or unsharing the data on software as a service (SaaS) application.</li>\r\n \t<li>Provides user coaching by automatically notifying users of violations and the reasons behind them, while educating them on safe data-handling practices. Notification also helps to instantly educate users on security policies, reducing the need for incident response teams to manually triage issues.</li>\r\n</ul>\r\n<div id=\"download\"></div>\r\nTo read more about moving to a modern DLP solution that supports your business goals and protects your company, download <a class=\"bookSponsor-btn\" href=\"//www.netskope.com/resources/ebooks/modern-data-loss-prevention-dlp-for-dummies\" target=\"_blank\" rel=\"noopener\" data-testid=\"bookSponsorDownloadButton\"><em>Modern Data Loss Prevention (DLP) For Dummies,</em> Netskope Special Edition</a>.","blurb":"","authors":[],"primaryCategoryTaxonomy":{"categoryId":33537,"title":"Cybersecurity","slug":"cybersecurity","_links":{"self":"//dummies-api.coursofppt.com/v2/categories/33537"}},"secondaryCategoryTaxonomy":{"categoryId":0,"title":null,"slug":null,"_links":null},"tertiaryCategoryTaxonomy":{"categoryId":0,"title":null,"slug":null,"_links":null},"trendingArticles":null,"inThisArticle":[{"label":"The problem with legacy DLP systems","target":"#tab1"},{"label":"How modern DLP works","target":"#tab2"}],"relatedArticles":{"fromBook":[],"fromCategory":[{"articleId":296631,"title":"Cybersecurity All-in-One For Dummies Cheat Sheet","slug":"cybersecurity-all-in-one-for-dummies-cheat-sheet","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/296631"}},{"articleId":291466,"title":"Security Awareness For Dummies Cheat Sheet","slug":"security-awareness-for-dummies-cheat-sheet","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/291466"}},{"articleId":290240,"title":"Cloud Security For Dummies Cheat Sheet","slug":"cloud-security-for-dummies-cheat-sheet","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/290240"}},{"articleId":270968,"title":"How to Perform a Penetration Test","slug":"how-to-perform-a-penetration-test","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/270968"}},{"articleId":270960,"title":"Penetration Testing with Burp Suite and Wireshark to Uncover Vulnerabilities","slug":"penetration-testing-with-burp-suite-and-wireshark-to-uncover-vulnerabilities","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/270960"}}]},"hasRelatedBookFromSearch":false,"relatedBook":{"bookId":0,"slug":null,"isbn":null,"categoryList":null,"amazon":null,"image":null,"title":null,"testBankPinActivationLink":null,"bookOutOfPrint":false,"authorsInfo":null,"authors":null,"_links":null},"collections":[],"articleAds":{"footerAd":"<div class=\"du-ad-region row\" id=\"article_page_adhesion_ad\"><div class=\"du-ad-unit col-md-12\" data-slot-id=\"article_page_adhesion_ad\" data-refreshed=\"false\" \r\n data-target = \"[{&quot;key&quot;:&quot;cat&quot;,&quot;values&quot;:[&quot;technology&quot;,&quot;cybersecurity&quot;]},{&quot;key&quot;:&quot;isbn&quot;,&quot;values&quot;:[null]},{&quot;key&quot;:&quot;sponsored&quot;,&quot;values&quot;:[&quot;customsolutions&quot;]}]\" id=\"du-slot-6493650eb262f\"></div></div>","rightAd":"<div class=\"du-ad-region row\" id=\"article_page_right_ad\"><div class=\"du-ad-unit col-md-12\" data-slot-id=\"article_page_right_ad\" data-refreshed=\"false\" \r\n data-target = \"[{&quot;key&quot;:&quot;cat&quot;,&quot;values&quot;:[&quot;technology&quot;,&quot;cybersecurity&quot;]},{&quot;key&quot;:&quot;isbn&quot;,&quot;values&quot;:[null]},{&quot;key&quot;:&quot;sponsored&quot;,&quot;values&quot;:[&quot;customsolutions&quot;]}]\" id=\"du-slot-6493650eb3541\"></div></div>"},"articleType":{"articleType":"Articles","articleList":null,"content":null,"videoInfo":{"videoId":null,"name":null,"accountId":null,"playerId":null,"thumbnailUrl":null,"description":null,"uploadDate":null}},"sponsorship":{"sponsorshipPage":true,"backgroundImage":{"src":null,"width":0,"height":0},"brandingLine":"Brought to you by Netskope ","brandingLink":"//www.netskope.com/","brandingLogo":{"src":"//coursofppt.com/wp-content/uploads/netskope-logo-270x42.jpg","width":270,"height":42},"sponsorAd":"","sponsorEbookTitle":"Modern Data Loss Prevention (DLP) For Dummies, Netskope Special Edition","sponsorEbookLink":"//www.netskope.com/resources/ebooks/modern-data-loss-prevention-dlp-for-dummies","sponsorEbookImage":{"src":"//coursofppt.com/wp-content/uploads/modern-data-loss-prevention-dlp-for-dummies-netskope-cover-9781394198917-165x255.jpg","width":165,"height":255}},"primaryLearningPath":"Solve","lifeExpectancy":"One year","lifeExpectancySetFrom":"2024-06-27T00:00:00+00:00","dummiesForKids":"no","sponsoredContent":"no","adInfo":"","adPairKey":[{"adPairKey":"sponsored","adPairValue":"customsolutions"}]},"status":"publish","visibility":"public","articleId":299346},{"headers":{"creationTime":"2024-01-09T22:21:25+00:00","modifiedTime":"2024-01-10T16:45:41+00:00","timestamp":"2024-01-10T18:01:02+00:00"},"data":{"breadcrumbs":[{"name":"Technology","_links":{"self":"//dummies-api.coursofppt.com/v2/categories/33512"},"slug":"technology","categoryId":33512},{"name":"Cybersecurity","_links":{"self":"//dummies-api.coursofppt.com/v2/categories/33537"},"slug":"cybersecurity","categoryId":33537}],"title":"Cybersecurity All-in-One For Dummies Cheat Sheet","strippedTitle":"cybersecurity all-in-one for dummies cheat sheet","slug":"cybersecurity-all-in-one-for-dummies-cheat-sheet","canonicalUrl":"","查找传奇游戏检索平台改善":{"metaDescription":"This Cheat Sheet includes tips for protecting your personal and work data, a list of password-cracking software professionals, and more.","noIndex":0,"noFollow":0},"content":"To cyber-protect your personal and business data, make sure everyone at home and at work recognizes that they are a target.\r\n\r\nPeople who believe that hackers want to breach their computers and phones and that cyber criminals want to steal their data act differently than people who do not understand the true nature of the threat. Many businesses use security awareness programs to improve security related behaviors.","description":"To cyber-protect your personal and business data, make sure everyone at home and at work recognizes that they are a target.\r\n\r\nPeople who believe that hackers want to breach their computers and phones and that cyber criminals want to steal their data act differently than people who do not understand the true nature of the threat. Many businesses use security awareness programs to improve security related behaviors.","blurb":"","authors":[{"authorId":33198,"name":"Joseph Steinberg","slug":"joseph-steinberg","description":" <p><b>Joseph Steinberg</b> is a master of cybersecurity. He is one of very few people to hold the suite of security certifications including: CISSP<sup>&#174;</sup>, ISSAP<sup>&#174;</sup>, ISSMP<sup>&#174;</sup>, and CSSLP<sup>&#174;</sup>. Joseph has written several books on cybersecurity, including the previous edition of <i>Cybersecurity For Dummies</i>. He is currently a consultant on information security, and serves as an expert witness in related matters.</p> ","hasArticle":false,"_links":{"self":"//dummies-api.coursofppt.com/v2/authors/33198"}},{"authorId":8984,"name":"Kevin Beaver","slug":"kevin-beaver","description":" <p><b>Kevin Beaver </b>is an information security guru and has worked in the industry for more than three decades as a consultant, writer, and speaker. He earned his master&#8217;s degree in Management of Technology at Georgia Tech.</b></p> ","hasArticle":false,"_links":{"self":"//dummies-api.coursofppt.com/v2/authors/8984"}},{"authorId":34698,"name":"Ira Winkler","slug":"ira-winkler","description":"","hasArticle":false,"_links":{"self":"//dummies-api.coursofppt.com/v2/authors/34698"}},{"authorId":34680,"name":"Ted Coombs","slug":"ted-coombs","description":" <p><b>Ted Coombs</b> is a direct descendant of King Edward of England, a former world record holder for most miles roller skated in a day, and a longtime technology guru and author. He&#8217;s written over a dozen technology books on a wide array of topics ranging from database programming to building an internet site. Along the way he helped create early artificial intelligence tools and served as cybersecurity professional focused on computer forensics. ","hasArticle":false,"_links":{"self":"//dummies-api.coursofppt.com/v2/authors/34680"}}],"primaryCategoryTaxonomy":{"categoryId":33537,"title":"Cybersecurity","slug":"cybersecurity","_links":{"self":"//dummies-api.coursofppt.com/v2/categories/33537"}},"secondaryCategoryTaxonomy":{"categoryId":0,"title":null,"slug":null,"_links":null},"tertiaryCategoryTaxonomy":{"categoryId":0,"title":null,"slug":null,"_links":null},"trendingArticles":null,"inThisArticle":[],"relatedArticles":{"fromBook":[],"fromCategory":[{"articleId":291466,"title":"Security Awareness For Dummies Cheat Sheet","slug":"security-awareness-for-dummies-cheat-sheet","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/291466"}},{"articleId":290240,"title":"Cloud Security For Dummies Cheat Sheet","slug":"cloud-security-for-dummies-cheat-sheet","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/290240"}},{"articleId":270968,"title":"How to Perform a Penetration Test","slug":"how-to-perform-a-penetration-test","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/270968"}},{"articleId":270960,"title":"Penetration Testing with Burp Suite and Wireshark to Uncover Vulnerabilities","slug":"penetration-testing-with-burp-suite-and-wireshark-to-uncover-vulnerabilities","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/270960"}},{"articleId":270942,"title":"Building a Penetration Testing Toolkit: Considerations and Popular Pen Test Tools","slug":"building-a-penetration-testing-toolkit-considerations-and-popular-pen-test-tools","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/270942"}}]},"hasRelatedBookFromSearch":false,"relatedBook":{"bookId":296574,"slug":"cybersecurity-all-in-one-for-dummies","isbn":"9781394152858","categoryList":["technology","cybersecurity"],"amazon":{"default":"//www.amazon.com/gp/product/139415285X/ref=as_li_tl?ie=UTF8&tag=wiley01-20","ca":"//www.amazon.ca/gp/product/139415285X/ref=as_li_tl?ie=UTF8&tag=wiley01-20","indigo_ca":"//www.tkqlhce.com/click-9208661-13710633?url=//www.chapters.indigo.ca/en-ca/books/product/139415285X-item.html&cjsku=978111945484","gb":"//www.amazon.co.uk/gp/product/139415285X/ref=as_li_tl?ie=UTF8&tag=wiley01-20","de":"//www.amazon.de/gp/product/139415285X/ref=as_li_tl?ie=UTF8&tag=wiley01-20"},"image":{"src":"//coursofppt.com/wp-content/uploads/cybersecurity-all-in-one-for-dummies-cover-9781394152858-203x255.jpg","width":203,"height":255},"title":"Cybersecurity All-in-One For Dummies","testBankPinActivationLink":"","bookOutOfPrint":true,"authorsInfo":"<p><p><b><b data-author-id=\"33198\">Joseph Steinberg</b></b> is a master of cybersecurity. He is one of very few people to hold the suite of security certifications including: CISSP<sup>&#174;</sup>, ISSAP<sup>&#174;</sup>, ISSMP<sup>&#174;</sup>, and CSSLP<sup>&#174;</sup>. Joseph has written several books on cybersecurity, including the previous edition of <i>Cybersecurity For Dummies</i>. He is currently a consultant on information security, and serves as an expert witness in related matters.</p> <p><b><b data-author-id=\"8984\">Kevin Beaver</b> </b>is an information security guru and has worked in the industry for more than three decades as a consultant, writer, and speaker. He earned his master&#8217;s degree in Management of Technology at Georgia Tech.</b></p> <p><b><b data-author-id=\"34680\">Ted Coombs</b></b> is a direct descendant of King Edward of England, a former world record holder for most miles roller skated in a day, and a longtime technology guru and author. He&#8217;s written over a dozen technology books on a wide array of topics ranging from database programming to building an internet site. Along the way he helped create early artificial intelligence tools and served as cybersecurity professional focused on computer forensics.</p>","authors":[{"authorId":33198,"name":"Joseph Steinberg","slug":"joseph-steinberg","description":" <p><b>Joseph Steinberg</b> is a master of cybersecurity. He is one of very few people to hold the suite of security certifications including: CISSP<sup>&#174;</sup>, ISSAP<sup>&#174;</sup>, ISSMP<sup>&#174;</sup>, and CSSLP<sup>&#174;</sup>. Joseph has written several books on cybersecurity, including the previous edition of <i>Cybersecurity For Dummies</i>. He is currently a consultant on information security, and serves as an expert witness in related matters.</p> ","hasArticle":false,"_links":{"self":"//dummies-api.coursofppt.com/v2/authors/33198"}},{"authorId":8984,"name":"Kevin Beaver","slug":"kevin-beaver","description":" <p><b>Kevin Beaver </b>is an information security guru and has worked in the industry for more than three decades as a consultant, writer, and speaker. He earned his master&#8217;s degree in Management of Technology at Georgia Tech.</b></p> ","hasArticle":false,"_links":{"self":"//dummies-api.coursofppt.com/v2/authors/8984"}},{"authorId":34698,"name":"Ira Winkler","slug":"ira-winkler","description":"","hasArticle":false,"_links":{"self":"//dummies-api.coursofppt.com/v2/authors/34698"}},{"authorId":34680,"name":"Ted Coombs","slug":"ted-coombs","description":" <p><b>Ted Coombs</b> is a direct descendant of King Edward of England, a former world record holder for most miles roller skated in a day, and a longtime technology guru and author. He&#8217;s written over a dozen technology books on a wide array of topics ranging from database programming to building an internet site. Along the way he helped create early artificial intelligence tools and served as cybersecurity professional focused on computer forensics. ","hasArticle":false,"_links":{"self":"//dummies-api.coursofppt.com/v2/authors/34680"}}],"_links":{"self":"//dummies-api.coursofppt.com/v2/books/"}},"collections":[],"articleAds":{"footerAd":"<div class=\"du-ad-region row\" id=\"article_page_adhesion_ad\"><div class=\"du-ad-unit col-md-12\" data-slot-id=\"article_page_adhesion_ad\" data-refreshed=\"false\" \r\n data-target = \"[{&quot;key&quot;:&quot;cat&quot;,&quot;values&quot;:[&quot;technology&quot;,&quot;cybersecurity&quot;]},{&quot;key&quot;:&quot;isbn&quot;,&quot;values&quot;:[&quot;9781394152858&quot;]}]\" id=\"du-slot-63bda7decd375\"></div></div>","rightAd":"<div class=\"du-ad-region row\" id=\"article_page_right_ad\"><div class=\"du-ad-unit col-md-12\" data-slot-id=\"article_page_right_ad\" data-refreshed=\"false\" \r\n data-target = \"[{&quot;key&quot;:&quot;cat&quot;,&quot;values&quot;:[&quot;technology&quot;,&quot;cybersecurity&quot;]},{&quot;key&quot;:&quot;isbn&quot;,&quot;values&quot;:[&quot;9781394152858&quot;]}]\" id=\"du-slot-63bda7dece3c7\"></div></div>"},"articleType":{"articleType":"Cheat Sheet","articleList":[{"articleId":0,"title":"","slug":null,"categoryList":[],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/"}}],"content":[{"title":"Protecting your data from Internet scams","thumb":null,"image":null,"content":"<p>The following tips help you protect your data and keep yourself and your family safe from Internet scams:</p>\n<ul>\n<li><strong>Protect your devices.</strong> At a minimum, run security software on every device you use to access sensitive information. Configure your devices to auto-lock, and to require a strong password to unlock them. Don’t leave your devices in insecure locations, and install software only from reputable sources, such as official app stores and official vendor and reseller websites.</li>\n<li><strong>Protect data.</strong> Encrypt all sensitive data and back up often. If you’re unsure as to whether something should be encrypted, it probably should be. If you’re unsure as to whether you back up frequently enough, — you, like most people, probably are not.</li>\n<li><strong>Use safe connections.</strong> Never access sensitive information over free public Wi-Fi and consider avoiding using such Internet access altogether, especially from any device on which you perform sensitive activities or access sensitive information.The connection provided by your cellular service is likely far more secure than any public Wi-Fi, and such connections can usually be shared by multiple devices if you turn on your phone’s “mobile hotspot” feature.</li>\n<li><strong>Use proper authentication and passwords.</strong> Every person accessing an important system should have their own login credentials. Do not share passwords for online banking, email, social media, and so on with your children or significant other. Get everyone their own login. Make sure you use strong, unique passwords for your most sensitive systems.</li>\n<li><strong>Share wisely. </strong>Do not overshare information on social media or using any other platforms. Crooks look for such data and use it to social engineer people. Oversharing exposes yourself and your loved ones to increased risks of being targeted by scammers or of having your identities stolen.</li>\n</ul>\n"},{"title":"Managing cybersecurity in your organization","thumb":null,"image":null,"content":"<p>The following tips can help you communicate effectively about cybersecurity challenges in your organization:</p>\n<ul>\n<li>Treat security awareness and training as a business investment.</li>\n<li>Train users on an ongoing basis to keep security fresh in their minds.</li>\n<li>Include information privacy and security tasks and responsibilities in everyone’s job descriptions.</li>\n<li>Tailor your content to your audience whenever possible.</li>\n<li>Create a social engineering awareness program for your business functions and user roles.</li>\n<li>Keep your messages as nontechnical as possible.</li>\n<li>Develop incentive programs for preventing and reporting incidents.</li>\n<li>Lead by example.</li>\n</ul>\n"},{"title":"Preventing social engineering attacks in the workplace","thumb":null,"image":null,"content":"<p>These tips help prevent social engineering attacks in the workplace:</p>\n<ul>\n<li><strong>Never divulge any information unless you can validate that the people requesting the information need it and are who they say they are.</strong> If a request is made over the telephone, verify the caller’s identity, and call back.</li>\n<li><strong>Never click an email link that supposedly loads a page with information that needs updating.</strong> This is particularly true for unsolicited emails, which can be especially tricky on mobile devices because users often don’t have the benefit of seeing where the link would take them.</li>\n<li><strong>Encourage your users to validate shortened URLs from bit.ly and other URL-shortening services if they’re unsure of their safety or legitimacy.</strong> Websites such as <a href=\"//www.checkshorturl.com\" target=\"_blank\" rel=\"noopener\">CheckShortURL</a> and <a href=\"//wheregoes.com\" target=\"_blank\" rel=\"noopener\">WhereGoes</a> offer this service.</li>\n<li><strong>Be careful when sharing sensitive personal information on social networking sites, such as Facebook or LinkedIn.</strong> Also, be on the lookout for people claiming to know you or wanting to be your friend. Their intentions might be malicious.</li>\n<li><strong>Escort all guests within the building.</strong> This may not match your company’s culture or be realistic, but it can certainly help minimize social engineering risks.</li>\n<li><strong>Never open email attachments or other files from strangers, and be very careful even if they come from people you know.</strong> This measure alone could prevent untold security incidents, breaches, and ransomware infections.</li>\n<li><strong>Never give out passwords or other sensitive information.</strong> Even your own colleagues don’t need to know unless there’s an otherwise compelling business reason behind it.</li>\n<li><strong>Never let a stranger connect to one of your Ethernet network ports or internal wireless networks, even for a few seconds.</strong> Someone with ill intent can place a network analyzer or install malware, or set up a backdoor that can be accessed remotely when they leave.</li>\n<li><strong>Develop and enforce media-destruction policies.</strong> These policies (for computer media and documents) help ensure that data is handled carefully and stays where it should be. A good source of information on destruction policies is <a href=\"//www.pdaconsulting.com/datadp.htm\" target=\"_blank\" rel=\"noopener\">PDAconsulting</a>.</li>\n<li><strong>Use cross-cut paper shredders.</strong> Better still, hire a document-shredding company that specializes in confidential document and media destruction.</li>\n</ul>\n"},{"title":"Sample questions for a security awareness interview","thumb":null,"image":null,"content":"<p>Following, are some general questions you should ask everyone you interview when creating a security awareness program. You also need to ask questions specific to the person’s job function and relationship or the influence they have to their awareness person.</p>\n<ul>\n<li>What are the biggest problems you see?</li>\n<li>What are the security strengths you see?</li>\n<li>Do you have any specific concerns?</li>\n<li>(If someone has been with the organization for a while) What has worked best within the company to change behaviors?</li>\n<li>(If someone is new to the organization) Have you seen anything in your past organizations that you think would work here?</li>\n<li>What have been the parts of the current awareness program that you like?</li>\n<li>What did you not like?</li>\n<li>Do you see other departments communicate well with employees? How do they do that?</li>\n<li>Do you think the organization places importance on security?</li>\n<li>Do you think your line manager expects certain things of you?</li>\n<li>What happens if adhering to security guidelines causes you to take longer to do your job?</li>\n<li>What prevents you from following good awareness practices?</li>\n<li>How do you prefer to receive awareness information?</li>\n<li>What information do you need?</li>\n<li>What information do you want to see?</li>\n<li>Can you offer any guidance to the awareness program?</li>\n</ul>\n"},{"title":"Password-cracking software for security professionals","thumb":null,"image":null,"content":"<p>Password-cracking tools can be used for both legitimate security assessments and malicious attacks. You want to find password weaknesses before the bad guys do.</p>\n<p>You can try to crack your organization’s operating system and application passwords with various password-cracking tools:</p>\n<ul>\n<li><a href=\"//web.archive.org/web/20190731132754/http:/www.hoobie.net/brutus/\" target=\"_blank\" rel=\"noopener\"><strong>Brutus</strong></a>: Cracks logins for HTTP, FTP, Telnet, and more</li>\n<li><a href=\"//web.archive.org/web/20160214132154///www.oxid.it/cain.html\" target=\"_blank\" rel=\"noopener\"><strong>Cain &amp; Abel</strong></a>: Cracks LM and NT LanManager (NTLM) hashes, Windows RDP passwords, Cisco IOS and PIX hashes, VNC passwords, RADIUS hashes, and lots more. (<em>Hashes</em> are cryptographic representations of passwords.)</li>\n<li><a href=\"//www.elcomsoft.com/edpr.html\" target=\"_blank\" rel=\"noopener\"><strong>Elcomsoft Distributed Password Recovery</strong></a>: Cracks Windows, Microsoft Office, PGP, Adobe, iTunes, and numerous other passwords in a distributed fashion, using up to 10,000 networked computers at one time. This tool uses the same graphics processing unit (GPU) video acceleration as the Elcomsoft Wireless Auditor tool, which allows for cracking speeds up to 50 times faster.</li>\n<li><a href=\"//www.elcomsoft.com/ppa.html\" target=\"_blank\" rel=\"noopener\"><strong>Elcomsoft Proactive Password Auditor</strong></a>: Runs brute-force, dictionary, and rainbow cracks against extracted LM and NTLM password hashes.</li>\n<li><a href=\"//www.elcomsoft.com/pspr.html\" target=\"_blank\" rel=\"noopener\"><strong>Elcomsoft Proactive System Password Recovery</strong></a>: Recovers practically any locally stored Windows passwords, such as login passwords, WEP/WPA passphrases, SYSKEY passwords, and RAS/dial-up/VPN passwords.</li>\n<li><a href=\"//www.elcomsoft.com/esr.html\" target=\"_blank\" rel=\"noopener\"><strong>Elcomsoft System Recovery</strong></a>: Cracks or resets Windows user passwords, sets administrative rights, and resets password expirations, all from a bootable CD. This tool is great for demonstrating what can happen when laptop computers don’t have full disk encryption.</li>\n<li><a href=\"//www.openwall.com/john\" target=\"_blank\" rel=\"noopener\"><strong>John the Ripper</strong></a>: Cracks hashed Linux/Unix and Windows passwords.</li>\n<li><a href=\"//github.com/gentilkiwi/mimikatz\" target=\"_blank\" rel=\"noopener\"><strong>Mimikatz</strong> </a>: For past the hash exploits and extracting passwords from memory on Windows systems.</li>\n<li><a href=\"//ophcrack.sourceforge.io/\" target=\"_blank\" rel=\"noopener\"><strong>Ophcrack</strong> </a>: Cracks Windows user passwords, using rainbow tables from a bootable CD. Rainbow tables are pre-calculated password hashes that can speed the cracking process by comparing these hashes with the hashes obtained from the specific passwords being tested.</li>\n<li><a href=\"//www.openwall.com/passwords/windows-pwdump\" target=\"_blank\" rel=\"noopener\"><strong>pwdump</strong> </a>: Extracts Windows password hashes from the SAM (Security Accounts Manager) database.</li>\n<li><a href=\"//project-rainbowcrack.com\" target=\"_blank\" rel=\"noopener\"><strong>RainbowCrack</strong></a>:  Cracks LanManager (LM) and MD5 hashes quickly by using rainbow tables.</li>\n<li><a href=\"//www.kali.org/tools/hydra/\" target=\"_blank\" rel=\"noopener\"><strong>Hydra</strong> </a>: Cracks logins for HTTP, FTP, IMAP, SMTP, VNC, and many more.</li>\n</ul>\n<p class=\"article-tips warning\">When trying to crack passwords, the associated user accounts may be locked out, which could interrupt your users. Be careful if intruder lockout is enabled in your operating systems, databases, or applications. If intruder lockout is enabled, you might lock out some or all computer/network accounts, resulting in a denial of service situation for your users.</p>\n"}],"videoInfo":{"videoId":null,"name":null,"accountId":null,"playerId":null,"thumbnailUrl":null,"description":null,"uploadDate":null}},"sponsorship":{"sponsorshipPage":false,"backgroundImage":{"src":null,"width":0,"height":0},"brandingLine":"","brandingLink":"","brandingLogo":{"src":null,"width":0,"height":0},"sponsorAd":"","sponsorEbookTitle":"","sponsorEbookLink":"","sponsorEbookImage":{"src":null,"width":0,"height":0}},"primaryLearningPath":"Advance","lifeExpectancy":"Two years","lifeExpectancySetFrom":"2024-01-09T00:00:00+00:00","dummiesForKids":"no","sponsoredContent":"no","adInfo":"","adPairKey":[]},"status":"publish","visibility":"public","articleId":296631},{"headers":{"creationTime":"2018-05-15T18:08:25+00:00","modifiedTime":"2023-10-19T13:57:48+00:00","timestamp":"2023-10-19T15:01:03+00:00"},"data":{"breadcrumbs":[{"name":"Technology","_links":{"self":"//dummies-api.coursofppt.com/v2/categories/33512"},"slug":"technology","categoryId":33512},{"name":"Cybersecurity","_links":{"self":"//dummies-api.coursofppt.com/v2/categories/33537"},"slug":"cybersecurity","categoryId":33537}],"title":"What is General Data Protections Regulation (GDPR)?","strippedTitle":"what is general data protections regulation (gdpr)?","slug":"general-data-protections-regulation-gdpr","canonicalUrl":"","查找传奇游戏检索平台改善":{"metaDescription":"How is the EU protecting the data of its citizens? Find out more about the General Data Protections Regulation (GDPR).","noIndex":0,"noFollow":0},"content":"The General Data Protections Regulation (GDPR) is a ruling intended to protect the data of citizens within the European Union (EU). The GDPR was a move by The Council of the European Union, European Parliament, and European Commission to provide citizens with a greater level of control over their personal data.\r\n\r\nAfter several years of refining and debating, the regulation was officially approved by European Parliament on April 14, 2016. The EU then allowed a two-year transition period for organizations to reach compliance. As of May 25, 2018, the GDPR's heavy fines kicked in, to be levied against any business not meeting the guidelines.\r\n\r\n<a href=\"//coursofppt.com/wp-content/uploads/gdpr.png\"><img class=\"aligncenter wp-image-239608 size-full\" src=\"//coursofppt.com/wp-content/uploads/gdpr.png\" alt=\"gdpr\" width=\"535\" height=\"356\" /></a>\r\n<h2 id=\"tab1\" >Who is affected by the GDPR?</h2>\r\nThe GDPR has far-reaching implications for all citizens of the EU and businesses operating within the EU, regardless of physical location. If businesses hope to offer goods or services to citizens of the EU, they will be subject to the penalties imposed by the GDPR. In addition, any business that holds personal data of EU citizens can be held accountable under the GDPR.\r\n\r\nWhat sort of data falls under the GDPR?\r\n<ul>\r\n \t<li>Name</li>\r\n \t<li>Photo</li>\r\n \t<li>Email address</li>\r\n \t<li>Social media posts</li>\r\n \t<li>Personal medical information</li>\r\n \t<li>IP addresses</li>\r\n \t<li>Bank details</li>\r\n</ul>\r\n<p class=\"article-tips tip\">The GDPR covers any information that can be classified as personal details or that can be used to determine your identity. Parental consent is required to process any data relating to children ages 16 and under.</p>\r\nThe regulation specifies the entities impacted by the GDPR. The wording specifically includes data processors and data controllers. What does this mean? Information that is stored in a “cloud” or in a separate physical location is still subject to penalties. Regardless of who has determined how your information will be used and who actually uses it, fines can still be imposed for misuse if it concerns the data of EU citizens.\r\n<h2 id=\"tab2\" >Penalties for not complying with GDPR</h2>\r\nBusinesses that fail to comply with GDPR are subject to fines. This can mean different things for businesses, depending on the level of infraction. On the high end, businesses may be required to pay up to 4 percent of their global turnover, or 20 million euros, whichever is highest. Companies may also be fined 2 percent for not taking appropriate measures to keep records in order. Ultimately, the fine depends on the nature of the infraction.\r\n<h2 id=\"tab3\" >Data breaches and the GDPR</h2>\r\nA data breach is any situation where an outside entity gains access to user data without the permission of the individual. Data breaches often involve the malicious use of data against users.\r\n\r\nIf a data breach should occur, the GDPR specifies that companies must provide adequate notification. The affected company has 72 hours to notify the appropriate data protection agency and must inform affected individuals “without undue delay.”\r\n<h2 id=\"tab4\" >Uncertain politics and the GDPR</h2>\r\nIn an uncertain political climate, many companies and citizens are concerned about how they will be affected by the GDPR given the undetermined nature of <a href=\"//coursofppt.com/article/academics-the-arts/political-science/british-government/what-is-brexit-220858/\">Brexit</a>. Companies operating in the United Kingdom are encouraged to take measures to comply with the GDPR. Although these companies may not be subject to the GDPR, <a href=\"//EUGDPR.org\" target=\"_blank\" rel=\"noopener\">EUGDPR.org</a> states that “The UK Government has indicated it will implement an equivalent or alternative legal mechanisms.”\r\n<p class=\"article-tips remember\">If you believe you will be operating in the UK but not in other EU countries, you are still encouraged to prepare for the GDPR as the UK is expected to follow suit with similar data protection legislation.</p>","description":"The General Data Protections Regulation (GDPR) is a ruling intended to protect the data of citizens within the European Union (EU). The GDPR was a move by The Council of the European Union, European Parliament, and European Commission to provide citizens with a greater level of control over their personal data.\r\n\r\nAfter several years of refining and debating, the regulation was officially approved by European Parliament on April 14, 2016. The EU then allowed a two-year transition period for organizations to reach compliance. As of May 25, 2018, the GDPR's heavy fines kicked in, to be levied against any business not meeting the guidelines.\r\n\r\n<a href=\"//coursofppt.com/wp-content/uploads/gdpr.png\"><img class=\"aligncenter wp-image-239608 size-full\" src=\"//coursofppt.com/wp-content/uploads/gdpr.png\" alt=\"gdpr\" width=\"535\" height=\"356\" /></a>\r\n<h2 id=\"tab1\" >Who is affected by the GDPR?</h2>\r\nThe GDPR has far-reaching implications for all citizens of the EU and businesses operating within the EU, regardless of physical location. If businesses hope to offer goods or services to citizens of the EU, they will be subject to the penalties imposed by the GDPR. In addition, any business that holds personal data of EU citizens can be held accountable under the GDPR.\r\n\r\nWhat sort of data falls under the GDPR?\r\n<ul>\r\n \t<li>Name</li>\r\n \t<li>Photo</li>\r\n \t<li>Email address</li>\r\n \t<li>Social media posts</li>\r\n \t<li>Personal medical information</li>\r\n \t<li>IP addresses</li>\r\n \t<li>Bank details</li>\r\n</ul>\r\n<p class=\"article-tips tip\">The GDPR covers any information that can be classified as personal details or that can be used to determine your identity. Parental consent is required to process any data relating to children ages 16 and under.</p>\r\nThe regulation specifies the entities impacted by the GDPR. The wording specifically includes data processors and data controllers. What does this mean? Information that is stored in a “cloud” or in a separate physical location is still subject to penalties. Regardless of who has determined how your information will be used and who actually uses it, fines can still be imposed for misuse if it concerns the data of EU citizens.\r\n<h2 id=\"tab2\" >Penalties for not complying with GDPR</h2>\r\nBusinesses that fail to comply with GDPR are subject to fines. This can mean different things for businesses, depending on the level of infraction. On the high end, businesses may be required to pay up to 4 percent of their global turnover, or 20 million euros, whichever is highest. Companies may also be fined 2 percent for not taking appropriate measures to keep records in order. Ultimately, the fine depends on the nature of the infraction.\r\n<h2 id=\"tab3\" >Data breaches and the GDPR</h2>\r\nA data breach is any situation where an outside entity gains access to user data without the permission of the individual. Data breaches often involve the malicious use of data against users.\r\n\r\nIf a data breach should occur, the GDPR specifies that companies must provide adequate notification. The affected company has 72 hours to notify the appropriate data protection agency and must inform affected individuals “without undue delay.”\r\n<h2 id=\"tab4\" >Uncertain politics and the GDPR</h2>\r\nIn an uncertain political climate, many companies and citizens are concerned about how they will be affected by the GDPR given the undetermined nature of <a href=\"//coursofppt.com/article/academics-the-arts/political-science/british-government/what-is-brexit-220858/\">Brexit</a>. Companies operating in the United Kingdom are encouraged to take measures to comply with the GDPR. Although these companies may not be subject to the GDPR, <a href=\"//EUGDPR.org\" target=\"_blank\" rel=\"noopener\">EUGDPR.org</a> states that “The UK Government has indicated it will implement an equivalent or alternative legal mechanisms.”\r\n<p class=\"article-tips remember\">If you believe you will be operating in the UK but not in other EU countries, you are still encouraged to prepare for the GDPR as the UK is expected to follow suit with similar data protection legislation.</p>","blurb":"","authors":[{"authorId":8941,"name":"Ashley Watters, Abshier House","slug":"ashley-watters-abshier-house","description":"","hasArticle":false,"_links":{"self":"//dummies-api.coursofppt.com/v2/authors/8941"}}],"primaryCategoryTaxonomy":{"categoryId":33537,"title":"Cybersecurity","slug":"cybersecurity","_links":{"self":"//dummies-api.coursofppt.com/v2/categories/33537"}},"secondaryCategoryTaxonomy":{"categoryId":0,"title":null,"slug":null,"_links":null},"tertiaryCategoryTaxonomy":{"categoryId":0,"title":null,"slug":null,"_links":null},"trendingArticles":null,"inThisArticle":[{"label":"Who is affected by the GDPR?","target":"#tab1"},{"label":"Penalties for not complying with GDPR","target":"#tab2"},{"label":"Data breaches and the GDPR","target":"#tab3"},{"label":"Uncertain politics and the GDPR","target":"#tab4"}],"relatedArticles":{"fromBook":[],"fromCategory":[{"articleId":291466,"title":"Security Awareness For Dummies Cheat Sheet","slug":"security-awareness-for-dummies-cheat-sheet","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/291466"}},{"articleId":290240,"title":"Cloud Security For Dummies Cheat Sheet","slug":"cloud-security-for-dummies-cheat-sheet","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/290240"}},{"articleId":270968,"title":"How to Perform a Penetration Test","slug":"how-to-perform-a-penetration-test","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/270968"}},{"articleId":270960,"title":"Penetration Testing with Burp Suite and Wireshark to Uncover Vulnerabilities","slug":"penetration-testing-with-burp-suite-and-wireshark-to-uncover-vulnerabilities","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/270960"}},{"articleId":270942,"title":"Building a Penetration Testing Toolkit: Considerations and Popular Pen Test Tools","slug":"building-a-penetration-testing-toolkit-considerations-and-popular-pen-test-tools","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/270942"}}]},"hasRelatedBookFromSearch":false,"relatedBook":{"bookId":0,"slug":null,"isbn":null,"categoryList":null,"amazon":null,"image":null,"title":null,"testBankPinActivationLink":null,"bookOutOfPrint":false,"authorsInfo":null,"authors":null,"_links":null},"collections":[],"articleAds":{"footerAd":"<div class=\"du-ad-region row\" id=\"article_page_adhesion_ad\"><div class=\"du-ad-unit col-md-12\" data-slot-id=\"article_page_adhesion_ad\" data-refreshed=\"false\" \r\n data-target = \"[{&quot;key&quot;:&quot;cat&quot;,&quot;values&quot;:[&quot;technology&quot;,&quot;cybersecurity&quot;]},{&quot;key&quot;:&quot;isbn&quot;,&quot;values&quot;:[null]}]\" id=\"du-slot-6350112f4bbd1\"></div></div>","rightAd":"<div class=\"du-ad-region row\" id=\"article_page_right_ad\"><div class=\"du-ad-unit col-md-12\" data-slot-id=\"article_page_right_ad\" data-refreshed=\"false\" \r\n data-target = \"[{&quot;key&quot;:&quot;cat&quot;,&quot;values&quot;:[&quot;technology&quot;,&quot;cybersecurity&quot;]},{&quot;key&quot;:&quot;isbn&quot;,&quot;values&quot;:[null]}]\" id=\"du-slot-6350112f4d500\"></div></div>"},"articleType":{"articleType":"Articles","articleList":null,"content":null,"videoInfo":{"videoId":null,"name":null,"accountId":null,"playerId":null,"thumbnailUrl":null,"description":null,"uploadDate":null}},"sponsorship":{"sponsorshipPage":false,"backgroundImage":{"src":null,"width":0,"height":0},"brandingLine":"","brandingLink":"","brandingLogo":{"src":null,"width":0,"height":0},"sponsorAd":"","sponsorEbookTitle":"","sponsorEbookLink":"","sponsorEbookImage":{"src":null,"width":0,"height":0}},"primaryLearningPath":"Explore","lifeExpectancy":"One year","lifeExpectancySetFrom":"2022-12-17T00:00:00+00:00","dummiesForKids":"no","sponsoredContent":"no","adInfo":"","adPairKey":[]},"status":"publish","visibility":"public","articleId":239606},{"headers":{"creationTime":"2020-09-23T20:43:11+00:00","modifiedTime":"2023-10-19T13:55:46+00:00","timestamp":"2023-10-19T15:01:03+00:00"},"data":{"breadcrumbs":[{"name":"Technology","_links":{"self":"//dummies-api.coursofppt.com/v2/categories/33512"},"slug":"technology","categoryId":33512},{"name":"Cybersecurity","_links":{"self":"//dummies-api.coursofppt.com/v2/categories/33537"},"slug":"cybersecurity","categoryId":33537}],"title":"Cybersecurity For Dummies Cheat Sheet","strippedTitle":"cybersecurity for dummies cheat sheet","slug":"cybersecurity-for-dummies-cheat-sheet","canonicalUrl":"","查找传奇游戏检索平台改善":{"metaDescription":"Learn about the common scams that cyber criminals use to target online shoppers and how to cyber-protect yourself and your data.","noIndex":0,"noFollow":0},"content":"<span class=\"TextRun Highlight SCXW223555244 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW223555244 BCX0\">Some scams cyber-criminals use to target online shoppers seem to persist for years. This likely indicates that people are continuously falling prey to the scams, thereby encouraging criminals to keep using the same forms of trickery over and over. </span></span>\r\n\r\n<span class=\"TextRun Highlight SCXW223555244 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW223555244 BCX0\">Look here to discover some</span> <span class=\"NormalTextRun SCXW223555244 BCX0\">straightforward tips on how to keep yourself — and your loved ones — safe when using the i</span><span class=\"NormalTextRun SCXW223555244 BCX0\">nternet to shop,</span><span class=\"NormalTextRun SCXW223555244 BCX0\"> as well as how to avoid </span></span><span class=\"TextRun SCXW223555244 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW223555244 BCX0\">common cybersecurity mistakes</span></span><span class=\"TextRun Highlight SCXW223555244 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW223555244 BCX0\">.</span></span><span class=\"EOP SCXW223555244 BCX0\" data-ccp-props=\"{\"201341983\":1,\"335559685\":1022,\"335559739\":220,\"335559740\":220}\"> </span>\r\n\r\n[caption id=\"attachment_264355\" align=\"alignnone\" width=\"535\"]<img class=\"size-full wp-image-264355\" src=\"//coursofppt.com/wp-content/uploads/cybersecurity-graphic.jpg\" alt=\"cybersecurity graphic\" width=\"535\" height=\"334\" /> © GoodStudio/Shutterstock.com[/caption]","description":"<span class=\"TextRun Highlight SCXW223555244 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW223555244 BCX0\">Some scams cyber-criminals use to target online shoppers seem to persist for years. This likely indicates that people are continuously falling prey to the scams, thereby encouraging criminals to keep using the same forms of trickery over and over. </span></span>\r\n\r\n<span class=\"TextRun Highlight SCXW223555244 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW223555244 BCX0\">Look here to discover some</span> <span class=\"NormalTextRun SCXW223555244 BCX0\">straightforward tips on how to keep yourself — and your loved ones — safe when using the i</span><span class=\"NormalTextRun SCXW223555244 BCX0\">nternet to shop,</span><span class=\"NormalTextRun SCXW223555244 BCX0\"> as well as how to avoid </span></span><span class=\"TextRun SCXW223555244 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW223555244 BCX0\">common cybersecurity mistakes</span></span><span class=\"TextRun Highlight SCXW223555244 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW223555244 BCX0\">.</span></span><span class=\"EOP SCXW223555244 BCX0\" data-ccp-props=\"{\"201341983\":1,\"335559685\":1022,\"335559739\":220,\"335559740\":220}\"> </span>\r\n\r\n[caption id=\"attachment_264355\" align=\"alignnone\" width=\"535\"]<img class=\"size-full wp-image-264355\" src=\"//coursofppt.com/wp-content/uploads/cybersecurity-graphic.jpg\" alt=\"cybersecurity graphic\" width=\"535\" height=\"334\" /> © GoodStudio/Shutterstock.com[/caption]","blurb":"","authors":[{"authorId":33198,"name":"Joseph Steinberg","slug":"joseph-steinberg","description":" <p><b>Joseph Steinberg</b> is a master of cybersecurity. He is one of very few people to hold the suite of security certifications including: CISSP<sup>&#174;</sup>, ISSAP<sup>&#174;</sup>, ISSMP<sup>&#174;</sup>, and CSSLP<sup>&#174;</sup>. Joseph has written several books on cybersecurity, including the previous edition of <i>Cybersecurity For Dummies</i>. He is currently a consultant on information security, and serves as an expert witness in related matters.</p> ","hasArticle":false,"_links":{"self":"//dummies-api.coursofppt.com/v2/authors/33198"}}],"primaryCategoryTaxonomy":{"categoryId":33537,"title":"Cybersecurity","slug":"cybersecurity","_links":{"self":"//dummies-api.coursofppt.com/v2/categories/33537"}},"secondaryCategoryTaxonomy":{"categoryId":0,"title":null,"slug":null,"_links":null},"tertiaryCategoryTaxonomy":{"categoryId":0,"title":null,"slug":null,"_links":null},"trendingArticles":null,"inThisArticle":[],"relatedArticles":{"fromBook":[{"articleId":266359,"title":"User-Specific Cybersecurity Policies","slug":"user-specific-cybersecurity-policies","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/266359"}},{"articleId":266350,"title":"Types of Social Engineering Attacks","slug":"types-of-social-engineering-attacks","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/266350"}},{"articleId":266345,"title":"Types of Malware Cybersecurity Professionals Should Know","slug":"types-of-malware-cybersecurity-professionals-should-know","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/266345"}},{"articleId":266228,"title":"Getting End Users to Comply with Cybersecurity Efforts in Small Businesses","slug":"getting-end-users-to-comply-with-cybersecurity-efforts-in-small-businesses","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/266228"}},{"articleId":266223,"title":"Cybersecurity Job and Career Options","slug":"cybersecurity-job-and-career-options","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/266223"}}],"fromCategory":[{"articleId":291466,"title":"Security Awareness For Dummies Cheat Sheet","slug":"security-awareness-for-dummies-cheat-sheet","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/291466"}},{"articleId":290240,"title":"Cloud Security For Dummies Cheat Sheet","slug":"cloud-security-for-dummies-cheat-sheet","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/290240"}},{"articleId":270968,"title":"How to Perform a Penetration Test","slug":"how-to-perform-a-penetration-test","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/270968"}},{"articleId":270960,"title":"Penetration Testing with Burp Suite and Wireshark to Uncover Vulnerabilities","slug":"penetration-testing-with-burp-suite-and-wireshark-to-uncover-vulnerabilities","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/270960"}},{"articleId":270942,"title":"Building a Penetration Testing Toolkit: Considerations and Popular Pen Test Tools","slug":"building-a-penetration-testing-toolkit-considerations-and-popular-pen-test-tools","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/270942"}}]},"hasRelatedBookFromSearch":false,"relatedBook":{"bookId":281675,"slug":"cybersecurity-for-dummies","isbn":"9781119867180","categoryList":["technology","cybersecurity"],"amazon":{"default":"//www.amazon.com/gp/product/1119867185/ref=as_li_tl?ie=UTF8&tag=wiley01-20","ca":"//www.amazon.ca/gp/product/1119867185/ref=as_li_tl?ie=UTF8&tag=wiley01-20","indigo_ca":"//www.tkqlhce.com/click-9208661-13710633?url=//www.chapters.indigo.ca/en-ca/books/product/1119867185-item.html&cjsku=978111945484","gb":"//www.amazon.co.uk/gp/product/1119867185/ref=as_li_tl?ie=UTF8&tag=wiley01-20","de":"//www.amazon.de/gp/product/1119867185/ref=as_li_tl?ie=UTF8&tag=wiley01-20"},"image":{"src":"//coursofppt.com/wp-content/uploads/9781119867180-203x255.jpg","width":203,"height":255},"title":"Cybersecurity For Dummies","testBankPinActivationLink":"","bookOutOfPrint":true,"authorsInfo":"<p><b><b data-author-id=\"33198\">Joseph Steinberg</b></b> is a master of cybersecurity. He is one of very few people to hold the suite of security certifications including: CISSP<sup>&#174;</sup>, ISSAP<sup>&#174;</sup>, ISSMP<sup>&#174;</sup>, and CSSLP<sup>&#174;</sup>. Joseph has written several books on cybersecurity, including the previous edition of <i>Cybersecurity For Dummies</i>. He is currently a consultant on information security, and serves as an expert witness in related matters.</p>","authors":[{"authorId":33198,"name":"Joseph Steinberg","slug":"joseph-steinberg","description":" <p><b>Joseph Steinberg</b> is a master of cybersecurity. He is one of very few people to hold the suite of security certifications including: CISSP<sup>&#174;</sup>, ISSAP<sup>&#174;</sup>, ISSMP<sup>&#174;</sup>, and CSSLP<sup>&#174;</sup>. Joseph has written several books on cybersecurity, including the previous edition of <i>Cybersecurity For Dummies</i>. He is currently a consultant on information security, and serves as an expert witness in related matters.</p> ","hasArticle":false,"_links":{"self":"//dummies-api.coursofppt.com/v2/authors/33198"}}],"_links":{"self":"//dummies-api.coursofppt.com/v2/books/"}},"collections":[],"articleAds":{"footerAd":"<div class=\"du-ad-region row\" id=\"article_page_adhesion_ad\"><div class=\"du-ad-unit col-md-12\" data-slot-id=\"article_page_adhesion_ad\" data-refreshed=\"false\" \r\n data-target = \"[{&quot;key&quot;:&quot;cat&quot;,&quot;values&quot;:[&quot;technology&quot;,&quot;cybersecurity&quot;]},{&quot;key&quot;:&quot;isbn&quot;,&quot;values&quot;:[&quot;9781119867180&quot;]}]\" id=\"du-slot-6350112f41d50\"></div></div>","rightAd":"<div class=\"du-ad-region row\" id=\"article_page_right_ad\"><div class=\"du-ad-unit col-md-12\" data-slot-id=\"article_page_right_ad\" data-refreshed=\"false\" \r\n data-target = \"[{&quot;key&quot;:&quot;cat&quot;,&quot;values&quot;:[&quot;technology&quot;,&quot;cybersecurity&quot;]},{&quot;key&quot;:&quot;isbn&quot;,&quot;values&quot;:[&quot;9781119867180&quot;]}]\" id=\"du-slot-6350112f425a1\"></div></div>"},"articleType":{"articleType":"Cheat Sheet","articleList":[{"articleId":264345,"title":"Cyber-Protect Yourself and Your Family on the Internet","slug":"","categoryList":[],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/264345"}},{"articleId":264348,"title":"Avoid Common Cybersecurity Mistakes","slug":"","categoryList":[],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/264348"}},{"articleId":264351,"title":"Common Cyber Scams Targeting Online Shoppers","slug":"","categoryList":[],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/264351"}}],"content":[{"title":"Cyber-protect yourself and your family on the internet","thumb":null,"image":null,"content":"<p><span data-contrast=\"auto\">To cyber-protect yourself and your family, make sure everyone in your family knows that they are a target. People who believe that hackers want to breach their computers and phones and that cyber criminals want to steal their data act differently than people who do not understand the true nature of the threat.</span><span data-ccp-props=\"{&quot;201341983&quot;:1,&quot;335559685&quot;:1022,&quot;335559739&quot;:220,&quot;335559740&quot;:220}\"> </span></p>\n<p><span data-contrast=\"auto\">The following tips help you protect your data and keep yourself and your family safe from Internet scams:</span><span data-ccp-props=\"{&quot;201341983&quot;:1,&quot;335559685&quot;:1022,&quot;335559739&quot;:220,&quot;335559740&quot;:220}\"> </span></p>\n<ul>\n<li><b><span data-contrast=\"auto\">Protect your devices.</span></b><span data-contrast=\"auto\"> At a minimum, run security software on every device you use to access sensitive information. Configure your devices to auto-lock, and to require a strong password to unlock them. Don’t leave your devices in insecure locations, and install software only from reputable sources, such as official app stores and official vendor and reseller websites.</span><span data-ccp-props=\"{&quot;201341983&quot;:1,&quot;335559685&quot;:1440,&quot;335559739&quot;:110,&quot;335559740&quot;:220,&quot;335559991&quot;:1440,&quot;469777462&quot;:[1340,1440],&quot;469777927&quot;:[0,0],&quot;469777928&quot;:[4,1]}\"> </span></li>\n<li><b><span data-contrast=\"auto\">Protect data.</span></b><span data-contrast=\"auto\"> Encrypt all sensitive data and back up often. If you’re unsure as to whether something should be encrypted, it probably should be. If you’re unsure as to whether you back up frequently enough, — you, like most people, probably are not.</span><span data-ccp-props=\"{&quot;201341983&quot;:1,&quot;335559685&quot;:1440,&quot;335559739&quot;:110,&quot;335559740&quot;:220,&quot;335559991&quot;:1440,&quot;469777462&quot;:[1340,1440],&quot;469777927&quot;:[0,0],&quot;469777928&quot;:[4,1]}\"> </span></li>\n<li><b><span data-contrast=\"auto\">Use safe connections.</span></b><span data-contrast=\"auto\"> Never access sensitive information over free public Wi-Fi and consider avoiding using such Internet access altogether, especially from any device on which you perform sensitive activities or access sensitive information. The connection provided by your cellular service is likely far more secure than any public Wi-Fi, and such connections can usually be shared by multiple devices if you turn on your phone’s “mobile hotspot” feature.</span><span data-ccp-props=\"{&quot;201341983&quot;:1,&quot;335559685&quot;:1440,&quot;335559739&quot;:110,&quot;335559740&quot;:220,&quot;335559991&quot;:1440,&quot;469777462&quot;:[1340,1440],&quot;469777927&quot;:[0,0],&quot;469777928&quot;:[4,1]}\"> </span></li>\n<li><b><span data-contrast=\"auto\">Use proper authentication and passwords.</span></b><span data-contrast=\"auto\"> Every person accessing an important system should have their own login credentials. Do not share passwords for online banking, email, social media, and so on with your children or significant other. Get everyone their own login. Make sure you use strong, unique passwords for your most sensitive systems.</span><span data-ccp-props=\"{&quot;201341983&quot;:1,&quot;335559685&quot;:1440,&quot;335559739&quot;:110,&quot;335559740&quot;:220,&quot;335559991&quot;:1440,&quot;469777462&quot;:[1340,1440],&quot;469777927&quot;:[0,0],&quot;469777928&quot;:[4,1]}\"> </span></li>\n<li><b><span data-contrast=\"auto\">Share wisely. </span></b><span data-contrast=\"auto\">Do not overshare information on social media or using any other platforms. Crooks look for such data and use it to social engineer people. Oversharing exposes yourself and your loved ones to increased risks of being targeted by scammers or of having your identities stolen.</span><span data-ccp-props=\"{&quot;201341983&quot;:1,&quot;335559685&quot;:1440,&quot;335559739&quot;:220,&quot;335559740&quot;:220,&quot;335559991&quot;:1440,&quot;469777462&quot;:[1340,1440],&quot;469777927&quot;:[0,0],&quot;469777928&quot;:[4,1]}\"> </span></li>\n</ul>\n"},{"title":"Avoid common cybersecurity mistakes","thumb":null,"image":null,"content":"<p><span data-contrast=\"auto\">Here are some of the common cybersecurity mistakes people make. These mistakes make hacking easier than it should be, and therefore, also help criminals commit cybercrimes.</span><span data-ccp-props=\"{&quot;201341983&quot;:1,&quot;335559685&quot;:1022,&quot;335559739&quot;:220,&quot;335559740&quot;:220}\"> </span></p>\n<ul>\n<li><b><span data-contrast=\"auto\">Thinking it cannot happen to you:</span></b><span data-contrast=\"auto\"> Every person, business, organization, and government entity is a potential target for hackers. People who think they do not have anything of value and “why would hackers want to attack me?” often act without proper diligence and learn quite quickly how wrong their perspective is.</span><span data-ccp-props=\"{&quot;201341983&quot;:1,&quot;335559685&quot;:1440,&quot;335559739&quot;:110,&quot;335559740&quot;:220,&quot;335559991&quot;:1440,&quot;469777462&quot;:[1340,1440],&quot;469777927&quot;:[0,0],&quot;469777928&quot;:[4,1]}\"> </span></li>\n<li><b><span data-contrast=\"auto\">Using weak passwords:</span></b><span data-contrast=\"auto\"> Despite ubiquitous warnings not to do so, a large number of people still use </span><a href=\"//coursofppt.com/article/technology/cybersecurity/4-ways-hackers-crack-passwords-256039/\" target=\"_blank\" rel=\"noopener\"><span data-contrast=\"auto\">weak passwords</span></a><span data-contrast=\"auto\">, such as “123456” or “password” — as evidenced by the lists of compromised passwords publicized on the Internet after various breaches. If you use  the same password on a sensitive site that you used elsewhere, or use another form of weak password on a sensitive site, you dramatically increase the risk to yourself of an account being compromised.</span><span data-ccp-props=\"{&quot;201341983&quot;:1,&quot;335559685&quot;:1440,&quot;335559739&quot;:110,&quot;335559740&quot;:220,&quot;335559991&quot;:1440,&quot;469777462&quot;:[1340,1440],&quot;469777927&quot;:[0,0],&quot;469777928&quot;:[4,1]}\"> </span></li>\n<li><b><span data-contrast=\"auto\">Not using multifactor authentication when it is available:</span></b><span data-contrast=\"auto\"> All major social media platforms, Google, Amazon, and most major financial institutions offer some form of multifactor authentication capabilities. Multifactor authentication can, in the case of a password compromise, make all the difference between an account being breached and it remaining secure — yet, even today, many people still refuse to take advantage of the security benefits provided by multifactor authentication even when the features are offered for free.</span><span data-ccp-props=\"{&quot;201341983&quot;:1,&quot;335559685&quot;:1440,&quot;335559739&quot;:110,&quot;335559740&quot;:220,&quot;335559991&quot;:1440,&quot;469777462&quot;:[1340,1440],&quot;469777927&quot;:[0,0],&quot;469777928&quot;:[4,1]}\"> </span></li>\n<li><b><span data-contrast=\"auto\">Not running proper security software:</span></b><span data-contrast=\"auto\"> Modern security software dramatically increases the odds of a person fending off a whole slew of potential cybersecurity problems, including malware, breaches, spam overloads, and others. Yet, many people still do not run such software on each and every one of their computers (including laptops, tablets, and smartphones), while others run software but fail to keep it up to date, thereby undermining the potency of their product to protect against the latest (and, often, the most dangerous) threats.</span><span data-ccp-props=\"{&quot;201341983&quot;:1,&quot;335559685&quot;:1440,&quot;335559739&quot;:110,&quot;335559740&quot;:220,&quot;335559991&quot;:1440,&quot;469777462&quot;:[1340,1440],&quot;469777927&quot;:[0,0],&quot;469777928&quot;:[4,1]}\"> </span></li>\n<li><b><span data-contrast=\"auto\">Not keeping software up to date:</span></b><span data-contrast=\"auto\"> Many operating system and software updates contain fixes for security vulnerabilities discovered by researchers (or hackers) in prior releases. If you do not keep your software up to date, you’re likely to leave your devices vulnerable to attack. Worse yet, once a vendor publicly describes a vulnerability that it has fixed, criminals may seek to create exploit scripts to search for, and target, unpatched machines.</span><span data-ccp-props=\"{&quot;201341983&quot;:1,&quot;335559685&quot;:1440,&quot;335559739&quot;:110,&quot;335559740&quot;:220,&quot;335559991&quot;:1440,&quot;469777462&quot;:[1340,1440],&quot;469777927&quot;:[0,0],&quot;469777928&quot;:[4,1]}\"> </span></li>\n<li><b><span data-contrast=\"auto\">Failing to exercise good judgment:</span></b><span data-contrast=\"auto\"> The weakest link in the cybersecurity chain is almost always a human being. Whether it be by clicking a link that should not have been clicked, sending money to a fraudster who sent a bogus email impersonating one’s boss, installing a rogue app, downloading a pirated copy of a movie, or through some other imprudent action, human error often opens a cyber can of worms, and provides criminals with the ability to inflict far more harm that they would have been able to on their own.</span><span data-ccp-props=\"{&quot;201341983&quot;:1,&quot;335559685&quot;:1440,&quot;335559739&quot;:110,&quot;335559740&quot;:220,&quot;335559991&quot;:1440,&quot;469777462&quot;:[1340,1440],&quot;469777927&quot;:[0,0],&quot;469777928&quot;:[4,1]}\"> </span></li>\n<li><b><span data-contrast=\"auto\">Not learning the basics:</span></b><span data-contrast=\"auto\"> People who suffer from a medical condition, or whose loved ones do, typically learn about the condition to ensure that proper treatment is administered and that unnecessary danger does not result. When it comes to cybersecurity, however, many folks choose to remain ignorant, thinking that, somehow, if they pretend that there is no danger to them, such will be the reality.</span><span data-ccp-props=\"{&quot;201341983&quot;:1,&quot;335559685&quot;:1440,&quot;335559739&quot;:110,&quot;335559740&quot;:220,&quot;335559991&quot;:1440,&quot;469777462&quot;:[1340,1440],&quot;469777927&quot;:[0,0],&quot;469777928&quot;:[4,1]}\"> </span></li>\n<li><b><span data-contrast=\"auto\">Not hiring a pro:</span></b><span data-contrast=\"auto\"> When serious cybersecurity incidents occur, people (often individuals or small business owners) often try to address them on their own. Doing so is not much different than trying to treat a serious medical condition without going to the doctor or defending yourself in criminal court without a lawyer. Hackers, malware designers, and other cybercriminals are skilled and arm themselves with significant knowledge. If you’re locked in a de facto battle against them, you want a pro on your side, too.</span><span data-ccp-props=\"{&quot;201341983&quot;:1,&quot;335559685&quot;:1440,&quot;335559739&quot;:220,&quot;335559740&quot;:220,&quot;335559991&quot;:1440,&quot;469777462&quot;:[1340,1440],&quot;469777927&quot;:[0,0],&quot;469777928&quot;:[4,1]}\"> </span></li>\n</ul>\n"},{"title":"Common cyber scams targeting online shoppers","thumb":null,"image":null,"content":"<p><span data-contrast=\"auto\">Cyber-criminals use some common scams to target online shoppers, but you can protect yourself from internet scams easily.</span><span data-ccp-props=\"{&quot;201341983&quot;:1,&quot;335559685&quot;:1022,&quot;335559739&quot;:220,&quot;335559740&quot;:220}\"> </span></p>\n<p>One simple technique: If you ever receive any communication from a retailer, shipper, or any other party related to an online shopping order, an amazing deal, or other matter that you want to look into, do not click links in the message or open associated attachments. Open a web browser, go to the website of the relevant “sender,” locate its contact information, and contact it directly to ask about the message you received.</p>\n<p>The following are common cyber scams that target online shoppers:</p>\n<ul>\n<li><span data-ccp-props=\"{&quot;201341983&quot;:1,&quot;335559685&quot;:1022,&quot;335559739&quot;:220,&quot;335559740&quot;:220}\"> </span><b><span data-contrast=\"auto\">“There are problems with your order” emails (or text messages):</span></b><span data-contrast=\"auto\"> Criminals often send mass emails that appear to come from an online retailer and that inform recipients that a problem is preventing the store from shipping the order and that the recipient must take action to receive the order. Such emails often contain a link to a bogus website that collects, at a minimum, login information, such as usernames and passwords, for the retailer’s website.<br />\nSuch scam emails aren’t normally targeted — they simply impersonate major retailers. Criminals rely on the fact that a large number of people who receive such an email message are likely to have placed an order with the impersonated retailer in the not-so-distant past.</span><span data-ccp-props=\"{&quot;201341983&quot;:1,&quot;335559685&quot;:1440,&quot;335559739&quot;:110,&quot;335559740&quot;:220,&quot;335559991&quot;:1440,&quot;469777462&quot;:[1340,1440],&quot;469777927&quot;:[0,0],&quot;469777928&quot;:[4,1]}\"> </span></li>\n<li><b><span data-contrast=\"auto\">“There are problems with your payment method” emails (or text messages):</span></b><span data-contrast=\"auto\"> Similar to the preceding scam, criminals send mass emails (or text messages) that appear to come from an online retailer and that inform recipients that a problem occurred with the payment method used to pay for an order — with instructions that the recipient submit new payment information via some web page.<br />\nRecipients who had, in fact, recently placed orders, are likely to be caught off-guard, and some will likely click through. Of course, the page that collects that new payment information — sometimes along with login credentials to the retailer’s site — is simply a tool for stealing credit and debit card numbers, along with potentially other data as well.</span><span data-ccp-props=\"{&quot;201341983&quot;:1,&quot;335559685&quot;:1440,&quot;335559739&quot;:110,&quot;335559740&quot;:220,&quot;335559991&quot;:1440,&quot;469777462&quot;:[1340,1440],&quot;469777927&quot;:[0,0],&quot;469777928&quot;:[4,1]}\"> </span></li>\n<li><b><span data-contrast=\"auto\">Delivery-service problem emails: </span></b><span data-contrast=\"auto\">Criminals send emails that appear to come from a major delivery service and that inform the recipients that an issue of some sort occurred with a delivery, and that the recipient must take action to have delivery reattempted.<br />\nOf course, these messages either deliver malware via attachments or direct users to phishing or malware-spreading websites; they certainly do not help people get any items delivered.</span><span data-ccp-props=\"{&quot;201341983&quot;:1,&quot;335559685&quot;:1440,&quot;335559739&quot;:110,&quot;335559740&quot;:220,&quot;335559991&quot;:1440,&quot;469777462&quot;:[1340,1440],&quot;469777927&quot;:[0,0],&quot;469777928&quot;:[4,1]}\"> </span></li>\n<li><b><span data-contrast=\"auto\">Bogus deal emails, social media posts, or web links: </span></b><span data-contrast=\"auto\">Criminals frequently either send via email or post to social media or deal websites all sorts of “amazing” offers, which often seem too good to be true. A 5-inch Samsung OLED television for $100?! A brand new 13-inch Mac laptop for $200?! While some such deals may be legitimate — and, if they are advertised by a major reseller, you can check on the website of the relevant seller to determine that — the overwhelming majority are not.<br />\nIf the seller is a major reseller and the deal is not legit, the email may link to a bogus site or be spreading malware. If the seller is a firm that you have never heard of, the whole store may be a scam — collecting payments, for example, and never shipping the goods for which the payments were made, shipping defective goods, or shipping stolen goods.</span><span data-ccp-props=\"{&quot;201341983&quot;:1,&quot;335559685&quot;:1440,&quot;335559739&quot;:110,&quot;335559740&quot;:220,&quot;335559991&quot;:1440,&quot;469777462&quot;:[1340,1440],&quot;469777927&quot;:[0,0],&quot;469777928&quot;:[4,1]}\"> </span></li>\n<li><b><span data-contrast=\"auto\">Fake invoice emails:</span></b><span data-contrast=\"auto\"> Criminals send what appear to be invoices from online stores for purchases costing significant amounts and note the sale amounts were charged to the recipients’ credit cards.<br />\nThese “invoices” scare people into thinking that they somehow unintentionally placed an order, were charged more than they expected for some item, or were somehow defrauded by someone using their credit card number. This can lead the recipients to contact the seller by clicking links that the sender, of course, conveniently included within the invoice message.<br />\nThese links, however, bring the user to a site that either captures information, installs malware, or both. Sometimes the invoices that are sent via email are included as attachments and, you guessed it, contain malware.</span><span data-ccp-props=\"{&quot;201341983&quot;:1,&quot;335559685&quot;:1440,&quot;335559739&quot;:220,&quot;335559740&quot;:220,&quot;335559991&quot;:1440,&quot;469777462&quot;:[1340,1440],&quot;469777927&quot;:[0,0],&quot;469777928&quot;:[4,1]}\"> </span></li>\n</ul>\n"}],"videoInfo":{"videoId":null,"name":null,"accountId":null,"playerId":null,"thumbnailUrl":null,"description":null,"uploadDate":null}},"sponsorship":{"sponsorshipPage":false,"backgroundImage":{"src":null,"width":0,"height":0},"brandingLine":"","brandingLink":"","brandingLogo":{"src":null,"width":0,"height":0},"sponsorAd":"","sponsorEbookTitle":"","sponsorEbookLink":"","sponsorEbookImage":{"src":null,"width":0,"height":0}},"primaryLearningPath":"Solve","lifeExpectancy":"Six months","lifeExpectancySetFrom":"2022-12-06T00:00:00+00:00","dummiesForKids":"no","sponsoredContent":"no","adInfo":"","adPairKey":[]},"status":"publish","visibility":"public","articleId":264354},{"headers":{"creationTime":"2019-10-10T12:02:16+00:00","modifiedTime":"2023-06-23T14:39:39+00:00","timestamp":"2023-09-14T18:19:44+00:00"},"data":{"breadcrumbs":[{"name":"Technology","_links":{"self":"//dummies-api.coursofppt.com/v2/categories/33512"},"slug":"technology","categoryId":33512},{"name":"Cybersecurity","_links":{"self":"//dummies-api.coursofppt.com/v2/categories/33537"},"slug":"cybersecurity","categoryId":33537}],"title":"4 Ways Hackers Crack Passwords","strippedTitle":"4 ways hackers crack passwords","slug":"4-ways-hackers-crack-passwords","canonicalUrl":"","查找传奇游戏检索平台改善":{"metaDescription":"Learn the different ways hackers break into passwords and the various tools available to you for protecting your passwords.","noIndex":0,"noFollow":0},"content":"Hackers use a variety of means to gain passwords. One of the most common ways for hackers to get access to your passwords is through <a href=\"//coursofppt.com/computers/pcs/computer-security/the-dangers-of-social-engineering/\" target=\"_blank\" rel=\"noopener\">social engineering</a>, but they don’t stop there. Check out the following tools and vulnerabilities hackers exploit to grab your password.\r\n<h2 id=\"tab1\" >Keystroke logging</h2>\r\nOne of the best techniques for capturing passwords is remote <em>keystroke logging</em> — the use of software or hardware to record keystrokes as they’re typed.\r\n<p class=\"article-tips warning\">Be careful with keystroke logging. Even with good intentions, monitoring employees raises various legal issues if it’s not done correctly. Discuss with your legal counsel what you’ll be doing, ask for her guidance, and get approval from upper management.</p>\r\n\r\n<h3>Logging tools used by hackers</h3>\r\nWith keystroke-logging tools, you can assess the log files of your application to see what passwords people are using:\r\n<ul>\r\n \t<li>Keystroke-logging applications can be installed on the monitored computer. Check out <a href=\"//www.veriato.com/products/veriato-cerebral-insider-threat-detection-software\" target=\"_blank\" rel=\"noopener\">Veriato's Cebral</a>, as one example. Dozens of such tools are available online.</li>\r\n \t<li>Hardware-based tools fit between the keyboard and the computer or replace the keyboard.</li>\r\n</ul>\r\n<p class=\"article-tips warning\">A keystroke-logging tool installed on a shared computer can capture the passwords of every user who logs in.</p>\r\n\r\n<h3>Countermeasures against logging tools</h3>\r\nThe best defense against the installation of keystroke-logging software on your systems is to use an antimalware program or a similar endpoint protection software that monitors the local host. It’s not foolproof but can help. As with physical keyloggers, you’ll need to inspect each system visually.\r\n<p class=\"article-tips warning\">The potential for hackers to install keystroke-logging software is another reason to ensure that your users aren’t downloading and installing random shareware or opening attachments in unsolicited emails. Consider locking down your desktops by setting the appropriate user rights through local or group security policy in Windows.</p>\r\nAlternatively, you could use a commercial lockdown program, such as <a href=\"//www.fortresgrand.com/\" target=\"_blank\" rel=\"noopener\">Fortres 101</a> for Windows or <a href=\"//www.faronics.com/products/deep-freeze/enterprise\" target=\"_blank\" rel=\"noopener\">Deep Freeze Enterprise</a> for Windows, Linux, and macOS X. A different technology that still falls into this category is Carbon Black’s “positive security” allow listing application, called <a href=\"//www.carbonblack.com/products/cb-protection\" target=\"_blank\" rel=\"noopener\">Cb Protection</a>, which allows you to configure which executables can be run on any given system. It’s intended to fight off advanced malware but could certainly be used in this situation.\r\n<h2 id=\"tab2\" >Weak password storage</h2>\r\nMany legacy and stand-alone applications — such as email, dial-up network connections, and accounting software — store passwords locally, which makes them vulnerable to password hacking. By performing a basic text search, you can find passwords stored in clear text on the local hard drives of machines. You can automate the process even further by using a program called <a href=\"//www.mythicsoft.com/\" target=\"_blank\" rel=\"noopener\">FileLocator Pro</a>.\r\n<h3>How hackers search for passwords</h3>\r\nYou can try using your favorite text-searching utility — such as the Windows search function, <code>findstr</code>, or <code>grep</code> — to search for <em>password</em> or <em>passwd</em> on your computer's drives. You may be shocked to find what’s on your systems. Some programs even write passwords to disk or leave them stored in memory.\r\n<p class=\"article-tips remember\">Weak password storage is a criminal hacker’s dream. Head it off if you can. This doesn’t mean that you should immediately run off and start using a cloud-based password manager, however. As we’ve all seen over the years, those systems get hacked as well!</p>\r\n\r\n<h3>Countermeasures against weak passwords</h3>\r\nThe only reliable way to eliminate weak password storage is to use only applications that store passwords securely. This practice may not be practical, but it’s your only guarantee that your passwords are secure. Another option is to instruct users not to store their passwords when prompted.\r\n\r\nBefore upgrading applications, contact your software vendor to see how it manages passwords, or search for a third-party solution.\r\n<h2 id=\"tab3\" >How hackers use network analyzers to crack passwords</h2>\r\nA network analyzer sniffs the packets traversing the network, which is what the bad guys do if they can gain control of a computer, <a href=\"//coursofppt.com/programming/certification/network-based-hacker-attacks/\" target=\"_blank\" rel=\"noopener\">tap into your wireless network</a>, or gain physical network access to set up their network analyzer. If they gain physical access, they can look for a network jack on the wall and plug right in.\r\n<h3>Finding password vulnerabilities with network analyzers</h3>\r\nThe image below shows how crystal-clear passwords can be through the eyes of a network analyzer. This shows how Cain & Abel can glean thousands of passwords going across the network in a matter of a couple of hours. As you can see in the left pane, these clear text password vulnerabilities can apply to FTP, web, Telnet, and more. (The actual usernames and passwords are blurred to protect them.)\r\n\r\n[caption id=\"attachment_256040\" align=\"aligncenter\" width=\"535\"]<img class=\"wp-image-256040 size-full\" src=\"//coursofppt.com/wp-content/uploads/cain-abel-ethical-hacking.jpg\" alt=\"\" width=\"535\" height=\"304\" /> Using Cain & Abel to capture passwords going across the network.[/caption]\r\n<p class=\"article-tips remember\">If traffic isn’t tunneled through some form of encrypted link (such as a virtual private network, Secure Shell, or Secure Sockets Layer), it’s vulnerable to attack.</p>\r\nCain & Abel is a password-cracking tool that also has network analysis capabilities. You can also use a regular network analyzer, such as the commercial products <a href=\"//www.liveaction.com/products/omnipeek-network-protocol-analyzer/\" target=\"_blank\" rel=\"noopener\">Omnipeek</a> and <a href=\"//www.tamos.com/products/commview\" target=\"_blank\" rel=\"noopener\">CommView</a>, as well as the free open-source program <a href=\"//www.wireshark.org/\" target=\"_blank\" rel=\"noopener\">Wireshark</a>. With a network analyzer, you can search for password traffic in various ways. To capture POP3 password traffic, for example, you can set up a filter and a trigger to search for the PASS command. When the network analyzer sees the PASS command in the packet, it captures that specific data.\r\n\r\nNetwork analyzers require you to capture data on a hub segment of your network or via a monitor/mirror/span port on a switch. Otherwise, you can’t see anyone else’s data traversing the network — just yours. Check your switch’s user guide to see whether it has a monitor or mirror port and for instructions on how to configure it. You can connect your network analyzer to a hub on the public side of your firewall. You’ll capture only those packets that are entering or leaving your network — not internal traffic.\r\n<h3>Countermeasures against network analyzers</h3>\r\nHere are some good defenses against network analyzer attacks:\r\n<ul>\r\n \t<li><strong>Use switches on your network, not hubs.</strong> Ethernet hubs are things of the past, but they are still used occasionally. If you must use hubs on network segments, a program like <a href=\"//sniffdet.sourceforge.net/\" target=\"_blank\" rel=\"noopener\">sniffdet</a> for Unix/Linux-based systems and <a href=\"//vidstromlabs.com/freetools/promiscdetect/\" target=\"_blank\" rel=\"noopener\">PromiscDetect</a> for Windows can detect network cards in <em>promiscuous mode</em> (accepting all packets, whether they’re destined for the local machine or not). A network card in promiscuous mode signifies that a network analyzer may be running on the network.</li>\r\n \t<li><strong>Make sure that unsupervised areas, such as an unoccupied lobby or training room, don’t have live network connections.</strong> An Ethernet port is all someone needs to gain access to your internal network.</li>\r\n \t<li><strong>Don’t let anyone without a business need gain physical access to your switches or to the network connection on the public side of your firewall.</strong> With physical access, a hacker can connect to a switch monitor port or tap into the unswitched network segment outside the firewall and then capture packets.</li>\r\n</ul>\r\n<p class=\"article-tips warning\">Switches don’t provide complete security because they’re vulnerable to ARP poisoning attacks.</p>\r\n\r\n<h2 id=\"tab4\" >How hackers break weak BIOS passwords</h2>\r\nMost computer BIOS (basic input/output system) settings allow power-on passwords and/or setup passwords to protect the computer’s hardware settings that are stored in the CMOS chip. Here are some ways around these passwords:\r\n<ul>\r\n \t<li>You usually can reset these passwords by unplugging the CMOS battery or by changing a jumper on the motherboard.</li>\r\n \t<li>Password-cracking utilities for BIOS passwords are available on the Internet and from computer manufacturers.</li>\r\n</ul>\r\nIf gaining access to the hard drive is your ultimate goal, you can remove the hard drive from the computer and install it in another one, and you’re good to go. This technique is a great way to prove that BIOS/power-on passwords are <em>not</em> effective countermeasures for lost or stolen laptops.\r\n<p class=\"article-tips tip\">Check <a href=\"//www.cirt.net/passwords\" target=\"_blank\" rel=\"noopener\">cirt.net</a> for a good list of default system passwords for various vendor equipment.</p>\r\nTons of variables exist for hacking and hacking countermeasures depending on your hardware setup. If you plan to hack your own BIOS passwords, check for information in your user manual, or refer to the <a href=\"//searchenterprisedesktop.techtarget.com/tutorial/BIOS-password-hacking\" target=\"_blank\" rel=\"noopener\">BIOS password-hacking guide</a>. If protecting the information on your hard drives is your ultimate goal, full (sometimes referred to as <em>whole</em>) disk is the best way to go.\r\n\r\nThe good news is that newer computers (within the past five years or so) use a new type of BIOS called unified extensible firmware interface (UEFI), which is much more resilient to boot-level system cracking attempts. Still, a weak password may be all it takes for the system to be exploited.\r\n<h2 id=\"tab5\" >Weak passwords in limbo</h2>\r\nBad guys often exploit user accounts that have just been created or reset by a network administrator or help desk. New accounts may need to be created for new employees or even for security testing purposes. Accounts may need to be reset if users forget their passwords or if the accounts have been locked out because of failed attempts.\r\n<h3>Password weaknesses in user account</h3>\r\nHere are some reasons why user accounts can be vulnerable:\r\n<ul>\r\n \t<li>When user accounts are reset, they’re often assigned an easily cracked or widely-known password (such as the user’s name or the word <em>password</em>). The time between resetting the user account and changing the password is a prime opportunity for a break-in.</li>\r\n \t<li>Many systems have default accounts or unused accounts with weak passwords or no passwords at all. These accounts are prime targets.</li>\r\n</ul>\r\n<h3>Countermeasures against passwords in limbo</h3>\r\nThe best defenses against attacks on passwords in limbo are solid help-desk policies and procedures that prevent weak passwords from being available at any given time during the new-account-generation and password-reset processes. Following are perhaps the best ways to overcome this vulnerability:\r\n<ul>\r\n \t<li>Require users to be on the phone with the help desk or to have a help-desk member perform the reset at the user’s desk.</li>\r\n \t<li>Require that the user immediately log in and change the password.</li>\r\n \t<li>If you need the ultimate in security, implement stronger authentication methods, such as challenge/response questions, smart cards, or digital certificates.</li>\r\n \t<li>Automate password reset functionality via self-service tools on your network so that users can manage most of their password problems without help from others.</li>\r\n</ul>","description":"Hackers use a variety of means to gain passwords. One of the most common ways for hackers to get access to your passwords is through <a href=\"//coursofppt.com/computers/pcs/computer-security/the-dangers-of-social-engineering/\" target=\"_blank\" rel=\"noopener\">social engineering</a>, but they don’t stop there. Check out the following tools and vulnerabilities hackers exploit to grab your password.\r\n<h2 id=\"tab1\" >Keystroke logging</h2>\r\nOne of the best techniques for capturing passwords is remote <em>keystroke logging</em> — the use of software or hardware to record keystrokes as they’re typed.\r\n<p class=\"article-tips warning\">Be careful with keystroke logging. Even with good intentions, monitoring employees raises various legal issues if it’s not done correctly. Discuss with your legal counsel what you’ll be doing, ask for her guidance, and get approval from upper management.</p>\r\n\r\n<h3>Logging tools used by hackers</h3>\r\nWith keystroke-logging tools, you can assess the log files of your application to see what passwords people are using:\r\n<ul>\r\n \t<li>Keystroke-logging applications can be installed on the monitored computer. Check out <a href=\"//www.veriato.com/products/veriato-cerebral-insider-threat-detection-software\" target=\"_blank\" rel=\"noopener\">Veriato's Cebral</a>, as one example. Dozens of such tools are available online.</li>\r\n \t<li>Hardware-based tools fit between the keyboard and the computer or replace the keyboard.</li>\r\n</ul>\r\n<p class=\"article-tips warning\">A keystroke-logging tool installed on a shared computer can capture the passwords of every user who logs in.</p>\r\n\r\n<h3>Countermeasures against logging tools</h3>\r\nThe best defense against the installation of keystroke-logging software on your systems is to use an antimalware program or a similar endpoint protection software that monitors the local host. It’s not foolproof but can help. As with physical keyloggers, you’ll need to inspect each system visually.\r\n<p class=\"article-tips warning\">The potential for hackers to install keystroke-logging software is another reason to ensure that your users aren’t downloading and installing random shareware or opening attachments in unsolicited emails. Consider locking down your desktops by setting the appropriate user rights through local or group security policy in Windows.</p>\r\nAlternatively, you could use a commercial lockdown program, such as <a href=\"//www.fortresgrand.com/\" target=\"_blank\" rel=\"noopener\">Fortres 101</a> for Windows or <a href=\"//www.faronics.com/products/deep-freeze/enterprise\" target=\"_blank\" rel=\"noopener\">Deep Freeze Enterprise</a> for Windows, Linux, and macOS X. A different technology that still falls into this category is Carbon Black’s “positive security” allow listing application, called <a href=\"//www.carbonblack.com/products/cb-protection\" target=\"_blank\" rel=\"noopener\">Cb Protection</a>, which allows you to configure which executables can be run on any given system. It’s intended to fight off advanced malware but could certainly be used in this situation.\r\n<h2 id=\"tab2\" >Weak password storage</h2>\r\nMany legacy and stand-alone applications — such as email, dial-up network connections, and accounting software — store passwords locally, which makes them vulnerable to password hacking. By performing a basic text search, you can find passwords stored in clear text on the local hard drives of machines. You can automate the process even further by using a program called <a href=\"//www.mythicsoft.com/\" target=\"_blank\" rel=\"noopener\">FileLocator Pro</a>.\r\n<h3>How hackers search for passwords</h3>\r\nYou can try using your favorite text-searching utility — such as the Windows search function, <code>findstr</code>, or <code>grep</code> — to search for <em>password</em> or <em>passwd</em> on your computer's drives. You may be shocked to find what’s on your systems. Some programs even write passwords to disk or leave them stored in memory.\r\n<p class=\"article-tips remember\">Weak password storage is a criminal hacker’s dream. Head it off if you can. This doesn’t mean that you should immediately run off and start using a cloud-based password manager, however. As we’ve all seen over the years, those systems get hacked as well!</p>\r\n\r\n<h3>Countermeasures against weak passwords</h3>\r\nThe only reliable way to eliminate weak password storage is to use only applications that store passwords securely. This practice may not be practical, but it’s your only guarantee that your passwords are secure. Another option is to instruct users not to store their passwords when prompted.\r\n\r\nBefore upgrading applications, contact your software vendor to see how it manages passwords, or search for a third-party solution.\r\n<h2 id=\"tab3\" >How hackers use network analyzers to crack passwords</h2>\r\nA network analyzer sniffs the packets traversing the network, which is what the bad guys do if they can gain control of a computer, <a href=\"//coursofppt.com/programming/certification/network-based-hacker-attacks/\" target=\"_blank\" rel=\"noopener\">tap into your wireless network</a>, or gain physical network access to set up their network analyzer. If they gain physical access, they can look for a network jack on the wall and plug right in.\r\n<h3>Finding password vulnerabilities with network analyzers</h3>\r\nThe image below shows how crystal-clear passwords can be through the eyes of a network analyzer. This shows how Cain & Abel can glean thousands of passwords going across the network in a matter of a couple of hours. As you can see in the left pane, these clear text password vulnerabilities can apply to FTP, web, Telnet, and more. (The actual usernames and passwords are blurred to protect them.)\r\n\r\n[caption id=\"attachment_256040\" align=\"aligncenter\" width=\"535\"]<img class=\"wp-image-256040 size-full\" src=\"//coursofppt.com/wp-content/uploads/cain-abel-ethical-hacking.jpg\" alt=\"\" width=\"535\" height=\"304\" /> Using Cain & Abel to capture passwords going across the network.[/caption]\r\n<p class=\"article-tips remember\">If traffic isn’t tunneled through some form of encrypted link (such as a virtual private network, Secure Shell, or Secure Sockets Layer), it’s vulnerable to attack.</p>\r\nCain & Abel is a password-cracking tool that also has network analysis capabilities. You can also use a regular network analyzer, such as the commercial products <a href=\"//www.liveaction.com/products/omnipeek-network-protocol-analyzer/\" target=\"_blank\" rel=\"noopener\">Omnipeek</a> and <a href=\"//www.tamos.com/products/commview\" target=\"_blank\" rel=\"noopener\">CommView</a>, as well as the free open-source program <a href=\"//www.wireshark.org/\" target=\"_blank\" rel=\"noopener\">Wireshark</a>. With a network analyzer, you can search for password traffic in various ways. To capture POP3 password traffic, for example, you can set up a filter and a trigger to search for the PASS command. When the network analyzer sees the PASS command in the packet, it captures that specific data.\r\n\r\nNetwork analyzers require you to capture data on a hub segment of your network or via a monitor/mirror/span port on a switch. Otherwise, you can’t see anyone else’s data traversing the network — just yours. Check your switch’s user guide to see whether it has a monitor or mirror port and for instructions on how to configure it. You can connect your network analyzer to a hub on the public side of your firewall. You’ll capture only those packets that are entering or leaving your network — not internal traffic.\r\n<h3>Countermeasures against network analyzers</h3>\r\nHere are some good defenses against network analyzer attacks:\r\n<ul>\r\n \t<li><strong>Use switches on your network, not hubs.</strong> Ethernet hubs are things of the past, but they are still used occasionally. If you must use hubs on network segments, a program like <a href=\"//sniffdet.sourceforge.net/\" target=\"_blank\" rel=\"noopener\">sniffdet</a> for Unix/Linux-based systems and <a href=\"//vidstromlabs.com/freetools/promiscdetect/\" target=\"_blank\" rel=\"noopener\">PromiscDetect</a> for Windows can detect network cards in <em>promiscuous mode</em> (accepting all packets, whether they’re destined for the local machine or not). A network card in promiscuous mode signifies that a network analyzer may be running on the network.</li>\r\n \t<li><strong>Make sure that unsupervised areas, such as an unoccupied lobby or training room, don’t have live network connections.</strong> An Ethernet port is all someone needs to gain access to your internal network.</li>\r\n \t<li><strong>Don’t let anyone without a business need gain physical access to your switches or to the network connection on the public side of your firewall.</strong> With physical access, a hacker can connect to a switch monitor port or tap into the unswitched network segment outside the firewall and then capture packets.</li>\r\n</ul>\r\n<p class=\"article-tips warning\">Switches don’t provide complete security because they’re vulnerable to ARP poisoning attacks.</p>\r\n\r\n<h2 id=\"tab4\" >How hackers break weak BIOS passwords</h2>\r\nMost computer BIOS (basic input/output system) settings allow power-on passwords and/or setup passwords to protect the computer’s hardware settings that are stored in the CMOS chip. Here are some ways around these passwords:\r\n<ul>\r\n \t<li>You usually can reset these passwords by unplugging the CMOS battery or by changing a jumper on the motherboard.</li>\r\n \t<li>Password-cracking utilities for BIOS passwords are available on the Internet and from computer manufacturers.</li>\r\n</ul>\r\nIf gaining access to the hard drive is your ultimate goal, you can remove the hard drive from the computer and install it in another one, and you’re good to go. This technique is a great way to prove that BIOS/power-on passwords are <em>not</em> effective countermeasures for lost or stolen laptops.\r\n<p class=\"article-tips tip\">Check <a href=\"//www.cirt.net/passwords\" target=\"_blank\" rel=\"noopener\">cirt.net</a> for a good list of default system passwords for various vendor equipment.</p>\r\nTons of variables exist for hacking and hacking countermeasures depending on your hardware setup. If you plan to hack your own BIOS passwords, check for information in your user manual, or refer to the <a href=\"//searchenterprisedesktop.techtarget.com/tutorial/BIOS-password-hacking\" target=\"_blank\" rel=\"noopener\">BIOS password-hacking guide</a>. If protecting the information on your hard drives is your ultimate goal, full (sometimes referred to as <em>whole</em>) disk is the best way to go.\r\n\r\nThe good news is that newer computers (within the past five years or so) use a new type of BIOS called unified extensible firmware interface (UEFI), which is much more resilient to boot-level system cracking attempts. Still, a weak password may be all it takes for the system to be exploited.\r\n<h2 id=\"tab5\" >Weak passwords in limbo</h2>\r\nBad guys often exploit user accounts that have just been created or reset by a network administrator or help desk. New accounts may need to be created for new employees or even for security testing purposes. Accounts may need to be reset if users forget their passwords or if the accounts have been locked out because of failed attempts.\r\n<h3>Password weaknesses in user account</h3>\r\nHere are some reasons why user accounts can be vulnerable:\r\n<ul>\r\n \t<li>When user accounts are reset, they’re often assigned an easily cracked or widely-known password (such as the user’s name or the word <em>password</em>). The time between resetting the user account and changing the password is a prime opportunity for a break-in.</li>\r\n \t<li>Many systems have default accounts or unused accounts with weak passwords or no passwords at all. These accounts are prime targets.</li>\r\n</ul>\r\n<h3>Countermeasures against passwords in limbo</h3>\r\nThe best defenses against attacks on passwords in limbo are solid help-desk policies and procedures that prevent weak passwords from being available at any given time during the new-account-generation and password-reset processes. Following are perhaps the best ways to overcome this vulnerability:\r\n<ul>\r\n \t<li>Require users to be on the phone with the help desk or to have a help-desk member perform the reset at the user’s desk.</li>\r\n \t<li>Require that the user immediately log in and change the password.</li>\r\n \t<li>If you need the ultimate in security, implement stronger authentication methods, such as challenge/response questions, smart cards, or digital certificates.</li>\r\n \t<li>Automate password reset functionality via self-service tools on your network so that users can manage most of their password problems without help from others.</li>\r\n</ul>","blurb":"","authors":[{"authorId":8984,"name":"Kevin Beaver","slug":"kevin-beaver","description":" <p><b>Kevin Beaver </b>is an information security guru and has worked in the industry for more than three decades as a consultant, writer, and speaker. He earned his master&#8217;s degree in Management of Technology at Georgia Tech.</b></p> ","hasArticle":false,"_links":{"self":"//dummies-api.coursofppt.com/v2/authors/8984"}}],"primaryCategoryTaxonomy":{"categoryId":33537,"title":"Cybersecurity","slug":"cybersecurity","_links":{"self":"//dummies-api.coursofppt.com/v2/categories/33537"}},"secondaryCategoryTaxonomy":{"categoryId":0,"title":null,"slug":null,"_links":null},"tertiaryCategoryTaxonomy":{"categoryId":0,"title":null,"slug":null,"_links":null},"trendingArticles":null,"inThisArticle":[{"label":"Keystroke logging","target":"#tab1"},{"label":"Weak password storage","target":"#tab2"},{"label":"How hackers use network analyzers to crack passwords","target":"#tab3"},{"label":"How hackers break weak BIOS passwords","target":"#tab4"},{"label":"Weak passwords in limbo","target":"#tab5"}],"relatedArticles":{"fromBook":[{"articleId":256048,"title":"Validate Data to Prevent Web Attacks: Input Hacks","slug":"validate-data-to-prevent-web-attacks-input-hacks","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/256048"}},{"articleId":256044,"title":"Best Practices for Minimizing Hacking of Email Systems","slug":"best-practices-for-minimizing-hacking-of-email-systems","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/256044"}},{"articleId":255983,"title":"Ethical Hacking: Improving Cybersecurity in Your Databases","slug":"ethical-hacking-improving-cybersecurity-in-your-databases","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/255983"}},{"articleId":255968,"title":"The Dangers of Social Engineering","slug":"the-dangers-of-social-engineering","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/255968"}},{"articleId":255963,"title":"How to Prevent Hacker Attacks: 4 Ways to Gather Public Information","slug":"how-to-prevent-hacker-attacks-4-ways-to-gather-public-information","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/255963"}}],"fromCategory":[{"articleId":291466,"title":"Security Awareness For Dummies Cheat Sheet","slug":"security-awareness-for-dummies-cheat-sheet","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/291466"}},{"articleId":290240,"title":"Cloud Security For Dummies Cheat Sheet","slug":"cloud-security-for-dummies-cheat-sheet","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/290240"}},{"articleId":270968,"title":"How to Perform a Penetration Test","slug":"how-to-perform-a-penetration-test","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/270968"}},{"articleId":270960,"title":"Penetration Testing with Burp Suite and Wireshark to Uncover Vulnerabilities","slug":"penetration-testing-with-burp-suite-and-wireshark-to-uncover-vulnerabilities","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/270960"}},{"articleId":270942,"title":"Building a Penetration Testing Toolkit: Considerations and Popular Pen Test Tools","slug":"building-a-penetration-testing-toolkit-considerations-and-popular-pen-test-tools","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/270942"}}]},"hasRelatedBookFromSearch":false,"relatedBook":{"bookId":281732,"slug":"hacking-for-dummies","isbn":"9781119872191","categoryList":["technology","cybersecurity"],"amazon":{"default":"//www.amazon.com/gp/product/1119872197/ref=as_li_tl?ie=UTF8&tag=wiley01-20","ca":"//www.amazon.ca/gp/product/1119872197/ref=as_li_tl?ie=UTF8&tag=wiley01-20","indigo_ca":"//www.tkqlhce.com/click-9208661-13710633?url=//www.chapters.indigo.ca/en-ca/books/product/1119872197-item.html&cjsku=978111945484","gb":"//www.amazon.co.uk/gp/product/1119872197/ref=as_li_tl?ie=UTF8&tag=wiley01-20","de":"//www.amazon.de/gp/product/1119872197/ref=as_li_tl?ie=UTF8&tag=wiley01-20"},"image":{"src":"//coursofppt.com/wp-content/uploads/9781119872191-203x255.jpg","width":203,"height":255},"title":"Hacking For Dummies","testBankPinActivationLink":"","bookOutOfPrint":true,"authorsInfo":"<p><b><b data-author-id=\"8984\">Kevin Beaver</b> </b>is an information security guru and has worked in the industry for more than three decades as a consultant, writer, and speaker. He earned his master&#8217;s degree in Management of Technology at Georgia Tech.</b></p>","authors":[{"authorId":8984,"name":"Kevin Beaver","slug":"kevin-beaver","description":" <p><b>Kevin Beaver </b>is an information security guru and has worked in the industry for more than three decades as a consultant, writer, and speaker. He earned his master&#8217;s degree in Management of Technology at Georgia Tech.</b></p> ","hasArticle":false,"_links":{"self":"//dummies-api.coursofppt.com/v2/authors/8984"}}],"_links":{"self":"//dummies-api.coursofppt.com/v2/books/"}},"collections":[],"articleAds":{"footerAd":"<div class=\"du-ad-region row\" id=\"article_page_adhesion_ad\"><div class=\"du-ad-unit col-md-12\" data-slot-id=\"article_page_adhesion_ad\" data-refreshed=\"false\" \r\n data-target = \"[{&quot;key&quot;:&quot;cat&quot;,&quot;values&quot;:[&quot;technology&quot;,&quot;cybersecurity&quot;]},{&quot;key&quot;:&quot;isbn&quot;,&quot;values&quot;:[&quot;9781119872191&quot;]}]\" id=\"du-slot-63221b4095614\"></div></div>","rightAd":"<div class=\"du-ad-region row\" id=\"article_page_right_ad\"><div class=\"du-ad-unit col-md-12\" data-slot-id=\"article_page_right_ad\" data-refreshed=\"false\" \r\n data-target = \"[{&quot;key&quot;:&quot;cat&quot;,&quot;values&quot;:[&quot;technology&quot;,&quot;cybersecurity&quot;]},{&quot;key&quot;:&quot;isbn&quot;,&quot;values&quot;:[&quot;9781119872191&quot;]}]\" id=\"du-slot-63221b4095fac\"></div></div>"},"articleType":{"articleType":"Articles","articleList":null,"content":null,"videoInfo":{"videoId":null,"name":null,"accountId":null,"playerId":null,"thumbnailUrl":null,"description":null,"uploadDate":null}},"sponsorship":{"sponsorshipPage":false,"backgroundImage":{"src":null,"width":0,"height":0},"brandingLine":"","brandingLink":"","brandingLogo":{"src":null,"width":0,"height":0},"sponsorAd":"","sponsorEbookTitle":"","sponsorEbookLink":"","sponsorEbookImage":{"src":null,"width":0,"height":0}},"primaryLearningPath":"Advance","lifeExpectancy":"One year","lifeExpectancySetFrom":"2022-12-14T00:00:00+00:00","dummiesForKids":"no","sponsoredContent":"no","adInfo":"","adPairKey":[]},"status":"publish","visibility":"public","articleId":256039},{"headers":{"creationTime":"2020-12-22T20:09:51+00:00","modifiedTime":"2023-03-15T20:59:52+00:00","timestamp":"2023-09-14T18:19:27+00:00"},"data":{"breadcrumbs":[{"name":"Technology","_links":{"self":"//dummies-api.coursofppt.com/v2/categories/33512"},"slug":"technology","categoryId":33512},{"name":"Cybersecurity","_links":{"self":"//dummies-api.coursofppt.com/v2/categories/33537"},"slug":"cybersecurity","categoryId":33537}],"title":"GDPR For Dummies Cheat Sheet","strippedTitle":"gdpr for dummies cheat sheet","slug":"gdpr-for-dummies-cheat-sheet","canonicalUrl":"","查找传奇游戏检索平台改善":{"metaDescription":"This cheat sheet answers some questions about a few major misunderstandings regarding GDPR requirements for non-EU organizations and Article 27.","noIndex":0,"noFollow":0},"content":"The <a href=\"//coursofppt.com/education/politics-government/general-data-protections-regulation-gdpr/\" target=\"_blank\" rel=\"noopener\">General Data Protection Regulation</a> (GDPR) was designed to streamline data protection laws across Europe as well as provide for some consistency across the European Union (EU). Although it's been in place since May 2018, it still causes a lot of confusion. This cheat sheet answers some questions about a few major misunderstandings: Does the GDPR apply to non-EU organizations? Can non-EU organizations be fined for non-compliance? Do you need an Article 27 representative?\r\n\r\n[caption id=\"attachment_266834\" align=\"alignnone\" width=\"556\"]<img class=\"size-full wp-image-266834\" src=\"//coursofppt.com/wp-content/uploads/gdpr-concept-image.jpg\" alt=\"GDPR concept image\" width=\"556\" height=\"371\" /> © Wright Studio/Shutterstock.com[/caption]","description":"The <a href=\"//coursofppt.com/education/politics-government/general-data-protections-regulation-gdpr/\" target=\"_blank\" rel=\"noopener\">General Data Protection Regulation</a> (GDPR) was designed to streamline data protection laws across Europe as well as provide for some consistency across the European Union (EU). Although it's been in place since May 2018, it still causes a lot of confusion. This cheat sheet answers some questions about a few major misunderstandings: Does the GDPR apply to non-EU organizations? Can non-EU organizations be fined for non-compliance? Do you need an Article 27 representative?\r\n\r\n[caption id=\"attachment_266834\" align=\"alignnone\" width=\"556\"]<img class=\"size-full wp-image-266834\" src=\"//coursofppt.com/wp-content/uploads/gdpr-concept-image.jpg\" alt=\"GDPR concept image\" width=\"556\" height=\"371\" /> © Wright Studio/Shutterstock.com[/caption]","blurb":"","authors":[],"primaryCategoryTaxonomy":{"categoryId":33537,"title":"Cybersecurity","slug":"cybersecurity","_links":{"self":"//dummies-api.coursofppt.com/v2/categories/33537"}},"secondaryCategoryTaxonomy":{"categoryId":0,"title":null,"slug":null,"_links":null},"tertiaryCategoryTaxonomy":{"categoryId":0,"title":null,"slug":null,"_links":null},"trendingArticles":null,"inThisArticle":[],"relatedArticles":{"fromBook":[{"articleId":267867,"title":"GDPR and Data Security","slug":"gdpr-and-data-security","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/267867"}},{"articleId":267864,"title":"The GDPR and Data Subject Access Rights (DSARs)","slug":"the-gdpr-and-data-subject-access-rights-dsars","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/267864"}},{"articleId":267861,"title":"How to Create and Communicate Your Opt-In Wording","slug":"how-to-create-and-communicate-your-opt-in-wording","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/267861"}},{"articleId":267858,"title":"Data Protection: When to Use Opt-In Wording","slug":"data-protection-when-to-use-opt-in-wording","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/267858"}},{"articleId":267854,"title":"How to Create and Communicate Your Cookie Policy","slug":"how-to-create-and-communicate-your-cookie-policy","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/267854"}}],"fromCategory":[{"articleId":291466,"title":"Security Awareness For Dummies Cheat Sheet","slug":"security-awareness-for-dummies-cheat-sheet","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/291466"}},{"articleId":290240,"title":"Cloud Security For Dummies Cheat Sheet","slug":"cloud-security-for-dummies-cheat-sheet","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/290240"}},{"articleId":270968,"title":"How to Perform a Penetration Test","slug":"how-to-perform-a-penetration-test","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/270968"}},{"articleId":270960,"title":"Penetration Testing with Burp Suite and Wireshark to Uncover Vulnerabilities","slug":"penetration-testing-with-burp-suite-and-wireshark-to-uncover-vulnerabilities","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/270960"}},{"articleId":270942,"title":"Building a Penetration Testing Toolkit: Considerations and Popular Pen Test Tools","slug":"building-a-penetration-testing-toolkit-considerations-and-popular-pen-test-tools","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/270942"}}]},"hasRelatedBookFromSearch":false,"relatedBook":{"bookId":282224,"slug":"gdpr-for-dummies","isbn":"9781119546092","categoryList":["technology","cybersecurity"],"amazon":{"default":"//www.amazon.com/gp/product/1119546095/ref=as_li_tl?ie=UTF8&tag=wiley01-20","ca":"//www.amazon.ca/gp/product/1119546095/ref=as_li_tl?ie=UTF8&tag=wiley01-20","indigo_ca":"//www.tkqlhce.com/click-9208661-13710633?url=//www.chapters.indigo.ca/en-ca/books/product/1119546095-item.html&cjsku=978111945484","gb":"//www.amazon.co.uk/gp/product/1119546095/ref=as_li_tl?ie=UTF8&tag=wiley01-20","de":"//www.amazon.de/gp/product/1119546095/ref=as_li_tl?ie=UTF8&tag=wiley01-20"},"image":{"src":"//coursofppt.com/wp-content/uploads/gdpr-for-dummies-cover-9781119546092-203x255.jpg","width":203,"height":255},"title":"GDPR For Dummies","testBankPinActivationLink":"","bookOutOfPrint":true,"authorsInfo":"<p><p><b><b data-author-id=\"33258\">Suzanne Dibble</b></b> is a business lawyer who has advised huge multi&#45;national corporations, private equity&#45;backed enterprises, and household names. Since 2010 she has focused on small businesses, combining her knowledge of large organizations with a deep appreciation for entrepreneurship, especially online businesses, to provide practical, relevant advice. See more at suzannedibble.com</p>","authors":[{"authorId":33258,"name":"Suzanne Dibble","slug":"suzanne-dibble","description":" <p><b>Suzanne Dibble</b> is a business lawyer who has advised huge multi&#45;national corporations, private equity&#45;backed enterprises, and household names. Since 2010 she has focused on small businesses, combining her knowledge of large organizations with a deep appreciation for entrepreneurship, especially online businesses, to provide practical, relevant advice. See more at suzannedibble.com ","hasArticle":false,"_links":{"self":"//dummies-api.coursofppt.com/v2/authors/33258"}}],"_links":{"self":"//dummies-api.coursofppt.com/v2/books/"}},"collections":[],"articleAds":{"footerAd":"<div class=\"du-ad-region row\" id=\"article_page_adhesion_ad\"><div class=\"du-ad-unit col-md-12\" data-slot-id=\"article_page_adhesion_ad\" data-refreshed=\"false\" \r\n data-target = \"[{&quot;key&quot;:&quot;cat&quot;,&quot;values&quot;:[&quot;technology&quot;,&quot;cybersecurity&quot;]},{&quot;key&quot;:&quot;isbn&quot;,&quot;values&quot;:[&quot;9781119546092&quot;]}]\" id=\"du-slot-63221b2fc7367\"></div></div>","rightAd":"<div class=\"du-ad-region row\" id=\"article_page_right_ad\"><div class=\"du-ad-unit col-md-12\" data-slot-id=\"article_page_right_ad\" data-refreshed=\"false\" \r\n data-target = \"[{&quot;key&quot;:&quot;cat&quot;,&quot;values&quot;:[&quot;technology&quot;,&quot;cybersecurity&quot;]},{&quot;key&quot;:&quot;isbn&quot;,&quot;values&quot;:[&quot;9781119546092&quot;]}]\" id=\"du-slot-63221b2fc7dd4\"></div></div>"},"articleType":{"articleType":"Cheat Sheet","articleList":[{"articleId":0,"title":"","slug":null,"categoryList":[],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/"}}],"content":[{"title":"Does the GDPR apply to non-EU organizations?","thumb":null,"image":null,"content":"<p>One of the sources of confusion regarding the GDPR is whether or not non-EU organizations meet GDPR requirements. There are two scenarios where the GDPR may apply to you:</p>\n<ul>\n<li>Your business is established within the EU.</li>\n<li>Your business is established outside of the EU but you either:\n<ul>\n<li>Offer goods or services to data subjects who are in the European Union, or</li>\n<li>You monitor the behavior of data subjects, as far as that behavior takes place within the EU.</li>\n</ul>\n</li>\n</ul>\n<p>So, is your business established in the EU?</p>\n<p>This is a straightforward enough question to answer if your business is entirely based in Spain, France or Italy, but what if your main business is located outside of the EU and you have a very small presence in an EU country?</p>\n<p>What does “established” actually mean? We have to look at the “effective and real exercise of activity through stable arrangements” to see what that means.</p>\n<p>The following factors by themselves do not determine establishment within the EU:</p>\n<ul>\n<li>Your organization has a single server in an EU country.</li>\n<li>Your website is accessible by people within the EU.</li>\n<li>You have an Article 27 Representative in the EU.</li>\n<li>You use a data processor within the EU (a service provider who processes personal data on your behalf and under your instruction, in other words).</li>\n<li>Your data subjects (the individuals whose personal data you hold) are based in the EU.</li>\n</ul>\n<p>Equally, the place of incorporation of your business or the fact that you have a branch or subsidiary in certain countries is not the deciding factor in where your business is established.</p>\n<p>Yet, if you have just one sales agent, one employee, or other such representative in an EU country and this constitutes an effective and real exercise of activity through stable arrangements, then you will have an establishment within an EU country.</p>\n<p>You don’t have to be processing personal data within the EU for the GDPR to apply. If you are processing personal data “in the context of the activities” of the EU establishment (remember that this may be a single sales rep), then GDPR will apply to you whether the processing takes place within the EU or not.</p>\n<p>Hence, if your business is mainly based outside of the EU and this is where the processing of personal data takes place, but you have an establishment within the EU and the processing carried out is in the context of the activities of the entity based outside of the EU, then the GDPR will apply regardless of the fact that the processing is being carried out outside of the EU.</p>\n<p>For the processing of personal data to be “in the context of the activities of the establishment,” there needs to be an inextricable link between the activities of the establishment based outside the EU (the one carrying out the processing) and the establishment based in the EU. Inextricable means that the two establishments are connected and cannot be separated.</p>\n<p>If processing by a non-EU entity is inextricably linked to the activities of an establishment in the EU, then the GDPR applies to all processing (even of data subjects outside of the EU), even though the EU establishment isn’t carrying out (or taking any part in) the data processing itself.</p>\n<p>If you have decided you definitely don’t have an establishment in the EU, then you need to look at whether you:</p>\n<ul>\n<li>Offer goods or services to data subjects who are in the European Union; or</li>\n<li>Monitor the behavior of data subjects, as far as that behaviour takes place within the EU.</li>\n</ul>\n<p>In terms of offering goods or services, it is irrelevant whether payment is made for these or not.</p>\n<p>When considering whether you’re offering goods or services to data subjects within the EU, you need to look at whether it was actually an active part of your business plan to offer goods or services to data subjects within the EU. If you have a few one-off sales in the EU or sign-ups to your newsletter from data subjects in the EU, for example, you may not be subject to the GDPR.</p>\n<p>The following factors are considered in determining whether you are offering goods or services in such a way that the GDPR applies to you:</p>\n<ul>\n<li>Your text is in an EU language.</li>\n<li>You&#8217;re displaying prices in an EU currency.</li>\n<li>You&#8217;ve enabled the ability for people to place orders in EU languages.</li>\n<li>You make references to the country of EU users or customers.</li>\n<li>You have advertisements directed to people within EU member states.</li>\n<li>You display telephone numbers with international codes.</li>\n<li>You&#8217;re using a domain of the European member state (for example, .de or .eu).</li>\n<li>You mention clients or customers in European member states.</li>\n</ul>\n<p>This list isn’t exhaustive and all circumstances need to be considered.</p>\n<p>The data processing must relate to data subjects located in the EU at the moment when the goods or services are offered or when the behavior is monitored. The citizenship, place of residence, or other legal status of the data subject has no relevance.</p>\n<p>One example is that of an app offered by a United States-based start-up that provides city mapping and targeted advertising for tourists from the US visiting European cities such as London, Paris and Rome. These US citizens who are in the EU when the service is offered and their behavior is monitored are “in the EU” and therefore the GDPR applies to this data processing. If, however, a US tourist downloads a US news app that targets US residents while on vacation in a country within the EU, this data processing is not subject to the GDPR.</p>\n<p>If you monitor or profile EU individuals’ behavior, where that behavior is occurring within the EU, then the GDPR applies to you.</p>\n<p>Monitoring includes the tracking of individuals online to create profiles, particularly where this is in order to make decisions concerning that individual or for analyzing or predicting the individual’s preferences, behaviors, and attitudes. For example, if you’re using cookies to track an individual’s activity on the Internet and that individual is within the EU, the GDPR applies to you.</p>\n"},{"title":"Can non-EU organizations be fined for non-compliance?","thumb":null,"image":null,"content":"<p>You will no doubt have heard of the headline fines introduced by the GDPR — a maximum of 20 million euros (about $24 million USD) or 4 percent of your worldwide turnover for the previous financial year, whichever is the higher.</p>\n<p>In 2019, British Airways faced a £183 million (about $229.72 million USD) fine and Marriott faced a £99 million (about $124 million USD) fine for security breaches. Google was fined 50 million euros (about $57 million USD) for a failure to follow the principles of the GDPR. Many other serious investigations into GDPR compliance failures are ongoing.</p>\n<p>But if your business is mainly based outside of the EU, you may be thinking, &#8220;Well, why should I bother complying with the GDPR, as surely EU regulators can’t take action against my business?&#8221;</p>\n<p>Such an approach may not be the smartest. Let’s look at the reasons why.</p>\n<h3>The regulatory consequences and the huge fines</h3>\n<p>Article 50 of the GDPR anticipates attempts by non-EU organizations to avoid compliance and makes specific provision for the EU’s data protection authorities to establish international cooperation mechanisms to facilitate the effective enforcement of legislation for the protection of personal data.</p>\n<p>As was demonstrated by the United Kingdom’s enforcement notice against a Canadian company with no physical presence in the EU that was not in compliance with the GDPR, EU regulators will not be shy to take action against organizations outside of the EU.</p>\n<h3>Your EU customer and prospects won’t trust you</h3>\n<p>Aside from the regulatory consequences, your customers and prospects are much more informed about the GDPR than they were when it came to the old data protection laws and may not trust you with their personal data if they see examples of non-compliance.</p>\n<p>Supervisory authorities have run public awareness campaigns, so your prospects and customers in the EU will be much more savvy about their rights and how you should be complying with the GDPR. They will know, for example, that you should be providing them with your Privacy Notice and if you don’t do so, they will be suspicious and may decide not to entrust you with their personal data. In many cases, EU customers will vote with their feet and will move to a new supplier who is compliant with the GDPR.</p>\n<h3>Your EU customers will leave you</h3>\n<p>If you are processing personal data on behalf of data controllers within the EU — perhaps because you are an email services provider, a technology company, a marketing company or similar — and the data controllers transfer the personal data to you for to process in some way, then you need to comply with the GDPR. If not, the data controller is not legally allowed to hire you as they must only appoint data processors who put measures in place to comply with the GDPR.</p>\n<h3>Your US customers care about data protection</h3>\n<p>According to a 2018 survey by Acxiom, 82 percent of people in the US are concerned about the issue of online privacy. This was the highest percentage out of all ten countries surveyed, including Spain, Canada, Australia, the UK, Singapore, France, Argentina, Germany, and the Netherlands.</p>\n<p>Although organizations established outside of the EU only need to comply with the GDPR in relation to data subjects within the EU, you might want to think about complying with it for all of your data subjects.</p>\n<p>The GDPR is the gold standard of data protection, so if you need to comply for your EU customers and prospects, why not have one tier of data protection rather than a lesser standard for your US data subjects. You can use this to your competitive advantage by advertising the fact that you care about their personal data.</p>\n<h3>It isn’t as onerous to comply as you think</h3>\n<p>You might think that complying with the GDPR is a time consuming and expensive thing to do, but if you have the right resources and your business is relatively straightforward, it need be neither of these things.</p>\n"},{"title":"Do you need an Article 27 representative?","thumb":null,"image":null,"content":"<p>If you do not have an establishment within the EU and the GDPR applies to you, you’re required to appoint a representative in writing.</p>\n<p>A representative can be a person or organization that acts as a liaison between your organization and EU supervisory authorities who investigate and enforce data protection matters.</p>\n<p>You don’t have to appoint a representative if your processing of personal data meets all three of these criteria:</p>\n<ul>\n<li>It’s occasional.</li>\n<li>It doesn’t include processing of special category data or criminal convictions data on a large scale.</li>\n<li>It’s unlikely to result in a risk to the rights and freedoms of natural persons, taking into account the nature, context, scope, and purposes of the processing.</li>\n</ul>\n<p>Special category data includes personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation.</p>\n<p>The representative represents your organization with respect to your obligations under the GDPR, with the following two main responsibilities:</p>\n<ul>\n<li>To receive correspondence from supervisory authorities and data subjects on all issues related to the processing of personal data.</li>\n<li>To make available to the supervisory authority, at their request, your Article 30 processing records.</li>\n</ul>\n<p>Article 30 processing records are certain records of processing that you, as a data controller or a data processor, are obliged to keep.</p>\n<p>Representatives are typically law firms or consultants and must be established within an EU member state where your relevant data subjects are. For example, if you’re established in the United States and have no data subjects in Ireland, you cannot appoint a representative in Ireland because you speak the same language.</p>\n<p>After the UK leaves the EU, if you have data subjects within the UK, you will also need to appoint a UK Representative.</p>\n"}],"videoInfo":{"videoId":null,"name":null,"accountId":null,"playerId":null,"thumbnailUrl":null,"description":null,"uploadDate":null}},"sponsorship":{"sponsorshipPage":false,"backgroundImage":{"src":null,"width":0,"height":0},"brandingLine":"","brandingLink":"","brandingLogo":{"src":null,"width":0,"height":0},"sponsorAd":"","sponsorEbookTitle":"","sponsorEbookLink":"","sponsorEbookImage":{"src":null,"width":0,"height":0}},"primaryLearningPath":"Solve","lifeExpectancy":"Six months","lifeExpectancySetFrom":"2022-12-07T00:00:00+00:00","dummiesForKids":"no","sponsoredContent":"no","adInfo":"","adPairKey":[]},"status":"publish","visibility":"public","articleId":266833},{"headers":{"creationTime":"2023-03-14T15:16:06+00:00","modifiedTime":"2023-03-14T15:18:42+00:00","timestamp":"2023-09-14T18:19:24+00:00"},"data":{"breadcrumbs":[{"name":"Technology","_links":{"self":"//dummies-api.coursofppt.com/v2/categories/33512"},"slug":"technology","categoryId":33512},{"name":"Cybersecurity","_links":{"self":"//dummies-api.coursofppt.com/v2/categories/33537"},"slug":"cybersecurity","categoryId":33537}],"title":"Security Awareness For Dummies Cheat Sheet","strippedTitle":"security awareness for dummies cheat sheet","slug":"security-awareness-for-dummies-cheat-sheet","canonicalUrl":"","查找传奇游戏检索平台改善":{"metaDescription":"Here's a summary of the key components to a cybersecurity awareness program, including how to to get buy-in from leaders and colleagues.","noIndex":0,"noFollow":0},"content":"Security awareness is much more complicated than just making users “aware.” Implementing an effective security awareness program means that you aren’t just providing information — rather, you’re specifically improving security related behaviors","description":"Security awareness is much more complicated than just making users “aware.” Implementing an effective security awareness program means that you aren’t just providing information — rather, you’re specifically improving security related behaviors","blurb":"","authors":[{"authorId":34698,"name":"Ira Winkler","slug":"ira-winkler","description":"","hasArticle":false,"_links":{"self":"//dummies-api.coursofppt.com/v2/authors/34698"}}],"primaryCategoryTaxonomy":{"categoryId":33537,"title":"Cybersecurity","slug":"cybersecurity","_links":{"self":"//dummies-api.coursofppt.com/v2/categories/33537"}},"secondaryCategoryTaxonomy":{"categoryId":0,"title":null,"slug":null,"_links":null},"tertiaryCategoryTaxonomy":{"categoryId":0,"title":null,"slug":null,"_links":null},"trendingArticles":null,"inThisArticle":[],"relatedArticles":{"fromBook":[],"fromCategory":[{"articleId":290240,"title":"Cloud Security For Dummies Cheat Sheet","slug":"cloud-security-for-dummies-cheat-sheet","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/290240"}},{"articleId":270968,"title":"How to Perform a Penetration Test","slug":"how-to-perform-a-penetration-test","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/270968"}},{"articleId":270960,"title":"Penetration Testing with Burp Suite and Wireshark to Uncover Vulnerabilities","slug":"penetration-testing-with-burp-suite-and-wireshark-to-uncover-vulnerabilities","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/270960"}},{"articleId":270942,"title":"Building a Penetration Testing Toolkit: Considerations and Popular Pen Test Tools","slug":"building-a-penetration-testing-toolkit-considerations-and-popular-pen-test-tools","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/270942"}},{"articleId":270933,"title":"How to Structure a Pen Test Report","slug":"how-to-structure-a-pen-test-report","categoryList":["technology","cybersecurity"],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/270933"}}]},"hasRelatedBookFromSearch":false,"relatedBook":{"bookId":290632,"slug":"security-awareness-for-dummies","isbn":"9781119720928","categoryList":["technology","cybersecurity"],"amazon":{"default":"//www.amazon.com/gp/product/1119720923/ref=as_li_tl?ie=UTF8&tag=wiley01-20","ca":"//www.amazon.ca/gp/product/1119720923/ref=as_li_tl?ie=UTF8&tag=wiley01-20","indigo_ca":"//www.tkqlhce.com/click-9208661-13710633?url=//www.chapters.indigo.ca/en-ca/books/product/1119720923-item.html&cjsku=978111945484","gb":"//www.amazon.co.uk/gp/product/1119720923/ref=as_li_tl?ie=UTF8&tag=wiley01-20","de":"//www.amazon.de/gp/product/1119720923/ref=as_li_tl?ie=UTF8&tag=wiley01-20"},"image":{"src":"//coursofppt.com/wp-content/uploads/9781119720928-203x255.jpg","width":203,"height":255},"title":"Security Awareness For Dummies","testBankPinActivationLink":"","bookOutOfPrint":true,"authorsInfo":"","authors":[{"authorId":34698,"name":"Ira Winkler","slug":"ira-winkler","description":"","hasArticle":false,"_links":{"self":"//dummies-api.coursofppt.com/v2/authors/34698"}}],"_links":{"self":"//dummies-api.coursofppt.com/v2/books/"}},"collections":[],"articleAds":{"footerAd":"<div class=\"du-ad-region row\" id=\"article_page_adhesion_ad\"><div class=\"du-ad-unit col-md-12\" data-slot-id=\"article_page_adhesion_ad\" data-refreshed=\"false\" \r\n data-target = \"[{&quot;key&quot;:&quot;cat&quot;,&quot;values&quot;:[&quot;technology&quot;,&quot;cybersecurity&quot;]},{&quot;key&quot;:&quot;isbn&quot;,&quot;values&quot;:[&quot;9781119720928&quot;]}]\" id=\"du-slot-63221b2cb5783\"></div></div>","rightAd":"<div class=\"du-ad-region row\" id=\"article_page_right_ad\"><div class=\"du-ad-unit col-md-12\" data-slot-id=\"article_page_right_ad\" data-refreshed=\"false\" \r\n data-target = \"[{&quot;key&quot;:&quot;cat&quot;,&quot;values&quot;:[&quot;technology&quot;,&quot;cybersecurity&quot;]},{&quot;key&quot;:&quot;isbn&quot;,&quot;values&quot;:[&quot;9781119720928&quot;]}]\" id=\"du-slot-63221b2cb6212\"></div></div>"},"articleType":{"articleType":"Cheat Sheet","articleList":[{"articleId":0,"title":"","slug":null,"categoryList":[],"_links":{"self":"//dummies-api.coursofppt.com/v2/articles/"}}],"content":[{"title":"Tips for creating effective security awareness programs","thumb":null,"image":null,"content":"<p>The following tips are essential to creating an effective security awareness program:</p>\n<ul>\n<li><strong>Remember that awareness is a cybersecurity function.</strong> The purpose of a security awareness program is to reduce risk by modifying user behaviors. Risk reduction through awareness is just one part of a comprehensive cybersecurity program.</li>\n<li><strong>Avoid claims of perfection and platitudes.</strong> Never claim that you’re creating the human firewall or other forms of perfection. No security countermeasure has delivered perfection, and claims to that effect ruin your credibility — especially when the inevitable happens. You are simply reducing risk.</li>\n<li><strong>Deserve more.</strong> Prove that you’re providing a return on investment and reducing losses while enabling capabilities. You prove the worth of an awareness program by collecting and reporting metrics.</li>\n<li><strong>Consider subcultures.</strong> Many awareness programs are created as a monolith — a single program for everyone. Different parts of your organization, such as people from different demographics, might need different communications tools. You determine this need by knowing whether parts of your organization have different communication styles and different business interests.</li>\n</ul>\n"},{"title":"Basic components of a security awareness program","thumb":null,"image":null,"content":"<p>A security awareness program has three basic components:</p>\n<ul>\n<li><strong>Topics</strong> are the specific awareness issues you’re trying to improve — for example, phishing, physical security, and password security.</li>\n<li><strong>Communications tools</strong> are how you deliver messages — for example, posters, phishing simulations, newsletters, and security ambassador programs.</li>\n<li><strong>Metrics</strong> are tools to determine whether and where the awareness program is having success, and they can come in many forms, such as the number of incidents experienced, attendance at events, likeability measures, or phishing messages reported.</li>\n</ul>\n"},{"title":"Metrics that show what's working, and what isn't","thumb":null,"image":null,"content":"<p>Metrics are critical for showing the success of an awareness program, especially when competing for funding and resources. In a mature program, metrics are used to constantly tune a program by showing what’s working and what isn’t.</p>\n<p>Metrics come in these four categories, each one with a different purpose and value:</p>\n<ul>\n<li><strong>Likeability metrics:</strong> Fundamentally, this metric measures how much users like your content. To collect likeability metrics, survey users about how much they like the materials you produce.</li>\n<li><strong>Engagement metrics:</strong> This metric shows how users consume the data provided in a program. How many read the newsletters? How many show up at events? How many complete the required or recommended training?</li>\n<li><strong>Behavioral metrics:</strong> This metric demonstrates actual changes of behaviors and the success of awareness efforts. To collect this metric, measure specific behaviors and track improvement over time. How many users report phishing messages? What is the percentage of secured desks at the end of the day? What are the number of links blocked on web content filters?</li>\n<li><strong>Return on investment (ROI):</strong> ROI are the most valuable metrics. These metrics assign a financial value to the savings of improved behaviors. For example, if improved awareness reduced phishing incidents by 10 percent, what is the cost savings for the response and recovery? If improved awareness reduces lost computers and USB drives, what are the savings from the reduced losses?</li>\n</ul>\n"},{"title":"Gamification to reward effective behavior","thumb":null,"image":null,"content":"<p><em>Gamification</em> is a reward system that rewards people for practicing desired behaviors. Frequent flier programs and other loyalty programs are examples of gamification. People buy from an organization and receive rewards for it. This encourages the behaviors.</p>\n<p>Get more from your awareness program by incorporating gamification to reward positive security related behaviors.</p>\n"},{"title":"Security ambassadors to promote awareness efforts","thumb":null,"image":null,"content":"<p><em>Security ambassadors,</em> frequently called <em>security champions,</em> are other employees who work in parts of the company and serve as representatives for the awareness program and support awareness efforts locally. They can organize events, spread awareness program messages, answer questions, and otherwise serve as an extension of the awareness team.</p>\n<p>Security ambassadors can be quite valuable for a security awareness program, so invest first in identifying the right people to fill the role and then training them and providing the appropriate resources to support and communicate with them.</p>\n"},{"title":"Quarterly awareness programs that reinforce knowledge","thumb":null,"image":null,"content":"<p>Most awareness programs have an annual schedule, where an awareness manager generally plans for the year and features one topic per month over the course of the year. This straightforward strategy allows for more than sufficient planning. Instead, plan three months at a time.</p>\n<p>Also, as opposed to focusing one topic per month, distribute information about three topics throughout the three-month period. This serves to reinforce the topics for an extended period. Shorter plans also allow for more versatility, such as updating the topics and tools used.</p>\n"}],"videoInfo":{"videoId":null,"name":null,"accountId":null,"playerId":null,"thumbnailUrl":null,"description":null,"uploadDate":null}},"sponsorship":{"sponsorshipPage":false,"backgroundImage":{"src":null,"width":0,"height":0},"brandingLine":"","brandingLink":"","brandingLogo":{"src":null,"width":0,"height":0},"sponsorAd":"","sponsorEbookTitle":"","sponsorEbookLink":"","sponsorEbookImage":{"src":null,"width":0,"height":0}},"primaryLearningPath":"Advance","lifeExpectancy":"One year","lifeExpectancySetFrom":"2023-03-14T00:00:00+00:00","dummiesForKids":"no","sponsoredContent":"no","adInfo":"","adPairKey":[]},"status":"publish","visibility":"public","articleId":291466}],"_links":{"self":{"self":"//dummies-api.coursofppt.com/v2/categories/33537/categoryArticles?sortField=time&sortOrder=1&size=10&offset=0"},"next":{"self":"//dummies-api.coursofppt.com/v2/categories/33537/categoryArticles?sortField=time&sortOrder=1&size=10&offset=10"},"last":{"self":"//dummies-api.coursofppt.com/v2/categories/33537/categoryArticles?sortField=time&sortOrder=1&size=10&offset=45"}}},"objectTitle":"","status":"success","pageType":"article-category","objectId":"33537","page":1,"sortField":"time","sortOrder":1,"categoriesIds":[],"articleTypes":[],"filterData":{"categoriesFilter":[{"itemId":0,"itemName":"All Categories","count":55}],"articleTypeFilter":[{"articleType":"All Types","count":55},{"articleType":"Articles","count":48},{"articleType":"Cheat Sheet","count":7}]},"filterDataLoadedStatus":"success","pageSize":10},"adsState":{"pageScripts":{"headers":{"timestamp":"2025-01-31T00:50:01+00:00"},"adsId":0,"data":{"scripts":[{"pages":["all"],"location":"header","script":"<!--Optimizely Script-->\r\n<script src=\"//cdn.optimizely.com/js/10563184655.js\"></script>","enabled":false},{"pages":["all"],"location":"header","script":"<!-- comScore Tag -->\r\n<script>var _comscore = _comscore || [];_comscore.push({ c1: \"2\", c2: \"15097263\" });(function() {var s = document.createElement(\"script\"), el = document.getElementsByTagName(\"script\")[0]; s.async = true;s.src = (document.location.protocol == \"https:\" ? \"//sb\" : \"//b\") + \".scorecardresearch.com/beacon.js\";el.parentNode.insertBefore(s, el);})();</script><noscript><img src=\"//sb.scorecardresearch.com/p?c1=2&c2=15097263&cv=2.0&cj=1\" /></noscript>\r\n<!-- / comScore Tag -->","enabled":true},{"pages":["all"],"location":"footer","script":"<!--BEGIN QUALTRICS WEBSITE FEEDBACK SNIPPET-->\r\n<script type='text/javascript'>\r\n(function(){var g=function(e,h,f,g){\r\nthis.get=function(a){for(var a=a+\"=\",c=document.cookie.split(\";\"),b=0,e=c.length;b<e;b++){for(var d=c[b];\" \"==d.charAt(0);)d=d.substring(1,d.length);if(0==d.indexOf(a))return d.substring(a.length,d.length)}return null};\r\nthis.set=function(a,c){var b=\"\",b=new Date;b.setTime(b.getTime()+6048E5);b=\"; expires=\"+b.toGMTString();document.cookie=a+\"=\"+c+b+\"; path=/; \"};\r\nthis.check=function(){var a=this.get(f);if(a)a=a.split(\":\");else if(100!=e)\"v\"==h&&(e=Math.random()>=e/100?0:100),a=[h,e,0],this.set(f,a.join(\":\"));else return!0;var c=a[1];if(100==c)return!0;switch(a[0]){case \"v\":return!1;case \"r\":return c=a[2]%Math.floor(100/c),a[2]++,this.set(f,a.join(\":\")),!c}return!0};\r\nthis.go=function(){if(this.check()){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=g;document.body&&document.body.appendChild(a)}};\r\nthis.start=function(){var t=this;\"complete\"!==document.readyState?window.addEventListener?window.addEventListener(\"load\",function(){t.go()},!1):window.attachEvent&&window.attachEvent(\"onload\",function(){t.go()}):t.go()};};\r\ntry{(new g(100,\"r\",\"QSI_S_ZN_5o5yqpvMVjgDOuN\",\"//zn5o5yqpvmvjgdoun-wiley.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_5o5yqpvMVjgDOuN\")).start()}catch(i){}})();\r\n</script><div id='ZN_5o5yqpvMVjgDOuN'><!--DO NOT REMOVE-CONTENTS PLACED HERE--></div>\r\n<!--END WEBSITE FEEDBACK SNIPPET-->","enabled":false},{"pages":["all"],"location":"header","script":"<!-- Hotjar Tracking Code for //coursofppt.com -->\r\n<script>\r\n (function(h,o,t,j,a,r){\r\n h.hj=h.hj||function(){(h.hj.q=h.hj.q||[]).push(arguments)};\r\n h._hjSettings={hjid:257151,hjsv:6};\r\n a=o.getElementsByTagName('head')[0];\r\n r=o.createElement('script');r.async=1;\r\n r.src=t+h._hjSettings.hjid+j+h._hjSettings.hjsv;\r\n a.appendChild(r);\r\n })(window,document,'//static.hotjar.com/c/hotjar-','.js?sv=');\r\n</script>","enabled":false},{"pages":["article"],"location":"header","script":"<!-- //Connect Container: dummies --> <script src=\"//get.s-onetag.com/bffe21a1-6bb8-4928-9449-7beadb468dae/tag.min.js\" async defer></script>","enabled":true},{"pages":["homepage"],"location":"header","script":"<meta name=\"facebook-domain-verification\" content=\"irk8y0irxf718trg3uwwuexg6xpva0\" />","enabled":true},{"pages":["homepage","article","category","search"],"location":"footer","script":"<!-- Facebook Pixel Code -->\r\n<noscript>\r\n<img height=\"1\" width=\"1\" src=\"//www.facebook.com/tr?id=256338321977984&ev=PageView&noscript=1\"/>\r\n</noscript>\r\n<!-- End Facebook Pixel Code -->","enabled":true}]}},"pageScriptsLoadedStatus":"success"},"navigationState":{"navigationCollections":[{"collectionId":287568,"title":"BYOB (Be Your Own Boss)","hasSubCategories":false,"url":"/collection/for-the-entry-level-entrepreneur-287568"},{"collectionId":293237,"title":"Be a Rad Dad","hasSubCategories":false,"url":"/collection/be-the-best-dad-293237"},{"collectionId":295890,"title":"Career Shifting","hasSubCategories":false,"url":"/collection/career-shifting-295890"},{"collectionId":294090,"title":"Contemplating the Cosmos","hasSubCategories":false,"url":"/collection/theres-something-about-space-294090"},{"collectionId":287563,"title":"For Those Seeking Peace of Mind","hasSubCategories":false,"url":"/collection/for-those-seeking-peace-of-mind-287563"},{"collectionId":287570,"title":"For the Aspiring Aficionado","hasSubCategories":false,"url":"/collection/for-the-bougielicious-287570"},{"collectionId":291903,"title":"For the Budding Cannabis Enthusiast","hasSubCategories":false,"url":"/collection/for-the-budding-cannabis-enthusiast-291903"},{"collectionId":299891,"title":"For the College Bound","hasSubCategories":false,"url":"/collection/for-the-college-bound-299891"},{"collectionId":291934,"title":"For the Exam-Season Crammer","hasSubCategories":false,"url":"/collection/for-the-exam-season-crammer-291934"},{"collectionId":287569,"title":"For the Hopeless Romantic","hasSubCategories":false,"url":"/collection/for-the-hopeless-romantic-287569"}],"navigationCollectionsLoadedStatus":"success","navigationCategories":{"books":{"0":{"data":[{"categoryId":33512,"title":"Technology","hasSubCategories":true,"url":"/category/books/technology-33512"},{"categoryId":33662,"title":"Academics & The Arts","hasSubCategories":true,"url":"/category/books/academics-the-arts-33662"},{"categoryId":33809,"title":"Home, Auto, & Hobbies","hasSubCategories":true,"url":"/category/books/home-auto-hobbies-33809"},{"categoryId":34038,"title":"Body, Mind, & Spirit","hasSubCategories":true,"url":"/category/books/body-mind-spirit-34038"},{"categoryId":34224,"title":"Business, Careers, & Money","hasSubCategories":true,"url":"/category/books/business-careers-money-34224"}],"breadcrumbs":[],"categoryTitle":"Level 0 Category","mainCategoryUrl":"/category/books/level-0-category-0"}},"articles":{"0":{"data":[{"categoryId":33512,"title":"Technology","hasSubCategories":true,"url":"/category/articles/technology-33512"},{"categoryId":33662,"title":"Academics & The Arts","hasSubCategories":true,"url":"/category/articles/academics-the-arts-33662"},{"categoryId":33809,"title":"Home, Auto, & Hobbies","hasSubCategories":true,"url":"/category/articles/home-auto-hobbies-33809"},{"categoryId":34038,"title":"Body, Mind, & Spirit","hasSubCategories":true,"url":"/category/articles/body-mind-spirit-34038"},{"categoryId":34224,"title":"Business, Careers, & Money","hasSubCategories":true,"url":"/category/articles/business-careers-money-34224"}],"breadcrumbs":[],"categoryTitle":"Level 0 Category","mainCategoryUrl":"/category/articles/level-0-category-0"}}},"navigationCategoriesLoadedStatus":"success"},"searchState":{"searchList":[],"searchStatus":"initial","relatedArticlesList":[],"relatedArticlesStatus":"initial"},"routeState":{"name":"ArticleCategory","path":"/category/articles/cybersecurity-33537/","hash":"","query":{},"params":{"category":"cybersecurity-33537"},"fullPath":"/category/articles/cybersecurity-33537/","meta":{"routeType":"category","breadcrumbInfo":{"suffix":"Articles","baseRoute":"/category/articles"},"prerenderWithAsyncData":true},"from":{"name":null,"path":"/","hash":"","query":{},"params":{},"fullPath":"/","meta":{}}},"profileState":{"auth":{},"userOptions":{},"status":"success"}}
fun88 casino net cách chơi keno trực tuyến game đánh bài baccarat baccarat quốc tế sòng bài trực tuyến