Cybersecurity 101

Penetration testing, also known as a pen test or ethical hacking, is an authorized simulated cyberattack used to identify, test and highlight vulnerabilities in an organization's security posture.

Personally identifiable information (PII) is any data that when used alone, or with other relevant data, could identify a specific individual. Examples include (but are not limited to): name, address, contact number, email address, driver's license number, SSN, D.O.B, passport number, fingerprint.

Phishing is defined as a form of social engineering in which a cyber threat actor poses as a trustworthy colleague or acquaintance of an organization to lure a victim into providing sensitive information or network access.

Profiling refers to the practice of creating detailed and data-driven representations (or profiles) of typical system behavior, user actions, network traffic, or threat actor characteristics to identify anomalies or detect potential security risks. In essence, profiling is the process of analyzing patterns and behaviors within a system to create baselines of what is considered [...]

The Protection of Personal Information Act (POPI) is South Africa's regulation governing data privacy for citizens of South Africa.

Ransomware is a type of malware in which an attacker, or group of cybercriminals, will lock and usually encrypt a victim's data, important files and sometimes access to their device. The attacker(s) will then demand a ransom payment to unlock and decrypt data without leaking it on the dark web.

Ransomware as a Service (RaaS) is a subscription based business model between ransomware operators and their affiliates which enables the affiliates to use already developed ransomware tools to execute an attack in exchange for payment.

A Red Team is a group of people authorized and organized by an organization to act as an adversary, attempting to identify and exploit potential weakness within the organization's cybersecurity defenses. This tests how an organization would respond to a genuine cyberattack. The team usually consists of highly experienced cybersecurity professionals or independent ethical [...]

Role-Based Access Control (RBAC) is a widely used access control model that restricts system access based on the roles assigned to individual users within an organization. In RBAC, access permissions are granted according to the user's role rather than being assigned directly to the user. This model streamlines access management, enhances security, and ensures [...]

In cybersecurity, sandboxing is a using a test environment, which mimics that of an end-user, to run programs or open files without affecting network, platform or system. This is used to test potentially malicious software.