Cybersecurity 101

The Protection of Personal Information Act (POPI) is South Africa's regulation governing data privacy for citizens of South Africa.

Ransomware is a type of malware in which an attacker, or group of cybercriminals, will lock and usually encrypt a victim's data, important files and sometimes access to their device. The attacker(s) will then demand a ransom payment to unlock and decrypt data without leaking it on the dark web.

Ransomware as a Service (RaaS) is a subscription based business model between ransomware operators and their affiliates which enables the affiliates to use already developed ransomware tools to execute an attack in exchange for payment.

A Red Team is a group of people authorized and organized by an organization to act as an adversary, attempting to identify and exploit potential weakness within the organization's cybersecurity defenses. This tests how an organization would respond to a genuine cyberattack. The team usually consists of highly experienced cybersecurity professionals or independent ethical [...]

Role-Based Access Control (RBAC) is a widely used access control model that restricts system access based on the roles assigned to individual users within an organization. In RBAC, access permissions are granted according to the user's role rather than being assigned directly to the user. This model streamlines access management, enhances security, and ensures [...]

In cybersecurity, sandboxing is a using a test environment, which mimics that of an end-user, to run programs or open files without affecting network, platform or system. This is used to test potentially malicious software.

Scareware is an evolution of older, social engineering-based attacks that aim to trick users into paying to fix a non-existent problem with their machine.

A service level agreement (SLA) is part of a contract that sets the expectations between the service provider and the customer and will define and document what services will be provided and the required level or standard for those services.

Security Information and Event Management (SIEM) is an approach to security management that combines security information management and security event management functions into one centralized security management system.

Smishing is a form of phishing in which the attacker sends "fake" mobile text messages to trick targeted recipients into downloading malware, sharing sensitive information or sending money to the cybercriminals.