Josh Fruhlinger

Josh Fruhlinger is a writer and editor who lives in Los Angeles.

The password hall of shame (and 10 tips for better password security)

Zero days explained: How unknown vulnerabilities become gateways for attackers

Zero days explained: How unknown vulnerabilities become gateways for attackers

A zero day is a security flaw that has not yet been patched by the vendor and can be exploited. The name evokes a scenario where an attacker has gotten the jump on a software vendor, implementing attacks that exploit the flaw before...

How the CISO role is evolving

How the CISO role is evolving

The chief information security officer (CISO) is the executive responsible for an organization's information and data security. Learn what it takes to land a CISO job and how to be successful in the role.

Does it matter who the CISO reports to?

Does it matter who the CISO reports to?

Reporting relationships are more than lines on an org chart, they're lines of authority. Ultimately, who the CISO reports to may say more about an organization's maturity than it does about an individual's effectiveness.

FISMA basics: What federal agencies and contractors need to know

FISMA basics: What federal agencies and contractors need to know

FISMA, or the Federal Information Security Management Act, is a U.S. federal law passed in 2002 that seeks to establish guidelines and cybersecurity standards for government tech infrastructure, and in so doing protect government...

The HITECH Act explained: Definition, compliance, and violations

The HITECH Act explained: Definition, compliance, and violations

The Health Information Technology for Economic and Clinical Health (HITECH) Act aims to expand the use of electronic health records through incentives to health care providers and consumers. It also tightens rules on providers to...

DDoS explained: How distributed denial of service attacks are evolving

DDoS explained: How distributed denial of service attacks are evolving

A distributed denial of service (DDoS) attack is when attackers attempt to make it impossible for a service to be delivered, typically by drowning a system with requests for data. They have been part of the criminal toolbox for twenty...

COPPA explained: How this law protects children's privacy

COPPA explained: How this law protects children's privacy

The Children's Online Privacy Protection Act is a U.S. law that aims to protect the privacy and personally identifying information of children under the age of 13 who use online services.

FIDO explained: How this industry initiative aims to make passwords obsolete

FIDO explained: How this industry initiative aims to make passwords obsolete

The FIDO Alliance is an industry association that promotes the use of public-key cryptography to bring strong authentication to the Web.

HIPAA explained: definition, compliance, and violations

HIPAA explained: definition, compliance, and violations

This landmark law imposes stringent privacy and security mandates on health care providers—and most of their IT vendors.

CISSP certification guide: Requirements, training, and cost

CISSP certification guide: Requirements, training, and cost

Certified Information Systems Security Professional, or CISSP, is a certification for advanced IT professionals who want to demonstrate that they can design, implement, and manage a cybersecurity program at the enterprise level

GLBA explained: What the Graham-Leach-Bailey Act means for privacy and IT security

GLBA explained: What the Graham-Leach-Bailey Act means for privacy and IT security

The Graham-Leach-Bailey Act (GLBA) is a 1999 law that allowed financial services companies to offer both commercial and investment banking, something that had been banned since the Great Depression. It has an infosec reach that goes...

Load More