Yonas Tibebu

  A data retention policy, or records retention policy, is an organization's established protocol for retaining information for operational or regulatory compliance needs. When writing a data retention policy, you must determine how to: organize information so it can be searched and accessed later, and dispose of information that's no longer needed. A comprehensive data retention policy outlines the business reasons for retaining specific data and what to do with it when targeted for disposal. Why is a data retention policy important? A data retention policy is part of an organization's overall data management strategy. A policy is important because data can pile up dramatically, so it's crucial to define how long an organization must hold on to specific data. An organization should only retain data for as long as it's needed, whether that's six months or six years. Retaining data longer than necessary takes up unnecessary storage space...

  What is an IT project manager? An IT project manager is a professional charged with overseeing the process of planning, executing and delegating responsibilities around an organization's information technology (IT) pursuits and goals. IT project managers may work in a variety of industries, as nearly all organizations rely on computing technologies. Some organizations establish IT project management offices (PMOs) to guide the completion of large-scale initiatives. What does an IT project manager do? An IT project manager should support business directives associated with specific initiatives and assign resources based on those goals. As project participants are often spread across different offices and teams, the role of the IT project manager is to ensure that projects are delivered smoothly on-time and on-budget with minimal interruptions in work. The types of projects an IT project manager may be responsible for include the following: software development ...

  Hacktivism is the act of misusing a computer system or network for a socially or politically motivated reason. Individuals who perform hacktivism are known as hacktivists. Hacktivism is meant to call the public's attention to something the hacktivist believes is an important issue or cause, such as freedom of information, human rights or a religious point of view. Hacktivists express their support of a social cause or opposition to an organization by displaying messages or images on the website of the organization they believe is doing something wrong or whose message or activities they oppose. Hacktivists are typically individuals, but there are hacktivist groups as well that operate in coordinated efforts. Anonymous and Lulz Security, also known as LulzSec, are examples. Most hacktivists work anonymously. What motivates hacktivists? Hacktivists usually have altruistic or ideological motives, such as social justice or free speech. Their goal is to disrupt services an...

  A penetration test, also called a  pen test  or  ethical hacking , is a cybersecurity technique organization use to identify, test and highlight vulnerabilities in their security posture. These penetration tests are often carried out by ethical hackers. These in-house employees or third parties mimic the strategies and actions of an attacker in order to evaluate the hackability of an organization's computer systems, network or web applications. Organizations can also use pen testing to test their adherence to compliance regulations. Ethical hackers are information technology (IT) experts who use hacking methods to help companies identify possible entry points into their infrastructure. By using different methodologies, tools and approaches, companies can perform simulated cyber-attacks to test the strengths and weaknesses of their existing security systems. Penetration, in this case, refers to the degree to which a hypothetical threat actor, or hac...

  Patch management is an area of systems management that involves acquiring, testing and installing multiple patches, or code changes, to an administered computer system. Patch management tasks include maintaining current knowledge of available patches, deciding what patches are appropriate for particular systems, ensuring that patches are installed properly, testing systems after installation, and documenting all associated procedures, such as specific configurations required. Several products are available to automate patch management tasks, including RingMaster Software's APM, ManageEngine's Desktop Central and SolarWinds Patch Manager. Why is patch management important? Patch management is important because patches help to maintain the health and security of the systems that are being patched. Additionally, patches are sometimes used to bring software up to date so that it will work with the latest hardware. How does patch management work? Patch management ...

  The CISO (chief information security officer) is a senior-level executive responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats. The CISO may also work alongside the chief information officer to procure cybersecurity products and services and to manage disaster recovery and business continuity plans. The chief information security officer may also be referred to as the chief security architect, the security manager, the corporate security officer or the information security manager, depending on the company's structure and existing titles. While the CISO is also responsible for the overall corporate security of the company, which includes its employees and facilities, he or she may simply be called the chief security officer (CSO). CISO role and responsibilities In...

  Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. The goal of computer forensics is to perform a structured investigation and maintain a documented chain of evidence to find out exactly what happened on a computing device and who was responsible for it. Computer forensics -- which is sometimes referred to as computer forensic science -- essentially is data recovery with legal compliance guidelines to make the information admissible in legal proceedings. The terms digital forensics and cyber forensics are often used as synonyms for computer forensics. Digital forensics starts with the collection of information in a way that maintains its integrity. Investigators then analyze the data or system to determine if it was changed, how it was changed and who made the changes. The use of computer f...