Infosec glossary entry
[...] also known as network admission control, is the process of restricting unauthorized users and devices from gaining access to a corporate or private network. NAC ensures that only users who are authenticated and devices that are authorized and compliant with security policies can enter the network. https://www.fortinet.com/resources/cyberglossary/what-is-network-access-control
The goals of NAC are to detect/block rogue devices, prevent or reduce zero-day attacks, confirm compliance with updates and security settings, enforce security policy throughout the network, and use identities to perform access control. (Wiley Efficient Learning, tb786238.CISSPSG9E.c11.17, 13.5.2023)
By jean-christoph
February 18, 2023
TL;DR Diving into the essence of effective cybersecurity, this article shines a light on the transformative power of simplifying policy language, inspired by the OSI model’s structured communication layers. It goes beyond theoretical insights, offering actionable strategies for CISOs to demystify complex jargon and make cybersecurity policies accessible and engaging for every team member. Highlighting
Read MoreTL;DR This article delves into the intersection of psychology and cybersecurity, emphasizing the critical role of human elements in developing a resilient security culture within SMEs. Key points include the pivotal nature of psychological theories like Hofstede’s Cultural Dimensions and BJ Fogg’s Behavior-Knowledge Gap model in understanding and influencing organizational behavior towards cybersecurity. It highlights
Read MoreTL;DR This article delves into the ethical considerations in phishing tests, highlighting the balance needed between conducting realistic simulations and maintaining fairness in cybersecurity training. This article explores the complexities of conducting phishing simulations in the workplace. Key takeaways include the importance of transparency in fostering a positive security culture, building trust through clear communication,
Read More