Resources

Cybersecurity white papers, data sheets, webinars, videos and more

Resource Library

What Is FIPS 140-3 and Why Does It Matter for Security Compliance?

Blog

What Is FIPS 140-3 and Why Does It Matter for Security Compliance?
Learn what FIPS 140-3 certification entails, why it’s critical for federal and industry cybersecurity compliance, and how to ensure your cryptographic modules meet the standard.
Unmasking A New China-Linked Covert ORB Network: Inside the LapDogs Campaign

Blog

Unmasking A New China-Linked Covert ORB Network: Inside the LapDogs Campaign
SecurityScorecard’s STRIKE team uncovered a new China-Nexus ORB Network targeting the United States and Southeast Asia. Read the report to gain an in-depth look at the LapDogs ORB network, its custom malware, and its role in cyberespionage.
STRIKE Team
Understanding Third-Party Risk: Identifying and Mitigating External Threats

Blog

Understanding Third-Party Risk: Identifying and Mitigating External Threats
Learn how to identify, assess, and mitigate third-party cybersecurity risks. Discover the most common vulnerabilities, threat actor behavior, and how to monitor threats in 2025.
Sender Policy Framework (SPF): How It Stops Email Spoofing

Blog

Sender Policy Framework (SPF): How It Stops Email Spoofing
Learn how SPF works to prevent email spoofing, how to configure SPF records, and why it’s critical for securing your domain from phishing campaigns.
What Does the Gramm-Leach-Bliley Act (GLBA) Require?

Blog

What Does the Gramm-Leach-Bliley Act (GLBA) Require?
Learn the core requirements of the Gramm-Leach-Bliley Act (GLBA), including the Safeguards Rule, privacy notices, and cybersecurity responsibilities for financial institutions.
How to Build an OPSEC Culture in Your Organization

Blog

How to Build an OPSEC Culture in Your Organization
Discover how to build an OPSEC (Operational Security) culture that protects sensitive information, counters social engineering, and reduces third-party risk exposure across your workforce.
What Are the Key Steps to Achieve PCI DSS 4.0 Compliance?

Blog

What Are the Key Steps to Achieve PCI DSS 4.0 Compliance?
Explore step-by-step guidance to comply with PCI DSS 4.0, including new 2025 requirements, technical controls, and vendor accountability measures.
What Are Best Practices for Data Security for Sensitive Data?

Blog

What Are Best Practices for Data Security for Sensitive Data?
Learn best practices to secure sensitive data, including encryption, access control, and continuous monitoring. Discover how organizations reduce breach risks while staying compliant.
What’s the Difference Between Authenticity and Non-Repudiation in Cybersecurity?

Blog

What’s the Difference Between Authenticity and Non-Repudiation in Cybersecurity?
Understand the difference between authenticity and non-repudiation in cybersecurity, and how both play key roles in identity verification, encryption, and data integrity.
How SSL Certificates Work—and Why They Still Matter

Blog

How SSL Certificates Work—and Why They Still Matter
SSL certificates remain foundational to online trust and encryption. This blog explains how SSL/TLS certificates work, the risks of poor certificate management, and why organizations must maintain certificate hygiene in 2025.
What Is a Zero-Day Exploit and Why Is It So Dangerous?

Blog

What Is a Zero-Day Exploit and Why Is It So Dangerous?
Learn what a zero-day exploit is, why it poses such a severe risk, and how organizations can detect and mitigate zero-day attacks using proactive threat intelligence.
Spear Phishing vs. Phishing: What’s the Difference?

Blog

Spear Phishing vs. Phishing: What’s the Difference?
Understand the difference between phishing and spear phishing, how attackers use each tactic, and what organizations can do to prevent credential theft and business compromise.
Phishing
Threat-Informed TPRM
Fortifying Your Supply Chain: The ROI of Managed Supply Chain Detection and Response

Webinars

Fortifying Your Supply Chain: The ROI of Managed Supply Chain Detection and Response
Join us to discover how a managed Supply Chain Detection and Response (SCDR) service, like SecurityScorecard MAX, transforms your approach to vendor risk.
MAX
Threat-Informed TPRM
Top Strategies for Preventing Domain Hijacking

Blog

Top Strategies for Preventing Domain Hijacking
Domain hijacking is a stealthy but devastating threat to enterprise brands. This blog explores how hijackers take over domains, key prevention strategies, and how to monitor domain risks across your supply chain in 2025.
How Do You Perform an Effective Network Security Assessment?

Blog

How Do You Perform an Effective Network Security Assessment?
Network security assessments are essential for identifying vulnerabilities, misconfigurations, and exposure points. This blog outlines how to conduct a thorough network assessment in 2025, with a focus on risk prioritization and third-party ecosystems.
How Does an Intrusion Detection System (IDS) Work?

Blog

How Does an Intrusion Detection System (IDS) Work?
Learn how Intrusion Detection Systems (IDS) work, explore different types, and discover best practices for integrating IDS into your security stack.
What’s the Difference Between Ethical Hacking and Cybersecurity Operations?

Blog

What’s the Difference Between Ethical Hacking and Cybersecurity Operations?
Ethical hacking and cybersecurity operations serve different functions in defending digital assets. This blog breaks down their differences, overlap, and how modern organizations use both to build a resilient cyber strategy.
What Is a CVE and How Should You Prioritize Patch Management?

Blog

What Is a CVE and How Should You Prioritize Patch Management?
CVE identifiers are essential for tracking known vulnerabilities. This blog breaks down what a CVE is, how it’s used in cybersecurity, and how to prioritize patching based on threat intelligence and business impact in 2025.
IAM in 2025: Identity and Access Management Best Practices

Blog

IAM in 2025: Identity and Access Management Best Practices
Identity and Access Management (IAM) is foundational to cybersecurity in 2025. This blog covers the top IAM best practices for protecting credentials, enforcing least privilege, and reducing supply chain identity risk.
Regulatory Compliance: Bridging Compliance and Cybersecurity A Comprehensive Approach to Third-Party Risk Management

Resources

Regulatory Compliance: Bridging Compliance and Cybersecurity A Comprehensive Approach to Third-Party Risk Management
Organizations are under mounting pressure to improve their cybersecurity posture and keep pace with evolving regulations and an ever-expanding network of third-party suppliers in 2025. Government and oversight bodies continue to expand the scope and specificity of regulations aimed at safeguarding sensitive information and critical infrastructure. Yet despite significant focus and investment, many enterprises struggle to keep pace.
What Did the LastPass Breach Reveal About Password Manager Security?

Blog

What Did the LastPass Breach Reveal About Password Manager Security?
The LastPass breach exposed serious challenges in password manager design and implementation. This blog breaks down the breach, explains what went wrong, and outlines steps to evaluate and harden your password manager strategy in 2025.