Information Security Definitions

This glossary explains the meaning of key words and phrases that information technology (IT) and business professionals use when discussing IT security and related software products. You can find additional definitions by visiting WhatIs.com or using the search box below.

  • C

    cyber extortion

    Cyber extortion is a crime involving an attack or threat of an attack coupled with a demand for money or some other response in return for stopping or remediating the attack.

  • cyber hijacking

    Cyber hijacking, or computer hijacking, is a type of network security attack in which the attacker takes control of computer systems, software programs and/or network communications.

  • cyber insurance

    Cyber insurance, also called cyber liability insurance or cybersecurity insurance, is a contract an entity can purchase to help reduce the financial risks associated with doing business online.

  • cybersecurity

    Cybersecurity is the practice of protecting internet-connected systems such as hardware, software and data from cyberthreats.

  • cybersecurity asset management (CSAM)

    Cybersecurity asset management (CSAM) is the process created to continuously discover, inventory, monitor, manage and track an organization's assets to determine what those assets do and identify and automatically remediate any gaps in its cybersecurity protections.

  • cyberstalking

    Cyberstalking is a crime in which someone harasses or stalks a victim using electronic or digital means, such as social media, email, instant messaging (IM) or messages posted to a discussion group or forum.

  • cyberterrorism

    Cyberterrorism is usually defined as any premeditated, politically motivated attack against information systems, programs, and data that threatens violence or results in violence.

  • cyberwarfare

    The generally accepted definition of cyberwarfare is a series of cyber attacks against a nation-state, causing it significant harm.

  • What is a Certified Information Systems Auditor (CISA)?

    Certified Information Systems Auditor (CISA) is a certification and globally recognized standard for appraising an IT auditor's knowledge, expertise and skill in assessing vulnerabilities and instituting IT controls in an enterprise environment.

  • What is a computer exploit?

    A computer exploit, or exploit, is a program or piece of code developed to take advantage of a vulnerability in a computer or network system.

  • What is a cyber attack? How they work and how to stop them

    A cyber attack is any malicious attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage.

  • What is cipher block chaining (CBC)?

    Cipher block chaining (CBC) is a mode of operation for a block cipher -- one in which a sequence of bits are encrypted as a single unit, or block, with a cipher key applied to the entire block.

  • What is cloud detection and response (CDR)?

    Cloud computing requires a security approach that is different than traditional protections. Where does cloud detection and response fit into a cybersecurity strategy?

  • What is Common Vulnerabilities and Exposures (CVE)?

    Common Vulnerabilities and Exposures (CVE) is a publicly listed catalog of known security threats.

  • What is cryptography?

    Cryptography is a method of protecting information and communications using codes, so that only those for whom the information is intended can read and process it.

  • What is cyber attribution?

    Cyber attribution is the process of tracking and identifying the perpetrator of a cyberattack or other cyber operation.

  • What is cyber hygiene and why is it important?

    Cyber hygiene, or cybersecurity hygiene, is a set of practices individuals and organizations perform regularly to maintain the health and security of users, devices, networks and data.

  • What is cybercrime and how can you prevent it?

    Cybercrime is any criminal activity that involves a computer, network or networked device.

  • D

    data breach

    A data breach is a cyber attack in which sensitive, confidential or otherwise protected data has been accessed or disclosed in an unauthorized fashion.

  • data compliance

    Data compliance is a process that identifies the applicable governance for data protection, security, storage and other activities and establishes policies, procedures and protocols ensuring data is fully protected from unauthorized access and use, malware and other cybersecurity threats.

  • data masking

    Data masking is a method of creating a structurally similar but inauthentic version of an organization's data that can be used for purposes such as software testing and user training.

  • decompression bomb (zip bomb, zip of death attack)

    A decompression bomb -- also known as a zip bomb or zip of death attack -- is a malicious archive file containing a large amount of compressed data.

  • denial-of-service attack

    A denial-of-service (DoS) attack is a security event that occurs when an attacker makes it impossible for legitimate users to access computer systems, devices, services or other IT resources.

  • deprovisioning

    Deprovisioning is the part of the employee lifecycle in which access rights to software and network services are taken away.

  • dictionary attack

    A dictionary attack is a method of breaking into a password-protected computer, network or other IT resource by systematically entering every word in a dictionary, or word list, as a password.

  • Diffie-Hellman key exchange (exponential key exchange)

    Diffie-Hellman key exchange is a method of digital encryption that securely exchanges cryptographic keys between two parties over a public channel without their conversation being transmitted over the internet.

  • digital certificate

    A digital certificate, also known as a public key certificate, is used to cryptographically link ownership of a public key with the entity that owns it.

  • digital forensics and incident response (DFIR)

    Digital forensics and incident response (DFIR) is a combined set of cybersecurity operations that incident response teams use to detect, investigate and respond to cybersecurity events.

  • digital signature

    A digital signature is a mathematical technique used to validate the authenticity and integrity of a digital document, message or software.

  • Digital Signature Standard (DSS)

    The Digital Signature Standard (DSS) is a digital signature algorithm (DSA) developed by the U.S. National Security Agency (NSA) as a means of authentication for electronic documents.

  • directory traversal

    Directory traversal is a type of HTTP exploit in which a hacker uses the software on a web server to access data in a directory other than the server's root directory.

  • distributed denial-of-service (DDoS) attack

    A distributed denial-of-service (DDoS) attack is one in which multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource.

  • DMZ in networking

    In computer networks, a DMZ, or demilitarized zone, is a physical or logical subnet that separates a local area network (LAN) from other untrusted networks -- usually, the public internet.

  • DNS attack

    A DNS attack is an exploit in which an attacker takes advantage of vulnerabilities in the domain name system.

  • DNS over HTTPS (DoH)

    DNS over HTTPS (DoH) is a relatively new protocol that encrypts domain name system traffic by passing DNS queries through a Hypertext Transfer Protocol Secure encrypted session.

  • domain generation algorithm (DGA)

    A domain generation algorithm (DGA) is a program that generates a large list of domain names. DGA provides malware with new domains in order to evade security countermeasures.

  • DOS (disk operating system)

    A DOS, or disk operating system, is an operating system that runs from a disk drive. The term can also refer to a particular family of disk operating systems, most commonly MS-DOS, an acronym for Microsoft DOS.

  • double extortion ransomware

    Double extortion ransomware is a novel form of malware that combines ransomware with elements of extortionware to maximize the victim's potential payout.

  • Dridex malware

    Dridex is a form of malware that targets victims' banking information, with the main goal of stealing online account credentials to gain access to their financial assets.

  • dumpster diving

    Dumpster diving is looking for treasure in someone else's trash.

  • Duo Security

    Duo Security is a vendor of cloud-based two-factor authentication products.

  • What is Data Encryption Standard (DES)?

    Data Encryption Standard (DES) is an outdated symmetric key method of data encryption.

  • What is Domain-based Message Authentication, Reporting and Conformance (DMARC)?

    The Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol is one leg of the tripod of internet protocols that support email authentication methods.

  • What is DomainKeys Identified Mail (DKIM)?

    DomainKeys Identified Mail (DKIM) is a protocol for authenticating email messages using public key cryptography to protect against forged emails.

  • E

    E-Sign Act (Electronic Signatures in Global and National Commerce Act)

    The E-Sign Act (Electronic Signatures in Global and National Commerce Act) is a U.S. federal law that specifies that, in the United States, the use of an electronic signature (e-signature) is as legally valid as a traditional signature written in ink on paper.

  • Electronic Code Book (ECB)

    Electronic Code Book (ECB) is a simple mode of operation with a block cipher that's mostly used with symmetric key encryption.

  • electronic discovery (e-discovery or ediscovery)

    Electronic discovery -- also called e-discovery or ediscovery -- refers to any process of obtaining and exchanging evidence in a civil or criminal legal case.

  • Elk Cloner

    Elk Cloner is the first personal computer virus or self-replicating program known to have spread in the wild on a large scale.

  • elliptical curve cryptography (ECC)

    Elliptical curve cryptography (ECC) is a public key encryption technique based on elliptic curve theory that can be used to create faster, smaller and more efficient cryptographic keys.

  • email security

    Email security is the process of ensuring the availability, integrity and authenticity of email communications by protecting against unauthorized access and email threats.

  • email signature

    An email signature -- or signature block or signature file -- is the short text that appears at the end of an email message to provide more information about the sender.

  • email spoofing

    Email spoofing is a form of cyber attack in which a hacker sends an email that has been manipulated to seem as if it originated from a trusted source.

  • email virus

    An email virus consists of malicious code distributed in email messages to infect one or more devices.

  • Encrypting File System (EFS)

    Encrypting File System (EFS) provides an added layer of protection by encrypting files or folders on various versions of the Microsoft Windows OS.

  • encryption

    Encryption is the method by which information is converted into secret code that hides the information's true meaning.

  • encryption key

    In cryptography, an encryption key is a variable value that is applied using an algorithm to a string or block of unencrypted text to produce encrypted text or to decrypt encrypted text.

  • end-to-end encryption (E2EE)

    End-to-end encryption (E2EE) is a method of secure communication that prevents third parties from accessing data while it's transferred from one end system or device to another.

  • ethical hacker

    An ethical hacker, or white hat hacker, is an information security expert authorized by an organization to penetrate computing infrastructure to find security vulnerabilities a malicious hacker could exploit.

  • Evil Corp

    Evil Corp is an international cybercrime network that uses malicious software to steal money from victims' bank accounts and to mount ransomware attacks.

  • evil twin attack

    An evil twin attack is a rogue Wi-Fi access point (AP) that masquerades as a legitimate one, enabling an attacker to gain access to sensitive information without the end user's knowledge.

  • What is an endpoint protection platform (EPP)?

    An endpoint protection platform (EPP) is a security technology that safeguards endpoint devices.

  • What is email spam and how to fight it?

    Email spam, also known as 'junk email,' refers to unsolicited email messages, usually sent in bulk to a large list of recipients. Humans send spam, but more often, botnets are responsible for sending it.

  • What is endpoint detection and response (EDR)?

    Endpoint detection and response (EDR) is a system that gathers and analyzes security threat-related information from computer workstations and other endpoints.

  • What is endpoint security? How does it work?

    Endpoint security is the protection of endpoint devices against cybersecurity threats.

  • What is extended detection and response (XDR)?

    Extended detection and response (XDR) is a technology-driven cybersecurity process designed to help organizations detect and remediate security threats across their entire IT environment.

  • What is Extensible Authentication Protocol (EAP)?

    Extensible Authentication Protocol (EAP) is a protocol for wireless networks that expands the authentication methods used by Point-to-Point Protocol (PPP), a protocol often used when connecting a computer to the internet.

  • F

    Federal Information Security Modernization Act (FISMA)

    ): The Federal Information Security Modernization Act (FISMA) is United States legislation that defines a framework of guidelines and security standards to protect government information technology operations from cyberthreats.

  • federated identity management (FIM)

    Federated identity management (FIM) is an arrangement between multiple enterprises or domains that enables their users to use the same identification data (digital identity) to access all their networks.

  • FIDO (Fast Identity Online)

    FIDO (Fast Identity Online) is a set of technology-agnostic security specifications for strong authentication.

  • firewall

    A firewall is a network security device that prevents unauthorized access to a network. It inspects incoming and outgoing traffic using a set of security rules to identify and block threats.

  • footprinting

    Footprinting is an ethical hacking technique used to gather as much data as possible about a specific targeted computer system, an infrastructure and networks to identify opportunities to penetrate them.

  • four-factor authentication (4FA)

    Four-factor authentication (4FA) is the use of four types of identity-confirming credentials, typically categorized as knowledge, possession, inherence and location factors.

  • fraud detection

    Fraud detection is a set of activities undertaken to prevent money or property from being obtained through false pretenses.

  • fuzz testing (fuzzing)

    Fuzz testing (fuzzing) is a quality assurance technique used to discover coding errors or bugs and security loopholes in software, operating systems and networks.

  • G

    Google Authenticator

    Google Authenticator is a mobile security application that provides a second type of confirmation for websites and online services that use two-factor authentication (2FA) to verify a user's identity before granting him or her access to secure resources.

  • Google Cloud Key Management Service (KMS)

    Google Cloud Key Management Service (KMS) is a cloud service for managing encryption keys for other Google cloud services that enterprises can use to implement cryptographic functions.

  • Google Play Protect

    Google Play Protect is a malware protection and detection service built into Android devices that use Google Mobile Services.

  • governance, risk and compliance (GRC)

    Governance, risk and compliance (GRC) refers to an organization's strategy for handling the interdependencies among the following three components: corporate governance policies, enterprise risk management programs, and regulatory and company compliance.

  • government Trojan

    A government Trojan is spyware installed on a computer or network by a law enforcement agency for the purpose of capturing information relevant to a criminal investigation. Government Trojans represent a step in turning the tables on cybercriminals by using a proven mechanism for capturing data covertly.

  • GPS jamming

    GPS jamming is the act of using a frequency transmitting device to block or interfere with radio communications.

  • H

    hacker

    A hacker is an individual who uses computer, networking or other skills to overcome a technical problem.

  • hacktivism

    Hacktivism is the act of misusing a computer system or network for a socially or politically motivated reason.

  • hardware security module (HSM)

    A hardware security module (HSM) is a physical device that provides extra security for sensitive data.

  • Hash-based Message Authentication Code (HMAC)

    Hash-based Message Authentication Code (HMAC) is a message encryption method that uses a cryptographic key in conjunction with a hash function.

  • Heartbleed

    Heartbleed was a vulnerability in some implementations of OpenSSL, an open source cryptographic library.

  • homomorphic encryption

    Homomorphic encryption is the conversion of data into ciphertext that can be analyzed and worked with as if it were still in its original form.

  • honey monkey

    A honey monkey is a virtual computer system that is programmed to lure, detect, identify and neutralize malicious activity on the Internet. The expression, coined by Microsoft, is based on the term honey pot, which refers to a computer system expressly set up to attract and "trap" people who attempt to penetrate other people's computers... (Continued)

  • honeynet

    A honeynet is a network set up with intentional vulnerabilities hosted on a decoy server to attract hackers.

  • honeypot (computing)

    A honeypot is a network-attached system set up as a decoy to lure cyber attackers and detect, deflect and study hacking attempts to gain unauthorized access to information systems.

  • hypervisor security

    Hypervisor security is the process of ensuring the hypervisor -- the software that enables virtualization -- is secure throughout its lifecycle.

  • I

    identity management (ID management)

    Identity management (ID management) is the organizational process for ensuring individuals have the appropriate access to technology resources.

  • identity provider

    An identity provider (IdP) is a system component that provides an end user or internet-connected device with a single set of login credentials that ensures the entity is who or what it says it is across multiple platforms, applications and networks.

  • identity theft

    Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable information (PII), such as Social Security or driver's license numbers, to impersonate someone else.

  • ILOVEYOU virus

    The ILOVEYOU virus comes in an email with 'ILOVEYOU' in the subject line and contains an attachment that, when opened, results in the message being re-sent to everyone in the recipient's Microsoft Outlook address book.

  • incident response team

    An incident response team is a group of IT professionals in charge of preparing for and reacting to any type of organizational emergency.

  • indicators of compromise (IOC)

    Indicators of compromise are unusual activities on a system or network that imply the presence of a malicious actor.

  • information assurance (IA)

    Information assurance (IA) is the practice of protecting physical and digital information and the systems that support the information.

  • information security (infosec)

    Information security (infosec) is a set of policies, procedures and principles for safeguarding digital data and other kinds of information.

  • insecure deserialization

    Insecure deserialization is a vulnerability in which untrusted or unknown data is used to inflict a denial-of-service attack, execute code, bypass authentication or otherwise abuse the logic behind an application.

  • insider threat

    An insider threat is a category of risk posed by those who have access to an organization's physical or digital assets.