Security management

Terms related to security management, including definitions about intrusion detection systems (IDS) and words and phrases about asset management, security policies, security monitoring, authorization and authentication.
  • AAA server (authentication, authorization and accounting) - An AAA server is a server program that handles user requests for access to computer resources and, for an enterprise, provides authentication, authorization and accounting (AAA) services.
  • Active Directory tree - An Active Directory (AD) tree is a collection of domains within a Microsoft Active Directory network.
  • Advanced Encryption Standard (AES) - The Advanced Encryption Standard (AES) is a symmetric block cipher chosen by the U.
  • advanced persistent threat (APT) - An advanced persistent threat (APT) is a prolonged and targeted cyber attack in which an intruder gains access to a network and remains undetected for an extended period.
  • air gap (air gapping) - An air gap is a security measure that involves isolating a computer or network and preventing it from establishing an external connection.
  • alert fatigue - Alert fatigue, also called alarm fatigue, is an instance where an overwhelming number of alerts causes an individual to become desensitized to them.
  • Amazon Inspector - Amazon Inspector is an AWS tool that automatically assesses a customer's AWS cloud deployment for security vulnerabilities and deficiencies.
  • antimalware (anti-malware) - Antimalware is a type of software program created to protect IT systems and individual computers from malicious software, or malware.
  • antivirus software (antivirus program) - Antivirus software (antivirus program) is a security program designed to prevent, detect, search and remove viruses and other types of malware from computers, networks and other devices.
  • API security - Application program interface (API) security refers to policies and procedures that protect APIs against malicious attacks and vulnerabilities.
  • app wrapping (application wrapping) - App wrapping (application wrapping) is applying a management layer to an existing mobile app.
  • application blacklisting (application blocklisting) - Application blacklisting --increasingly called application blocklisting -- is a network or computer administration practice used to prevent the execution of undesirable software programs.
  • application firewall - An application firewall is an enhanced firewall that limits access by applications to the operating system (OS) of a computer.
  • application security - Application security, or appsec, is the practice of using security software, hardware, techniques, best practices and procedures to protect computer applications from external security threats.
  • application whitelisting - Application whitelisting is the practice of specifying an index of approved software applications or executable files that are permitted to be present and active on a computer system.
  • attack surface - An attack surface is the total number of all possible entry points for unauthorized access into any system.
  • attack vector - An attack vector is a path or means by which an attacker or hacker can gain access to a computer or network server in order to deliver a payload or malicious outcome.
  • authentication server - An authentication server is an application that facilitates the authentication of an entity that attempts to access a network.
  • Automatic Identification and Data Capture (AIDC) - Automatic Identification and Data Capture (AIDC) is a broad set of technologies used to collect information from an object, image or sound without manual data entry.
  • AWS CloudTrail - AWS CloudTrail is an application program interface (API) call-recording and log-monitoring service offered by Amazon Web Services (AWS).
  • backdoor (computing) - A backdoor attack is a means to access a computer system or encrypted data that bypasses the system's customary security mechanisms.
  • behavior-based security - Behavior-based security software scans for deviations from the norm and decides whether an anomaly poses a threat or can simply be ignored.
  • biometric payment - Biometric payment is a point-of-sale (POS) technology that uses biometric authentication physical characteristics to identify the user and authorize the deduction of funds from a bank account.
  • biometric verification - Biometric verification is any means by which a person can be uniquely identified by evaluating one or more distinguishing biological traits.
  • BIOS password - A BIOS password is authentication information that's sometimes required to log into a computer's basic input/output system (BIOS) settings before a computer boots up.
  • BIOS rootkit - A BIOS-level rootkit is programming that exists in a system's memory hardware to enable remote administration.
  • black hat hacker - A black hat hacker has been historically used to describe one who has malicious intent -- such as theft of information, fraud or disrupting systems -- but increasingly, more specific terms are being used to describe those people.
  • blended threat - A blended threat is an exploit that combines elements of multiple types of malware and usually employs various attack vectors to increase the severity of damage and the speed of contagion.
  • block cipher - A block cipher is a method of encrypting data in blocks to produce ciphertext using a cryptographic key and algorithm.
  • Blowfish - Blowfish is a variable-length, symmetric, 64-bit block cipher.
  • bluesnarfing - Bluesnarfing is a hacking technique in which a hacker accesses a wireless device through a Bluetooth connection.
  • bot - A bot -- short for robot and also called an internet bot -- is a computer program that operates as an agent for a user or other program or to simulate a human activity.
  • botnet - A botnet is a collection of internet-connected devices, which may include personal computers (PCs), servers, mobile devices and internet of things (IoT) devices, that are infected and controlled by a common type of malware, often unbeknownst to their owner.
  • browser hijacker (browser hijacking) - A browser hijacker is a malware program that modifies web browser settings without the user's permission and redirects the user to websites the user had not intended to visit.
  • brute-force attack - A brute-force attack is a trial-and-error method used by application programs to decode login information and encryption keys to use them to gain unauthorized access to systems.
  • buffer overflow - A buffer overflow occurs when a program or process attempts to write more data to a fixed-length block of memory, or buffer, than the buffer is allocated to hold.
  • bug bounty program - A bug bounty program, also called a vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals like ethical hackers and security researchers for discovering and reporting vulnerabilities and bugs in software.
  • business continuity management (BCM) - Business continuity management (BCM) is a framework for identifying an organization's risk of exposure to internal and external threats.
  • cache poisoning - Cache poisoning is a type of cyber attack in which attackers insert fake information into a domain name system (DNS) cache or web cache for the purpose of harming users.
  • captive portal - A captive portal is a webpage that the user of a public-access network is required to view and interact with before they can access the network.
  • cardholder data environment (CDE) - A cardholder data environment (CDE) is a computer system or networked group of IT systems that processes, stores or transmits cardholder data or sensitive payment authentication data.
  • CCTV (closed circuit television) - CCTV (closed-circuit television) is a television system in which signals are not publicly distributed but are monitored, primarily for surveillance and security purposes.
  • CERT-In (the Indian Computer Emergency Response Team) - CERT-In (the Indian Computer Emergency Response Team) is a government-mandated information technology (IT) security organization.
  • certificate authority (CA) - A certificate authority (CA) is a trusted entity that issues Secure Sockets Layer (SSL) certificates.
  • certificate revocation list (CRL) - A certificate revocation list (CRL) is a list of digital certificates that have been revoked by the issuing Certificate Authority (CA) before their actual or assigned expiration date.
  • Certified Cloud Security Professional (CCSP) - Certified Cloud Security Professional (CCSP) is an International Information System Security Certification Consortium, or (ISC)2, certification that covers cloud-based cybersecurity best practices.
  • Certified in Risk and Information Systems Control (CRISC) - Certified in Risk and Information Systems Control (CRISC) is a certification program that recognizes knowledge and training in the field of risk management for IT.
  • Certified Information Security Manager (CISM) - Certified Information Security Manager (CISM) is an advanced certification that indicates that an individual possesses the knowledge and experience required to develop and manage an enterprise information security (infosec) program.
  • Certified Information Systems Security Professional (CISSP) - Certified Information Systems Security Professional (CISSP) is an information security certification developed by the International Information Systems Security Certification Consortium, also known as (ISC)².
  • channel partner portal - A channel partner portal is a web-based application that provides a vendor's established partners (usually distributors, resellers, service providers or other strategic partners) with access to deal registration, marketing resources, pricing and sales information for products and services, as well as technical details and support that are unavailable to other end users.
  • Chernobyl virus - The Chernobyl virus is a computer virus with a potentially devastating payload that destroys all computer data when an infected file is executed.
  • chief risk officer (CRO) - The chief risk officer (CRO) is the corporate executive tasked with assessing and mitigating significant competitive, regulatory and technological threats to an enterprise's capital and earnings.
  • cipher - In cryptography, a cipher is an algorithm for encrypting and decrypting data.
  • cipher block chaining (CBC) - Cipher block chaining (CBC) is a mode of operation for a block cipher -- one in which a sequence of bits are encrypted as a single unit, or block, with a cipher key applied to the entire block.
  • ciphertext - Ciphertext is encrypted text transformed from plaintext using an encryption algorithm.
  • ciphertext feedback (CFB) - In cryptography, ciphertext feedback (CFB), also known as cipher feedback, is a mode of operation for a block cipher.
  • CISO (chief information security officer) - The CISO (chief information security officer) is a senior-level executive responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats.
  • CISO as a service (vCISO, virtual CISO, fractional CISO) - A CISO as a service (CISOaaS) is the outsourcing of CISO (chief information security officer) and information security leadership responsibilities to a third-party provider.
  • Class C2 - Class C2 is a security rating established by the U.
  • clean desk policy (CDP) - A clean desk policy (CDP) is a corporate directive that specifies how employees should leave their working space when they leave the office.
  • closed circuit television (CCTV) - CCTV (closed-circuit television) is a TV system in which signals are not publicly distributed but are monitored, primarily for surveillance and security purposes.
  • cloud audit - A cloud audit is an assessment of a cloud computing environment and its services, based on a specific set of controls and best practices.
  • cloud encryption - Cloud encryption is a service cloud storage providers offer whereby a customer's data is transformed using encryption algorithms from plaintext into ciphertext and stored in the cloud.
  • cloud penetration testing - Cloud penetration testing is a tactic an organization uses to assess its cloud security effectiveness by attempting to evade its own defenses.
  • cloud security - Cloud security, also known as 'cloud computing security,' is a set of policies, practices and controls deployed to protect cloud-based data, applications and infrastructure from cyberattacks and cyberthreats.
  • Cloud Security Alliance (CSA) - The Cloud Security Alliance (CSA) is a nonprofit organization that promotes research into best practices for securing cloud computing and the use of cloud technologies to secure other forms of computing.
  • cloud security architecture - Cloud security architecture is a security strategy designed around securing an organization's data and applications in the cloud.
  • cloud workload protection platform (CWPP) - A cloud workload protection platform (CWPP) is a security tool designed to protect workloads that run on premises, in the cloud or in a hybrid arrangement.
  • COBIT - COBIT is an IT governance framework for businesses wanting to implement, monitor and improve IT management best practices.
  • Common Access Card (CAC) - A Common Access Card (CAC) is a smart card issued by the Unites States Department of Defense for accessing DOD systems and facilities.
  • Common Body of Knowledge (CBK) - In security, the Common Body of Knowledge (CBK) is a comprehensive framework of all the relevant subjects a security professional should be familiar with, including skills, techniques and best practices.
  • Common Criteria (CC) for Information Technology Security Evaluation - Common Criteria (CC) is an international set of guidelines and specifications developed for evaluating information security products, specifically to ensure they meet an agreed-upon security standard for government deployments.
  • Common Vulnerability Scoring System (CVSS) - The Common Vulnerability Scoring System (CVSS) is a public framework for rating the severity and characteristics of security vulnerabilities in information systems.
  • Common Weakness Enumeration (CWE) - Common Weakness Enumeration (CWE) is a universal online dictionary of weaknesses that have been found in computer software.
  • communications security (COMSEC) - Communications security (COMSEC) is the prevention of unauthorized access to telecommunications traffic or to any written information that is transmitted or transferred.
  • compensating control (alternative control) - A compensating control, also called an alternative control, is a mechanism that is put in place to satisfy the requirement for a security measure that is deemed too difficult or impractical to implement at the present time.
  • CompTIA Security+ - CompTIA Security+ is a certification that demonstrates a person's competency with core security practices and functions that are carried out in IT security roles.
  • computer cracker - A computer cracker is an outdated term used to describe someone who broke into computer systems, bypassed passwords or licenses in computer programs, or in other ways intentionally breached computer security.
  • Computer Fraud and Abuse Act (CFAA) - The Computer Fraud and Abuse Act (CFAA) of 1986 is United States legislation that imposes criminal penalties on individuals who intentionally access a protected computer without proper authorization or whose access exceeds their authorization.
  • Conficker - Conficker is a fast-spreading worm that targets a vulnerability (MS08-067) in Windows operating systems.
  • consumer privacy (customer privacy) - Consumer privacy, also known as customer privacy, involves the handling and protection of the sensitive personal information provided by customers in the course of everyday transactions.
  • content filtering - Content filtering is a process involving the use of software or hardware to screen and/or restrict access to objectionable email, webpages, executables and other suspicious items.
  • continuous authentication - Continuous authentication is a method of verification aimed at providing identity confirmation and cybersecurity protection on an ongoing basis.
  • control framework - A control framework is a data structure that organizes and categorizes an organization’s internal controls, which are practices and procedures established to create business value and minimize risk.
  • cookie poisoning - Cookie poisoning is a type of cyber attack in which a bad actor hijacks, forges, alters or manipulates a cookie to gain unauthorized access to a user's account, open a new account in the user's name or steal the user's information for purposes such as identity theft.
  • crisis management - Crisis management is the application of strategies designed to help an organization deal with a sudden and significant negative event, while maintaining business continuity.
  • crisis management plan (CMP) - A crisis management plan (CMP) outlines how an organization should respond to a critical situation that if left unaddressed, could negatively affect its profitability, reputation or ability to operate.
  • critical infrastructure - Critical infrastructure is the collection of systems, networks and public works that a government considers essential to its functioning and safety of its citizens.
  • cross-site scripting (XSS) - Cross-site scripting (XSS) is a type of injection attack in which a threat actor inserts data, such as a malicious script, into content from otherwise trusted websites.
  • cryptanalysis - Cryptanalysis is the study of ciphertext, ciphers and cryptosystems to understand how they work and to find and improve techniques for defeating or weakening them.
  • crypto wallet (cryptocurrency wallet) - A crypto wallet (cryptocurrency wallet) is software or hardware that enables users to store and use cryptocurrency.
  • crypto-agility - Crypto-agility, or cryptographic agility, is a data encryption practice used by organizations to ensure a rapid response to a cryptographic threat.
  • cryptographic checksum - Generated by a cryptographic algorithm, a cryptographic checksum is a mathematical value assigned to a file sent through a network for verifying that the data contained in that file is unchanged.
  • cryptographic nonce - A nonce is a random or semi-random number that is generated for a specific use.
  • cryptology - Cryptology is the mathematics, such as number theory and the application of formulas and algorithms, that underpin cryptography and cryptanalysis.
  • CSO (Chief Security Officer) - A Chief Security Officer (CSO) is a C-suite executive responsible for a company's physical and digital security.
  • CSR (Certificate Signing Request) - A Certificate Signing Request (CSR) is a specially formatted encrypted message sent from a Secure Sockets Layer (SSL) digital certificate applicant to a certificate authority (CA).
  • cyber hijacking - Cyber hijacking, or computer hijacking, is a type of network security attack in which the attacker takes control of computer systems, software programs and/or network communications.
  • cyber insurance - Cyber insurance, also called cyber liability insurance or cybersecurity insurance, is a contract an entity can purchase to help reduce the financial risks associated with doing business online.
  • cyber threat hunter (cybersecurity threat analyst) - A cyber threat hunter, also called a cybersecurity threat analyst, proactively identifies security incidents that may go undetected by automated security tools such as malware detectors and firewalls.