Security management

Terms related to security management, including definitions about intrusion detection systems (IDS) and words and phrases about asset management, security policies, security monitoring, authorization and authentication.
  • security policy - A security policy is a document that states in writing how a company plans to protect its physical and information technology (IT) assets.
  • security theater - Security theater includes any measures taken by a company or security team to create an atmosphere of safety that may only achieve the appearance of heightened security.
  • security through obscurity - Security through obscurity (STO) is reliance upon secrecy in software development to minimize the chance that weaknesses may be detected and targeted.
  • security token - A security token is a physical or wireless device that provides two-factor authentication (2FA) for users to prove their identity in a login process.
  • Security, Trust and Assurance Registry (STAR) - The Security, Trust and Assurance Registry (STAR) is an online registry of cloud provider security controls.
  • segregation of duties (SoD) - Segregation of duties (SoD) is an internal control designed to prevent error and fraud by ensuring that at least two individuals are responsible for the separate parts of any task.
  • Sender Policy Framework (SPF) - Sender Policy Framework (SPF) is a protocol designed to restrict who can use an organization's domain as the source of an email message.
  • sensitive information - Sensitive information is data that must be protected from unauthorized access to safeguard the privacy or security of an individual or organization.
  • session ID - A session ID, also called a session token, is a unique identifier that a web server assigns to a user for the duration of the current session.
  • shadow password file - A shadow password file, also known as /etc/shadow, is a system file in Linux that stores encrypted user passwords and is accessible only to the root user, preventing unauthorized users or malicious actors from breaking into the system.
  • Shared Key Authentication (SKA) - Shared Key Authentication (SKA) is a process by which a computer can gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol.
  • shoulder surfing - Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information.
  • single sign-on (SSO) - Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials -- for example, a username and password -- to access multiple applications.
  • single-factor authentication (SFA) - Single-factor authentication (SFA) is a process for securing access to a given system, such as a network or website, that identifies the party requesting access through only one category of credentials.
  • smart card - A smart card is a physical card that has an embedded integrated chip that acts as a security token.
  • smart home - A smart home is a residence that uses internet-connected devices to enable the remote monitoring and management of appliances and systems, such as lighting and heating.
  • smishing (SMS phishing) - Smishing -- or Short Message Service (SMS) phishing -- is a social engineering tactic cybercriminals use to trick people into divulging sensitive information over text messages.
  • SMS spam (cell phone spam or short messaging service spam) - SMS spam (sometimes called cell phone spam) is any junk message delivered to a mobile phone as text messaging through the Short Message Service (SMS).
  • snooping - Snooping, in a security context, is unauthorized access to another person's or company's data.
  • Snort - Snort is an open source network intrusion detection system (NIDS) created by Sourcefire founder and former CTO Martin Roesch.
  • SOAR (security orchestration, automation and response) - SOAR (security orchestration, automation and response) is a stack of compatible software programs that enables an organization to collect data about security threats and respond to security events with little or no human assistance.
  • social engineering penetration testing - Social engineering penetration testing is the practice of deliberately conducting typical social engineering scams on employees to ascertain the organization's level of vulnerability to this type of exploit.
  • software bill of materials (SBOM) - A software bill of materials (SBOM) is an inventory of all constituent components and software dependencies involved in the development and delivery of an application.
  • software-defined perimeter (SDP) - A software-defined perimeter, or SDP, is a security technique that controls access to resources based on identity and forms a virtual boundary around networked resources.
  • spear phishing - Spear phishing is a malicious email spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information.
  • SQL injection (SQLi) - A SQL injection (SQLi) is a technique that attackers use to gain unauthorized access to a web application database by adding a string of malicious code to a database query.
  • stateful inspection - Stateful inspection, also known as dynamic packet filtering, is a firewall technology that monitors the state of active connections and uses this information to determine which network packets to allow through the firewall.
  • stealth virus - A stealth virus is a computer virus that uses various mechanisms to avoid detection by antivirus software.
  • storage security - Storage security is the group of parameters and settings that make storage resources available to authorized users and trusted networks and unavailable to other entities.
  • strong authentication - Although it is not a standardized term, with set criteria, strong authentication can be said to be any method of verifying the identity of a user or device that is intrinsically stringent enough to ensure the security of the system it protects by withstanding any attacks it is likely to encounter.
  • strong password - A strong password is one that is designed to be hard for a person or program to guess.
  • Structured Threat Information eXpression (STIX) - Structured Threat Information eXpression (STIX) is a standardized Extensible Markup Language (XML) programming language for conveying data about cybersecurity threats in a way that can be easily understood by both humans and security technologies.
  • supercookie - A supercookie is a type of tracking cookie inserted into an HTTP header to collect data about a user's internet browsing history and habits.
  • SYN flood attack - A SYN flood attack is a type of denial-of-service (DoS) attack on a computer server.
  • SYN scanning - SYN scanning is a tactic that a malicious hacker can use to determine the state of a communications port without establishing a full connection.
  • Testing as a Service (TaaS) - Testing as a service (TaaS) is an outsourcing model in which testing activities associated with some of an organization's business activities are performed by a service provider rather than in-house employees.
  • threat actor - A threat actor, also called a malicious actor or bad actor, is an entity that is partially or wholly responsible for an incident that affects -- or has the potential to affect -- an organization's security.
  • three-factor authentication (3FA) - Three-factor authentication (3FA) is the use of identity-confirming credentials from three separate categories of authentication factors -- typically, the knowledge, possession and inherence categories.
  • token - In general, a token is an object that represents something else, such as another object (either physical or virtual), or an abstract concept as, for example, a gift is sometimes referred to as a token of the giver's esteem for the recipient.
  • tokenization - Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.
  • Top searches of 2008 - What were people searching the WhatIs.
  • Tor browser - The Tor (the onion routing) browser is a web browser designed for anonymous web surfing and protection against traffic analysis.
  • transitive trust - Transitive trust is a two-way relationship automatically created between parent and child domains in a Microsoft Active Directory forest.
  • Transport Layer Security (TLS) - Transport Layer Security (TLS) is an Internet Engineering Task Force (IETF) standard protocol that provides authentication, privacy and data integrity between two communicating computer applications.
  • triage in IT - Triage is a term referring to the assignment of priority levels to tasks or individuals to determine the most effective order in which to deal with them.
  • trusted computing base (TCB) - A trusted computing base (TCB) is everything in a computing system that provides a secure environment for operations.
  • Trusted Platform Module (TPM) - A Trusted Platform Module (TPM) is a specialized chip on a device designed to secure hardware with cryptographic keys.
  • tunneling or port forwarding - Tunneling or port forwarding is the transmission of data intended for use only within a private -- usually corporate -- network through a public network in such a way that the public network's routing nodes are unaware that the transmission is part of a private network.
  • Twofish - Twofish is a symmetric-key block cipher with a block size of 128 bits and variable-length key of size 128, 192 or 256 bits.
  • user account provisioning - User account provisioning is a business process for creating and managing access to resources in an information technology (IT) system.
  • virtual appliance - Considered a software equivalent of a hardware device, a virtual appliance (VA) is a preconfigured software solution.
  • virtual firewall - A virtual firewall is a firewall device or service that provides network traffic filtering and monitoring for virtual machines (VMs) in a virtualized environment.
  • virtual local area network hopping (VLAN hopping) - Virtual local area network hopping (VLAN hopping) is a method of attacking the network resources of a VLAN by sending packets to a port not usually accessible from an end system.
  • virtual machine escape - A virtual machine escape is an exploit in which an attacker runs code on a VM that lets the operating system (OS) running within it break out and interact directly with the hypervisor.
  • virtualization-based security (VBS) - Virtualization-based security (VBS) is a technology that abstracts computer processes from the underlying operating system (OS) and, in some cases, hardware.
  • virus (computer virus) - A computer virus is a type of malware that attaches itself to a program or file.
  • virus hoax - A virus hoax is a false warning about a computer virus.
  • VUCA (volatility, uncertainty, complexity and ambiguity) - VUCA is an acronym that stands for volatility, uncertainty, complexity and ambiguity -- qualities that make a situation or condition difficult to analyze, respond to or plan for.
  • vulnerability (information technology) - A vulnerability, in information technology (IT), is a flaw in code or design that creates a potential point of security compromise for an endpoint or network.
  • vulnerability and patch management - Vulnerability management is a pro-active approach to managing network security.
  • vulnerability assessment - A vulnerability assessment is the process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructures.
  • vulnerability disclosure - Vulnerability disclosure is the practice of reporting security flaws in computer software or hardware.
  • vulnerability management - Vulnerability management is the process of identifying, assessing, remediating and mitigating security vulnerabilities in software and computer systems.
  • WannaCry ransomware - WannaCry ransomware is a cyber attack that spreads by exploiting vulnerabilities in the Windows operating system.
  • war driving (access point mapping) - War driving, also called access point mapping, is the act of locating and possibly exploiting connections to wireless local area networks (WLANs) while driving around a city or elsewhere.
  • WebAuthn API - The Web Authentication API (WebAuthn API) is a credential management application program interface (API) that lets web applications authenticate users without storing their passwords on servers.
  • What are Common Criteria (CC) for Information Technology Security Evaluation? - Common Criteria (CC) is an international standard (ISO/IEC 15408) for evaluating information technology security products.
  • What is a block cipher? - A block cipher is a method of encrypting data in blocks to produce ciphertext using a cryptographic key and algorithm.
  • What is a Certified Information Systems Auditor (CISA)? - Certified Information Systems Auditor (CISA) is a certification and globally recognized standard for appraising an IT auditor's knowledge, expertise and skill in assessing vulnerabilities and instituting IT controls in an enterprise environment.
  • What is a cloud access security broker (CASB)? - A cloud access security broker (CASB) is a software tool or service that sits between an organization's on-premises infrastructure and a cloud provider's infrastructure.
  • What is a computer exploit? - A computer exploit, or exploit, is a program or piece of code developed to take advantage of a vulnerability in a computer or network system.
  • What is a micro VM (micro virtual machine)? - A micro VM (micro virtual machine) is a virtual machine program that serves to isolate an untrusted computing operation from a computer's host operating system.
  • What is a next-generation firewall (NGFW)? - A next-generation firewall (NGFW) is part of the third generation of firewall technology that can be implemented in hardware or software.
  • What is a potentially unwanted program (PUP)? - A potentially unwanted program (PUP) is a program that may be unwanted, despite the possibility that users consented to download it.
  • What is a private cloud? - Private cloud is a type of cloud computing that delivers similar advantages to public cloud, including scalability and self-service, but through a proprietary architecture.
  • What is a proxy firewall? - A proxy firewall is a network security system that protects network resources by filtering messages at the application layer.
  • What is a public key and how does it work? - In cryptography, a public key is a large numerical value that is used to encrypt data.
  • What is a public key certificate? - A public key certificate is a digitally signed document that serves to validate the sender's authorization and name.
  • What is a session key? - A session key is an encryption and decryption key that is randomly generated to ensure the security of a communications session between a user and another computer or between two computers.
  • What is a spam trap? - A spam trap is an email address that's used to identify and monitor spam email.
  • What is a stream cipher? - A stream cipher is an encryption method in which data is encrypted one byte at a time.
  • What is a threat intelligence feed? - A threat intelligence feed, also known as a TI feed, is an ongoing stream of data related to potential or current threats to an organization's security.
  • What is acceptable use policy (AUP)? - An acceptable use policy (AUP) is a document stipulating constraints and practices that a user must agree to for access to or use of a corporate network, the internet or other computing resources.
  • What is access control? - Access control is a security technique that regulates who or what can view or use resources in a computing environment.
  • What is an endpoint protection platform (EPP)? - An endpoint protection platform (EPP) is a security technology that safeguards endpoint devices.
  • What is an intrusion detection system (IDS)? - An intrusion detection system monitors (IDS) network traffic for suspicious activity and sends alerts when such activity is discovered.
  • What is an SSL VPN (Secure Sockets Layer virtual private network)? - An SSL VPN is a type of virtual private network (VPN) that uses the Secure Sockets Layer (SSL) protocol -- or, more often, its successor, the Transport Layer Security (TLS) protocol -- in standard web browsers to provide secure, remote access VPN capability.
  • What is Android System WebView and should you uninstall it? - Android System WebView is a system component for the Android operating system (OS) that enables Android apps to display web content directly inside an application.
  • What is authentication, authorization and accounting (AAA)? - Authentication, authorization and accounting (AAA) is a security framework for controlling and tracking user access within a computer network.
  • What is BCDR? Business continuity and disaster recovery guide - Business continuity (BC) and disaster recovery (DR) are closely related practices that support an organization's ability to remain operational after an adverse event.
  • What is BitLocker? - BitLocker Drive Encryption, or BitLocker, is a Microsoft Windows security and encryption feature.
  • What is cipher block chaining (CBC)? - Cipher block chaining (CBC) is a mode of operation for a block cipher -- one in which a sequence of bits are encrypted as a single unit, or block, with a cipher key applied to the entire block.
  • What is cryptography? - Cryptography is a method of protecting information and communications using codes, so that only those for whom the information is intended can read and process it.
  • What is cyber attribution? - Cyber attribution is the process of tracking and identifying the perpetrator of a cyberattack or other cyber operation.
  • What is cybercrime and how can you prevent it? - Cybercrime is any criminal activity that involves a computer, network or networked device.
  • What is Data Encryption Standard (DES)? - Data Encryption Standard (DES) is an outdated symmetric key method of data encryption.
  • What is data loss prevention (DLP)? - Data loss prevention (DLP) -- sometimes referred to as 'data leak prevention,' 'information loss prevention' or 'extrusion prevention' -- is a strategy to mitigate threats to critical data.
  • What is data privacy? - Data privacy, also called information privacy, is an aspect of data protection that addresses the proper storage, access, retention, immutability and security of sensitive data.
  • What is dynamic application security testing (DAST)? - Dynamic application security testing (DAST) is the process of analyzing a web application in runtime to identify security vulnerabilities or weaknesses.
  • What is employee monitoring? - Employee monitoring is when businesses monitor employees to improve productivity and protect corporate resources.