Security management
Terms related to security management, including definitions about intrusion detection systems (IDS) and words and phrases about asset management, security policies, security monitoring, authorization and authentication.- What is endpoint security? How does it work? - Endpoint security is the protection of endpoint devices against cybersecurity threats.
- What is extended detection and response (XDR)? - Extended detection and response (XDR) is a technology-driven cybersecurity process designed to help organizations detect and remediate security threats across their entire IT environment.
- What is GDPR? Compliance and conditions explained - The General Data Protection Regulation (GDPR) is legislation that updated and unified data privacy laws across the European Union (EU).
- What is Group Policy Object (GPO) and why is it important? - Microsoft’s Group Policy Object (GPO) is a collection of Group Policy settings that defines what a system will look like and how it will behave for a defined group of users.
- What is identity and access management? Guide to IAM - No longer just a good idea, IAM is a crucial piece of the cybersecurity puzzle.
- What is incident response? A complete guide - Incident response is an organized, strategic approach to detecting and managing cyberattacks in ways that minimize damage, recovery time and total costs.
- What is IPsec (Internet Protocol Security)? - IPsec (Internet Protocol Security) is a suite of protocols and algorithms for securing data transmitted over the internet or any public network.
- What is IT/OT convergence? Everything you need to know - IT/OT convergence is the integration of information technology (IT) systems with operational technology (OT) systems.
- What is malware? Prevention, detection and how attacks work - Malware, or malicious software, is any program or file that's intentionally harmful to a computer, network or server.
- What is network scanning? How to, types and best practices - Network scanning is a procedure for identifying active devices on a network by employing a feature or features in the network protocol to signal to devices and await a response.
- What is obfuscation and how does it work? - Obfuscation means to make something difficult to understand.
- What is OPSEC (operations security)? - OPSEC (operations security) is an analytical process that military, law enforcement, government and private organizations use to prevent sensitive or proprietary information from being accessed inappropriately.
- What is passwordless authentication? - Passwordless authentication allows a user to sign into a service without using a password.
- What is PCI DSS (Payment Card Industry Data Security Standard)? - The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information.
- What is PKI (public key infrastructure)? - PKI (public key infrastructure) is the underlying framework that enables the secure exchange of information over the internet using digital certificates and public key encryption.
- What is ransomware? How it works and how to remove it - Ransomware is a type of malware that locks and encrypts a victim's data, files, devices or systems, rendering them inaccessible and unusable until the attacker receives a ransom payment.
- What is role-based access control (RBAC)? - Role-based access control (RBAC) is a method of restricting network access based on the roles of individual users within an enterprise.
- What is security information and event management (SIEM)? - Security information and event management (SIEM) is an approach to security management that combines security information management (SIM) and security event management (SEM) functions into one security management system.
- What is shared responsibility model? - A shared responsibility model is a cloud security framework that dictates the security obligations of a cloud computing provider and its users to ensure accountability.
- What is SSH (Secure Shell) and How Does It Work? - SSH (Secure Shell or Secure Socket Shell) is a network protocol that gives users -- particularly systems administrators -- a secure way to access a computer over an unsecured network.
- What is static application security testing (SAST)? - Static application security testing (SAST) is the process of analyzing and testing application source code for security vulnerabilities.
- What is the CIA triad (confidentiality, integrity and availability)? - The CIA triad refers to confidentiality, integrity and availability, describing a model designed to guide policies for information security within an organization.
- What is the Cybersecurity Information Sharing Act (CISA)? - The Cybersecurity Information Sharing Act (CISA) allows United States government agencies and non-government entities to share information with each other as they investigate cyberattacks.
- What is the dark web (darknet)? - The dark web is an encrypted portion of the internet not visible to the general public via a traditional search engine such as Google.
- What is the Mitre ATT&CK framework? - The Mitre ATT&CK -- pronounced miter attack -- framework is a free, globally accessible knowledge base that describes the latest behaviors and tactics of cyberadversaries to help organizations strengthen their cybersecurity strategies.
- What is the zero-trust security model? - The zero-trust security model is a cybersecurity approach that denies access to an enterprise's digital resources by default and grants authenticated users and devices tailored, siloed access to only the applications, data, services and systems they need to do their jobs.
- What is threat intelligence? - Threat intelligence, also known as cyberthreat intelligence, is information gathered from a range of sources about current or potential attacks against an organization.
- What is two-factor authentication (2FA)? - Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication, is a security process in which users provide two different authentication factors to verify themselves.
- What is unified endpoint management (UEM)? A complete guide - Unified endpoint management (UEM) is an approach to securing and controlling desktop computers, laptops, smartphones and tablets in a connected, cohesive manner from a single console.
- What is unified threat management (UTM)? - Unified threat management (UTM) is an information security system that provides a single point of protection against cyberthreats, including viruses, worms, spyware and other malware, as well as network attacks.
- white hat hacker - A white hat hacker -- or ethical hacker -- is an individual who uses hacking skills to identify security vulnerabilities in hardware, software or networks.
- Wi-Fi (802.11x standard) - Wi-Fi is a term for certain types of wireless local area networks (WLAN) that use specifications in the IEEE 802.
- Wi-Fi Protected Access (WPA) - Wi-Fi Protected Access (WPA) is a security standard for computing devices equipped with wireless internet connections.
- Wiegand - Wiegand is the trade name for a technology used in card readers and sensors, particularly for access control applications.
- wildcard certificate - A wildcard certificate is a digital certificate that is applied to a domain and all its subdomains.
- Windows Defender Exploit Guard - Microsoft Windows Defender Exploit Guard is antimalware software that provides intrusion protection for Windows 10 OS users.
- Wired Equivalent Privacy (WEP) - Wired Equivalent Privacy (WEP) is a security protocol, specified in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.
- Wireless Transport Layer Security (WTLS) - Wireless Transport Layer Security (WTLS) is a security level for the Wireless Application Protocol (WAP), specifically for the applications that use WAP.
- Wireshark - Wireshark is a widely used network protocol analyzer that lets users capture and view the details of network traffic in real time.
- X.509 certificate - An X.509 certificate is a digital certificate that uses the widely accepted international X.
- zero-day vulnerability - A zero-day vulnerability is a security loophole in software, hardware or firmware that threat actors exploit before the vendors can identify and patch it.
- Zoombombing - Zoombombing is a type of cyber-harassment in which an unwanted and uninvited user or group of such users interrupts online meetings on the Zoom video conference app.