Browse Definitions :

Threat management

Terms related to security threats, including definitions about anti-virus programs or firewalls and words and phrases about malware, viruses, Trojans and other security attacks.
  • cyberterrorism - Cyberterrorism is usually defined as any premeditated, politically motivated attack against information systems, programs, and data that threatens violence or results in violence.
  • cyberwarfare - The generally accepted definition of cyberwarfare is a series of cyber attacks against a nation-state, causing it significant harm.
  • dark web monitoring - Dark web monitoring is the process of searching for and continuously tracking information on the dark web.
  • data availability - Data availability is a term used by computer storage manufacturers and storage service providers to describe how data should be available at a required level of performance in situations ranging from normal through disastrous.
  • data breach - A data breach is a cyber attack in which sensitive, confidential or otherwise protected data has been accessed or disclosed in an unauthorized fashion.
  • data integrity - Data integrity is the assurance that digital information is uncorrupted and can only be accessed or modified by those authorized to do so.
  • data poisoning (AI poisoning) - Data or AI poisoning attacks are deliberate attempts to manipulate the training data of artificial intelligence and machine learning models to corrupt their behavior and elicit skewed, biased or harmful outputs.
  • data splitting - Data splitting is when data is divided into two or more subsets.
  • deception technology - Deception technology is a class of security tools and techniques designed to prevent an attacker who has already entered the network from doing damage.
  • decompression bomb (zip bomb, zip of death attack) - A decompression bomb -- also known as a zip bomb or zip of death attack -- is a malicious archive file containing a large amount of compressed data.
  • dictionary attack - A dictionary attack is a method of breaking into a password-protected computer, network or other IT resource by systematically entering every word in a dictionary, or word list, as a password.
  • Diffie-Hellman key exchange (exponential key exchange) - Diffie-Hellman key exchange is a method of digital encryption that securely exchanges cryptographic keys between two parties over a public channel without their conversation being transmitted over the internet.
  • digital footprint - A digital footprint -- sometimes called a digital shadow -- is the body of data that an individual creates through their actions online.
  • digital forensics and incident response (DFIR) - Digital forensics and incident response (DFIR) is a combined set of cybersecurity operations that incident response teams use to detect, investigate and respond to cybersecurity events.
  • digital profiling - Digital profiling is the process of gathering and analyzing information about an individual that exists online.
  • Digital Signature Standard (DSS) - The Digital Signature Standard (DSS) is a digital signature algorithm (DSA) developed by the U.
  • directory traversal - Directory traversal is a type of HTTP exploit in which a hacker uses the software on a web server to access data in a directory other than the server's root directory.
  • disaster recovery plan (DRP) - A disaster recovery plan (DRP) is a documented, structured approach that describes how an organization can quickly resume operations after an unplanned incident.
  • distributed denial-of-service (DDoS) attack - A distributed denial-of-service (DDoS) attack is one in which multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource.
  • DMZ in networking - In computer networks, a DMZ, or demilitarized zone, is a physical or logical subnet that separates a local area network (LAN) from other untrusted networks -- usually, the public internet.
  • DNS attack - A DNS attack is an exploit in which an attacker takes advantage of vulnerabilities in the domain name system.
  • domain generation algorithm (DGA) - A domain generation algorithm (DGA) is a program that generates a large list of domain names.
  • double blind test - Double blind test is an experiment where both the subject and observer are unaware that the exercise in practice is a test.
  • double extortion ransomware - Double extortion ransomware is a novel form of malware that combines ransomware with elements of extortionware to maximize the victim's potential payout.
  • dropper - A dropper is a small helper program that facilitates the delivery and installation of malware.
  • dumpster diving - Dumpster diving is looking for treasure in someone else's trash.
  • Electronic Code Book (ECB) - Electronic Code Book (ECB) is a simple mode of operation with a block cipher that's mostly used with symmetric key encryption.
  • electronic discovery (e-discovery or ediscovery) - Electronic discovery -- also called e-discovery or ediscovery -- refers to any process of obtaining and exchanging evidence in a civil or criminal legal case.
  • electronic intelligence (ELINT) - Electronic intelligence (ELINT) is intelligence gathered using electronic sensors, usually used in military applications.
  • Elk Cloner - Elk Cloner is the first personal computer virus or self-replicating program known to have spread in the wild on a large scale.
  • elliptical curve cryptography (ECC) - Elliptical curve cryptography (ECC) is a public key encryption technique based on elliptic curve theory that can be used to create faster, smaller and more efficient cryptographic keys.
  • email security - Email security is the process of ensuring the availability, integrity and authenticity of email communications by protecting against unauthorized access and email threats.
  • email spam - Email spam, also known as junk email, refers to unsolicited email messages, usually sent in bulk to a large list of recipients.
  • email spoofing - Email spoofing is a form of cyber attack in which a hacker sends an email that has been manipulated to seem as if it originated from a trusted source.
  • email virus - An email virus consists of malicious code distributed in email messages to infect one or more devices.
  • embedded system security - Embedded system security is a strategic approach to protecting software running on embedded systems from attack.
  • emergency management plan - An emergency management plan should include measures that provide for the safety of personnel and, if possible, property and facilities.
  • encoding and decoding - Encoding and decoding are used in many forms of communications, including computing, data communications, programming, digital electronics and human communications.
  • encryption - Encryption is the method by which information is converted into secret code that hides the information's true meaning.
  • encryption key - In cryptography, an encryption key is a variable value that is applied using an algorithm to a string or block of unencrypted text to produce encrypted text or to decrypt encrypted text.
  • endpoint detection and response (EDR) - Endpoint detection and response (EDR) is a system to gather and analyze security threat-related information from computer workstations and other endpoints, with the goal of finding security breaches as they happen and facilitating a quick response to discovered or potential threats.
  • ethical hacker - An ethical hacker, or white hat hacker, is an information security expert authorized by an organization to penetrate computing infrastructure to find security vulnerabilities a malicious hacker could exploit.
  • evil twin attack - An evil twin attack is a rogue Wi-Fi access point (AP) that masquerades as a legitimate one, enabling an attacker to gain access to sensitive information without the end user's knowledge.
  • executable file (EXE file) - An executable file (EXE file) is a computer file that contains an encoded sequence of instructions that the system can execute directly when the user clicks the file icon.
  • extended detection and response (XDR) - Extended detection and response (XDR) is a technology-driven cybersecurity process designed to help organizations detect and remediate security threats across their entire IT environment.
  • Facebook cloning - Facebook cloning is a scam in which the attacker copies the profile picture of an authorized user, creates a new account using that person’s name and sends friend requests to people on the user’s list.
  • Faraday cage - A Faraday cage is a metallic enclosure that prevents the entry or escape of an electromagnetic field (EM field).
  • Federal Emergency Management Agency (FEMA) - Federal Emergency Management Agency (FEMA) is a United States government agency with the purpose to coordinate aid and respond to disasters around the nation when local resources are insufficient.
  • federated identity management (FIM) - Federated identity management (FIM) is an arrangement between multiple enterprises or domains that enables their users to use the same identification data (digital identity) to access all their networks.
  • FFIEC compliance (Federal Financial Institutions Examination Council) - FFIEC compliance is conformance to a set of standards for online banking issued in October 2005 by the Federal Financial Institutions Examination Council (FFIEC).
  • firewall - A firewall is a network security device that prevents unauthorized access to a network.
  • footprinting - Footprinting is an ethical hacking technique used to gather as much data as possible about a specific targeted computer system, an infrastructure and networks to identify opportunities to penetrate them.
  • freeware - Freeware (not to be confused with free software) is a type of proprietary software that is released without charge to the public.
  • frequency-hopping spread spectrum (FHSS) - Frequency-hopping spread spectrum (FHSS) transmission is the repeated switching of the carrier frequency during radio transmission to reduce interference and avoid interception.
  • Google dork query - A Google dork query, sometimes just referred to as a dork, is a search string or custom query that uses advanced search operators to find information not readily available on a website.
  • government Trojan - A government Trojan is spyware installed on a computer or network by a law enforcement agency for the purpose of capturing information relevant to a criminal investigation.
  • Great Firewall of China - The Great Firewall of China is the name that western media has given to the combination of tools, services and rules that the government of the People's Republic of China uses to block certain internet content from those within China's borders.
  • Group Policy Object (GPO) - Microsoft’s Group Policy Object (GPO) is a collection of Group Policy settings that defines what a system will look like and how it will behave for a defined group of users.
  • hacker - A hacker is an individual who uses computer, networking or other skills to overcome a technical problem.
  • hacking as a service (HaaS) - Hacking as a service (HaaS) is the commercialization of hacking skills, in which the hacker serves as a contractor.
  • hacktivism - Hacktivism is the act of misusing a computer system or network for a socially or politically motivated reason.
  • hard-drive encryption - Hard-drive encryption is a technology that encrypts the data stored on a hard drive using sophisticated mathematical functions.
  • hashing - Hashing is the process of transforming any given key or a string of characters into another value.
  • Heartbleed - Heartbleed was a vulnerability in some implementations of OpenSSL, an open source cryptographic library.
  • honey monkey - A honey monkey is a virtual computer system that is programmed to lure, detect, identify and neutralize malicious activity on the Internet.
  • honeynet - A honeynet is a network set up with intentional vulnerabilities hosted on a decoy server to attract hackers.
  • honeypot (computing) - A honeypot is a network-attached system set up as a decoy to lure cyber attackers and detect, deflect and study hacking attempts to gain unauthorized access to information systems.
  • Hypertext Transfer Protocol Secure (HTTPS) - Hypertext Transfer Protocol Secure (HTTPS) is a protocol that secures communication and data transfer between a user's web browser and a website.
  • hypervisor security - Hypervisor security is the process of ensuring the hypervisor -- the software that enables virtualization -- is secure throughout its lifecycle.
  • identity theft - Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable information (PII), such as Social Security or driver's license numbers, to impersonate someone else.
  • ILOVEYOU virus - The ILOVEYOU virus comes in an email with 'ILOVEYOU' in the subject line and contains an attachment that, when opened, results in the message being re-sent to everyone in the recipient's Microsoft Outlook address book.
  • indicators of compromise (IOC) - Indicators of compromise are unusual activities on a system or network that imply the presence of a malicious actor.
  • industrial espionage - Industrial espionage is the covert, and sometimes illegal, practice of investigating competitors to gain a business advantage.
  • initialization vector - An initialization vector (IV) is an arbitrary number that can be used with a secret key for data encryption to foil cyber attacks.
  • inline frame (iframe) - An inline frame (iframe) is a HTML element that loads another HTML page within the document.
  • input validation attack - An input validation attack is any malicious action against a computer system that involves manually entering strange information into a normal user input field.
  • insecure deserialization - Insecure deserialization is a vulnerability in which untrusted or unknown data is used to inflict a denial-of-service attack, execute code, bypass authentication or otherwise abuse the logic behind an application.
  • insider threat - An insider threat is a category of risk posed by those who have access to an organization's physical or digital assets.
  • International Data Encryption Algorithm (IDEA) - The International Data Encryption Algorithm (IDEA) is a symmetric key block cipher encryption algorithm designed to encrypt text to an unreadable format for transmission via the internet.
  • Internet Key Exchange (IKE) - Internet Key Exchange (IKE) is a standard protocol used to set up a secure and authenticated communication channel between two parties via a virtual private network (VPN).
  • intrusion detection system (IDS) - An intrusion detection system (IDS) is a system that monitors network traffic for suspicious activity and alerts when such activity is discovered.
  • intrusion prevention system (IPS) - An intrusion prevention system (IPS) is a cybersecurity tool that examines network traffic to identify potential threats and automatically take action against them.
  • IoT security (internet of things security) - IoT security (internet of things security) is the technology segment focused on safeguarding connected devices and networks in IoT.
  • IP spoofing - Internet Protocol (IP) spoofing is a type of malicious attack where the threat actor hides the true source of IP packets to make it difficult to know where they came from.
  • IPsec (Internet Protocol Security) - IPsec (Internet Protocol Security) is a suite of protocols and algorithms for securing data transmitted over the internet or any public network.
  • ISA Server - Microsoft's ISA Server (Internet Security and Acceleration Server) was the successor to Microsoft's Proxy Server 2.
  • ISO 27001 - ISO 27001, formally known as ISO/IEC 27001:2022, is an information security standard created by the International Organization for Standardization (ISO), which provides a framework and guidelines for establishing, implementing and managing an information security management system (ISMS).
  • ISO/TS 22317 (International Organization for Standardization Technical Standard 22317) - ISO/TS 22317 is the first formal standard to address the business impact analysis process.
  • JavaScript - JavaScript is a programming language that started off simply as a mechanism to add logic and interactivity to an otherwise static Netscape browser.
  • juice jacking - Juice jacking is a security exploit in which an infected USB charging station is used to compromise devices that connect to it.
  • Kerberos - Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet.
  • key fob - A key fob is a small, programmable device that provides access to a physical object.
  • keylogger (keystroke logger or system monitor) - A keylogger, sometimes called a keystroke logger, is a type of surveillance technology used to monitor and record each keystroke on a specific device, such as a computer or smartphone.
  • kill switch - A kill switch in an IT context is a mechanism used to shut down or disable a device or program.
  • LEAP (Lightweight Extensible Authentication Protocol) - LEAP (Lightweight Extensible Authentication Protocol) is a Cisco-proprietary version of EAP, the authentication protocol used in wireless networks and Point-to-Point connections.
  • logic bomb - A logic bomb is a string of malicious code that is inserted intentionally into a program to harm a network when certain conditions are met.
  • macro virus - A macro virus is a computer virus written in the same macro language used to create software programs such as Microsoft Excel or Word.
  • macrotrend - A macrotrend is a pervasive and persistent shift in the direction of some phenomenon on a global level.
  • mail bomb - A mail bomb is a form of a denial-of-service (DoS) attack designed to overwhelm an inbox or inhibit a server by sending a massive number of emails to a specific person or system.
  • malware - Malware, or malicious software, is any program or file that's intentionally harmful to a computer, network or server.
Networking
  • subnet (subnetwork)

    A subnet, or subnetwork, is a segmented piece of a larger network. More specifically, subnets are a logical partition of an IP ...

  • Transmission Control Protocol (TCP)

    Transmission Control Protocol (TCP) is a standard protocol on the internet that ensures the reliable transmission of data between...

  • secure access service edge (SASE)

    Secure access service edge (SASE), pronounced sassy, is a cloud architecture model that bundles together network and cloud-native...

Security
  • cyber attack

    A cyber attack is any malicious attempt to gain unauthorized access to a computer, computing system or computer network with the ...

  • digital signature

    A digital signature is a mathematical technique used to validate the authenticity and integrity of a digital document, message or...

  • What is security information and event management (SIEM)?

    Security information and event management (SIEM) is an approach to security management that combines security information ...

CIO
  • product development (new product development)

    Product development -- also called new product management -- is a series of steps that includes the conceptualization, design, ...

  • innovation culture

    Innovation culture is the work environment that leaders cultivate to nurture unorthodox thinking and its application.

  • technology addiction

    Technology addiction is an impulse control disorder that involves the obsessive use of mobile devices, the internet or video ...

HRSoftware
  • organizational network analysis (ONA)

    Organizational network analysis (ONA) is a quantitative method for modeling and analyzing how communications, information, ...

  • HireVue

    HireVue is an enterprise video interviewing technology provider of a platform that lets recruiters and hiring managers screen ...

  • Human Resource Certification Institute (HRCI)

    Human Resource Certification Institute (HRCI) is a U.S.-based credentialing organization offering certifications to HR ...

Customer Experience
  • contact center agent (call center agent)

    A contact center agent is a person who handles incoming or outgoing customer communications for an organization.

  • contact center management

    Contact center management is the process of overseeing contact center operations with the goal of providing an outstanding ...

  • digital marketing

    Digital marketing is the promotion and marketing of goods and services to consumers through digital channels and electronic ...

Close