Browse Definitions :

Threat management

Terms related to security threats, including definitions about anti-virus programs or firewalls and words and phrases about malware, viruses, Trojans and other security attacks.
  • managed security service provider (MSSP) - A managed security service provider (MSSP) is an IT service provider that sells security services to businesses.
  • MD5 - The MD5 (message-digest algorithm) hashing algorithm is a one-way cryptographic function that accepts a message of any length as input and returns as output a fixed-length digest value to be used for authenticating the original message.
  • meet-in-the-middle attack - Meet-in-the-middle is a known plaintext attack that can greatly reduce the number of brute-force permutations required to decrypt text that has been encrypted by more than one key.
  • Melissa virus - Melissa was a type of email virus that initially become an issue in early 1999.
  • metamorphic and polymorphic malware - Metamorphic and polymorphic malware are two types of malicious software (malware) that can change their code as they propagate through a system.
  • MICR (magnetic ink character recognition) - MICR (magnetic ink character recognition) is a technology invented in the 1950s that's used to verify the legitimacy or originality of checks and other paper documents.
  • micro VM (micro virtual machine) - A micro VM (micro virtual machine) is a virtual machine program that serves to isolate an untrusted computing operation from a computer's host operating system.
  • Microsoft Online Services Sign-In Assistant - The Microsoft Online Services Sign-In Assistant is a software application that provides common sign-on capabilities for a suite of Microsoft online services, such as Office 365.
  • mobile malware - Mobile malware is malicious software specifically written to attack mobile devices such as smartphones, tablets, and smartwatches.
  • multifactor authentication - Multifactor authentication (MFA) is an account login process that requires multiple methods of authentication from independent categories of credentials to verify a user's identity for a login or other transaction.
  • mutual authentication - Mutual authentication, also called two-way authentication, is a process or technology in which both entities in a communications link authenticate each other.
  • national identity card - A national identity card is a portable document, typically a plasticized card with digitally embedded information, that is used to verify aspects of a person's identity.
  • near-field communication (NFC) - Near-field communication (NFC) is a short-range wireless connectivity technology that uses magnetic field induction to enable communication between devices when they're touched together or brought within a few centimeters of each other.
  • Nessus - Nessus is a platform developed by Tenable that scans for security vulnerabilities in devices, applications, operating systems, cloud services and other network resources.
  • network intrusion protection system (NIPS) - A network intrusion protection system (NIPS) is an umbrella term for a combination of hardware and software systems that protect computer networks from unauthorized access and malicious activity.
  • network scanning - Network scanning is a procedure for identifying active devices on a network by employing a feature or features in the network protocol to signal to devices and await a response.
  • network vulnerability scanning - Network vulnerability scanning is the process of inspecting and reporting potential vulnerabilities and security loopholes on a computer, network, web application or other device, including firewalls, switches, routers and wireless access points.
  • Nimda - First appearing on September 18, 2001, Nimda is a computer virus that caused traffic slowdowns as it rippled across the internet.
  • nonrepudiation - Nonrepudiation ensures that no party can deny that it sent or received a message via encryption and/or digital signatures or approved some information.
  • obfuscation - Obfuscation means to make something difficult to understand.
  • offensive security - Offensive security is the practice of actively seeking out vulnerabilities in an organization's cybersecurity.
  • one-time pad - In cryptography, a one-time pad is a system in which a randomly generated private key is used only once to encrypt a message that is then decrypted by the receiver using a matching one-time pad and key.
  • Open System Authentication (OSA) - Open System Authentication (OSA) is a process by which a computer could gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol.
  • out-of-band patch - An out-of-band patch is a patch released at some time other than the normal release time.
  • parameter tampering - Parameter tampering is a type of web-based cyber attack in which certain parameters in a URL are changed without a user's authorization.
  • passive attack - A passive attack is a network attack in which a system is monitored and sometimes scanned for open ports and vulnerabilities.
  • passive reconnaissance - Passive reconnaissance is an attempt to gain information about targeted computers and networks without actively engaging with the systems.
  • passphrase - A passphrase is a sentencelike string of words used for authentication that is longer than a traditional password, easy to remember and difficult to crack.
  • password - A password is a string of characters used to verify the identity of a user during the authentication process.
  • password cracking - Password cracking is the process of using an application program to identify an unknown or forgotten password to a computer or network resource.
  • password salting - Password salting is a technique to protect passwords stored in databases by adding a string of 32 or more characters and then hashing them.
  • Patch Tuesday - Patch Tuesday is the unofficial name of Microsoft's monthly scheduled release of security fixes for the Windows operating system (OS) and other Microsoft software.
  • Pegasus malware - Pegasus malware is spyware that can hack any iOS or Android device and steal a variety of data from the infected device, including text messages, emails, key logs, audio and information from installed applications, such as Facebook or Instagram.
  • pen testing (penetration testing) - A penetration test, also called a pen test or ethical hacking, is a cybersecurity technique that organizations use to identify, test and highlight vulnerabilities in their security posture.
  • pharming - Pharming is a scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent websites without their knowledge or consent.
  • phishing - Phishing is a fraudulent practice in which an attacker masquerades as a reputable entity or person in an email or other form of communication.
  • phishing kit - A phishing kit is a collection of tools assembled to make it easier for people with little technical skill to launch a phishing exploit.
  • physical security - Physical security is the protection of personnel, hardware, software, networks and data from physical actions and events that could cause serious loss or damage to an enterprise, agency or institution.
  • ping sweep (ICMP sweep) - A ping sweep (also known as an ICMP sweep) is a basic network scanning technique used to determine which of a range of IP addresses map to live hosts (computers).
  • PKI (public key infrastructure) - PKI (public key infrastructure) is the underlying framework that enables entities -- users and servers -- to securely exchange information using digital certificates.
  • plaintext - In cryptography, plaintext is usually ordinary readable text before it is encrypted into ciphertext or after it is decrypted.
  • Plundervolt - Plundervolt is the name of an undervolting attack that targeted Intel central processing units (CPUs).
  • polymorphic virus - A polymorphic virus is a harmful, destructive or intrusive type of malware that can change or 'morph,' making it difficult to detect with antimalware programs.
  • POODLE Attack - The POODLE attack, also known as CVE-2014-3566, is an exploit used to steal information from secure connections, including cookies, passwords and any of the other type of browser data that gets encrypted as a result of the secure sockets layer (SSL) protocol.
  • Presidential Policy Directive 21 (PPD-21) - Presidential Policy Directive 21 (PPD-21) is an infrastructure protection and resilience directive in the United States that aims to strengthen and secure the country's critical infrastructure.
  • Pretty Good Privacy (PGP) - Pretty Good Privacy or PGP was a popular program used to encrypt and decrypt email over the internet, as well as authenticate messages with digital signatures and encrypted stored files.
  • principle of least privilege (POLP) - The principle of least privilege (POLP) is a concept in computer security that limits users' access rights to only what is strictly required to do their jobs.
  • Prisma - Prisma is a cloud security suite that provides four different services that use rule-based security policies and machine learning to protect cloud services.
  • private key - A private key, also known as a secret key, is a variable in cryptography that is used with an algorithm to encrypt and decrypt data.
  • Prometheus - Prometheus is an open source monitoring and alerting toolkit for microservices and containers that provides flexible queries and real-time notifications.
  • promiscuous mode - In computer networking, promiscuous mode is a mode of operation, as well as a security, monitoring and administration technique.
  • proxy hacking - Proxy hacking is a cyber attack technique designed to supplant an authentic webpage in a search engine's index and search results pages to drive traffic to an imitation site.
  • public key - In cryptography, a public key is a large numerical value that is used to encrypt data.
  • public key certificate - A public key certificate is a digitally signed document that serves to validate the sender's authorization and name.
  • Public-Key Cryptography Standards (PKCS) - Public-Key Cryptography Standards (PKCS) are a set of standard protocols, numbered from 1 to 15.
  • quantum supremacy - Quantum supremacy is the experimental demonstration of a quantum computer's dominance and advantage over classical computers by performing calculations previously impossible at unmatched speeds.
  • RADIUS (Remote Authentication Dial-In User Service) - RADIUS (Remote Authentication Dial-In User Service) is a client-server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service.
  • rainbow table - A rainbow table is a password hacking tool that uses a precomputed table of reversed password hashes to crack passwords in a database.
  • ransomware as a service (RaaS) - Ransomware as a service (RaaS) is a subscription-based business model that enables affiliates to launch ransomware attacks by accessing and using pre-developed ransomware tools.
  • ransomware recovery - Ransomware recovery is the process of resuming operations following a cyberattack that demands payment in exchange for unlocking encrypted data.
  • RAT (remote access Trojan) - A RAT (remote access Trojan) is malware an attacker uses to gain full administrative privileges and remote control of a target computer.
  • red teaming - Red teaming is the practice of rigorously challenging plans, policies, systems and assumptions by adopting an adversarial approach.
  • Rijndael - Rijndael (pronounced rain-dahl) is an Advanced Encryption Standard (AES) algorithm.
  • risk analysis - Risk analysis is the process of identifying and analyzing potential issues that could negatively impact key business initiatives or projects.
  • Risk Management Framework (RMF) - The Risk Management Framework (RMF) is a template and guideline used by companies to identify, eliminate and minimize risks.
  • risk management specialist - A risk management specialist is a role appointed within organizations to identify potential risks that might negatively affect the business.
  • risk-based vulnerability management (RBVM) - Risk-based vulnerability management (RBVM) is an approach to identifying and addressing security vulnerabilities in an organization's IT environment that prioritizes remediating vulnerabilities that pose the greatest risk.
  • rootkit - A rootkit is a program or a collection of malicious software tools that give a threat actor remote access to and control over a computer or other system.
  • RSA algorithm (Rivest-Shamir-Adleman) - The RSA algorithm (Rivest-Shamir-Adleman) is the basis of a cryptosystem -- a suite of cryptographic algorithms that are used for specific security services or purposes -- which enables public key encryption and is widely used to secure sensitive data, particularly when it is being sent over an insecure network, such as the internet.
  • sandbox - A sandbox is an isolated testing environment that enables users to run programs or open files without affecting the application, system or platform on which they run.
  • scareware - Scareware is a type of malware tactic used to manipulate victims into downloading or buying potentially malware-infested software.
  • script kiddie - Script kiddie is a derogative term that computer hackers coined to refer to immature, but often just as dangerous, exploiters of internet security weaknesses.
  • Secure Electronic Transaction (SET) - Secure Electronic Transaction (SET) is a system and electronic protocol to ensure the integrity and security of transactions conducted over the internet.
  • Secure Shell (SSH) - SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.
  • Security Assertion Markup Language (SAML) - Security Assertion Markup Language (SAML) is an open standard for sharing security information about identity, authentication and authorization across different systems.
  • security audit - A security audit is a systematic evaluation of the security of a company's information system by measuring how well it conforms to an established set of criteria.
  • security awareness training - Security awareness training is a strategic approach IT and security professionals take to educate employees and stakeholders on the importance of cybersecurity and data privacy.
  • security clearance - A security clearance is an authorization that allows access to information that would otherwise be forbidden.
  • security identifier (SID) - In the context of Windows computing and Microsoft Active Directory (AD), a security identifier (SID) is a unique value that is used to identify any security entity that the operating system (OS) can authenticate.
  • security incident - A security incident is an event that could indicate that an organization's systems or data have been compromised or that security measures put in place to protect them have failed.
  • security information management (SIM) - Security information management (SIM) is the practice of collecting, monitoring and analyzing security-related data from computer logs and various other data sources.
  • security operations center (SOC) - A security operations center (SOC) is a command center facility in which a team of information technology (IT) professionals with expertise in information security (infosec) monitors, analyzes and protects an organization from cyberattacks.
  • security policy - A security policy is a document that states in writing how a company plans to protect its physical and information technology (IT) assets.
  • security posture - Security posture refers to an organization's overall cybersecurity strength and how well it can predict, prevent and respond to ever-changing cyberthreats.
  • security theater - Security theater includes any measures taken by a company or security team to create an atmosphere of safety that may only achieve the appearance of heightened security.
  • security token - A security token is a physical or wireless device that provides two-factor authentication (2FA) for users to prove their identity in a login process.
  • Sender Policy Framework (SPF) - Sender Policy Framework (SPF) is a protocol designed to restrict who can use an organization's domain as the source of an email message.
  • SEO poisoning (search poisoning) - SEO poisoning, also known as 'search poisoning,' is a type of malicious advertising (malvertising) in which cybercriminals create malicious websites and then use search engine optimization (SEO) techniques to cause the sites' links to show up prominently in search results, often as ads at the top of the results.
  • session ID - A session ID, also called a session token, is a unique identifier that a web server assigns to a user for the duration of the current session.
  • session key - A session key is an encryption and decryption key that is randomly generated to ensure the security of a communications session between a user and another computer or between two computers.
  • shadow IT - Shadow IT is hardware or software within an enterprise that is not supported by the organization's central IT department.
  • shadow password file - A shadow password file, also known as /etc/shadow, is a system file in Linux that stores encrypted user passwords and is accessible only to the root user, preventing unauthorized users or malicious actors from breaking into the system.
  • shareware - Shareware is software that is distributed free on a trial basis with the understanding that the user may need or want to pay for it later.
  • shoulder surfing - Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information.
  • side-channel attack - A side-channel attack is a security exploit that aims to gather information from or influence the program execution of a system by measuring or exploiting indirect effects of the system or its hardware -- rather than targeting the program or its code directly.
  • SIGINT (signals intelligence) - SIGINT (signals intelligence) is information gained by the collection and analysis of the electronic signals and communications of a given target.
  • single sign-on (SSO) - Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials -- for example, a username and password -- to access multiple applications.
  • single-factor authentication (SFA) - Single-factor authentication (SFA) is a process for securing access to a given system, such as a network or website, that identifies the party requesting access through only one category of credentials.
  • smart card - A smart card is a physical card that has an embedded integrated chip that acts as a security token.
  • smart home - A smart home is a residence that uses internet-connected devices to enable the remote monitoring and management of appliances and systems, such as lighting and heating.
Networking
  • subnet (subnetwork)

    A subnet, or subnetwork, is a segmented piece of a larger network. More specifically, subnets are a logical partition of an IP ...

  • secure access service edge (SASE)

    Secure access service edge (SASE), pronounced sassy, is a cloud architecture model that bundles together network and cloud-native...

  • Transmission Control Protocol (TCP)

    Transmission Control Protocol (TCP) is a standard protocol on the internet that ensures the reliable transmission of data between...

Security
  • cyber attack

    A cyber attack is any malicious attempt to gain unauthorized access to a computer, computing system or computer network with the ...

  • digital signature

    A digital signature is a mathematical technique used to validate the authenticity and integrity of a digital document, message or...

  • What is security information and event management (SIEM)?

    Security information and event management (SIEM) is an approach to security management that combines security information ...

CIO
  • product development (new product development)

    Product development -- also called new product management -- is a series of steps that includes the conceptualization, design, ...

  • innovation culture

    Innovation culture is the work environment that leaders cultivate to nurture unorthodox thinking and its application.

  • technology addiction

    Technology addiction is an impulse control disorder that involves the obsessive use of mobile devices, the internet or video ...

HRSoftware
  • organizational network analysis (ONA)

    Organizational network analysis (ONA) is a quantitative method for modeling and analyzing how communications, information, ...

  • HireVue

    HireVue is an enterprise video interviewing technology provider of a platform that lets recruiters and hiring managers screen ...

  • Human Resource Certification Institute (HRCI)

    Human Resource Certification Institute (HRCI) is a U.S.-based credentialing organization offering certifications to HR ...

Customer Experience
  • contact center agent (call center agent)

    A contact center agent is a person who handles incoming or outgoing customer communications for an organization.

  • contact center management

    Contact center management is the process of overseeing contact center operations with the goal of providing an outstanding ...

  • digital marketing

    Digital marketing is the promotion and marketing of goods and services to consumers through digital channels and electronic ...

Close