Threat management

Terms related to security threats, including definitions about anti-virus programs or firewalls and words and phrases about malware, viruses, Trojans and other security attacks.
  • offensive security - Offensive security is the practice of actively seeking out vulnerabilities in an organization's cybersecurity.
  • one-time pad - In cryptography, a one-time pad is a system in which a randomly generated private key is used only once to encrypt a message that is then decrypted by the receiver using a matching one-time pad and key.
  • Open System Authentication (OSA) - Open System Authentication (OSA) is a process by which a computer could gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol.
  • out-of-band patch - An out-of-band patch is a patch released at some time other than the normal release time.
  • parameter tampering - Parameter tampering is a type of web-based cyber attack in which certain parameters in a URL are changed without a user's authorization.
  • passive attack - A passive attack is a network attack in which a system is monitored and sometimes scanned for open ports and vulnerabilities.
  • passive reconnaissance - Passive reconnaissance is an attempt to gain information about targeted computers and networks without actively engaging with the systems.
  • passphrase - A passphrase is a sentencelike string of words used for authentication that is longer than a traditional password, easy to remember and difficult to crack.
  • password - A password is a string of characters used to verify the identity of a user during the authentication process.
  • password cracking - Password cracking is the process of using an application program to identify an unknown or forgotten password to a computer or network resource.
  • password salting - Password salting is a technique to protect passwords stored in databases by adding a string of 32 or more characters and then hashing them.
  • Patch Tuesday - Patch Tuesday is the unofficial name of Microsoft's monthly scheduled release of security fixes for the Windows operating system (OS) and other Microsoft software.
  • Pegasus malware - Pegasus malware is spyware that can hack any iOS or Android device and steal a variety of data from the infected device, including text messages, emails, key logs, audio and information from installed applications, such as Facebook or Instagram.
  • pen testing (penetration testing) - A penetration test, also called a pen test or ethical hacking, is a cybersecurity technique that organizations use to identify, test and highlight vulnerabilities in their security posture.
  • pharming - Pharming is a scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent websites without their knowledge or consent.
  • phishing - Phishing is a fraudulent practice in which an attacker masquerades as a reputable entity or person in an email or other form of communication.
  • phishing kit - A phishing kit is a collection of tools assembled to make it easier for people with little technical skill to launch a phishing exploit.
  • physical security - Physical security is the protection of personnel, hardware, software, networks and data from physical actions and events that could cause serious loss or damage to an enterprise, agency or institution.
  • ping sweep (ICMP sweep) - A ping sweep (also known as an ICMP sweep) is a basic network scanning technique used to determine which of a range of IP addresses map to live hosts (computers).
  • PKI (public key infrastructure) - PKI (public key infrastructure) is the underlying framework that enables entities -- users and servers -- to securely exchange information using digital certificates.
  • plaintext - In cryptography, plaintext is usually ordinary readable text before it is encrypted into ciphertext or after it is decrypted.
  • Plundervolt - Plundervolt is the name of an undervolting attack that targeted Intel central processing units (CPUs).
  • polymorphic virus - A polymorphic virus is a harmful, destructive or intrusive type of malware that can change or 'morph,' making it difficult to detect with antimalware programs.
  • POODLE Attack - The POODLE attack, also known as CVE-2014-3566, is an exploit used to steal information from secure connections, including cookies, passwords and any of the other type of browser data that gets encrypted as a result of the secure sockets layer (SSL) protocol.
  • Presidential Policy Directive 21 (PPD-21) - Presidential Policy Directive 21 (PPD-21) is an infrastructure protection and resilience directive in the United States that aims to strengthen and secure the country's critical infrastructure.
  • Pretty Good Privacy (PGP) - Pretty Good Privacy or PGP was a popular program used to encrypt and decrypt email over the internet, as well as authenticate messages with digital signatures and encrypted stored files.
  • principle of least privilege (POLP) - The principle of least privilege (POLP) is a concept in computer security that limits users' access rights to only what is strictly required to do their jobs.
  • Prisma - Prisma is a cloud security suite that provides four different services that use rule-based security policies and machine learning to protect cloud services.
  • private key - A private key, also known as a secret key, is a variable in cryptography that is used with an algorithm to encrypt and decrypt data.
  • Prometheus - Prometheus is an open source monitoring and alerting toolkit for microservices and containers that provides flexible queries and real-time notifications.
  • promiscuous mode - In computer networking, promiscuous mode is a mode of operation, as well as a security, monitoring and administration technique.
  • proxy hacking - Proxy hacking is a cyber attack technique designed to supplant an authentic webpage in a search engine's index and search results pages to drive traffic to an imitation site.
  • public key - In cryptography, a public key is a large numerical value that is used to encrypt data.
  • public key certificate - A public key certificate is a digitally signed document that serves to validate the sender's authorization and name.
  • Public-Key Cryptography Standards (PKCS) - Public-Key Cryptography Standards (PKCS) are a set of standard protocols, numbered from 1 to 15.
  • quantum supremacy - Quantum supremacy is the experimental demonstration of a quantum computer's dominance and advantage over classical computers by performing calculations previously impossible at unmatched speeds.
  • RADIUS (Remote Authentication Dial-In User Service) - RADIUS (Remote Authentication Dial-In User Service) is a client-server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service.
  • rainbow table - A rainbow table is a password hacking tool that uses a precomputed table of reversed password hashes to crack passwords in a database.
  • ransomware as a service (RaaS) - Ransomware as a service (RaaS) is a subscription-based business model that enables affiliates to launch ransomware attacks by accessing and using pre-developed ransomware tools.
  • ransomware recovery - Ransomware recovery is the process of resuming operations following a cyberattack that demands payment in exchange for unlocking encrypted data.
  • RAT (remote access Trojan) - A RAT (remote access Trojan) is malware an attacker uses to gain full administrative privileges and remote control of a target computer.
  • red teaming - Red teaming is the practice of rigorously challenging plans, policies, systems and assumptions by adopting an adversarial approach.
  • Rijndael - Rijndael (pronounced rain-dahl) is an Advanced Encryption Standard (AES) algorithm.
  • risk analysis - Risk analysis is the process of identifying and analyzing potential issues that could negatively impact key business initiatives or projects.
  • Risk Management Framework (RMF) - The Risk Management Framework (RMF) is a template and guideline used by companies to identify, eliminate and minimize risks.
  • risk management specialist - A risk management specialist is a role appointed within organizations to identify potential risks that might negatively affect the business.
  • risk-based vulnerability management (RBVM) - Risk-based vulnerability management (RBVM) is an approach to identifying and addressing security vulnerabilities in an organization's IT environment that prioritizes remediating vulnerabilities that pose the greatest risk.
  • rootkit - A rootkit is a program or a collection of malicious software tools that give a threat actor remote access to and control over a computer or other system.
  • RSA algorithm (Rivest-Shamir-Adleman) - The RSA algorithm (Rivest-Shamir-Adleman) is the basis of a cryptosystem -- a suite of cryptographic algorithms that are used for specific security services or purposes -- which enables public key encryption and is widely used to secure sensitive data, particularly when it is being sent over an insecure network, such as the internet.
  • sandbox - A sandbox is an isolated testing environment that enables users to run programs or open files without affecting the application, system or platform on which they run.
  • scareware - Scareware is a type of malware tactic used to manipulate victims into downloading or buying potentially malware-infested software.
  • script kiddie - Script kiddie is a derogative term that computer hackers coined to refer to immature, but often just as dangerous, exploiters of internet security weaknesses.
  • Secure Electronic Transaction (SET) - Secure Electronic Transaction (SET) is a system and electronic protocol to ensure the integrity and security of transactions conducted over the internet.
  • Security Assertion Markup Language (SAML) - Security Assertion Markup Language (SAML) is an open standard for sharing security information about identity, authentication and authorization across different systems.
  • security audit - A security audit is a systematic evaluation of the security of a company's information system by measuring how well it conforms to an established set of criteria.
  • security awareness training - Security awareness training is a strategic approach IT and security professionals take to educate employees and stakeholders on the importance of cybersecurity and data privacy.
  • security clearance - A security clearance is an authorization that allows access to information that would otherwise be forbidden.
  • security identifier (SID) - In the context of Windows computing and Microsoft Active Directory (AD), a security identifier (SID) is a unique value that is used to identify any security entity that the operating system (OS) can authenticate.
  • security incident - A security incident is an event that could indicate that an organization's systems or data have been compromised or that security measures put in place to protect them have failed.
  • security information management (SIM) - Security information management (SIM) is the practice of collecting, monitoring and analyzing security-related data from computer logs and various other data sources.
  • security operations center (SOC) - A security operations center (SOC) is a command center facility in which a team of information technology (IT) professionals with expertise in information security (infosec) monitors, analyzes and protects an organization from cyberattacks.
  • security policy - A security policy is a document that states in writing how a company plans to protect its physical and information technology (IT) assets.
  • security posture - Security posture refers to an organization's overall cybersecurity strength and how well it can predict, prevent and respond to ever-changing cyberthreats.
  • security theater - Security theater includes any measures taken by a company or security team to create an atmosphere of safety that may only achieve the appearance of heightened security.
  • security token - A security token is a physical or wireless device that provides two-factor authentication (2FA) for users to prove their identity in a login process.
  • Sender Policy Framework (SPF) - Sender Policy Framework (SPF) is a protocol designed to restrict who can use an organization's domain as the source of an email message.
  • SEO poisoning (search poisoning) - SEO poisoning, also known as 'search poisoning,' is a type of malicious advertising (malvertising) in which cybercriminals create malicious websites and then use search engine optimization (SEO) techniques to cause the sites' links to show up prominently in search results, often as ads at the top of the results.
  • session ID - A session ID, also called a session token, is a unique identifier that a web server assigns to a user for the duration of the current session.
  • session key - A session key is an encryption and decryption key that is randomly generated to ensure the security of a communications session between a user and another computer or between two computers.
  • shadow IT - Shadow IT is hardware or software within an enterprise that is not supported by the organization's central IT department.
  • shadow password file - A shadow password file, also known as /etc/shadow, is a system file in Linux that stores encrypted user passwords and is accessible only to the root user, preventing unauthorized users or malicious actors from breaking into the system.
  • shareware - Shareware is software that is distributed free on a trial basis with the understanding that the user may need or want to pay for it later.
  • shoulder surfing - Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information.
  • side-channel attack - A side-channel attack is a security exploit that aims to gather information from or influence the program execution of a system by measuring or exploiting indirect effects of the system or its hardware -- rather than targeting the program or its code directly.
  • SIGINT (signals intelligence) - SIGINT (signals intelligence) is information gained by the collection and analysis of the electronic signals and communications of a given target.
  • single sign-on (SSO) - Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials -- for example, a username and password -- to access multiple applications.
  • single-factor authentication (SFA) - Single-factor authentication (SFA) is a process for securing access to a given system, such as a network or website, that identifies the party requesting access through only one category of credentials.
  • smart card - A smart card is a physical card that has an embedded integrated chip that acts as a security token.
  • smart home - A smart home is a residence that uses internet-connected devices to enable the remote monitoring and management of appliances and systems, such as lighting and heating.
  • SMS spam (cell phone spam or short messaging service spam) - SMS spam (sometimes called cell phone spam) is any junk message delivered to a mobile phone as text messaging through the Short Message Service (SMS).
  • snooping - Snooping, in a security context, is unauthorized access to another person's or company's data.
  • Snort - Snort is an open source network intrusion detection system (NIDS) created by Sourcefire founder and former CTO Martin Roesch.
  • SOAR (security orchestration, automation and response) - SOAR (security orchestration, automation and response) is a stack of compatible software programs that enables an organization to collect data about security threats and respond to security events with little or no human assistance.
  • social engineering - Social engineering is an attack vector that relies heavily on human interaction and often involves manipulating people into breaking normal security procedures and best practices to gain unauthorized access to systems, networks or physical locations or for financial gain.
  • social engineering penetration testing - Social engineering penetration testing is the practice of deliberately conducting typical social engineering scams on employees to ascertain the organization's level of vulnerability to this type of exploit.
  • spambot - A spambot is an automated system that sends unwanted, unsolicited messages to users, known as spam.
  • spear phishing - Spear phishing is a malicious email spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information.
  • spyware - Spyware is a type of malicious software -- or malware -- that is installed on a computing device without the end user's knowledge.
  • SS7 attack - An SS7 attack is a security exploit that takes advantage of a weakness in the design of SS7 (Signaling System 7) to enable data theft, eavesdropping, text interception and location tracking.
  • stack overflow - A stack overflow is a type of buffer overflow error that occurs when a computer program tries to use more memory space in the call stack than has been allocated to that stack.
  • stateful inspection - Stateful inspection, also known as dynamic packet filtering, is a firewall technology that monitors the state of active connections and uses this information to determine which network packets to allow through the firewall.
  • stealth virus - A stealth virus is a computer virus that uses various mechanisms to avoid detection by antivirus software.
  • storage security - Storage security is the group of parameters and settings that make storage resources available to authorized users and trusted networks and unavailable to other entities.
  • stream cipher - A stream cipher is a method of encrypting text (to produce ciphertext) in which a cryptographic key and algorithm are applied to each binary digit in a data stream, one bit at a time.
  • strong password - A strong password is one that is designed to be hard for a person or program to guess.
  • Structured Threat Information eXpression (STIX) - Structured Threat Information eXpression (STIX) is a standardized Extensible Markup Language (XML) programming language for conveying data about cybersecurity threats in a way that can be easily understood by both humans and security technologies.
  • supply chain attack - A supply chain attack is a type of cyber attack that targets organizations by focusing on weaker links in an organization's supply chain.
  • supply chain security - Supply chain security is the part of supply chain management that focuses on the risk management of external suppliers, vendors, logistics and transportation.
  • SYN flood attack - A SYN flood attack is a type of denial-of-service (DoS) attack on a computer server.
  • SYN scanning - SYN scanning is a tactic that a malicious hacker can use to determine the state of a communications port without establishing a full connection.