Threat management

Terms related to security threats, including definitions about anti-virus programs or firewalls and words and phrases about malware, viruses, Trojans and other security attacks.
  • What is an attack vector? - An attack vector is a path or means by which an attacker or hacker can gain access to a computer or network server to deliver a payload or malicious outcome.
  • What is an intrusion detection system (IDS)? - An intrusion detection system monitors (IDS) network traffic for suspicious activity and sends alerts when such activity is discovered.
  • What is antimalware? - Antimalware is a software program created to protect IT systems and individual computers from malicious software, or malware.
  • What is application allowlisting? - Application allowlisting, previously known as 'application whitelisting,' is the practice of specifying an index of approved software applications or executable files that are permitted to be present and active on a computer system.
  • What is authentication, authorization and accounting (AAA)? - Authentication, authorization and accounting (AAA) is a security framework for controlling and tracking user access within a computer network.
  • What is biometric verification? - Biometric verification is any means by which a person can be uniquely identified by evaluating one or more distinguishing biological traits.
  • What is biometrics? - Biometrics is the measurement and statistical analysis of people's unique physical and behavioral characteristics.
  • What is BitLocker? - BitLocker Drive Encryption, or BitLocker, is a Microsoft Windows security and encryption feature included with certain Windows versions.
  • What is Blowfish? - Blowfish is a variable-length, symmetric, 64-bit block cipher.
  • What is cipher block chaining (CBC)? - Cipher block chaining (CBC) is a mode of operation for a block cipher -- one in which a sequence of bits are encrypted as a single unit, or block, with a cipher key applied to the entire block.
  • What is Common Vulnerabilities and Exposures (CVE)? - Common Vulnerabilities and Exposures (CVE) is a publicly listed catalog of known security threats.
  • What is cryptography? - Cryptography is a method of protecting information and communications using codes, so that only those for whom the information is intended can read and process it.
  • What is cryptology? - Cryptology is the mathematics, such as number theory and the application of formulas and algorithms, that underpin cryptography and cryptanalysis.
  • What is cyber attribution? - Cyber attribution is the process of tracking and identifying the perpetrator of a cyberattack or other cyber operation.
  • What is cyber hijacking? - Cyber hijacking, or computer hijacking, is a type of network security attack in which the threat actor takes control of computer systems, software programs and network communications.
  • What is cyber insurance, and why is it important? - Cyber insurance, also called cyber liability insurance or cybersecurity insurance, is a contract a business or other organization can purchase to reduce the financial risks associated with doing business online.
  • What is cybercrime and how can you prevent it? - Cybercrime is any criminal activity that involves a computer, network or networked device.
  • What is cybersecurity? - Cybersecurity is the practice of protecting internet-connected systems such as hardware, software and data from cyberthreats.
  • What is cyberstalking and how to prevent it? - Cyberstalking is a crime in which someone harasses or stalks a victim using electronic or digital means, such as social media, email, instant messaging (IM) or messages posted to a discussion group or forum.
  • What is Data Encryption Standard (DES)? - Data Encryption Standard (DES) is an outdated symmetric key method of data encryption.
  • What is data poisoning (AI poisoning) and how does it work? - Data or AI poisoning attacks are deliberate attempts to manipulate the training data of artificial intelligence and machine learning models to corrupt their behavior and elicit skewed, biased or harmful outputs.
  • What is domain generation algorithm (DGA)? - A domain generation algorithm (DGA) is a program that generates a large list of domain names.
  • What is elliptical curve cryptography (ECC)? - Elliptical curve cryptography (ECC) is a public key encryption technique based on elliptic curve theory that can be used to create faster, smaller and more efficient cryptographic keys.
  • What is email spam and how to fight it? - Email spam, also known as 'junk email,' refers to unsolicited email messages, usually sent in bulk to a large list of recipients.
  • What is email spoofing? - Email spoofing is a form of cyber attack in which a hacker sends an email that has been manipulated to seem as if it originated from a trusted source.
  • What is endpoint detection and response (EDR)? - Endpoint detection and response (EDR) is a system that gathers and analyzes security threat-related information from computer workstations and other endpoints.
  • What is exposure management? - Exposure management is a cybersecurity approach to protecting exploitable IT assets.
  • What is extended detection and response (XDR)? - Extended detection and response (XDR) is a technology-driven cybersecurity process designed to help organizations detect and remediate security threats across their entire IT environment.
  • What is federated identity management (FIM)? How does it work? - Federated identity management (FIM) is an arrangement between multiple enterprises or domains that enables their users to use the same identification data (digital identity) to access all their networks.
  • What is Group Policy Object (GPO) and why is it important? - Microsoft’s Group Policy Object (GPO) is a collection of Group Policy settings that defines what a system will look like and how it will behave for a defined group of users.
  • What is hacktivism? - Hacktivism is the act of misusing a computer system or network for a socially or politically motivated reason.
  • What is incident response? A complete guide - Incident response is an organized, strategic approach to detecting and managing cyberattacks in ways that minimize damage, recovery time and total costs.
  • What is Internet Key Exchange (IKE)? - Internet Key Exchange (IKE) is a standard protocol used to set up a secure and authenticated communication channel between two parties via a virtual private network (VPN).
  • What is IPsec (Internet Protocol Security)? - IPsec (Internet Protocol Security) is a suite of protocols and algorithms for securing data transmitted over the internet or any public network.
  • What is ISO 27001? - ISO 27001, formally known as ISO/IEC 27001:2022, is an information security standard jointly created by the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC).
  • What is Kerberos and how does it work? - Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet.
  • What is machine identity management? - Machine identity management focuses on the machines connected to and accessing resources on a network.
  • What is malware? Prevention, detection and how attacks work - Malware, or malicious software, is any program or file that's intentionally harmful to a computer, network or server.
  • What is multifactor authentication? - Multifactor authentication (MFA) is an IT security technology that requires multiple sources of unique information from independent categories of credentials to verify a user's identity for a login or other transaction.
  • What is MXDR, and do you need it? - Managed extended detection and response (MXDR) is an outsourced service that collects and analyzes threat data from across an organization's IT environment.
  • What is network detection and response (NDR)? - Network detection and response (NDR) technology continuously scrutinizes network traffic to identify suspicious activity and potentially disrupt an attack.
  • What is network scanning? How to, types and best practices - Network scanning is a procedure for identifying active devices on a network by employing a feature or features in the network protocol to signal to devices and await a response.
  • What is obfuscation and how does it work? - Obfuscation means to make something difficult to understand.
  • What is password cracking? - Password cracking is the process of using an application program to identify an unknown or forgotten password that allows access to a computer or network resource.
  • What is PCI DSS (Payment Card Industry Data Security Standard)? - The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information.
  • What is pharming? - Pharming is a scamming practice in which malicious code is installed on a PC or server, misdirecting users to fraudulent websites without their knowledge or consent.
  • What is physical security and how does it work? - Physical security protects personnel, hardware, software, networks, facilities and data from physical actions and events that could cause serious loss or damage to an enterprise, agency or institution.
  • What is PKI (public key infrastructure)? - PKI (public key infrastructure) is the underlying framework that enables the secure exchange of information over the internet using digital certificates and public key encryption.
  • What is promiscuous mode in networking? - In computer networking, promiscuous mode is a mode of operation in which a network device, such as a network interface card (NIC) or an adapter on a host system, can intercept and read in its entirety each network packet that arrives instead of just the packets addressed to the host.
  • What is ransomware? How it works and how to remove it - Ransomware is a type of malware that locks and encrypts a victim's data, files, devices or systems, rendering them inaccessible and unusable until the attacker receives a ransom payment.
  • What is red teaming? - Red teaming is the practice of rigorously challenging plans, policies, systems and assumptions with an adversarial approach.
  • What is SAML (Security Assertion Markup Language)? - Security Assertion Markup Language (SAML) is an open standard for sharing security information about identity, authentication and authorization across different systems.
  • What is SecOps? Everything you need to know - SecOps, formed from a combination of security and IT operations staff, is a highly skilled team focused on monitoring and assessing risk and protecting corporate assets, often operating from a security operations center, or SOC.
  • What is security by design? - Security by design is an approach to software and hardware development that seeks to make systems as free of vulnerabilities and impervious to attack as possible through such measures as continuous testing, authentication safeguards and adherence to best programming practices.
  • What is spyware? - Spyware is a type of malicious software (malware) that is installed on a computing device without the end user's knowledge.
  • What is SSH (Secure Shell) and How Does It Work? - SSH (Secure Shell or Secure Socket Shell) is a network protocol that gives users -- particularly systems administrators -- a secure way to access a computer over an unsecured network.
  • What is tailgating (piggybacking)? - Tailgating, sometimes referred to as piggybacking, is a type of physical security breach in which an unauthorized person follows an authorized individual to enter secured premises while avoiding detection by an electronic or human access control (or alarm) system.
  • What is the CIA triad (confidentiality, integrity and availability)? - The CIA triad refers to confidentiality, integrity and availability, describing a model designed to guide policies for information security within an organization.
  • What is the Coalition for Secure AI (CoSAI)? - Coalition for Secure AI (CoSAI) is an open source initiative to enhance artificial intelligence's security.
  • What is the Nessus vulnerability scanning platform? - Nessus is a platform developed by Tenable that scans for security vulnerabilities in devices, applications, operating systems, cloud services and other network resources.
  • What is the NSA and how does it work? - The National Security Agency (NSA) is a federal government surveillance and intelligence agency that's part of the U.
  • What is the RSA algorithm? - The RSA algorithm (Rivest-Shamir-Adleman) is a public key cryptosystem that uses a pair of keys for securing digital communication and transactions over insecure networks, such as the internet.
  • What is the Twofish encryption algorithm? - Twofish is a symmetric-key block cipher with a block size of 128 bits and variable-length key of size 128, 192 or 256 bits.
  • What is threat detection and response (TDR)? Complete guide - Threat detection and response (TDR) is the process of recognizing potential cyberthreats and reacting to them before harm can be done to an organization.
  • What is threat intelligence? - Threat intelligence, also known as cyberthreat intelligence, is information gathered from a range of sources about current or potential attacks against an organization.
  • What is threat modeling? - Threat modeling is the systematic process of identifying threats to and vulnerabilities in software applications, and then defining countermeasures to mitigate those threats and vulnerabilities to better protect business processes, networks, systems and data.
  • What is Transport Layer Security (TLS)? - Transport Layer Security (TLS) is an Internet Engineering Task Force (IETF) standard protocol that provides authentication, privacy and data integrity between two communicating computer applications.
  • What is two-factor authentication (2FA)? - Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication, is a security process in which users provide two different authentication factors to verify themselves.
  • What is unified threat management (UTM)? - Unified threat management (UTM) is an information security system that provides a single point of protection against cyberthreats, including viruses, worms, spyware and other malware, as well as network attacks.
  • What is user behavior analytics (UBA)? - User behavior analytics (UBA) is the tracking, collecting and assessing of user data and activities using monitoring systems.
  • white hat hacker - A white hat hacker -- or ethical hacker -- is an individual who uses hacking skills to identify security vulnerabilities in hardware, software or networks.
  • Wi-Fi (802.11x standard) - Wi-Fi is a term for certain types of wireless local area networks (WLAN) that use specifications in the IEEE 802.
  • Wi-Fi Protected Access (WPA) - Wi-Fi Protected Access (WPA) is a security standard for computing devices equipped with wireless internet connections.
  • Wiegand - Wiegand is the trade name for a technology used in card readers and sensors, particularly for access control applications.
  • Windows Defender Exploit Guard - Microsoft Windows Defender Exploit Guard is antimalware software that provides intrusion protection for Windows 10 OS users.
  • Wired Equivalent Privacy (WEP) - Wired Equivalent Privacy (WEP) is a security protocol, specified in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.
  • Wireless Transport Layer Security (WTLS) - Wireless Transport Layer Security (WTLS) is a security level for the Wireless Application Protocol (WAP), specifically for the applications that use WAP.
  • wiretapping - Wiretapping is the surreptitious electronic monitoring and interception of phone-, fax- or internet-based communications.
  • zero-day vulnerability - A zero-day vulnerability is a security loophole in software, hardware or firmware that threat actors exploit before the vendors can identify and patch it.