Threat management

Terms related to security threats, including definitions about anti-virus programs or firewalls and words and phrases about malware, viruses, Trojans and other security attacks.
  • threat actor - A threat actor, also called a malicious actor or bad actor, is an entity that is partially or wholly responsible for an incident that affects -- or has the potential to affect -- an organization's security.
  • threat modeling - Threat modeling is a procedure for optimizing application, system or business process security by identifying objectives and vulnerabilities, and then defining countermeasures to prevent or mitigate the effects of threats to the system.
  • timing attack - A timing attack is a type of side-channel attack that exploits the amount of time a computer process runs to gain knowledge about or access a system.
  • token - In general, a token is an object that represents something else, such as another object (either physical or virtual), or an abstract concept as, for example, a gift is sometimes referred to as a token of the giver's esteem for the recipient.
  • tokenization - Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.
  • Top 10 spyware threats - The top 10 spyware list describes the 10 common spyware threats behind famous spyware attacks and is frequently identified by Webroot's Spy Audit, a free spyware scanner tool.
  • Tor browser - The Tor (the onion routing) browser is a web browser designed for anonymous web surfing and protection against traffic analysis.
  • Transport Layer Security (TLS) - Transport Layer Security (TLS) is an Internet Engineering Task Force (IETF) standard protocol that provides authentication, privacy and data integrity between two communicating computer applications.
  • TrickBot malware - TrickBot is sophisticated modular malware that started as a banking Trojan but has evolved to support many different types of attacks, including ransomware.
  • Trojan horse - In computing, a Trojan horse is a program downloaded and installed on a computer that appears harmless, but is, in fact, malicious.
  • trusted computing base (TCB) - A trusted computing base (TCB) is everything in a computing system that provides a secure environment for operations.
  • Trusted Platform Module (TPM) - A Trusted Platform Module (TPM) is a specialized chip on a device designed to secure hardware with cryptographic keys.
  • tunneling or port forwarding - Tunneling or port forwarding is the transmission of data intended for use only within a private -- usually corporate -- network through a public network in such a way that the public network's routing nodes are unaware that the transmission is part of a private network.
  • Twofish - Twofish is a symmetric-key block cipher with a block size of 128 bits and variable-length key of size 128, 192 or 256 bits.
  • USB Killer - USB Killer is a device that connects to USB drives and delivers a surge which can damage or destroy unprotected hardware.
  • virtual local area network hopping (VLAN hopping) - Virtual local area network hopping (VLAN hopping) is a method of attacking the network resources of a VLAN by sending packets to a port not usually accessible from an end system.
  • virtual machine escape - A virtual machine escape is an exploit in which an attacker runs code on a VM that lets the operating system (OS) running within it break out and interact directly with the hypervisor.
  • virus (computer virus) - A computer virus is a type of malware that attaches itself to a program or file.
  • virus hoax - A virus hoax is a false warning about a computer virus.
  • virus signature (virus definition) - A virus signature, also known as a 'virus definition,' is a piece of code with a unique binary pattern that identifies a computer virus or family of viruses.
  • vishing (voice or VoIP phishing) - Vishing (voice or VoIP phishing) is a type of cyber attack that uses voice and telephony technologies to trick targeted individuals into revealing sensitive data to unauthorized entities.
  • voice squatting - Voice squatting is an attack vector for voice user interfaces, or VUIs, that exploits homonyms -- words that sound the same, but are spelled differently -- and input errors -- words that are mispronounced.
  • vulnerability assessment - A vulnerability assessment is the process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructures.
  • vulnerability disclosure - Vulnerability disclosure is the practice of reporting security flaws in computer software or hardware.
  • vulnerability management - Vulnerability management is the process of identifying, assessing, remediating and mitigating security vulnerabilities in software and computer systems.
  • WannaCry ransomware - WannaCry ransomware is a cyber attack that spreads by exploiting vulnerabilities in the Windows operating system.
  • war driving (access point mapping) - War driving, also called access point mapping, is the act of locating and possibly exploiting connections to wireless local area networks (WLANs) while driving around a city or elsewhere.
  • watering hole attack - A watering hole attack is a security exploit in which the attacker seeks to compromise a specific group of end users by infecting websites that members of the group are known to visit.
  • Web bug (Web beacon) - A Web bug, also known as a Web beacon, is a file object (usually a graphic image such as a transparent GIF) that is placed on a Web page or in an e-mail message to monitor user behavior.
  • What is a computer exploit? - A computer exploit, or exploit, is a program or piece of code developed to take advantage of a vulnerability in a computer or network system.
  • What is a cyber attack? How they work and how to stop them - A cyber attack is any malicious attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage.
  • What is a micro VM (micro virtual machine)? - A micro VM (micro virtual machine) is a virtual machine program that serves to isolate an untrusted computing operation from a computer's host operating system.
  • What is a potentially unwanted program (PUP)? - A potentially unwanted program (PUP) is a program that may be unwanted, despite the possibility that users consented to download it.
  • What is a private cloud? - Private cloud is a type of cloud computing that delivers similar advantages to public cloud, including scalability and self-service, but through a proprietary architecture.
  • What is a threat intelligence feed? - A threat intelligence feed, also known as a TI feed, is an ongoing stream of data related to potential or current threats to an organization's security.
  • What is a whaling attack (whaling phishing)? - A whaling attack, also known as 'whaling phishing' or a 'whaling phishing attack,' is a specific type of phishing attack that targets high-profile employees, such as the chief executive officer (CEO) or chief financial officer, to steal sensitive information from a company.
  • What is AI red teaming? - AI red teaming is the practice of simulating attack scenarios on an artificial intelligence application to pinpoint weaknesses and plan preventative measures.
  • What is an intrusion detection system (IDS)? - An intrusion detection system monitors (IDS) network traffic for suspicious activity and sends alerts when such activity is discovered.
  • What is authentication, authorization and accounting (AAA)? - Authentication, authorization and accounting (AAA) is a security framework for controlling and tracking user access within a computer network.
  • What is BitLocker? - BitLocker Drive Encryption, or BitLocker, is a Microsoft Windows security and encryption feature.
  • What is Common Vulnerabilities and Exposures (CVE)? - Common Vulnerabilities and Exposures (CVE) is a publicly listed catalog of known security threats.
  • What is cryptography? - Cryptography is a method of protecting information and communications using codes, so that only those for whom the information is intended can read and process it.
  • What is cyber attribution? - Cyber attribution is the process of tracking and identifying the perpetrator of a cyberattack or other cyber operation.
  • What is cybercrime and how can you prevent it? - Cybercrime is any criminal activity that involves a computer, network or networked device.
  • What is Data Encryption Standard (DES)? - Data Encryption Standard (DES) is an outdated symmetric key method of data encryption.
  • What is data poisoning (AI poisoning) and how does it work? - Data or AI poisoning attacks are deliberate attempts to manipulate the training data of artificial intelligence and machine learning models to corrupt their behavior and elicit skewed, biased or harmful outputs.
  • What is email spam and how to fight it? - Email spam, also known as 'junk email,' refers to unsolicited email messages, usually sent in bulk to a large list of recipients.
  • What is endpoint detection and response (EDR)? - Endpoint detection and response (EDR) is a system that gathers and analyzes security threat-related information from computer workstations and other endpoints.
  • What is exposure management? - Exposure management is a cybersecurity approach to protecting exploitable IT assets.
  • What is extended detection and response (XDR)? - Extended detection and response (XDR) is a technology-driven cybersecurity process designed to help organizations detect and remediate security threats across their entire IT environment.
  • What is Group Policy Object (GPO) and why is it important? - Microsoft’s Group Policy Object (GPO) is a collection of Group Policy settings that defines what a system will look like and how it will behave for a defined group of users.
  • What is incident response? A complete guide - Incident response is an organized, strategic approach to detecting and managing cyberattacks in ways that minimize damage, recovery time and total costs.
  • What is machine identity management? - Machine identity management focuses on the machines connected to and accessing resources on a network.
  • What is malware? Prevention, detection and how attacks work - Malware, or malicious software, is any program or file that's intentionally harmful to a computer, network or server.
  • What is MXDR, and do you need it? - Managed extended detection and response (MXDR) is an outsourced service that collects and analyzes threat data from across an organization's IT environment.
  • What is network detection and response (NDR)? - Network detection and response (NDR) technology continuously scrutinizes network traffic to identify suspicious activity and potentially disrupt an attack.
  • What is network scanning? How to, types and best practices - Network scanning is a procedure for identifying active devices on a network by employing a feature or features in the network protocol to signal to devices and await a response.
  • What is PCI DSS (Payment Card Industry Data Security Standard)? - The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information.
  • What is ransomware? How it works and how to remove it - Ransomware is a type of malware that locks and encrypts a victim's data, files, devices or systems, rendering them inaccessible and unusable until the attacker receives a ransom payment.
  • What is SecOps? Everything you need to know - SecOps, formed from a combination of security and IT operations staff, is a highly skilled team focused on monitoring and assessing risk and protecting corporate assets, often operating from a security operations center, or SOC.
  • What is SSH (Secure Shell) and How Does It Work? - SSH (Secure Shell or Secure Socket Shell) is a network protocol that gives users -- particularly systems administrators -- a secure way to access a computer over an unsecured network.
  • What is tailgating (piggybacking)? - Tailgating, sometimes referred to as piggybacking, is a type of physical security breach in which an unauthorized person follows an authorized individual to enter secured premises while avoiding detection by an electronic or human access control (or alarm) system.
  • What is the CIA triad (confidentiality, integrity and availability)? - The CIA triad refers to confidentiality, integrity and availability, describing a model designed to guide policies for information security within an organization.
  • What is the Coalition for Secure AI (CoSAI)? - Coalition for Secure AI (CoSAI) is an open source initiative to enhance artificial intelligence's security.
  • What is threat detection and response (TDR)? Complete guide - Threat detection and response (TDR) is the process of recognizing potential cyberthreats and reacting to them before harm can be done to an organization.
  • What is threat intelligence? - Threat intelligence, also known as cyberthreat intelligence, is information gathered from a range of sources about current or potential attacks against an organization.
  • What is two-factor authentication (2FA)? - Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication, is a security process in which users provide two different authentication factors to verify themselves.
  • What is unified threat management (UTM)? - Unified threat management (UTM) is an information security system that provides a single point of protection against cyberthreats, including viruses, worms, spyware and other malware, as well as network attacks.
  • What is user behavior analytics (UBA)? - User behavior analytics (UBA) is the tracking, collecting and assessing of user data and activities using monitoring systems.
  • white hat hacker - A white hat hacker -- or ethical hacker -- is an individual who uses hacking skills to identify security vulnerabilities in hardware, software or networks.
  • Wi-Fi (802.11x standard) - Wi-Fi is a term for certain types of wireless local area networks (WLAN) that use specifications in the IEEE 802.
  • Wi-Fi Protected Access (WPA) - Wi-Fi Protected Access (WPA) is a security standard for computing devices equipped with wireless internet connections.
  • Wiegand - Wiegand is the trade name for a technology used in card readers and sensors, particularly for access control applications.
  • Windows Defender Exploit Guard - Microsoft Windows Defender Exploit Guard is antimalware software that provides intrusion protection for Windows 10 OS users.
  • wipe - Wipe, in a computing context, means to erase all data on a hard drive to render it unreadable.
  • Wired Equivalent Privacy (WEP) - Wired Equivalent Privacy (WEP) is a security protocol, specified in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.
  • Wireless Transport Layer Security (WTLS) - Wireless Transport Layer Security (WTLS) is a security level for the Wireless Application Protocol (WAP), specifically for the applications that use WAP.
  • wiretapping - Wiretapping is the surreptitious electronic monitoring and interception of phone-, fax- or internet-based communications.
  • zero-day vulnerability - A zero-day vulnerability is a security loophole in software, hardware or firmware that threat actors exploit before the vendors can identify and patch it.