Security
This cyber security glossary explains the meaning of terms about different types of computer security threats as well as words about application security, access control, network intrusion detection, security awareness training and computer forensics.
Authentication and access control
Terms related to authentication, including security definitions about passwords and words and phrases about proving identity.
-
out-of-band authentication
Out-of-band authentication is a type of two-factor authentication (2FA) that requires a secondary verification method through a separate communication channel along with the typical ID and password.
-
facial recognition
Facial recognition is a category of biometric software that maps an individual's facial features to confirm their identity.
-
digital identity
A digital identity is the body of information about an individual, organization or electronic device that exists online.
Compliance, risk and governance
This glossary contains definitions related to compliance. Some definitions explain the meaning of words used in compliance regulations. Other definitions are related to the strategies that compliance officers use to mitigate risk and create a manageable compliance infrastructure.
-
ISO/TS 22317 (International Organization for Standardization Technical Standard 22317)
ISO/TS 22317 is the first formal standard to address the business impact analysis process.
-
document sanitization
Document sanitization is the process of cleaning a document to ensure that only the intended information can be accessed from it.
-
Federal Information Security Modernization Act (FISMA)
): The Federal Information Security Modernization Act (FISMA) is United States legislation that defines a framework of guidelines and security standards to protect government information technology operations from cyberthreats.
Network security
Terms related to network security, including definitions about intrusion prevention and words and phrases about VPNs and firewalls.
-
hashing
Hashing is the process of transforming any given key or a string of characters into another value.
-
Common Vulnerability Scoring System (CVSS)
The Common Vulnerability Scoring System (CVSS) is a public framework for rating the severity and characteristics of security vulnerabilities in information systems.
-
virtual machine escape
A virtual machine escape is an exploit in which an attacker runs code on a VM that lets the operating system (OS) running within it break out and interact directly with the hypervisor.
Security Admin
Terms related to security management, including definitions about intrusion detection systems (IDS) and words and phrases about asset management, security policies, security monitoring, authorization and authentication.
-
hashing
Hashing is the process of transforming any given key or a string of characters into another value.
-
Common Vulnerability Scoring System (CVSS)
The Common Vulnerability Scoring System (CVSS) is a public framework for rating the severity and characteristics of security vulnerabilities in information systems.
-
bug bounty program
A bug bounty program, also called a vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals like ethical hackers and security researchers for discovering and reporting vulnerabilities and bugs in software.
Threat management
Terms related to security threats, including definitions about anti-virus programs or firewalls and words and phrases about malware, viruses, Trojans and other security attacks.
-
ATM jackpotting
ATM jackpotting is the exploitation of physical and software vulnerabilities in automated banking machines that result in the machines dispensing cash.
-
hashing
Hashing is the process of transforming any given key or a string of characters into another value.
-
data poisoning (AI poisoning)
Data or AI poisoning attacks are deliberate attempts to manipulate the training data of artificial intelligence and machine learning models to corrupt their behavior and elicit skewed, biased or harmful outputs.