Browse Definitions :

Security management

Terms related to security management, including definitions about intrusion detection systems (IDS) and words and phrases about asset management, security policies, security monitoring, authorization and authentication.

CHI - DIR

  • chief integration officer (CIO) - A chief integration officer (CIO) is a corporate executive in charge of ensuring the coordination of all interacting systems within the enterprise and its extended environments.
  • chief risk officer (CRO) - The chief risk officer (CRO) is the corporate executive tasked with assessing and mitigating significant competitive, regulatory and technological threats to an enterprise's capital and earnings.
  • Chip and PIN - Chip and PIN is a UK government-backed initiative to implement the EMV (Europay, Mastercard and Visa) standard for smart card payment authorization.
  • cipher - In cryptology, the discipline concerned with the study of cryptographic algorithms, a cipher is an algorithm for encrypting and decrypting data.
  • cipher block chaining (CBC) - Cipher block chaining (CBC) is a mode of operation for a block cipher (one in which a sequence of bits are encrypted as a single unit or block with a cipher key applied to the entire block).
  • CipherCloud - CipherCloud is a vendor that provides a cloud access security broker (CASB) platform, along with a number of security services, aimed at helping organizations secure their cloud-based applications.
  • ciphertext - Ciphertext is encrypted text.
  • ciphertext feedback (CFB) - Ciphertext feedback (CFB) is a mode of operation for a block cipher.
  • Cisco Certified Security Professional (CCSP) - A Cisco Certified Security Professional (CCSP) is an IT (Information Technology) professional who has received formal training from Cisco Systems in network-related security hardware, software and management.
  • Cisco Information Security Specialist (CISS) - Cisco Information Security Specialist (CISS) is an entry-level certification attesting that the holder has demonstrated the foundational knowledge and skills required to install and support a Cisco Self-Defending Network.
  • CISO (chief information security officer) - The CISO (chief information security officer) is a senior-level executive responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats.
  • CISP-PCI (Cardholder Information Security Program - Payment Card Industry Data Security Standard) - CISP (Cardholder Information Security Program) and PCI (Payment Card Industry Data Security Standard) are specifications developed and used by credit card companies for the purpose of ensuring and enhancing the privacy and security of financial data.
  • Class C2 - Class C2 is a security rating established by the U.
  • clean desk policy (CDP) - A clean desk policy (CDP) is a corporate directive that specifies how employees should leave their working space when they leave the office.
  • clickjacking (user-interface or UI redressing and IFRAME overlay) - Clickjacking (also known as user-interface or UI redressing and IFRAME overlay) is an exploit in which malicious coding is hidden beneath apparently legitimate buttons or other clickable content on a website.
  • cloak of invisibility - A cloak of invisibility is a method of rendering physical objects undetectable or invisible.
  • closed circuit television (CCTV) - CCTV (closed-circuit television) is a TV system in which signals are not publicly distributed but are monitored, primarily for surveillance and security purposes.
  • cloud encryption (cloud storage encryption) - Cloud encryption is a service offered by cloud storage providers whereby data, or text, is transformed using encryption algorithms and is then placed on a storage cloud.
  • Cloud Security Alliance (CSA) - The Cloud Security Alliance (CSA) is a nonprofit organization that promotes research into best practices for securing cloud computing and the use of cloud technologies to secure other forms of computing.
  • CloudAudit - CloudAudit is a specification for the presentation of information about how a cloud computing service provider addresses control frameworks.
  • CMDSP (Certified Mobile Device Security Professional) - CMDSP (Certified Mobile Device Security Professional) is a certification program offered by the Mobile Resource Group that provides a standardized assurance of competency in the field of mobile security and administration.
  • COBIT - COBIT is a framework for developing, implementing, monitoring and improving information technology (IT) governance and management practices.
  • cocooning - Cocooning is the act of insulating or hiding oneself from the normal social environment, which may be perceived as distracting, unfriendly, dangerous, or otherwise unwelcome, at least for the present.
  • Code of Connection (CoCo) - In the U.K.
  • command injection - Command injection is the insertion of HTML code into dynamically generated output by a malevolent hacker (also known as a cracker) seeking unauthorized access to data or network resources.
  • common access card (CAC) - A common access card (CAC) is a Unites States Department of Defense (DoD) smart card for multifactor authentication.
  • Common Body of Knowledge (CBK) - In security, Common Body of Knowledge (CBK) is a comprehensive framework of all the relevant subjects a security professional should be familiar with, including skills, techniques and best practices.
  • Common Criteria (CC) for Information Technology Security Evaluation - Common Criteria (CC) is an international set of guidelines and specifications developed for evaluating information security products, specifically to ensure they meet an agreed-upon security standard for government deployments.
  • Common Weakness Enumeration (CWE) - Common Weakness Enumeration (CWE) is a universal online dictionary of weaknesses that have been found in computer software.
  • computer exploit - A computer exploit, or exploit, is an attack on a computer system, especially one that takes advantage of a particular vulnerability the system offers to intruders.
  • Computer Misuse Act 1990 (CMA) - The Computer Misuse Act 1990 (CMA) is an act of the UK Parliament passed in 1990.
  • computer worm - A computer worm is a type of malicious software program whose primary function is to infect other computers while remaining active on infected systems.
  • COMSEC (communications security) - Communications security (COMSEC) is the prevention of unauthorized access to telecommunications traffic, or to any information that is transmitted or transferred.
  • Conduit browser hijacker - Conduit is a browser hijacker that is usually installed without the user’s knowledge through a drive-by download.
  • Conficker - Conficker is a fast-spreading worm that targets a vulnerability (MS08-067) in Windows operating systems.
  • confidentiality - Confidentiality is a set of rules or a promise that limits access or places restrictions on certain types of information.
  • confidentiality, integrity, and availability (CIA triad) - Confidentiality, integrity, and availability, known as the CIA triad, is a model designed to guide information security practices and policies within an organization.
  • consumer privacy (customer privacy) - Consumer privacy, also known as customer privacy, involves the handling and protection of sensitive personal information that individuals provide in the course of everyday transactions.
  • consumerization policy - A consumerization policy is a documented set of practices for managing the use of consumer devices and technologies within a given organization.
  • Content Protection for Removable Media (CPRM) - Content Protection for Removable Media (CPRM) is a hardware-based technology designed to enforce copy protection restrictions through built-in mechanisms in storage media that would prevent unauthorized file copying.
  • Content Scrambling System (CSS) - Content Scrambling System (CSS) is a data encryption and authentication method used to protect digital versatile disk (DVD) movies from being illegally copied, distributed, and viewed from other devices, such as computer hard drives.
  • content-based security (asset-based security) - Content-based security, also known as asset-based security, is a gerneral term for security features that are embedded within enterprise content.
  • context-aware network access control - Context-aware network access control (CANAC) is an approach to managing the security of a proprietary network by granting access to network resources according to contextual-based security policies.
  • context-aware security - Context-aware security is the use of situational information (such as identity, location, time of day or type of endpoint device) to improve information security decisions.
  • cookie poisoning - On the Web, cookie poisoning is the modification of a cookie (personal information in a Web user's computer) by an attacker to gain unauthorized information about the user for purposes such as identity theft.
  • corporate area network (CAN) - A corporate area network (CAN) is a separate, protected portion of a corporation's intranet.
  • counterthreat operations team (CTOps team) - A counterthreat operations team (CT Ops team) is a group of security information specialists who pro-actively monitor an information technology network for external and internal threats and respond to threats with both immediate actions and long-term recommendations for improvements in software development as well as configuration and network management.
  • cracker - A cracker is someone who breaks into someone else's computer system, often on a network; bypasses passwords or licenses in computer programs; or in other ways intentionally breaches computer security.
  • CRAM (challenge-response authentication mechanism) - CRAM (challenge-response authentication mechanism) is the two-level scheme for authenticating network users that is used as part of the Web's Hypertext Transfer Protocol (HTTP).
  • crimeware - Crimeware is any computer program or set of programs designed expressly to facilitate illegal activity online.
  • crisis management - Crisis management is the application of strategies designed to help an organization deal with a sudden and significant negative event.
  • critical thinking - Critical thinking is the capacity to be objective, rational and analytical about subjects, situations and cognitive problems.
  • cryptanalysis - Cryptanalysis is the study of ciphertext, ciphers and cryptosystems with the aim of understanding how they work and finding and improving techniques for defeating or weakening them.
  • cryptographic checksum - A cryptographic checksum is a mathematical value (called a checksum) that is assigned to a file and used to "test" the file at a later date to verify that the data contained in the file has not been maliciously changed.
  • cryptographic nonce - A nonce is a random or semi-random number that is generated for a specific use, typically related to cryptographic communication or information technology.
  • cryptography - Cryptography is a method of protecting information and communications through the use of codes so that only those for whom the information is intended can read and process it.
  • cryptology - Cryptology is the mathematics, such as number theory, and the application of formulas and algorithms, that underpin cryptography and cryptanalysis.
  • cryptoperiod (key lifetime or a validity period) - A cryptoperiod (sometimes called a key lifetime or a validity period) is a specific time span during which a cryptographic key setting remains in effect.
  • cryptosystem - A cryptosystem is a structure or scheme consisting of a set of algorithms that converts plaintext to ciphertext to encode or decode messages securely.
  • CSO (Chief Security Officer) - A Chief Security Officer (CSO) is the employee responsible for the physical security of a company, including its communication and business systems.
  • CSR (Certificate Signing Request) - A Certificate Signing Request or CSR is a specially formatted encrypted message sent from a Secure Sockets Layer (SSL) digital certificate applicant to a certificate authority (CA) validating the information required by the CA in order for it to issue a certificate.
  • CTCI (Computer-to-computer interface) - Computer-to-computer interface (CTCI) is a digital communications protocol that allows customers of the NASDAQ (National Association of Securities Dealers Automated Quotations) to conduct business in the options market.
  • CVSS (Common Vulnerability Scoring System) - The CVSS (Common Vulnerability Scoring System) rates the severity of software vulnerabilities so organizations are able to prioritize mitigation.
  • cyber attribution - Cyber attribution is the process of tracking, identifying and laying blame on the perpetrator of a cyberattack or other hacking exploit.
  • Cyber Storm - Cyber Storm is the name of a simulated attack exercise conducted by the U.
  • Cybercrime - Cybercrime is any criminal activity that involves a computer, networked device or a network.
  • cyberextortion - Cyberextortion is a crime involving an attack or threat of an attack coupled with a demand for money or some other response in return for stopping or remediating the attack.
  • Cyberoam - Cyberoam is a vendor for information security products and services.
  • cybersecurity - Cybersecurity is the protection of internet-connected systems, including hardware, software and data, from cyberattacks.
  • Cybersecurity Enhancement Act of 2009 (S.773) - The Cybersecurity Enhancement Act of 2009 (S.
  • Cybersecurity Information Sharing Act (CISA) - Cybersecurity Information Sharing Act (CISA) is proposed legislation that will allow United States government agencies and non-government entities to share information with each other as they investigate cyberattacks.
  • daisy chain - A daisy chain is an interconnection of computer devices, peripherals, or network nodes in series, one after another.
  • DAT USB drive - A DAT USB drive is a tape drive with digital audio tape (DAT) that can be plugged into a Universal Serial Bus (USB) connection as a simple and relatively low-cost way to back up data routinely, especially on servers.
  • data availability - Data availability is a term used by some computer storage manufacturers and storage service providers (SSPs) to describe products and services that ensure that data continues to be available at a required level of performance in situations ranging from normal through "disastrous.
  • Data Encryption Standard (DES) - The Data Encryption Standard (DES) is an outdated symmetric-key method of data encryption.
  • data encryption/decryption IC - A data encryption/decryption IC is a specialized integrated circuit (IC) that can encrypt outgoing data and decrypt incoming data.
  • data integrity - Data integrity is the assurance that digital information is uncorrupted and can only be accessed or modified by those authorized to do so.
  • data key - In cryptography, a data key is a key (a variable value that is applied to a string or block of text to encrypt or decrypt it) that is used to encrypt or decrypt data only and is not used to encrypt or decrypt other keys, as some encryption formulas call for.
  • data loss prevention (DLP) - Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside of the corporate network.
  • data masking - Data masking is a method of creating a structurally similar but inauthentic version of an organization's data that can be used for purposes such as software testing and user training.
  • data protection management (DPM) - Data protection management (DPM) is the administration of backup processes to ensure that tasks run on schedule, and that data is securely backed up and recoverable.
  • data recovery agent (DRA) - A data recovery agent (DRA) is a Microsoft Windows user who has been granted the right to decrypt data that was encrypted by other users.
  • Data Security Council of India (DSCI) - The Data Security Council of India (DSCI) is a not-for-profit organization created to promote the country as a secure destination for information technology (IT) outsourcing.
  • data shadow - A data shadow is the collective body of data that is automatically generated and recorded as we go about our lives rather than intentionally created.
  • data splitting - Data splitting is an approach to protecting sensitive data from unauthorized access by encrypting the data and storing different portions of a file on different servers.
  • database activity monitoring (DAM) - Database activity monitoring (DAM) systems monitor and record activity in a database and then generate alerts for anything unusual.
  • DCPromo (Domain Controller Promoter) - DCPromo (Domain Controller Promoter) is a tool in Active Directory that installs and removes Active Directory Domain Services and promotes domain controllers.
  • decipher - All three terms - decipher, decrypt, and decode - mean to convert ciphertext into the original, unencrypted plaintext.
  • defense in depth - Defense in depth is the coordinated use of multiple security countermeasures to protect the integrity of the information assets in an enterprise.
  • Defense Message System (DMS) - The Defense Message System (DMS) is a secure X.
  • deniable encryption - Deniable encryption is a type of cryptography that allows an encrypted text to be decrypted in two or more ways, depending on which decryption key is used.
  • deperimeterization - In network security, deperimeterization is a strategy for protecting a company's data on multiple levels by using encryption and dynamic data-level authentication.
  • depository - A depository is a file or set of files in which data is stored for the purpose of safekeeping or identity authentication.
  • dictionary attack - A dictionary attack is a method of breaking into a password-protected computer or server by systematically entering every word in a dictionary as a password.
  • Diffie-Hellman key exchange (exponential key exchange) - Diffie-Hellman key exchange, also called exponential key exchange, is a method of digital encryption that uses a number raised to specific powers to produce decryption keys that are never directly transmitted, making the task of a would-be code breaker mathematically overwhelming.
  • digest authentication - Digest authentication is a method of authentication in which a request from a potential user is received by a network server and then sent to a domain controller.
  • digital footprint - A digital footprint, sometimes called a digital dossier, is the body of data that exists as a result of actions and communications online that can in some way be traced back to an individual.
  • digital footprint management (DFM) - Digital footprint management (DFM) is an approach to controlling the amount and types of electronic data existing about a particular individual that can in some way be traced back to them.
  • Digital Signature Standard (DSS) - Digital Signature Standard (DSS) is the digital signature algorithm(DSA) developed by the U.
  • Digital Silhouettes - Digital Silhouettes is the trademarked name that Predictive Networks has given to user profiles that are established through gathered click stream data and artificial intelligence (AI) processes.

-ADS BY GOOGLE

SearchCompliance

SearchSecurity

  • GPS jamming

    GPS jamming is the process of using a frequency transmitting device to block or interfere with radio communications.

  • time-based one-time password (TOTP)

    A time-based one-time password (TOTP) is a temporary code, generated by an algorithm, for use in authenticating access to ...

  • Security Operations Center (SOC)

    A security operations center (SOC) is a command center facility for a team of IT professionals with expertise in information ...

SearchHealthIT

SearchDisasterRecovery

  • disaster recovery team

    A disaster recovery team is a group of individuals focused on planning, implementing, maintaining, auditing and testing an ...

  • cloud insurance

    Cloud insurance is any type of financial or data protection obtained by a cloud service provider. 

  • business continuity software

    Business continuity software is an application or suite designed to make business continuity planning/business continuity ...

SearchStorage

  • network-attached storage (NAS)

    Network-attached storage (NAS) is dedicated file storage that enables multiple users and heterogeneous client devices to retrieve...

  • SSD (solid-state drive)

    An SSD (solid-state drive) is a type of nonvolatile storage media that stores persistent data on solid-state flash memory.

  • NAND flash memory

    NAND flash memory is a type of nonvolatile storage technology that does not require power to retain data.

Close