Browse Definitions :

Security

Terms related to security management, including definitions about intrusion detection systems (IDS) and words and phrases about asset management, security policies, security monitoring, authorization and authentication.

FAS - MAL

  • federated identity management (FIM) - Federated identity management (FIM) is an arrangement between multiple enterprises or domains that enables their users to use the same identification data (digital identity) to access all their networks.
  • FERPA (Family Educational Rights and Privacy Act of 1974) - FERPA (Family Educational Rights and Privacy Act of 1974) is legislation that protects the privacy of students' personally identifiable information (PII).
  • FFIEC compliance (Federal Financial Institutions Examination Council) - FFIEC compliance is conformance to a set of standards for online banking issued in October 2005 by the Federal Financial Institutions Examination Council (FFIEC).
  • FFIEC Cybersecurity Assessment Tool - The Federal Financial Institutions Examination Council developed the Cybersecurity Assessment Tool to help organizations identify cybersecurity risks and determine their level of preparedness.
  • Financial Services Authority (FSA) - The FSA (Financial Services Authority) is an independent, non-governmental body that regulates the financial services industry in the UK, including most financial services markets, exchanges and firms.
  • finger vein ID - Finger vein ID is a biometric authentication system that matches the vascular pattern in an individual's finger to previously obtained data.
  • firefighting - Firefighting is an emergency allocation of resources, required to deal with an unforeseen problem.
  • Firesheep - Firesheep is a Firefox plug-in that automates session hijacking attacks over unsecured Wi-Fi networks.
  • firewall - A firewall is software or firmware that prevents unauthorized access to a network.
  • footprinting - In the study of DNA, footprinting is the method used to identify the nucleic acid sequence that binds with proteins.
  • forensic watermark (digital watermark) - A forensic watermark, also called a digital watermark, is a sequence of characters or code embedded in a digital document, image, video or computer program to uniquely identify its originator and authorized user.
  • four eyes principle - The four eyes principle is a requirement that two individuals review and approve some action before it can be taken.
  • frequency-hopping spread spectrum (FHSS) - Frequency-hopping spread spectrum (FHSS) transmission is the repeated switching of the carrier frequency during radio transmission to reduce interference and avoid interception.
  • full-disk encryption (FDE) - What is full-disk encryption (FDE)?Full-disk encryption (FDE) is encryption at the hardware level.
  • fuzz testing (fuzzing) - Fuzz testing (fuzzing) is a technique used by ethical hackers to discover security loopholes in software, operating systems or networks by massive inputting of random data to the system in an attempt to make it crash.
  • gaming the system - Gaming the system is manipulation or exploitation of the rules designed to govern a given system in an attempt to gain an advantage over other users.
  • garbage in, garbage out (GIGO) - GIGO (garbage in, garbage out) is a concise expression of a concept common to computer science and mathematics: the quality of output is determined by the quality of the input.
  • General Data Protection Regulation (GDPR) - The General Data Protection Regulation (GDPR) is legislation that updated and unified data privacy laws across the European Union (EU).
  • geolocation - Geolocation is the detection of the physical location of an Internet connected computing device.
  • going dark - Going dark describes a scenario in which communication appears to have ceased, but in reality has just moved from a public communication channel to a private, encrypted channel.
  • Google dork - A Google dork is an employee who unknowingly exposes sensitive corporate information on the Internet.
  • Government Information Security Reform Act - The Government Information Security Reform Act (formerly known as the Thompson-Liebermann Act) is a federal law that required U.
  • gray market - The gray market (sometimes spelled as "grey market") is the collective system of unauthorized sales channels for products.
  • Group Policy Object (GPO) - Microsoft’s Group Policy Object (GPO) is a collection of Group Policy settings that defines what a system will look like and how it will behave for a defined group of users.
  • gummy bear hack - A gummy bear hack is an attempt to fool a biometric fingerprint scanner by using a gelatin-based candy to hold a fingerprint.
  • hacker - A hacker is an individual who uses computer, networking or other skills to overcome a technical problem.
  • hacktivism - Hacktivism is the act of misusing a computer system or network for a socially or politically motivated reason.
  • hard-drive encryption - Hard-drive encryption is a technology that encrypts the data stored on a hard drive using sophisticated mathematical functions.
  • Hash-based Message Authentication Code (HMAC) - Hash-based Message Authentication Code (HMAC) is a message authentication code that uses a cryptographic key in conjunction with a hash function.
  • hashing - Hashing is the process of transforming any given key or a string of characters into another value.
  • HI-MEMS cyborg insects (Hybrid Insect Micro-Electro-Mechanical Systems) - The Hybrid Insect Micro-Electro-Mechanical Systems (HI-MEMS) program, also known as the cybug program, is a proposal from the Defense Advanced Research Projects Agency (DARPA) to encourage the development of cyborg insects that can be controlled by humans.
  • holistic security - Holistic security is an approach that seeks to integrate all the elements designed to safeguard an organization, considering them as a complex and interconnected system.
  • homomorphic encryption - Homomorphic encryption is the conversion of data into ciphertext that can be analyzed and worked with as if it were still in its original form.
  • Honey Encryption - Honey Encryption is a security tool that makes it difficult for an attacker who is carrying out a brute force attack to know if he has correctly guessed a password or encryption key.
  • honey monkey - A honey monkey is a virtual computer system that is programmed to lure, detect, identify and neutralize malicious activity on the Internet.
  • honeynet - A honeynet is a network set up with intentional vulnerabilities; its purpose is to invite attack, so that an attacker's activities and methods can be studied and that information used to increase network security.
  • honeypot (computing) - A honeypot is a network-attached system set up as a decoy to lure cyber attackers and detect, deflect and study hacking attempts to gain unauthorized access to information systems.
  • host intrusion prevention systems (HIPS) - A host intrusion prevention system (HIPS) is a security method that relies on third-party software tools to monitor network traffic and system activities for anomalous code behavior to identify and prevent malicious activities.
  • hotword - Hotword is an audio listening module included with Google Chrome and Chromium, the open source version of the browser.
  • HTTPS (HTTP over SSL or HTTP Secure) - HTTPS (HTTP over SSL or HTTP Secure) is the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a sublayer under regular HTTP application layering.
  • hypervisor security - Hypervisor security is the process of ensuring the hypervisor, the software that enables virtualization, is secure throughout its life cycle, including during development, implementation, provisioning, management and de-provisioning.
  • identity governance - Identity governance is the policy-based centralized orchestration of user identity management and access control.
  • identity theft - Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable information (PII), such as Social Security or driver's license numbers, to impersonate someone else.
  • IFrame (Inline Frame) - The IFrame HTML element is often used to insert content from another source, such as an advertisement, into a Web page.
  • incident - An incident is an occurrence where a service or component fails to provide a feature or service that it was designed to deliver.
  • incident response - Incident response is an organized approach to addressing and managing the aftermath of a security breach or cyberattack, also known as an IT incident, computer incident or security incident.
  • incident response plan (IRP) - An incident response plan (IRP) is a set of written instructions for adequately detecting, responding to and limiting the effects of an information security incident, an event that may or may not be an attack or threat to computer system or corporate data security.
  • incident response team - An incident response team is a group of IT professionals in charge of preparing for and reacting to any type of organizational emergency.
  • Indicators of Compromise (IOC) - Indicators of compromise are unusual activities on a system or network that imply the presence of a malicious actor.
  • Information Assurance Standard 6 (IAS 6) - The Information Assurance Standard 6 (IAS 6) is legislation enacted by the British government in May 2009 as part of its Security Policy Framework (SPF).
  • information security (infosec) - Information security, often shortened to infosec, is the practice, policies and principles to protect data and other kinds of information.
  • information security management system (ISMS) - An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization's sensitive data.
  • Information Technology Amendment Act 2008 (IT Act 2008) - The Information Technology Amendment Act, 2008 (IT Act 2008) is a substantial addition to India's Information Technology Act (ITA-2000).
  • information-centric security - Information-centric security is an approach to information security paradigm that emphasizes the security of the information itself rather than the security of networks, applications, or even simply data.
  • Infosys Technologies (Infosys Limited) - Infosys Technologies (now known as Infosys Limited) is a global IT consulting firm headquartered in Bangalore, India.
  • initialization vector (IV) - An initialization vector (IV) is an arbitrary number that can be used along with a secret key for data encryption.
  • insider threat - An insider threat is a category of risk posed by those who have access to an organization's physical or digital assets.
  • integer overflow - Integer overflow is the result of trying to place into computer memory an integer (whole number) that is too large for the integer data type in a given system.
  • intelligence (intel) - According to the FBI, intelligence is both the information itself and the processes used to collect and analyze it.
  • International Data Encryption Algorithm (IDEA) - IDEA (International Data Encryption Algorithm) is an encryption algorithm developed at ETH in Zurich, Switzerland.
  • International Information Systems Security Certification Consortium (ISC)2 - The International Information Systems Security Certification Consortium -- (ISC)2 -- is a non-profit organization that provides security training and certificates.
  • Internet Key Exchange (IKE) - The Internet Key Exchange (IKE) is an IPsec (Internet Protocol Security) standard protocol used to ensure security for virtual private network (VPN) negotiation and remote host or network access.
  • intrusion detection system (IDS) - An intrusion detection system (IDS) is a system that monitors network traffic for suspicious activity and alerts when such activity is discovered.
  • intrusion prevention system (IPS) - An intrusion prevention system (IPS) is a network security and threat prevention tool.
  • IP camera - An IP camera is a networked digital video camera that transmits data over a Fast Ethernet link.
  • IP spoofing - Internet Protocol (IP) spoofing is a type of malicious attack where the threat actor hides the true source of IP packets to make it difficult to know where they came from.
  • IP surveillance - IP surveillance is a digitized and networked version of closed-circuit television (CCTV).
  • IPsec (Internet Protocol Security) - IPsec (Internet Protocol Security) is a suite of protocols and algorithms for securing data transmitted over the internet or any public network.
  • iptables - Iptables is a generic table structure that defines rules and commands as part of the netfilter framework that facilitates Network Address Translation (NAT), packet filtering, and packet mangling in the Linux 2.
  • iris recognition - Iris recognition is a method of identifying people based on unique patterns within the ring-shaped region surrounding the pupil of the eye.
  • ISA Server (Internet Security and Acceleration Server) - Microsoft's ISA Server (Internet Security and Acceleration Server) is the successor to Microsoft's Proxy Server 2.
  • ISO 27001 - ISO 27001 (formally known as ISO/IEC 27001:2005) is a specification for an information security management system (ISMS).
  • ISO 27002 (International Organization for Standardization 27002) - The ISO 27002 standard is a collection of information security guidelines that are intended to help an organization implement, maintain, and improve its information security management.
  • ISSA (Information Systems Security Association) - The Information Systems Security Association, commonly known as ISSA, is an international, nonprofit organization for information security professionals.
  • IT incident report - An IT incident report is documentation of an event that has disrupted the normal operation of some IT system (or that had the potential to do so) and how that situation was handled.
  • IT systems management - Systems management is the administration of the information technology systems in an enterprise data center.
  • ITIL v3 - ITIL v3 is the third version of the Information Technology Infrastructure Library, a globally recognized collection of best practices for managing information technology (IT).
  • JavaScript hijacking - JavaScript hijacking is a technique that an attacker can use to read sensitive data from a vulnerable Web application, particularly one using Ajax (Asynchronous JavaScript and XML).
  • Kerberos - Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet.
  • key - In cryptography, a key is a variable value that is applied using an algorithm to a string or block of unencrypted text to produce encrypted text, or to decrypt encrypted text.
  • key fob - A key fob is a small, programmable device that provides access to a physical object.
  • key-value pair (KVP) - A key-value pair (KVP) is a set of two linked data items: a key, which is a unique identifier for some item of data, and the value, which is either the data that is identified or a pointer to the location of that data.
  • keylogger (keystroke logger or system monitor) - A keylogger, sometimes called a keystroke logger or keyboard capture, is a type of surveillance technology used to monitor and record each keystroke on a specific computer.
  • keystroke dynamics - Keystroke dynamics are the patterns of rhythm and timing created when a person types.
  • kiosk mode (Windows assigned access) - Kiosk mode is specialized function that allows Microsoft Windows to provide a single application for users signing on as guests or generic authorized users while preventing access to other files, data and functionality of the operating system and computer.
  • knowledge process outsourcing (KPO) - Knowledge process outsourcing (KPO) is the allocation of relatively high-level tasks to an outside organization or a different group within the same organization.
  • knowledge-based authentication (KBA) - In a KBA scheme, the user is asked to answer at least one "secret" question before being allowed to change account settings or reset a password.
  • known unknown - A known unknown is information whose existence you are aware of but that is not in your possession.
  • law of unintended consequences - The law of unintended consequences is a frequently-observed phenomenon in which any action has results that are not part of the actor's purpose.
  • LEAP (Lightweight Extensible Authentication Protocol) - LEAP (Lightweight Extensible Authentication Protocol) is a Cisco-proprietary version of EAP, the authentication protocol used in wireless networks and Point-to-Point connections.
  • Let's Encrypt - Let's Encrypt is designed to simplify the acquisition of SSL/TLS digital certificates proving a site’s authenticity, while also providing encryption.
  • local wipe - Local wipe, also known as auto-wipe, is deletion of a device's data which is initiated by software on the device itself, rather than through remote administration.
  • locked down device (LDD) - A locked down device (LDD) is a mobile device, typically a smartphone, that is shipped by a vendor with the ability to accept only the SIM card that originally came with it.
  • log management - Log management is the collective processes and policies used to administer and facilitate the generation, transmission, analysis, storage, archiving and ultimate disposal of the large volumes of log data created within an information system.
  • logic bomb - A logic bomb is a string of malicious code that is inserted intentionally into a program to harm a network when certain conditions are met.
  • Lookout Mobile Security - Lookout Mobile Security is an antimalware, data backup and remote management app for smartphones and tablets.
  • LUN masking - LUN masking is a further constraint added to zoning, subdividing access to the port so that only LUNs authorized to access a specific server can access the corresponding port.
  • Mahindra Special Services Group (MSSG) - Mahindra Special Services Group (MSSG) is a corporate security consultancy firm.
SearchCompliance
  • risk reporting

    Risk reporting is a method of identifying risks tied to or potentially impacting an organization's business processes.

  • risk avoidance

    Risk avoidance is the elimination of hazards, activities and exposures that can negatively affect an organization and its assets.

  • risk profile

    A risk profile is a quantitative analysis of the types of threats an organization, asset, project or individual faces.

SearchSecurity
SearchHealthIT
SearchDisasterRecovery
  • What is risk mitigation?

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • fault-tolerant

    Fault-tolerant technology is a capability of a computer system, electronic system or network to deliver uninterrupted service, ...

  • synchronous replication

    Synchronous replication is the process of copying data over a storage area network, local area network or wide area network so ...

SearchStorage
  • cloud archive

    A cloud archive is storage as a service for long-term data retention.

  • cache

    A cache -- pronounced CASH -- is hardware or software that is used to store something, usually data, temporarily in a computing ...

  • archive

    An archive is a collection of data moved to a repository for long-term retention, to keep separate for compliance reasons or for ...

Close