Browse Definitions :

Security

Terms related to security management, including definitions about intrusion detection systems (IDS) and words and phrases about asset management, security policies, security monitoring, authorization and authentication.

PRI - STA

  • principle of least privilege (POLP) - The principle of least privilege (POLP) is a concept in computer security that limits users' access rights to only what are strictly required to do their jobs.
  • privacy - On the Internet, privacy, a major concern of users, can be divided into these concerns: What personal information can be shared with whom Whether messages can be exchanged without anyone else seeing them Whether and how one can send messages anonymously Personal Information Privacy Most Web users want to understand that personal information they share will not be shared with anyone else without their permission.
  • privacy compliance - Privacy compliance is a company's accordance with established personal information protection guidelines, specifications or legislation.
  • private CA (private PKI) - Private CA stands for private certification authority and is an enterprise specific CA that functions like a publicly trusted CA but is exclusively run by or for the enterprise.
  • private certificate authority (CA) - Private CA stands for private certificate authority and is an enterprise specific certificate authority that functions like a publicly trusted CA but is exclusively run by or for the enterprise.
  • private key - A private key, also known as a secret key, is a variable in cryptography that is used with an algorithm to encrypt and decrypt data.
  • privileged identity management (PIM) - Privileged identity management (PIM) is the monitoring and protection of superuser accounts in an organization’s IT environments.
  • problem - A problem, in an IT service management (ITSM) context, is an issue that could cause an incident.
  • promiscuous mode - In computer networking, promiscuous mode is a mode of operation, as well as a security, monitoring and administration technique.
  • proxy firewall - A proxy firewall is a network security system that protects network resources by filtering messages at the application layer.
  • proxy hacking - Proxy hacking, also known as proxy hijacking, is an attack technique designed to supplant an authentic Web page in a search engine's index and search results pages.
  • public key - In cryptography, a public key is a large numerical value that is used to encrypt data.
  • public key certificate - A public key certificate is a digitally signed document that serves to validate the sender's authorization and name.
  • Public-Key Cryptography Standards (PKCS) - Public-Key Cryptography Standards (PKCS) are a set of standard protocols, numbered from 1 to 15.
  • Pwn2Own - Pwn2Own is an annual hacking competition sponsored by security vendor TippingPoint and held at the CanSecWest security conference.
  • quantum cryptography - Quantum cryptography uses our current knowledge of physics to develop a cryptosystem that is not able to be defeated - that is, one that is completely secure against being compromised without knowledge of the sender or the receiver of the messages.
  • RADIUS (Remote Authentication Dial-In User Service) - RADIUS (Remote Authentication Dial-In User Service) is a client-server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service.
  • rainbow table - A rainbow table is a listing of all possible plaintext permutations of encrypted passwords specific to a given hash algorithm.
  • RAT (remote access Trojan) - A remote access Trojan (RAT) is a malware program that gives an intruder administrative control over a target computer.
  • raw device mapping (RDM) - Raw device mapping (RDM) is an option in the VMware server virtualization environment that enables a storage LUN to be directly connected to a virtual machine from the SAN.
  • real-time location system (RTLS) - A real-time location system (RTLS) is one of a number of technologies used to pinpoint the current geographic position and location of a target.
  • Red Flags Rule (RFR) - The Red Flags Rule (RFR) is a set of United States federal regulations that require certain businesses and organizations to develop and implement documented plans to protect consumers from identity theft.
  • red teaming - Red teaming is the practice of rigorously challenging plans, policies, systems and assumptions by adopting an adversarial approach.
  • Remote Python Call (RPyC) - A remote python call (RPyC) is a type of remote procedure call that allows an administrator to use the universality of Python programming language to manage a remote object as if it were local.
  • remote wipe - Remote wipe is a security feature that allows a network administrator or device owner to send a command that deletes data to a computing device.
  • Report on Compliance (ROC) - A Report on Compliance (ROC) is a form that must be completed by all Level 1 Visa merchants undergoing a PCI DSS (Payment Card Industry Data Security Standard) audit.
  • RFID virus - An RFID (radio-frequency identification) virus is malicious code inserted into an RFID tag to alter or corrupt data in an RFID system.
  • Rijndael - Rijndael (pronounced rain-dahl) is an Advanced Encryption Standard (AES) algorithm.
  • risk assessment framework (RAF) - A risk assessment framework (RAF) is a strategy for prioritizing and sharing information about the security risks to an information technology (IT) infrastructure.
  • rogue employee - A rogue employee is a worker who undermines the organization that employs him by failing to comply with its business rules and policies.
  • role mining - Role mining is the process of analyzing user-to-resource mapping data to determine or modify user permissions for role-based access control (RBAC) in an enterprise.
  • role-based access control (RBAC) - Role-based access control (RBAC) is a method of restricting network access based on the roles of individual users within an enterprise.
  • rootkit - A rootkit is a program or a collection of malicious software tools that give a threat actor remote access to and control over a computer or other system.
  • RSA algorithm (Rivest-Shamir-Adleman) - The RSA algorithm (Rivest-Shamir-Adleman) is the basis of a cryptosystem -- a suite of cryptographic algorithms that are used for specific security services or purposes -- which enables public key encryption and is widely used to secure sensitive data, particularly when it is being sent over an insecure network, such as the internet.
  • RSA Security - RSA Security is a United States-based organization that creates encryption, network and computer security products.
  • S-HTTP (Secure HTTP) - S-HTTP (Secure HTTP) is an extension to the Hypertext Transfer Protocol (HTTP) that allows the secure exchange of files on the World Wide Web.
  • Same Origin Policy (SOP) - The Same Origin Policy (SOP), also called Single Origin Policy, is a security measure used in Web browser programming languages such as JavaScript and Ajax to protect the confidentiality and integrity of information.
  • scareware - Scareware is a type of malware tactic used to manipulate victims into downloading or buying potentially malware-infested software.
  • screened subnet (triple-homed firewall) - A screened subnet (also known as a 'triple-homed firewall') is a network architecture that uses a single firewall with three network interfaces.
  • script kiddie - Script kiddie is a derogative term that computer hackers coined to refer to immature, but often just as dangerous, exploiters of internet security weaknesses.
  • Seclore Technology (Seclore) - Seclore Technology is a Mumbai-based security software company incubated by the Indian Institute of Technology (IIT) in Bombay.
  • SecOps - SecOps is a management approach that connects security and operations teams, similar to how DevOps unifies software developers and operations professionals.
  • Secure Electronic Transaction (SET) - Secure Electronic Transaction (SET) is a system and electronic protocol to ensure the integrity and security of transactions conducted over the internet.
  • Secure File Transfer Protocol (SSH File Transfer Protocol) - SFTP is a term that refers to either Secure File Transfer Protocol or SSH File Transfer Protocol, and is a computing network protocol for accessing and managing files on remote systems.
  • Secure Shell (SSH) - SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.
  • Security Accounts Manager (SAM) - The Security Accounts Manager (SAM) is a database in the Windows operating system (OS) that contains user names and passwords.
  • security analytics - Security analytics is an approach to cybersecurity that uses data collection, data aggregation and analysis tools for threat detection and security monitoring.
  • Security as a Service (SaaS) - Security-as-a-service (SaaS) is an outsourcing model for security management.
  • Security Assertion Markup Language (SAML) - Security Assertion Markup Language (SAML) is an open standard for sharing security information about identity, authentication and authorization across different systems.
  • security audit - A security audit is a systematic evaluation of the security of a company's information system by measuring how well it conforms to an established set of criteria.
  • security awareness training - Security awareness training is a formal process for educating employees and third-party stakeholders, like contractors and business partners, how to protect an organization's computer systems, along with its data, people and other assets, from internet-based threats or criminals.
  • security clearance - A security clearance is an authorization that allows access to information that would otherwise be forbidden.
  • security event - A security event is a change in the everyday operations of a network or IT service, indicating that an security policy may have been violated or a security safeguard may have failed.
  • security identifier (SID) - In Windows NT and 2000 operating systems, the security identifier (SID) is a unique alphanumeric character string that identifies each operating system and each user in a network of NT/2000 systems.
  • security incident - A security incident is an event that may indicate that an organization's systems or data have been compromised or that measures put in place to protect them have failed.
  • security information and event management (SIEM) - Security information and event management (SIEM) is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system.
  • security information management (SIM) - Security information management (SIM) is the practice of collecting, monitoring and analyzing security-related data from computer logs.
  • security intelligence (SI) - Security intelligence (SI) is the information relevant to protecting an organization from external and inside threats as well as the processes, policies and tools designed to gather and analyze that information.
  • security operations center (SOC) - A security operations center (SOC) is a command center facility for a team of IT professionals with expertise in information security who monitors, analyzes and protects an organization from cyber attacks.
  • security policy - A security policy is a document that states in writing how a company plans to protect its physical and information technology (IT) assets.
  • security theater - Security theater includes any measures taken by a company or security team to create an atmosphere of safety that may only achieve the appearance of heightened security.
  • security through minority - Security through minority is an approach that relies upon infrequently-used code for its effectiveness.
  • security through obscurity - Security through obscurity (STO) is reliance upon secrecy in software development to minimize the chance that weaknesses may be detected and targeted.
  • security through obsolescence - Security through obsolescence is the use of obsolete technologies whose vulnerabilities are no longer well known among the public.
  • security token - A security token is a physical or digital device that provides two-factor authentication for a user to prove their identity in a login process.
  • Security, Trust and Assurance Registry (STAR) - The Security, Trust and Assurance Registry (STAR) is an online registry of cloud provider security controls.
  • segregation of duties (SoD) - Segregation of duties (SoD) is an internal control designed to prevent error and fraud by ensuring that at least two individuals are responsible for the separate parts of any task.
  • Sender Policy Framework (SPF) - Sender Policy Framework (SPF) is an anti-spam approach in which the Internet domain of an e-mail sender can be authenticated for that sender, thereby discouraging spam mailers, who routinely disguise the origin of their e-mail, a practice known as e-mail spoofing.
  • sensitive information - Sensitive information is data that must be protected from unauthorized access to safeguard the privacy or security of an individual or organization.
  • session ID - A session ID is a unique number that a Web site's server assigns to identify a specific user for the duration of that user's visit (session).
  • session key - A session key is an encryption and decryption key that is randomly generated to ensure the security of a communications session between a user and another computer or between two computers.
  • shadow app - A shadow app is a software program that is not supported by an employee's information technology (IT) department.
  • shadow IT - Shadow IT is hardware or software that is not supported by an organization's IT department.
  • shadow password file - A shadow password file, also known as /etc/shadow, is a system file in Linux that stores encrypted user passwords and is accessible only to the root user, preventing unauthorized users or malicious actors from breaking into the system.
  • Shared Key Authentication (SKA) - Shared Key Authentication (SKA) is a process by which a computer can gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol.
  • shared responsibility model - A shared responsibility model is a cloud security framework that dictates the security obligations of a cloud computing provider and its users to ensure accountability.
  • shoulder surfing - Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information.
  • single sign-on (SSO) - Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials -- for example, a name and password -- to access multiple applications.
  • single-factor authentication (SFA) - Single-factor authentication (SFA) is the traditional security process that requires a user name and password before granting access to the user.
  • smart card - A smart card is a physical card that has an embedded integrated chip that acts as a security token.
  • smart home or building (home automation or domotics) - A smart home is a residence that uses internet-connected devices to enable the remote monitoring and management of appliances and systems, such as lighting and heating.
  • smart label - A smart label is a slip of paper, plastic or other material on a product that contains an RFID tag in addition to bar code data.
  • smart meter hack - A smart meter hack is the unauthorized access of such a device or its data transmissions for the purpose of obtaining or altering communications between it and the responsible utility.
  • SMS spam (cell phone spam or short messaging service spam) - SMS spam (sometimes called cell phone spam) is any junk message delivered to a mobile phone as text messaging through the Short Message Service (SMS).
  • snooping - Snooping, in a security context, is unauthorized access to another person's or company's data.
  • Snort - Snort is an open source network intrusion detection system (NIDS) created by Sourcefire founder and former CTO Martin Roesch.
  • SOAR (security orchestration, automation and response) - SOAR (security orchestration, automation and response) is a stack of compatible software programs that enables an organization to collect data about security threats and respond to security events without human assistance.
  • social engineering attack surface - Social engineering attacks usually take advantage of human psychology: the desire for something free, the susceptibility to distraction, or the desire to be liked or to be helpful.
  • social engineering penetration testing - Social engineering pen testing is designed to test employees' adherence to the security policies and practices defined by management.
  • softlifting - Softlifting is a common type of software piracy in which a legally licensed software program is installed or copied in violation of its licensing agreement.
  • software attack surface - The software attack surface is the complete profile of all functions in any code running in a given system that are available to an unauthenticated user.
  • spear phishing - Spear phishing is a malicious email spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information.
  • spim (instant messaging spam) - Spim is spam delivered through instant messaging (IM) instead of through e-mail messaging.
  • SPIT (spam over Internet telephony) - SPIT (spam over Internet telephony), sometimes known as vam (voice or VoIP spam), is unsolicited bulk messages broadcast over VoIP (Voice over Internet Protocol) to phones connected to the Internet.
  • splog (spam blog) - A splog (spam blog) is a fake blog created solely to promote affiliated Web sites, with the intent of skewing search results and artificially boosting traffic.
  • SSAE 16 - The Statement on Standards for Attestation Engagements No.
  • SSL certificate (Secure Sockets Layer certificate) - A Secure Sockets Layer certificate, known commonly as an SSL certificate, is a small data file installed on a Web server that allows for a secure connection between a Web server and a Web browser.
  • SSL checker (secure socket layer checker) - An SSL checker (Secure Sockets Layer checker) is a tool that helps an organization verify proper installation of an SSL certificate on a Web server to ensure it is valid, trusted and will work properly for its users.
  • SSL VPN (Secure Sockets Layer virtual private network) - An SSL VPN is a type of virtual private network (VPN) that uses the Secure Sockets Layer (SSL) protocol -- or, more often, its successor, the Transport Layer Security (TLS) protocol -- in standard web browsers to provide secure, remote access VPN capability.
  • stateful inspection - Stateful inspection, also known as dynamic packet filtering, is a firewall technology that monitors the state of active connections and uses this information to determine which network packets to allow through the firewall.
SearchCompliance
  • ISO 31000 Risk Management

    The ISO 31000 Risk Management framework is an international standard that provides businesses with guidelines and principles for ...

  • pure risk

    Pure risk refers to risks that are beyond human control and result in a loss or no loss with no possibility of financial gain.

  • risk reporting

    Risk reporting is a method of identifying risks tied to or potentially impacting an organization's business processes.

SearchSecurity
  • Pretty Good Privacy (PGP)

    Pretty Good Privacy or PGP was a popular program used to encrypt and decrypt email over the internet, as well as authenticate ...

  • email security

    Email security is the process of ensuring the availability, integrity and authenticity of email communications by protecting ...

  • Blowfish

    Blowfish is a variable-length, symmetric, 64-bit block cipher.

SearchHealthIT
SearchDisasterRecovery
  • What is risk mitigation?

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • fault-tolerant

    Fault-tolerant technology is a capability of a computer system, electronic system or network to deliver uninterrupted service, ...

  • synchronous replication

    Synchronous replication is the process of copying data over a storage area network, local area network or wide area network so ...

SearchStorage
  • direct access

    In computer storage, direct access is the process of reading and writing data on a storage device by going directly to where the ...

  • kibi, mebi, gibi, tebi, pebi and exbi

    Kibi, mebi, gibi, tebi, pebi and exbi are binary prefix multipliers that, in 1998, were approved as a standard by the ...

  • holographic storage (holostorage)

    Holographic storage is computer storage that uses laser beams to store computer-generated data in three dimensions.

Close