Browse Definitions :

Security management

Terms related to security management, including definitions about intrusion detection systems (IDS) and words and phrases about asset management, security policies, security monitoring, authorization and authentication.

PCI - SEA

  • PCI DSS (Payment Card Industry Data Security Standard) - The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information.
  • PCI DSS 3.0 - PCI DSS 3.0 is the third major iteration of the Payment Card Industry Data Security Standard, a set of policies and procedures administered by the Payment Card Industry Security Standards Council (PCI SSC) to ensure the security of electronic payment data and sensitive authentication data.
  • PCI DSS merchant levels - Merchant levels are used by the payment card industry (PCI) to determine risk levels and determine the appropriate level of security for their businesses.
  • PCI gap assessment - A PCI gap assessment is the identification, analysis and documentation of areas of non-compliance with the Payment Card Industry Data Security Standard (PCI DSS).
  • PCI policy - A PCI policy is a type of security policy that covers how an organization addresses the 12 requirements of the Payment Card Industry Data Security Standard (PCI DSS).
  • PCI Security Standards Council - The PCI Security Standards Council is an organization created by the major credit card companies in an effort to better protect credit card holder data.
  • PEAP (Protected Extensible Authentication Protocol) - PEAP (Protected Extensible Authentication Protocol) is a version of EAP, the authentication protocol used in wireless networks and Point-to-Point connections.
  • Peltzman Effect - The Peltzman Effect is the net-zero effect on overall safety between the presence of safety precautions and people’s tendency to be less cautious in their presence.
  • pen test (penetration testing) - Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit.
  • Pen Testing as a Service (PTaaS) - Pen testing as a service (PTaaS) is a cloud service that provides information technology (IT) professionals with the resources they need to conduct and act upon point-in-time and continuous penetration tests.
  • performance testing - Performance testing is the process of determining the speed, responsiveness and stability of a computer, network, software program or device under a workload.
  • personal firewall (desktop firewall) - A personal firewall (sometimes called a desktop firewall) is a software application used to protect a single Internet-connected computer from intruders.
  • personal health record (PHR) - A personal health record (PHR) is a collection of health-related information that is documented and maintained by the individual it pertains to.
  • personal identity verification (PIV) card - A personal identity verification (PIV) card is a United States Federal smart card that contains the necessary data for the cardholder to be granted to Federal facilities and information systems and assure appropriate levels of security for all applicable Federal applications.
  • personally identifiable financial information (PIFI) - Personally identifiable financial information (PIFI) is any type of personally identifiable information (PII) that is linked to that person's finances.
  • pharming - Pharming is a scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent Web sites without their knowledge or consent.
  • phishing - Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels.
  • phlashing - Phlashing is a permanent denial of service (PDoS) attack that exploits a vulnerability in network-based firmware updates.
  • phreak - A phreak is someone who breaks into the telephone network illegally, typically to make free long-distance phone calls or to tap phone lines.
  • physical attack surface - The physical attack surface is the totality of the security vulnerabilities in a given system that are available to an attacker in the same location as the target.
  • physical security - Physical security is the protection of people and systems from damage or loss due to physical events such as fire, flood, disasters, crimes or accidents.
  • ping of death - On the Internet, ping of death is a denial of service (DoS) attack caused by an attacker deliberately sending an IP packet larger than the 65,536 bytes allowed by the IP protocol.
  • ping sweep (ICMP sweep) - A ping sweep (also known as an ICMP sweep) is a basic network scanning technique used to determine which of a range of IP addresses map to live hosts (computers).
  • piracy - Software piracy is the illegal copying, distribution, or use of software.
  • PKI (public key infrastructure) - A public key infrastructure (PKI) supports the distribution and identification of public encryption keys, enabling users and computers to both securely exchange data over networks such as the Internet and verify the identity of the other party.
  • plaintext - In cryptography, plaintext is ordinary readable text before being encrypted into ciphertext or after being decrypted.
  • Point-to-Point Tunneling Protocol (PPTP) - Point-to-Point Tunneling Protocol (PPTP) is a protocol (set of communication rules) that allows corporations to extend their own corporate network through private "tunnels" over the public Internet.
  • Pokémon GO - Pokémon GO is a mobile augmented reality (AR) version of the popular Pokémon video game for iPhone or Android systems.
  • policy engine - A policy engine is a software component that allows an organization to create, monitor and enforce rules about how network resources and the organization's data can be accessed.
  • policy server - A policy server is a security component of a policy-based network that provides authorization services and facilitates tracking and control of files.
  • policy-based management - Policy-based management is an administrative approach that is used to simplify the management of a given endeavor by establishing policies to deal with situations that are likely to occur.
  • polymorphic virus - A polymorphic virus is a harmful, destructive or intrusive type of malware that can change or 'morph,' making it difficult to detect with antimalware programs.
  • port mirroring (roving analysis port) - Port mirroring is an approach to monitoring network traffic that involves forwarding a copy of each packet from one network switch port to another.
  • Port Scan - A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services -- each associated with a "well-known" port number -- the computer provides.
  • presence technology - Presence technology is a type of application that makes it possible to locate and identify a computing device wherever it might be, as soon as the user connects to the network.
  • pretexting - Pretexting is a form of social engineering in which one individual lies to obtain privileged data about another individual in order to engage in identity theft or corporate espionage.
  • Pretty Good Privacy (PGP) - Pretty Good Privacy or PGP is a popular program used to encrypt and decrypt email over the Internet, as well as authenticate messages with digital signatures and encrypted stored files.
  • principle of least privilege (POLP) - The principle of least privilege (POLP), an important concept in computer security, is the practice of limiting access rights for users to the bare minimum permissions they need to perform their work.
  • privacy - On the Internet, privacy, a major concern of users, can be divided into these concerns: What personal information can be shared with whom Whether messages can be exchanged without anyone else seeing them Whether and how one can send messages anonymously Personal Information Privacy Most Web users want to understand that personal information they share will not be shared with anyone else without their permission.
  • Privacy and Electronic Communications Regulations (PECR) - The Privacy and Electronic Communications Regulations (PECR) are the UK implementation of the European Union (EU) e-Privacy Directive.
  • privacy compliance - Privacy compliance is a company's accordance with established personal information protection guidelines, specifications or legislation.
  • private CA (private PKI) - Private CA stands for private certification authority and is an enterprise specific CA that functions like a publicly trusted CA but is exclusively run by or for the enterprise.
  • private certificate authority (CA) - Private CA stands for private certificate authority and is an enterprise specific certificate authority that functions like a publicly trusted CA but is exclusively run by or for the enterprise.
  • private cloud (internal cloud or corporate cloud) - Private cloud is a type of cloud computing that delivers similar advantages to public cloud, including scalability and self-service, but through a proprietary architecture.
  • private key - A private key, also known as a secret key, is a variable in cryptography that is used with an algorithm to encrypt and decrypt code.
  • privilege - In the administration of a multi-user computer system, a privilege is an identified right that a particular user has to a particular system resource, such as a file folder, the use of certain system commands, or an amount of storage.
  • privilege bracketing - Privilege bracketing is the practice of limiting temporarily increased permission levels to the briefest possible time period.
  • privileged identity management (PIM) - Privileged identity management (PIM) is the monitoring and protection of superuser accounts in an organization’s IT environments.
  • problem - A problem, in an IT service management (ITSM) context, is an issue that could cause an incident.
  • promiscuous mode - In a network, promiscuous mode allows a network device to intercept and read each network packet that arrives in its entirety.
  • proxy firewall - A proxy firewall is a network security system that protects network resources by filtering messages at the application layer.
  • proxy hacking - Proxy hacking, also known as proxy hijacking, is an attack technique designed to supplant an authentic Web page in a search engine's index and search results pages.
  • pseudonymous profile - A pseudonymous profile is a collection of information about a particular computer user that identifies the user either by their computer's IP address or by a randomly-generated nickname.
  • public key - In cryptography, a public key is a value provided by some designated authority as an encryption key that, combined with a private key derived from the public key, can be used to effectively encrypt messages and digital signatures.
  • public key certificate - A public key certificate is a digitally signed document that serves to validate the sender's authorization and name.
  • Public-Key Cryptography Standards (PKCS) - The Public-Key Cryptography Standards (PKCS) are a set of intervendor standard protocols for making possible secure information exchange on the Internet using a public key infrastructure (PKI).
  • pulsing zombie - A pulsing zombie is a computer whose security has been compromised without its owner's knowledge by a cracker so that it intermittently carries out a denial-of-service attack on target computers in a network.
  • PUP (potentially unwanted program) - A PUP (potentially unwanted program) is a program that may be unwanted, despite the possibility that users consented to download it.
  • Pwn2Own - Pwn2Own is an annual hacking competition sponsored by security vendor TippingPoint and held at the CanSecWest security conference.
  • quantum cryptography - Quantum cryptography uses our current knowledge of physics to develop a cryptosystem that is not able to be defeated - that is, one that is completely secure against being compromised without knowledge of the sender or the receiver of the messages.
  • RADIUS (Remote Authentication Dial-In User Service) - Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service.
  • rainbow table - A rainbow table is a listing of all possible plaintext permutations of encrypted passwords specific to a given hash algorithm.
  • RAT (remote access Trojan) - A remote access Trojan (RAT) is a malware program that gives an intruder administrative control over a target computer.
  • raw device mapping (RDM) - Raw device mapping (RDM) is an option in the VMware server virtualization environment that enables a storage LUN to be directly connected to a virtual machine from the SAN.
  • real-time location system (RTLS) - A real-time location system (RTLS) is one of a number of technologies used to pinpoint the current geographic position and location of a target.
  • Red Flags Rule (RFR) - The Red Flags Rule (RFR) is a set of United States federal regulations that require certain businesses and organizations to develop and implement documented plans to protect consumers from identity theft.
  • red teaming - Red teaming is the practice of rigorously challenging an organization's plans, policies, systems and assumptions by applying an adversarial approach.
  • redact - To redact is to edit, or prepare for publishing.
  • Register of Known Spam Operations (ROKSO) - The Register of Known Spam Operations (ROKSO) is a list of over 500 professional spammers that is maintained by the Spamhaus Project, an organization dedicated to identifying and exposing spam operators.
  • Regulation of Investigatory Powers Act (RIPA) - RIPA (Regulation of Investigatory Powers Act) is a law enacted in the United Kingdom in 2000 to govern the interception and use of electronic communications.
  • relative identifier (RID) - In Windows 2000, the relative identifier (RID) is the part of a security ID (SID) that uniquely identifies an account or group within a domain.
  • Remote Python Call (RPyC) - A remote python call (RPyC) is a type of remote procedure call that allows an administrator to use the universality of Python programming language to manage a remote object as if it were local.
  • remote wipe - Remote wipe is a security feature that allows a network administrator or device owner to send a command that deletes data to a computing device.
  • Report on Compliance (ROC) - A Report on Compliance (ROC) is a form that must be completed by all Level 1 Visa merchants undergoing a PCI DSS audit.
  • Resource Access Control Facility (RACF) - RACF (Resource Access Control Facility) is the IBM security management product for its mainframe (large server) operating system, OS/390 (MVS) as well as for its VM operating system.
  • reverse DNS (rDNS) - Reverse DNS (rDNS) is a method of resolving an IP address into a domain name, just as the domain name system (DNS) resolves domain names into associated IP addresses.
  • RFID virus - An RFID (radio-frequency identification) virus is malicious code inserted into an RFID tag to alter or corrupt data in an RFID system.
  • ridge - In the biometric process of fingerscanning, a ridge is a curved line in a finger image.
  • Rijndael - Rijndael (pronounced rain-dahl) is the algorithm that has been selected by the U.
  • risk analysis - Risk analysis is the process of identifying and analyzing potential issues that could negatively impact key business initiatives or projects.
  • risk assessment framework (RAF) - A risk assessment framework (RAF) is a strategy for prioritizing and sharing information about the security risks to an information technology (IT) infrastructure.
  • rogue employee - A rogue employee is a worker who undermines the organization that employs him by failing to comply with its business rules and policies.
  • role mining - Role mining is the process of analyzing user-to-resource mapping data to determine or modify user permissions for role-based access control (RBAC) in an enterprise.
  • role-based access control (RBAC) - Role-based access control (RBAC) is a method of restricting network access based on the roles of individual users within an enterprise.
  • rootkit - A rootkit is a program or, more often, a collection of software tools that gives a threat actor remote access to and control over a computer or other system.
  • ROT-13 - ROT-13 is the encrypting of a message by exchanging each of the letters on the first half of the alphabet with the corresponding letter in the second half of the alphabet (that is, swapping positions by 13 characters).
  • RSA algorithm (Rivest-Shamir-Adleman) - The RSA algorithm is the basis of a cryptosystem -- a suite of cryptographic algorithms that are used for specific security services or purposes -- which enables public key encryption and is widely used to secure sensitive data, particularly when it is being sent over an insecure network such as the internet.
  • RSA Security - RSA Security is a United States-based organization that creates encryption, network and computer security products.
  • S-HTTP (Secure HTTP) - S-HTTP (Secure HTTP) is an extension to the Hypertext Transfer Protocol (HTTP) that allows the secure exchange of files on the World Wide Web.
  • salt - In password protection, salt is a random string of data used to modify a password hash.
  • Same Origin Policy (SOP) - The Same Origin Policy (SOP), also called Single Origin Policy, is a security measure used in Web browser programming languages such as JavaScript and Ajax to protect the confidentiality and integrity of information.
  • SAML (Security Assertion Markup Language) - The Security Assertion Markup Language (SAML) is an open standard for sharing security information about identity, authentication and authorization across different systems.
  • scareware - Scareware is a type of malware designed to trick victims into purchasing and downloading useless and potentially dangerous software.
  • screened subnet (triple-homed firewall) - A screened subnet (also known as a 'triple-homed firewall') is a network architecture that uses a single firewall with three network interfaces.
  • script kiddy (or script kiddie) - Script kiddy (sometimes spelled kiddie) is a derogative term, originated by the more sophisticated crackers of computer security systems, for the more immature, but unfortunately often just as dangerous exploiter of security lapses on the Internet.
  • seat management - Seat management is a method of coordinating all the workstations in an enterprise network by overseeing the installation, operation, and maintenance of hardware and software at each workstation.

-ADS BY GOOGLE

SearchCompliance

  • PCI DSS (Payment Card Industry Data Security Standard)

    The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to ...

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

  • compliance framework

    A compliance framework is a structured set of guidelines that details an organization's processes for maintaining accordance with...

SearchSecurity

  • Trojan horse (computing)

    In computing, a Trojan horse is a program downloaded and installed on a computer that appears harmless, but is, in fact, ...

  • identity theft

    Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable ...

  • DNS over HTTPS (DoH)

    DNS over HTTPS (DoH) is a relatively new protocol that encrypts domain name system traffic by passing DNS queries through a ...

SearchHealthIT

  • telemedicine (telehealth)

    Telemedicine is the remote delivery of healthcare services, such as health assessments or consultations, over the ...

  • Project Nightingale

    Project Nightingale is a controversial partnership between Google and Ascension, the second largest health system in the United ...

  • medical practice management (MPM) software

    Medical practice management (MPM) software is a collection of computerized services used by healthcare professionals and ...

SearchDisasterRecovery

SearchStorage

  • M.2 SSD

    An M.2 SSD is a solid-state drive (SSD) that conforms to a computer industry specification and is used in internally mounted ...

  • kilobyte (KB or Kbyte)

    A kilobyte (KB or Kbyte) is a unit of measurement for computer memory or data storage used by mathematics and computer science ...

  • virtual memory

    Virtual memory is a memory management capability of an operating system (OS) that uses hardware and software to allow a computer ...

Close