Browse Definitions :

Security management

Terms related to security management, including definitions about intrusion detection systems (IDS) and words and phrases about asset management, security policies, security monitoring, authorization and authentication.

PA- - REP

  • PA-DSS (Payment Application Data Security Standard) - Payment Application Data Security Standard (PA-DSS) is a set of requirements that are intended to help software vendors develop secure payment applications that support PCI DSS compliance.
  • packet mangling - Packet mangling is the modification of packets at a packet-based network interface before and/or after routing.
  • packet monkey - On the Internet, a packet monkey is someone (see cracker, hacker, and script kiddy) who intentionally inundates a Web site or network with data packets, resulting in a denial-of-service situation for users of the attacked site or network.
  • Palladium - Palladium is a plan from Intel, AMD, and Microsoft to build security into personal computers and servers at the microprocessor level.
  • PAN truncation (primary account number) - PAN (primary account number) truncation is a technology that prevents most of the digits in a credit card, debit card or bank account number from appearing on printed receipts issued to customers.
  • parameter tampering - Parameter tampering is a form of Web-based hacking event (called an attack) in which certain parameters in the Uniform Resource Locator (URL) or Web page form field data entered by a user are changed without that user's authorization.
  • passenger name record (PNR) - A passenger name record (PNR) is a collection of data pertaining to an individual air traveler or a group of individuals travelling together.
  • passive FTP - Passive FTP (sometimes referred to as PASV FTP because it involves the FTP PASV command) is a more secure form of data transfer in which the flow of data is set up and initiated by the File Transfer Program (FTP) client rather than by the FTP server program.
  • passphrase - A passphrase is a string of characters longer than the usual password (which is typically from four to 16 characters long) that is used in creating a digital signature (an encoded signature that proves to someone that it was really you who sent a message) or in an encryption or a decryption of a message.
  • password - A password is an unspaced sequence of characters used to determine that a computer user requesting access to a computer system is really that particular user.
  • password cracker - A password cracker is an application program that is used to identify an unknown or forgotten password to a computer or network resources.
  • password hardening - Password hardening is any one of a variety of measures taken to make it more difficult for an intruder to circumvent the authentication process.
  • password strength meter - A password strength meter is an indicator, either in graphical or text form, of the strength of a password as entered by a user.
  • password synchronization - Password synchronization is an authentication process that coordinates user passwords across various computers and computing devices so a user only has to remember a single password instead of multiple passwords for different machines or devices.
  • passwordless authentication - Passwordless authentication is a verification process that determines whether someone is, in fact, who they say they are without requiring the person to manually enter a string of characters.
  • pay for privacy - Pay for privacy is a business model in which customers are charged a fee to ensure that their data will not be shared and is secure from third-party access.
  • Payment Card Industry (PCI) - The Payment Card Industry (PCI) is the segment of the financial industry that governs the use of all electronic forms of payment.
  • PCI DSS (Payment Card Industry Data Security Standard) - The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information.
  • PCI DSS 3.0 - PCI DSS 3.0 is the third major iteration of the Payment Card Industry Data Security Standard, a set of policies and procedures administered by the Payment Card Industry Security Standards Council (PCI SSC) to ensure the security of electronic payment data and sensitive authentication data.
  • PCI DSS merchant levels - Merchant levels are used by the payment card industry (PCI) to determine risk levels and determine the appropriate level of security for their businesses.
  • PCI gap assessment - A PCI gap assessment is the identification, analysis and documentation of areas of non-compliance with the Payment Card Industry Data Security Standard (PCI DSS).
  • PCI policy - A PCI policy is a type of security policy that covers how an organization addresses the 12 requirements of the Payment Card Industry Data Security Standard (PCI DSS).
  • PCI Security Standards Council - The PCI Security Standards Council is an organization created by the major credit card companies in an effort to better protect credit card holder data.
  • PEAP (Protected Extensible Authentication Protocol) - PEAP (Protected Extensible Authentication Protocol) is a version of EAP, the authentication protocol used in wireless networks and Point-to-Point connections.
  • Peltzman Effect - The Peltzman Effect is the net-zero effect on overall safety between the presence of safety precautions and people’s tendency to be less cautious in their presence.
  • pen test (penetration testing) - Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit.
  • performance testing - Performance testing is the process of determining the speed, responsiveness and stability of a computer, network, software program or device under a workload.
  • personal firewall (desktop firewall) - A personal firewall (sometimes called a desktop firewall) is a software application used to protect a single Internet-connected computer from intruders.
  • personal health record (PHR) - A personal health record (PHR) is a collection of health-related information that is documented and maintained by the individual it pertains to.
  • personal identity verification (PIV) card - A personal identity verification (PIV) card is a United States Federal smart card that contains the necessary data for the cardholder to be granted to Federal facilities and information systems and assure appropriate levels of security for all applicable Federal applications.
  • personally identifiable financial information (PIFI) - Personally identifiable financial information (PIFI) is any type of personally identifiable information (PII) that is linked to that person's finances.
  • pharming - Pharming is a scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent Web sites without their knowledge or consent.
  • phishing - Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels.
  • phlashing - Phlashing is a permanent denial of service (PDoS) attack that exploits a vulnerability in network-based firmware updates.
  • phreak - A phreak is someone who breaks into the telephone network illegally, typically to make free long-distance phone calls or to tap phone lines.
  • physical attack surface - The physical attack surface is the totality of the security vulnerabilities in a given system that are available to an attacker in the same location as the target.
  • physical security - Physical security is the protection of people and systems from damage or loss due to physical events such as fire, flood, disasters, crimes or accidents.
  • ping of death - On the Internet, ping of death is a denial of service (DoS) attack caused by an attacker deliberately sending an IP packet larger than the 65,536 bytes allowed by the IP protocol.
  • ping sweep (ICMP sweep) - A ping sweep (also known as an ICMP sweep) is a basic network scanning technique used to determine which of a range of IP addresses map to live hosts (computers).
  • piracy - Software piracy is the illegal copying, distribution, or use of software.
  • PKI (public key infrastructure) - A public key infrastructure (PKI) supports the distribution and identification of public encryption keys, enabling users and computers to both securely exchange data over networks such as the Internet and verify the identity of the other party.
  • plaintext - In cryptography, plaintext is ordinary readable text before being encrypted into ciphertext or after being decrypted.
  • Point-to-Point Tunneling Protocol (PPTP) - Point-to-Point Tunneling Protocol (PPTP) is a protocol (set of communication rules) that allows corporations to extend their own corporate network through private "tunnels" over the public Internet.
  • Pokémon GO - Pokémon GO is a mobile augmented reality (AR) version of the popular Pokémon video game for iPhone or Android systems.
  • policy engine - A policy engine is a software component that allows an organization to create, monitor and enforce rules about how network resources and the organization's data can be accessed.
  • policy server - A policy server is a security component of a policy-based network that provides authorization services and facilitates tracking and control of files.
  • policy-based management - Policy-based management is an administrative approach that is used to simplify the management of a given endeavor by establishing policies to deal with situations that are likely to occur.
  • polymorphic virus - A polymorphic virus is a harmful, destructive or intrusive type of malware that can change or 'morph,' making it difficult to detect with antimalware programs.
  • port mirroring (roving analysis port) - Port mirroring is an approach to monitoring network traffic that involves forwarding a copy of each packet from one network switch port to another.
  • Port Scan - A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services -- each associated with a "well-known" port number -- the computer provides.
  • presence technology - Presence technology is a type of application that makes it possible to locate and identify a computing device wherever it might be, as soon as the user connects to the network.
  • pretexting - Pretexting is a form of social engineering in which one individual lies to obtain privileged data about another individual in order to engage in identity theft or corporate espionage.
  • Pretty Good Privacy (PGP) - Pretty Good Privacy or PGP is a popular program used to encrypt and decrypt email over the Internet, as well as authenticate messages with digital signatures and encrypted stored files.
  • principle of least privilege (POLP) - The principle of least privilege (POLP), an important concept in computer security, is the practice of limiting access rights for users to the bare minimum permissions they need to perform their work.
  • privacy - On the Internet, privacy, a major concern of users, can be divided into these concerns: What personal information can be shared with whom Whether messages can be exchanged without anyone else seeing them Whether and how one can send messages anonymously Personal Information Privacy Most Web users want to understand that personal information they share will not be shared with anyone else without their permission.
  • Privacy and Electronic Communications Regulations (PECR) - The Privacy and Electronic Communications Regulations (PECR) are the UK implementation of the European Union (EU) e-Privacy Directive.
  • private CA (private PKI) - Private CA stands for private certification authority and is an enterprise specific CA that functions like a publicly trusted CA but is exclusively run by or for the enterprise.
  • private certificate authority (CA) - Private CA stands for private certificate authority and is an enterprise specific certificate authority that functions like a publicly trusted CA but is exclusively run by or for the enterprise.
  • private cloud (internal cloud or corporate cloud) - Private cloud is a type of cloud computing that delivers similar advantages to public cloud, including scalability and self-service, but through a proprietary architecture.
  • private key - A private key, also known as a secret key, is a variable in cryptography that is used with an algorithm to encrypt and decrypt code.
  • privilege - In the administration of a multi-user computer system, a privilege is an identified right that a particular user has to a particular system resource, such as a file folder, the use of certain system commands, or an amount of storage.
  • privilege bracketing - Privilege bracketing is the practice of limiting temporarily increased permission levels to the briefest possible time period.
  • privileged identity management (PIM) - Privileged identity management (PIM) is the monitoring and protection of superuser accounts in an organization’s IT environments.
  • problem - A problem, in an IT service management (ITSM) context, is an issue that could cause an incident.
  • promiscuous mode - In a network, promiscuous mode allows a network device to intercept and read each network packet that arrives in its entirety.
  • proxy firewall - A proxy firewall is a network security system that protects network resources by filtering messages at the application layer.
  • proxy hacking - Proxy hacking, also known as proxy hijacking, is an attack technique designed to supplant an authentic Web page in a search engine's index and search results pages.
  • pseudonymous profile - A pseudonymous profile is a collection of information about a particular computer user that identifies the user either by their computer's IP address or by a randomly-generated nickname.
  • public key - In cryptography, a public key is a value provided by some designated authority as an encryption key that, combined with a private key derived from the public key, can be used to effectively encrypt messages and digital signatures.
  • public key certificate - A public key certificate is a digitally signed document that serves to validate the sender's authorization and name.
  • Public-Key Cryptography Standards (PKCS) - The Public-Key Cryptography Standards (PKCS) are a set of intervendor standard protocols for making possible secure information exchange on the Internet using a public key infrastructure (PKI).
  • pulsing zombie - A pulsing zombie is a computer whose security has been compromised without its owner's knowledge by a cracker so that it intermittently carries out a denial-of-service attack on target computers in a network.
  • PUP (potentially unwanted program) - A PUP (potentially unwanted program) is a program that may be unwanted, despite the possibility that users consented to download it.
  • Pwn2Own - Pwn2Own is an annual hacking competition sponsored by security vendor TippingPoint and held at the CanSecWest security conference.
  • quantum cryptography - Quantum cryptography uses our current knowledge of physics to develop a cryptosystem that is not able to be defeated - that is, one that is completely secure against being compromised without knowledge of the sender or the receiver of the messages.
  • RADIUS (Remote Authentication Dial-In User Service) - Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service.
  • rainbow table - A rainbow table is a listing of all possible plaintext permutations of encrypted passwords specific to a given hash algorithm.
  • RAT (remote access Trojan) - A remote access Trojan (RAT) is a malware program that gives an intruder administrative control over a target computer.
  • RavMonE virus (W32/Rjump) - The RavMonE virus, also known as W32/Rjump, is a virus that opens a back door on a computer running Windows, creates a copy of itself in the Windows system directory and creates a log file containing the port number on which its back door component listens.
  • raw device mapping (RDM) - Raw device mapping (RDM) is an option in the VMware server virtualization environment that enables a storage LUN to be directly connected to a virtual machine from the SAN.
  • real-time location system (RTLS) - A real-time location system (RTLS) is one of a number of technologies used to pinpoint the current geographic position and location of a target.
  • Red Flags Rule (RFR) - The Red Flags Rule (RFR) is a set of United States federal regulations that require certain businesses and organizations to develop and implement documented plans to protect consumers from identity theft.
  • red teaming - Red teaming is the practice of rigorously challenging an organization's plans, policies, systems and assumptions by applying an adversarial approach.
  • redact - To redact is to edit, or prepare for publishing.
  • Register of Known Spam Operations (ROKSO) - The Register of Known Spam Operations (ROKSO) is a list of over 500 professional spammers that is maintained by the Spamhaus Project, an organization dedicated to identifying and exposing spam operators.
  • Regulation of Investigatory Powers Act (RIPA) - RIPA (Regulation of Investigatory Powers Act) is a law enacted in the United Kingdom in 2000 to govern the interception and use of electronic communications.
  • relative identifier (RID) - In Windows 2000, the relative identifier (RID) is the part of a security ID (SID) that uniquely identifies an account or group within a domain.
  • Remote Python Call (RPyC) - A remote python call (RPyC) is a type of remote procedure call that allows an administrator to use the universality of Python programming language to manage a remote object as if it were local.
  • remote wipe - Remote wipe is a security feature that allows a network administrator or device owner to send a command that deletes data to a computing device.
  • Report on Compliance (ROC) - A Report on Compliance (ROC) is a form that must be completed by all Level 1 Visa merchants undergoing a PCI DSS audit.

-ADS BY GOOGLE

SearchCompliance

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

  • compliance as a service (CaaS)

    Compliance as a Service (CaaS) is a cloud service service level agreement (SLA) that specified how a managed service provider (...

  • data protection impact assessment (DPIA)

    A data protection impact assessment (DPIA) is a process designed to help organizations determine how data processing systems, ...

SearchSecurity

  • Port Scan

    A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services ...

  • DMZ (networking)

    In computer networks, a DMZ (demilitarized zone), also sometimes known as a perimeter network or a screened subnetwork, is a ...

  • quantum supremacy

    Quantum supremacy is the experimental demonstration of a quantum computer's dominance and advantage over classic computers by ...

SearchHealthIT

SearchDisasterRecovery

  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • disaster recovery team

    A disaster recovery team is a group of individuals focused on planning, implementing, maintaining, auditing and testing an ...

  • cloud insurance

    Cloud insurance is any type of financial or data protection obtained by a cloud service provider. 

SearchStorage

Close