Browse Definitions :

Security management

Terms related to security management, including definitions about intrusion detection systems (IDS) and words and phrases about asset management, security policies, security monitoring, authorization and authentication.

RES - STE

  • Resource Access Control Facility (RACF) - RACF (Resource Access Control Facility) is the IBM security management product for its mainframe (large server) operating system, OS/390 (MVS) as well as for its VM operating system.
  • reverse DNS (rDNS) - Reverse DNS (rDNS) is a method of resolving an IP address into a domain name, just as the domain name system (DNS) resolves domain names into associated IP addresses.
  • RFID virus - An RFID (radio-frequency identification) virus is malicious code inserted into an RFID tag to alter or corrupt data in an RFID system.
  • ridge - In the biometric process of fingerscanning, a ridge is a curved line in a finger image.
  • Rijndael - Rijndael (pronounced rain-dahl) is the algorithm that has been selected by the U.
  • risk analysis - Risk analysis is the process of identifying and analyzing potential issues that could negatively impact key business initiatives or critical projects in order to help organizations avoid or mitigate those risks.
  • risk assessment framework (RAF) - A risk assessment framework (RAF) is a strategy for prioritizing and sharing information about the security risks to an information technology (IT) infrastructure.
  • rogue employee - A rogue employee is a worker who undermines the organization that employs him by failing to comply with its business rules and policies.
  • role mining - Role mining is the process of analyzing user-to-resource mapping data to determine or modify user permissions for role-based access control (RBAC) in an enterprise.
  • role-based access control (RBAC) - Role-based access control (RBAC) is a method of restricting network access based on the roles of individual users within an enterprise.
  • rootkit - A rootkit is a program or, more often, a collection of software tools that gives a threat actor remote access to and control over a computer or other system.
  • ROT-13 - ROT-13 is the encrypting of a message by exchanging each of the letters on the first half of the alphabet with the corresponding letter in the second half of the alphabet (that is, swapping positions by 13 characters).
  • RSA algorithm (Rivest-Shamir-Adleman) - The RSA algorithm is the basis of a cryptosystem -- a suite of cryptographic algorithms that are used for specific security services or purposes -- which enables public key encryption and is widely used to secure sensitive data, particularly when it is being sent over an insecure network such as the internet.
  • RSA Security - RSA Security is a United States-based organization that creates encryption, network and computer security products.
  • S-HTTP (Secure HTTP) - S-HTTP (Secure HTTP) is an extension to the Hypertext Transfer Protocol (HTTP) that allows the secure exchange of files on the World Wide Web.
  • salt - In password protection, salt is a random string of data used to modify a password hash.
  • Same Origin Policy (SOP) - The Same Origin Policy (SOP), also called Single Origin Policy, is a security measure used in Web browser programming languages such as JavaScript and Ajax to protect the confidentiality and integrity of information.
  • SAML (Security Assertion Markup Language) - The Security Assertion Markup Language (SAML) is an open standard for sharing security information about identity, authentication and authorization across different systems.
  • scareware - Scareware is a type of malware designed to trick victims into purchasing and downloading useless and potentially dangerous software.
  • screened subnet (triple-homed firewall) - A screened subnet (also known as a 'triple-homed firewall') is a network architecture that uses a single firewall with three network interfaces.
  • script kiddy (or script kiddie) - Script kiddy (sometimes spelled kiddie) is a derogative term, originated by the more sophisticated crackers of computer security systems, for the more immature, but unfortunately often just as dangerous exploiter of security lapses on the Internet.
  • seat management - Seat management is a method of coordinating all the workstations in an enterprise network by overseeing the installation, operation, and maintenance of hardware and software at each workstation.
  • Seclore Technology (Seclore) - Seclore Technology is a Mumbai-based security software company incubated by the Indian Institute of Technology (IIT) in Bombay.
  • SecOps (DevSecOps) - SecOps, also called DevSecOps, is a management approach that connects security and operations teams, similar to how DevOps unifies software developers and operations professionals.
  • secret key algorithm (symmetric algorithm) - A secret key algorithm (sometimes called a symmetric algorithm) is a cryptographic algorithm that uses the same key to encrypt and decrypt data.
  • Secure Electronic Transaction (SET) - Secure Electronic Transaction (SET) is a system for ensuring the security of financial transactions on the Internet.
  • Secure File Transfer Protocol (SSH File Transfer Protocol) - SFTP is a term that refers to either Secure File Transfer Protocol or SSH File Transfer Protocol, and is a computing network protocol for accessing and managing files on remote systems.
  • Secure Shell (SSH) - SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.
  • security - Security, in information technology (IT), is the defense of digital information and IT assets against internal and external, malicious and accidental threats.
  • Security Accounts Manager (SAM) - The Security Accounts Manager (SAM) is a database in the Windows operating system (OS) that contains user names and passwords.
  • Security as a Service (SaaS) - Security-as-a-service (SaaS) is an outsourcing model for security management.
  • security audit - A security audit is a systematic evaluation of the security of a company's information system by measuring how well it conforms to a set of established criteria.
  • security awareness training - Security awareness training is a formal process for educating employees about corporate policies and procedures for working with information technology (IT).
  • security clearance - A security clearance is an authorization that allows access to information that would otherwise be forbidden.
  • Security Descriptor Definition Language (SDDL) - Security Descriptor Definition Language (SDDL) is a formal way to specify Microsoft Windows security descriptors or text strings that describe who owns various objects such as files in the system.
  • security event - A security event is a change in the everyday operations of a network or IT service, indicating that an security policy may have been violated or a security safeguard may have failed.
  • security identifier (SID) - In Windows NT and 2000 operating systems, the security identifier (SID) is a unique alphanumeric character string that identifies each operating system and each user in a network of NT/2000 systems.
  • security incident - A security incident is an event that may indicate that an organization's systems or data have been compromised.
  • security information and event management (SIEM) - Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of organization’s information technology (IT) security.
  • security information management (SIM) - Security information management (SIM) is the practice of collecting, monitoring and analyzing security-related data from computer logs.
  • security intelligence (SI) - Security intelligence (SI) is the information relevant to protecting an organization from external and inside threats as well as the processes, policies and tools designed to gather and analyze that information.
  • Security Operations Center (SOC) - A security operations center (SOC) is a command center facility for a team of IT professionals with expertise in information security that is responsible for monitoring, analyzing and protecting an organization from cyber attacks.
  • security policy - In business, a security policy is a document that states in writing how a company plans to protect the company's physical and information technology (IT) assets.
  • security theater - Security theater includes any measures taken by a company or security team to create an atmosphere of safety that may only achieve the appearance of heightened security.
  • security through minority - Security through minority is an approach that relies upon infrequently-used code for its effectiveness.
  • security through obscurity - Security through obscurity (STO) is reliance upon secrecy in software development to minimize the chance that weaknesses may be detected and targeted.
  • security through obsolescence - Security through obsolescence is the use of obsolete technologies whose vulnerabilities are no longer well known among the public.
  • security token (authentication token) - A security token (sometimes called an authentication token) is a small hardware device that the owner carries to authorize access to a network service.
  • Security, Trust and Assurance Registry (STAR) - The Security, Trust and Assurance Registry (STAR) is an online registry of cloud provider security controls.
  • segregation of duties (SoD) - Segregation of duties (SoD) is an internal control designed to prevent error and fraud by ensuring that at least two individuals are responsible for the separate parts of any task.
  • Sender ID - Sender ID is Microsoft's proposed e-mail sender authentication protocol designed to protect against domain spoofing and phishing exploits.
  • Sender Policy Framework (SPF) - Sender Policy Framework (SPF) is an anti-spam approach in which the Internet domain of an e-mail sender can be authenticated for that sender, thereby discouraging spam mailers, who routinely disguise the origin of their e-mail, a practice known as e-mail spoofing.
  • sensitive information - Sensitive information is data that must be protected from unauthorized access to safeguard the privacy or security of an individual or organization.
  • Serious Organized Crime Agency (SOCA) - The Serious Organized Crime Agency (SOCA) is a policing agency dedicated to the identification of criminal activity related to drug trafficking, money laundering, identity theft and immigration.
  • server accelerator card (SSL card) - A server accelerator card (also known as an SSL card) is a Peripheral Component Interconnect (PCI) card used to generate encryption keys for secure transactions on e-commerce Web sites.
  • session ID - A session ID is a unique number that a Web site's server assigns to identify a specific user for the duration of that user's visit (session).
  • session key - A session key is an encryption and decryption key that is randomly generated to ensure the security of a communications session between a user and another computer or between two computers.
  • shadow app - A shadow app is a software program that is not supported by an employee's information technology (IT) department.
  • shadow IT - Shadow IT is hardware or software that is not supported by an organization's IT department.
  • shadow password file - In the Linux operating system, a shadow password file is a system file in which encryption user password are stored so that they aren't available to people who try to break into the system.
  • Shared Key Authentication (SKA) - Shared Key Authentication (SKA) is a process by which a computer can gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol.
  • shared responsibility model - A shared responsibility model is a cloud security framework that dictates the security obligations of a cloud computing provider and its users to ensure accountability.
  • sheepdip (sheep dipping or a footbath) - In computers, a sheepdip (or, variously, sheep dipping or a footbath) is the checking of media, usually diskettes or CD-ROMs, for viruses before they are used in a computer or network.
  • shoulder surfing - Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information.
  • Single Sign-On (SSO) - Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.
  • single-factor authentication (SFA) - Single-factor authentication (SFA) is the traditional security process that requires a user name and password before granting access to the user.
  • smart card - A smart card is a physical card that has an embedded integrated chip that acts as a security token.
  • smart home or building (home automation or domotics) - A smart home is a residence that uses internet-connected devices to enable the remote monitoring and management of appliances and systems, such as lighting and heating.
  • smart label - A smart label is a slip of paper, plastic or other material on a product that contains an RFID tag in addition to bar code data.
  • smart meter hack - A smart meter hack is the unauthorized access of such a device or its data transmissions for the purpose of obtaining or altering communications between it and the responsible utility.
  • SMS spam (cell phone spam or short messaging service spam) - SMS spam (sometimes called cell phone spam) is any junk message delivered to a mobile phone as text messaging through the Short Message Service (SMS).
  • smurfing - A smurf attack is an exploitation of the Internet Protocol (IP) broadcast addressing to create a denial of service.
  • snake oil - In cryptographic and other computer products, snake oil is a negative term used to describe exaggerated claims made by vendors who are overly optimistic or purposely seeking to take advantage of consumers who do not have the expertise to judge a product.
  • sniper-sniffing robot - A sniper-sniffing robot is a tactical mobile robot designed to seek out and identify weapons in congested areas.
  • snoop server - A snoop server is a server that uses a packet sniffer program to capture network traffic for analysis.
  • snooping - Snooping, in a security context, is unauthorized access to another person's or company's data.
  • Snort - Snort is an open source network intrusion detection system (NIDS) created by Martin Roesch.
  • SnortSnarf - SnortSnarf is a program that was designed for use with Snort, a security program used mainly with Linux networks.
  • SOAR (Security Orchestration, Automation and Response) - SOAR (Security Orchestration, Automation and Response) is a technology stack of compatible software programs that allow an organization to collect data about security threats and alerts from multiple sources and respond to low-level security events without human assistance.
  • social engineering attack surface - Social engineering attacks usually take advantage of human psychology: the desire for something free, the susceptibility to distraction, or the desire to be liked or to be helpful.
  • social engineering penetration testing - Social engineering pen testing is designed to test employees' adherence to the security policies and practices defined by management.
  • softlifting - Softlifting is a common type of software piracy in which a legally licensed software program is installed or copied in violation of its licensing agreement.
  • software attack surface - The software attack surface is the complete profile of all functions in any code running in a given system that are available to an unauthenticated user.
  • spam cocktail (or anti-spam cocktail) - A spam cocktail (or anti-spam cocktail) is the use of several different technologies in combination to successfully identify and minimize spam.
  • spear phishing - Spear phishing is an email spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information.
  • spim (instant messaging spam) - Spim is spam delivered through instant messaging (IM) instead of through e-mail messaging.
  • SPIT (spam over Internet telephony) - SPIT (spam over Internet telephony), sometimes known as vam (voice or VoIP spam), is unsolicited bulk messages broadcast over VoIP (Voice over Internet Protocol) to phones connected to the Internet.
  • splog (spam blog) - A splog (spam blog) is a fake blog created solely to promote affiliated Web sites, with the intent of skewing search results and artificially boosting traffic.
  • spoof - Spoof was a game involving trickery and nonsense that was invented by an English comedian, Arthur Roberts, prior to 1884, when it is recorded as having been "revived.
  • SSAE 16 - The Statement on Standards for Attestation Engagements No.
  • SSL certificate (Secure Sockets Layer certificate) - A Secure Sockets Layer certificate, known commonly as an SSL certificate, is a small data file installed on a Web server that allows for a secure connection between a Web server and a Web browser.
  • SSL checker (secure socket layer checker) - An SSL checker (Secure Sockets Layer checker) is a tool that helps an organization verify proper installation of an SSL certificate on a Web server to ensure it is valid, trusted and will work properly for its users.
  • SSL VPN (Secure Sockets Layer virtual private network) - An SSL VPN is a type of virtual private network that uses the Secure Sockets Layer protocol -- or, more often, its successor, the Transport Layer Security (TLS) protocol -- in standard web browsers to provide secure, remote-access VPN capability.
  • stack smashing - Stack smashing is causing a stack in a computer application or operating system to overflow.
  • stateful inspection - Stateful inspection is a firewall technology that monitors the state of active connections and uses this information to determine which network packets to allow through the firewall.

-ADS BY GOOGLE

SearchCompliance

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

  • compliance as a service (CaaS)

    Compliance as a Service (CaaS) is a cloud service service level agreement (SLA) that specified how a managed service provider (...

  • data protection impact assessment (DPIA)

    A data protection impact assessment (DPIA) is a process designed to help organizations determine how data processing systems, ...

SearchSecurity

  • Web application firewall (WAF)

    A web application firewall (WAF) is a firewall that monitors, filters and blocks data packets as they travel to and from a ...

  • spyware

    Spyware is a type of malicious software -- or malware -- that is installed on a computing device without the end user's knowledge.

  • application whitelisting

    Application whitelisting is the practice of specifying an index of approved software applications or executable files that are ...

SearchHealthIT

SearchDisasterRecovery

  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • disaster recovery team

    A disaster recovery team is a group of individuals focused on planning, implementing, maintaining, auditing and testing an ...

  • cloud insurance

    Cloud insurance is any type of financial or data protection obtained by a cloud service provider. 

SearchStorage

  • DRAM (dynamic random access memory)

    Dynamic random access memory (DRAM) is a type of semiconductor memory that is typically used for the data or program code needed ...

  • RAID 10 (RAID 1+0)

    RAID 10, also known as RAID 1+0, is a RAID configuration that combines disk mirroring and disk striping to protect data.

  • PCIe SSD (PCIe solid-state drive)

    A PCIe SSD (PCIe solid-state drive) is a high-speed expansion card that attaches a computer to its peripherals.

Close