Browse Definitions :

Security management

Terms related to security management, including definitions about intrusion detection systems (IDS) and words and phrases about asset management, security policies, security monitoring, authorization and authentication.

STE - X.5

  • stealth - In computing, stealth refers to an event, object, or file that evades methodical attempts to find it.
  • stealth virus - In computer security, a stealth virus is a computer virus that uses various mechanisms to avoid detection by antivirus software.
  • steganography - Steganography (pronounced STEHG-uh-NAH-gruhf-ee, from Greek steganos, or "covered," and graphie, or "writing") is the hiding of a secret message within an ordinary message and the extraction of it at its destination.
  • storage encryption - Storage encryption is the use of encryption/decryption of backed-up and archived data, both in transit and on storage media.
  • storage security - Storage security is the group of parameters and settings that make storage resources available to authorized users and trusted networks - and unavailable to other entities.
  • stream cipher - A stream cipher is a method of encrypting text (to produce ciphertext) in which a cryptographic key and algorithm are applied to each binary digit in a data stream, one bit at a time.
  • strong authentication - Although it is not a standardized term, with set criteria, strong authentication can be said to be any method of verifying the identity of a user or device that is intrinsically stringent enough to ensure the security of the system it protects by withstanding any attacks it is likely to encounter.
  • strong password - A strong password is one that is designed to be hard for a person or program to discover.
  • surveillance metadata - Surveillance metadata is details about data pertaining to the actions of an observed party.
  • Suspicious Activity Report (SAR) - A Suspicious Activity Report (SAR) is a document that financial institutions must file with the Financial Crimes Enforcement Network (FinCEN) following a suspected incident of money laundering or fraud.
  • Symantec PartnerNet - Symantec PartnerNet is web-based portal that was developed by security vendor Symantec to provide information, tools and benefits to its channel partner community.
  • SYN flood (half open attack) - SYN flooding is a method that the user of a hostile client program can use to conduct a denial-of-service (DoS) attack on a computer server.
  • SYN scanning - SYN scanning is a tactic that a malicious hacker (or cracker) can use to determine the state of a communications port without establishing a full connection.
  • synthetic identity theft - Synthetic identity theft is the fraudulent use of stolen personally identifiable information (PIF) that is combined with made-up details to create a false identity.
  • TACACS (Terminal Access Controller Access Control System) - TACACS (Terminal Access Controller Access Control System) is an older authentication protocol common to UNIX networks that allows a remote access server to forward a user's logon password to an authentication server to determine whether access can be allowed to a given system.
  • tarpitting - Tarpitting is the practice of slowing the transmission of e-mail messages sent in bulk, as a means of thwarting spammers.
  • TCP Wrapper - TCP Wrapper is a public domain computer program that provides firewall services for UNIX servers.
  • tcpdump - Tcpdump is an open source command-line tool for monitoring (sniffing) network traffic.
  • Tempest - Tempest was the name of a classified (secret) U.
  • Testing as a Service (TaaS) - Testing as a Service (TaaS) is an outsourcing model in which testing activities associated with some of an organization’s business activities are performed by a service provider rather than employees.
  • Thing hacking - Thing hacking is an attack that exploits a vulnerability in a connected non-computing device – a Thing, in the Internet of Things -- to gain control of the device or access to a network it connects to.
  • threat actor - A threat actor, also called a malicious actor, is an entity that is partially or wholly responsible for an incident that impacts – or has the potential to impact -- an organization's security.
  • threat hunter (cybersecurity threat analyst) - A threat hunter, also called a cybersecurity threat analyst, is a security professional or managed service provider (MSP) that proactively uses manual or machine-assisted techniques to detect security incidents that may elude the grasp of automated systems.
  • threat ignorance - Threat ignorance is a concept used by security professionals to determine the level of vulnerability a company or user’s computer or system has to an attack.
  • threat intelligence (cyber threat intelligence) - Threat intelligence, also known as cyber threat intelligence (CTI), is organized, analyzed and refined information about current or potential attacks that could negatively affect an organization.
  • threat intelligence feed (TI feed) - A threat intelligence feed is an ongoing stream of data related to potential or current threats to an organization’s security.
  • threat intelligence service (TI service) - A threat intelligence service (TI service) is a provider of information about current or emerging threats that could negatively impact the security of a customer’s organization.
  • tiger team - In the computer industry, a tiger team is a group of programmers or users who volunteer or are hired to expose errors or security holes in new software or to find out why a computer network's security is being broken.
  • token - In general, a token is an object that represents something else, such as another object (either physical or virtual), or an abstract concept as, for example, a gift is sometimes referred to as a token of the giver's esteem for the recipient.
  • tokenization - Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.
  • Top searches of 2008 - What were people searching the WhatIs.
  • topsite - A topsite is a stringently protected underground FTP server at the top of the distribution chain for pirated content, such as movies, music, games, and software.
  • Tor browser - The Tor (the onion routing) browser is a web browser designed for encrypted, anonymous web surfing and protection against traffic analysis.
  • Total Information Awareness (TIA) - Total Information Awareness (TIA) is the name of a massive U.
  • transitive trust - Transitive trust is a two-way relationship automatically created between parent and child domains in a Microsoft Active Directory forest.
  • Transport Layer Security (TLS) - Transport Layer Security (TLS) is a protocol that provides authentication, privacy, and data integrity between two communicating computer applications.
  • triage - Triage is the procedure of assigning levels of priority to tasks or individuals to determine the most effective order in which to deal with them.
  • trigraph - A trigraph is a three-character replacement for a special or nonstandard character in a text file.
  • troubleshooting - Troubleshooting is a systematic approach to problem solving that is often used to find and correct issues with complex machines, electronics, computers and software systems.
  • TrueCrypt - TrueCrypt is a cross-platform open source program for file and full disk encryption (FDE).
  • Trusted Cloud Initiative - The Trusted Cloud Initiative is a program of the Cloud Security Alliance industry group created to help cloud service providers develop industry-recommended, secure and interoperable identity, access and compliance management configurations and practices.
  • trusted computing - Trusted computing is a broad term that refers to technologies and proposals for resolving computer security problems through hardware enhancements and associated software modifications.
  • trusted computing base (TCB) - The trusted computing base (TCB) is everything in a computing system that provides a secure environment.
  • Trusted Computing Group (TCG) - The Trusted Computing Group (TCG) is a not-for-profit organization that was formed in 2003 to define, develop and promote security specifications for computers and networks.
  • Trusted Platform Module (TPM) - A Trusted Platform Module (TPM) is a specialized chip on an endpoint device that stores RSA encryption keys specific to the host system for hardware authentication.
  • Turtle Firewall - Turtle Firewall is an open source firewall program written in Perl that supports Linux Kernels 2.
  • two-factor authentication (2FA) - Two-factor authentication (2FA), sometimes referred to as two-step verification or dual factor authentication, is a security process in which the user provides two different authentication factors to verify themselves to better protect both the user's credentials and the resources the user can access.
  • Twofish - Twofish is an encryption algorithm based on an earlier algorithm, Blowfish, and was a finalist for a NIST Advanced Encryption Standard (AES) algorithm to replace the DES algorithm.
  • UK Government Connect Secure Extranet (GCSX) - The UK Government Connect Secure Extranet (GCSX) is a secure WAN that allows officials at local public-sector organisations to interact and share data privately and securely with central government departments.
  • unified endpoint management (UEM) - Unified endpoint management (UEM) is an approach to securing and controlling desktop computers, laptops, smartphones and tablets in a connected, cohesive manner from a single console.
  • unified threat management (UTM) - A unified threat management (UTM) system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.
  • URL poisoning (location poisoning) - URL poisoning, also known as location poisoning, is a method of tracking Web user behavior by adding an identification (ID) number to the page address (Uniform Resource Locator) line of the Web browser when a user visits a particular site.
  • user account provisioning - User account provisioning is a business process for creating and managing access to resources in an information technology (IT) system.
  • user profile - In a Windows environment, a user profile is a record of user-specific data that define the user's working environment.
  • van Eck phreaking - Van Eck phreaking is a form of electronic eavesdropping that reverse engineers the electromagnetic fields (EM fields) produced by a computing device.
  • Verizon Data Breach Investigations Report (DBIR) - The Verizon Data Breach Investigations Report (DBIR) is an annual publication that provides data from and analysis of information security incidents, with a specific focus on data breaches.
  • Verizon VERIS (Vocabulary for Event Recording and Incident Sharing) Framework - The VERIS (Vocabulary for Event Recording and Incident Sharing) Framework is a taxonomy that standardizes how security incidents are described and categorized.
  • virtual browser - A virtual browser is a browser that is logically isolated from the underlying computer's operating system (OS).
  • virtual firewall - A virtual firewall is a firewall device or service that provides network traffic filtering and monitoring for virtual machines (VMs) in a virtualized environment.
  • virtual honeypot - A virtual honeypot is software that emulates a vulnerable system or network to attract intruders and study their behavior.
  • virtual machine escape - Virtual machine escape is an exploit in which the attacker runs code on a VM that allows an operating system running within it to break out and interact directly with the hypervisor.
  • virtual NAS - Virtual NAS is a virtual machine (VM) that acts as a file server for network-attached storage (NAS).
  • virtualization-based security (VBS) - Virtualization-based security (VBS) is technology that abstracts computer processes from the underlying operating system and, in some cases, hardware.
  • virus (computer virus) - A computer virus is malicious code that replicates by copying itself to another program, computer boot sector or document and changes how a computer works.
  • virus hoax - A virus hoax is a false warning about a computer virus.
  • VLAN hopping (virtual local area network hopping) - VLAN hopping (virtual local area network hopping) is a method of attacking a network by sending packets to a port at a network end point that is not normally accessible to the sender.
  • VMware Horizon Application Manager - VMware Horizon Application Manager, also known as Horizon App Manager, is an enterprise service for managing access to software.
  • VMware Identity Manager - VMware Identity Manager is an Identity as a Service (IDaaS) offering that provides single sign-on (SSO) capabilities and user-based controls for web, cloud and mobile applications.
  • voice logger - A voice logger is a device or program used to record audio information from telephones, radios, microphones and other sources for storage on a computer's hard drive or removable media.
  • voiceprint - A voiceprint is a set of measurable characteristics of a human voice that uniquely identifies an individual.
  • VOIPSA (Voice over IP Security Alliance) - VOIPSA (Voice over IP Security Alliance) is a cross-industry coalition of individuals and organizations from the security and VoIP communications sectors.
  • vomit - Vomit (spelled all lower-case) is a Unix software utility that takes IP telephony packets captured by another Unix tool, tcpdump, and reassembles them into a Wave file that can be listened to over a computer's speakers.
  • VUCA (volatility, uncertainty, complexity and ambiguity) - VUCA is an acronym that stands for volatility, uncertainty, complexity and ambiguity, a combination of qualities that, taken together, characterize the nature of some difficult conditions and situations.
  • vulnerability (information technology) - A vulnerability, in information technology (IT), is a flaw in code or design that creates a potential point of security compromise for an endpoint or network.
  • vulnerability and patch management - Vulnerability management is a pro-active approach to managing network security.
  • vulnerability assessment (vulnerability analysis) - A vulnerability assessment is the process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructures and providing the organization doing the assessment with the necessary knowledge, awareness and risk background to understand the threats to its environment and react appropriately.
  • vulnerability disclosure - Vulnerability disclosure is the practice of publishing information about a computer security problem, and a type of policy that stipulates guidelines for doing so.
  • vulnerability management - Vulnerability management is a pro-active approach to managing network security through reducing the likelihood that flaws in code or design compromise the security of an endpoint or network.
  • vulnerability management planning - Vulnerability management planning is a comprehensive approach to the development of a continuous and repetitive system of practices and processes designed to identify, analyze and address flaws in hardware or software that could serve as attack vectors.
  • vulnerability scanner - A vulnerability scanner is a program that performs the diagnostic phase of a vulnerability analysis, also known as vulnerability assessment.
  • WannaCry ransomware - The WannaCry ransomware is a worm that spreads by exploiting vulnerabilities in the Windows operating system.
  • war dialer - A war dialer is a computer program used to identify the phone numbers that can successfully make a connection with a computer modem.
  • war driving (access point mapping) - War driving, also called access point mapping, is the act of locating and possibly exploiting connections to wireless local area networks while driving around a city or elsewhere.
  • Web filter - A Web filter is a program that can screen an incoming Web page to determine whether some or all of it should not be displayed to the user.
  • web server security - Web server security is the protection of information assets that can be accessed from a Web server.
  • Web Services Trust Language (WS-Trust) - Web Services Trust Language (WS-Trust) is a specification that uses the secure messaging mechanisms of WS-Security to facilitate trust relationships in diverse Web service environments.
  • white hat - A white hat hacker is an individual who uses hacking skills to identify security vulnerabilities in hardware, software or networks.
  • Wi-Fi (802.11x standard) - Wi-Fi is the popular term for high-frequency wireless local area network (WLAN) technology and a standard that has gained acceptance in many companies as an alternative to a wired LAN.
  • Wi-Fi Protected Access (WPA) - Wi-Fi Protected Access (WPA) is a security standard for users of computing devices equipped with wireless internet connections, or Wi-Fi.
  • wide-area file services (WAFS) - Wide-area file services (WAFS) is a storage technology that makes it possible to access a remote data center as though it were local.
  • Wiegand - Wiegand is the trade name for a technology used in card readers and sensors, particularly for access control applications.
  • WikiScanner - WikiScanner is a free, Web-based database application that tracks the source IP addresses of computers used to edit anonymous Wikipedia entries.
  • wildcard certificate - A wildcard certificate is a digital certificate that is applied to a domain and all its subdomains.
  • Wingate - Wingate is a product that allows people on a small home network or a larger business network to share and control access to the Internet through a single computer connection.
  • Wired Equivalent Privacy (WEP) - Wired Equivalent Privacy (WEP) is a security protocol, specified in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.
  • Wireless Transport Layer Security (WTLS) - Wireless Transport Layer Security (WTLS) is the security level for Wireless Application Protocol (WAP) applications.
  • Wireshark - Wireshark is an open source tool for analyzing packets and profiling network traffic.
  • X.509 certificate - An X.509 certificate is a digital certificate that uses the widely accepted international X.

-ADS BY GOOGLE

SearchCompliance

SearchSecurity

SearchHealthIT

SearchDisasterRecovery

  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • disaster recovery team

    A disaster recovery team is a group of individuals focused on planning, implementing, maintaining, auditing and testing an ...

  • cloud insurance

    Cloud insurance is any type of financial or data protection obtained by a cloud service provider. 

SearchStorage

  • RAID 6 (redundant array of independent disks)

    RAID 6, also known as double-parity RAID, uses two parity stripes on each disk. It allows for two disk failures within the RAID ...

  • hard disk drive (HDD)

    A computer hard disk drive (HDD) is a non-volatile memory hardware device that controls the positioning, reading and writing of ...

  • byte

    In most computer systems, a byte is a unit of data that is eight binary digits long. Bytes are often used to represent a ...

Close