Browse Definitions :

Threat management

Terms related to security threats, including definitions about anti-virus programs or firewalls and words and phrases about malware, viruses, Trojans and other security attacks.

ECH - INT

  • Echelon - Echelon is an officially unacknowledged U.
  • egress filtering - Egress filtering is a process in which outbound data is monitored or restricted, usually by means of a firewall that blocks packets that fail to meet certain security requirements.
  • Electronic Code Book (ECB) - Electronic Code Book (ECB) is a mode of operation for a block cipher, with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value and vice versa.
  • electronic discovery (e-discovery or ediscovery) - Electronic discovery (also called e-discovery or ediscovery) refers to any process in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal case.
  • Electronic Privacy Information Center (EPIC) - The Electronic Privacy Information Center (EPIC) is a non-profit public interest research organization for the promotion of privacy and civil liberties, constitutional values and free speech in the information age.
  • ELINT (electronic intelligence) - Electronic intelligence (ELINT) is intelligence gathered by the use of electronic sensors.
  • Elk Cloner - Elk Cloner was the first computer virus known to have spread in the wild.
  • elliptical curve cryptography (ECC) - Elliptical curve cryptography (ECC) is a public key encryption technique based on elliptic curve theory that can be used to create faster, smaller, and more efficient cryptographic keys.
  • email spoofing - Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source.
  • embedded system security - Embedded system security is a strategic approach to protecting software running on embedded systems from attack.
  • emergency management plan - An emergency management plan should include measures that provide for the safety of personnel and, if possible, property and facilities.
  • encoding and decoding - Encoding is the process of putting a sequence of characters (letters, numbers, punctuation, and certain symbols) into a specialized digital format for efficient transmission or transfer.
  • Encrypting File System (EFS) - The Encrypting File System (EFS) is a feature of the Windows 2000 operating system that lets any file or folder be stored in encrypted form and decrypted only by an individual user and an authorized recovery agent.
  • encryption - Encryption is the method by which information is converted into secret code that hides the information's true meaning.
  • endpoint detection and response (EDR) - Endpoint detection and response (EDR) is a category of tools and technology used for protecting computer hardware devices–called endpoints—from potential threats.
  • endpoint fingerprinting - Endpoint fingerprinting is a feature of enterprise network access control (NAC) products that enables discovery, classification and monitoring of connected devices, including non-traditional network endpoints such as smartcard readers, HVAC systems, medical equipment and IP-enabled door locks.
  • endpoint security (endpoint security management) - Endpoint security is an approach to network protection that requires each computing device on a corporate network to comply with certain standards before network access is granted.
  • equipment destruction attack - An equipment destruction attack, also known as a hardware destruction attack, is an exploit that destroys physical computer and electronic equipment.
  • Escrowed Encryption Standard (EES) - The Escrowed Encryption Standard (EES) is a standard for encrypted communications that was approved by the U.
  • ethical hacker - An ethical hacker, also referred to as a white hat hacker, is an information security expert who systematically attempts to penetrate a computer system, network, application or other computing resource on behalf of its owners -- and with their permission -- to find security vulnerabilities that a malicious hacker could potentially exploit.
  • ethical worm - An ethical worm is a program that automates network-based distribution of security patches for known vulnerabilities.
  • evil twin - An evil twin, in security, is a rogue wireless access point that masquerades as a legitimate hot spot.
  • executable file (exe file) - An executable file (exe file) is a computer file that contains a sequence of instructions that the operating system can execute directly.
  • extrusion prevention - Extrusion prevention, also called exfiltration prevention, is the practice of stopping data leaks by filtering outbound network traffic and preventing unauthorized packets from moving outside the network.
  • Facebook cloning - Facebook cloning is a scam in which the attacker copies the profile picture of an authorized user, creates a new account using that person’s name and sends friend requests to people on the user’s list.
  • Facebook scam - A Facebook scam is a post or page on the popular social networking site designed to deceive users and spread rapidly through their personal networks.
  • FACTA (Fair and Accurate Credit Transactions Act) - FACTA (Fair and Accurate Credit Transactions Act) is an amendment to FCRA (Fair Credit Reporting Act ) that was added, primarily, to protect consumers from identity theft.
  • false acceptance (type II error) - False acceptance, also called a type II error, is a mistake occasionally made by biometric security systems.
  • false rejection (type I error) - False rejection, also called a type I error, is a mistake occasionally made by biometric security systems.
  • Faraday cage - A Faraday cage is a metallic enclosure that prevents the entry or escape of an electromagnetic field (EM field).
  • fast flux DNS - Fast flux DNS is a technique that a cybercriminal can use to prevent identification of his key host server's IP address.
  • FBI Alert Number I-091015-PSA - FBI Alert Number I-091015-PSA is a public service announcement from the United States Federal Bureau of Investigation to inform individuals and organizations about the importance of Internet of Things (IoT) security, including potential vulnerabilities and protective measures that should be taken to mitigate risk associated with them.
  • FCRA (Fair Credit Reporting Act) - FCRA (Fair Credit Reporting Act) is a United States Law that regulates how consumer credit information is collected, used and shared.
  • Federal Emergency Management Agency (FEMA) - Federal Emergency Management Agency (FEMA) is a United States government agency with the purpose to coordinate aid and respond to disasters around the nation when local resources are insufficient.
  • federated identity management - Federated identity management (FIM) is an arrangement that can be made between multiple enterprises to let subscribers use the same identification data to obtain access to the networks of all the enterprises in the group.
  • FFIEC compliance (Federal Financial Institutions Examination Council) - FFIEC compliance is conformance to a set of standards for online banking issued in October 2005 by the Federal Financial Institutions Examination Council (FFIEC).
  • fileless malware attack - A fileless malware attack is a type of malicious attack a hacker can use to leverage applications already installed in a computer.
  • Financial Crimes Enforcement Network (FinCEN) - Financial Crimes Enforcement Network (FinCEN) is a bureau of the United States Department of the Treasury.
  • fingernail storage - Fingernail storage is a method of writing data onto a human fingernail using a pulsed laser.
  • fingerscanning (fingerprint scanning) - Fingerscanning, also called fingerprint scanning, is the process of electronically obtaining and storing human fingerprints.
  • firefighting - Firefighting is an emergency allocation of resources, required to deal with an unforeseen problem.
  • Firesheep - Firesheep is a Firefox plug-in that automates session hijacking attacks over unsecured Wi-Fi networks.
  • firewall - A firewall is software or firmware that prevents unauthorized access to a network.
  • Firewall Builder (Fwbuilder) - Firewall Builder, also called Fwbuilder, is a vendor-neutral configuration and management application for firewalls that is intended primarily for Linux and that supports the OpenBSD Packet Filter, Cisco PIX Series security devices, iptables, and ipfilter.
  • FirewallD - FirewallD, also known as Dynamic Firewall, replaces Fedora's old firewall tool, iptables, and allows for easier configuration and interface.
  • Flexible Mandatory Access Control (FMAC) - Flexible Mandatory Access Control (FMAC) is an ongoing project intended to enhance the Sun Microsystems OpenSolaris operating platform by adding two security technologies: Flux Advanced Security Kernel (Flask) and Type Enforcement (TE).
  • footprinting - In the study of DNA, footprinting is the method used to identify the nucleic acid sequence that binds with proteins.
  • forensic watermark (digital watermark) - A forensic watermark, also called a digital watermark, is a sequence of characters or code embedded in a digital document, image, video or computer program to uniquely identify its originator and authorized user.
  • form grabber - A form grabber is a type of malware that captures data such as IDs and passwords from browser forms.
  • frequency-hopping spread spectrum - Frequency hopping is one of two basic modulation techniques used in spread spectrum signal transmission.
  • globbing - Globbing is the process of expanding a non-specific file name containing a wildcard character into a set of specific file names that exist in storage on a computer, server, or network.
  • goat - In biometric verification, a goat is a system end-user who is refused access to the system because their biometric data pattern is outside the range recognized by the system.
  • Google dork query - Google dorking, also known as Google hacking, can return information that is difficult to locate through simple search queries.
  • Google Project Zero - Google Project Zero is a security research unit within Google Inc.
  • government Trojan - A government Trojan is spyware installed on a computer or network by a law enforcement agency for the purpose of capturing information relevant to a criminal investigation.
  • graphical password or graphical user authentication (GUA) - A graphical password is an authentication system that works by having the user select from images, in a specific order, presented in a graphical user interface (GUI).
  • gray hat (or grey hat) - Gray hat describes a cracker (or, if you prefer, hacker) who exploits a security weakness in a computer system or product in order to bring the weakness to the attention of the owners.
  • Great Firewall of China - The Great Firewall of China is a national effort to protect Chinese corporate and state secrets and infrastructure from cyberattacks.
  • greynet (or graynet) - Greynet is a term for the use of unauthorized applications on a corporate network.
  • Group Policy Object (GPO) - Microsoft’s Group Policy Object (GPO) is a collection of Group Policy settings that defines what a system will look like and how it will behave for a defined group of users.
  • gyroscope - A gyroscope is a device with a spinning disc or wheel mechanism that harnesses the principle of conservation of angular momentum: the tendency for the spin of a system to remain constant unless subjected to external torque.
  • hacker - A hacker is an individual who uses computer, networking or other skills to overcome a technical problem.
  • hacking as a service (HaaS) - Hacking as a service (HaaS) is the commercialization of hacking skills, in which the hacker serves as a contractor.
  • hacktivism - Hacktivism is the act of hacking, or breaking into a computer system, for a politically or socially motivated purpose.
  • hard drive overwriter - In e-cycling, a hard drive overwriter is a program or utility that repeatedly overwrites the data on a computer's hard drive with gibberish.
  • hard-drive encryption - Hard-drive encryption is a technology that encrypts the data stored on a hard drive using sophisticated mathematical functions.
  • hardware vulnerability - A hardware vulnerability is an exploitable weakness in a computer system that enables attack through remote or physical access to system hardware.
  • hashing - Hashing is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string.
  • Have I Been Pwned (HIBP) - Have I Been Pwned (HIBP) is a website that allows users to search and find out if an email address’s password has been compromised.
  • Heartbleed - Heartbleed is a vulnerability in some implementations of OpenSSL.
  • HI-MEMS cyborg insects (Hybrid Insect Micro-Electro-Mechanical Systems) - The Hybrid Insect Micro-Electro-Mechanical Systems (HI-MEMS) program, also known as the cybug program, is a proposal from the Defense Advanced Research Projects Agency (DARPA) to encourage the development of cyborg insects that can be controlled by humans.
  • hijacking - Hijacking is a type of network security attack in which the attacker takes control of a communication - just as an airplane hijacker takes control of a flight - between two entities and masquerades as one of them.
  • honey monkey - A honey monkey is a virtual computer system that is programmed to lure, detect, identify and neutralize malicious activity on the Internet.
  • honeynet - A honeynet is a network set up with intentional vulnerabilities; its purpose is to invite attack, so that an attacker's activities and methods can be studied and that information used to increase network security.
  • Honeynet Project - The Honeynet Project is a non-profit volunteer organization dedicated to computer security research and information sharing.
  • honeypot (computing) - A honeypot is a network-attached system set up as a decoy to lure cyberattackers and to detect, deflect or study hacking attempts in order to gain unauthorized access to information systems.
  • host intrusion prevention systems (HIPS) - A host intrusion prevention system (HIPS) is a security method that relies on third-party software tools to monitor network traffic and system activities for anomalous code behavior to identify and prevent malicious activities.
  • hot site and cold site - A hot site is a commercial disaster recovery service that allows a business to continue computer and network operations in the event of a computer or equipment disaster.
  • HTTPS (HTTP over SSL or HTTP Secure) - HTTPS (HTTP over SSL or HTTP Secure) is the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a sublayer under regular HTTP application layering.
  • human attack surface - Human attack surface is the totality of all security vulnerabilities within a given system or network that are created through human activities.
  • hybrid virus (multi-part or multipartite virus) - A hybrid virus (sometimes called a multi-part or multipartite virus) is one that combines characteristics of more than one type to infect both program files and system sectors.
  • ICS security (industrial control system security) - ICS security is the area of concern involving the safeguarding of industrial control systems, the integrated hardware and software designed to monitor and control the operation of machinery and associated devices in industrial environments.
  • identity chaos (password chaos) - Identity chaos (sometimes called password chaos) is a situation in which users have multiple identities and passwords across a variety of networks, applications, computers and/or computing devices.
  • identity theft - Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable information (PII), such as Social Security or driver's license numbers, in order to impersonate someone else.
  • IFrame (Inline Frame) - The IFrame HTML element is often used to insert content from another source, such as an advertisement, into a Web page.
  • IM worm - An IM worm is self-replicating malicious code that spreads in instant messaging networks.
  • image replay attack - An image replay attack is the use of a picture to fool an authentication method.
  • in the wild - According to noted computer virus expert Paul Ducklin, in order for a virus to be considered in the wild, "it must be spreading as a result of normal day-to-day operations on and between the computers of unsuspecting users.
  • incidence - Incidence, in statistics, is the rate of occurrence of something within a population, or the number of times it occurs.
  • Indicators of Compromise (IOC) - Indicators of compromise are unusual activities on a system or network that imply the presence of a malicious actor.
  • industrial espionage - Industrial espionage is the covert and sometimes illegal practice of investigating competitors, usually to gain a business advantage.
  • information signature - To fight terrorism, the Information Awareness Office (IAO) of the U.
  • Infranet Initiative - The Infranet Initiative is a collaborative effort to develop a high-performance universal public network that would serve as a supplement to the Internet for businesses and other high-demand users.
  • initialization vector (IV) - An initialization vector (IV) is an arbitrary number that can be used along with a secret key for data encryption.
  • input validation attack - An input validation attack is any malicious action against a computer system that involves manually entering strange information into a normal user input field.
  • insecure deserialization - Insecure deserialization is a vulnerability in which an untrusted or unknown data is used to either inflict a denial of service attack (DoS attack), execute code, bypass authentication or further abuse the logic behind an application.
  • insider threat - Insider threat is a category of risk posed by humans who have access to an organization's physical or digital assets.

SearchCompliance

  • risk assessment

    Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business.

  • PCI DSS (Payment Card Industry Data Security Standard)

    The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to ...

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

SearchSecurity

SearchHealthIT

SearchDisasterRecovery

  • call tree

    A call tree is a layered hierarchical communication model that is used to notify specific individuals of an event and coordinate ...

  • Disaster Recovery as a Service (DRaaS)

    Disaster recovery as a service (DRaaS) is the replication and hosting of physical or virtual servers by a third party to provide ...

  • cloud disaster recovery (cloud DR)

    Cloud disaster recovery (cloud DR) is a combination of strategies and services intended to back up data, applications and other ...

SearchStorage

Close