Browse Definitions :

Threat management

Terms related to security threats, including definitions about anti-virus programs or firewalls and words and phrases about malware, viruses, Trojans and other security attacks.

ROW - TOP

  • Rowhammer - Rowhammer is a vulnerability in commodity dynamic random access memory (DRAM) chips that allows an attacker to exploit devices with DRAM memory by repeatedly accessing (hammering) a row of memory until it causes bit flips and transistors in adjacent rows of memory reverse their binary state: ones turn into zeros and vice versa.
  • RSA algorithm (Rivest-Shamir-Adleman) - The RSA algorithm is the basis of a cryptosystem -- a suite of cryptographic algorithms that are used for specific security services or purposes -- which enables public key encryption and is widely used to secure sensitive data, particularly when it is being sent over an insecure network such as the internet.
  • S-HTTP (Secure HTTP) - S-HTTP (Secure HTTP) is an extension to the Hypertext Transfer Protocol (HTTP) that allows the secure exchange of files on the World Wide Web.
  • SafeSquid - SafeSquid is an HTTP 1.
  • salt - In password protection, salt is a random string of data used to modify a password hash.
  • Same Origin Policy (SOP) - The Same Origin Policy (SOP), also called Single Origin Policy, is a security measure used in Web browser programming languages such as JavaScript and Ajax to protect the confidentiality and integrity of information.
  • SAML (Security Assertion Markup Language) - The Security Assertion Markup Language (SAML) is an open standard for sharing security information about identity, authentication and authorization across different systems.
  • scareware - Scareware is a type of malware designed to trick victims into purchasing and downloading useless and potentially dangerous software.
  • script kiddy (or script kiddie) - Script kiddy (sometimes spelled kiddie) is a derogative term, originated by the more sophisticated crackers of computer security systems, for the more immature, but unfortunately often just as dangerous exploiter of security lapses on the Internet.
  • seat management - Seat management is a method of coordinating all the workstations in an enterprise network by overseeing the installation, operation, and maintenance of hardware and software at each workstation.
  • SecOps (DevSecOps) - SecOps, also called DevSecOps, is a management approach that connects security and operations teams, similar to how DevOps unifies software developers and operations professionals.
  • secret key algorithm (symmetric algorithm) - A secret key algorithm (sometimes called a symmetric algorithm) is a cryptographic algorithm that uses the same key to encrypt and decrypt data.
  • Secure Electronic Transaction (SET) - Secure Electronic Transaction (SET) is a system for ensuring the security of financial transactions on the Internet.
  • Secure Shell (SSH) - SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.
  • security audit - A security audit is a systematic evaluation of the security of a company's information system by measuring how well it conforms to a set of established criteria.
  • security clearance - A security clearance is an authorization that allows access to information that would otherwise be forbidden.
  • security debt - Security debt is a variant of technical debt that occurs when organizations do not invest enough money or resources into security efforts upfront.
  • Security Descriptor Definition Language (SDDL) - Security Descriptor Definition Language (SDDL) is a formal way to specify Microsoft Windows security descriptors or text strings that describe who owns various objects such as files in the system.
  • security identifier (SID) - In Windows NT and 2000 operating systems, the security identifier (SID) is a unique alphanumeric character string that identifies each operating system and each user in a network of NT/2000 systems.
  • security incident - A security incident is an event that may indicate that an organization's systems or data have been compromised.
  • security information management (SIM) - Security information management (SIM) is the practice of collecting, monitoring and analyzing security-related data from computer logs.
  • security intelligence (SI) - Security intelligence (SI) is the information relevant to protecting an organization from external and inside threats as well as the processes, policies and tools designed to gather and analyze that information.
  • Security Operations Center (SOC) - A security operations center (SOC) is a command center facility for a team of IT professionals with expertise in information security that is responsible for monitoring, analyzing and protecting an organization from cyber attacks.
  • security policy - In business, a security policy is a document that states in writing how a company plans to protect the company's physical and information technology (IT) assets.
  • security posture - Security posture refers to an organization's overall cybersecurity strength and how well it can predict, prevent and respond to ever-changing cyberthreats.
  • security theater - Security theater includes any measures taken by a company or security team to create an atmosphere of safety that may only achieve the appearance of heightened security.
  • security token (authentication token) - A security token (sometimes called an authentication token) is a small hardware device that the owner carries to authorize access to a network service.
  • Sender ID - Sender ID is Microsoft's proposed e-mail sender authentication protocol designed to protect against domain spoofing and phishing exploits.
  • Sender Policy Framework (SPF) - Sender Policy Framework (SPF) is an anti-spam approach in which the Internet domain of an e-mail sender can be authenticated for that sender, thereby discouraging spam mailers, who routinely disguise the origin of their e-mail, a practice known as e-mail spoofing.
  • SEO poisoning (search poisoning) - Search poisoning, also known as search engine poisoning, is an attack involving malicious websites that are designed to show up prominently in search results.
  • server accelerator card (SSL card) - A server accelerator card (also known as an SSL card) is a Peripheral Component Interconnect (PCI) card used to generate encryption keys for secure transactions on e-commerce Web sites.
  • session ID - A session ID is a unique number that a Web site's server assigns to identify a specific user for the duration of that user's visit (session).
  • session key - A session key is an encryption and decryption key that is randomly generated to ensure the security of a communications session between a user and another computer or between two computers.
  • shadow password file - In the Linux operating system, a shadow password file is a system file in which encryption user password are stored so that they aren't available to people who try to break into the system.
  • Shamoon - Shamoon, also called W32.
  • sheepdip (sheep dipping or a footbath) - In computers, a sheepdip (or, variously, sheep dipping or a footbath) is the checking of media, usually diskettes or CD-ROMs, for viruses before they are used in a computer or network.
  • Shellshock - Shellshock is the common name for a coding vulnerability found in the Bash shell user interface that affects Unix-based operating systems, including Linux and Mac OS X, and allows attackers to remotely gain complete control of a system.
  • shoulder surfing - Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information.
  • side-channel attack - A side-channel attack (SCA) is a security exploit that involves collecting information about what a computing device does when it is performing cryptographic operations and using that information to reverse engineer the device's cryptography system.
  • SIGINT (signals intelligence) - SIGINT (signals intelligence) is information gained by the collection and analysis of the electronic signals and communications of a given target.
  • single sign-on (SSO) - Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials -- for example, a name and password -- to access multiple applications.
  • single-factor authentication (SFA) - Single-factor authentication (SFA) is the traditional security process that requires a user name and password before granting access to the user.
  • smart card - A smart card is a physical card that has an embedded integrated chip that acts as a security token.
  • smart home or building (home automation or domotics) - A smart home is a residence that uses internet-connected devices to enable the remote monitoring and management of appliances and systems, such as lighting and heating.
  • smart meter hack - A smart meter hack is the unauthorized access of such a device or its data transmissions for the purpose of obtaining or altering communications between it and the responsible utility.
  • SMS spam (cell phone spam or short messaging service spam) - SMS spam (sometimes called cell phone spam) is any junk message delivered to a mobile phone as text messaging through the Short Message Service (SMS).
  • smurfing - A smurf attack is an exploitation of the Internet Protocol (IP) broadcast addressing to create a denial of service.
  • snake oil - In cryptographic and other computer products, snake oil is a negative term used to describe exaggerated claims made by vendors who are overly optimistic or purposely seeking to take advantage of consumers who do not have the expertise to judge a product.
  • snoop server - A snoop server is a server that uses a packet sniffer program to capture network traffic for analysis.
  • snooping - Snooping, in a security context, is unauthorized access to another person's or company's data.
  • Snort - Snort is an open source network intrusion detection system (NIDS) created by Martin Roesch.
  • SnortSnarf - SnortSnarf is a program that was designed for use with Snort, a security program used mainly with Linux networks.
  • Snowden effect - The Snowden effect is an increase in public awareness about information privacy and security due to Edward Snowden's revelations about the U.
  • social engineering attack surface - Social engineering attacks usually take advantage of human psychology: the desire for something free, the susceptibility to distraction, or the desire to be liked or to be helpful.
  • social engineering penetration testing - Social engineering pen testing is designed to test employees' adherence to the security policies and practices defined by management.
  • software attack surface - The software attack surface is the complete profile of all functions in any code running in a given system that are available to an unauthenticated user.
  • spam cocktail (or anti-spam cocktail) - A spam cocktail (or anti-spam cocktail) is the use of several different technologies in combination to successfully identify and minimize spam.
  • spim (instant messaging spam) - Spim is spam delivered through instant messaging (IM) instead of through e-mail messaging.
  • SPIT (spam over Internet telephony) - SPIT (spam over Internet telephony), sometimes known as vam (voice or VoIP spam), is unsolicited bulk messages broadcast over VoIP (Voice over Internet Protocol) to phones connected to the Internet.
  • splog (spam blog) - A splog (spam blog) is a fake blog created solely to promote affiliated Web sites, with the intent of skewing search results and artificially boosting traffic.
  • spoof - Spoof was a game involving trickery and nonsense that was invented by an English comedian, Arthur Roberts, prior to 1884, when it is recorded as having been "revived.
  • SS7 attack - While the SS7 network is fundamental to cellphones and its operators, the security of the design relied entirely on trust.
  • stack overflow - A stack overflow is an undesirable condition in which a particular computer program tries to use more memory space than the call stack has available.
  • stack smashing - Stack smashing is causing a stack in a computer application or operating system to overflow.
  • stateful inspection - Stateful inspection is a firewall technology that monitors the state of active connections and uses this information to determine which network packets to allow through the firewall.
  • stealth - In computing, stealth refers to an event, object, or file that evades methodical attempts to find it.
  • stealth virus - In computer security, a stealth virus is a computer virus that uses various mechanisms to avoid detection by antivirus software.
  • Stegano - Stegano is a malware toolkit that allows users to hide malicious code in images.
  • steganography - Steganography (pronounced STEHG-uh-NAH-gruhf-ee, from Greek steganos, or "covered," and graphie, or "writing") is the hiding of a secret message within an ordinary message and the extraction of it at its destination.
  • stingray (IMSI catcher) - A stingray is a mobile surveillance device also known as an IMSI (International Mobile Subscriber Identity) catcher or a cell site simulator.
  • STIX (Structured Threat Information eXpression) - STIX (Structured Threat Information eXpression) is an XML programming language that allows cybersecurity threat data to be shared.
  • storage encryption - Storage encryption is the use of encryption/decryption of backed-up and archived data, both in transit and on storage media.
  • storage security - Storage security is the group of parameters and settings that make storage resources available to authorized users and trusted networks - and unavailable to other entities.
  • stream cipher - A stream cipher is a method of encrypting text (to produce ciphertext) in which a cryptographic key and algorithm are applied to each binary digit in a data stream, one bit at a time.
  • strong password - A strong password is one that is designed to be hard for a person or program to discover.
  • Stuxnet - The Stuxnet worm is a rootkit exploit that targets supervisory control and data acquisition (SCADA) systems.
  • supercookie - A supercookie is a type of tracking cookie inserted into an HTTP header by an internet service provider to collect data about a user's internet browsing history and habits.
  • supply chain security - Supply chain security is the part of supply chain management (SCM) that focuses on minimizing risk for supply chain, logistics and transportation management systems (TMS).
  • SYN flood (half open attack) - SYN flooding is a method that the user of a hostile client program can use to conduct a denial-of-service (DoS) attack on a computer server.
  • SYN scanning - SYN scanning is a tactic that a malicious hacker (or cracker) can use to determine the state of a communications port without establishing a full connection.
  • synthetic identity theft - Synthetic identity theft is the fraudulent use of stolen personally identifiable information (PIF) that is combined with made-up details to create a false identity.
  • TACACS (Terminal Access Controller Access Control System) - TACACS (Terminal Access Controller Access Control System) is an older authentication protocol common to UNIX networks that allows a remote access server to forward a user's logon password to an authentication server to determine whether access can be allowed to a given system.
  • tailgating (piggybacking) - Tailgating, sometimes referred to as piggybacking, is a physical security breach in which an unauthorized person follows an authorized individual to enter a secured premise.
  • talking Trojan - A talking Trojan is a Trojan horse program that mocks the user of an infected PC with a repeating audio message while it deletes the entire contents of a hard drive.
  • targeted attack - A targeted attack is one that seeks to breach the security measures of a specific individual or organization.
  • tarpitting - Tarpitting is the practice of slowing the transmission of e-mail messages sent in bulk, as a means of thwarting spammers.
  • TCP Wrapper - TCP Wrapper is a public domain computer program that provides firewall services for UNIX servers.
  • tcpdump - Tcpdump is an open source command-line tool for monitoring (sniffing) network traffic.
  • tech support phone scam - A tech support phone scam is an exploit in which an attacker calls offering support for problems they claim were detected on the victim's computer.
  • Tempest - Tempest was the name of a classified (secret) U.
  • thingbot - A thingbot is something with an embedded system and an Internet connection that has been coopted by a hacker as a part of a botnet.
  • threat actor - A threat actor, also called a malicious actor, is an entity that is partially or wholly responsible for an incident that impacts – or has the potential to impact -- an organization's security.
  • threat ignorance - Threat ignorance is a concept used by security professionals to determine the level of vulnerability a company or user’s computer or system has to an attack.
  • tiger team - In the computer industry, a tiger team is a group of programmers or users who volunteer or are hired to expose errors or security holes in new software or to find out why a computer network's security is being broken.
  • Tilded platform - The Tilded platform is a malicious software communicator specifically designed as a vessel for transmitting malware undetected.
  • timing attack - A timing attack looks at how long it takes a system to do something and allows the attacker, through statistical analysis, to learn enough about the system to find the decryption key needed to gain access to it.
  • token - In general, a token is an object that represents something else, such as another object (either physical or virtual), or an abstract concept as, for example, a gift is sometimes referred to as a token of the giver's esteem for the recipient.
  • tokenization - Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.
  • topsite - A topsite is a stringently protected underground FTP server at the top of the distribution chain for pirated content, such as movies, music, games, and software.

-ADS BY GOOGLE

SearchCompliance

  • PCI DSS (Payment Card Industry Data Security Standard)

    The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to ...

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

  • compliance framework

    A compliance framework is a structured set of guidelines that details an organization's processes for maintaining accordance with...

SearchSecurity

  • DNS over HTTPS (DoH)

    DNS over HTTPS (DoH) is a relatively new protocol that encrypts domain name system traffic by passing DNS queries through a ...

  • integrated risk management (IRM)

    Integrated risk management (IRM) is an approach to risk management that uses a set of practices and processes to improve an ...

  • MITRE ATT&CK framework

    The MITRE ATT&CK (pronounced 'miter attack') framework is a free, globally accessible service that provides comprehensive and ...

SearchHealthIT

  • telemedicine (telehealth)

    Telemedicine is the remote delivery of healthcare services, such as health assessments or consultations, over the ...

  • Project Nightingale

    Project Nightingale is a controversial partnership between Google and Ascension, the second largest health system in the United ...

  • medical practice management (MPM) software

    Medical practice management (MPM) software is a collection of computerized services used by healthcare professionals and ...

SearchDisasterRecovery

SearchStorage

  • M.2 SSD

    An M.2 SSD is a solid-state drive (SSD) that conforms to a computer industry specification and is used in internally mounted ...

  • kilobyte (KB or Kbyte)

    A kilobyte (KB or Kbyte) is a unit of measurement for computer memory or data storage used by mathematics and computer science ...

  • virtual memory

    Virtual memory is a memory management capability of an operating system (OS) that uses hardware and software to allow a computer ...

Close