P - Definitions

Search Definitions
  • P

    PA-DSS (Payment Application Data Security Standard)

    Payment Application Data Security Standard (PA-DSS) is a set of requirements intended to help software vendors develop secure payment applications for credit card transactions.

  • parameter tampering

    Parameter tampering is a type of web-based cyber attack in which certain parameters in a URL are changed without a user's authorization.

  • passphrase

    A passphrase is a sentencelike string of words used for authentication that is longer than a traditional password, easy to remember and difficult to crack.

  • password manager

    A password manager is a technology tool that helps internet users create, save, manage and use passwords across different online services.

  • password salting

    Password salting is a technique to protect passwords stored in databases by adding a string of 32 or more characters and then hashing them.

  • Patch Tuesday

    Patch Tuesday is the unofficial name of Microsoft's monthly scheduled release of security fixes for the Windows operating system (OS) and other Microsoft software.

  • payload (computing)

    In computing, a payload is the carrying capacity of a packet or other transmission data unit.

  • PCI assessment

    A PCI assessment is an audit of the 12 credit card transaction compliance requirements required by the Payment Card Industry Data Security Standard.

  • PCI compliance

    PCI compliance is adherence to the set of policies and procedures developed to protect credit, debit and cash card transactions and prevent the misuse of cardholders' personal information.

  • PCI DSS merchant levels

    Payment Card Industry Data Security Standard (PCI DSS) merchant levels rank merchants based on their number of transactions per year to outline compliance verification requirements.

  • Pegasus malware

    Pegasus malware is spyware that can hack any iOS or Android device and steal a variety of data from the infected device, including text messages, emails, key logs, audio and information from installed applications, such as Facebook or Instagram.

  • personally identifiable information (PII)

    Personally identifiable information (PII) is any data that could potentially identify a specific individual.

  • plaintext

    In cryptography, plaintext is usually ordinary readable text before it is encrypted into ciphertext or after it is decrypted.

  • Plundervolt

    Plundervolt is the name of an undervolting attack that targeted Intel central processing units (CPUs).

  • possession factor

    The possession factor, in a security context, is a category of user authentication credentials based on items that the user has with them, typically a hardware device such as a security token or a mobile phone used in conjunction with a software token.

  • privacy impact assessment (PIA)

    A privacy impact assessment (PIA) is a method for identifying and assessing privacy risks throughout the development lifecycle of a program or system.

  • private CA (private PKI)

    A private CA is an enterprise-specific certificate authority that functions like a publicly trusted CA.

  • privilege creep

    Privilege creep is the gradual accumulation of access rights beyond what individuals need to do their job.

  • privileged identity management (PIM)

    Privileged identity management (PIM) is the monitoring and protection of superuser accounts that hold expanded access to an organization's IT environments.

  • proof of concept (PoC) exploit

    A proof of concept (PoC) exploit is a nonharmful attack against a computer or network. PoC exploits are not meant to cause harm, but to show security weaknesses within software.

  • Protected Extensible Authentication Protocol (PEAP)

    Protected Extensible Authentication Protocol (PEAP) is a security protocol commonly used to protect wireless networks.

  • Public-Key Cryptography Standards (PKCS)

    Public-Key Cryptography Standards (PKCS) are a set of standard protocols, numbered from 1 to 15.

  • What is a pass-the-hash attack?

    A pass-the-hash attack is an exploit in which an attacker steals a hashed user credential and -- without cracking it -- reuses it to trick an authentication system into creating a new authenticated session on the same network.

  • What is a password?

    A password is a string of characters used to verify the identity of a user during the authentication process.

  • What is a potentially unwanted program (PUP)?

    A potentially unwanted program (PUP) is a program that may be unwanted, despite the possibility that users consented to download it.

  • What is a private key?

    A private key, also known as a secret key, is a variable in cryptography used with an algorithm to encrypt or decrypt data.

  • What is a proxy firewall?

    A proxy firewall is a network security system that protects network resources by filtering messages at the application layer.

  • What is a public key and how does it work?

    In cryptography, a public key is a large numerical value that is used to encrypt data.

  • What is a public key certificate?

    A public key certificate is a digitally signed document that serves to validate the sender's authorization and name.

  • What is password cracking?

    Password cracking is the process of using an application program to identify an unknown or forgotten password that allows access to a computer or network resource.

  • What is passwordless authentication?

    Passwordless authentication allows a user to sign into a service without using a password. This is often done using certificates, security tokens, one-time passwords (OTPs) or biometrics.

  • What is PCI DSS (Payment Card Industry Data Security Standard)?

    The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information.

  • What is penetration testing?

    A penetration test, also called a 'pen test,' is a simulated cyberattack on a computer system, network or application to identify and highlight vulnerabilities in an organization's security posture.

  • What is pharming?

    Pharming is a scamming practice in which malicious code is installed on a PC or server, misdirecting users to fraudulent websites without their knowledge or consent.

  • What is phishing? Understanding enterprise phishing threats

    Phishing is a fraudulent practice in which an attacker masquerades as a reputable entity or person to trick users into revealing sensitive information.

  • What is physical security and how does it work?

    Physical security protects personnel, hardware, software, networks, facilities and data from physical actions and events that could cause serious loss or damage to an enterprise, agency or institution.

  • What is PKI (public key infrastructure)?

    PKI (public key infrastructure) is the underlying framework that enables the secure exchange of information over the internet using digital certificates and public key encryption.

  • What is post-quantum cryptography? Comprehensive guide

    Post-quantum cryptography, also known as quantum encryption or PQC, is the development of cryptographic systems for classical computers that can prevent attacks launched by quantum computers.

  • What is Pretty Good Privacy and how does it work?

    Pretty Good Privacy, or PGP, was a popular program used to encrypt and decrypt email over the internet, as well as authenticate messages with digital signatures and encrypted stored files.

  • What is privileged access management (PAM)?

    Privileged access management (PAM) is a security framework designed to protect organizations against cyberthreats by controlling and monitoring access to critical information and resources.

  • What is promiscuous mode in networking?

    In computer networking, promiscuous mode is a mode of operation in which a network device, such as a network interface card (NIC) or an adapter on a host system, can intercept and read in its entirety each network packet that arrives instead of just the packets addressed to the host.

  • What is pure risk?

    Pure risk refers to risks that are beyond human control and result in a loss or no loss, with no possibility of financial gain.

  • What is the principle of least privilege (POLP)?

    The principle of least privilege (POLP) is a concept in computer security that limits users' access rights to only what is strictly required to do their jobs.