Information Security Definitions

This glossary explains the meaning of key words and phrases that information technology (IT) and business professionals use when discussing IT security and related software products. You can find additional definitions by visiting WhatIs.com or using the search box below.

Search Definitions
  • P

    What is pharming?

    Pharming is a scamming practice in which malicious code is installed on a PC or server, misdirecting users to fraudulent websites without their knowledge or consent.

  • What is physical security and how does it work?

    Physical security protects personnel, hardware, software, networks, facilities and data from physical actions and events that could cause serious loss or damage to an enterprise, agency or institution.

  • What is PKI (public key infrastructure)?

    PKI (public key infrastructure) is the underlying framework that enables the secure exchange of information over the internet using digital certificates and public key encryption.

  • What is Pretty Good Privacy and how does it work?

    Pretty Good Privacy, or PGP, was a popular program used to encrypt and decrypt email over the internet, as well as authenticate messages with digital signatures and encrypted stored files.

  • What is privileged access management (PAM)?

    Privileged access management (PAM) is a security framework designed to protect organizations against cyberthreats by controlling and monitoring access to critical information and resources.

  • What is promiscuous mode in networking?

    In computer networking, promiscuous mode is a mode of operation in which a network device, such as a network interface card (NIC) or an adapter on a host system, can intercept and read in its entirety each network packet that arrives instead of just the packets addressed to the host.

  • Q

    quantum key distribution (QKD)

    Quantum key distribution (QKD) is a secure communication method for exchanging encryption keys only known between shared parties.

  • quantum supremacy

    Quantum supremacy is the experimental demonstration of a quantum computer's dominance and advantage over classical computers by performing calculations previously impossible at unmatched speeds.

  • What is quantum cryptography?

    Quantum cryptography is a method of encryption that uses the naturally occurring properties of quantum mechanics to secure and transmit data.

  • R

    RADIUS (Remote Authentication Dial-In User Service)

    RADIUS (Remote Authentication Dial-In User Service) is a client-server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service.

  • RAT (remote access Trojan)

    A RAT (remote access Trojan) is malware an attacker uses to gain full administrative privileges and remote control of a target computer.

  • remote access

    Remote access is the ability for an authorized person to access a computer or network from a geographical distance through a network connection.

  • Report on Compliance (ROC)

    A Report on Compliance (ROC) is a form that must be completed by all Level 1 Visa merchants undergoing a PCI DSS (Payment Card Industry Data Security Standard) audit.

  • residual risk

    Residual risk is the risk that remains after efforts to identify and eliminate some or all types of risk have been made.

  • reverse brute-force attack

    A reverse brute-force attack is a type of brute-force attack in which an attacker uses a common password against multiple usernames in an attempt to gain access to a network.

  • Rijndael

    Rijndael (pronounced rain-dahl) is an Advanced Encryption Standard (AES) algorithm.

  • risk analysis

    Risk analysis is the process of identifying and analyzing potential issues that could negatively impact key business initiatives or projects.

  • risk assessment

    Risk assessment is the process of identifying hazards that could negatively affect an organization's ability to conduct business.

  • risk avoidance

    Risk avoidance is the elimination of hazards, activities and exposures that can negatively affect an organization and its assets.

  • risk-based authentication (RBA)

    Risk-based authentication (RBA) is an authentication method in which varying levels of stringency are applied to a system’s authentication process based on the likelihood that access to that system could result in its compromise.

  • risk-based patch management (RBPM)

    Risk-based patch management (RBPM) is an approach to implementing patches to fix software code that prioritizes patches that address security issues posing the highest risk to the organization.

  • risk-based vulnerability management (RBVM)

    Risk-based vulnerability management (RBVM) is an approach to identifying and addressing security vulnerabilities in an organization's IT environment that prioritizes remediating vulnerabilities that pose the greatest risk.

  • role mining

    Role mining is the process of analyzing user-to-resource mapping data to determine or modify user permissions for role-based access control (RBAC) in an enterprise... (Continued)

  • What is a registration authority (RA)?

    A registration authority (RA) is an entity that is authorized to verify user requests for a digital certificate and also to tell a certificate authority (CA) to issue that certificate to the user.

  • What is a risk map (risk heat map)?

    A risk map, or risk heat map, is a data visualization tool for communicating specific risks an organization faces.

  • What is a risk profile? Definition, examples and types

    A risk profile is a quantitative analysis of the types of threats an organization, asset, project or individual faces.

  • What is a rootkit?

    A rootkit is a program or a collection of malicious software tools that give a threat actor remote access to and control over a computer or other system.

  • What is ransomware? Definition and complete guide

    Ransomware is malware that locks and encrypts a victim's data, files, devices or systems, rendering them inaccessible and unusable until the attacker receives a ransom payment.

  • What is risk appetite?

    Risk appetite is the amount of risk an organization or investor is willing to take in pursuit of objectives it deems have value.

  • What is risk exposure in business?

    Risk exposure is the quantified potential loss from currently underway or planned business activities.

  • What is risk management? Importance, benefits and guide

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital, earnings and operations.

  • What is risk reporting?

    Risk reporting is a method of identifying risks tied to or potentially impacting an organization's business processes.

  • What is role-based access control (RBAC)?

    Role-based access control (RBAC) is a method of restricting network access based on the roles of individual users within an enterprise.

  • What is the RSA algorithm?

    The RSA algorithm (Rivest-Shamir-Adleman) is a public key cryptosystem that uses a pair of keys for securing digital communication and transactions over insecure networks, such as the internet.

  • S

    sandbox

    A sandbox is an isolated testing environment that enables users to run programs or open files without affecting the application, system or platform on which they run.

  • screened subnet

    A screened subnet, or triple-homed firewall, refers to a network architecture where a single firewall is used with three network interfaces.

  • script kiddie

    Script kiddie is a derogative term that computer hackers coined to refer to immature, but often just as dangerous, exploiters of internet security weaknesses.

  • Secure Electronic Transaction (SET)

    Secure Electronic Transaction (SET) is a system and electronic protocol to ensure the integrity and security of transactions conducted over the internet.

  • Secure Sockets Layer certificate (SSL certificate)

    A Secure Sockets Layer certificate (SSL certificate) is a small data file installed on a web server that allows for a secure, encrypted connection between the server and a web browser.

  • Securities and Exchange Commission (SEC)

    The Securities and Exchange Commission (SEC) is the U.S. government agency that oversees the nation's securities industry.

  • security

    Security for information technology (IT) refers to the methods, tools and personnel used to defend an organization's digital assets.

  • security analytics

    Security analytics is a cybersecurity approach that uses data collection, data aggregation and analysis tools for threat detection and security monitoring.

  • security awareness training

    Security awareness training is a strategic approach IT and security professionals take to educate employees and stakeholders on the importance of cybersecurity and data privacy.

  • security clearance

    A security clearance is an authorization that allows access to information that would otherwise be forbidden.

  • security identifier (SID)

    In the context of Windows computing and Microsoft Active Directory (AD), a security identifier (SID) is a unique value that is used to identify any security entity that the operating system (OS) can authenticate.

  • security information management (SIM)

    Security information management (SIM) is the practice of collecting, monitoring and analyzing security-related data from computer logs and various other data sources.

  • security policy

    A security policy is a document that states in writing how a company plans to protect its physical and information technology (IT) assets.

  • security posture

    Security posture refers to an organization's overall cybersecurity strength and how well it can predict, prevent and respond to ever-changing cyberthreats.

  • security token

    A security token is a physical or wireless device that provides two-factor authentication (2FA) for users to prove their identity in a login process.

  • self-sovereign identity

    Self-sovereign identity (SSI) is a model for managing digital identities in which individuals or businesses have sole ownership over the ability to control their accounts and personal data.

  • Sender Policy Framework (SPF)

    Sender Policy Framework (SPF) is a protocol designed to restrict who can use an organization's domain as the source of an email message.

  • shadow password file

    A shadow password file, also known as /etc/shadow, is a system file in Linux that stores encrypted user passwords and is accessible only to the root user, preventing unauthorized users or malicious actors from breaking into the system.

  • Shared Key Authentication (SKA)

    Shared Key Authentication (SKA) is a process by which a computer can gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol.

  • shoulder surfing

    Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information.

  • single sign-on (SSO)

    Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials -- for example, a username and password -- to access multiple applications.

  • single-factor authentication (SFA)

    Single-factor authentication (SFA) is a process for securing access to a given system, such as a network or website, that identifies the party requesting access through only one category of credentials.

  • smart card

    A smart card is a physical card that has an embedded integrated chip that acts as a security token.

  • snooping

    Snooping, in a security context, is unauthorized access to another person's or company's data.

  • SOAR (security orchestration, automation and response)

    SOAR (security orchestration, automation and response) is a stack of compatible software programs that enables an organization to collect data about security threats and respond to security events with little or no human assistance.

  • SOC 1 (System and Organization Controls 1)

    System and Organization Controls 1, or SOC 1 (pronounced "sock one"), aims to control objectives within a SOC 1 process area and documents internal controls relevant to an audit of a user entity's financial statements.

  • SOC 2 (System and Organization Controls 2)

    SOC 2 (System and Organization Controls 2), pronounced "sock two," is a voluntary compliance standard for ensuring that service providers properly manage and protect the sensitive data in their care.

  • SOC 3 (System and Organization Controls 3)

    A System and Organization Controls 3 (SOC 3) report outlines information related to a service organization's internal controls for security, availability, processing integrity, confidentiality and privacy.

  • social media policy

    A social media policy is a corporate code of conduct that provides guidelines for employees who post content on the internet either as part of their job or as a private person.

  • soft token

    A soft token is a software-based security token that generates a single-use login personal identification number (PIN).

  • spam filter

    A spam filter is a program used to detect unsolicited, unwanted and virus-infected emails and prevent those messages from getting to a user's inbox.

  • spear phishing

    Spear phishing is a malicious email spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information.

  • speculative risk

    Speculative risk is a type of risk the risk-taker takes on voluntarily and will result in some degree of profit or loss.

  • SSAE 16

    The Statement on Standards for Attestation Engagements No. 16 (SSAE 16) is a set of auditing standards and guidance on using the standards, published by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA), for redefining and updating how service companies report on compliance controls.

  • stealth virus

    A stealth virus is a computer virus that uses various mechanisms to avoid detection by antivirus software.

  • steganography

    Steganography is the technique of hiding data within an ordinary, nonsecret file or message to avoid detection; the hidden data is then extracted at its destination.

  • Structured Threat Information eXpression (STIX)

    Structured Threat Information eXpression (STIX) is a standardized Extensible Markup Language (XML) programming language for conveying data about cybersecurity threats in a way that can be easily understood by both humans and security technologies.

  • sudo (su 'do')

    Sudo is a command-line utility for Unix and Unix-based operating systems such as Linux and macOS.

  • supercookie

    A supercookie is a type of tracking cookie inserted into an HTTP header to collect data about a user's internet browsing history and habits.

  • supply chain attack

    A supply chain attack is a type of cyber attack that targets organizations by focusing on weaker links in an organization's supply chain.

  • SYN flood attack

    A SYN flood attack is a type of denial-of-service (DoS) attack on a computer server.

  • What are social engineering attacks?

    Social engineering is an attack vector that relies heavily on human interaction and often involves psychological manipulation of people into breaking normal security procedures and best practices to gain unauthorized access.

  • What is a security operations center (SOC)?

    A security operations center (SOC) is a command center facility in which a team of information technology (IT) professionals with expertise in information security (infosec) monitors, analyzes and protects an organization from cyberattacks.

  • What is a session key?

    A session key is an encryption and decryption key that is randomly generated to ensure the security of a communications session between a user and another computer or between two computers.

  • What is a side-channel attack?

    A side-channel attack is a cybersecurity exploit that aims to gather information from or influence a system's program execution. It does this by measuring or exploiting indirect effects of the system or its hardware rather than directly targeting the program or its code.

  • What is a spam trap?

    A spam trap is an email address that's used to identify and monitor spam email. It's also a type of honeypot because it uses a fake email address to bait spammers.

  • What is a stream cipher?

    A stream cipher is an encryption method in which data is encrypted one byte at a time.

  • What is an SSL VPN (Secure Sockets Layer virtual private network)?

    An SSL VPN is a type of virtual private network (VPN) that uses the Secure Sockets Layer (SSL) protocol -- or, more often, its successor, the Transport Layer Security (TLS) protocol -- in standard web browsers to provide secure, remote access VPN capability.

  • What is SAML (Security Assertion Markup Language)?

    Security Assertion Markup Language (SAML) is an open standard for sharing security information about identity, authentication and authorization across different systems.

  • What is SecOps? Everything you need to know

    SecOps, formed from a combination of security and IT operations staff, is a highly skilled team focused on monitoring and assessing risk and protecting corporate assets, often operating from a security operations center, or SOC.

  • What is SIEM (Security Information and Event Management)?

    Security information and event management (SIEM) is an approach to security management that combines security information management (SIM) and security event management (SEM) functions into one security management system.

  • What is spyware?

    Spyware is a type of malicious software (malware) that is installed on a computing device without the end user's knowledge.

  • What is SSH (Secure Shell) and How Does It Work?

    SSH (Secure Shell or Secure Socket Shell) is a network protocol that gives users -- particularly systems administrators -- a secure way to access a computer over an unsecured network.

  • What is SSL (Secure Sockets Layer)?

    SSL (Secure Sockets Layer) is a networking protocol that secures connections between web clients and web servers over internal networks or the internet by encrypting the data sent between those clients and servers.

  • T

    three-factor authentication (3FA)

    Three-factor authentication (3FA) is the use of identity-confirming credentials from three separate categories of authentication factors -- typically, the knowledge, possession and inherence categories.

  • time-based one-time password

    A time-based one-time password (TOTP) is a temporary passcode generated by an algorithm that uses the current time of day as one of its authentication factors.

  • timing attack

    A timing attack is a type of side-channel attack that exploits the amount of time a computer process runs to gain knowledge about or access a system.

  • tokenization

    Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.

  • total risk

    Total risk is an assessment that identifies all the risk factors associated with pursuing a specific course of action.

  • TrickBot malware

    TrickBot is sophisticated modular malware that started as a banking Trojan but has evolved to support many different types of attacks, including ransomware.

  • triple extortion ransomware

    Triple extortion ransomware is a type of ransomware attack where a cybercriminal extorts their victim multiple times, namely by encrypting data, exfiltrating data to expose and threatening a third attack vector.

  • Trojan horse

    In computing, a Trojan horse is a program downloaded and installed on a computer that appears harmless, but is, in fact, malicious.

  • trusted computing base (TCB)

    A trusted computing base (TCB) is everything in a computing system that provides a secure environment for operations.

  • two-step verification

    Two-step verification is a process that involves two authentication steps performed one after the other to verify that someone or something requesting access is who or what they say they are.

  • What is the Twofish encryption algorithm?

    Twofish is a symmetric-key block cipher with a block size of 128 bits and variable-length key of size 128, 192 or 256 bits.

  • What is threat detection and response (TDR)? Complete guide

    Threat detection and response (TDR) is the process of recognizing potential cyberthreats and reacting to them before harm can be done to an organization.