Information Security Definitions

This glossary explains the meaning of key words and phrases that information technology (IT) and business professionals use when discussing IT security and related software products. You can find additional definitions by visiting WhatIs.com or using the search box below.

Search Definitions
  • T

    two-step verification

    Two-step verification requires the sequential use of two authentication methods to verify that someone or something is who or what they are declared to be. In contrast with two-factor authentication processes, the methods in two-step verification can belong to the same category of authentication factors.

  • Twofish

    Twofish is a symmetric-key block cipher with a block size of 128 bits and variable-length key of size 128, 192 or 256 bits.

  • U

    unified threat management (UTM)

    Unified threat management (UTM) describes an information security (infosec) system that provides a single point of protection against threats, including viruses, worms, spyware and other malware, and network attacks.

  • United States Secret Service (USSS)

    The United States Secret Service (USSS) is a federal law enforcement agency mandated by Congress to carry out two sets of primary objectives: provide protection for designated sites and events as well as national and visiting leaders, and preserve the integrity of the U.S. economy by safeguarding the nation's financial infrastructure and payment systems.

  • user account provisioning

    User account provisioning is a business process for creating and managing access to resources in an information technology (IT) system. To be effective, an account provisioning process should ensure that the creation of accounts and provisioning of access to software and data is is consistent and simple to administer.

  • user authentication

    User authentication verifies the identity of a user attempting to gain access to a network or computing resource by authorizing a human-to-machine transfer of credentials during interactions on a network to confirm a user's authenticity.

  • user behavior analytics (UBA)

    User behavior analytics (UBA) is the tracking, collecting and assessing of user data and activities using monitoring systems.

  • V

    Verizon Data Breach Investigations Report (DBIR)

    The Verizon Data Breach Investigations Report (DBIR) is an annual publication that provides data from and analysis of information security incidents, with a specific focus on data breaches.

  • virtual firewall

    A virtual firewall is a firewall device or service that provides network traffic filtering and monitoring for virtual machines (VMs) in a virtualized environment.

  • virtual local area network hopping (VLAN hopping)

    Virtual local area network hopping (VLAN hopping) is a method of attacking the network resources of a VLAN by sending packets to a port not usually accessible from an end system.

  • virus (computer virus)

    A computer virus is malicious code that replicates by copying itself to another program, computer boot sector or document and changes how a computer works.

  • virus hoax

    A virus hoax is a false warning about a computer virus.

  • voice squatting (skill squatting)

    Voice squatting is an attack vector for voice user interfaces (VUIs) that exploits homonyms (words that sound the same but are spelled differently) and input errors (words that are mispronounced).

  • vulnerability assessment (vulnerability analysis)

    A vulnerability assessment is the process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructures.

  • vulnerability disclosure

    Vulnerability disclosure is the practice of reporting security flaws in computer software or hardware.

  • W

    walled garden

    On the internet, a walled garden is an environment that controls the user's access to network-based content and services.

  • WannaCry ransomware

    The WannaCry ransomware is a worm that spreads by exploiting vulnerabilities in the Windows operating system.

  • watering hole attack

    A watering hole attack is a security exploit in which the attacker seeks to compromise a specific group of end users by infecting websites that members of the group are known to visit.

  • Web application firewall (WAF)

    A web application firewall (WAF) is a firewall that monitors, filters and blocks data packets as they travel to and from a website or web application.

  • WebAuthn API

    The Web Authentication API (WebAuthn API) is a credential management application program interface (API) that lets web applications authenticate users without storing their passwords on servers.

  • whaling attack (whaling phishing)

    A whaling attack, also known as whaling phishing or a whaling phishing attack, is a specific type of phishing attack that targets high-profile employees, such as the CEO or CFO, in order to steal sensitive information from a company.

  • white hat hacker

    A white hat hacker -- or ethical hacker -- is an individual who uses hacking skills to identify security vulnerabilities in hardware, software or networks.

  • Wi-Fi Pineapple

    A Wi-Fi Pineapple is a wireless auditing platform from Hak5 that allows network security administrators to conduct penetration tests.

  • wildcard certificate

    A wildcard certificate is a digital certificate that is applied to a domain and all its subdomains.

  • Windows Defender Exploit Guard

    Windows Defender Exploit Guard (EG) is an anti-malware software developed by Microsoft that provides intrusion protection for users with the Windows 10 operating system (OS).

  • Wired Equivalent Privacy (WEP)

    Wired Equivalent Privacy (WEP) is a security protocol, specified in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11b.

  • WLAN Authentication and Privacy Infrastructure (WAPI)

    WLAN Authentication and Privacy Infrastructure (WAPI) is a wireless local area network security standard officially supported by the Chinese government.

  • WPA3

    WPA3 is a security certification program developed by the Wi-Fi Alliance to ensure Wi-Fi related products meet a common standard.

  • X

    X.509 certificate

    An X.509 certificate is a digital certificate that uses the widely accepted international X.509 public key infrastructure (PKI) standard to verify that a public key belongs to the user, computer or service identity contained within the certificate.

  • Y

    YubiKey

    YubiKey is an authentication device that allows users to securely log into their email, online services, computers and applications using one-time passwords, static passwords or FIDO-based public and private key pairs.

  • Z

    What is the zero-trust security model?

    The zero-trust security model is a cybersecurity approach that denies access to an enterprise's digital resources by default and grants authenticated users and devices tailored, siloed access to only the applications, data, services and systems they need to do their jobs.

  • zero-day (computer)

    Zero-day is a flaw in software, hardware or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw.

  • Zoombombing

    Zoombombing is a type of cyber-harassment in which an individual or a group of unwanted and uninvited users interrupt online meetings over the Zoom video conference app.

Networking
CIO
Enterprise Desktop
Cloud Computing
ComputerWeekly.com
Close