Security management

Terms related to security management, including definitions about intrusion detection systems (IDS) and words and phrases about asset management, security policies, security monitoring, authorization and authentication.
  • What is acceptable use policy (AUP)? - An acceptable use policy (AUP) is a document stipulating constraints and practices that a user must agree to for access to or use of a corporate network, the internet or other computing resources.
  • What is access control? - Access control is a security technique that regulates who or what can view or use resources in a computing environment.
  • What is an advanced persistent threat (APT)? - An advanced persistent threat (APT) is a prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period.
  • What is an attack surface? Examples and best practices - An attack surface is the total number of possible entry points and attack vectors an organization or system has that are susceptible to unauthorized access.
  • What is an attack vector? - An attack vector is a path or means by which an attacker or hacker can gain access to a computer or network server to deliver a payload or malicious outcome.
  • What is an endpoint protection platform (EPP)? - An endpoint protection platform (EPP) is a security technology that safeguards endpoint devices.
  • What is an initialization vector? - An initialization vector (IV) is an arbitrary number that can be used with a secret key for data encryption to foil cyber attacks.
  • What is an input validation attack? - An input validation attack is any malicious cyberattack that involves an attacker manually entering strange, suspicious or unsafe information into a normal user input field of a target computer system.
  • What is an intrusion detection system (IDS)? - An intrusion detection system monitors (IDS) network traffic for suspicious activity and sends alerts when such activity is discovered.
  • What is an SBOM (software bill of materials)? - An SBOM (software bill of materials) is a detailed inventory of all components and software dependencies involved in the development and delivery of an application.
  • What is an SSL VPN (Secure Sockets Layer virtual private network)? - An SSL VPN is a type of virtual private network (VPN) that uses the Secure Sockets Layer (SSL) protocol -- or, more often, its successor, the Transport Layer Security (TLS) protocol -- in standard web browsers to provide secure, remote access VPN capability.
  • What is Android System WebView and should you uninstall it? - Android System WebView is a system component for the Android operating system (OS) that enables Android apps to display web content directly inside an application.
  • What is antimalware? - Antimalware is a software program created to protect IT systems and individual computers from malicious software, or malware.
  • What is antivirus software? - Antivirus software (antivirus program) is a security program designed to prevent, detect, search and remove viruses and other types of malware from computers, networks and other devices.
  • What is application allowlisting? - Application allowlisting, previously known as 'application whitelisting,' is the practice of specifying an index of approved software applications or executable files that are permitted to be present and active on a computer system.
  • What is authentication, authorization and accounting (AAA)? - Authentication, authorization and accounting (AAA) is a security framework for controlling and tracking user access within a computer network.
  • What is BCDR? Business continuity and disaster recovery guide - Business continuity (BC) and disaster recovery (DR) are closely related practices that support an organization's ability to remain operational after an adverse event.
  • What is biometric verification? - Biometric verification is any means by which a person can be uniquely identified by evaluating one or more distinguishing biological traits.
  • What is BitLocker? - BitLocker Drive Encryption, or BitLocker, is a Microsoft Windows security and encryption feature included with certain Windows versions.
  • What is Blowfish? - Blowfish is a variable-length, symmetric, 64-bit block cipher.
  • What is CCTV (closed-circuit television)? - CCTV (closed-circuit television) is a video surveillance system in which signals are transmitted to a specific set of monitors and are not publicly broadcast.
  • What is challenge-response authentication? - In computer security, challenge-response authentication is a set of protocols used to protect digital assets and services from unauthorized users, programs and activities.
  • What is cipher block chaining (CBC)? - Cipher block chaining (CBC) is a mode of operation for a block cipher -- one in which a sequence of bits are encrypted as a single unit, or block, with a cipher key applied to the entire block.
  • What is cloud security? - Cloud security, or cloud computing security, is a set of policies, practices and controls deployed to protect cloud-based data, applications and infrastructure from cyberattacks and cyberthreats.
  • What is COMSEC (communications security)? - Communications security (COMSEC) is the prevention of unauthorized access to telecommunications traffic or to any written information that is transmitted or transferred.
  • What is counterintelligence? - Counterintelligence (CI) is the information gathered and actions taken to identify and protect against an adversary's knowledge collection activities or attempts to cause harm through sabotage or other actions.
  • What is crypto-agility? - Crypto-agility, or cryptographic agility, is the ability of an organization to efficiently and rapidly change cryptographic algorithms, protocols or primitives in response to emerging threats, vulnerabilities or regulatory requirements.
  • What is cryptography? - Cryptography is a method of protecting information and communications using codes, so that only those for whom the information is intended can read and process it.
  • What is cryptology? - Cryptology is the mathematics, such as number theory and the application of formulas and algorithms, that underpin cryptography and cryptanalysis.
  • What is cyber attribution? - Cyber attribution is the process of tracking and identifying the perpetrator of a cyberattack or other cyber operation.
  • What is cyber hijacking? - Cyber hijacking, or computer hijacking, is a type of network security attack in which the threat actor takes control of computer systems, software programs and network communications.
  • What is cyber insurance, and why is it important? - Cyber insurance, also called cyber liability insurance or cybersecurity insurance, is a contract a business or other organization can purchase to reduce the financial risks associated with doing business online.
  • What is cyber resilience? - Cyber resilience is the ability of a computing system to identify, respond to and recover quickly from a security incident.
  • What is cybercrime and how can you prevent it? - Cybercrime is any criminal activity that involves a computer, network or networked device.
  • What is cybersecurity? - Cybersecurity is the practice of protecting systems, networks and data from digital threats.
  • What is Data Encryption Standard (DES)? - Data Encryption Standard (DES) is an outdated symmetric key method of data encryption.
  • What is data loss prevention (DLP)? - Data loss prevention (DLP) -- sometimes referred to as 'data leak prevention,' 'information loss prevention' or 'extrusion prevention' -- is a strategy to mitigate threats to critical data.
  • What is data masking? - Data masking is a security technique that modifies sensitive data in a data set so it can be used safely in a non-production environment.
  • What is data privacy? - Data privacy, also called information privacy, is an aspect of data protection that addresses the proper storage, access, retention, immutability and security of sensitive data.
  • What is defense in depth? - Defense in depth is a cybersecurity strategy that uses multiple security measures to protect an organization's networks, systems and data.
  • What is digital trust? - Digital trust is the confidence users have in the ability of people, technology and processes to create a secure digital environment.
  • What is double extortion ransomware? How to defend your organization - Double extortion ransomware is a type of cyberattack that encrypts a victim's data, like in a traditional ransomware attack, while also adding a second attack vector of stealing that data.
  • What is dynamic application security testing (DAST)? - Dynamic application security testing (DAST) is the process of analyzing a web application in runtime to identify security vulnerabilities or weaknesses.
  • What is elliptical curve cryptography (ECC)? - Elliptical curve cryptography (ECC) is a public key encryption technique based on elliptic curve theory that can be used to create faster, smaller and more efficient cryptographic keys.
  • What is email spoofing? - Email spoofing is a form of cyber attack in which a hacker sends an email that has been manipulated to seem as if it originated from a trusted source.
  • What is employee monitoring? - Employee monitoring is when businesses monitor employees to improve productivity and protect corporate resources.
  • What is endpoint security? How does it work? - Endpoint security is the protection of endpoint devices against cybersecurity threats.
  • What is extended detection and response (XDR)? - Extended detection and response (XDR) is a technology-driven cybersecurity process designed to help organizations detect and remediate security threats across their entire IT environment.
  • What is federated identity management (FIM)? How does it work? - Federated identity management (FIM) is an arrangement between multiple enterprises or domains that enables their users to use the same identification data (digital identity) to access all their networks.
  • What is GDPR? Compliance and conditions explained - The General Data Protection Regulation (GDPR) is legislation that updated and unified data privacy laws across the European Union (EU).
  • What is Google Docs? - Google Docs is a free web-based word processor that can be used to create, edit and store digital documents.
  • What is governance, risk and compliance (GRC)? - Governance, risk and compliance (GRC) refers to an organization's strategy, or framework, for handling the interdependencies of the following three components: corporate governance policies, enterprise risk management programs, and regulatory and company compliance.
  • What is Group Policy Object (GPO) and why is it important? - Microsoft’s Group Policy Object (GPO) is a collection of Group Policy settings that defines what a system will look like and how it will behave for a defined group of users.
  • What is hacktivism? - Hacktivism is the act of misusing a computer system or network for a socially or politically motivated reason.
  • What is hardware security? - Hardware security is vulnerability protection that comes in the form of a physical device rather than software installed on a computer system's hardware.
  • What is health informatics? - Health informatics is the practice of applying insight gained from acquiring and analyzing health and biomedical data to help clinicians make better healthcare-related decisions and improve patient care.
  • What is HMAC (Hash-Based Message Authentication Code)? - Hash-based message authentication code (HMAC) is a message encryption method that uses a cryptographic key with a hash function.
  • What is identity and access management? Guide to IAM - No longer just a good idea, IAM is a crucial piece of the cybersecurity puzzle.
  • What is incident response? A complete guide - Incident response is an organized, strategic approach to detecting and managing cyberattacks in ways that minimize damage, recovery time and total costs.
  • What is information security (infosec)? - Information security (infosec) is a set of policies, procedures and principles for safeguarding digital data and other kinds of information.
  • What is information security management system (ISMS)? - An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization's sensitive data.
  • What is Internet Key Exchange (IKE)? - Internet Key Exchange (IKE) is a standard protocol used to set up a secure and authenticated communication channel between two parties via a virtual private network (VPN).
  • What is IPsec (Internet Protocol Security)? - IPsec (Internet Protocol Security) is a suite of protocols and algorithms for securing data transmitted over the internet or any public network.
  • What is ISO 27001? - ISO 27001, formally known as ISO/IEC 27001:2022, is an information security standard jointly created by the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC).
  • What is IT/OT convergence? Everything you need to know - IT/OT convergence is the integration of information technology (IT) systems with operational technology (OT) systems.
  • What is Kerberos and how does it work? - Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet.
  • What is malware? Prevention, detection and how attacks work - Malware, or malicious software, is any program or file that's intentionally harmful to a computer, network or server.
  • What is multifactor authentication? - Multifactor authentication (MFA) is an IT security technology that requires multiple sources of unique information from independent categories of credentials to verify a user's identity for a login or other transaction.
  • What is network scanning? How to, types and best practices - Network scanning is a procedure for identifying active devices on a network by employing a feature or features in the network protocol to signal to devices and await a response.
  • What is obfuscation and how does it work? - Obfuscation means to make something difficult to understand.
  • What is OCR (optical character recognition)? - OCR (optical character recognition) is the use of technology to distinguish printed or handwritten text characters inside digital images of physical documents, such as a scanned paper document.
  • What is OPSEC (operations security)? - OPSEC (operations security) is an analytical process that military, law enforcement, government and private organizations use to prevent sensitive or proprietary information from being accessed inappropriately.
  • What is password cracking? - Password cracking is the process of using an application program to identify an unknown or forgotten password that allows access to a computer or network resource.
  • What is passwordless authentication? - Passwordless authentication allows a user to sign into a service without using a password.
  • What is PCI DSS (Payment Card Industry Data Security Standard)? - The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information.
  • What is penetration testing? - A penetration test, also called a 'pen test,' is a simulated cyberattack on a computer system, network or application to identify and highlight vulnerabilities in an organization's security posture.
  • What is pharming? - Pharming is a scamming practice in which malicious code is installed on a PC or server, misdirecting users to fraudulent websites without their knowledge or consent.
  • What is PHI breach (protected health information breach)? - A PHI (protected health information) breach is unauthorized access, use or disclosure of individually identifiable health information that is held or transmitted by a healthcare organization or its business associates.
  • What is phishing? Understanding enterprise phishing threats - Phishing is a fraudulent practice in which an attacker masquerades as a reputable entity or person to trick users into revealing sensitive information.
  • What is physical security and how does it work? - Physical security protects personnel, hardware, software, networks, facilities and data from physical actions and events that could cause serious loss or damage to an enterprise, agency or institution.
  • What is PKI (public key infrastructure)? - PKI (public key infrastructure) is the underlying framework that enables the secure exchange of information over the internet using digital certificates and public key encryption.
  • What is post-quantum cryptography? Comprehensive guide - Post-quantum cryptography, also known as quantum encryption or PQC, is the development of cryptographic systems for classical computers that can prevent attacks launched by quantum computers.
  • What is Pretty Good Privacy and how does it work? - Pretty Good Privacy, or PGP, was a popular program used to encrypt and decrypt email over the internet, as well as authenticate messages with digital signatures and encrypted stored files.
  • What is promiscuous mode in networking? - In computer networking, promiscuous mode is a mode of operation in which a network device, such as a network interface card (NIC) or an adapter on a host system, can intercept and read in its entirety each network packet that arrives instead of just the packets addressed to the host.
  • What is quantum cryptography? - Quantum cryptography is a method of encryption that uses the naturally occurring properties of quantum mechanics to secure and transmit data.
  • What is quantum key distribution (QKD)? - Quantum key distribution (QKD) is a secure communication method for exchanging encryption keys only known between shared parties.
  • What is ransomware as a service (RaaS)? - Ransomware as a service (RaaS) is a subscription-based business model that enables threat actors, also called affiliates, to launch ransomware attacks by accessing and using predeveloped ransomware tools.
  • What is ransomware? Definition and complete guide - Ransomware is malware that locks and encrypts a victim's data, files, devices or systems, rendering them inaccessible and unusable until the attacker receives a ransom payment.
  • What is red teaming? - Red teaming is the practice of rigorously challenging plans, policies, systems and assumptions with an adversarial approach.
  • What is risk analysis? - Risk analysis is the process of identifying and analyzing potential issues that could negatively affect key business initiatives or projects.
  • What is role-based access control (RBAC)? - Role-based access control (RBAC) is a method of restricting network access based on the roles of individual users within an enterprise.
  • What is SAML (Security Assertion Markup Language)? - Security Assertion Markup Language (SAML) is an open standard for sharing security information about identity, authentication and authorization across different systems.
  • What is security automation? - Security automation uses technology to remove high-volume manual processes from security operations to detect cyberthreats, which saves time by integrating different workflows into repeatable processes.
  • What is security by design? - Security by design is an approach to software and hardware development that seeks to make systems as free of vulnerabilities and impervious to attack as possible through such measures as continuous testing, authentication safeguards and adherence to best programming practices.
  • What is security theater? - Security theater refers to highly visible security measures that create the illusion of increased safety but don't stop threats.
  • What is security? - Security for information technology (IT) refers to the methods, tools and personnel used to defend an organization's digital assets.
  • What is segregation of duties (SoD)? - Segregation of duties (SoD) is an internal control mechanism designed to prevent errors and fraud by ensuring at least two individuals are responsible for the separate parts of any task.
  • What is shared responsibility model? - A shared responsibility model is a cloud security framework that dictates the security obligations of a cloud computing provider and its users to ensure accountability.
  • What is SIEM (security information and event management)? - SIEM (security information and event management) is software that helps organizations detect, analyze, and respond to security threats by collecting and correlating security event data from across the IT environment in real time.
  • What is Single Sign-On (SSO)? Definition, How It Works & Benefits - Single sign-on (SSO) is a session and user authentication service that lets users access multiple applications or systems with a single set of login credentials.