Security management

Terms related to security management, including definitions about intrusion detection systems (IDS) and words and phrases about asset management, security policies, security monitoring, authorization and authentication.
  • vulnerability management - Vulnerability management is the process of identifying, assessing, remediating and mitigating security vulnerabilities in software and computer systems.
  • WannaCry ransomware - WannaCry ransomware is a cyber attack that spreads by exploiting vulnerabilities in the Windows operating system.
  • war driving (access point mapping) - War driving, also called access point mapping, is the act of locating and possibly exploiting connections to wireless local area networks (WLANs) while driving around a city or elsewhere.
  • WebAuthn API - The Web Authentication API (WebAuthn API) is a credential management application program interface (API) that lets web applications authenticate users without storing their passwords on servers.
  • What are Common Criteria (CC) for Information Technology Security Evaluation? - Common Criteria (CC) is an international standard (ISO/IEC 15408) for evaluating information technology security products.
  • What is a block cipher? - A block cipher is a method of encrypting data in blocks to produce ciphertext using a cryptographic key and algorithm.
  • What is a botnet? - A botnet is a collection of internet-connected devices -- including PCs, servers, mobile devices and internet of things (IoT) devices -- infected and controlled by a common type of malware, often unbeknownst to their owners.
  • What is a brute-force attack? - A brute-force attack is a trial-and-error hacking method cybercriminals use to decode login information and encryption keys to gain unauthorized access to systems.
  • What is a buffer overflow? How do these types of attacks work? - A buffer overflow occurs when a program or process attempts to write more data to a fixed-length block of memory, or buffer, than the buffer is allocated to hold.
  • What is a certificate authority (CA)? - A certificate authority (CA) is a trusted entity that issues digital certificates to authenticate content sent from web servers.
  • What is a certificate revocation list (CRL) and how is it used? - A certificate revocation list (CRL) is a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their actual or assigned expiration date.
  • What is a Certified Information Systems Auditor (CISA)? - Certified Information Systems Auditor (CISA) is a certification and globally recognized standard for appraising an IT auditor's knowledge, expertise and skill in assessing vulnerabilities and instituting IT controls in an enterprise environment.
  • What is a cloud access security broker (CASB)? - A cloud access security broker (CASB) is a software tool or service that sits between an organization's on-premises infrastructure and a cloud provider's infrastructure.
  • What is a computer exploit? - A computer exploit, or exploit, is a program or piece of code developed to take advantage of a vulnerability in a computer or network system.
  • What is a cyberthreat hunter (cybersecurity threat analyst)? - A cyberthreat hunter, also called a cybersecurity threat analyst, proactively identifies security incidents that might go undetected using automated security tools such as malware detectors and firewalls.
  • What is a disaster recovery plan (DRP)? - A disaster recovery plan (DRP) is a documented, structured approach that describes how an organization can quickly resume operations after an unplanned incident.
  • What is a firewall and why do I need one? - A firewall is a network security device that prevents unauthorized access to a network by inspecting incoming and outgoing traffic using a set of predetermined security rules.
  • What is a hacker? - A hacker is an individual who uses computer, networking or other skills to overcome a technical problem.
  • What is a hardware security module? - A hardware security module (HSM) is a physical device that provides extra security for sensitive data.
  • What is a honeypot? How it protects against cyberattacks - A honeypot is a network-attached system set up as a decoy to lure cyberattackers and to help organizations detect, deflect and study hacking attempts to gain unauthorized access to IT.
  • What is a micro VM (micro virtual machine)? - A micro VM (micro virtual machine) is a virtual machine program that serves to isolate an untrusted computing operation from a computer's host operating system.
  • What is a next-generation firewall (NGFW)? - A next-generation firewall (NGFW) is part of the third generation of firewall technology that can be implemented in hardware or software.
  • What is a password? - A password is a string of characters used to verify the identity of a user during the authentication process.
  • What is a potentially unwanted program (PUP)? - A potentially unwanted program (PUP) is a program that may be unwanted, despite the possibility that users consented to download it.
  • What is a private cloud? Definition and examples - Private cloud is a type of cloud computing that delivers advantages similar to public cloud, including scalability and self-service, but through a proprietary architecture.
  • What is a private key? - A private key, also known as a secret key, is a variable in cryptography used with an algorithm to encrypt or decrypt data.
  • What is a proxy firewall? - A proxy firewall is a network security system that protects network resources by filtering messages at the application layer.
  • What is a public key and how does it work? - In cryptography, a public key is a large numerical value that is used to encrypt data.
  • What is a public key certificate? - A public key certificate is a digitally signed document that serves to validate the sender's authorization and name.
  • What is a remote desktop and how does it work? - A remote desktop is a program or an operating system feature that allows a user to connect to a computer in another location, see that computer's desktop and interact with it as if it were local.
  • What is a rootkit? - A rootkit is a program or a collection of malicious software tools that give a threat actor remote access to and control over a computer or other system.
  • What is a security operations center (SOC)? - A security operations center (SOC) is a command center facility in which a team of information technology (IT) professionals with expertise in information security (infosec) monitors, analyzes and protects an organization from cyberattacks.
  • What is a session key? - A session key is an encryption and decryption key that is randomly generated to ensure the security of a communications session between a user and another computer or between two computers.
  • What is a spam trap? - A spam trap is an email address that's used to identify and monitor spam email.
  • What is a stream cipher? - A stream cipher is an encryption method in which data is encrypted one byte at a time.
  • What is a threat intelligence feed? - A threat intelligence feed, also known as a TI feed, is an ongoing stream of data related to potential or current threats to an organization's security.
  • What is a watering hole attack? - A watering hole attack is a security exploit in which the attacker seeks to compromise a specific group of end users by infecting websites that members of the group are known to visit.
  • What is acceptable use policy (AUP)? - An acceptable use policy (AUP) is a document stipulating constraints and practices that a user must agree to for access to or use of a corporate network, the internet or other computing resources.
  • What is access control? - Access control is a security technique that regulates who or what can view or use resources in a computing environment.
  • What is an attack vector? - An attack vector is a path or means by which an attacker or hacker can gain access to a computer or network server to deliver a payload or malicious outcome.
  • What is an endpoint protection platform (EPP)? - An endpoint protection platform (EPP) is a security technology that safeguards endpoint devices.
  • What is an initialization vector? - An initialization vector (IV) is an arbitrary number that can be used with a secret key for data encryption to foil cyber attacks.
  • What is an intrusion detection system (IDS)? - An intrusion detection system monitors (IDS) network traffic for suspicious activity and sends alerts when such activity is discovered.
  • What is an SSL VPN (Secure Sockets Layer virtual private network)? - An SSL VPN is a type of virtual private network (VPN) that uses the Secure Sockets Layer (SSL) protocol -- or, more often, its successor, the Transport Layer Security (TLS) protocol -- in standard web browsers to provide secure, remote access VPN capability.
  • What is Android System WebView and should you uninstall it? - Android System WebView is a system component for the Android operating system (OS) that enables Android apps to display web content directly inside an application.
  • What is antimalware? - Antimalware is a software program created to protect IT systems and individual computers from malicious software, or malware.
  • What is application allowlisting? - Application allowlisting, previously known as 'application whitelisting,' is the practice of specifying an index of approved software applications or executable files that are permitted to be present and active on a computer system.
  • What is authentication, authorization and accounting (AAA)? - Authentication, authorization and accounting (AAA) is a security framework for controlling and tracking user access within a computer network.
  • What is BCDR? Business continuity and disaster recovery guide - Business continuity (BC) and disaster recovery (DR) are closely related practices that support an organization's ability to remain operational after an adverse event.
  • What is biometric verification? - Biometric verification is any means by which a person can be uniquely identified by evaluating one or more distinguishing biological traits.
  • What is BitLocker? - BitLocker Drive Encryption, or BitLocker, is a Microsoft Windows security and encryption feature included with certain Windows versions.
  • What is Blowfish? - Blowfish is a variable-length, symmetric, 64-bit block cipher.
  • What is challenge-response authentication? - In computer security, challenge-response authentication is a set of protocols used to protect digital assets and services from unauthorized users, programs and activities.
  • What is cipher block chaining (CBC)? - Cipher block chaining (CBC) is a mode of operation for a block cipher -- one in which a sequence of bits are encrypted as a single unit, or block, with a cipher key applied to the entire block.
  • What is cloud security? - Cloud security, or cloud computing security, is a set of policies, practices and controls deployed to protect cloud-based data, applications and infrastructure from cyberattacks and cyberthreats.
  • What is cryptography? - Cryptography is a method of protecting information and communications using codes, so that only those for whom the information is intended can read and process it.
  • What is cryptology? - Cryptology is the mathematics, such as number theory and the application of formulas and algorithms, that underpin cryptography and cryptanalysis.
  • What is cyber attribution? - Cyber attribution is the process of tracking and identifying the perpetrator of a cyberattack or other cyber operation.
  • What is cyber hijacking? - Cyber hijacking, or computer hijacking, is a type of network security attack in which the threat actor takes control of computer systems, software programs and network communications.
  • What is cyber insurance, and why is it important? - Cyber insurance, also called cyber liability insurance or cybersecurity insurance, is a contract a business or other organization can purchase to reduce the financial risks associated with doing business online.
  • What is cybercrime and how can you prevent it? - Cybercrime is any criminal activity that involves a computer, network or networked device.
  • What is cybersecurity? - Cybersecurity is the practice of protecting internet-connected systems such as hardware, software and data from cyberthreats.
  • What is Data Encryption Standard (DES)? - Data Encryption Standard (DES) is an outdated symmetric key method of data encryption.
  • What is data loss prevention (DLP)? - Data loss prevention (DLP) -- sometimes referred to as 'data leak prevention,' 'information loss prevention' or 'extrusion prevention' -- is a strategy to mitigate threats to critical data.
  • What is data privacy? - Data privacy, also called information privacy, is an aspect of data protection that addresses the proper storage, access, retention, immutability and security of sensitive data.
  • What is defense in depth? - Defense in depth is a cybersecurity strategy that uses multiple security measures to protect an organization's networks, systems and data.
  • What is dynamic application security testing (DAST)? - Dynamic application security testing (DAST) is the process of analyzing a web application in runtime to identify security vulnerabilities or weaknesses.
  • What is elliptical curve cryptography (ECC)? - Elliptical curve cryptography (ECC) is a public key encryption technique based on elliptic curve theory that can be used to create faster, smaller and more efficient cryptographic keys.
  • What is email spoofing? - Email spoofing is a form of cyber attack in which a hacker sends an email that has been manipulated to seem as if it originated from a trusted source.
  • What is employee monitoring? - Employee monitoring is when businesses monitor employees to improve productivity and protect corporate resources.
  • What is endpoint security? How does it work? - Endpoint security is the protection of endpoint devices against cybersecurity threats.
  • What is extended detection and response (XDR)? - Extended detection and response (XDR) is a technology-driven cybersecurity process designed to help organizations detect and remediate security threats across their entire IT environment.
  • What is federated identity management (FIM)? How does it work? - Federated identity management (FIM) is an arrangement between multiple enterprises or domains that enables their users to use the same identification data (digital identity) to access all their networks.
  • What is GDPR? Compliance and conditions explained - The General Data Protection Regulation (GDPR) is legislation that updated and unified data privacy laws across the European Union (EU).
  • What is Google Docs? - Google Docs is a free web-based word processor that can be used to create, edit and store digital documents.
  • What is Group Policy Object (GPO) and why is it important? - Microsoft’s Group Policy Object (GPO) is a collection of Group Policy settings that defines what a system will look like and how it will behave for a defined group of users.
  • What is hacktivism? - Hacktivism is the act of misusing a computer system or network for a socially or politically motivated reason.
  • What is identity and access management? Guide to IAM - No longer just a good idea, IAM is a crucial piece of the cybersecurity puzzle.
  • What is incident response? A complete guide - Incident response is an organized, strategic approach to detecting and managing cyberattacks in ways that minimize damage, recovery time and total costs.
  • What is information security management system (ISMS)? - An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization's sensitive data.
  • What is Internet Key Exchange (IKE)? - Internet Key Exchange (IKE) is a standard protocol used to set up a secure and authenticated communication channel between two parties via a virtual private network (VPN).
  • What is IPsec (Internet Protocol Security)? - IPsec (Internet Protocol Security) is a suite of protocols and algorithms for securing data transmitted over the internet or any public network.
  • What is ISO 27001? - ISO 27001, formally known as ISO/IEC 27001:2022, is an information security standard jointly created by the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC).
  • What is IT/OT convergence? Everything you need to know - IT/OT convergence is the integration of information technology (IT) systems with operational technology (OT) systems.
  • What is Kerberos and how does it work? - Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet.
  • What is malware? Prevention, detection and how attacks work - Malware, or malicious software, is any program or file that's intentionally harmful to a computer, network or server.
  • What is multifactor authentication? - Multifactor authentication (MFA) is an IT security technology that requires multiple sources of unique information from independent categories of credentials to verify a user's identity for a login or other transaction.
  • What is network scanning? How to, types and best practices - Network scanning is a procedure for identifying active devices on a network by employing a feature or features in the network protocol to signal to devices and await a response.
  • What is obfuscation and how does it work? - Obfuscation means to make something difficult to understand.
  • What is OPSEC (operations security)? - OPSEC (operations security) is an analytical process that military, law enforcement, government and private organizations use to prevent sensitive or proprietary information from being accessed inappropriately.
  • What is password cracking? - Password cracking is the process of using an application program to identify an unknown or forgotten password that allows access to a computer or network resource.
  • What is passwordless authentication? - Passwordless authentication allows a user to sign into a service without using a password.
  • What is PCI DSS (Payment Card Industry Data Security Standard)? - The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information.
  • What is penetration testing? - A penetration test, also called a 'pen test,' is a simulated cyberattack on a computer system, network or application to identify and highlight vulnerabilities in an organization's security posture.
  • What is pharming? - Pharming is a scamming practice in which malicious code is installed on a PC or server, misdirecting users to fraudulent websites without their knowledge or consent.
  • What is physical security and how does it work? - Physical security protects personnel, hardware, software, networks, facilities and data from physical actions and events that could cause serious loss or damage to an enterprise, agency or institution.
  • What is PKI (public key infrastructure)? - PKI (public key infrastructure) is the underlying framework that enables the secure exchange of information over the internet using digital certificates and public key encryption.
  • What is Pretty Good Privacy and how does it work? - Pretty Good Privacy, or PGP, was a popular program used to encrypt and decrypt email over the internet, as well as authenticate messages with digital signatures and encrypted stored files.
  • What is promiscuous mode in networking? - In computer networking, promiscuous mode is a mode of operation in which a network device, such as a network interface card (NIC) or an adapter on a host system, can intercept and read in its entirety each network packet that arrives instead of just the packets addressed to the host.
  • What is quantum cryptography? - Quantum cryptography is a method of encryption that uses the naturally occurring properties of quantum mechanics to secure and transmit data.