Browse Definitions :

Security management

Terms related to security management, including definitions about intrusion detection systems (IDS) and words and phrases about asset management, security policies, security monitoring, authorization and authentication.

SEC - VMW

  • Seclore Technology (Seclore) - Seclore Technology is a Mumbai-based security software company incubated by the Indian Institute of Technology (IIT) in Bombay.
  • Secure Electronic Transaction (SET) - Secure Electronic Transaction (SET) is a system and electronic protocol to ensure the integrity and security of transactions conducted over the internet.
  • Secure File Transfer Protocol (SSH File Transfer Protocol) - SFTP is a term that refers to either Secure File Transfer Protocol or SSH File Transfer Protocol, and is a computing network protocol for accessing and managing files on remote systems.
  • Secure Shell (SSH) - SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.
  • Security Accounts Manager - The Security Accounts Manager (SAM) is a database file in the Microsoft Windows operating system that contains usernames and passwords.
  • security analytics - Security analytics is an approach to cybersecurity that uses data collection, data aggregation and analysis tools for threat detection and security monitoring.
  • Security as a Service (SaaS) - Security-as-a-service (SaaS) is an outsourcing model for security management.
  • Security Assertion Markup Language (SAML) - Security Assertion Markup Language (SAML) is an open standard for sharing security information about identity, authentication and authorization across different systems.
  • security audit - A security audit is a systematic evaluation of the security of a company's information system by measuring how well it conforms to an established set of criteria.
  • security awareness training - Security awareness training is a formal process for educating employees and third-party stakeholders, like contractors and business partners, how to protect an organization's computer systems, along with its data, people and other assets, from internet-based threats or criminals.
  • security by design - Security by design is an approach to software and hardware development that seeks to make systems as free of vulnerabilities and impervious to attack as possible through such measures as continuous testing, authentication safeguards and adherence to best practices.
  • security clearance - A security clearance is an authorization that allows access to information that would otherwise be forbidden.
  • security event - A security event is a change in the everyday operations of a network or IT service, indicating that an security policy may have been violated or a security safeguard may have failed.
  • security identifier (SID) - In the context of Windows computing and Microsoft Active Directory (AD), a security identifier (SID) is a unique value that is used to identify any security entity that the operating system (OS) can authenticate.
  • security incident - A security incident is an event that may indicate that an organization's systems or data have been compromised or that measures put in place to protect them have failed.
  • security information and event management (SIEM) - Security information and event management (SIEM) is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system.
  • security information management (SIM) - Security information management (SIM) is the practice of collecting, monitoring and analyzing security-related data from computer logs and various other data sources.
  • security intelligence (SI) - Security intelligence (SI) is the information relevant to protecting an organization from external and inside threats as well as the processes, policies and tools designed to gather and analyze that information.
  • security operations center (SOC) - A security operations center (SOC) is a command center facility for a team of IT professionals with expertise in information security who monitors, analyzes and protects an organization from cyber attacks.
  • security policy - A security policy is a document that states in writing how a company plans to protect its physical and information technology (IT) assets.
  • security theater - Security theater includes any measures taken by a company or security team to create an atmosphere of safety that may only achieve the appearance of heightened security.
  • security through obscurity - Security through obscurity (STO) is reliance upon secrecy in software development to minimize the chance that weaknesses may be detected and targeted.
  • security through obsolescence - Security through obsolescence is the use of obsolete technologies whose vulnerabilities are no longer well known among the public.
  • security token - A security token is a physical or digital device that provides two-factor authentication for a user to prove their identity in a login process.
  • Security, Trust and Assurance Registry (STAR) - The Security, Trust and Assurance Registry (STAR) is an online registry of cloud provider security controls.
  • segregation of duties (SoD) - Segregation of duties (SoD) is an internal control designed to prevent error and fraud by ensuring that at least two individuals are responsible for the separate parts of any task.
  • Sender Policy Framework (SPF) - Sender Policy Framework (SPF) is a protocol designed to restrict who can use an organization's domain as the source of an email message.
  • sensitive information - Sensitive information is data that must be protected from unauthorized access to safeguard the privacy or security of an individual or organization.
  • session ID - A session ID is a unique number that a Web site's server assigns to identify a specific user for the duration of that user's visit (session).
  • session key - A session key is an encryption and decryption key that is randomly generated to ensure the security of a communications session between a user and another computer or between two computers.
  • shadow app - A shadow app is a software program that is not supported by an employee's information technology (IT) department.
  • shadow IT - Shadow IT is hardware or software that is not supported by an organization's IT department.
  • shadow password file - A shadow password file, also known as /etc/shadow, is a system file in Linux that stores encrypted user passwords and is accessible only to the root user, preventing unauthorized users or malicious actors from breaking into the system.
  • Shared Key Authentication (SKA) - Shared Key Authentication (SKA) is a process by which a computer can gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol.
  • shared responsibility model - A shared responsibility model is a cloud security framework that dictates the security obligations of a cloud computing provider and its users to ensure accountability.
  • shoulder surfing - Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information.
  • shrink wrap license - A shrink wrap license is an end user agreement (EULA) that is enclosed with software in plastic-wrapped packaging.
  • single sign-on (SSO) - Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials -- for example, a name and password -- to access multiple applications.
  • single-factor authentication (SFA) - Single-factor authentication (SFA) is the traditional security process that requires a user name and password before granting access to the user.
  • smart card - A smart card is a physical card that has an embedded integrated chip that acts as a security token.
  • smart home or building (home automation or domotics) - A smart home is a residence that uses internet-connected devices to enable the remote monitoring and management of appliances and systems, such as lighting and heating.
  • SMS spam (cell phone spam or short messaging service spam) - SMS spam (sometimes called cell phone spam) is any junk message delivered to a mobile phone as text messaging through the Short Message Service (SMS).
  • snooping - Snooping, in a security context, is unauthorized access to another person's or company's data.
  • Snort - Snort is an open source network intrusion detection system (NIDS) created by Sourcefire founder and former CTO Martin Roesch.
  • SOAR (security orchestration, automation and response) - SOAR (security orchestration, automation and response) is a stack of compatible software programs that enables an organization to collect data about security threats and respond to security events without human assistance.
  • social engineering penetration testing - Social engineering pen testing is designed to test employees' adherence to the security policies and practices defined by management.
  • soft token - A soft token is a software-based security token that generates a single-use login PIN.
  • softlifting - Softlifting is a common type of software piracy in which a legally licensed software program is installed or copied in violation of its licensing agreement.
  • software attack surface - The software attack surface is the complete profile of all functions in any code running in a given system that are available to an unauthenticated user.
  • software-defined perimeter (SDP) - The software-defined perimeter, or SDP, is a security framework that controls access to resources based on identity.
  • spear phishing - Spear phishing is a malicious email spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information.
  • spim (instant messaging spam) - Spim is spam delivered through instant messaging (IM) instead of through e-mail messaging.
  • SPIT (spam over Internet telephony) - SPIT (spam over Internet telephony), sometimes known as vam (voice or VoIP spam), is unsolicited bulk messages broadcast over VoIP (Voice over Internet Protocol) to phones connected to the Internet.
  • SSAE 16 - The Statement on Standards for Attestation Engagements No.
  • SSL certificate (Secure Sockets Layer certificate) - A Secure Sockets Layer certificate, known commonly as an SSL certificate, is a small data file installed on a Web server that allows for a secure connection between a Web server and a Web browser.
  • SSL checker (secure socket layer checker) - An SSL checker (Secure Sockets Layer checker) is a tool that helps an organization verify proper installation of an SSL certificate on a Web server to ensure it is valid, trusted and will work properly for its users.
  • SSL VPN (Secure Sockets Layer virtual private network) - An SSL VPN is a type of virtual private network (VPN) that uses the Secure Sockets Layer (SSL) protocol -- or, more often, its successor, the Transport Layer Security (TLS) protocol -- in standard web browsers to provide secure, remote access VPN capability.
  • stateful inspection - Stateful inspection, also known as dynamic packet filtering, is a firewall technology that monitors the state of active connections and uses this information to determine which network packets to allow through the firewall.
  • static application security testing (SAST) - Static application security testing (SAST) is a program designed to analyze application (app) source code in order to find security vulnerabilities or weaknesses that may open an app up to a malicious attack.
  • stealth virus - A stealth virus is a computer virus that uses various mechanisms to avoid detection by antivirus software.
  • storage encryption - Storage encryption is the use of encryption/decryption of backed-up and archived data, both in transit and on storage media.
  • storage security - Storage security is the group of parameters and settings that make storage resources available to authorized users and trusted networks -- and unavailable to other entities.
  • stream cipher - A stream cipher is a method of encrypting text (to produce ciphertext) in which a cryptographic key and algorithm are applied to each binary digit in a data stream, one bit at a time.
  • streaming application - A streaming application is a program that has its necessary components downloaded as needed instead of being installed ahead of time on a computer.
  • strong authentication - Although it is not a standardized term, with set criteria, strong authentication can be said to be any method of verifying the identity of a user or device that is intrinsically stringent enough to ensure the security of the system it protects by withstanding any attacks it is likely to encounter.
  • strong password - A strong password is one that is designed to be hard for a person or program to guess.
  • surveillance metadata - Surveillance metadata is details about data pertaining to the actions of an observed party.
  • Suspicious Activity Report (SAR) - A Suspicious Activity Report (SAR) is a document that financial institutions must file with the Financial Crimes Enforcement Network (FinCEN) following a suspected incident of money laundering or fraud.
  • Symantec PartnerNet - Symantec PartnerNet is web-based portal that was developed by security vendor Symantec to provide information, tools and benefits to its channel partner community.
  • SYN flood attack - A SYN flood attack is a type of denial-of-service (DoS) attack on a computer server.
  • SYN scanning - SYN scanning is a tactic that a malicious hacker can use to determine the state of a communications port without establishing a full connection.
  • TCP Wrapper - TCP Wrapper is a public domain computer program that provides firewall services for UNIX servers.
  • tcpdump - Tcpdump is an open source command-line tool for monitoring (sniffing) network traffic.
  • TDL-4 (TDSS or Alureon) - TDL-4 is sophisticated malware that facilitates the creation and maintenance of a botnet.
  • Thing hacking - Thing hacking is an attack that exploits a vulnerability in a connected non-computing device – a Thing, in the Internet of Things -- to gain control of the device or access to a network it connects to.
  • threat actor - A threat actor, also called a malicious actor or bad actor, is an entity that is partially or wholly responsible for an incident that impacts – or has the potential to impact -- an organization's security.
  • threat ignorance - Threat ignorance is a concept used by security professionals to determine the level of vulnerability a company or user’s computer or system has to an attack.
  • threat intelligence (cyber threat intelligence) - Threat intelligence, also known as cyber threat intelligence (CTI), is information collected from various sources about current or potential attacks that threaten an organization.
  • threat intelligence feed (TI feed) - A threat intelligence feed (TI feed) is an ongoing stream of data related to potential or current threats to an organization's security.
  • threat intelligence service (TI service) - A threat intelligence service (TI service) is a provider of information about current or emerging threats that could negatively impact the security of a customer’s organization.
  • token - In general, a token is an object that represents something else, such as another object (either physical or virtual), or an abstract concept as, for example, a gift is sometimes referred to as a token of the giver's esteem for the recipient.
  • tokenization - Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.
  • Top searches of 2008 - What were people searching the WhatIs.
  • Tor browser - The Tor (the onion routing) browser is a web browser designed for anonymous web surfing and protection against traffic analysis.
  • transitive trust - Transitive trust is a two-way relationship automatically created between parent and child domains in a Microsoft Active Directory forest.
  • Transport Layer Security (TLS) - Transport Layer Security (TLS) is an Internet Engineering Task Force (IETF) standard protocol that provides authentication, privacy and data integrity between two communicating computer applications.
  • triage - Triage is the procedure of assigning levels of priority to tasks or individuals to determine the most effective order in which to deal with them.
  • trigraph - A trigraph is a three-character replacement for a special or nonstandard character in a text file.
  • TrueCrypt - TrueCrypt is a cross-platform open source program for file and full disk encryption (FDE).
  • Trusted Cloud Initiative - The Trusted Cloud Initiative is a program of the Cloud Security Alliance industry group created to help cloud service providers develop industry-recommended, secure and interoperable identity, access and compliance management configurations and practices.
  • trusted computing - Trusted computing is a broad term that refers to technologies and proposals for resolving computer security problems through hardware enhancements and associated software modifications.
  • trusted computing base (TCB) - A trusted computing base (TCB) is everything in a computing system that provides a secure environment for operations.
  • Trusted Computing Group (TCG) - The Trusted Computing Group (TCG) is a not-for-profit organization that was formed in 2003 to define, develop and promote security specifications for computers and networks.
  • Trusted Platform Module (TPM) - A Trusted Platform Module (TPM) is a specialized chip on a device designed to secure hardware with cryptographic keys.
  • tunneling or port forwarding - Tunneling is the transmission of data intended for use only within a private, usually corporate network through a public network in such a way that the routing nodes in the public network are unaware that the transmission is part of a private network.
  • two-factor authentication (2FA) - Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication, is a security process in which users provide two different authentication factors to verify themselves.
  • Twofish - Twofish is a symmetric-key block cipher with a block size of 128 bits and variable-length key of size 128, 192 or 256 bits.
  • unified endpoint management (UEM) - Unified endpoint management (UEM) is an approach to securing and controlling desktop computers, laptops, smartphones and tablets in a connected, cohesive manner from a single console.
  • unified threat management (UTM) - Unified threat management (UTM) describes an information security (infosec) system that provides a single point of protection against threats, including viruses, worms, spyware and other malware, and network attacks.
  • user account provisioning - User account provisioning is a business process for creating and managing access to resources in an information technology (IT) system.
SearchNetworking
  • virtual network functions (VNFs)

    Virtual network functions (VNFs) are virtualized tasks formerly carried out by proprietary, dedicated hardware.

  • network functions virtualization (NFV)

    Network functions virtualization (NFV) is a network architecture model designed to virtualize network services that have ...

  • overlay network

    An overlay network is a virtual or logical network that is created on top of an existing physical network.

SearchSecurity
  • X.509 certificate

    An X.509 certificate is a digital certificate that uses the widely accepted international X.509 public key infrastructure (PKI) ...

  • directory traversal

    Directory traversal is a type of HTTP exploit in which a hacker uses the software on a web server to access data in a directory ...

  • malware

    Malware, or malicious software, is any program or file that is intentionally harmful to a computer, network or server.

SearchCIO
  • data latency

    Data latency is the time it takes for data packets to be stored or retrieved. In business intelligence (BI), data latency is how ...

  • chief data officer (CDO)

    A chief data officer (CDO) in many organizations is a C-level executive whose position has evolved into a range of strategic data...

  • information technology (IT) director

    An information technology (IT) director is the person in charge of technology within an organization. IT directors manage ...

SearchHRSoftware
SearchCustomerExperience
  • implementation

    Implementation is the execution or practice of a plan, a method or any design, idea, model, specification, standard or policy for...

  • first call resolution (FCR)

    First call resolution (FCR) is when customer service agents properly address a customer's needs the first time they call.

  • customer intelligence (CI)

    Customer intelligence (CI) is the process of collecting and analyzing detailed customer data from internal and external sources ...

Close