Browse Definitions :

Threat management

Terms related to security threats, including definitions about anti-virus programs or firewalls and words and phrases about malware, viruses, Trojans and other security attacks.

802 - CVS

  • 802.11x - 802.11x refers to a group of evolving wireless local area network (WLAN) standards that are under development as elements of the IEEE 802.
  • AAA server (authentication, authorization and accounting) - An AAA server is a server program that handles user requests for access to computer resources and, for an enterprise, provides authentication, authorization and accounting (AAA) services.
  • active attack - An active attack is a network exploit in which a hacker attempts to make changes to data on the target or data en route to the target.
  • active defense - An active defense is the use of offensive actions to outmaneuver an adversary and make an attack more difficult and to carry out.
  • active reconnaissance - Active reconnaissance is a type of computer attack in which an intruder engages with the targeted system to gather information about vulnerabilities.
  • ActiveX - ActiveX is a set of object-oriented programming technologies Microsoft developed for Internet Explorer to facilitate rich media playback.
  • ActiveX controls - ActiveX controls are component program objects that Microsoft developed to enable applications to perform specific functions, such as displaying a calendar or playing a video.
  • ActiveX Data Objects (ADO) - ActiveX Data Objects (ADO) is an application program interface from Microsoft that lets a programmer writing Windows applications get access to a relational or non-relational database from both Microsoft and other database providers.
  • address space layout randomization (ASLR) - Address space layout randomization (ASLR) is a memory-protection process for operating systems (OSes) that guards against buffer-overflow attacks by randomizing the location where system executables are loaded into memory.
  • advanced persistent threat (APT) - An advanced persistent threat (APT) is a prolonged and targeted cyber attack in which an intruder gains access to a network and remains undetected for an extended period of time.
  • adware - Adware is any software application in which an advertising banner or other advertising material displays or downloads while a program is running.
  • air gap (air gapping) - An air gap is a security measure that involves isolating a computer or network and preventing it from establishing an external connection.
  • alternate data stream (ADS) - An alternate data stream (ADS) is a feature of Windows New Technology File System (NTFS) that contains metadata for locating a specific file by author or title.
  • anti-money laundering software (AML) - Anti-laundering software is a type of computer program used by financial institutions to analyze customer data and detect suspicious transactions.
  • anti-spyware software - Anti-spyware software is a type of program designed to prevent and detect unwanted spyware program installations and to remove those programs if installed.
  • antimalware (anti-malware) - Antimalware is a type of software program created to protect IT systems and individual computers from malicious software, or malware.
  • antispoofing - Antispoofing is a technique for countering spoofing attacks on a computer network.
  • antivirus software (antivirus program) - Antivirus software is a class of program designed to prevent, detect and remove malware infections on individual computing devices, networks and IT systems.
  • application blacklisting - Application blacklisting, sometimes just referred to as blacklisting, is a network administration practice used to prevent the execution of undesirable programs.
  • application whitelisting - Application whitelisting is the practice of specifying an index of approved software applications or executable files that are permitted to be present and active on a computer system.
  • asymmetric cyber attack - An asymmetric cyber attack refers to cyberwarfare that inflicts a proportionally large amount of damage compared to the resources used by targeting the victim's most vulnerable security measure.
  • ATM jackpotting - ATM jackpotting is the exploitation of physical and software vulnerabilities in automated banking machines that result in the machines dispensing cash.
  • attack surface - An attack surface is defined as the total number of all possible entry points for unauthorized access into any system.
  • attack vector - An attack vector is a path or means by which an attacker or hacker can gain access to a computer or network server in order to deliver a payload or malicious outcome.
  • authentication - Authentication is the process of determining whether someone or something is, in fact, who or what it says it is.
  • authentication, authorization, and accounting (AAA) - Authentication, authorization, and accounting (AAA) is a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services.
  • authorization - Authorization is the process of giving someone permission to do or have something.
  • Automated Clearing House fraud (ACH fraud) - ACH fraud is the theft of funds through the Automated Clearing House financial transaction network.
  • backdoor (computing) - A backdoor is a means to access a computer system or encrypted data that bypasses the system's customary security mechanisms.
  • backscatter spam - Backscatter spam, also called misdirected bounce spam or NDR spam, is a strategy for sending unsolicited email messages that takes advantage of the fact that certain types of mail transfer agent (MTA) programs return the entire message to the sender when a recipient's email address is invalid.
  • biometric payment - Biometric payment is a point-of-sale (POS) technology that uses biometric authentication physical characteristics to identify the user and authorize the deduction of funds from a bank account.
  • biometric verification - Biometric verification is any means by which a person can be uniquely identified by evaluating one or more distinguishing biological traits.
  • biometrics - Biometrics is the measurement and statistical analysis of people's unique physical and behavioral characteristics.
  • BIOS rootkit - A BIOS-level rootkit is programming that exists in a system's memory hardware to enable remote administration.
  • BIOS rootkit attack - A BIOS-level rootkit attack, also known as a persistent BIOS attack, is an exploit in which the BIOS is flashed (updated) with malicious code.
  • bitcoin mining - Bitcoin mining is the process of verifying new transactions to the Bitcoin digital currency system, as well as the process by which new bitcoin enter into circulation.
  • BitLocker - BitLocker Drive Encryption, or BitLocker, is a Microsoft Windows security and encryption feature.
  • black hat hacker - A black hat hacker has been historically used to describe one who has malicious intent -- such as theft of information, fraud or disrupting systems -- but increasingly, more specific terms are being used to describe those people.
  • blacklist - A blacklist, in IT, is a collection of entities that are blocked from communicating with or logging into a computer, site or network.
  • blended threat - A blended threat is an exploit that combines elements of multiple types of malware and usually employs various attack vectors to increase the severity of damage and the speed of contagion.
  • block cipher - A block cipher is a method of encrypting data in blocks to produce ciphertext using a cryptographic key and algorithm.
  • blockchain economy - The blockchain economy is a scenario and potential future environment in which the technology replaces current monetary systems, potentially on a global basis.
  • Blowfish - Blowfish is a variable-length, symmetric, 64-bit block cipher.
  • bluesnarfing - Bluesnarfing is the theft of information from a wireless device through a Bluetooth connection.
  • boot sector virus - A boot sector virus is malware that infects the computer storage sector where startup files are found.
  • bot - A bot -- short for robot and also called an internet bot -- is a computer program that operates as an agent for a user or other program or to simulate a human activity.
  • botnet - A botnet is a collection of internet-connected devices, which may include personal computers (PCs), servers, mobile devices and internet of things (IoT) devices, that are infected and controlled by a common type of malware, often unbeknownst to their owner.
  • browser hijacker (browser hijacking) - A browser hijacker is a malware program that modifies web browser settings without the user's permission and redirects the user to websites the user had not intended to visit.
  • brute-force attack - A brute-force attack is a trial-and-error method used by application programs to decode login information and encryption keys to use them to gain unauthorized access to systems.
  • buffer overflow - A buffer overflow occurs when a program or process attempts to write more data to a fixed-length block of memory, or buffer, than the buffer is allocated to hold.
  • buffer underflow - A buffer underflow, also known as a buffer underrun or a buffer underwrite, is when the buffer -- the temporary holding space during data transfer -- is fed data at a lower rate than it is being read from.
  • bug bounty program - A bug bounty program, also called a vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals for finding errors in software.
  • burner phone - A burner phone, or 'burner,' is an inexpensive mobile phone designed for temporary, sometimes anonymous, use, after which it may be discarded.
  • business email compromise (BEC, man-in-the-email attack) - A business email compromise (BEC) is an exploit in which the attacker gains access to a corporate email account and spoofs the owner’s identity in order to commit fraud .
  • cache poisoning - Cache poisoning is a type of cyber attack in which attackers insert fake information into a domain name system (DNS) cache or web cache for the purpose of harming users.
  • CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) - A CAPTCHA is a type of challenge-response system designed to differentiate humans from robotic computer programs.
  • car hacking - Car hacking is the manipulation of the code in a car's electronic control unit (ECU) to exploit a vulnerability and gain control of other ECU units in the vehicle.
  • card skimming - Card skimming is the theft of credit and debit card data and PIN numbers when the user is at an automated teller machine (ATM) or point of sale (POS).
  • card verification value (CVV) - Card verification value (CVV) is a combination of features used in credit, debit and automated teller machine (ATM) cards for the purpose of establishing the owner's identity and minimizing the risk of fraud.
  • certificate authority (CA) - A certificate authority (CA) is a trusted entity that issues Secure Sockets Layer (SSL) certificates.
  • certificate revocation list (CRL) - A certificate revocation list (CRL) is a list of digital certificates that have been revoked by the issuing Certificate Authority (CA) before their actual or assigned expiration date.
  • certification - In information technology as in other fields such as teaching, accounting, and acupuncture, certification is a formal process of making certain that an individual is qualified in terms of particular knowledge or skills.
  • Certified Information Systems Security Professional (CISSP) - Certified Information Systems Security Professional (CISSP) is an information security certification developed by the International Information Systems Security Certification Consortium, also known as (ISC)².
  • chaos engineering - Chaos engineering is the process of testing a distributed computing system to ensure that it can withstand unexpected disruptions.
  • Chernobyl virus - The Chernobyl virus is a computer virus with a potentially devastating payload that destroys all computer data when an infected file is executed.
  • cipher - In cryptography, a cipher is an algorithm for encrypting and decrypting data.
  • cipher block chaining (CBC) - Cipher block chaining (CBC) is a mode of operation for a block cipher -- one in which a sequence of bits are encrypted as a single unit, or block, with a cipher key applied to the entire block.
  • ciphertext - Ciphertext is encrypted text transformed from plaintext using an encryption algorithm.
  • ciphertext feedback (CFB) - In cryptography, ciphertext feedback (CFB), also known as cipher feedback, is a mode of operation for a block cipher.
  • Class C2 - Class C2 is a security rating established by the U.
  • cloud security - Cloud security, also known as cloud computing security, is the practice of protecting cloud-based data, applications and infrastructure from cyberthreats and cyber attacks.
  • COBIT - COBIT is an IT governance framework for businesses wanting to implement, monitor and improve IT management best practices.
  • COMINT (communications intelligence) - Communications intelligence (COMINT) is information gathered from the communications of individuals, including telephone conversations, text messages and various types of online interactions.
  • command-and-control server (C&C server) - A command-and-control server (C&C server) is a computer that issues directives to digital devices that have been infected with rootkits or other types of malware, such as ransomware.
  • Common Vulnerabilities and Exposures (CVE) - Common Vulnerabilities and Exposures (CVE) provides unique identifiers for publicly known security threats.
  • Common Weakness Enumeration (CWE) - Common Weakness Enumeration (CWE) is a universal online dictionary of weaknesses that have been found in computer software.
  • computer cracker - A computer cracker is an outdated term used to describe someone who broke into computer systems, bypassed passwords or licenses in computer programs, or in other ways intentionally breached computer security.
  • Computer Emergency Response Team (CERT) - A Computer Emergency Response Team (CERT) is a group of information security experts responsible for the protection against, detection of and response to an organization’s cybersecurity incidents.
  • computer exploit - A computer exploit, or exploit, is an attack on a computer system, especially one that takes advantage of a particular vulnerability the system offers to intruders.
  • computer security incident response team (CSIRT) - A computer security incident response team, or CSIRT, is a group of IT professionals that provides an organization with services and support surrounding the assessment, management and prevention of cybersecurity-related emergencies, as well as coordination of incident response efforts.
  • Conduit browser hijacker - Conduit is a browser hijacker that is usually installed without the user’s knowledge through a drive-by download.
  • Conficker - Conficker is a fast-spreading worm that targets a vulnerability (MS08-067) in Windows operating systems.
  • confidentiality, integrity and availability (CIA triad) - Confidentiality, integrity and availability, also known as the CIA triad, is a model designed to guide policies for information security within an organization.
  • consumer privacy (customer privacy) - Consumer privacy, also known as customer privacy, involves the handling and protection of the sensitive personal information provided by customers in the course of everyday transactions.
  • content personalization - Content personalization is a strategy that tailors webpages and other forms of content to individual users' characteristics or preferences.
  • contextual marketing - Contextual marketing is an online marketing strategy model in which people are served with targeted advertising based on their search terms or their recent browsing behavior.
  • cookie - A cookie is information that a website puts on a user's computer.
  • cookie poisoning - Cookie poisoning is a type of cyber attack in which a bad actor hijacks, forges, alters or manipulates a cookie to gain unauthorized access to a user's account, open a new account in the user's name or steal the user's information for purposes such as identity theft.
  • counterintelligence - Counterintelligence (CI) is the information gathered and actions taken to identify and protect against an adversary’s knowledge collection activities or attempts to cause harm through sabotage or other actions.
  • credential stuffing - Credential stuffing is the practice of using stolen login information from one account to gain access to accounts on a number of sites through automated login.
  • credential theft - Credential theft is a type of cybercrime that involves stealing the proof of identity of the victim, which can be either an individual or a business.
  • critical infrastructure security - Critical infrastructure security is the area of concern surrounding the protection of systems, networks and assets whose continuous operation is deemed necessary to ensure the security of a given nation, its economy, and the public’s health and/or safety.
  • cross-site scripting (XSS) - Cross-site scripting (XSS) is a type of injection attack in which a threat actor inserts data, such as a malicious script, into content from otherwise trusted websites.
  • cryptographic checksum - Generated by a cryptographic algorithm, a cryptographic checksum is a mathematical value assigned to a file sent through a network for verifying that the data contained in that file is unchanged.
  • cryptographic nonce - A nonce is a random or semi-random number that is generated for a specific use.
  • cryptography - Cryptography is a method of protecting information and communications through the use of codes, so that only those for whom the information is intended can read and process it.
  • cryptojacking - Cryptojacking is a cybercrime in which another party's computing resources are hijacked to mine cryptocurrency.
  • cryptology - Cryptology is the mathematics, such as number theory and the application of formulas and algorithms, that underpin cryptography and cryptanalysis.
  • CVSS (Common Vulnerability Scoring System) - The Common Vulnerability Scoring System (CVSS) is a public framework for rating the severity of security vulnerabilities in software.
Networking
  • network traffic

    Network traffic is the amount of data that moves across a network during any given time.

  • dynamic and static

    In general, dynamic means 'energetic, capable of action and/or change, or forceful,' while static means 'stationary or fixed.'

  • MAC address (media access control address)

    A MAC address (media access control address) is a 12-digit hexadecimal number assigned to each device connected to the network.

Security
  • Evil Corp

    Evil Corp is an international cybercrime network that uses malicious software to steal money from victims' bank accounts and to ...

  • Trojan horse

    In computing, a Trojan horse is a program downloaded and installed on a computer that appears harmless, but is, in fact, ...

  • quantum key distribution (QKD)

    Quantum key distribution (QKD) is a secure communication method for exchanging encryption keys only known between shared parties.

CIO
  • green IT (green information technology)

    Green IT (green information technology) is the practice of creating and using environmentally sustainable computing.

  • benchmark

    A benchmark is a standard or point of reference people can use to measure something else.

  • spatial computing

    Spatial computing broadly characterizes the processes and tools used to capture, process and interact with 3D data.

HRSoftware
  • talent acquisition

    Talent acquisition is the strategic process employers use to analyze their long-term talent needs in the context of business ...

  • employee retention

    Employee retention is the organizational goal of keeping productive and talented workers and reducing turnover by fostering a ...

  • hybrid work model

    A hybrid work model is a workforce structure that includes employees who work remotely and those who work on site, in a company's...

Customer Experience
  • BOPIS (buy online, pick up in-store)

    BOPIS (buy online, pick up in-store) is a business model that allows consumers to shop and place orders online and then pick up ...

  • real-time analytics

    Real-time analytics is the use of data and related resources for analysis as soon as it enters the system.

  • database marketing

    Database marketing is a systematic approach to the gathering, consolidation and processing of consumer data.

Close