Threat management

Terms related to security threats, including definitions about anti-virus programs or firewalls and words and phrases about malware, viruses, Trojans and other security attacks.
  • AAA server (authentication, authorization and accounting) - An AAA server is a server program that handles user requests for access to computer resources and, for an enterprise, provides authentication, authorization and accounting (AAA) services.
  • active attack - An active attack is a network exploit in which a hacker attempts to make changes to data on the target or data en route to the target.
  • active defense - An active defense is the use of offensive actions to outmaneuver an adversary and make an attack more difficult and to carry out.
  • ActiveX - ActiveX is a set of object-oriented programming technologies and tools that Microsoft developed for Internet Explorer to facilitate rich media playback.
  • ActiveX controls - ActiveX controls are component program objects that Microsoft developed to enable applications to perform specific functions, such as displaying a calendar or playing a video.
  • address space layout randomization (ASLR) - Address space layout randomization (ASLR) is a memory-protection process for operating systems (OSes) that guards against buffer-overflow attacks by randomizing the location where system executables are loaded into memory.
  • advanced persistent threat (APT) - An advanced persistent threat (APT) is a prolonged and targeted cyber attack in which an intruder gains access to a network and remains undetected for an extended period.
  • adware - Adware is any software application in which an advertising banner or other advertising material displays or downloads while a program is running.
  • air gap (air gapping) - An air gap is a security measure that involves isolating a computer or network and preventing it from establishing an external connection.
  • alternate data stream (ADS) - An alternate data stream (ADS) is a feature of Windows New Technology File System (NTFS) that contains metadata for locating a specific file by author or title.
  • anti-money laundering software (AML) - Anti-laundering software is a type of computer program used by financial institutions to analyze customer data and detect suspicious transactions.
  • anti-spyware software - Anti-spyware software is a type of program designed to prevent and detect unwanted spyware program installations and to remove those programs if installed.
  • antispoofing - Antispoofing is a technique for identifying and dropping packets that have a false source address.
  • antivirus software (antivirus program) - Antivirus software (antivirus program) is a security program designed to prevent, detect, search and remove viruses and other types of malware from computers, networks and other devices.
  • asymmetric cyber attack - An asymmetric cyber attack refers to cyberwarfare that inflicts a proportionally large amount of damage compared to the resources used by targeting the victim's most vulnerable security measure.
  • ATM jackpotting - ATM jackpotting is the exploitation of physical and software vulnerabilities in automated banking machines that result in the machines dispensing cash.
  • attack surface - An attack surface is the total number of all possible entry points for unauthorized access into any system.
  • Automated Clearing House fraud (ACH fraud) - ACH fraud is the theft of funds through the U.
  • backdoor (computing) - A backdoor attack is a means to access a computer system or encrypted data that bypasses the system's customary security mechanisms.
  • backscatter spam - Backscatter spam, also called misdirected bounce spam or NDR spam, is a strategy for sending unsolicited email messages that takes advantage of the fact that certain types of mail transfer agent (MTA) programs return the entire message to the sender when a recipient's email address is invalid.
  • biometric payment - Biometric payment is a point-of-sale (POS) technology that uses biometric authentication physical characteristics to identify the user and authorize the deduction of funds from a bank account.
  • BIOS rootkit attack - A BIOS-level rootkit attack, also known as a persistent BIOS attack, is an exploit in which the BIOS is flashed (updated) with malicious code.
  • black hat hacker - A black hat hacker has been historically used to describe one who has malicious intent -- such as theft of information, fraud or disrupting systems -- but increasingly, more specific terms are being used to describe those people.
  • blended threat - A blended threat is an exploit that combines elements of multiple types of malware and usually employs various attack vectors to increase the severity of damage and the speed of contagion.
  • blockchain economy - The blockchain economy is a scenario and potential future environment in which the technology replaces current monetary systems, potentially on a global basis.
  • bluesnarfing - Bluesnarfing is a hacking technique in which a hacker accesses a wireless device through a Bluetooth connection.
  • bot - A bot -- short for robot and also called an internet bot -- is a computer program that operates as an agent for a user or other program or to simulate a human activity.
  • browser hijacker (browser hijacking) - A browser hijacker is a malware program that modifies web browser settings without the user's permission and redirects the user to websites the user had not intended to visit.
  • buffer underflow - A buffer underflow, also known as a buffer underrun or a buffer underwrite, is when the buffer -- the temporary holding space during data transfer -- is fed data at a lower rate than it is being read from.
  • bug bounty program - A bug bounty program, also called a vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals like ethical hackers and security researchers for discovering and reporting vulnerabilities and bugs in software.
  • burner phone - A burner phone, or 'burner,' is an inexpensive mobile phone designed for temporary, sometimes anonymous, use, after which it may be discarded.
  • business email compromise (BEC, man-in-the-email attack) - A business email compromise (BEC) is an exploit in which the attacker gains access to a corporate email account and spoofs the owner’s identity in order to commit fraud .
  • cache poisoning - Cache poisoning is a type of cyber attack in which attackers insert fake information into a domain name system (DNS) cache or web cache for the purpose of harming users.
  • CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) - A CAPTCHA is a type of challenge-response system designed to differentiate humans from robotic computer programs.
  • card verification value (CVV) - Card verification value (CVV) is a combination of features used in credit, debit and automated teller machine (ATM) cards for the purpose of establishing the owner's identity and minimizing the risk of fraud.
  • Certified Information Systems Security Professional (CISSP) - Certified Information Systems Security Professional (CISSP) is an information security certification developed by the International Information Systems Security Certification Consortium, also known as (ISC)².
  • chaos engineering - Chaos engineering is the process of testing a distributed computing system to ensure that it can withstand unexpected disruptions.
  • Chernobyl virus - The Chernobyl virus is a computer virus with a potentially devastating payload that destroys all computer data when an infected file is executed.
  • cipher - In cryptography, a cipher is an algorithm for encrypting and decrypting data.
  • ciphertext - Ciphertext is encrypted text transformed from plaintext using an encryption algorithm.
  • ciphertext feedback (CFB) - In cryptography, ciphertext feedback (CFB), also known as cipher feedback, is a mode of operation for a block cipher.
  • Class C2 - Class C2 is a security rating established by the U.
  • cloud infrastructure entitlement management (CIEM) - Cloud infrastructure entitlement management (CIEM) is a discipline for managing identities and privileges in cloud environments.
  • cloud penetration testing - Cloud penetration testing is a tactic an organization uses to assess its cloud security effectiveness by attempting to evade its own defenses.
  • cloud workload protection platform (CWPP) - A cloud workload protection platform (CWPP) is a security tool designed to protect workloads that run on premises, in the cloud or in a hybrid arrangement.
  • cloud-native application protection platform (CNAPP) - Cloud-native application protection platform, or CNAPP, is a software product that bundles multiple cloud security tools into one package, thereby delivering a holistic approach for securing an organization's cloud infrastructure, its cloud-native applications and its cloud workloads.
  • COBIT - COBIT is an IT governance framework for businesses wanting to implement, monitor and improve IT management best practices.
  • command-and-control server (C&C server) - A command-and-control server (C&C server) is a computer that issues directives to digital devices that have been infected with rootkits or other types of malware, such as ransomware.
  • Common Vulnerability Scoring System (CVSS) - The Common Vulnerability Scoring System (CVSS) is a public framework for rating the severity and characteristics of security vulnerabilities in information systems.
  • Common Weakness Enumeration (CWE) - Common Weakness Enumeration (CWE) is a universal online dictionary of weaknesses that have been found in computer software.
  • communications intelligence (COMINT) - Communications intelligence (COMINT) is information gathered from the communications between individuals or groups of individuals, including telephone conversations, text messages, email conversations, radio calls and online interactions.
  • computer cracker - A computer cracker is an outdated term used to describe someone who broke into computer systems, bypassed passwords or licenses in computer programs, or in other ways intentionally breached computer security.
  • Computer Emergency Response Team (CERT) - A Computer Emergency Response Team (CERT) is a group of information security experts responsible for the protection against, detection of and response to an organization’s cybersecurity incidents.
  • computer forensics (cyber forensics) - Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law.
  • computer security incident response team (CSIRT) - A computer security incident response team, or CSIRT, is a group of IT professionals that provides an organization with services and support surrounding the assessment, management and prevention of cybersecurity-related emergencies, as well as coordination of incident response efforts.
  • Conficker - Conficker is a fast-spreading worm that targets a vulnerability (MS08-067) in Windows operating systems.
  • consumer privacy (customer privacy) - Consumer privacy, also known as customer privacy, involves the handling and protection of the sensitive personal information provided by customers in the course of everyday transactions.
  • content personalization - Content personalization is a branding and marketing strategy in which webpages, email and other forms of content are tailored to match the characteristics, preferences or behaviors of individual users.
  • contextual marketing - Contextual marketing is an online marketing strategy model in which people are served with targeted advertising based on their search terms or their recent browsing behavior.
  • cookie - A cookie is information that a website puts on a user's computer.
  • cookie poisoning - Cookie poisoning is a type of cyber attack in which a bad actor hijacks, forges, alters or manipulates a cookie to gain unauthorized access to a user's account, open a new account in the user's name or steal the user's information for purposes such as identity theft.
  • counterintelligence - Counterintelligence (CI) is the information gathered and actions taken to identify and protect against an adversary’s knowledge collection activities or attempts to cause harm through sabotage or other actions.
  • credential stuffing - Credential stuffing is the practice of using stolen login information from one account to gain access to accounts on a number of sites through automated login.
  • credential theft - Credential theft is a type of cybercrime that involves stealing a victim's proof of identity.
  • cross-site scripting (XSS) - Cross-site scripting (XSS) is a type of injection attack in which a threat actor inserts data, such as a malicious script, into content from otherwise trusted websites.
  • cryptographic checksum - Generated by a cryptographic algorithm, a cryptographic checksum is a mathematical value assigned to a file sent through a network for verifying that the data contained in that file is unchanged.
  • cryptographic nonce - A nonce is a random or semi-random number that is generated for a specific use.
  • cryptojacking - Cryptojacking is a cybercrime in which another party's computing resources are hijacked to mine cryptocurrency.
  • cyber espionage - Cyber espionage (cyberespionage) is a type of cyber attack that malicious hackers carry out against a business or government entity.
  • cyber resilience - Cyber resilience is the ability of a computing system to identify, respond and recover quickly should it experience a security incident.
  • cyberbullying - Cyberbullying is a type of bullying in which one or more individuals use digital technologies to intentionally and repeatedly cause harm to another person.
  • cybersecurity asset management (CSAM) - Cybersecurity asset management (CSAM) is the process created to continuously discover, inventory, monitor, manage and track an organization's assets to determine what those assets do and identify and automatically remediate any gaps in its cybersecurity protections.
  • cyberterrorism - Cyberterrorism is usually defined as any premeditated, politically motivated attack against information systems, programs, and data that threatens violence or results in violence.
  • cyberwarfare - The generally accepted definition of cyberwarfare is a series of cyber attacks against a nation-state, causing it significant harm.
  • dark web monitoring - Dark web monitoring is the process of searching for and continuously tracking information on the dark web.
  • data availability - Data availability is a term used by computer storage manufacturers and storage service providers to describe how data should be available at a required level of performance in situations ranging from normal through disastrous.
  • data breach - A data breach is a cyber attack in which sensitive, confidential or otherwise protected data has been accessed or disclosed in an unauthorized fashion.
  • data integrity - Data integrity is the assurance that digital information is uncorrupted and can only be accessed or modified by those authorized to do so.
  • data splitting - Data splitting is when data is divided into two or more subsets.
  • deception technology - Deception technology is a class of security tools and techniques designed to prevent an attacker who has already entered the network from doing damage.
  • decompression bomb (zip bomb, zip of death attack) - A decompression bomb -- also known as a zip bomb or zip of death attack -- is a malicious archive file containing a large amount of compressed data.
  • dictionary attack - A dictionary attack is a method of breaking into a password-protected computer, network or other IT resource by systematically entering every word in a dictionary, or word list, as a password.
  • Diffie-Hellman key exchange (exponential key exchange) - Diffie-Hellman key exchange is a method of digital encryption that securely exchanges cryptographic keys between two parties over a public channel without their conversation being transmitted over the internet.
  • digital footprint - A digital footprint -- sometimes called a digital shadow -- is the body of data that an individual creates through their actions online.
  • digital forensics and incident response (DFIR) - Digital forensics and incident response (DFIR) is a combined set of cybersecurity operations that incident response teams use to detect, investigate and respond to cybersecurity events.
  • digital profiling - Digital profiling is the process of gathering and analyzing information about an individual that exists online.
  • Digital Signature Standard (DSS) - The Digital Signature Standard (DSS) is a digital signature algorithm (DSA) developed by the U.
  • directory traversal - Directory traversal is a type of HTTP exploit in which a hacker uses the software on a web server to access data in a directory other than the server's root directory.
  • distributed denial-of-service (DDoS) attack - A distributed denial-of-service (DDoS) attack is one in which multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource.
  • DNS attack - A DNS attack is an exploit in which an attacker takes advantage of vulnerabilities in the domain name system.
  • double extortion ransomware - Double extortion ransomware is a novel form of malware that combines ransomware with elements of extortionware to maximize the victim's potential payout.
  • dropper - A dropper is a small helper program that facilitates the delivery and installation of malware.
  • dumpster diving - Dumpster diving is looking for treasure in someone else's trash.
  • Electronic Code Book (ECB) - Electronic Code Book (ECB) is a simple mode of operation with a block cipher that's mostly used with symmetric key encryption.
  • electronic discovery (e-discovery or ediscovery) - Electronic discovery -- also called e-discovery or ediscovery -- refers to any process of obtaining and exchanging evidence in a civil or criminal legal case.
  • electronic intelligence (ELINT) - Electronic intelligence (ELINT) is intelligence gathered using electronic sensors, usually used in military applications.
  • Elk Cloner - Elk Cloner is the first personal computer virus or self-replicating program known to have spread in the wild on a large scale.
  • email security - Email security is the process of ensuring the availability, integrity and authenticity of email communications by protecting against unauthorized access and email threats.
  • email virus - An email virus consists of malicious code distributed in email messages to infect one or more devices.
  • embedded system security - Embedded system security is a strategic approach to protecting software running on embedded systems from attack.