Browse Definitions :

Threat management

Terms related to security threats, including definitions about anti-virus programs or firewalls and words and phrases about malware, viruses, Trojans and other security attacks.

CYB - MAL

  • cyber attack - A cyber attack is any attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage.
  • cyber attribution - Cyber attribution is the process of tracking, identifying and laying blame on the perpetrator of a cyberattack or other hacking exploit.
  • cyber espionage - Cyber espionage (cyberespionage) is a type of cyber attack that malicious hackers carry out against a business or government entity.
  • cyber hijacking - Cyber hijacking, or computer hijacking, is a type of network security attack in which the attacker takes control of computer systems, software programs and/or network communications.
  • cyber resilience - Cyber resilience is a concept that refers to the security that goes beyond defense and prevention to focus on response and resilience in moments of crisis.
  • cyberbullying - Cyberbullying is a type of bullying in which one or more individuals use digital technologies to intentionally and repeatedly cause harm to another person.
  • cybercrime - Cybercrime is any criminal activity that involves a computer, networked device or a network.
  • cyberextortion - Cyberextortion is a crime involving an attack or threat of an attack coupled with a demand for money or some other response in return for stopping or remediating the attack.
  • cyberterrorism - Cyberterrorism is often defined as any premeditated, politically motivated attack against information systems, programs and data that threatens violence or results in violence.
  • cyberwarfare - The generally accepted definition of cyberwarfare is a series of cyber attacks against a nation-state, causing it significant harm.
  • data availability - Data availability is a term used by computer storage manufacturers and storage service providers to describe how data should be available at a required level of performance in situations ranging from normal through disastrous.
  • data breach - A data breach is a cyber attack in which sensitive, confidential or otherwise protected data has been accessed or disclosed in an unauthorized fashion.
  • Data Encryption Standard (DES) - Data Encryption Standard (DES) is an outdated symmetric key method of data encryption.
  • data integrity - Data integrity is the assurance that digital information is uncorrupted and can only be accessed or modified by those authorized to do so.
  • data splitting - Data splitting is when data is divided into two or more subsets.
  • deception technology - Deception technology is a class of security tools and techniques designed to prevent an attacker who has already entered the network from doing damage.
  • decompression bomb (zip bomb, zip of death attack) - A decompression bomb -- also known as a zip bomb or zip of death attack -- is a malicious archive file containing a large amount of compressed data.
  • dictionary attack - A dictionary attack is a method of breaking into a password-protected computer, network or other IT resource by systematically entering every word in a dictionary as a password.
  • Diffie-Hellman key exchange (exponential key exchange) - Diffie-Hellman key exchange is a method of digital encryption that securely exchanges cryptographic keys between two parties over a public channel without their conversation being transmitted over the internet.
  • digital footprint - A digital footprint -- sometimes called a digital shadow -- is the body of data that an individual creates through their actions online.
  • digital profiling - Digital profiling is the process of gathering and analyzing information about an individual that exists online.
  • Digital Signature Standard (DSS) - The Digital Signature Standard (DSS) is a digital signature algorithm (DSA) developed by the U.
  • directory traversal - Directory traversal is a type of HTTP exploit in which a hacker uses the software on a web server to access data in a directory other than the server's root directory.
  • disaster recovery plan (DRP) - A disaster recovery plan (DRP) is a documented, structured approach that describes how an organization can quickly resume work after an unplanned incident.
  • distributed denial-of-service (DDoS) attack - A distributed denial-of-service (DDoS) attack is one in which multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource.
  • DMZ in networking - In computer networks, a DMZ, or demilitarized zone, is a physical or logical subnet that separates a local area network (LAN) from other untrusted networks -- usually, the public internet.
  • DNS attack - A DNS attack is an exploit in which an attacker takes advantage of vulnerabilities in the domain name system (DNS).
  • domain generation algorithm (DGA) - A domain generation algorithm (DGA) is a program that generates a large list of domain names.
  • double blind test - Double blind test is an experiment where both the subject and observer are unaware that the exercise in practice is a test.
  • dropper - A dropper is a small helper program that facilitates the delivery and installation of malware.
  • dumpster diving - Dumpster diving is looking for treasure in someone else's trash.
  • Electronic Code Book (ECB) - Electronic Code Book (ECB) is a simple mode of operation with a block cipher that's mostly used with symmetric key encryption.
  • electronic discovery (e-discovery or ediscovery) - Electronic discovery -- also called e-discovery or ediscovery -- refers to any process of obtaining and exchanging evidence in a civil or criminal legal case.
  • ELINT (electronic intelligence) - Electronic intelligence (ELINT) is intelligence gathered by the use of electronic sensors.
  • Elk Cloner - Elk Cloner is the first personal computer virus or self-replicating program known to have spread in the wild on a large scale.
  • elliptical curve cryptography (ECC) - Elliptical curve cryptography (ECC) is a public key encryption technique based on elliptic curve theory that can be used to create faster, smaller and more efficient cryptographic keys.
  • email security - Email security is the process of ensuring the availability, integrity and authenticity of email communications by protecting against the risk of email threats.
  • email spam - Email spam, also known as junk email, refers to unsolicited email messages, usually sent in bulk to a large list of recipients.
  • email spoofing - Email spoofing is a form of cyber attack in which a hacker sends an email that has been manipulated to seem as if it originated from a trusted source.
  • email virus - An email virus consists of malicious code distributed in email messages to infect one or more devices.
  • embedded system security - Embedded system security is a strategic approach to protecting software running on embedded systems from attack.
  • emergency management plan - An emergency management plan should include measures that provide for the safety of personnel and, if possible, property and facilities.
  • encoding and decoding - Encoding and decoding are used in many forms of communications, including computing, data communications, programming, digital electronics and human communications.
  • encryption - Encryption is the method by which information is converted into secret code that hides the information's true meaning.
  • encryption key - In cryptography, an encryption key is a variable value that is applied using an algorithm to a string or block of unencrypted text to produce encrypted text or to decrypt encrypted text.
  • endpoint detection and response (EDR) - Endpoint detection and response (EDR) is a system to gather and analyze security threat-related information from computer workstations and other endpoints, with the goal of finding security breaches as they happen and facilitating a quick response to discovered or potential threats.
  • enterprise risk management (ERM) - Enterprise risk management is the process of planning, organizing, directing and controlling the activities of an organization to minimize the deleterious effects of risk on its capital and earnings.
  • ethical hacker - An ethical hacker, or white hat hacker, is an information security expert authorized by an organization to penetrate computing infrastructure to find security vulnerabilities a malicious hacker could exploit.
  • evil twin attack - An evil twin attack is a rogue Wi-Fi access point (AP) that masquerades as a legitimate one, enabling an attacker to gain access to sensitive information without the end user's knowledge.
  • executable file (EXE file) - An executable file (EXE file) is a computer file that contains an encoded sequence of instructions that the system can execute directly when the user clicks the file icon.
  • Facebook cloning - Facebook cloning is a scam in which the attacker copies the profile picture of an authorized user, creates a new account using that person’s name and sends friend requests to people on the user’s list.
  • Faraday cage - A Faraday cage is a metallic enclosure that prevents the entry or escape of an electromagnetic field (EM field).
  • Federal Emergency Management Agency (FEMA) - Federal Emergency Management Agency (FEMA) is a United States government agency with the purpose to coordinate aid and respond to disasters around the nation when local resources are insufficient.
  • federated identity management (FIM) - Federated identity management (FIM) is an arrangement between multiple enterprises or domains that enables their users to use the same identification data (digital identity) to access all their networks.
  • FFIEC compliance (Federal Financial Institutions Examination Council) - FFIEC compliance is conformance to a set of standards for online banking issued in October 2005 by the Federal Financial Institutions Examination Council (FFIEC).
  • firewall - A firewall is a network security device that prevents unauthorized access to a network.
  • footprinting - Footprinting is an ethical hacking technique used to gather as much data as possible about a specific targeted computer system, an infrastructure and networks to identify opportunities to penetrate them.
  • freeware - Freeware (not to be confused with free software) is a type of proprietary software that is released without charge to the public.
  • frequency-hopping spread spectrum (FHSS) - Frequency-hopping spread spectrum (FHSS) transmission is the repeated switching of the carrier frequency during radio transmission to reduce interference and avoid interception.
  • Google dork query - A Google dork query, sometimes just referred to as a dork, is a search string or custom query that uses advanced search operators to find information not readily available on a website.
  • government Trojan - A government Trojan is spyware installed on a computer or network by a law enforcement agency for the purpose of capturing information relevant to a criminal investigation.
  • Great Firewall of China - The Great Firewall of China is the name that western media has given to the combination of tools, services and rules that the government of the People's Republic of China uses to block certain internet content from those within China's borders.
  • Group Policy Object (GPO) - Microsoft’s Group Policy Object (GPO) is a collection of Group Policy settings that defines what a system will look like and how it will behave for a defined group of users.
  • gyroscope - A gyroscope is a device with a spinning disc or wheel mechanism that harnesses the principle of conservation of angular momentum: the tendency for the spin of a system to remain constant unless subjected to external torque.
  • hacker - A hacker is an individual who uses computer, networking or other skills to overcome a technical problem.
  • hacking as a service (HaaS) - Hacking as a service (HaaS) is the commercialization of hacking skills, in which the hacker serves as a contractor.
  • hacktivism - Hacktivism is the act of misusing a computer system or network for a socially or politically motivated reason.
  • hard-drive encryption - Hard-drive encryption is a technology that encrypts the data stored on a hard drive using sophisticated mathematical functions.
  • hardware vulnerability - A hardware vulnerability is an exploitable weakness in a computer system that enables attack through remote or physical access to system hardware.
  • hashing - Hashing is the process of transforming any given key or a string of characters into another value.
  • Heartbleed - Heartbleed was a vulnerability in some implementations of OpenSSL, an open source cryptographic library.
  • honey monkey - A honey monkey is a virtual computer system that is programmed to lure, detect, identify and neutralize malicious activity on the Internet.
  • honeynet - A honeynet is a network set up with intentional vulnerabilities hosted on a decoy server to attract hackers.
  • honeypot (computing) - A honeypot is a network-attached system set up as a decoy to lure cyber attackers and detect, deflect and study hacking attempts to gain unauthorized access to information systems.
  • host intrusion prevention systems (HIPS) - A host intrusion prevention system (HIPS) is a security method that relies on third-party software tools to monitor network traffic and system activities for anomalous code behavior to identify and prevent malicious activities.
  • Hypertext Transfer Protocol Secure (HTTPS) - Hypertext Transfer Protocol Secure (HTTPS) is a protocol that secures communication and data transfer between a user's web browser and a website.
  • hypervisor security - Hypervisor security is the process of ensuring the hypervisor -- the software that enables virtualization -- is secure throughout its lifecycle.
  • ICS security (industrial control system security) - ICS security is the area of concern involving the safeguarding of industrial control systems, the integrated hardware and software designed to monitor and control the operation of machinery and associated devices in industrial environments.
  • identity theft - Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable information (PII), such as Social Security or driver's license numbers, to impersonate someone else.
  • ILOVEYOU virus - The ILOVEYOU virus comes in an email with 'ILOVEYOU' in the subject line and contains an attachment that, when opened, results in the message being re-sent to everyone in the recipient's Microsoft Outlook address book.
  • Indicators of Compromise (IOC) - Indicators of compromise are unusual activities on a system or network that imply the presence of a malicious actor.
  • industrial espionage - Industrial espionage is the covert, and sometimes illegal, practice of investigating competitors to gain a business advantage.
  • initialization vector - An initialization vector (IV) is an arbitrary number that can be used with a secret key for data encryption to foil cyber attacks.
  • inline frame (iframe) - An inline frame (iframe) is a HTML element that loads another HTML page within the document.
  • input validation attack - An input validation attack is any malicious action against a computer system that involves manually entering strange information into a normal user input field.
  • insecure deserialization - Insecure deserialization is a vulnerability in which an untrusted or unknown data is used to either inflict a denial of service attack (DoS attack), execute code, bypass authentication or further abuse the logic behind an application.
  • insider threat - An insider threat is a category of risk posed by those who have access to an organization's physical or digital assets.
  • International Data Encryption Algorithm (IDEA) - The International Data Encryption Algorithm (IDEA) is a symmetric key block cipher encryption algorithm designed to encrypt text to an unreadable format for transmission via the internet.
  • Internet Crime Complaint Center (IC3) - The Internet Crime Complaint Center (IC3) is a website and that offers users a standardized mechanism and interface to report suspected cybercrime or other illegal activity facilitated by the internet.
  • Internet Key Exchange (IKE) - Internet Key Exchange (IKE) is a standard protocol used to set up a secure and authenticated communication channel between two parties via a virtual private network (VPN).
  • intrusion detection system (IDS) - An intrusion detection system (IDS) is a system that monitors network traffic for suspicious activity and alerts when such activity is discovered.
  • intrusion prevention system (IPS) - An intrusion prevention system (IPS) is a cybersecurity tool that examines network traffic to identify potential threats and automatically take action against them.
  • IoT security (internet of things security) - IoT security is the technology segment focused on safeguarding connected devices and networks in the internet of things (IoT).
  • IP spoofing - Internet Protocol (IP) spoofing is a type of malicious attack where the threat actor hides the true source of IP packets to make it difficult to know where they came from.
  • IPsec (Internet Protocol Security) - IPsec (Internet Protocol Security) is a suite of protocols and algorithms for securing data transmitted over the internet or any public network.
  • ISA Server - Microsoft's ISA Server (Internet Security and Acceleration Server) was the successor to Microsoft's Proxy Server 2.
  • ISO 27001 - ISO 27001, formally known as ISO/IEC 27001:2022, is an information security standard created by the International Organization for Standardization (ISO), which provides a framework and guidelines for establishing, implementing and managing an information security management system (ISMS).
  • JavaScript - JavaScript is a programming language that started off simply as a mechanism to add logic and interactivity to an otherwise static Netscape browser.
  • juice jacking - Juice jacking is a security exploit in which an infected USB charging station is used to compromise devices that connect to it.
  • Kerberos - Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet.
AAA - CYB
MAN - SIG
Back to Top
Networking
Security
CIO
HRSoftware
  • talent pipeline

    A talent pipeline is a pool of candidates who are ready to fill a position.

  • recruitment process outsourcing (RPO)

    Recruitment process outsourcing (RPO) is when an employer turns the responsibility of finding potential job candidates over to a ...

  • human resources (HR) generalist

    A human resources generalist is an HR professional who handles the daily responsibilities of talent management, employee ...

Customer Experience
  • outbound marketing

    Outbound marketing is a traditional form of marketing in which an organization initiates contact with potential customers, or ...

  • churn rate

    Churn rate is a measure of the number of customers or employees who leave a company during a given period.

  • marketing campaign management

    Marketing campaign management is the planning, executing, tracking and analysis of direct marketing campaigns.

Close