Threat management

Terms related to security threats, including definitions about anti-virus programs or firewalls and words and phrases about malware, viruses, Trojans and other security attacks.
  • Federal Emergency Management Agency (FEMA) - Federal Emergency Management Agency (FEMA) is a United States government agency with the purpose to coordinate aid and respond to disasters around the nation when local resources are insufficient.
  • FFIEC compliance (Federal Financial Institutions Examination Council) - FFIEC compliance is conformance to a set of standards for online banking issued in October 2005 by the Federal Financial Institutions Examination Council (FFIEC).
  • footprinting - Footprinting is an ethical hacking technique used to gather as much data as possible about a specific targeted computer system, an infrastructure and networks to identify opportunities to penetrate them.
  • freeware - Freeware (not to be confused with free software) is a type of proprietary software that is released without charge to the public.
  • frequency-hopping spread spectrum (FHSS) - Frequency-hopping spread spectrum (FHSS) transmission is the repeated switching of the carrier frequency during radio transmission to reduce interference and avoid interception.
  • Google dork query - A Google dork query, sometimes just referred to as a dork, is a search string or custom query that uses advanced search operators to find information not readily available on a website.
  • Great Firewall of China - The Great Firewall of China is the name that western media has given to the combination of tools, services and rules that the government of the People's Republic of China uses to block certain internet content from those within China's borders.
  • hacking as a service (HaaS) - Hacking as a service (HaaS) is the commercialization of hacking skills, in which the hacker serves as a contractor.
  • hard-drive encryption - Hard-drive encryption is a technology that encrypts the data stored on a hard drive using sophisticated mathematical functions.
  • hashing - Hashing is the process of transforming any given key or a string of characters into another value.
  • Heartbleed - Heartbleed was a vulnerability in some implementations of OpenSSL, an open source cryptographic library.
  • honey monkey - A honey monkey is a virtual computer system that is programmed to lure, detect, identify and neutralize malicious activity on the Internet.
  • honeynet - A honeynet is a network set up with intentional vulnerabilities hosted on a decoy server to attract hackers.
  • Hypertext Transfer Protocol Secure (HTTPS) - Hypertext Transfer Protocol Secure (HTTPS) is a protocol that secures communication and data transfer between a user's web browser and a website.
  • hypervisor security - Hypervisor security is the process of ensuring the hypervisor -- the software that enables virtualization -- is secure throughout its lifecycle.
  • identity theft - Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable information (PII), such as Social Security or driver's license numbers, to impersonate someone else.
  • ILOVEYOU virus - The ILOVEYOU virus comes in an email with 'ILOVEYOU' in the subject line and contains an attachment that, when opened, results in the message being re-sent to everyone in the recipient's Microsoft Outlook address book.
  • indicators of compromise (IOC) - Indicators of compromise are unusual activities on a system or network that imply the presence of a malicious actor.
  • industrial espionage - Industrial espionage is the covert, and sometimes illegal, practice of investigating competitors to gain a business advantage.
  • inline frame (iframe) - An inline frame (iframe) is a HTML element that loads another HTML page within the document.
  • input validation attack - An input validation attack is any malicious action against a computer system that involves manually entering strange information into a normal user input field.
  • insecure deserialization - Insecure deserialization is a vulnerability in which untrusted or unknown data is used to inflict a denial-of-service attack, execute code, bypass authentication or otherwise abuse the logic behind an application.
  • insider threat - An insider threat is a category of risk posed by those who have access to an organization's physical or digital assets.
  • International Data Encryption Algorithm (IDEA) - The International Data Encryption Algorithm (IDEA) is a symmetric key block cipher encryption algorithm designed to encrypt text to an unreadable format for transmission via the internet.
  • intrusion prevention system (IPS) - An intrusion prevention system (IPS) is a cybersecurity tool that examines network traffic to identify potential threats and automatically take action against them.
  • IoT security (internet of things security) - IoT security (internet of things security) is the technology segment focused on safeguarding connected devices and networks in IoT.
  • IP spoofing - Internet Protocol (IP) spoofing is a type of malicious attack where the threat actor hides the true source of IP packets to make it difficult to know where they came from.
  • ISA Server - Microsoft's ISA Server (Internet Security and Acceleration Server) was the successor to Microsoft's Proxy Server 2.
  • ISO/TS 22317 (International Organization for Standardization Technical Standard 22317) - ISO/TS 22317 is the first formal standard to address the business impact analysis process.
  • JavaScript - JavaScript is a programming language that started off simply as a mechanism to add logic and interactivity to an otherwise static Netscape browser.
  • juice jacking - Juice jacking is a security exploit in which an infected USB charging station is used to compromise devices that connect to it.
  • key fob - A key fob is a small, programmable device that provides access to a physical object.
  • keylogger (keystroke logger or system monitor) - A keylogger, sometimes called a keystroke logger, is a type of surveillance technology used to monitor and record each keystroke on a specific device, such as a computer or smartphone.
  • kill switch - A kill switch in an IT context is a mechanism used to shut down or disable a device or program.
  • LEAP (Lightweight Extensible Authentication Protocol) - LEAP (Lightweight Extensible Authentication Protocol) is a Cisco-proprietary version of EAP, the authentication protocol used in wireless networks and Point-to-Point connections.
  • logic bomb - A logic bomb is a string of malicious code that is inserted intentionally into a program to harm a network when certain conditions are met.
  • macro virus - A macro virus is a computer virus written in the same macro language used to create software programs such as Microsoft Excel or Word.
  • macrotrend - A macrotrend is a pervasive and persistent shift in the direction of some phenomenon on a global level.
  • mail bomb - A mail bomb is a form of a denial-of-service (DoS) attack designed to overwhelm an inbox or inhibit a server by sending a massive number of emails to a specific person or system.
  • managed security service provider (MSSP) - A managed security service provider (MSSP) is an IT service provider that sells security services to businesses.
  • MD5 - The MD5 (message-digest algorithm) hashing algorithm is a one-way cryptographic function that accepts a message of any length as input and returns as output a fixed-length digest value to be used for authenticating the original message.
  • meet-in-the-middle attack - Meet-in-the-middle is a known plaintext attack that can greatly reduce the number of brute-force permutations required to decrypt text that has been encrypted by more than one key.
  • Melissa virus - Melissa was a type of email virus that initially become an issue in early 1999.
  • metamorphic and polymorphic malware - Metamorphic and polymorphic malware are two types of malicious software (malware) that can change their code as they propagate through a system.
  • MICR (magnetic ink character recognition) - MICR (magnetic ink character recognition) is a technology invented in the 1950s that's used to verify the legitimacy or originality of checks and other paper documents.
  • Microsoft Online Services Sign-In Assistant - The Microsoft Online Services Sign-In Assistant is a software application that provides common sign-on capabilities for a suite of Microsoft online services, such as Office 365.
  • mobile malware - Mobile malware is malicious software specifically written to attack mobile devices such as smartphones, tablets, and smartwatches.
  • mutual authentication - Mutual authentication, also called two-way authentication, is a process or technology in which both entities in a communications link authenticate each other.
  • national identity card - A national identity card is a portable document, typically a plasticized card with digitally embedded information, that is used to verify aspects of a person's identity.
  • near-field communication (NFC) - Near-field communication (NFC) is a short-range wireless connectivity technology that uses magnetic field induction to enable communication between devices when they're touched together or brought within a few centimeters of each other.
  • network intrusion protection system (NIPS) - A network intrusion protection system (NIPS) is an umbrella term for a combination of hardware and software systems that protect computer networks from unauthorized access and malicious activity.
  • network vulnerability scanning - Network vulnerability scanning is the process of inspecting and reporting potential vulnerabilities and security loopholes on a computer, network, web application or other device, including firewalls, switches, routers and wireless access points.
  • Nimda - First appearing on September 18, 2001, Nimda is a computer virus that caused traffic slowdowns as it rippled across the internet.
  • nonrepudiation - Nonrepudiation ensures that no party can deny that it sent or received a message via encryption and/or digital signatures or approved some information.
  • offensive security - Offensive security is the practice of actively seeking out vulnerabilities in an organization's cybersecurity.
  • one-time pad - In cryptography, a one-time pad is a system in which a randomly generated private key is used only once to encrypt a message that is then decrypted by the receiver using a matching one-time pad and key.
  • Open System Authentication (OSA) - Open System Authentication (OSA) is a process by which a computer could gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol.
  • out-of-band patch - An out-of-band patch is a patch released at some time other than the normal release time.
  • parameter tampering - Parameter tampering is a type of web-based cyber attack in which certain parameters in a URL are changed without a user's authorization.
  • passive attack - A passive attack is a network attack in which a system is monitored and sometimes scanned for open ports and vulnerabilities.
  • passive reconnaissance - Passive reconnaissance is an attempt to gain information about targeted computers and networks without actively engaging with the systems.
  • passphrase - A passphrase is a sentencelike string of words used for authentication that is longer than a traditional password, easy to remember and difficult to crack.
  • password salting - Password salting is a technique to protect passwords stored in databases by adding a string of 32 or more characters and then hashing them.
  • Patch Tuesday - Patch Tuesday is the unofficial name of Microsoft's monthly scheduled release of security fixes for the Windows operating system (OS) and other Microsoft software.
  • Pegasus malware - Pegasus malware is spyware that can hack any iOS or Android device and steal a variety of data from the infected device, including text messages, emails, key logs, audio and information from installed applications, such as Facebook or Instagram.
  • phishing kit - A phishing kit is a collection of tools assembled to make it easier for people with little technical skill to launch a phishing exploit.
  • ping sweep (ICMP sweep) - A ping sweep (also known as an ICMP sweep) is a basic network scanning technique used to determine which of a range of IP addresses map to live hosts (computers).
  • plaintext - In cryptography, plaintext is usually ordinary readable text before it is encrypted into ciphertext or after it is decrypted.
  • Plundervolt - Plundervolt is the name of an undervolting attack that targeted Intel central processing units (CPUs).
  • POODLE Attack - The POODLE attack, also known as CVE-2014-3566, is an exploit used to steal information from secure connections, including cookies, passwords and any of the other type of browser data that gets encrypted as a result of the secure sockets layer (SSL) protocol.
  • Presidential Policy Directive 21 (PPD-21) - Presidential Policy Directive 21 (PPD-21) is an infrastructure protection and resilience directive in the United States that aims to strengthen and secure the country's critical infrastructure.
  • Prisma - Prisma is a cloud security suite that provides four different services that use rule-based security policies and machine learning to protect cloud services.
  • Prometheus - Prometheus is an open source monitoring and alerting toolkit for microservices and containers that provides flexible queries and real-time notifications.
  • proxy hacking - Proxy hacking is a cyber attack technique designed to supplant an authentic webpage in a search engine's index and search results pages to drive traffic to an imitation site.
  • Public-Key Cryptography Standards (PKCS) - Public-Key Cryptography Standards (PKCS) are a set of standard protocols, numbered from 1 to 15.
  • quantum supremacy - Quantum supremacy is the experimental demonstration of a quantum computer's dominance and advantage over classical computers by performing calculations previously impossible at unmatched speeds.
  • RADIUS (Remote Authentication Dial-In User Service) - RADIUS (Remote Authentication Dial-In User Service) is a client-server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service.
  • rainbow table - A rainbow table is a password hacking tool that uses a precomputed table of reversed password hashes to crack passwords in a database.
  • RAT (remote access Trojan) - A RAT (remote access Trojan) is malware an attacker uses to gain full administrative privileges and remote control of a target computer.
  • Rijndael - Rijndael (pronounced rain-dahl) is an Advanced Encryption Standard (AES) algorithm.
  • risk-based vulnerability management (RBVM) - Risk-based vulnerability management (RBVM) is an approach to identifying and addressing security vulnerabilities in an organization's IT environment that prioritizes remediating vulnerabilities that pose the greatest risk.
  • sandbox - A sandbox is an isolated testing environment that enables users to run programs or open files without affecting the application, system or platform on which they run.
  • scareware - Scareware is a type of malware tactic used to manipulate victims into downloading or buying potentially malware-infested software.
  • script kiddie - Script kiddie is a derogative term that computer hackers coined to refer to immature, but often just as dangerous, exploiters of internet security weaknesses.
  • Secure Electronic Transaction (SET) - Secure Electronic Transaction (SET) is a system and electronic protocol to ensure the integrity and security of transactions conducted over the internet.
  • security audit - A security audit is a systematic evaluation of the security of a company's information system by measuring how well it conforms to an established set of criteria.
  • security awareness training - Security awareness training is a strategic approach IT and security professionals take to educate employees and stakeholders on the importance of cybersecurity and data privacy.
  • security clearance - A security clearance is an authorization that allows access to information that would otherwise be forbidden.
  • security identifier (SID) - In the context of Windows computing and Microsoft Active Directory (AD), a security identifier (SID) is a unique value that is used to identify any security entity that the operating system (OS) can authenticate.
  • security incident - A security incident is an event that could indicate that an organization's systems or data have been compromised or that security measures put in place to protect them have failed.
  • security information management (SIM) - Security information management (SIM) is the practice of collecting, monitoring and analyzing security-related data from computer logs and various other data sources.
  • security policy - A security policy is a document that states in writing how a company plans to protect its physical and information technology (IT) assets.
  • security posture - Security posture refers to an organization's overall cybersecurity strength and how well it can predict, prevent and respond to ever-changing cyberthreats.
  • security theater - Security theater includes any measures taken by a company or security team to create an atmosphere of safety that may only achieve the appearance of heightened security.
  • security token - A security token is a physical or wireless device that provides two-factor authentication (2FA) for users to prove their identity in a login process.
  • Sender Policy Framework (SPF) - Sender Policy Framework (SPF) is a protocol designed to restrict who can use an organization's domain as the source of an email message.
  • SEO poisoning (search poisoning) - SEO poisoning, also known as 'search poisoning,' is a type of malicious advertising (malvertising) in which cybercriminals create malicious websites and then use search engine optimization (SEO) techniques to cause the sites' links to show up prominently in search results, often as ads at the top of the results.
  • session ID - A session ID, also called a session token, is a unique identifier that a web server assigns to a user for the duration of the current session.
  • shadow IT - Shadow IT is hardware or software within an enterprise that is not supported by the organization's central IT department.
  • shadow password file - A shadow password file, also known as /etc/shadow, is a system file in Linux that stores encrypted user passwords and is accessible only to the root user, preventing unauthorized users or malicious actors from breaking into the system.