Browse Definitions :

Threat management

Terms related to security threats, including definitions about anti-virus programs or firewalls and words and phrases about malware, viruses, Trojans and other security attacks.
  • data breach - A data breach is a cyber attack in which sensitive, confidential or otherwise protected data has been accessed or disclosed in an unauthorized fashion.
  • Data Encryption Standard (DES) - Data Encryption Standard (DES) is an outdated symmetric key method of data encryption.
  • data integrity - Data integrity is the assurance that digital information is uncorrupted and can only be accessed or modified by those authorized to do so.
  • data splitting - Data splitting is when data is divided into two or more subsets.
  • deception technology - Deception technology is a class of security tools and techniques designed to prevent an attacker who has already entered the network from doing damage.
  • decompression bomb (zip bomb, zip of death attack) - A decompression bomb -- also known as a zip bomb or zip of death attack -- is a malicious archive file containing a large amount of compressed data.
  • dictionary attack - A dictionary attack is a method of breaking into a password-protected computer, network or other IT resource by systematically entering every word in a dictionary, or word list, as a password.
  • Diffie-Hellman key exchange (exponential key exchange) - Diffie-Hellman key exchange is a method of digital encryption that securely exchanges cryptographic keys between two parties over a public channel without their conversation being transmitted over the internet.
  • digital footprint - A digital footprint -- sometimes called a digital shadow -- is the body of data that an individual creates through their actions online.
  • digital forensics and incident response (DFIR) - Digital forensics and incident response (DFIR) is a combined set of cybersecurity operations that incident response teams use to detect, investigate and respond to cybersecurity events.
  • digital profiling - Digital profiling is the process of gathering and analyzing information about an individual that exists online.
  • Digital Signature Standard (DSS) - The Digital Signature Standard (DSS) is a digital signature algorithm (DSA) developed by the U.
  • directory traversal - Directory traversal is a type of HTTP exploit in which a hacker uses the software on a web server to access data in a directory other than the server's root directory.
  • disaster recovery plan (DRP) - A disaster recovery plan (DRP) is a documented, structured approach that describes how an organization can quickly resume work after an unplanned incident.
  • distributed denial-of-service (DDoS) attack - A distributed denial-of-service (DDoS) attack is one in which multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource.
  • DMZ in networking - In computer networks, a DMZ, or demilitarized zone, is a physical or logical subnet that separates a local area network (LAN) from other untrusted networks -- usually, the public internet.
  • DNS attack - A DNS attack is an exploit in which an attacker takes advantage of vulnerabilities in the domain name system (DNS).
  • domain generation algorithm (DGA) - A domain generation algorithm (DGA) is a program that generates a large list of domain names.
  • double blind test - Double blind test is an experiment where both the subject and observer are unaware that the exercise in practice is a test.
  • double extortion ransomware - Double extortion ransomware is a novel form of malware that combines ransomware with elements of extortionware to maximize the victim's potential payout.
  • dropper - A dropper is a small helper program that facilitates the delivery and installation of malware.
  • dumpster diving - Dumpster diving is looking for treasure in someone else's trash.
  • Electronic Code Book (ECB) - Electronic Code Book (ECB) is a simple mode of operation with a block cipher that's mostly used with symmetric key encryption.
  • electronic discovery (e-discovery or ediscovery) - Electronic discovery -- also called e-discovery or ediscovery -- refers to any process of obtaining and exchanging evidence in a civil or criminal legal case.
  • ELINT (electronic intelligence) - Electronic intelligence (ELINT) is intelligence gathered by the use of electronic sensors.
  • Elk Cloner - Elk Cloner is the first personal computer virus or self-replicating program known to have spread in the wild on a large scale.
  • elliptical curve cryptography (ECC) - Elliptical curve cryptography (ECC) is a public key encryption technique based on elliptic curve theory that can be used to create faster, smaller and more efficient cryptographic keys.
  • email security - Email security is the process of ensuring the availability, integrity and authenticity of email communications by protecting against unauthorized access and email threats.
  • email spam - Email spam, also known as junk email, refers to unsolicited email messages, usually sent in bulk to a large list of recipients.
  • email spoofing - Email spoofing is a form of cyber attack in which a hacker sends an email that has been manipulated to seem as if it originated from a trusted source.
  • email virus - An email virus consists of malicious code distributed in email messages to infect one or more devices.
  • embedded system security - Embedded system security is a strategic approach to protecting software running on embedded systems from attack.
  • emergency management plan - An emergency management plan should include measures that provide for the safety of personnel and, if possible, property and facilities.
  • encoding and decoding - Encoding and decoding are used in many forms of communications, including computing, data communications, programming, digital electronics and human communications.
  • encryption - Encryption is the method by which information is converted into secret code that hides the information's true meaning.
  • encryption key - In cryptography, an encryption key is a variable value that is applied using an algorithm to a string or block of unencrypted text to produce encrypted text or to decrypt encrypted text.
  • endpoint detection and response (EDR) - Endpoint detection and response (EDR) is a system to gather and analyze security threat-related information from computer workstations and other endpoints, with the goal of finding security breaches as they happen and facilitating a quick response to discovered or potential threats.
  • ethical hacker - An ethical hacker, or white hat hacker, is an information security expert authorized by an organization to penetrate computing infrastructure to find security vulnerabilities a malicious hacker could exploit.
  • evil twin attack - An evil twin attack is a rogue Wi-Fi access point (AP) that masquerades as a legitimate one, enabling an attacker to gain access to sensitive information without the end user's knowledge.
  • executable file (EXE file) - An executable file (EXE file) is a computer file that contains an encoded sequence of instructions that the system can execute directly when the user clicks the file icon.
  • extended detection and response (XDR) - Extended detection and response (XDR) is a technology-driven cybersecurity process designed to help organizations detect and remediate security threats across their entire IT environment.
  • Facebook cloning - Facebook cloning is a scam in which the attacker copies the profile picture of an authorized user, creates a new account using that person’s name and sends friend requests to people on the user’s list.
  • Faraday cage - A Faraday cage is a metallic enclosure that prevents the entry or escape of an electromagnetic field (EM field).
  • Federal Emergency Management Agency (FEMA) - Federal Emergency Management Agency (FEMA) is a United States government agency with the purpose to coordinate aid and respond to disasters around the nation when local resources are insufficient.
  • federated identity management (FIM) - Federated identity management (FIM) is an arrangement between multiple enterprises or domains that enables their users to use the same identification data (digital identity) to access all their networks.
  • FFIEC compliance (Federal Financial Institutions Examination Council) - FFIEC compliance is conformance to a set of standards for online banking issued in October 2005 by the Federal Financial Institutions Examination Council (FFIEC).
  • firewall - A firewall is a network security device that prevents unauthorized access to a network.
  • footprinting - Footprinting is an ethical hacking technique used to gather as much data as possible about a specific targeted computer system, an infrastructure and networks to identify opportunities to penetrate them.
  • freeware - Freeware (not to be confused with free software) is a type of proprietary software that is released without charge to the public.
  • frequency-hopping spread spectrum (FHSS) - Frequency-hopping spread spectrum (FHSS) transmission is the repeated switching of the carrier frequency during radio transmission to reduce interference and avoid interception.
  • Google dork query - A Google dork query, sometimes just referred to as a dork, is a search string or custom query that uses advanced search operators to find information not readily available on a website.
  • government Trojan - A government Trojan is spyware installed on a computer or network by a law enforcement agency for the purpose of capturing information relevant to a criminal investigation.
  • Great Firewall of China - The Great Firewall of China is the name that western media has given to the combination of tools, services and rules that the government of the People's Republic of China uses to block certain internet content from those within China's borders.
  • Group Policy Object (GPO) - Microsoft’s Group Policy Object (GPO) is a collection of Group Policy settings that defines what a system will look like and how it will behave for a defined group of users.
  • hacker - A hacker is an individual who uses computer, networking or other skills to overcome a technical problem.
  • hacking as a service (HaaS) - Hacking as a service (HaaS) is the commercialization of hacking skills, in which the hacker serves as a contractor.
  • hacktivism - Hacktivism is the act of misusing a computer system or network for a socially or politically motivated reason.
  • hard-drive encryption - Hard-drive encryption is a technology that encrypts the data stored on a hard drive using sophisticated mathematical functions.
  • hashing - Hashing is the process of transforming any given key or a string of characters into another value.
  • Heartbleed - Heartbleed was a vulnerability in some implementations of OpenSSL, an open source cryptographic library.
  • honey monkey - A honey monkey is a virtual computer system that is programmed to lure, detect, identify and neutralize malicious activity on the Internet.
  • honeynet - A honeynet is a network set up with intentional vulnerabilities hosted on a decoy server to attract hackers.
  • honeypot (computing) - A honeypot is a network-attached system set up as a decoy to lure cyber attackers and detect, deflect and study hacking attempts to gain unauthorized access to information systems.
  • Hypertext Transfer Protocol Secure (HTTPS) - Hypertext Transfer Protocol Secure (HTTPS) is a protocol that secures communication and data transfer between a user's web browser and a website.
  • hypervisor security - Hypervisor security is the process of ensuring the hypervisor -- the software that enables virtualization -- is secure throughout its lifecycle.
  • identity theft - Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable information (PII), such as Social Security or driver's license numbers, to impersonate someone else.
  • ILOVEYOU virus - The ILOVEYOU virus comes in an email with 'ILOVEYOU' in the subject line and contains an attachment that, when opened, results in the message being re-sent to everyone in the recipient's Microsoft Outlook address book.
  • indicators of compromise (IOC) - Indicators of compromise are unusual activities on a system or network that imply the presence of a malicious actor.
  • industrial espionage - Industrial espionage is the covert, and sometimes illegal, practice of investigating competitors to gain a business advantage.
  • initialization vector - An initialization vector (IV) is an arbitrary number that can be used with a secret key for data encryption to foil cyber attacks.
  • inline frame (iframe) - An inline frame (iframe) is a HTML element that loads another HTML page within the document.
  • input validation attack - An input validation attack is any malicious action against a computer system that involves manually entering strange information into a normal user input field.
  • insecure deserialization - Insecure deserialization is a vulnerability in which untrusted or unknown data is used to inflict a denial-of-service attack, execute code, bypass authentication or otherwise abuse the logic behind an application.
  • insider threat - An insider threat is a category of risk posed by those who have access to an organization's physical or digital assets.
  • International Data Encryption Algorithm (IDEA) - The International Data Encryption Algorithm (IDEA) is a symmetric key block cipher encryption algorithm designed to encrypt text to an unreadable format for transmission via the internet.
  • Internet Key Exchange (IKE) - Internet Key Exchange (IKE) is a standard protocol used to set up a secure and authenticated communication channel between two parties via a virtual private network (VPN).
  • intrusion detection system (IDS) - An intrusion detection system (IDS) is a system that monitors network traffic for suspicious activity and alerts when such activity is discovered.
  • intrusion prevention system (IPS) - An intrusion prevention system (IPS) is a cybersecurity tool that examines network traffic to identify potential threats and automatically take action against them.
  • IoT security (internet of things security) - IoT security (internet of things security) is the technology segment focused on safeguarding connected devices and networks in IoT.
  • IP spoofing - Internet Protocol (IP) spoofing is a type of malicious attack where the threat actor hides the true source of IP packets to make it difficult to know where they came from.
  • IPsec (Internet Protocol Security) - IPsec (Internet Protocol Security) is a suite of protocols and algorithms for securing data transmitted over the internet or any public network.
  • ISA Server - Microsoft's ISA Server (Internet Security and Acceleration Server) was the successor to Microsoft's Proxy Server 2.
  • ISO 27001 - ISO 27001, formally known as ISO/IEC 27001:2022, is an information security standard created by the International Organization for Standardization (ISO), which provides a framework and guidelines for establishing, implementing and managing an information security management system (ISMS).
  • JavaScript - JavaScript is a programming language that started off simply as a mechanism to add logic and interactivity to an otherwise static Netscape browser.
  • juice jacking - Juice jacking is a security exploit in which an infected USB charging station is used to compromise devices that connect to it.
  • Kerberos - Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet.
  • key fob - A key fob is a small, programmable device that provides access to a physical object.
  • keylogger (keystroke logger or system monitor) - A keylogger, sometimes called a keystroke logger, is a type of surveillance technology used to monitor and record each keystroke on a specific device, such as a computer or smartphone.
  • kill switch - A kill switch in an IT context is a mechanism used to shut down or disable a device or program.
  • LEAP (Lightweight Extensible Authentication Protocol) - LEAP (Lightweight Extensible Authentication Protocol) is a Cisco-proprietary version of EAP, the authentication protocol used in wireless networks and Point-to-Point connections.
  • logic bomb - A logic bomb is a string of malicious code that is inserted intentionally into a program to harm a network when certain conditions are met.
  • macro virus - A macro virus is a computer virus written in the same macro language used to create software programs such as Microsoft Excel or Word.
  • macrotrend - A macrotrend is a pervasive and persistent shift in the direction of some phenomenon on a global level.
  • mail bomb - A mail bomb is a form of a denial-of-service (DoS) attack designed to overwhelm an inbox or inhibit a server by sending a massive number of emails to a specific person or system.
  • malware - Malware, or malicious software, is any program or file that is intentionally harmful to a computer, network or server.
  • managed security service provider (MSSP) - A managed security service provider (MSSP) is an IT service provider that sells security services to businesses.
  • MD5 - The MD5 (message-digest algorithm) hashing algorithm is a one-way cryptographic function that accepts a message of any length as input and returns as output a fixed-length digest value to be used for authenticating the original message.
  • meet-in-the-middle attack - Meet-in-the-middle is a known plaintext attack that can greatly reduce the number of brute-force permutations required to decrypt text that has been encrypted by more than one key.
  • Melissa virus - Melissa was a type of email virus that initially become an issue in early 1999.
  • metamorphic and polymorphic malware - Metamorphic and polymorphic malware are two types of malicious software (malware) that can change their code as they propagate through a system.
Networking
  • network scanning

    Network scanning is a procedure for identifying active devices on a network by employing a feature or features in the network ...

  • networking (computer)

    Networking, also known as computer networking, is the practice of transporting and exchanging data between nodes over a shared ...

  • What is SD-WAN (software-defined WAN)? Ultimate guide

    Software-defined WAN is a technology that uses software-defined networking concepts to distribute network traffic across a wide ...

Security
  • identity management (ID management)

    Identity management (ID management) is the organizational process for ensuring individuals have the appropriate access to ...

  • single sign-on (SSO)

    Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials -- for ...

  • fraud detection

    Fraud detection is a set of activities undertaken to prevent money or property from being obtained through false pretenses.

CIO
  • IT budget

    IT budget is the amount of money spent on an organization's information technology systems and services. It includes compensation...

  • project scope

    Project scope is the part of project planning that involves determining and documenting a list of specific project goals, ...

  • core competencies

    For any organization, its core competencies refer to the capabilities, knowledge, skills and resources that constitute its '...

HRSoftware
  • Workday

    Workday is a cloud-based software vendor that specializes in human capital management (HCM) and financial management applications.

  • recruitment management system (RMS)

    A recruitment management system (RMS) is a set of tools designed to manage the employee recruiting and hiring process. It might ...

  • core HR (core human resources)

    Core HR (core human resources) is an umbrella term that refers to the basic tasks and functions of an HR department as it manages...

Customer Experience
  • martech (marketing technology)

    Martech (marketing technology) refers to the integration of software tools, platforms, and applications designed to streamline ...

  • transactional marketing

    Transactional marketing is a business strategy that focuses on single, point-of-sale transactions.

  • customer profiling

    Customer profiling is the detailed and systematic process of constructing a clear portrait of a company's ideal customer by ...

Close