Threat management
Terms related to security threats, including definitions about anti-virus programs or firewalls and words and phrases about malware, viruses, Trojans and other security attacks.COG - EXE
- cognitive hacking - Cognitive hacking is a cyberattack that seeks to manipulate the perception of people by exploiting their psychological vulnerabilities.
- cognitive security - Cognitive security is the application of AI technologies patterned on human thought processes to detect threats and protect physical and digital systems.
- cold boot attack - A cold boot attack is a process for obtaining unauthorized access to encryption keys stored in the dynamic random access memory (DRAM) chips of a computer system.
- COMINT (communications intelligence) - Communications intelligence (COMINT) is information gathered from the communications of individuals, including telephone conversations, text messages and various types of online interactions.
- command-and-control server (C&C server) - A command and control server (C&C server) is a computer that issues directives to digital devices that have been infected with rootkits or other types of malware, such as ransomware.
- Common Vulnerabilities and Exposures (CVE) - Common Vulnerabilities and Exposures (CVE) provides unique identifiers for publicly known security threats.
- Common Weakness Enumeration (CWE) - Common Weakness Enumeration (CWE) is a universal online dictionary of weaknesses that have been found in computer software.
- computer cracker - A computer cracker is an outdated term used to describe someone who broke into computer systems, bypassed passwords or licenses in computer programs, or in other ways intentionally breached computer security.
- Computer Emergency Response Team (CERT) - A Computer Emergency Response Team (CERT) is a group of information security experts responsible for the protection against, detection of and response to an organization’s cybersecurity incidents.
- computer exploit - A computer exploit, or exploit, is an attack on a computer system, especially one that takes advantage of a particular vulnerability the system offers to intruders.
- computer security incident response team (CSIRT) - A computer security incident response team, or CSIRT, is a group of IT professionals that provides an organization with services and support surrounding the assessment, management and prevention of cybersecurity-related emergencies, as well as coordination of incident response efforts.
- computer worm - A computer worm is a type of malware whose primary function is to self-replicate and infect other computers while remaining active on infected systems.
- Conduit browser hijacker - Conduit is a browser hijacker that is usually installed without the user’s knowledge through a drive-by download.
- Conficker - Conficker is a fast-spreading worm that targets a vulnerability (MS08-067) in Windows operating systems.
- confidentiality, integrity and availability (CIA triad) - Confidentiality, integrity and availability, also known as the CIA triad, is a model designed to guide policies for information security within an organization.
- consumer privacy (customer privacy) - Consumer privacy, also known as customer privacy, involves the handling and protection of the sensitive personal information provided by customers in the course of everyday transactions.
- content personalization - Content personalization is a strategy that tailors webpages and other forms of content to individual users' characteristics or preferences.
- content spoofing - Content spoofing is a type of exploit used by a malicious hackers to present a faked or modified Web site to the user as if it were legitimate.
- contextual marketing - Contextual marketing is an online marketing strategy model in which people are served with targeted advertising based on their search terms or their recent browsing behavior.
- cookie - A cookie is information that a website puts on a user's computer.
- cookie poisoning - Cookie poisoning is a type of cyber attack in which a bad actor hijacks, forges, alters or manipulates a cookie to gain unauthorized access to a user's account, open a new account in the user's name or steal the user's information for purposes such as identity theft.
- counterintelligence - Counterintelligence (CI) is the information gathered and actions taken to identify and protect against an adversary’s knowledge collection activities or attempts to cause harm through sabotage or other actions.
- CRAM (challenge-response authentication mechanism) - CRAM (challenge-response authentication mechanism) is the two-level scheme for authenticating network users that is used as part of the Web's Hypertext Transfer Protocol (HTTP).
- credential stuffing - Credential stuffing is the practice of using stolen login information from one account to gain access to accounts on a number of sites through automated login.
- credential theft - Credential theft is a type of cybercrime that involves stealing the proof of identity of the victim, which can be either an individual or a business.
- critical infrastructure security - Critical infrastructure security is the area of concern surrounding the protection of systems, networks and assets whose continuous operation is deemed necessary to ensure the security of a given nation, its economy, and the public’s health and/or safety.
- cross-site scripting (XSS) - Cross-site scripting (XSS) is a type of injection attack in which a threat actor inserts data, such as a malicious script, into content from otherwise trusted websites.
- cryptographic checksum - Generated by a cryptographic algorithm, a cryptographic checksum is a mathematical value assigned to a file sent through a network for verifying that the data contained in that file is unchanged.
- cryptographic nonce - A nonce is a random or semi-random number that is generated for a specific use.
- cryptography - Cryptography is a method of protecting information and communications through the use of codes, so that only those for whom the information is intended can read and process it.
- cryptojacking - Cryptojacking is the surreptitious and unauthorized use of a computer for the resource and power-demanding requirements of cryptocurrency mining.
- cryptology - Cryptology is the mathematics, such as number theory and the application of formulas and algorithms, that underpin cryptography and cryptanalysis.
- cryptomining malware - Cryptomining malware is a form of malware that takes over a computer or mobile device's resources and uses them to perform cryptocurrency mining, a process of verifying cryptocurrency transactions using complex mathematical formulas also known as cryptojacking.
- CVSS (Common Vulnerability Scoring System) - The Common Vulnerability Scoring System (CVSS) is a public framework for rating the severity of security vulnerabilities in software.
- cyber attack - A cyber attack is any attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage.
- cyber attribution - Cyber attribution is the process of tracking, identifying and laying blame on the perpetrator of a cyberattack or other hacking exploit.
- cyber hijacking - Cyber hijacking, or computer hijacking, is a type of network security attack in which the attacker takes control of computer systems, software programs and/or network communications.
- cyber resilience - Cyber resilience is a concept that refers to the security that goes beyond defense and prevention to focus on response and resilience in moments of crisis.
- cybercrime - Cybercrime is any criminal activity that involves a computer, networked device or a network.
- cyberextortion - Cyberextortion is a crime involving an attack or threat of an attack coupled with a demand for money or some other response in return for stopping or remediating the attack.
- cyberheist - A cyberheist is the online version of the classic bank heist, in which a criminal or criminals hold up or break into a bank to get away with a large sum of money quickly.
- cyberterrorism - Cyberterrorism is often defined as any premeditated, politically motivated attack against information systems, programs and data that threatens violence or results in violence.
- cyberwarfare - The generally accepted definition of cyberwarfare is the use of cyber attacks against a nation-state, causing it significant harm, up to and including physical warfare, disruption of vital computer systems and loss of life.
- data availability - Data availability is a term used by computer storage manufacturers and storage service providers to describe how data should be available at a required level of performance in situations ranging from normal through disastrous.
- data breach - A data breach is a cyber attack in which sensitive, confidential or otherwise protected data has been accessed and/or disclosed in an unauthorized fashion.
- data breach response plan - A data breach response plan is a course of action intended to reduce the risk of unauthorized data access and to mitigate the damage caused if a breach does occur.
- Data Encryption Standard (DES) - Data Encryption Standard (DES) is an outdated symmetric key method of data encryption.
- data integrity - Data integrity is the assurance that digital information is uncorrupted and can only be accessed or modified by those authorized to do so.
- data splitting - Data splitting is when data is divided into two or more subsets.
- database activity monitoring (DAM) - Database activity monitoring (DAM) systems monitor and record activity in a database and then generate alerts for anything unusual.
- deception technology - Deception technology is a class of security tools and techniques designed to prevent an attacker who has already entered the network from doing damage.
- decompression bomb (zip bomb, zip of death attack) - A decompression bomb -- also known as a zip bomb or zip of death attack -- is a malicious archive file containing a large amount of compressed data.
- defense in depth - Defense in depth is the coordinated use of multiple security countermeasures to protect the integrity of the information assets in an enterprise.
- depository - A depository is a file or set of files in which data is stored for the purpose of safekeeping or identity authentication.
- destruction of service (DeOS) attack - A destruction-of-service (DeOS) attack is a form of cyberattack that targets an organization's entire online presence as well as their ability to recover from the attack afterwards.
- dictionary attack - A dictionary attack is a method of breaking into a password-protected computer, network or other IT resource by systematically entering every word in a dictionary as a password.
- differential power analysis (DPA) - A differential power analysis (DPA) attack is an exploit based on analysing the correlation between the electricity usage of a chip in a smart card and the encryption key it contains.
- Diffie-Hellman key exchange (exponential key exchange) - Diffie-Hellman key exchange, also called exponential key exchange, is a method of digital encryption that uses a number raised to specific powers to produce decryption keys that are never directly transmitted, making the task of a would-be code breaker mathematically overwhelming.
- digest authentication - Digest authentication is a method of authentication in which a request from a potential user is received by a network server and then sent to a domain controller.
- digital footprint - A digital footprint, sometimes called a digital dossier, is the body of data that exists as a result of actions and communications online that can in some way be traced back to an individual.
- digital profiling - Digital profiling is the process of gathering and analyzing information about an individual that exists online.
- Digital Signature Standard (DSS) - The Digital Signature Standard (DSS) is a digital signature algorithm (DSA) developed by the U.
- directory traversal - Directory traversal is a type of HTTP exploit in which a hacker uses the software on a web server to access data in a directory other than the server's root directory.
- disaster recovery plan (DRP) - A disaster recovery plan (DRP) is a documented, structured approach that describes how an organization can quickly resume work after an unplanned incident.
- distributed denial-of-service (DDoS) attack - A distributed denial-of-service (DDoS) attack is one in which multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource.
- DMZ in networking - In computer networks, a DMZ, or demilitarized zone, is a physical or logical subnet that separates a local area network (LAN) from other untrusted networks -- usually, the public internet.
- DNS attack - A DNS attack is an exploit in which an attacker takes advantage of vulnerabilities in the domain name system (DNS).
- DNS rebinding attack - DNS rebinding is an exploit in which the attacker uses JavaScript in a malicious Web page to gain control of the victim's router.
- DNS Security Extensions (DNSSEC) - DNS Security Extensions (DNSSEC) are a set of Internet Engineering Task Force (IETF) standards created to address vulnerabilities in the Domain Name System (DNS) and protect it from online threats.
- domain generation algorithm (DGA) - A domain generation algorithm (DGA) is a program that generates a large list of domain names.
- domain rotation - Domain rotation is a technique use by malware distributors to drive traffic from multiple domains to a single IP address that is controlled by the distributor.
- double blind test - Double blind test is an experiment where both the subject and observer are unaware that the exercise in practice is a test.
- dropper - A dropper is a small helper program that facilitates the delivery and installation of malware.
- dumpster diving - Dumpster diving is looking for treasure in someone else's trash.
- Duqu (W32.Duqu) - Duqu is a remote access Trojan (RAT) that is designed to steal data from computers it infects.
- eavesdropping - Eavesdropping is the unauthorized real-time interception of a private communication, such as a phone call, instant message, videoconference or fax transmission.
- egress filtering - Egress filtering is a process in which outbound data is monitored or restricted, usually by means of a firewall that blocks packets that fail to meet certain security requirements.
- Electronic Code Book (ECB) - Electronic Code Book (ECB) is a simple mode of operation with a block cipher that's mostly used with symmetric key encryption.
- electronic discovery (e-discovery or ediscovery) - Electronic discovery -- also called e-discovery or ediscovery -- refers to any process of obtaining and exchanging evidence in a civil or criminal legal case.
- ELINT (electronic intelligence) - Electronic intelligence (ELINT) is intelligence gathered by the use of electronic sensors.
- Elk Cloner - Elk Cloner is the first personal computer virus or self-replicating program known to have spread in the wild on a large scale.
- elliptical curve cryptography (ECC) - Elliptical curve cryptography (ECC) is a public key encryption technique based on elliptic curve theory that can be used to create faster, smaller and more efficient cryptographic keys.
- email security - Email security is the process of ensuring the availability, integrity and authenticity of email communications by protecting against the risk of email threats.
- email spam - Email spam, also known as junk email, refers to unsolicited email messages, usually sent in bulk to a large list of recipients.
- email spoofing - Email spoofing is a form of cyber attack in which a hacker sends an email that has been manipulated to seem as if it originated from a trusted source.
- email virus - An email virus consists of malicious code distributed in email messages to infect one or more devices.
- embedded system security - Embedded system security is a strategic approach to protecting software running on embedded systems from attack.
- emergency management plan - An emergency management plan should include measures that provide for the safety of personnel and, if possible, property and facilities.
- encoding and decoding - Encoding and decoding are used in many forms of communications, including computing, data communications, programming, digital electronics and human communications.
- encryption - Encryption is the method by which information is converted into secret code that hides the information's true meaning.
- encryption key - In cryptography, an encryption key is a variable value that is applied using an algorithm to a string or block of unencrypted text to produce encrypted text or to decrypt encrypted text.
- endpoint detection and response (EDR) - Endpoint detection and response (EDR) is a system to gather and analyze security threat-related information from computer workstations and other endpoints, with the goal of finding security breaches as they happen and facilitating a quick response to discovered or potential threats.
- endpoint fingerprinting - Endpoint fingerprinting is a feature of enterprise network access control (NAC) products that enables discovery, classification and monitoring of connected devices, including non-traditional network endpoints such as smartcard readers, HVAC systems, medical equipment and IP-enabled door locks.
- endpoint security (endpoint security management) - Endpoint security is an approach to network protection that requires each computing device on a corporate network to comply with certain standards before network access is granted.
- enterprise risk management (ERM) - Enterprise risk management is the process of planning, organizing, directing and controlling the activities of an organization to minimize the deleterious effects of risk on its capital and earnings.
- equipment destruction attack - An equipment destruction attack, also known as a hardware destruction attack, is an exploit that destroys physical computer and electronic equipment.
- ethical hacker - An ethical hacker, or white hat hacker, is an information security expert authorized by an organization to penetrate computing infrastructure to find security vulnerabilities a malicious hacker could exploit.
- Evil Corp - Evil Corp is an international cybercrime network that uses malicious software to steal money from its victims' bank accounts.
- evil twin attack - An evil twin attack is a rogue Wi-Fi access point (AP) that masquerades as a legitimate one, enabling an attacker to gain access to sensitive information without the end user's knowledge.
- executable file (EXE file) - An executable file (EXE file) is a computer file that contains an encoded sequence of instructions that the system can execute directly when the user clicks the file icon.