Browse Definitions :

Threat management

Terms related to security threats, including definitions about anti-virus programs or firewalls and words and phrases about malware, viruses, Trojans and other security attacks.

MIC - ROC

  • MICR (magnetic ink character recognition) - MICR (magnetic ink character recognition) is a technology used to verify the legitimacy or originality of paper documents, especially checks.
  • micro VM (micro virtual machine) - A micro VM (micro virtual machine) is a virtual machine program that serves to isolate an untrusted computing operation from a computer's host operating system.
  • microphone hacking - Microphone hacking is the unauthorized interception of audio data captured through the microphone on a computer, smartphone or other device.
  • Microsoft Antigen - Microsoft Antigen is a set of programs that provides security and e-mail filtering for network servers.
  • Microsoft Online Services Sign-In Assistant - The Microsoft Online Services Sign-In Assistant is a software application that provides common sign-on capabilities for a suite of Microsoft online services, such as Office 365.
  • Microsoft Security Essentials (MSE) - Microsoft Security Essentials (MSE) is an antimalware software product made by Microsoft that provides protection for client computers against viruses, worms, Trojans, spyware and other malicious software on Windows XP, Windows Vista and Windows 7 systems.
  • mobile device attack - A mobile device attack is an exploit targeting handheld communications devices, such as smartphones and tablets.
  • mobile malware - Mobile malware is malicious software specifically written to attack mobile devices such as smartphones, tablets, and smartwatches.
  • mobile number privacy - Mobile number privacy is the protection of the phone user’s number from unwanted access.
  • mobile spyware - Mobile spyware is monitoring software that is installed on a mobile device without the end user's knowledge.
  • mutual authentication - Mutual authentication, also called two-way authentication, is a process or technology in which both entities in a communications link authenticate each other.
  • NAND mirroring - NAND mirroring has been proposed to break the security in certain portable devices that use NAND flash memory for encryption.
  • national identity card - A national identity card is a portable document, typically a plasticized card with digitally-embedded information, that someone is required or encouraged to carry as a means of confirming their identity.
  • National Vulnerability Database (NVD) - NVD (National Vulnerability Database) is a product of the National Institute of Standards and Technology (NIST) Computer Security Division and is used by the U.
  • NBAR (Network Based Application Recognition) - Network Based Application Recognition (NBAR) is a mechanism that classifies and regulates bandwidth for network applications to ensure that available resources are utilized as efficiently as possible.
  • near-field communication (NFC) - Near-field communication (NFC) is a short-range wireless connectivity technology that uses magnetic field induction to enable communication between devices when they're touched together or brought within a few centimeters of each other.
  • Nessus - Nessus is an open-source network vulnerability scanner that uses the Common Vulnerabilities and Exposures architecture for easy cross-linking between compliant security tools.
  • network behavior anomaly detection (NBAD) - Network behavior anomaly detection (NBAD) is the continuous monitoring of a proprietary network for unusual events or extraordinary trends.
  • network scanning - Network scanning is a procedure for identifying active devices on a network by employing a feature or features in the network protocol to signal devices and await a response.
  • network vulnerability scanning - A vulnerability scan detects and classifies system weaknesses in computers, networks and communications equipment and predicts the effectiveness of countermeasures.
  • Next Generation Secure Computing Base (NGSCB) - The Next Generation Secure Computing Base (NGSCB) is a part of the Microsoft Vista operating system (OS) that employs a trusted platform module (TPM), a specialized chip that can be installed on the motherboard of a personal computer (PC) or server for the purpose of hardware authentication.
  • Nimda - First appearing on September 18, 2001, Nimda is a computer virus that caused traffic slowdowns as it rippled across the internet.
  • NIST 800 Series - The NIST 800 Series is a set of documents that describe United States federal government computer security policies, procedures and guidelines.
  • nonrepudiation - Nonrepudiation ensures that no party can deny that it sent or received a message via encryption and/or digital signatures or approved some information.
  • obfuscation - Obfuscation means to make something difficult to understand.
  • OCTAVE - OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation) is a security framework for determining risk level and planning defenses against cyber assaults.
  • offensive security - Offensive security is a proactive and antagonistic approach to protecting computer systems, networks and individuals from attacks.
  • Office of Personnel Management (OPM) - The Office of Personnel Management (OPM) is an independent agency of the United States government that is tasked with the oversight of civil service hirings.
  • one-time pad - In cryptography, a one-time pad is a system in which a randomly generated private key is used only once to encrypt a message that is then decrypted by the receiver using a matching one-time pad and key.
  • OneID - OneID is a digital identity management service that provides a repository for usernames and passwords, eliminating the need for people to remember numerous arcane character sequences.
  • open redirect - Open redirect is a security flaw in an app or a web page that causes it to fail to properly authenticate URLs.
  • Open System Authentication (OSA) - Open System Authentication (OSA) is a process by which a computer could gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol.
  • OpenPGP - OpenPGP is an open and free version of the Pretty Good Privacy (PGP) standard that defines encryption formats to enable private messaging abilities for email and other message encryption.
  • Operation Phish Phry - Operation Phish Phry is a cybercrime investigation carried out by the United States Federal Bureau of Investigation (FBI), the Los Angeles Electronic Crimes Task Force and Egyptian authorities.
  • orphan account - An orphan account, also referred to as an orphaned account, is a user account that can provide access to corporate systems, services and applications but does not have a valid owner.
  • out-of-band patch - An out-of-band patch is a patch released at some time other than the normal release time.
  • parameter tampering - Parameter tampering is a type of web-based cyber attack in which certain parameters in a URL are changed without a user's authorization.
  • passive attack - A passive attack is a network attack in which a system is monitored and sometimes scanned for open ports and vulnerabilities.
  • passive reconnaissance - Passive reconnaissance is an attempt to gain information about targeted computers and networks without actively engaging with the systems.
  • passphrase - A passphrase is a sentencelike string of words used for authentication that is longer than a traditional password, easy to remember and difficult to crack.
  • password - A password is a string of characters used to verify the identity of a user during the authentication process.
  • password cracking - Password cracking is the process of using an application program to identify an unknown or forgotten password to a computer or network resource.
  • password salting - Password salting is a technique to protect passwords stored in databases by adding a string of 32 or more characters and then hashing them.
  • pastebin - A pastebin is a Web application that allows users to upload and share text online.
  • Patch Tuesday - Patch Tuesday is the unofficial name of Microsoft's monthly scheduled release of security fixes for the Windows operating system (OS) and other Microsoft software.
  • PCI DSS (Payment Card Industry Data Security Standard) - The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information.
  • PEAP (Protected Extensible Authentication Protocol) - PEAP (Protected Extensible Authentication Protocol) is a version of EAP, the authentication protocol used in wireless networks and Point-to-Point connections.
  • peer-to-peer botnet (P2P botnet) - A peer-to-peer botnet is a decentralized group of malware-compromised machines working together for an attacker’s purpose without their owners’ knowledge.
  • Pegasus malware - Pegasus malware is spyware that can hack any iOS or Android device and steal a variety of data from the infected device, including text messages, emails, key logs, audio and information from installed applications, such as Facebook or Instagram.
  • pen testing (penetration testing) - A penetration test, also called a pen test or ethical hacking, is a cybersecurity technique organizations use to identify, test and highlight vulnerabilities in their security posture.
  • pharming - Pharming is a scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent websites without their knowledge or consent.
  • phishing - Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels.
  • phishing kit - A phishing kit is a collection of tools assembled to make it easier for people with little technical skill to launch a phishing exploit.
  • phlashing - Phlashing is a permanent denial of service (PDoS) attack that exploits a vulnerability in network-based firmware updates.
  • phreak - A phreak is someone who breaks into the telephone network illegally, typically to make free long-distance phone calls or to tap phone lines.
  • physical security - Physical security is the protection of personnel, hardware, software, networks and data from physical actions and events that could cause serious loss or damage to an enterprise, agency or institution.
  • PIN lock - The PIN lock is an authentication measure for mobile phones that requires the entry of a personal identification number (PIN) code before a device can be used.
  • ping sweep (ICMP sweep) - A ping sweep (also known as an ICMP sweep) is a basic network scanning technique used to determine which of a range of IP addresses map to live hosts (computers).
  • piracy - Software piracy is the illegal copying, distribution, or use of software.
  • PKI (public key infrastructure) - PKI (public key infrastructure) is the underlying framework that enables entities -- users and servers -- to securely exchange information using digital certificates.
  • plaintext - In cryptography, plaintext is usually ordinary readable text before it is encrypted into ciphertext or after it is decrypted.
  • Plundervolt - Plundervolt is a method of hacking that involves depriving an Intel chip of power so that processing errors occur.
  • point-of-sale security (POS security) - Point-of-sale security (POS security) is the study of vulnerabilities in retail checkout points and prevention of access by unauthorized parties looking to steal customer and payment card details from them.
  • policy-based management - Policy-based management is an administrative approach that is used to simplify the management of a given endeavor by establishing policies to deal with situations that are likely to occur.
  • polymorphic virus - A polymorphic virus is a harmful, destructive or intrusive type of malware that can change or 'morph,' making it difficult to detect with antimalware programs.
  • POODLE (Padding Oracle On Downgraded Legacy Encryption) - POODLE (Padding Oracle On Downgraded Legacy Encryption) is a security flaw that can be exploited to conduct a man-in-the-middle attack that targets Web browser-based communication between clients and servers using Secure Sockets Layer (SSL) 3.
  • POODLE Attack - The POODLE attack, also known as CVE-2014-3566, is an exploit used to steal information from secure connections, including cookies, passwords and any of the other type of browser data that gets encrypted as a result of the secure sockets layer (SSL) protocol.
  • pop-up download (or download pop-up) - A pop-up download (sometimes called a download pop-up) is a pop-up window that asks the user to download a program to their computer's hard drive.
  • port mirroring (roving analysis port) - Port mirroring is an approach to monitoring network traffic that involves forwarding a copy of each packet from one network switch port to another.
  • Portal of Doom - Portal of Doom (abbreviated as PoD and sometimes spelled all one word, as PortalOfDoom) is a Trojan horse that hijacks the computers of unsuspecting Windows users running old operating systems.
  • potentially unwanted program (PUP) - A potentially unwanted program (PUP) is a program that may be unwanted, despite the possibility that users consented to download it.
  • presence technology - Presence technology is a type of application that makes it possible to locate and identify a computing device wherever it might be, as soon as the user connects to the network.
  • Presidential Policy Directive 21 (PPD-21) - Presidential Policy Directive 21 (PPD-21) is an infrastructure protection and resilience directive in the United States that aims to strengthen and secure the country's critical infrastructure.
  • Pretty Good Privacy (PGP) - Pretty Good Privacy or PGP was a popular program used to encrypt and decrypt email over the internet, as well as authenticate messages with digital signatures and encrypted stored files.
  • principle of least privilege (POLP) - The principle of least privilege (POLP) is a concept in computer security that limits users' access rights to only what are strictly required to do their jobs.
  • Prisma - Prisma is a cloud security suite that provides four different services that use rule-based security policies and machine learning to protect cloud services.
  • privacy - On the Internet, privacy, a major concern of users, can be divided into these concerns: What personal information can be shared with whom Whether messages can be exchanged without anyone else seeing them Whether and how one can send messages anonymously Personal Information Privacy Most Web users want to understand that personal information they share will not be shared with anyone else without their permission.
  • private key - A private key, also known as a secret key, is a variable in cryptography that is used with an algorithm to encrypt and decrypt data.
  • privilege escalation attack - A privilege escalation attack is a type of network intrusion that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications.
  • Prometheus - Prometheus is an open source monitoring and alerting toolkit for microservices and containers that provides flexible queries and real time notifications.
  • promiscuous mode - In computer networking, promiscuous mode is a mode of operation, as well as a security, monitoring and administration technique.
  • proxy hacking - Proxy hacking is a cyber attack technique designed to supplant an authentic webpage in a search engine's index and search results pages to drive traffic to an imitation site.
  • public key - In cryptography, a public key is a large numerical value that is used to encrypt data.
  • public key certificate - A public key certificate is a digitally signed document that serves to validate the sender's authorization and name.
  • Public-Key Cryptography Standards (PKCS) - Public-Key Cryptography Standards (PKCS) are a set of standard protocols, numbered from 1 to 15.
  • Pwn2Own - Pwn2Own is an annual hacking competition sponsored by security vendor TippingPoint and held at the CanSecWest security conference.
  • RADIUS (Remote Authentication Dial-In User Service) - RADIUS (Remote Authentication Dial-In User Service) is a client-server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service.
  • rainbow table - A rainbow table is a listing of all possible plaintext permutations of encrypted passwords specific to a given hash algorithm.
  • ransomware - Ransomware is a subset of malware in which the data on a victim's computer is locked -- typically by encryption -- and payment is demanded before the ransomed data is decrypted and access is returned to the victim.
  • ransomware as a service (RaaS) - Ransomware as a service (RaaS) is the offering of pay-for-use malware.
  • RAT (remote access Trojan) - A remote access Trojan (RAT) is a malware program that gives an intruder administrative control over a target computer.
  • red teaming - Red teaming is the practice of rigorously challenging plans, policies, systems and assumptions by adopting an adversarial approach.
  • RFID skimming - RFID skimming is the wireless interception of information from RFID chip-based debit, credit and ID cards and other documents, such as passports.
  • Rijndael - Rijndael (pronounced rain-dahl) is an Advanced Encryption Standard (AES) algorithm.
  • Risk Management Framework (RMF) - The Risk Management Framework (RMF) is a template and guideline used by companies to identify, eliminate and minimize risks.
  • risk management specialist - A risk management specialist is a role appointed within organizations to identify potential risks that might negatively affect the business.
  • risk-based authentication (RBA) - Risk-based authentication (RBA) is a method of applying varying levels of stringency to authentication processes based on the likelihood that access to a given system could result in its being compromised.
  • risk-based security strategy - A risk-based security strategy is one in which an organization identifies specific security precautions that should be taken in an information technology (IT) environment and documents when and where those precautions should be applied.
  • Robert Morris worm - The Robert Morris worm is widely acknowledged as the first computer worm to be distributed across the Internet and the first computer virus to receive mainstream media attention.
  • Rock Phish - Rock Phish is both a phishing toolkit and the entity that publishes the kit, either a hacker, or, more likely, a sophisticated group of hackers.
SearchNetworking
  • virtual network functions (VNFs)

    Virtual network functions (VNFs) are virtualized tasks formerly carried out by proprietary, dedicated hardware.

  • network functions virtualization (NFV)

    Network functions virtualization (NFV) is a network architecture model designed to virtualize network services that have ...

  • overlay network

    An overlay network is a virtual or logical network that is created on top of an existing physical network.

SearchSecurity
  • X.509 certificate

    An X.509 certificate is a digital certificate that uses the widely accepted international X.509 public key infrastructure (PKI) ...

  • directory traversal

    Directory traversal is a type of HTTP exploit in which a hacker uses the software on a web server to access data in a directory ...

  • malware

    Malware, or malicious software, is any program or file that is intentionally harmful to a computer, network or server.

SearchCIO
  • data latency

    Data latency is the time it takes for data packets to be stored or retrieved. In business intelligence (BI), data latency is how ...

  • chief data officer (CDO)

    A chief data officer (CDO) in many organizations is a C-level executive whose position has evolved into a range of strategic data...

  • information technology (IT) director

    An information technology (IT) director is the person in charge of technology within an organization. IT directors manage ...

SearchHRSoftware
SearchCustomerExperience
  • implementation

    Implementation is the execution or practice of a plan, a method or any design, idea, model, specification, standard or policy for...

  • first call resolution (FCR)

    First call resolution (FCR) is when customer service agents properly address a customer's needs the first time they call.

  • customer intelligence (CI)

    Customer intelligence (CI) is the process of collecting and analyzing detailed customer data from internal and external sources ...

Close