Information Security Definitions

This glossary explains the meaning of key words and phrases that information technology (IT) and business professionals use when discussing IT security and related software products. You can find additional definitions by visiting WhatIs.com or using the search box below.

Search Definitions
  • #

    cloud workload protection (cloud workload security)

    Cloud workload protection is a process of safeguarding workloads spread out across multiple cloud environments.

  • credential theft

    Credential theft is a type of cybercrime that involves stealing the proof of identity of the victim, which can be either an individual or a business. Once credential theft has been successful, the attacker will have the same account privileges as the victim. Stealing credentials is the first stage in a credential-based attack.

  • A

    AAA server (authentication, authorization and accounting)

    An AAA server is a server program that handles user requests for access to computer resources and, for an enterprise, provides authentication, authorization and accounting (AAA) services.

  • access control

    Access control is a security technique that regulates who or what can view or use resources in a computing environment.

  • access list (AL)

    An access list (AL) is a list of permissions used in physical and information technology (IT) security to control who is allowed contact with a corporate asset.  The asset can be a building, a room or a computer file. 

  • access log

    An access log is a list of all requests for individual files -- such as Hypertext Markup Language files, their embedded graphic images and other associated files that get transmitted -- that people or bots have made from a website.

  • address space layout randomization (ASLR)

    Address space layout randomization (ASLR) is a memory-protection process for operating systems (OSes) that guards against buffer-overflow attacks by randomizing the location where system executables are loaded into memory.

  • Advanced Encryption Standard (AES)

    The Advanced Encryption Standard (AES) is a symmetric block cipher chosen by the U.S. government to protect classified information.

  • advanced evasion technique (AET)

    An advanced evasion technique (AET) is a type of network attack that combines several different known evasion techniques on-the-fly to create a new technique that won't be recognized by an intrusion detection system

  • advanced persistent threat (APT)

    An advanced persistent threat (APT) is a prolonged and targeted cyber attack in which an intruder gains access to a network and remains undetected for an extended period of time.

  • adware

    Adware is any software application in which an advertising banner or other advertising material displays or downloads while a program is running.

  • alternate data stream (ADS)

    An alternate data stream (ADS) is a feature of Windows New Technology File System (NTFS) that contains metadata for locating a specific file by author or title.

  • Altman Z-score

    The Altman Z-score is a statistic that is useful for evaluating the financial health of a publicly traded manufacturing company. 

  • Android WebView

    Android WebView is a component that allows Web developers to render a web page within an Android app.

  • anti-money laundering software (AML)

    Anti-laundering software is a type of computer program used by financial institutions to analyze customer data and detect suspicious transactions... (Continued)

  • antimalware (anti-malware)

    Antimalware is a type of software program created to protect IT systems and individual computers from malicious software, or malware.

  • antispoofing

    Antispoofing is a technique for countering spoofing attacks on a computer network.

  • antivirus software (antivirus program)

    Antivirus software is a class of program designed to prevent, detect and remove malware infections on individual computing devices, networks and IT systems.

  • application blacklisting

    Application blacklisting, sometimes just referred to as blacklisting, is a network administration practice used to prevent the execution of undesirable programs.  Such programs include not only those known to contain security threats or vulnerabilities but also those that are deemed inappropriate within a given organization. Blacklisting is the method used by most antivirus programs, intrusion prevention/detection systems and spam filters.

  • application whitelisting

    Application whitelisting is the practice of specifying an index of approved software applications or executable files that are permitted to be present and active on a computer system.

  • asymmetric cryptography (public key cryptography)

    Asymmetric cryptography, also known as public-key cryptography, is a process that uses a pair of related keys -- one public key and one private key -- to encrypt and decrypt a message and protect it from unauthorized access or use.

  • ATM black box attack

    An ATM black box attack, also referred to as jackpotting, is a type of banking-system crime in which the perpetrators bore holes into the top of the cash machine to gain access to its internal infrastructure.

  • attack vector

    An attack vector is a path or means by which an attacker or hacker can gain access to a computer or network server in order to deliver a payload or malicious outcome.

  • audit log (AL)

    An audit log is a document that records an event in an information (IT) technology system.

  • Australian Assistance and Access Bill

    The Australian Assistance and Access Bill is legislation introduced and passed in 2018 by the Parliament of Australia to support law enforcement and security agencies in their ability to collect evidence from electronic devices.

  • authentication

    Authentication is the process of determining whether someone or something is, in fact, who or what it says it is.

  • authentication factor

    An authentication factor is a category of credential used for identity verification. The three most common categories are often described as something you know (the knowledge factor), something you have (the possession factor) and something you are (the inherence factor).

  • authentication server

    An authentication server is an application that facilitates the authentication of an entity that attempts to access a network.

  • authentication, authorization, and accounting (AAA)

    Authentication, authorization, and accounting (AAA) is a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services.

  • AWS CloudTrail

    AWS CloudTrail is an application program interface (API) call-recording and log-monitoring Web service offered by Amazon Web Services (AWS).

  • B

    backdoor (computing)

    A backdoor is a means to access a computer system or encrypted data that bypasses the system's customary security mechanisms.

  • biometric payment

    Biometric payment is a point-of-sale (POS) technology that uses biometric authentication physical characteristics to identify the user and authorize the deduction of funds from a bank account.

  • biometric verification

    Biometric verification is any means by which a person can be uniquely identified by evaluating one or more distinguishing biological traits.

  • biometrics

    Biometrics is the measurement and statistical analysis of people's unique physical and behavioral characteristics.

  • BIOS rootkit

    A BIOS-level rootkit is programming that exists in a system's memory hardware to enable remote administration. Because the rootkit lives in the computer’s BIOS (basic input/output system), it persists not only through attempts to reflash the BIOS but also through hard drive erasure or replacement.

  • BIOS rootkit attack

    A BIOS-level rootkit attack, also known as a persistent BIOS attack, is an exploit in which the BIOS is flashed (updated) with malicious code. A BIOS rootkit is programming that enables remote administration.

  • black hat hacker

    A black hat hacker has been historically used to describe one who has malicious intent -- such as theft of information, fraud or disrupting systems -- but increasingly, more specific terms are being used to describe those people.

  • blended threat

    A blended threat is an exploit that combines elements of multiple types of malware and usually employs various attack vectors to increase the severity of damage and the speed of contagion.

  • block cipher

    A block cipher is a method of encrypting data in blocks to produce ciphertext using a cryptographic key and algorithm.

  • Blowfish

    Blowfish is a variable-length, symmetric, 64-bit block cipher.

  • blue pill rootkit

    The blue pill rootkit is malware that executes as a hypervisor to gain control of computer resources. Joanna Rutkowska, a security researcher for Singapore-based IT security firm COSEINC, developed the Blue Pill rootkit as proof-of-concept malware, which she demonstrated at the 2006 Black Hat Briefings conference.

  • BlueKeep (CVE-2019-0708)

    BlueKeep (CVE-2019-0708) is a vulnerability in the Remote Desktop (RDP) protocol that affects Windows 7, Windows XP, Server 2003 and 2008.

  • bot worm

    A bot worm is a self-replicating malware program that resides in current memory, turns infected computers into zombies (or bots) and transmits itself to other computers. A bot worm may be created with the ultimate intention of creating a botnet that functions as a vehicle for the spread of viruses, Trojans and spam... (Continued)

  • botnet

    A botnet is a collection of internet-connected devices, which may include personal computers (PCs), servers, mobile devices and internet of things (IoT) devices, that are infected and controlled by a common type of malware, often unbeknownst to their owner.

  • bridge

    A bridge is a class of network device that’s designed to connect networks at OSI Level 2, which is the data link layer of a local-area network (LAN).

  • bring your own apps (BYOA)

    Bring your own apps (BYOA) is the trend toward employee use of third-party applications and cloud services in the workplace. BYOA, like the BYOD trend towards user-owned devices in the workplace, is an example of the increasing consumerization of IT.

  • browser hijacker (browser hijacking)

    A browser hijacker is a malware program that modifies web browser settings without the user's permission and redirects the user to websites the user had not intended to visit.

  • browser isolation

    Browser isolation is a cybersecurity model for web browsing that can be used to physically separate an internet user’s browsing activity from their local machine, network and infrastructure.

  • brute-force attack

    A brute-force attack is a trial-and-error method used by application programs to decode login information and encryption keys to use them to gain unauthorized access to systems.

  • buffer overflow

    A buffer overflow occurs when a program or process attempts to write more data to a fixed-length block of memory, or buffer, than the buffer is allocated to hold.

  • buffer underflow

    Buffer underflow, also known as buffer underrun or buffer underwrite, is a threat to data that typically occurs when the temporary holding space during information transfer, the buffer, is fed at a lower rate than it is being read from.

  • Bugbear

    Bugbear is a computer virus that spread in early October, 2002, infecting thousands of home and business computers. It is similar to an earlier virus, Klez, in terms of its invasion approach and rapid proliferation.

  • BYOI (bring your own identity)

    BYOI (bring your own identity) is an approach to digital authentication in which an end user's username and password is managed by a third party such as Facebook, Twitter, LinkedIn, Google+ or Amazon.

  • What is biometric authentication?

    Biometric authentication is a security process that relies on the unique biological characteristics of individuals to verify they are who they say they are.

  • C

    cache poisoning

    Cache poisoning is a type of cyber attack in which attackers insert fake information into a domain name system (DNS) cache or web cache for the purpose of harming users.

  • CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart)

    A CAPTCHA is a type of challenge-response system designed to differentiate humans from robotic computer programs.

  • card-not-present fraud (card-not-present transaction)

    Card-not-present (CNP) fraud is the unauthorized use of a payment card to conduct a card-not-present transaction when the cardholder cannot or does not physically present the card at the time of the transaction.

  • cardholder data (CD)

    Cardholder data (CD) refers to the primary account number (PAN) of a payment card belonging to a cardholder, along with any of the following data types: cardholder name, expiration date or service code (a three- or four-digit number coded onto the magnetic-stripe that specifies acceptance requirements and limitations for a magnetic-stripe-read transaction).

  • cardholder data environment (CDE)

    A cardholder data environment or CDE is a computer system or networked group of IT systems that processes, stores and/or transmits cardholder data or sensitive payment authentication data, as well as any component that directly connects to or supports this network.

  • Center for Internet Security (CIS)

    The Center for Internet Security (CIS) is a nonprofit organization focused on improving public- and private-sector cybersecurity readiness and response.

  • certificate authority (CA)

    A certificate authority (CA) is a trusted entity that issues Secure Sockets Layer (SSL) certificates.

  • certificate revocation list (CRL)

    A certificate revocation list (CRL) is a list of digital certificates that have been revoked by the issuing Certificate Authority (CA) before their actual or assigned expiration date.

  • Certified Cloud Security Professional (CCSP)

    The Certified Cloud Security Professional (CCSP) certification is intended for experienced IT professionals who have a minimum of five years of experience in the industry with three of those years being in information security and one year in one of the six CCSP domains.

  • Certified Information Security Manager (CISM)

    Certified Information Security Manager (CISM) is an advanced certification that indicates that an individual possesses the knowledge and experience required to develop and manage an enterprise information security (infosec) program.

  • Certified Information Systems Auditor (CISA)

    Certified Information Systems Auditor (CISA) is a certification and globally recognized standard for appraising an IT auditor's knowledge, expertise and skill in assessing vulnerabilities and instituting IT controls in an enterprise environment.

  • Certified Information Systems Risk and Compliance Professional (CISRCP)

    A Certified Information Systems Risk and Compliance Professional (CISRCP) is a person in the information technology (IT) field that has passed an examination on risk and compliance topics developed by the International Association of Risk and Compliance Professionals (IARCP).

  • Certified Information Systems Security Professional (CISSP)

    Certified Information Systems Security Professional (CISSP) is an information security certification developed by the International Information Systems Security Certification Consortium, also known as (ISC)².

  • challenge-response authentication

    In computer security, challenge-response authentication is a set of protocols used to protect digital assets and services from unauthorized users, programs or activities.

  • CHAP (Challenge-Handshake Authentication Protocol)

    CHAP (Challenge-Handshake Authentication Protocol) is a challenge and response authentication method that Point-to-Point Protocol (PPP) servers use to verify the identity of a remote user.

  • checksum

    A checksum is a value that represents the number of bits in a transmission message and is used by IT professionals to detect high-level errors within data transmissions.

  • Chernobyl virus

    The Chernobyl virus is a computer virus with a potentially devastating payload that destroys all computer data when an infected file is executed.

  • chief risk officer (CRO)

    The chief risk officer (CRO) is the corporate executive tasked with assessing and mitigating significant competitive, regulatory and technological threats to an enterprise's capital and earnings.

  • cipher

    In cryptography, a cipher is an algorithm for encrypting and decrypting data.

  • cipher block chaining (CBC)

    Cipher block chaining (CBC) is a mode of operation for a block cipher -- one in which a sequence of bits are encrypted as a single unit, or block, with a cipher key applied to the entire block.

  • ciphertext feedback (CFB)

    In cryptography, ciphertext feedback (CFB), also known as cipher feedback, is a mode of operation for a block cipher.

  • Cisco Certified Security Professional (CCSP)

    A Cisco Certified Security Professional (CCSP) is an IT (Information Technology) professional who has received formal training from Cisco Systems in network-related security hardware, software and management... (Continued)

  • CISO (chief information security officer)

    The CISO (chief information security officer) is a senior-level executive responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats.

  • CISO as a service (vCISO, virtual CISO, fractional CISO)

    A CISO as a service (CISOaaS) is the outsourcing of CISO (chief information security officer) and information security leadership responsibilities to a third-party provider.

  • claims-based identity

    Claims-based identity is a means of authenticating an end user, application or device to another system in a way that abstracts the entity's specific information while providing data that authorizes it for appropriate and relevant interactions.

  • Class C2

    Class C2 is a security rating established by the U.S. National Computer Security Center (NCSC) and granted to products that pass Department of Defense (DoD) Trusted Computer System Evaluation Criteria (TCSEC) tests.

  • click fraud (pay-per-click fraud)

    Click fraud -- sometimes called 'pay-per-click fraud' -- is a type of fraud that artificially inflates traffic statistics for online advertisements.

  • cloaking

    Cloaking is the masking of the sender's name and address in an e-mail note or distribution.

  • Cloud Controls Matrix

    The Cloud Controls Matrix is a baseline set of security controls created by the Cloud Security Alliance to help enterprises assess the risk associated with a cloud computing provider.

  • cloud security

    Cloud security, also known as cloud computing security, is the practice of protecting cloud-based data, applications and infrastructure from cyberthreats and cyber attacks.

  • Cloud Security Alliance (CSA)

    The Cloud Security Alliance (CSA) is a nonprofit organization that promotes research into best practices for securing cloud computing and the use of cloud technologies to secure other forms of computing.

  • cloud security architecture

    Cloud security architecture is a security strategy designed around securing an organization's data and applications in the cloud.

  • Cloud Security Posture Management (CSPM)

    Cloud Security Posture Management (CSPM) is a market segment for IT security tools that are designed to identify misconfiguration issues and compliance risks in the cloud.

  • COBIT

    COBIT is an IT governance framework for businesses wanting to implement, monitor and improve IT management best practices.

  • cold boot attack

    A cold boot attack is a process for obtaining unauthorized access to encryption keys stored in the dynamic random access memory (DRAM) chips of a computer system.

  • Common Body of Knowledge (CBK)

    In security, Common Body of Knowledge (CBK) is a comprehensive framework of all the relevant subjects a security professional should be familiar with, including skills, techniques and best practices.

  • Common Vulnerabilities and Exposures (CVE)

    Common Vulnerabilities and Exposures (CVE) provides unique identifiers for publicly known security threats.

  • Common Weakness Enumeration (CWE)

    Common Weakness Enumeration (CWE) is a universal online dictionary of weaknesses that have been found in computer software... (Continued)

  • compliance as a service (CaaS)

    Compliance as a Service (CaaS) is a cloud service service level agreement (SLA) that specified how a managed service provider (MSP) will help an organization meet its regulatory compliance mandates.

  • computer cracker

    A computer cracker is an outdated term used to describe someone who broke into computer systems, bypassed passwords or licenses in computer programs, or in other ways intentionally breached computer security.

  • computer exploit

    A computer exploit, or exploit, is an attack on a computer system, especially one that takes advantage of a particular vulnerability the system offers to intruders.

  • computer forensics (cyber forensics)

    Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law.

  • Computer Fraud and Abuse Act (CFAA)

    The Computer Fraud and Abuse Act (CFAA) of 1986 is United States legislation that made it a federal crime to access a protected computer without proper authorization.

  • computer worm

    A computer worm is a type of malware whose primary function is to self-replicate and infect other computers while remaining active on infected systems.

  • COMSEC (communications security)

    Communications security (COMSEC) is the prevention of unauthorized access to telecommunications traffic, or to any information that is transmitted or transferred.

  • content filtering

    Content filtering is a process involving the use of software or hardware to screen and/or restrict access to objectionable email, webpages, executables and other suspicious items.

SearchNetworking
SearchCIO
SearchEnterpriseDesktop
SearchCloudComputing
ComputerWeekly.com
Close