June 2007

  • graphical password or graphical user authentication (GUA)

    A graphical password is an authentication system that works by having the user select from images, in a specific order, presented in a graphical user interface (GUI).

  • identity chaos (password chaos)

    Identity chaos (sometimes called password chaos) is a situation in which users have multiple identities and passwords across a variety of networks, applications, computers and/or computing devices.

  • federated identity management (FIM)

    Federated Identity Management (FIM) is an arrangement that can be made among multiple enterprises that lets subscribers use the same identification data to obtain access to the networks of all ente...

  • IP spoofing (IP address forgery or a host file hijack)

    IP spoofing, also known as IP address forgery, is a hijacking technique in which the attacker masquerades as a trusted host to conceal his identity, hijack browsers, or gain access to a network. T...

  • cut-and-paste attack

    A cut-and-paste attack is an assault on the integrity of a security system in which the attacker substitutes a section of ciphertext (encrypted text) with a different section that looks like (but i...

  • cipher block chaining (CBC)

    Cipher block chaining (CBC) is a mode of operation for a block cipher (one in which a sequence of bits are encrypted as a single unit or block with a cipher key applied to the entire block).

  • certificate authority (CA)

    (CA also stands for conditional access, a term used in DTV.) A certificate authority (CA) is an authority in a network that issues and manages security credentials and public keys for message encry...

  • cache cramming

    Cache cramming is a method of tricking a computer into running Java code it would not ordinarily run.

  • Cyber Storm

    Cyber Storm is the name of a simulated attack exercise conducted by the U.S. Department of Homeland Security (DHS) February 6-10, 2006 to evaluate whether or not the country could withstand a real ...

  • challenge-response system

    A challenge-response system is a program that replies to an e-mail message from an unknown sender by subjecting the sender to a test (called a CAPTCHA) designed to differentiate humans from automat...

  • authentication

    Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be.

  • email spoofing

    E-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source.

  • Certificate Revocation List (CRL)

    Certificate Revocation List (CRL) is one of two common methods when using a public key infrastructurefor maintaining access to servers in a network.

  • cracker

    A cracker is someone who breaks into someone else's computer system, often on a network; bypasses passwords or licenses in computer programs; or in other ways intentionally breaches computer security.

  • Certified Information Systems Security Professional (CISSP)

    The Certified Information Systems Security Professional (CISSP) is an information security certification that was developed by the International Information Systems Security Certification Consortiu...

  • BioAPI Consortium

    The BioAPI Consortium is a group of over 90 organizations whose goal is to encourage and promote the growth of biometric technology by developing an industry-wide application programming interface ...

  • bifurcation

    In the biometric process of fingerscanning, a bifurcation is a point in a finger image at which two ridges meet.

  • Automated Fingerprint Identification System (AFIS)

    The Automated Fingerprint Identification System (AFIS) is a biometric identification (ID) methodology that uses digital imaging technology to obtain, store, and analyze fingerprint data.

  • AAA server (authentication, authorization, and accounting)

    An AAA server is a server program that handles user requests for access to computer resources and, for an enterprise, provides authentication, authorization, and accounting (AAA) services.

  • SIMs maturing and suitable for mid-market

    Security information management systems (SIMs) tools have expanded with more capabilities such as active threat response. The broadening of the technology will provide security managers with a sha...