• June 04, 2007 04 Jun'07

    identity chaos (password chaos)

    Identity chaos (sometimes called password chaos) is a situation in which users have multiple identities and passwords across a variety of networks, applications, computers and/or computing devices.  Continue Reading

  • June 04, 2007 04 Jun'07

    cipher block chaining (CBC)

    Cipher block chaining (CBC) is a mode of operation for a block cipher (one in which a sequence of bits are encrypted as a single unit or block with a cipher key applied to the entire block).  Continue Reading

  • June 04, 2007 04 Jun'07

    cache cramming

    Cache cramming is a method of tricking a computer into running Java code it would not ordinarily run.  Continue Reading

  • June 04, 2007 04 Jun'07

    certificate authority (CA)

    A certificate authority (CA) is an authority in a network that issues and manages security credentials and public keys for message encryption.  Continue Reading

  • June 04, 2007 04 Jun'07

    cut-and-paste attack

    A cut-and-paste attack is an assault on the integrity of a security system in which the attacker substitutes a section of ciphertext (encrypted text) with a different section that looks like (but is not the same as) the one removed.  Continue Reading

  • June 04, 2007 04 Jun'07

    challenge-response system

    A challenge-response system is a program that replies to an e-mail message from an unknown sender by subjecting the sender to a test (called a CAPTCHA) designed to differentiate humans from automated senders.  Continue Reading

  • June 04, 2007 04 Jun'07

    Cyber Storm

    Cyber Storm is the name of a simulated attack exercise conducted by the U.S. Department of Homeland Security (DHS) February 6-10, 2006 to evaluate whether or not the country could withstand a real attack of similar magnitude...  Continue Reading

  • June 04, 2007 04 Jun'07

    email spoofing

    E-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source.  Continue Reading

  • June 04, 2007 04 Jun'07


    A cracker is someone who breaks into someone else's computer system, often on a network; bypasses passwords or licenses in computer programs; or in other ways intentionally breaches computer security.  Continue Reading

  • June 04, 2007 04 Jun'07

    Certified Information Systems Security Professional (CISSP)

    The Certified Information Systems Security Professional (CISSP) is an information security certification that was developed by the International Information Systems Security Certification Consortium, also known as (ISC)².  Continue Reading

  • June 04, 2007 04 Jun'07

    Automated Fingerprint Identification System (AFIS)

    The Automated Fingerprint Identification System (AFIS) is a biometric identification (ID) methodology that uses digital imaging technology to obtain, store, and analyze fingerprint data.  Continue Reading

  • June 04, 2007 04 Jun'07


    In the biometric process of fingerscanning, a bifurcation is a point in a finger image at which two ridges meet.  Continue Reading

  • June 04, 2007 04 Jun'07

    BioAPI Consortium

    The BioAPI Consortium is a group of over 90 organizations whose goal is to encourage and promote the growth of biometric technology by developing an industry-wide application programming interface (API.) The consortium's API defines how a software ...  Continue Reading

  • June 04, 2007 04 Jun'07

    AAA server (authentication, authorization, and accounting)

    An AAA server is a server program that handles user requests for access to computer resources and, for an enterprise, provides authentication, authorization, and accounting (AAA) services.  Continue Reading

  • June 04, 2007 04 Jun'07

    Do we need a federal breach notification law?

    There's been a lot of talk lately in security circles about the possibility of Congress passing a federal breach-notification bill, similar to the landmark California measure. Advocates of this ...  Continue Reading

  • June 04, 2007 04 Jun'07

    When cyberthieves go postal

    Like the rest of the world, the U.S. Postal Service has come to rely more than ever on the Internet to conduct business. As a result, the organization must worry about online outlaws who use its ...  Continue Reading

  • June 04, 2007 04 Jun'07

    Gartner confab looks to Security 3.0

    Today is the first full day of Gartner's annual IT Security Summit in Washington D.C., and the first order of business is the morning slate of keynotes. First up was Gartner analyst John Pescatore. ...  Continue Reading

  • June 04, 2007 04 Jun'07

    SIMs maturing and suitable for mid-market

    Security information management systems (SIMs) tools have expanded with more capabilities such as active threat response. The broadening of the technology will provide security managers with a sharper view of their overall security posture.  Continue Reading

  • June 04, 2007 04 Jun'07

    Product review: nCircle Configuration Compliance Manager

    nCircle Configuration Compliance Manager brings policy compliance and secuirty management into one centralized software suite. It provides vulnerability scanning via third-party scanners such as Nessus. This product review rates the software's ease ...  Continue Reading

  • June 04, 2007 04 Jun'07

    Interview: FDIC director explains FFIEC standard

    Michael L. Jackson, associate director of the FDIC, helped develop FFIEC, which aims to make online banking safer by forcing financial institutions to assess the risks in their environments and implement controls such as strong authentication.  Continue Reading