Risk management strategies Definitions

Browse Definitions
Search Definitions
  • A

    application blacklisting

    Application blacklisting, sometimes just referred to as blacklisting, is a network administration practice used to prevent the execution of undesirable programs.  Such programs include not only those known to contain security threats or vulnerabilities but also those that are deemed inappropriate within a given organization. Blacklisting is the method used by most antivirus programs, intrusion prevention/detection systems and spam filters.

  • application whitelisting

    Application whitelisting is the practice of identifying applications that have been deemed safe for execution and restricting all other applications from running.

  • B

    black hat

    Black hat refers to a hacker who breaks into a computer system or network with malicious intent. A black hat hacker may exploit security vulnerabilities for monetary gain; to steal or destroy private data; or to alter, disrupt or shut down websites and networks.

  • buffer underflow

    Buffer underflow, also known as buffer underrun or buffer underwrite, is a threat to data that typically occurs when the temporary holding space during information transfer, the buffer, is fed at a lower rate than it is being read from.

  • C

    Certified Information Systems Auditor (CISA)

    Certified Information Systems Auditor is a credential that demonstrates an IT professional's ability to assess risk and institute technology controls. The certification is intended for IT auditors, audit managers, consultants and security professionals.

  • CISO (chief information security officer)

    The CISO (chief information security officer) is a senior-level executive responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats.

  • computer forensics (cyber forensics)

    Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law.

  • counterfeit detector pen

    A counterfeit detector pen is a felt tip pen containing an iodine solution that can be used to help identify computer-generated counterfeit bills.

  • CSSLP (certified secure software lifecycle professional)

    The CSSLP (certified secure software lifecycle professional) is a certification for security professionals who wish to strengthen and demonstrate their knowledge about application security.

  • CVSS (Common Vulnerability Scoring System)

    The CVSS (Common Vulnerability Scoring System) rates the severity of software vulnerabilities so organizations are able to prioritize mitigation.

  • Cyber Storm

    Cyber Storm is the name of a simulated attack exercise conducted by the U.S. Department of Homeland Security (DHS) February 6-10, 2006 to evaluate whether or not the country could withstand a real attack of similar magnitude...

  • cybersecurity

    Cybersecurity is the protection of internet-connected systems, including hardware, software and data, from cyberattacks.

  • E

    ethical hacker

    An ethical hacker, also referred to as a white hat hacker, is an information security expert who systematically attempts to penetrate a computer system, network, application or other computing resource on behalf of its owners -- and with their permission -- to find security vulnerabilities that a malicious hacker could potentially exploit.

  • ethical worm

    An ethical worm is a program that automates network-based distribution of security patches for known vulnerabilities.

  • F

    fuzz testing (fuzzing)

    Fuzz testing (fuzzing) is a technique used by ethical hackers to discover security loopholes in software, operating systems or networks by massive inputting of random data to the system in an attempt to make it crash.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close