null Definitions

Search Definitions
  • P

    PCI policy

    A PCI policy is a type of security policy that covers how an organization addresses the 12 requirements of the Payment Card Industry Data Security Standard (PCI DSS).

  • PCI QSA

    Payment Card Industry Qualified Security Assessor (PCI QSA) is a designation conferred by the PCI Security Standards Council to individuals it deems qualified to perform PCI assessments and consulting services

  • PCI Security Standards Council

    The PCI Security Standards Council is an organization created by the major credit card companies in an effort to better protect credit card holder data.

  • PEAP (Protected Extensible Authentication Protocol)

    PEAP (Protected Extensible Authentication Protocol) is a version of EAP, the authentication protocol used in wireless networks and Point-to-Point connections. PEAP is designed to provide more secure authentication for 802.11 WLANs (wireless local area networks) that support 802.1X port access control.

  • Pegasus malware

    Pegasus malware is spyware that can hack any iOS or Android device and steal a variety of data from the infected device, including text messages, emails, key logs, audio and information from installed applications, such as Facebook or Instagram.

  • pen testing (penetration testing)

    A penetration test, also called a pen test or ethical hacking, is a cybersecurity technique organizations use to identify, test and highlight vulnerabilities in their security posture.

  • personally identifiable information (PII)

    Personally identifiable information (PII) is any data that could potentially identify a specific individual.

  • pharming

    Pharming is a scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent websites without their knowledge or consent.

  • phishing

    Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels.

  • phlashing

    Phlashing is a permanent denial of service (PDoS) attack that exploits a vulnerability in network-based firmware updates. Such an attack is currently theoretical but if carried out could render the target device inoperable... (Continued)

  • phreak

    A phreak is someone who breaks into the telephone network illegally, typically to make free long-distance phone calls or to tap phone lines.

  • physical security

    Physical security is the protection of personnel, hardware, software, networks and data from physical actions and events that could cause serious loss or damage to an enterprise, agency or institution.

  • PKI (public key infrastructure)

    PKI (public key infrastructure) is the underlying framework that enables entities -- users and servers -- to securely exchange information using digital certificates.

  • plaintext

    In cryptography, plaintext is ordinary readable text before being encrypted into ciphertext or after being decrypted.

  • Plundervolt

    Plundervolt is a method of hacking that involves depriving an Intel chip of power so that processing errors occur.

  • polymorphic virus

    A polymorphic virus is a harmful, destructive or intrusive type of malware that can change or 'morph,' making it difficult to detect with antimalware programs.

  • POODLE (Padding Oracle On Downgraded Legacy Encryption)

    POODLE (Padding Oracle On Downgraded Legacy Encryption) is a security flaw that can be exploited to conduct a man-in-the-middle attack that targets Web browser-based communication between clients and servers using Secure Sockets Layer (SSL) 3.0.

  • port scan (port scan attack)

    A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services -- each associated with a "well-known" port number -- the computer provides.

  • possession factor

    The possession factor, in a security context, is a category of user authentication credentials based on items that the user has with them, typically a hardware device such as a security token or a mobile phone used in conjunction with a software token.

  • post-quantum cryptography

    Post-quantum cryptography, also called quantum encryption, is the development of cryptographic systems for classical computers that are able to prevent attacks launched by quantum computers.

  • Pretty Good Privacy (PGP)

    Pretty Good Privacy or PGP is a popular program used to encrypt and decrypt email over the Internet, as well as authenticate messages with digital signatures and encrypted stored files.

  • principle of least privilege (POLP)

    The principle of least privilege (POLP) is a concept in computer security that limits users' access rights to only what are strictly required to do their jobs.

  • private CA (private PKI)

    Private CA stands for private certification authority and is an enterprise specific CA that functions like a publicly trusted CA but is exclusively run by or for the enterprise.

  • private key

    A private key, also known as a secret key, is a variable in cryptography that is used with an algorithm to encrypt and decrypt code.

  • privilege creep

    Privilege creep is the gradual accumulation of access rights beyond what an individual needs to do his job. In IT, a privilege is an identified right that a particular end user has to a particular system resource, such as a file folder.

  • privilege escalation attack

    A privilege escalation attack is a type of network intrusion that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications.

  • privileged access management (PAM)

    Privileged access management (PAM) is the combination of tools and technology used to secure, control and monitor access to an organization's critical information and resources.

  • privileged identity management (PIM)

    Privileged identity management (PIM) is the monitoring and protection of superuser accounts in an organization’s IT environments. Oversight is necessary so that the greater access abilities of super control accounts are not misused or abused. Unmanaged superuser accounts can lead to loss or theft of sensitive corporate information, or malware that can compromise the network.

  • probe

    In telecommunications generally, a probe is an action taken or an object used for the purpose of learning something about the state of the network.

  • promiscuous mode

    In a network, promiscuous mode allows a network device to intercept and read each network packet that arrives in its entirety. This mode of operation is sometimes given to a network snoop server that captures and saves all packets for analysis (for example, for monitoring network usage)... (Continued)

  • proof of concept (PoC) exploit

    A proof of concept (PoC) exploit is a non-harmful attack against a computer or network. PoC exploits are not meant to cause harm, but to show security weaknesses within software.

  • proxy firewall

    A proxy firewall is a network security system that protects network resources by filtering messages at the application layer.

  • public key

    In cryptography, a public key is a value provided by some designated authority as an encryption key that, combined with a private key derived from the public key, can be used to effectively encrypt messages and digital signatures.

  • public key certificate

    A public key certificate is a digitally signed document that serves to validate the sender's authorization and name.

  • Public-Key Cryptography Standards (PKCS)

    The Public-Key Cryptography Standards (PKCS) are a set of intervendor standard protocols for making possible secure information exchange on the Internet using a public key infrastructure (PKI).

  • PUP (potentially unwanted program)

    A PUP (potentially unwanted program) is a program that may be unwanted, despite the possibility that users consented to download it.

  • Pwn2Own

    Pwn2Own is an annual hacking competition sponsored by security vendor TippingPoint and held at the CanSecWest security conference.

  • Q

    Qualified Security Assessor (QSA)

    A Qualified Security Assessor (QSA) is a person who has been certified by the PCI Security Standards Council to audit merchants for Payment Card Industry Data Security Standard (PCI DSS) compliance.

  • quantum cryptography

    Quantum cryptography uses our current knowledge of physics to develop a cryptosystem that is not able to be defeated - that is, one that is completely secure against being compromised without knowledge of the sender or the receiver of the messages.

  • quantum key distribution (QKD)

    Quantum key distribution (QKD) is a secure communication method for exchanging encryption keys only known between shared parties.

  • quantum supremacy

    Quantum supremacy is the experimental demonstration of a quantum computer's dominance and advantage over classic computers by performing calculations that were previously impossible at unmatched speeds.

  • R

    RADIUS (Remote Authentication Dial-In User Service)

    Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service.

  • ransomware

    Ransomware is a subset of malware in which the data on a victim's computer is locked -- typically by encryption -- and payment is demanded before the ransomed data is decrypted and access is returned to the victim.

  • RAT (remote access Trojan)

    A remote access Trojan (RAT) is a malware program that gives an intruder administrative control over a target computer. RATs are usually downloaded invisibly with a user-requested program -- such as a game -- or sent as an email attachment. Once the host system is compromised, the intruder may use it to distribute more RATs for a botnet.

  • Regin malware

    Regin is a complex strain of back-door Trojan malware that uses a multi-staged, modular approach to infect its targets for the purpose of monitoring user activity and stealing data.

  • registration authority (RA)

    A registration authority (RA) is an authority in a network that verifies user requests for a digital certificate and tells the certificate authority (CA) to issue it.

  • remote access

    Remote access is the ability for an authorized person to access a computer or a network from a geographical distance through a network connection. Remote access enables users to connect to the systems they need when they are physically far away. This is especially important for employees who work at branch offices, are traveling or telecommute to work.

  • Report on Compliance (ROC)

    A Report on Compliance (ROC) is a form that must be completed by all Level 1 Visa merchants undergoing a PCI DSS audit. In general, a level 1 merchant is one who processes over 6 million Visa transactions in a year.

  • Rescator

    Rescator is the name of an underground online forum which allegedly sold credit card data stolen from customers who shopped at the United States discount retail chain, Target. 

  • reverse brute-force attack

    A reverse brute-force attack is a type of brute-force attack in which an attacker uses a common password against multiple usernames in an attempt to gain access to a network.

  • Rijndael

    Rijndael (pronounced rain-dahl) is the algorithm that has been selected by the U.S. National Institute of Standards and Technology (NIST) as the candidate for the Advanced Encryption Standard (AES).

  • risk analysis

    Risk analysis is the process of identifying and analyzing potential issues that could negatively impact key business initiatives or projects.

  • risk-based authentication (RBA)

    Risk-based authentication (RBA) is a method of applying varying levels of stringency to authentication processes based on the likelihood that access to a given system could result in its being compromised. As the level of risk increases, the authentication process becomes more comprehensive and restrictive.

  • Robert Morris worm

    The Robert Morris worm is widely acknowledged as the first computer worm to be distributed across the Internet and the first computer virus to receive mainstream media attention.

  • Rock Phish

    Rock Phish is both a phishing toolkit and the entity that publishes the kit, either a hacker, or, more likely, a sophisticated group of hackers. While the authors of the kit remain anonymous, Rock Phish has become the most popular phishing kit available online, with some estimates suggesting that the kit is used for half of all phishing attempts.

  • role mining

    Role mining is the process of analyzing user-to-resource mapping data to determine or modify user permissions for role-based access control (RBAC) in an enterprise... (Continued)

  • role-based access control (RBAC)

    Role-based access control (RBAC) is a method of restricting network access based on the roles of individual users within an enterprise.

  • rootkit

    A rootkit is a program or, more often, a collection of software tools that gives a threat actor remote access to and control over a computer or other system.

  • Rowhammer

    Rowhammer is a vulnerability in commodity dynamic random access memory (DRAM) chips that allows an attacker to exploit devices with DRAM memory by repeatedly accessing (hammering) a row of memory until it causes bit flips and transistors in adjacent rows of memory reverse their binary state: ones turn into zeros and vice versa.

  • RSA algorithm (Rivest-Shamir-Adleman)

    The RSA algorithm is the basis of a cryptosystem -- a suite of cryptographic algorithms that are used for specific security services or purposes -- which enables public key encryption and is widely used to secure sensitive data, particularly when it is being sent over an insecure network such as the internet.

  • S

    salt

    In password protection, salt is a random string of data used to modify a password hash.

  • Same Origin Policy (SOP)

    The Same Origin Policy (SOP), also called Single Origin Policy, is a security measure used in Web browser programming languages such as JavaScript and Ajax to protect the confidentiality and integrity of information.

  • SAML (Security Assertion Markup Language)

    The Security Assertion Markup Language (SAML) is an open standard for sharing security information about identity, authentication and authorization across different systems.

  • sandbox (software testing and security)

    A sandbox is an isolated testing environment that enables users to run programs or execute files without affecting the application, system or platform on which they run.

  • screened subnet (triple-homed firewall)

    A screened subnet (also known as a 'triple-homed firewall') is a network architecture that uses a single firewall with three network interfaces... (Continued)

  • script kiddy (or script kiddie)

    Script kiddy (sometimes spelled kiddie) is a derogative term, originated by the more sophisticated crackers of computer security systems, for the more immature, but unfortunately often just as dangerous exploiter of security lapses on the Internet.

  • Secure Electronic Transaction (SET)

    Secure Electronic Transaction (SET) is a system for ensuring the security of financial transactions on the Internet.

  • Secure Shell (SSH)

    SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.

  • Securities and Exchange Commission (SEC)

    The Securities and Exchange Commission (SEC) is a U.S. government agency that oversees securities transactions, activities of financial professionals and mutual fund trading to prevent fraud and intentional deception... (Continued)

  • security

    Security for information technology (IT) refers to the methods, tools and personnel used to defend an organization's digital assets.

  • security analytics

    Security analytics is an approach to cybersecurity that uses data collection, data aggregation and analysis tools for threat detection and security monitoring.

  • Security as a Service (SaaS)

    Security-as-a-service (SaaS) is an outsourcing model for security management. Typically, Security as a Service involves applications such as anti-virus software delivered over the Internet but the term can also refer to security management provided in-house by an external organization.

  • security awareness training

    Security awareness training is a formal process for educating employees about corporate policies and procedures for working with information technology (IT).

  • security clearance

    A security clearance is an authorization that allows access to information that would otherwise be forbidden.

  • security debt

    Security debt is a variant of technical debt that occurs when organizations do not invest enough money or resources into security efforts upfront. The term compares the pressures of monetary debt with the long-term burden developers and IT teams face when security shortcuts are taken.

  • security identifier (SID)

    In Windows NT and 2000 operating systems, the security identifier (SID) is a unique alphanumeric character string that identifies each operating system and each user in a network of NT/2000 systems.

  • security information and event management (SIEM)

    Security information and event management (SIEM) is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system.

  • security information management (SIM)

    Security information management (SIM) is the practice of collecting, monitoring and analyzing security-related data from computer logs. A security information management system (SIMS) automates that practice. Security information management is sometimes called security event management (SEM).

  • security operations center (SOC)

    A security operations center (SOC) is a command center facility for a team of IT professionals with expertise in information security who monitors, analyzes and protects an organization from cyber attacks.

  • security policy

    In business, a security policy is a document that states in writing how a company plans to protect the company's physical and information technology (IT) assets.

  • security posture

    Security posture refers to an organization's overall cybersecurity strength and how well it can predict, prevent and respond to ever-changing cyberthreats.

  • security token (authentication token)

    A security token (sometimes called an authentication token) is a small hardware device that the owner carries to authorize access to a network service.

  • self-sovereign identity

    Self-sovereign identity (SSI) is a model for managing digital identities in which an individual or business has sole ownership over the ability to control their accounts and personal data. 

  • Sender Policy Framework (SPF)

    Sender Policy Framework (SPF) is an anti-spam approach in which the Internet domain of an e-mail sender can be authenticated for that sender, thereby discouraging spam mailers, who routinely disguise the origin of their e-mail, a practice known as e-mail spoofing.

  • session key

    A session key is an encryption and decryption key that is randomly generated to ensure the security of a communications session between a user and another computer or between two computers.

  • shadow password file

    In the Linux operating system, a shadow password file is a system file in which encryption user password are stored so that they aren't available to people who try to break into the system.

  • Shared Key Authentication (SKA)

    Shared Key Authentication (SKA) is a process by which a computer can gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol... (Continued)

  • shared secret

    A shared secret is data known to only the two entities involved in a communication so that either party's possession of that data can be provided as proof of identity for authentication.

  • Shellshock

    Shellshock is the common name for a coding vulnerability found in the Bash shell user interface that affects Unix-based operating systems, including Linux and Mac OS X, and allows attackers to remotely gain complete control of a system.

  • shoulder surfing

    Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information.

  • side-channel attack

    A side-channel attack is a security exploit that aims to gather information from or influence the program execution of a system by measuring or exploiting indirect effects of the system or its hardware -- rather than targeting the program or its code directly.

  • signature analysis

    Signature analysis has two meanings. It can involve scrutinizing human signatures in order to detect forgeries and it can be a troubleshooting technique in which an AC signal with a specific waveform is applied across a component.

  • signature file

    A signature file is a short text file you create for use as a standard appendage at the end of your e-mail notes or Usenet messages.

  • single sign-on (SSO)

    Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials -- for example, a name and password -- to access multiple applications.

  • single-factor authentication (SFA)

    Single-factor authentication (SFA) is the traditional security process that requires a user name and password before granting access to the user.

  • single-factor token

    A single-factor token is a small hardware device that produces one confirming credential for user authentication; the devices may be used in conjunction with other types of credentials for multifactor authentication.

  • smart card

    A smart card is a physical card that has an embedded integrated chip that acts as a security token.

  • snooping

    Snooping, in a security context, is unauthorized access to another person's or company's data. The practice is similar to eavesdropping but is not necessarily limited to gaining access to data during its transmission. Snooping can include casual observance of an e-mail that appears on another's computer screen or watching what someone else is typing. More sophisticated snooping uses software programs to remotely monitor activity on a computer or network device.

  • SOAR (security orchestration, automation and response)

    SOAR (security orchestration, automation and response) is a stack of compatible software programs that enables an organization to collect data about security threats and respond to security events without human assistance.

  • social engineering

    Social engineering is an attack vector that relies heavily on human interaction and often involves manipulating people into breaking normal security procedures and best practices to gain unauthorized access to systems, networks or physical locations or for financial gain.

SearchCloudSecurity
SearchNetworking
SearchCIO
SearchEnterpriseDesktop
SearchCloudComputing
ComputerWeekly.com
Close