Information Security Definitions

This glossary explains the meaning of key words and phrases that information technology (IT) and business professionals use when discussing IT security and related software products. You can find additional definitions by visiting WhatIs.com or using the search box below.

Search Definitions
  • L

    lifestyle polygraph

    A lifestyle polygraph is a lie-detector (polygraph) test that is administered as a requirement for employment in certain fields.

  • link encryption (link level or link layer encryption)

    Link encryption (sometimes called link level or link layer encryption) is the data security process of encrypting information at the data link level as it is transmitted between two points within a network.

  • live capture

    Live capture is the act or method of gathering biometric data from an individual while the individual is physically present.

  • logic bomb

    A logic bomb, sometimes referred to as slag code, is a string of malicious code used to cause harm to a network when the programmed conditions are met.

  • logon (or login)

    In general computer usage, logon is the procedure used to get access to an operating system or application, usually in a remote computer.

  • LUHN formula (modulus 10)

    The LUHN formula, also called modulus 10, is a simple algorithm used to validate the number on a credit card.

  • NICE Framework

    The National Initiative for Cybersecurity Education Cybersecurity Workforce Framework (NICE Framework) is a reference resource that classifies the typical skill requirements and duties of cybersecurity workers.

  • M

    macro virus

    A macro virus is a computer virus written in the same macro language used for software programs, including Microsoft Excel or word processors such as Microsoft Word.

  • madware

    Madware is a type of aggressive advertising that affects smartphones and tablets. The name, which is a portmanteau combining the words mobile and adware, was coined by the security vendor Symantec to describe a type of intrusive advertising that currently affects Android smartphones and tablets.

  • mail bomb

    A mail bomb is the sending of a massive amount of e-mail to a specific person or system.

  • Malicious Computer Code: Glossary

    This is a glossary of terms related to malicious computer code.

  • malvertisement (malicious advertisement or malvertising)

    A malvertisement (malicious advertisement) is an advertisement on the Internet that is capable of infecting the viewer's computer with malware.

  • malware (malicious software)

    Malware, or malicious software, is any program or file that is harmful to a computer user.

  • Malware: Glossary

    This is a glossary of terms related to malware.

  • Malwarebytes software

    Malwarebytes is a cross-platform anti-malware program that detects and removes malware and other rogue software.

  • man in the browser

    Man in the browser refers to an emerging tactic used by hackers to commit financial fraud... (Continued)

  • man-in-the-disk (MITD) attack

    Man-in-the-disk (MITD) is an attack vector that allows an intruder to intercept and potentially alter data as it moves between Android external storage and an installed app.

  • managed security services (MSS)

    Managed security services (MSS) is a systematic approach to managing an organization's security needs.

  • mandatory access control (MAC)

    Mandatory access control (MAC) is a system-controlled policy restricting access to resource objects (such as data files, devices, systems, etc.) based on the level of authorization or clearance of the accessing entity, be it person, process, or device.

  • masquerade

    In general, a masquerade is a disguise.

  • MD2

    MD2 is an earlier, 8-bit version of MD5, an algorithm used to verify data integrity through the creation of a 128-bit message digest from data input (which may be a message of any length) that is claimed to be as unique to that specific data as a fingerprint is to the specific individual.

  • MD4

    MD4 is an earlier version of MD5, an algorithm used to verify data integrity through the creation of a 128-bit message digest from data input (which may be a message of any length) that is claimed to be as unique to that specific data as a fingerprint is to the specific individual.

  • MD5

    The MD5 hashing algorithm is a one-way cryptographic function that accepts a message of any length as input and returns as output a fixed-length digest value to be used for authenticating the original message.

  • Melissa virus

    Melissa is a fast-spreading macro virus that is distributed as an e-mail attachment that, when opened, disables a number of safeguards in Word 97 or Word 2000, and, if the user has the Microsoft Outlook e-mail program, causes the virus to be resent to the first 50 people in each of the user's address books.

  • Meltdown and Spectre flaws

    Meltdown and Spectre flaws are variations on vulnerabilities to most computer chips manufactured in the past 20 years that can gain access to data and information stored on the device.

  • memory-scraping malware

    Memory-scraping malware is a type of malware that helps hackers to find personal data. It examines memory to search for sensitive data that is not available through other processes.

  • message authentication code (MAC)

    A message authentication code (MAC) is a cryptographic checksum on data that uses a session key to detect both accidental and intentional modifications of the data.

  • messaging security

    Messaging security is a subcategory of unified threat management (UTM) focused on securing and protecting an organization’s communication infrastructure.

  • metamorphic and polymorphic malware

    Metamorphic and polymorphic malware are two categories of malicious programs that have the ability to change their code as they propagate.

  • Metamorphic virus

    A metamorphic virus is a type of malware that is capable of changing its code and signature patterns with each iteration.

  • MICR (magnetic ink character recognition)

    MICR (magnetic ink character recognition) is a technology used to verify the legitimacy or originality of paper documents, especially checks.

  • micro VM (micro virtual machine)

    A micro VM (micro virtual machine) is a virtual machine program that serves to isolate an untrusted computing operation from a computer's host operating system.

  • micro-botnet (mini-botnet or baby botnet)

    A micro-botnet, also called a mini-botnet or baby botnet, is a small network of Internet-connected computers that have been hijacked to attack specific companies or individuals within a company.

  • Microsoft Enhanced Mitigation Experience Toolkit (EMET)

    Microsoft's Enhanced Mitigation Experience Toolkit (EMET) is a free Windows-based security tool that adds supplemental security defenses to defend potentially vulnerable legacy and third-party applications.

  • Microsoft FIM (Microsoft Forefront Identity Manager)

    Microsoft Forefront Identity Manager (FIM) is a self-service identity management software suite.

  • Microsoft Schannel (Microsoft Secure Channel)

    The Microsoft Secure Channel or Schannel is a security package that facilitates the use of Secure Sockets Layer (SSL) and/or Transport Layer Security (TLS) encryption on Windows platforms.

  • Microsoft Security Essentials (MSE)

    Microsoft Security Essentials (MSE) is an antimalware software product made by Microsoft that provides protection for client computers against viruses, worms, Trojans, spyware and other malicious software on Windows XP, Windows Vista and Windows 7 systems.

  • minutiae

    In the biometric process of fingerscanning, minutiae are specific points in a finger image.

  • MITRE ATT&CK framework

    The MITRE ATT&CK (pronounced 'miter attack') framework is a free, globally accessible service that provides comprehensive and up-to-date cyberthreat information to organizations looking to strengthen their cybersecurity strategies.

  • mobile authentication

    Mobile authentication is the verification of a user’s identity through the use a mobile device and one or more authentication methods for secure access.

  • MPPE (Microsoft Point-to-Point Encryption)

    MPPE (Microsoft Point-to-Point Encryption) is a method of encrypting data transferred across Point-to-Point Protocol (PPP)-based dial-up connections or Point-to-Point Tunneling Protocol (PPTP) virtual private network (VPN) connections.

  • multifactor authentication (MFA)

    Multifactor authentication (MFA) is a security system that requires more than one method of authentication from independent categories of credentials to verify the user’s identity for a login or other transaction.

  • multifactor token

    Multifactor tokens are security tokens that use more than one category of credential to confirm user authentication. The standard categories of authentication credentials are knowledge factors things that the user knows) inherence factors (things that the user is) and possession factors (things that the user has).

  • munging

    Munging is the deliberate alteration of an e-mail address on a Web page to hide the address from spambot programs that scour the Internet for e-mail addresses.

  • mutual authentication

    Mutual authentication, also called two-way authentication, is a process or technology in which both entities in a communications link authenticate each other... (Continued)

  • Mytob

    Mytob is a worm used by hackers to gather personal and financial information by phishing, a form of e-mail fraud where the perpetrator sends out legitimate-looking messages that appear to come from well-known and trustworthy Web sites. Since Mytob first originated in February 2005, numerous variants have emerged. Some forms of the worm cause infected computers to send out e-mail messages containing a link to a Web site that hosts rogue programming code. Earlier versions appear as e-mail attachments.

  • Windows Defender Advanced Threat Protection (ATP)

    Windows Defender Advanced Threat Protection (ATP) is a Microsoft security solution that is designed to help enterprise-class organizations detect and respond to security threats.

  • N

    cryptographic nonce

    A nonce is a random or semi-random number that is generated for a specific use, typically related to cryptographic communication or information technology.

  • National Computer Security Center (NCSC)

    The National Computer Security Center (NCSC) is a U.S. government organization within the National Security Agency (NSA) that evaluates computing equipment for high security applications to ensure that facilities processing classified or other sensitive material are using trusted computer systems and components.

  • national identity card

    A national identity card is a portable document, typically a plasticized card with digitally-embedded information, that someone is required or encouraged to carry as a means of confirming their identity. Since the World Trade Center tragedy of September 11, 2001, many countries have discussed issuing national identity cards as a way to distinguish terrorists from the law-abiding population. (Continued)

  • National Security Agency (NSA)

    The National Security Agency is the official U.S. cryptologic organization of the United States Intelligence Community under the Department of Defense.

  • NCSA

    NCSA at the University of Illinois in Urbana, Illinois is the home of the first Web browser that had a graphical user interface.

  • network behavior analysis (NBA)

    Network behavior analysis (NBA) is a method of enhancing the security of a proprietary network by monitoring traffic and noting unusual actions or departures from normal operation... (Continued)

  • network behavior anomaly detection (NBAD)

    Network behavior anomaly detection (NBAD) is the continuous monitoring of a proprietary network for unusual events or extraordinary trends.

  • network encryption (network layer or network level encryption)

    Network encryption (sometimes called network layer, or network level encryption) is a network security process that applies crypto services at the network transfer layer - above the data link level, but below the application level.

  • network forensics

    Network forensics is the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents.

  • network vulnerability scanning

    A vulnerability scan detects and classifies system weaknesses in computers, networks and communications equipment and predicts the effectiveness of countermeasures.

  • next-generation firewall (NGFW)

    A next-generation firewall (NGFW) is a part of the third generation of firewall technology that is implemented in either hardware or software and is capable of detecting and blocking sophisticated attacks by enforcing security policies at the application, port and protocol levels.

  • Nimda

    First appearing on September 18, 2001, Nimda is a computer virus that caused traffic slowdowns as it rippled across the Internet, spreading through four different methods, infecting computers containing Microsoft's Web server, Internet Information Server (IIS), and computer users who opened an e-mail attachment.

  • NIST Cybersecurity Framework

    The NIST Cybersecurity Framework (NIST CSF) is a policy framework surrounding IT infrastructure security.

  • nonrepudiation

    Nonrepudiation is the assurance that someone cannot deny something, such as the receipt of a message or the authenticity of a statement or contract... (Continued)

  • O

    OCSP (Online Certificate Status Protocol)

    OCSP (Online Certificate Status Protocol) is one of two common schemes for maintaining the security of a server and other network resources.

  • one-time pad

    In cryptography, a one-time pad is a system in which a private key generated randomly is used only once to encrypt a message that is then decrypted by the receiver using a matching one-time pad and key.

  • one-time password (OTP)

    A one-time password (OTP) is an automatically generated numeric or alphanumeric string of characters that authenticates the user for a single transaction or login session.

  • one-time password token (OTP token)

    A one-time password token (OTP token) is a security hardware device or software program that is capable of producing a single-use password or PIN passcode.

  • Open Source Hardening Project

    The Open Source Hardening Project is an initiative of the United States Department of Homeland Security, created to improve the security of open source code. Because the infrastructure of the Internet, financial institutions and many other critcal systems in the U.S. run on open source software, the security of these applications is crucial... (Continued)

  • Open System Authentication (OSA)

    Open System Authentication (OSA) is a process by which a computer can gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol. With OSA, a computer equipped with a wireless modem can access any WEP network and receive files that are not encrypted... (Continued)

  • OpenAppID

    OpenAppID is an application-layer network security plugin for the open source intrusion detection system Snort.

  • OpenVPN (open source virtual private network)

    OpenVPN is an open source virtual private network (VPN) product that offers simplified security, a modular network design and cross-platform portability. OpenVPN is licensed under the GNU General Public License (GPL). Private licenses are available for individuals or companies wishing to redistribute OpenVPN in modified form.

  • Operation Phish Phry

    Operation Phish Phry is a cybercrime investigation carried out by the United States Federal Bureau of Investigation (FBI), the Los Angeles Electronic Crimes Task Force and Egyptian authorities.

  • Oracle Critical Patch Update (Oracle CPU)

    The Oracle Critical Patch Update (CPU) is an ongoing series of regularly issued fixes for security flaws in products made by or maintained by software giant Oracle Corp.

  • orphan account

    An orphan account, also referred to as an orphaned account, is a user account that can provide access to corporate systems, services and applications but does not have a valid owner.

  • out-of-band authentication

    Out-of-band authentication is a type of two-factor authentication that requires a secondary verification method through a separate communication channel along with the typical ID and password. Out-of-band authentication is often used in financial institutions and other organizations with high security requirements.

  • output feedback (OFB)

    In cryptography, output feedback (OFB) is a mode of operation for a block cipher.

  • P

    P versus NP (polynomial versus nondeterministic polynomial)

    P versus NP (polynomial versus nondeterministic polynomial) refers to a theoretical question presented in 1971 by Leonid Levin and Stephen Cook, concerning mathematical problems that are easy to solve (P type) as opposed to problems that are difficult to solve (NP type).

  • P3P (Platform for Privacy Preferences)

    P3P (Platform for Privacy Preferences) is a protocol that specifies a way to determine if a Web site's security policies meet a user's privacy requirements.

  • PA-DSS (Payment Application Data Security Standard)

    Payment Application Data Security Standard (PA-DSS) is a set of requirements that are intended to help software vendors develop secure payment applications that support PCI DSS compliance.

  • packet monkey

    On the Internet, a packet monkey is someone (see cracker, hacker, and script kiddy) who intentionally inundates a Web site or network with data packets, resulting in a denial-of-service situation for users of the attacked site or network.

  • Palladium

    Palladium is a plan from Intel, AMD, and Microsoft to build security into personal computers and servers at the microprocessor level.

  • PAN truncation (primary account number)

    PAN (primary account number) truncation is a technology that prevents most of the digits in a credit card, debit card or bank account number from appearing on printed receipts issued to customers... (Continued)

  • parameter tampering

    Parameter tampering is a form of Web-based hacking event (called an attack) in which certain parameters in the Uniform Resource Locator (URL) or Web page form field data entered by a user are changed without that user's authorization... (Continued)

  • pass the hash attack

    A pass the hash attack is an NT LAN Manager (NTLM)-based technique in which an attacker steals a hashed user credential and, without cracking it, reuses it to trick a Windows-based authentication system into creating a new authenticated session on the same network.

  • passphrase

    A passphrase is a string of characters longer than the usual password (which is typically from four to 16 characters long) that is used in creating a digital signature (an encoded signature that proves to someone that it was really you who sent a message) or in an encryption or a decryption of a message.

  • password

    A password is an unspaced sequence of characters used to determine that a computer user requesting access to a computer system is really that particular user.

  • password cracker

    A password cracker is an application program that is used to identify an unknown or forgotten password to a computer or network resources.

  • password hardening

    Password hardening is any one of a variety of measures taken to make it more difficult for an intruder to circumvent the authentication process.

  • password synchronization

    Password synchronization is an authentication process that coordinates user passwords across various computers and computing devices so a user only has to remember a single password instead of multiple passwords for different machines or devices.

  • passwordless authentication

    Passwordless authentication is a verification process that determines whether someone is, in fact, who they say they are without requiring the person to manually enter a string of characters.

  • Patch Tuesday

    Patch Tuesday is the unofficial name of Microsoft's scheduled release of the newest security fixes for its Windows operating system and related software applications, as detailed in the Windows Security Updates Guide.

  • payload (computing)

    In computing, a payload is the carrying capacity of a packet or other transmission data unit. The term has its roots in the military and is often associated with the capacity of executable malicious code  to do damage. Technically, the payload of a specific packet or other protocol data unit (PDU) is the actual transmitted data sent by communicating endpoints.

  • PCI assessment

    A PCI assessment is an audit of the 12 credit card transaction compliance requirements required by the Payment Card Industry Data Security Standard.

  • PCI DSS 12 requirements

    PCI DSS 12 requirements is a set of security controls that businesses are required to implement to protect credit card data and comply with the Payment Card Industry Data Security Standard (PCI DSS).

  • PCI DSS 2.0

    PCI DSS 2.0 (Payment Card Industry Data Security Standard Version 2.0) is the second version of the Payment Card Industry Data Security Standard (PCI DSS).

  • PCI DSS 3.0

    PCI DSS 3.0 is the third major iteration of the Payment Card Industry Data Security Standard, a set of policies and procedures administered by the Payment Card Industry Security Standards Council (PCI SSC) to ensure the security of electronic payment data and sensitive authentication data.

  • PCI DSS merchant levels

    Merchant levels are used by the payment card industry (PCI) to determine risk levels and determine the appropriate level of security for their businesses. Specifically, merchant levels determine the amount of assessment and security validation that is required for the merchant to pass PCI DSS assessment.

  • PCI DSS User Group

    The PCI DSS User Group is a London-based user group for merchants and retailers who must comply with the 12 requirements of the Payment Card Industry Data Security Standard (PCI DSS).

  • PCI gap assessment

    A PCI gap assessment is the identification, analysis and documentation of areas of non-compliance with the Payment Card Industry Data Security Standard (PCI DSS). PCI gap assessment is the first step for a merchant seeking to become PCI DSS-compliant.

  • PCI policy

    A PCI policy is a type of security policy that covers how an organization addresses the 12 requirements of the Payment Card Industry Data Security Standard (PCI DSS).

  • PCI QSA

    Payment Card Industry Qualified Security Assessor (PCI QSA) is a designation conferred by the PCI Security Standards Council to individuals it deems qualified to perform PCI assessments and consulting services

  • PCI Security Standards Council

    The PCI Security Standards Council is an organization created by the major credit card companies in an effort to better protect credit card holder data.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close