Get started

Data Security and Cloud Computing

• journaling file system

  A journaling file system is a fault-resilient file system in which data integrity is ensured because updates to directories and bitmaps are constantly written to a serial log on disk before the original disk log is updated. Continue Reading

• key

  In cryptography, a key is a variable value that is applied using an algorithm to a string or block of unencrypted text to produce encrypted text, or to decrypt encrypted text. Continue Reading

• security identifier (SID)

  In Windows NT and 2000 operating systems, the security identifier (SID) is a unique alphanumeric character string that identifies each operating system and each user in a network of NT/2000 systems. Continue Reading

• executable

  In computers, to execute a program is to run the program in the computer, and, by implication, to start it to run. Continue Reading

• cryptology

  Cryptology is the mathematics, such as number theory, and the application of formulas and algorithms, that underpin cryptography and cryptanalysis. Continue Reading

• Definitions to Get Started

  • Federal Information Security Management Act (FISMA)
  • CISO as a service (vCISO, virtual CISO, fractional CISO)
  • access control
  • advanced persistent threat (APT)

  • biometrics
  • zero-day (computer)
  • PCI DSS 12 requirements
  • vulnerability assessment (vulnerability analysis)

  View All Definitions

• access log

  An access log is a list of all the requests for individual files that people have requested from a Web site.Continue Reading

• session key

  A session key is an encryption and decryption key that is randomly generated to ensure the security of a communications session between a user and another computer or between two computers.Continue Reading

• globbing

  Globbing is the process of expanding a non-specific file name containing a wildcard character into a set of specific file names that exist in storage on a computer, server, or network. A wildcard is a symbol that can stand for one or more characters...Continue Reading

• stack smashing

  Stack smashing is causing a stack in a computer application or operating system to overflow.Continue Reading

• sudo (superuser do)

  Sudo (superuser do) is a utility for UNIX- and Linux-based systems that provides an efficient way to give specific users permission to use specific system commands at the root (most powerful) level of the system. Sudo also logs all commands and ...Continue Reading

• Bugbear

  Bugbear is a computer virus that spread in early October, 2002, infecting thousands of home and business computers. It is similar to an earlier virus, Klez, in terms of its invasion approach and rapid proliferation.Continue Reading

• fingernail storage

  Fingernail storage is a method of writing data onto a human fingernail using a pulsed laser. The fluorescence of the nail, when exposed to ultraviolet (UV) light, is increased at points where data is written. Data can be read from the fingernail ...Continue Reading

• Learning guide: The five steps of baseline Bluetooth security

  In this five step Learning Guide, you will learn the Bluetooth security basics, including how to protect against a Bluetooth hack or virus, how to disable Bluetooth and how to secure Bluetooth devices in the enterprise.Continue Reading

• Blowfish

  Blowfish is an encryption algorithm that can be used as a replacement for the DES or IDEA algorithms.Continue Reading

• Introduction to SNMPv3's security functionality

  While SNMP is well established, inherent security gaps were only closed in the latest version of the network protocol, as explained here.Continue Reading

• signature file

  A signature file is a short text file you create for use as a standard appendage at the end of your e-mail notes or Usenet messages.Continue Reading

• Content Scrambling System (CSS)

  Content Scrambling System (CSS) is a data encryption and authentication method used to protect digital versatile disk (DVD) movies from being illegally copied, distributed, and viewed from other devices, such as computer hard drives.Continue Reading

• one-time pad

  In cryptography, a one-time pad is a system in which a private key generated randomly is used only once to encrypt a message that is then decrypted by the receiver using a matching one-time pad and key.Continue Reading

• virus hoax

  A virus hoax is a false warning about a computer virus.Continue Reading

• cable modem

  A cable modem is a device that enables you to hook up your PC to a local cable TV line and receive data at about 1.5 Mbps.Continue Reading

• Kermit

  Kermit is a popular file transfer and management protocol and suite of communications software programs with advantages over existing Internet protocols such as File Transfer Protocol and Telnet.Continue Reading

• probe

  In telecommunications generally, a probe is an action taken or an object used for the purpose of learning something about the state of the network.Continue Reading

• vandal

  A vandal is an executable file, usually an applet or an ActiveX control, associated with a Web page that is designed to be harmful, malicious, or at the very least inconvenient to the user.Continue Reading

• International Data Encryption Algorithm (IDEA)

  IDEA (International Data Encryption Algorithm) is an encryption algorithm developed at ETH in Zurich, Switzerland.Continue Reading

• Melissa virus

  Melissa is a fast-spreading macro virus that is distributed as an e-mail attachment that, when opened, disables a number of safeguards in Word 97 or Word 2000, and, if the user has the Microsoft Outlook e-mail program, causes the virus to be resent ...Continue Reading

• ROT-13

  ROT-13 is the encrypting of a message by exchanging each of the letters on the first half of the alphabet with the corresponding letter in the second half of the alphabet (that is, swapping positions by 13 characters).Continue Reading

• jolt

  On the Internet, jolt is a denial of service (DoS) attack caused by a very large ICMP packet that is fragmented in such a way that the targeted machine is unable to reassemble it for use.Continue Reading

• An introduction to SSH2

  Learn about the differences between SSH1 and SSH2 and why you should consider upgrading.Continue Reading

• Simplify with SIM: Evaluating security information management systems

  Security information management tools are key to refining the deluge of raw data in an enterprise network into actionable intelligence. Expert Joel Snyder discusses.Continue Reading

• Password security issues: How enterprise single sign-on can help

  Learn how the U.S. Postal Service has reduced password security issues and improved productivity by leveraging enterprise single sign-on.Continue Reading

• Honeynet security consoles and honeypot legal issues

  Find out more about the honeypot legal issues in this excerpt from "Know your enemy: Learning about security threats."Continue Reading

• Firewall and system logs: Using log file analysis for defense

  Log analysis is the most under-appreciated, unsexy aspect of infosecurity, yet Marcus Ranum says it's one of the most important.Continue Reading

• Four steps to ensure security deployment success

  Security deployment will go smoother if enterprises step back, ask questions, involve everyone and lower expectations.Continue Reading

• Improve security intelligence with security information sharing

  Security information sharing with fellow security intelligence specialists can help enterprises learn about risks out and the methods that fight them.Continue Reading

• Frank Abagnale preaches the dangers of hacking

  A penitent Frank Abagnale Jr. shuns white-collar crime and fraud, and helps others understand how to guard against the dangers of hacking.Continue Reading

• Opinion: It's time to teach the consequences of hacking

  Hacking is becoming a national concern at the hands of high school students. Learn why it's time to teach kids about the dangers -- and consequences -- of hacking.Continue Reading

• Do's and don'ts of building a forensics workstation

  Elizabeth Genco explains the pros and cons of building a forensics workstation from scratch. Read now to learn what forensic tools are beneficial and which ones aren't.Continue Reading

• Four computer forensics books worth investigating

  Check out four computer forensics books that can help you learn the ins and outs of computer forensics technology and laws in place to manage cybercrime.Continue Reading

• Information security professional: What's in a name?

  Uncover the new faces of information security and explore how the industry is changing and adapting to a surge of high-tech, computer savvy information security professionals.Continue Reading

• ISO 17799 implementation: Do your homework first

  While ISO 17799 implementation aims to provide security best practices by outlining sets of expectations and processes for protecting data, it leaves many yearning for more.Continue Reading

• Automate security with GUI shell and command line scripts

  JP Vossen explains how Windows command line scripts and the GUI shell can be used to improve security.Continue Reading

• Four steps to sound security vulnerability management

  If you're bedeviled by swarms of alerts, you can take control by practicing good security vulnerability management with these four steps.Continue Reading

• How network forensics analysis tools turn admins into detectives

  Network traffic capture, sophisticated analysis and forensics capabilities make network forensics analysis tools useful in making security assumptions and allocating resources.Continue Reading

• Introduction: How to strengthen authentication procedures

  A discussion of strong authentication procedures.Continue Reading