Information Security Definitions
This glossary explains the meaning of key words and phrases that information technology (IT) and business professionals use when discussing IT security and related software products. You can find additional definitions by visiting WhatIs.com or using the search box below.
-
A
AAA server (authentication, authorization and accounting)
An AAA server is a server program that handles user requests for access to computer resources and, for an enterprise, provides authentication, authorization and accounting (AAA) services.
-
access control
Access control is a security technique that regulates who or what can view or use resources in a computing environment.
-
access log
An access log is a list of all requests for individual files -- such as Hypertext Markup Language files, their embedded graphic images and other associated files that get transmitted -- that people or bots have made from a website.
-
address space layout randomization (ASLR)
Address space layout randomization (ASLR) is a memory-protection process for operating systems (OSes) that guards against buffer-overflow attacks by randomizing the location where system executables are loaded into memory.
-
Advanced Encryption Standard (AES)
The Advanced Encryption Standard (AES) is a symmetric block cipher chosen by the U.S. government to protect classified information.
-
advanced persistent threat (APT)
An advanced persistent threat (APT) is a prolonged and targeted cyber attack in which an intruder gains access to a network and remains undetected for an extended period.
-
adware
Adware is any software application in which an advertising banner or other advertising material displays or downloads while a program is running.
-
alternate data stream (ADS)
An alternate data stream (ADS) is a feature of Windows New Technology File System (NTFS) that contains metadata for locating a specific file by author or title.
-
Android System WebView
Android System WebView is a system component for the Android operating system (OS) that allows Android apps to display web content directly inside an application.
-
anti-money laundering software (AML)
Anti-laundering software is a type of computer program used by financial institutions to analyze customer data and detect suspicious transactions... (Continued)
-
antimalware (anti-malware)
Antimalware is a type of software program created to protect IT systems and individual computers from malicious software, or malware.
-
antispoofing
Antispoofing is a technique for identifying and dropping packets that have a false source address.
-
antivirus software (antivirus program)
Antivirus software (antivirus program) is a security program designed to prevent, detect, search and remove viruses and other types of malware from computers, networks and other devices.
-
application blacklisting (application blocklisting)
Application blacklisting --increasingly called application blocklisting -- is a network or computer administration practice used to prevent the execution of undesirable software programs.
-
application whitelisting
Application whitelisting is the practice of specifying an index of approved software applications or executable files that are permitted to be present and active on a computer system.
-
asymmetric cryptography
Asymmetric cryptography, also known as public key cryptography, is a process that uses a pair of related keys -- one public key and one private key -- to encrypt and decrypt a message and protect it from unauthorized access or use.
-
attack vector
An attack vector is a path or means by which an attacker or hacker can gain access to a computer or network server in order to deliver a payload or malicious outcome.
-
Australian Assistance and Access Bill
The Australian Assistance and Access Bill is legislation introduced and passed in 2018 by the Parliament of Australia to support law enforcement and security agencies in their ability to collect evidence from electronic devices.
-
authentication
Authentication is the process of determining whether someone or something is who or what they say they are.
-
authentication factor
An authentication factor is a category of credential that is intended to verify, sometimes in combination with other factors, that an entity involved in some kind of communication or requesting access to some system is who, or what, they are declared to be.
-
authentication server
An authentication server is an application that facilitates the authentication of an entity that attempts to access a network.
-
authentication, authorization and accounting (AAA)
Authentication, authorization and accounting (AAA) is a security framework for controlling and tracking user access within a computer network.
-
AWS CloudTrail
AWS CloudTrail is an application program interface (API) call-recording and log-monitoring service offered by Amazon Web Services (AWS).
-
B
backdoor (computing)
A backdoor attack is a means to access a computer system or encrypted data that bypasses the system's customary security mechanisms.
-
biometric authentication
Biometric authentication is a security process that relies on the unique biological characteristics of individuals to verify they are who they say they are.
-
biometric payment
Biometric payment is a point-of-sale (POS) technology that uses biometric authentication physical characteristics to identify the user and authorize the deduction of funds from a bank account.
-
biometric verification
Biometric verification is any means by which a person can be uniquely identified by evaluating one or more distinguishing biological traits.
-
biometrics
Biometrics is the measurement and statistical analysis of people's unique physical and behavioral characteristics.
-
BIOS rootkit
A BIOS-level rootkit is programming that exists in a system's memory hardware to enable remote administration. Because the rootkit lives in the computer’s BIOS (basic input/output system), it persists not only through attempts to reflash the BIOS but also through hard drive erasure or replacement.
-
BIOS rootkit attack
A BIOS-level rootkit attack, also known as a persistent BIOS attack, is an exploit in which the BIOS is flashed (updated) with malicious code. A BIOS rootkit is programming that enables remote administration.
-
black hat hacker
A black hat hacker has been historically used to describe one who has malicious intent -- such as theft of information, fraud or disrupting systems -- but increasingly, more specific terms are being used to describe those people.
-
blended threat
A blended threat is an exploit that combines elements of multiple types of malware and usually employs various attack vectors to increase the severity of damage and the speed of contagion.
-
block cipher
A block cipher is a method of encrypting data in blocks to produce ciphertext using a cryptographic key and algorithm.
-
Blowfish
Blowfish is a variable-length, symmetric, 64-bit block cipher.
-
botnet
A botnet is a collection of internet-connected devices, which may include personal computers (PCs), servers, mobile devices and internet of things (IoT) devices, that are infected and controlled by a common type of malware, often unbeknownst to their owner.
-
bridge
A bridge is a class of network device designed to connect networks at OSI Level 2, which is the data link layer of a local area network.
-
browser hijacker (browser hijacking)
A browser hijacker is a malware program that modifies web browser settings without the user's permission and redirects the user to websites the user had not intended to visit.
-
brute-force attack
A brute-force attack is a trial-and-error method used by application programs to decode login information and encryption keys to use them to gain unauthorized access to systems.
-
buffer overflow
A buffer overflow occurs when a program or process attempts to write more data to a fixed-length block of memory, or buffer, than the buffer is allocated to hold.
-
buffer underflow
A buffer underflow, also known as a buffer underrun or a buffer underwrite, is when the buffer -- the temporary holding space during data transfer -- is fed data at a lower rate than it is being read from.
-
BYOI (bring your own identity)
BYOI (bring your own identity) is an approach to digital authentication in which an end user's username and password are managed by a third party. BYOI is increasingly being used for website authentication.
-
C
cache poisoning
Cache poisoning is a type of cyber attack in which attackers insert fake information into a domain name system (DNS) cache or web cache for the purpose of harming users.
-
CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart)
A CAPTCHA is a type of challenge-response system designed to differentiate humans from robotic computer programs.
-
cardholder data (CD)
Cardholder data (CD) is any personally identifiable information (PII) associated with a person who has a credit or debit card.
-
cardholder data environment (CDE)
A cardholder data environment (CDE) is a computer system or networked group of IT systems that processes, stores or transmits cardholder data or sensitive payment authentication data.
-
certificate authority (CA)
A certificate authority (CA) is a trusted entity that issues Secure Sockets Layer (SSL) certificates.
-
certificate revocation list (CRL)
A certificate revocation list (CRL) is a list of digital certificates that have been revoked by the issuing Certificate Authority (CA) before their actual or assigned expiration date.
-
Certified Cloud Security Professional (CCSP)
Certified Cloud Security Professional (CCSP) is an International Information System Security Certification Consortium, or (ISC)2, certification that covers cloud-based cybersecurity best practices.
-
Certified Information Security Manager (CISM)
Certified Information Security Manager (CISM) is an advanced certification that indicates that an individual possesses the knowledge and experience required to develop and manage an enterprise information security (infosec) program.
-
Certified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) is a certification and globally recognized standard for appraising an IT auditor's knowledge, expertise and skill in assessing vulnerabilities and instituting IT controls in an enterprise environment.
-
Certified Information Systems Security Professional (CISSP)
Certified Information Systems Security Professional (CISSP) is an information security certification developed by the International Information Systems Security Certification Consortium, also known as (ISC)².
-
challenge-response authentication
In computer security, challenge-response authentication is a set of protocols used to protect digital assets and services from unauthorized users, programs or activities.
-
CHAP (Challenge-Handshake Authentication Protocol)
CHAP (Challenge-Handshake Authentication Protocol) is a challenge and response authentication method that Point-to-Point Protocol (PPP) servers use to verify the identity of a remote user.
-
checksum
A checksum is a value that represents the number of bits in a transmission message and is used by IT professionals to detect high-level errors within data transmissions.
-
Chernobyl virus
The Chernobyl virus is a computer virus with a potentially devastating payload that destroys all computer data when an infected file is executed.
-
chief risk officer (CRO)
The chief risk officer (CRO) is the corporate executive tasked with assessing and mitigating significant competitive, regulatory and technological threats to an enterprise's capital and earnings.
-
cipher
In cryptography, a cipher is an algorithm for encrypting and decrypting data.
-
cipher block chaining (CBC)
Cipher block chaining (CBC) is a mode of operation for a block cipher -- one in which a sequence of bits are encrypted as a single unit, or block, with a cipher key applied to the entire block.
-
ciphertext feedback (CFB)
In cryptography, ciphertext feedback (CFB), also known as cipher feedback, is a mode of operation for a block cipher.
-
CISO (chief information security officer)
The CISO (chief information security officer) is a senior-level executive responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats.
-
CISO as a service (vCISO, virtual CISO, fractional CISO)
A CISO as a service (CISOaaS) is the outsourcing of CISO (chief information security officer) and information security leadership responsibilities to a third-party provider.
-
claims-based identity
Claims-based identity is a means of authenticating an end user, application or device to another system in a way that abstracts the entity's specific information while providing data that authorizes it for appropriate and relevant interactions.
-
Class C2
Class C2 is a security rating established by the U.S. National Computer Security Center (NCSC) and granted to products that pass Department of Defense (DoD) Trusted Computer System Evaluation Criteria (TCSEC) tests.
-
click fraud (pay-per-click fraud)
Click fraud -- sometimes called 'pay-per-click fraud' -- is a type of fraud that artificially inflates traffic statistics for online advertisements.
-
cloaking
Cloaking is a technique where a different version of web content is returned to users than to the search engine crawlers.
-
Cloud Controls Matrix
The Cloud Controls Matrix is a baseline set of security controls created by the Cloud Security Alliance to help enterprises assess the risk associated with a cloud computing provider.
-
cloud security
Cloud security, also known as cloud computing security, is the practice of protecting cloud-based data, applications and infrastructure from cyberthreats and cyber attacks.
-
Cloud Security Alliance (CSA)
The Cloud Security Alliance (CSA) is a nonprofit organization that promotes research into best practices for securing cloud computing and the use of cloud technologies to secure other forms of computing.
-
cloud security architecture
Cloud security architecture is a security strategy designed around securing an organization's data and applications in the cloud.
-
cloud security posture management (CSPM)
Cloud security posture management (CSPM) is a market segment for IT security tools that are designed to identify misconfiguration issues and compliance risks in the cloud.
-
cloud workload protection
Cloud workload protection is the safeguarding of workloads spread out across multiple cloud environments. Businesses that use public and private clouds can use cloud workload protection platforms to help defend themselves against cyber attacks.
-
COBIT
COBIT is an IT governance framework for businesses wanting to implement, monitor and improve IT management best practices.
-
Common Body of Knowledge (CBK)
In security, the Common Body of Knowledge (CBK) is a comprehensive framework of all the relevant subjects a security professional should be familiar with, including skills, techniques and best practices.
-
Common Vulnerabilities and Exposures (CVE)
Common Vulnerabilities and Exposures (CVE) is a publicly listed catalog of known security threats.
-
Common Vulnerability Scoring System (CVSS)
The Common Vulnerability Scoring System (CVSS) is a public framework for rating the severity of security vulnerabilities in software.
-
Common Weakness Enumeration (CWE)
Common Weakness Enumeration (CWE) is a universal online dictionary of weaknesses that have been found in computer software... (Continued)
-
communications security (COMSEC)
Communications security (COMSEC) is the prevention of unauthorized access to telecommunications traffic or to any written information that is transmitted or transferred.
-
compliance as a service (CaaS)
Compliance as a service (CaaS) is a cloud service that specifies how a managed service provider (MSP) helps an organization meet its regulatory compliance mandates.
-
computer cracker
A computer cracker is an outdated term used to describe someone who broke into computer systems, bypassed passwords or licenses in computer programs, or in other ways intentionally breached computer security.
-
computer exploit
A computer exploit, or exploit, is an attack on a computer system, especially one that takes advantage of a particular vulnerability the system offers to intruders.
-
computer forensics (cyber forensics)
Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law.
-
Computer Fraud and Abuse Act (CFAA)
The Computer Fraud and Abuse Act (CFAA) of 1986 is United States legislation that imposes criminal penalties on individuals who intentionally access a protected computer without proper authorization or whose access exceeds their authorization.
-
computer worm
A computer worm is a type of malware whose primary function is to self-replicate and infect other computers while remaining active on infected systems.
-
content filtering
Content filtering is a process involving the use of software or hardware to screen and/or restrict access to objectionable email, webpages, executables and other suspicious items.
-
continuous authentication
Continuous authentication is a method of verification aimed at providing identity confirmation and cybersecurity protection on an ongoing basis.
-
cookie poisoning
Cookie poisoning is a type of cyber attack in which a bad actor hijacks, forges, alters or manipulates a cookie to gain unauthorized access to a user's account, open a new account in the user's name or steal the user's information for purposes such as identity theft.
-
copyright
Copyright is a legal term describing ownership of control of the rights to the use and distribution of certain works of creative expression, including books, video, motion pictures, musical compositions and computer programs.
-
corporate governance
Corporate governance is the combination of rules, processes and laws by which businesses are operated, regulated and controlled.
-
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is an encryption protocol based on the U.S. federal government's Advanced Encryption Standard (AES) algorithm and uses the Counter Mode with CBC-MAC (CCM) mode of operation.
-
credential theft
Credential theft is a type of cybercrime that involves stealing a victim's proof of identity.
-
cross-site scripting (XSS)
Cross-site scripting (XSS) is a type of injection attack in which a threat actor inserts data, such as a malicious script, into content from otherwise trusted websites.
-
cryptanalysis
Cryptanalysis is the study of ciphertext, ciphers and cryptosystems to understand how they work and to find and improve techniques for defeating or weakening them.
-
crypto wallet (cryptocurrency wallet)
A crypto wallet (cryptocurrency wallet) is software or hardware that enables users to store and use cryptocurrency.
-
cryptographic checksum
Generated by a cryptographic algorithm, a cryptographic checksum is a mathematical value assigned to a file sent through a network for verifying that the data contained in that file is unchanged.
-
cryptographic nonce
A nonce is a random or semi-random number that is generated for a specific use.
-
cryptography
Cryptography is a method of protecting information and communications using codes, so that only those for whom the information is intended can read and process it.
-
cryptology
Cryptology is the mathematics, such as number theory and the application of formulas and algorithms, that underpin cryptography and cryptanalysis.
-
cryptosystem
A cryptosystem is a structure or scheme consisting of a set of algorithms that converts plaintext to ciphertext to encode or decode messages securely.
-
CSR (Certificate Signing Request)
A Certificate Signing Request (CSR) is a specially formatted encrypted message sent from a Secure Sockets Layer (SSL) digital certificate applicant to a certificate authority (CA).
-
CSSLP (Certified Secure Software Lifecycle Professional)
CSSLP (Certified Secure Software Lifecycle Professional) is a certification from ISC2 that focuses on application security within the software development lifecycle (SDLC).