A process that regulates who or what can view or use resources, either physical (like IT assets) or virtual (like connections to networks, files, and data).
A form of spyware that displays advertising content on a user’s device and typically includes code that tracks browsing activity and other personal information, passing it on to a third party without the user’s knowledge or authorization.
Software that independently performs a function on behalf of the user, like retrieving information about goods and services, or analyzing data to identify trends.
A user acting with malicious intent to gain access to and compromise an information system.
The process of verifying the credentials of a user, device, or action, as well as the origin and integrity of data.
A hidden or disguised access point that bypasses an information system’s security measures, allowing hackers or other unauthorized users to enter.
A record of entities, such as users, IP addresses, or countries, that are blocked or denied privileges or access. Implementing these precise controls over who can gain entry to a network increases the chances of keeping out remote attackers.
A type of automated malware that performs or simulates human actions online. While some bots are used for legitimate purposes, like instant messaging or search engine indexing, bots can also be used to compromise data, take control of devices, and launch attacks.
A network of devices connected to the internet and compromised by malware, often without its users’ knowledge, used to transmit malware or spam, or to launch attacks. When bad actors have control of hundreds or thousands of devices, they can carry out attacks like sending spam or flooding a network as a denial of service.
A machine that researchers use to collect data about a particular botnet. They can be used benignly or maliciously, most often to redirect bots to machines designated to research them.
An incident that exposes data to an unauthorized party. Two-factor authentication helps prevent breaches by providing a secure second layer of defense, protecting the various types of accounts a user logs into, and offering authentication through a second device or mobile apps.
Bring Your Own Device (BYOD)
A policy permitting employees to carry personal devices into their work environment for business use.
A trial and error-based technique of decoding passwords or other encrypted data. Similar to the idea of a criminal attempting to break into a safe by attempting various possible combinations, a brute force attack exhaustively runs through all possible character combinations for a password.
Certificate Authority (CA)
An entity that issues digital certificates as part of a Public Key Infrastructure (PKI). Certificates issued by CAs verify the identity of the “issued-to” object to third-parties. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) rely on CA certificate verification when establishing secure communications.
Cloud Access Security Brokers (CASB)
Technology that acts as a gatekeeper between an organization’s on-site infrastructure and a cloud provider’s infrastructure, enforcing access control, auditing and monitoring, and data encryption. This allows the organization to broaden the reach of their security standards beyond their own infrastructure.
The practice of ensuring that information is disclosed only to authorized users, processes, and devices.
The strategy, policy, and standards that govern the safety of and operations across the internet. This includes but is not limited to reducing threats, detecting vulnerabilities, and responding to and recovering from incidents.
Data Loss Prevention (DLP)
Processes and procedures that prevent sensitive data from being sent beyond a secure boundary, like through email, instant messaging, or other applications.
Defense in Depth
An information security strategy that employs multiple layers of security to set barriers against failure.
Denial of Service (DoS)
An attack against a computer, network, or website in which bandwidth is flooded or resources are overloaded to the point that it is rendered unavailable to users. Can also be carried out by malicious code that simply shuts down resources.
Domain Hijacking / Spoofing
Manipulating a domain name in order to associate a legitimate, trusted URL with a malicious, imposter website, to phish and perpetrate other online scams. This is achieved by blocking access to the domain’s DNS server and replacing it with their own, but could be prevented by implementing multi-factor authentication.
Domain Name System (DNS)
The mechanism by which user-friendly domain names are converted into IP addresses, ensuring that users are routed to the correct site.
Electronic Prescriptions for Controlled Substances (EPCS)
A set of regulations that give medical practitioners the option of prescribing controlled substances electronically and allow pharmacies to receive, dispense, and archive this data. By authenticating prescribers before they issue the medications, these policies help to reduce fraud and abuse of controlled substances, and ensure that prescriptions are transmitted without alteration.
A security measure that uses an algorithm to convert plaintext to a format that is readable only to authorized users with a key to decipher it.
Any device that connects to a network and runs network-based applications, e.g., laptops, desktop computers, servers, and mobile devices.
An attack on a network that takes advantage of a vulnerability, compromising its integrity, availability, or confidentiality.
A set of tools used to take advantage of vulnerabilities in software and spread malware, which can be easily deployed by inexperienced attackers. Adobe Reader and Flash Player, as well as Java, are common targets.
Federal Information Processing Standard (FIPS)
U.S. government security standards for document processing, encryption algorithms, and other technology practices used by government agencies and adjacent contractors and vendors, issued and recognized by the National Institute of Standards and Technology (NIST).
A hardware- or software-based gateway that limits and protects the traffic coming into and out of a network. All data that enters or leaves a network must pass through a firewall, which analyzes the information and based on its security policy either grants or denies access.
A convention for transferring information to a server that is secured with encryption and/or authentication, often used on websites where users access classified information or make payments. URLs that begin with HTTPS, which additionally are designated by a padlock icon in the browser’s status bar, indicate the presence of this additional layer of security, and often users are asked to provide a password or other authentication method to access the site.
Identity as a Service. An authentication infrastructure that lives in the cloud.
The practice of protecting information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction, in order to provide confidentiality, integrity, and availability — having control of your information and trusting that those you’ve provided it to can keep it safe.
The assurance that information is only accessible or editable by authorized users. Methods used to ensure integrity include strict authentication practices, limiting access to data, and managing physical properties.
Intrusion Detection and Prevention System (IDPS)
A device that monitors network activities for malicious behavior, logs information, blocks or stops attempted intrusions, and reports it.
A series of letters, numbers, or symbols used to encode or decode encrypted data.
A policy of granting users or applications only the permissions necessary to perform their official duties. Limiting their amount of access decreases the chances of unauthorized activity and security breaches.
Software usually installed covertly, designed to compromise systems or data, invade privacy, or steal information without permission. Some examples of malware include adware, bots, keyloggers, Trojan horses, viruses, and worms.
An attack in which a hacker intercepts the communication between two sources, like a client and a server, and impersonates both parties to gain access to sensitive information. For example, a malicious router in a public location offering free wi-fi, or a fake website masquerading as legitimate in order to capture a user’s login credentials.
Learn more about “Man-in-the-Middle (MiTM)”
Managed Service Provider
An internet service provider that offers network security tools, like virus blocking, spam filtering, intrusion detection, firewalls, and VPN management, saving organizations money by outsourcing these functions.
Reducing the likelihood of a vulnerability being exploited, or lessening its impact after a breach.
Mobile Device Management (MDM)
The process of optimizing the function and security of mobile devices within an organization while protecting the organization’s network. One of the best known methods is BYOD, in which users provide a personal mobile device for business purposes.
Network Access Control (NAC)
Policies and procedures that govern what an individual or component can do on a network. In addition to granting access to trusted users and devices, it also monitors and regulates their activity on the network, and implements protections like firewalls, antivirus software, and spyware detection tools.
An update to an operating system, application, or other software, released by the manufacturer to repair an identified bug or vulnerability.
Payment Card Industry Data Security Standard (PCI DSS)
Policies and procedures for organizations that process, transmit, or store payment cardholder data that ensure it is protected and secured.
A security test that mimics real-world attacks in attempt to bypass or defeat an application, network, or system’s security features.
An attempt to deceive users and illegally acquire sensitive information by contacting them under the guise of a trusted source. Phishing typically employs emails or instant messages that appear to be legitimate, combined with imposter websites, to make bogus requests for personal details such as names, passwords, Social Security numbers, or financial credentials.
Point of Sale (POS)
The time when a retail transaction is completed. Because various retail situations call for customized software for devices like cash registers, scanners, touch screens, and cloud-based solutions, POS is a large target for breaches and malware. With two-factor authentication, POS vendors and other retail companies can add a second layer of security to their logins to keep unauthorized remote users out of their systems.
The ability to understand and control how others use your information, and the assurance that the confidentiality of and access to your information is protected.
A server acting as an intermediary between a user and the internet, accepting connections, making requests, and ensuring security.
Public Key Infrastructure (PKI)
A set of services that uses a public and private cryptographic key pair to allow users on an unsecured network to securely exchange data. Typically, this is composed of a certificate authority, which verifies users’ identities; a registration authority, approved by the certificate authority to issue certificates for specific uses; a certificate database, which stores requests and issues and revokes certificates; and a certificate store, which houses issued certificates and private keys.
A type of malware that locks a computer, encrypts documents, or otherwise prevents the user from accessing it, demanding a payment from the user in order to regain access.
The top-level directory in an operating system, or an account used for system administration that by default has access to all commands and files.
Tools that an attacker uses to crack a password or exploit a vulnerability in order to gain administrator-level access to a computer or network, designed to avoid detection and conceal the attacker’s activities.
A derogatory term for a person with limited knowledge of cybersecurity, motivated by mischief, who uses code or scripts developed by more experienced hackers to crack passwords and deface websites.
Secure Sockets Layer (SSL)
A communications protocol that uses a certificate’s paired public and private keys to establish encrypted connections to HTTP services.
Security Incident and Event Management (SIEM)
The process of monitoring, identifying, analyzing, and recording security incidents and events in real time, giving a comprehensive snapshot of an organization’s security status. This is implemented with some combination of software, systems, and appliances. A SIEM system generally includes six attributes: retention – storing data; dashboards – analyzing data; correlation – sorting data; alerting – activating protocols to alert users after data triggers certain responses; aggregation – gathering data from various sources, and consolidating it before archival or analysis; compliance – collecting data in accordance with organizational or government policies.
Simple Authentication Markup Language (SAML)
An open standard for providing SSO (Single Sign-On). Service providers defer authentication to an identity provider through the use of cryptographically signed messages passed back and forth by the user’s browser between the two entities.
Simple Certificate Enrollment Protocol (SCEP)
A method of issuing digital certificates from a certificate authority (CA) via automated HTTP response to properly formatted certificate requests.
Single Sign-On (SSO)
An authentication process that allows a user to enter one username and password to access multiple applications, eliminating re-authentication and reducing helpdesk requests to improve productivity, as well as minimizing phishing and improving compliance. Credentials are stored on a dedicated server that authenticates the user for all of the applications where they have been granted access, eliminating additional prompts between applications during the same session.
A method of monitoring and recording the flow of data between two communication points while not altering or otherwise disrupting it. Because of its passive nature, sniffing allows hackers to gain information directly, or assess the technical details of a network and plan for a future attack, while garnering less suspicion than a more overt approach.
Taking advantage of people’s tendency to trust others, this method of deception uses communication online or by phone to trick users into disclosing personal information such as passwords. Examples include sending an email under the guise of a legitimate institution and asking the user to reply to update or confirm their password, or providing a download to a file that appears to be benign but actually is malicious.
A program that installs on a user’s computer without their consent, often bundled with a legitimate application, that gathers personal data and relays that information to a third party. Some spyware monitors web browsing activity, while others record keystrokes to steal sensitive information.
An exploit in which an attacker inserts malicious SQL code into a database’s queries to manipulate data or gain access to resources.
An individual or group that acts, or has the power to, exploit a vulnerability or conduct other damaging activities.
The process of identifying or evaluating the types of vulnerabilities that an organization could be exposed to.
A physical tool or device that a user carries to authenticate their identity and authorize access to a network. Tokens are often in the form of a smart card, or embedded in an everyday object like a keyring.
Transport Layer Security (TLS)
A mechanism evolved from Secure Sockets Layer (SSL) for encrypting data communicated over a network to ensure no eavesdropping or tampering, used for web browsers, file transfers, VPN connections, instant messaging, and VoIP. TLS is composed of two layers: a record protocol, which provides a secure connection; and a handshake protocol, which allows the server and client to authenticate each other before exchanging any data.
A program that appears legitimate, but also contains malicious functions which when installed can access personal information, delete files, or possibly allow attackers to gain control of a computer remotely.
Verifying the authenticity of users and security of their devices before they connect to applications.
Two-Factor Authentication (2FA)
An additional way to verify a user’s identity before granting login access. When logging in, two-factor authentication requires the user to prove their identity in two different ways, for example:
Something you know (like a username and password)
Something you have (like a smartphone with an authentication app installed)
Something you are (like your fingerprint or retina scan)
There are many different methods of authentication, including via push notifications, SMS passcodes, phone calls, tokens and more.
Universal 2nd Factor (U2F)
U2F is a strong industry standard for two-factor authentication (2FA), created by the FIDO (Fast IDentity Online) Alliance. Using a U2F authenticator (a physical USB device) plugged into their laptop or desktop, users can tap it to complete 2FA.
The U2F device protects private keys with a tamper-proof component known as a secure element (SE), which can help mitigate the effects of phishing.
A known weakness in a system, application, network, or security procedures that leaves an organization vulnerable to exploitation or misuse.
Vulnerability Assessment (VA)
The evaluation of an information system or device to determine the strength of security measures, identify deficiencies, analyze data to estimate the effectiveness of new security measures, and verify the effectiveness of these measures after implementation.
A list of entities deemed trustworthy by a user or administrator and are granted access to specified privileges.
The day when a new vulnerability is reported or becomes general knowledge. A zero-day attack attempts to exploit this vulnerability on the same day, before the software developer is able to provide a patch.