Security and IT glossary
Access management
The framework for validating, authorizing, maintaining, monitoring, and revoking accesses
Account brokering
Inputs credentials into systems, websites, end servers, and applications without revealing those credentials to the user
Advanced Encryption Standard (AES)
A standardized, symmetric encryption algorithm for protecting sensitive data
Authentication
The action or process of validating an identity, usually that of a user or process requesting access
Authorization
The action or process (often succeeding authentication) of granting access or empowering a user or process to do something
Availability
The quality of data being available to authorized users, especially when the data is most vulnerable (e.g. during a power outage, hardware failure, or cyberattack)
Biometrics
Biological characteristics used to identify an individual; in computer science, biometrics can be used during authentication
Blue team
An IT security team that establishes, maintains, and proactively defends an organization's security posture
Cloud computing
A method of storing and accessing various resources in a remote data center via the Internet (versus storing and accessing resources self-hosted)
Cookie
A small piece of data, which a web server may leave on a user's web browser, that can be retrieved during a future browsing session to identify the user
Cost benefit analysis
(in cybersecurity) the systematic process of comparing the pros and cons of a security investment
Credential brokering
(in Remote Desktop Manager) lets a user check out credentials for a session from RDM directly on the entry itself
Credential injection
(in session management) the secure, direct input of credentials into a remote session without revealing them to the user
Data Encryption Standard (DES)
A symmetric encryption algorithm, fundamental in the development of cryptography; as a standard, DES was made obsolete in 2005 and superseded by AES, but is still widely used
Domain
(in software) the purpose for which a program or program exists (on the Internet) a group of addresses in a network
Domain hijacking
Attacking a domain by taking control of its DNS server and changing the domain's registration
Domain name
A unique address that identifies the location, host server, and purpose of an organization or other entity
Domain Name System (DNS)
The Internet's system for translating an alphabetic domain name into a numeric IP address
Encryption
The conversion of plaintext into ciphertext to safeguard the confidentiality of data during storage or transfer
Firewall
A software or hardware filter that monitors, controls, and restricts incoming and outbound traffic; a network barrier that prevents unauthorized access
Help desk technicians
Professionals who provide technical support in software, hardware, and computer systems
Honey pot
A decoy system used to attract cybercriminals, detect their attacks, and study their methods
HTTP Proxy
A filter for requests between a user and a server; this filter alters the details of requests to increase the anonymity of the user, and prevents unauthorized data from being downloaded on the user's end or uploaded/deleted on the server's end
Hypertext Markup Language (HTML)
A standard markup language for formatting content displayed on the Web
Hypertext Transfer Protocol (HTTP)
A protocol enabling users to request hypertext documents from a server, and for the server to answer those requests
Identity
Digital information representing a physical or abstract entity, such as a person, device, organization, or application
Identity and Access Management (IAM)
A system for authenticating and empowering users or non-human identities to seamlessly access the resources necessary to carry out their responsibilities according to the principle of least privilege
Incident
A disruptive event in a software or hardware system due to an operational failure or security compromise
Incremental backup
A copy of data that is only made if the data has been alternated since the last backup
IP address
An Internet Protocol (IP) address is a unique 32-bit integer identifying a hardware device that connects to a network
IT Asset Management (ITAM)
The administration (often offered as a service) of software, hardware, and cloud resources to ensure compliance, monitor usage, maintain proper licensing, and support other IT functions, all according to ISO 19770 standards
IT professional
An individual having the skills, knowledge, and education to execute one or more of the following activities for an organization:
- maintain, manage, and secure systems and databases
- create and develop software and applications
- test, build, install, and maintain software, hardware, network systems, and IT infrastructure
- provide technical support
Least privilege
The principle of granting users only the amount of access needed to carry out their responsibilities
Lightweight Directory Access Protocol (LDAP)
An open protocol for authentication and access to a central directory
MAC address
A unique 48-bit (sometimes 64-bit) hexadecimal address identifying a hardware device by its network interface controller (NIC)
Malware
Malicious software; a generic term for software designed to execute harmful and/or disruptive attacks on a server, network, or computer
Managed Security Service Provider (MSSP)
A specialized Managed Service Provider (MSP) that remotely manages and monitors the cybersecurity systems of its clients
Managed Service Providers (MSPs)
An outsourced third-party organization that remotely manages the IT systems of its clients
Mandatory Access Control (MAC)
Access privilege to sensitive resources, classed by labeled clearance levels, regulated by administrators of an operating system
Network Access Translation (NAT)
The consolidation of multiple private IP address on a network into a single publicly routed IP address
Network-Based Intrusion Detection System (NIDS)
A system that audits traffic on a network to detect malicious activity
Null session
Connecting to a network anonymously (without credentials) to inspect resources, possibly to gather data for malicious purposes
One-way encryption
Encrypting plaintext into cipher text and storing the text scrambled, which cannot be unscrambled even if the cipher key is known; the only way to make a match between the plaintext and cipher text is by guessing
Open Shortest Path First (OSPF)
A protocol for routing packets: draws paths from link state information, evaluates obstacles, and determines which path is the shortest to route the packet by
Open Systems Interconnection (OSI)
A conceptual model, comprising seven abstraction layers, for developing telecommunication systems; developing a system after this model helps support the system's compatibility with other systems
Packet
A section of data that has been divided into several pieces for easier transfer, and which is later reassembled with its counterparts to form a whole
Packet switched network
A communications network allowing packets to be routed separately to a single destination
Password Authentication Protocol (PAP)
A method of authenticating plaintext credential, considered vulnerable when used in Point-to-Point Protocol (PPP) connections
Password manager
A software application for vaulting, managing, governing, and sharing credentials and other sensitive data in an encrypted database
Password vault
A digital repository for securely storing credentials in password managers and privileged access management (PAM) systems
Penetration testing
Ethically attacking an organization's security posture to identify vulnerabilities
Phishing
A scam campaign which deceives a victim into disclosing sensitive information in response to an email crafted to appear trustworthy
Ping of death
A cyberattack in which the attacker sends a malicious packet of data intended to cause a computer failure
Point-to-Point Tunneling Protocol (PPTP)
A protocol for establishing a virtual private network (VPN) as an extension of a network
Privileged access
The authority to make administrative or elevated changes to a network or computer, and to see sensitive information
Privileged Access Management (PAM)
Securing, controlling, managing, and monitoring privileged access to critical assets in a database, PAM system, or other system
Privileged Session Manager (PSM)
A PAM tool for controlling, managing, and monitoring sessions in which critical assets in a database, PAM system, or other system are accessed
Protocol
A formally standardized or widely accepted set of rules or procedures for formatting, exchanging, and transmitting data between devices
Public key encryption
Uses a pair of cryptographic keys, a public and private key: either the key used to encrypt the data is public, and the key used to decrypt the data is private, or vice versa
Remote Management and Monitoring (RMM)
A service offered by MSPs (managed IT services providers) that employs a discreet identifying agent to transmit information from a client’s endpoint back to the MSP and run remotely conducted activities such as network and device health monitoring and automated maintenance
Remote monitoring
Remotely supervising network traffic, usually with tools programmed to detect and collect specific data
Reverse Address Resolution Protocol (RARP)
A protocol that a computer or device can use to determine its own IP address
Reverse engineering
(in computing) analyzing completed code to understand how each portion contributes to the final script, the form and function of the product, system, or application
Risk
Any factor that exposes software, hardware, systems, networks, or any organizational infrastructure to harm or loss, either malicious or accidental
Risk assessment
(often used in decision-making) an evaluation of risks and viable solutions to mitigate those risks
Role based access control
A hierarchy of permissions determining how much or how little a user can do according to their role (function) in an organization
Secure Shell (SSH)
A protocol employing cryptographic techniques to establish a secure connection between a client and a server
Security Information and Event Management (SIEM)
Software, hardware, and/or services that collect, monitor, and analyze events and security-related data in real time across multiple systems in order to detect threats and vulnerabilities
Social engineering
Manipulating a person or group of people through social and psychological interplay, exploiting empathy, curiosity, and other human weaknesses to achieve an unethical end
Software
Instructions (stored and executed by hardware) for running tasks on and operating a computer
Software Change and Configuration Management (SCCM)
Tools and processes used in software development and IT operations to track, test, and control changes to software
SQL injection
Inserting malicious SQL code into queries destined for a backend database to alter, expose, or retrieve data in that database
TELNET
A protocol for interfacing terminal devices and process, and to facilitate terminal-terminal communication, and process-process communication
Transmission Control Protocol (TCP)
A communication standard for establishing and maintaining a two-way delivery stream of octets between two endpoints on a shared network
Transmission Control Protocol/Internet Protocol (TCP/IP)
A set of communication protocols, often built into computers, for transmitting data across the Internet and other networks
User contingency plan
A pre-determined strategy for operating and supporting IT systems when those systems become unavailable
User Datagram Protocol (UDP)
A standardized method for delivering time-sensitive data over a network without establishing a connection between two hosts
Virtual Machine (VM)
An emulation of a computer system, created by a physical computer system, run by software rather than hardware
Virtual Network Computing (VNC)
A remote connection between two computers over a network allowing one computer to control the other with a graphic interface visualizing mouse and keyboard inputs
Voice firewall
A voice network filter that monitors, controls, and restricts dialled calls deemed fraudulent
Web of Trust (WOT)
(in cryptography) an informal network of human participants connected by either direct or indirect trust to authenticate one another's identities and endorse their cryptographic keys
Web server
A hardware and software system that listens for client requests and responds with a service using HTTP over the Internet
Windowing
(during data transfer) when a receiving system alerts the sending system that the capacity (window size) for processing data has been reached
Windump
Software for Windows that stores and analyzes information about packets passing through a network
Wiretapping
Eavesdropping on telephone or Internet communications either for malicious purposes or criminal investigation
Zero trust principle
A fundamental security concept which proposes that no person or computer should be trusted without authentication