Security and IT Glossary

A technique to restrict access to authorized users only

The framework for validating, authorizing, maintaining, monitoring, and revoking accesses

A device for bridging two networks

Inputs credentials into systems, websites, end servers, and applications without revealing those credentials to the user

A directory service created by Microsoft; a database of resources

Tools that detect and monitor unauthorized/malicious activities on a system

A standardized, symmetric encryption algorithm for protecting sensitive data

A sequential record of operational events

The action or process of validating an identity, usually that of a user or process requesting access

The action or process (often succeeding authentication) of granting access or empowering a user or process to do something

The quality of data being available to authorized users, especially when the data is most vulnerable (e.g. during a power outage, hardware failure, or cyberattack)

A hidden access for circumventing security mechanisms (such as authentication)

Biological characteristics used to identify an individual; in computer science, biometrics can be used during authentication

An IT security team that establishes, maintains, and proactively defends an organization's security posture

A method of storing and accessing various resources in a remote data center via the Internet (versus storing and accessing resources self-hosted)

A small piece of data, which a web server may leave on a user's web browser, that can be retrieved during a future browsing session to identify the user

A deleterious error in computing (sometimes maliciously generated) that alters data

(in cybersecurity) the systematic process of comparing the pros and cons of a security investment

(in Remote Desktop Manager) lets a user check out credentials for a session from RDM directly on the entry itself

(in session management) the secure, direct input of credentials into a remote session without revealing them to the user

Malware used to perpetrate financial crimes

The quality of being compatible with many (at least two) computing platforms

A symmetric encryption algorithm, fundamental in the development of cryptography; as a standard, DES was made obsolete in 2005 and superseded by AES, but is still widely used

Evaluating patterns, relationships, and anomalies in data to produce new data

A collection of data stored electronically

(in software) the purpose for which a program or program exists (on the Internet) a group of addresses in a network

Attacking a domain by taking control of its DNS server and changing the domain's registration

A unique address that identifies the location, host server, and purpose of an organization or other entity

The Internet's system for translating an alphabetic domain name into a numeric IP address

The conversion of plaintext into ciphertext to safeguard the confidentiality of data during storage or transfer

The standard for transferring files over a network

A software or hardware filter that monitors, controls, and restricts incoming and outbound traffic; a network barrier that prevents unauthorized access

The dispersed storage of data, as opposed to contiguous storage

A node (entrance) in a network to connect multiple networks

The process of increasing security and minimizing vulnerabilities in a system

Professionals who provide technical support in software, hardware, and computer systems

A decoy system used to attract cybercriminals, detect their attacks, and study their methods

A filter for requests between a user and a server; this filter alters the details of requests to increase the anonymity of the user, and prevents unauthorized data from being downloaded on the user's end or uploaded/deleted on the server's end

HTTP encrypted with SSL/TLS protocol to ensure the secure transfer of data over a network

A standard markup language for formatting content displayed on the Web

A protocol enabling users to request hypertext documents from a server, and for the server to answer those requests

Digital information representing a physical or abstract entity, such as a person, device, organization, or application

A system for authenticating and empowering users or non-human identities to seamlessly access the resources necessary to carry out their responsibilities according to the principle of least privilege

A disruptive event in a software or hardware system due to an operational failure or security compromise

A copy of data that is only made if the data has been alternated since the last backup

An Internet Protocol (IP) address is a unique 32-bit integer identifying a hardware device that connects to a network

The administration (often offered as a service) of software, hardware, and cloud resources to ensure compliance, monitor usage, maintain proper licensing, and support other IT functions, all according to ISO 19770 standards

An individual having the skills, knowledge, and education to execute one or more of the following activities for an organization:

• maintain, manage, and secure systems and databases
• create and develop software and applications
• test, build, install, and maintain software, hardware, network systems, and IT infrastructure
• provide technical support

The principle of granting users only the amount of access needed to carry out their responsibilities

An open protocol for authentication and access to a central directory

An incorrect entry of credentials, often signalizing suspicious activity

A unique 48-bit (sometimes 64-bit) hexadecimal address identifying a hardware device by its network interface controller (NIC)

Malicious software; a generic term for software designed to execute harmful and/or disruptive attacks on a server, network, or computer

A specialized Managed Service Provider (MSP) that remotely manages and monitors the cybersecurity systems of its clients

An outsourced third-party organization that remotely manages the IT systems of its clients

Access privilege to sensitive resources, classed by labeled clearance levels, regulated by administrators of an operating system

The consolidation of multiple private IP address on a network into a single publicly routed IP address

A visual representation (“map”) of connections on a network

A system that audits traffic on a network to detect malicious activity

Connecting to a network anonymously (without credentials) to inspect resources, possibly to gather data for malicious purposes

An eight-bit byte

Data stored remotely

The ability to access data without being connected to the source

Data stored on-site

Encrypting plaintext into cipher text and storing the text scrambled, which cannot be unscrambled even if the cipher key is known; the only way to make a match between the plaintext and cipher text is by guessing

A protocol for routing packets: draws paths from link state information, evaluates obstacles, and determines which path is the shortest to route the packet by

A conceptual model, comprising seven abstraction layers, for developing telecommunication systems; developing a system after this model helps support the system's compatibility with other systems

A section of data that has been divided into several pieces for easier transfer, and which is later reassembled with its counterparts to form a whole

A communications network allowing packets to be routed separately to a single destination

A method of authenticating plaintext credential, considered vulnerable when used in Point-to-Point Protocol (PPP) connections

The act or process of ascertaining a password by various means

The process of storing and accessing credentials securely

A software application for vaulting, managing, governing, and sharing credentials and other sensitive data in an encrypted database

Harvesting passwords by means of software that scans traffic on a network

A digital repository for securely storing credentials in password managers and privileged access management (PAM) systems

Ethically attacking an organization's security posture to identify vulnerabilities

Firewalls installed on a personal computer (PC)

A scam campaign which deceives a victim into disclosing sensitive information in response to an email crafted to appear trustworthy

A cyberattack in which the attacker sends a malicious packet of data intended to cause a computer failure

A type of digital echolocation method of detecting hosts on a network

Unencrypted or decrypted alphanumeric words and messages

A protocol for linking two systems together directly

A protocol for establishing a virtual private network (VPN) as an extension of a network

The authority to make administrative or elevated changes to a network or computer, and to see sensitive information

Securing, controlling, managing, and monitoring privileged access to critical assets in a database, PAM system, or other system

A temporary privileged access to critical assets

A PAM tool for controlling, managing, and monitoring sessions in which critical assets in a database, PAM system, or other system are accessed

A formally standardized or widely accepted set of rules or procedures for formatting, exchanging, and transmitting data between devices

A system that intermediates between a client and a server as a protection layer

Uses a pair of cryptographic keys, a public and private key: either the key used to encrypt the data is public, and the key used to decrypt the data is private, or vice versa

Malware designed to hold sensitive data or a system “ransom” in exchange for money

Organizing and securely sharing remote connections among users

A remote access to a computer system to support its functions

A remote connection to a computer system to work with it

A network communications protocol owned and developed by Microsoft

A service offered by MSPs (managed IT services providers) that employs a discreet identifying agent to transmit information from a client’s endpoint back to the MSP and run remotely conducted activities such as network and device health monitoring and automated maintenance

Remotely supervising network traffic, usually with tools programmed to detect and collect specific data

A protocol that a computer or device can use to determine its own IP address

(in computing) analyzing completed code to understand how each portion contributes to the final script, the form and function of the product, system, or application

Any factor that exposes software, hardware, systems, networks, or any organizational infrastructure to harm or loss, either malicious or accidental

(often used in decision-making) an evaluation of risks and viable solutions to mitigate those risks

A hierarchy of permissions determining how much or how little a user can do according to their role (function) in an organization

Assigning roles to users according to their function in an organization

A protocol employing cryptographic techniques to establish a secure connection between a client and a server

Software, hardware, and/or services that collect, monitor, and analyze events and security-related data in real time across multiple systems in order to detect threats and vulnerabilities

A document that outlines an organization's security practices

Administrating a personal server to host and run applications or websites

A broad term for any data that must be safeguarded from unauthorized access

A computer or system that listens for client requests and responds with a service

A temporary connection between two computers or systems wherein they exchange information

A temporary cryptographic key for accessing and protecting a session

The interface for a user to interact with an operating system

An algorithm embedded into a message for validating its authenticity

A method of accessing multiple resources with only one set of credentials

Manipulating a person or group of people through social and psychological interplay, exploiting empathy, curiosity, and other human weaknesses to achieve an unethical end

Instructions (stored and executed by hardware) for running tasks on and operating a computer

Tools and processes used in software development and IT operations to track, test, and control changes to software

Unwarranted electronic messages, often sent in bulk

Inserting malicious SQL code into queries destined for a backend database to alter, expose, or retrieve data in that database

A predefined, unchanging route for network communication

A cross-platform protocol for sending messages (logs) to a server

An IT professional who manages computer systems

A protocol for interfacing terminal devices and process, and to facilitate terminal-terminal communication, and process-process communication

An action or situation that exposes an information system to harm

A communication standard for establishing and maintaining a two-way delivery stream of octets between two endpoints on a shared network

A set of communication protocols, often built into computers, for transmitting data across the Internet and other networks

Well-disguised malware that appears legitimate

A private network route for transferring encapsulated data packets across a network

Verifying credentials in two steps or layers for added security

A person who operates a computer or network system outside of its development

A pre-determined strategy for operating and supporting IT systems when those systems become unavailable

A standardized method for delivering time-sensitive data over a network without establishing a connection between two hosts

A digital location for securely storing sensitive data

An emulation of a computer system, created by a physical computer system, run by software rather than hardware

A remote connection between two computers over a network allowing one computer to control the other with a graphic interface visualizing mouse and keyboard inputs

An encrypted private connection on a public network

Infectious malware which can replicate itself and execute its code into legitimate programs

A voice network filter that monitors, controls, and restricts dialled calls deemed fraudulent

(in cryptography) an informal network of human participants connected by either direct or indirect trust to authenticate one another's identities and endorse their cryptographic keys

A hardware and software system that listens for client requests and responds with a service using HTTP over the Internet

(during data transfer) when a receiving system alerts the sending system that the capacity (window size) for processing data has been reached

Software for Windows that stores and analyzes information about packets passing through a network

Eavesdropping on telephone or Internet communications either for malicious purposes or criminal investigation

Infectious malware which can replicate itself and operate independently

A new or recently discovered security vulnerability in a computer system or program

A fundamental security concept which proposes that no person or computer should be trusted without authentication

A cyberattack on a security vulnerability that is discovered by the attacker before the developer of the system or program

An encryption process in which the service provider never has access to the user's unencrypted data; the server stores only the user's encrypted data, and at no time has access to the encryption key or unencrypted data: only the user who has the key can decrypt the data