Glossary

Systems to secure, control, and monitor access to an organization's critical information and resources

Payment Card Industry Data Security Standard, a set of security standards for organizations handling credit card information

Information that can be used to identify, contact, or locate a single person

A category of cloud computing services that provides a platform allowing customers to develop, run, and manage applications

A software update designed to address security vulnerabilities and other bugs

The process of updating software to fix or improve it, often to address security vulnerabilities

An authorized simulated attack on a computer system to evaluate the security of the system

A cybercrime in which a target is contacted by email, telephone, or text message by someone posing as a legitimate institution

Cloud infrastructure operated solely for a single organization

Cloud services offered to multiple customers by a cloud provider

The science of exploiting quantum mechanical properties to perform cryptographic tasks

A method of regulating access to computer or network resources based on the roles of individual users within an organization

A proprietary protocol developed by Microsoft that allows users to remotely connect to another computer

A type of malicious software that blocks access to a computer system until a sum of money is paid

The maximum targeted period in which data might be lost due to a disaster

The targeted duration of time within which a business process must be restored after a disaster

A group of security professionals authorized to test the effectiveness of a security program by emulating the tools and techniques of likely attackers

The identification, evaluation, and estimation of the levels of risks involved in a situation

A collection of computer software designed to enable unauthorized access to areas of the software not intended for anyone other than the system administrator

A networking device that forwards data packets between computer networks

A standard for public key encryption and signing of MIME data

A system of software and hardware elements that allows industrial organizations to control industrial processes

An approach to security management that combines SIM (security information management) and SEM (security event management)

A code injection technique used to attack data-driven applications

A cryptographic network protocol for operating network services securely over an unsecured network

Cryptographic protocols designed to provide secure communication over a computer network

A software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted

The practice of developing computer software in a way that guards against the accidental introduction of security vulnerabilities

A systematic evaluation of the security of a company's information system

A computer program or device that provides functionality for other programs or devices, called clients

Hardware or software within an enterprise that is not supported by the organization's central IT department

Psychological manipulation of people into divulging confidential information

Unsolicited messages sent over the Internet, typically to a large number of users, for advertising, phishing, or malware spreading

Software that enables a user to obtain covert information about another's computer activities

An attack that targets less-secure elements in the supply network

A potential danger that might exploit a vulnerability to breach security

A type of malware that disguises itself as legitimate software

A security process in which users provide two different authentication factors

A reference to a web resource that specifies its location on a computer network

A service that creates a safe, encrypted connection over a less secure network

A technology that allows voice calls to be made over the internet

A weakness in a system that can be exploited by a cyber attacker

A firewall that filters, monitors, and blocks HTTP traffic to and from a web application

A type of phishing attack that targets high-profile employees such as C-level executives

A computer security specialist who breaks into protected systems to test and assess their security

A wireless networking technology that allows devices to interface with the internet

A standalone malware computer program that replicates itself to spread to other computers

A type of security vulnerability found in web applications

A security model that requires strict identity verification for every person and device trying to access resources on a private network

An attack that exploits a previously unknown vulnerability in software or hardware

A computer connected to the internet that has been compromised by a hacker and can be used to perform malicious tasks