InfoSec Glossary

A process that regulates who or what can view or use resources, either physical (like IT assets) or virtual (like connections to networks, files, and data).

The process of verifying the credentials of a user, device, or action, as well as the origin and integrity of data.

An incident that exposes data to an unauthorized party. Two-factor authentication helps prevent breaches by providing a secure second layer of defense, protecting the various types of accounts a user logs into, and offering authentication through a second device or mobile apps.

A policy permitting employees to carry personal devices into their work environment for business use.

A trial and error-based technique of decoding passwords or other encrypted data. Similar to the idea of a criminal attempting to break into a safe by attempting various possible combinations, a brute force attack exhaustively runs through all possible character combinations for a password.

An entity that issues digital certificates as part of a Public Key Infrastructure (PKI). Certificates issued by CAs verify the identity of the "issued-to" object to third-parties. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) rely on CA certificate verification when establishing secure communications.

Technology that acts as a gatekeeper between an organization’s on-site infrastructure and a cloud provider's infrastructure, enforcing access control, auditing and monitoring, and data encryption. This allows the organization to broaden the reach of their security standards beyond their own infrastructure.

The strategy, policy, and standards that govern the safety of and operations across the internet. This includes but is not limited to reducing threats, detecting vulnerabilities, and responding to and recovering from incidents.

An information security strategy that employs multiple layers of security to set barriers against failure.

The mechanism by which user-friendly domain names are converted into IP addresses, ensuring that users are routed to the correct site.

A security measure that uses an algorithm to convert plaintext to a format that is readable only to authorized users with a key to decipher it.

Any device that connects to a network and runs network-based applications, e.g., laptops, desktop computers, servers, and mobile devices.

An attack on a network that takes advantage of a vulnerability, compromising its integrity, availability, or confidentiality.

A set of tools used to take advantage of vulnerabilities in software and spread malware, which can be easily deployed by inexperienced attackers. Adobe Reader and Flash Player, as well as Java, are common targets.

U.S. government security standards for document processing, encryption algorithms, and other technology practices used by government agencies and adjacent contractors and vendors, issued and recognized by the National Institute of Standards and Technology (NIST).

A hardware- or software-based gateway that limits and protects the traffic coming into and out of a network. All data that enters or leaves a network must pass through a firewall, which analyzes the information and based on its security policy either grants or denies access.

An authentication infrastructure that lives in the cloud.

The practice of protecting information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction, in order to provide confidentiality, integrity, and availability — having control of your information and trusting that those you’ve provided it to can keep it safe.

A policy of granting users or applications only the permissions necessary to perform their official duties. Limiting their amount of access decreases the chances of unauthorized activity and security breaches.

Software usually installed covertly, designed to compromise systems or data, invade privacy, or steal information without permission. Some examples of malware include adware, bots, keyloggers, Trojan horses, viruses, and worms.

An attack in which a hacker intercepts the communication between two sources, like a client and a server, and impersonates both parties to gain access to sensitive information. For example, a malicious router in a public location offering free wi-fi, or a fake website masquerading as legitimate in order to capture a user’s login credentials.

An internet service provider that offers network security tools, like virus blocking, spam filtering, intrusion detection, firewalls, and VPN management, saving organizations money by outsourcing these functions.

The abbreviation for multi-factor authentication, MFA is the practice of adding multiple unique authentication methods to user identity verification at login. This security measure goes beyond a password to double- and triple-verify a user’s identity before they can access data.

Reducing the likelihood of a vulnerability being exploited, or lessening its impact after a breach.

The process of optimizing the function and security of mobile devices within an organization while protecting the organization’s network. One of the best known methods is BYOD, in which users provide a personal mobile device for business purposes.

Policies and procedures that govern what an individual or component can do on a network. In addition to granting access to trusted users and devices, it also monitors and regulates their activity on the network, and implements protections like firewalls, antivirus software, and spyware detection tools.

An update to an operating system, application, or other software, released by the manufacturer to repair an identified bug or vulnerability.

Policies and procedures for organizations that process, transmit or store payment cardholder data that ensure it is protected and secured.

A security test that mimics real-world attacks in attempt to bypass or defeat an application, network, or system’s security features.

An attempt to deceive users and illegally acquire sensitive information by contacting them under the guise of a trusted source. Phishing typically employs emails or instant messages that appear to be legitimate, combined with imposter websites, to make bogus requests for personal details such as names, passwords, Social Security numbers, or financial credentials.

The time when a retail transaction is completed. Because various retail situations call for customized software for devices like cash registers, scanners, touch screens, and cloud-based solutions, POS is a large target for breaches and malware. With two-factor authentication, POS vendors and other retail companies can add a second layer of security to their logins to keep unauthorized remote users out of their systems.

The ability to understand and control how others use your information, and the assurance that the confidentiality of and access to your information is protected.

A server acting as an intermediary between a user and the internet, accepting connections, making requests, and ensuring security.

A set of services that uses a public and private cryptographic key pair to allow users on an unsecured network to securely exchange data. Typically, this is composed of a certificate authority, which verifies users’ identities; a registration authority, approved by the certificate authority to issue certificates for specific uses; a certificate database, which stores requests and issues and revokes certificates; and a certificate store, which houses issued certificates and private keys.

A type of malware that locks a computer, encrypts documents, or otherwise prevents the user from accessing it, demanding a payment from the user in order to regain access.

A communications protocol that uses a certificate's paired public and private keys to establish encrypted connections to HTTP services.

The process of monitoring, identifying, analyzing, and recording security incidents and events in real time, giving a comprehensive snapshot of an organization’s security status. This is implemented with some combination of software, systems, and appliances. A SIEM system generally includes six attributes: retention - storing data; dashboards - analyzing data; correlation - sorting data; alerting - activating protocols to alert users after data triggers certain responses; aggregation - gathering data from various sources, and consolidating it before archival or analysis; compliance - collecting data in accordance with organizational or government policies.

An open standard for providing SSO (Single Sign-On). Service providers defer authentication to an identity provider through the use of cryptographically signed messages passed back and forth by the user's browser between the two entities.

A method of issuing digital certificates from a certificate authority (CA) via automated HTTP response to properly formatted certificate requests.

An authentication process that allows a user to enter one username and password to access multiple applications, eliminating re-authentication and reducing helpdesk requests to improve productivity, as well as minimizing phishing and improving compliance. Credentials are stored on a dedicated server that authenticates the user for all of the applications where they have been granted access, eliminating additional prompts between applications during the same session.

Taking advantage of people’s tendency to trust others, this method of deception uses communication online or by phone to trick users into disclosing personal information such as passwords. Examples include sending an email under the guise of a legitimate institution and asking the user to reply to update or confirm their password, or providing a download to a file that appears to be benign but actually is malicious.

An exploit in which an attacker inserts malicious SQL code into a database’s queries to manipulate data or gain access to resources.

The process of identifying or evaluating the types of vulnerabilities that an organization could be exposed to.

A physical tool or device that a user carries to authenticate their identity and authorize access to a network. Tokens are often in the form of a smart card, or embedded in an everyday object like a keyring.

A mechanism evolved from Secure Sockets Layer (SSL) for encrypting data communicated over a network to ensure no eavesdropping or tampering, used for web browsers, file transfers, VPN connections, instant messaging, and VoIP. TLS is composed of two layers: a record protocol, which provides a secure connection; and a handshake protocol, which allows the server and client to authenticate each other before exchanging any data.

Verifying the authenticity of users and security of their devices before they connect to applications.

An additional way to verify a user’s identity before granting login access. When logging in, two-factor authentication requires the user to prove their identity in two different ways, for example: Something you know (like a username and password) Something you have (like a smartphone with an authentication app installed) Something you are (like your fingerprint or retina scan) There are many different methods of authentication, including via push notifications, SMS passcodes, phone calls, tokens and more.

U2F is a strong industry standard for two-factor authentication (2FA), created by the FIDO (Fast IDentity Online) Alliance. Using a U2F authenticator (a physical USB device) plugged into their laptop or desktop, users can tap it to complete 2FA. The U2F device protects private keys with a tamper-proof component known as a secure element (SE), which can help mitigate the effects of phishing.

A known weakness in a system, application, network, or security procedures that leaves an organization vulnerable to exploitation or misuse.

The day when a new vulnerability is reported or becomes general knowledge. A zero-day attack attempts to exploit this vulnerability on the same day, before the software developer is able to provide a patch.