Glossary

The IT industry is full of acronyms and strange names that originated by the discoverer of the process or system. For example, “worm” was used for malicious software that burrows through the systems.

Regardless of your role in an organisation, this glossary of cyber security terms was compiled to make it easier to understand what people are talking about.

Below are common definitions of terms used in IT and the cyber security industry. 

a
  • access control - The means and mechanisms of managing access to and use of resources by users. There are three primary forms of access controlThe means and mechanisms of managing access to and use of resources by users. There are three primary forms of access control: DAC, MAC, and RBAC. DAC (Discretionary Access Control) manages access through the […]
  • anti-virus (anti-malware) - A security program designed to monitor a system for malicious softwareAny code written for the specific purpose of causing harm, disclosing information or otherwise violating the security or stability of a system. Malware includes a wide range of types of malicious programs including: virus, worm, Trojan horse, logic bomb, backdoor, Remote Access Trojan (RAT), rootkit, […]
  • antivirus software - A software program that monitors a computer system or network communications for known examples of malicious code and then attempts to remove or quarantine the offending items. (Also known as MalwareAny code written for the specific purpose of causing harm, disclosing information or otherwise violating the security or stability of a system. Malware includes a […]
  • APT (Advanced Persistent Threat) - A security breach that enables an attacker to gain access or control over a system for an extended period of time usually without the owner of the system being aware of the violation. Often an APTA security breach that enables an attacker to gain access or control over a system for an extended period of […]
  • asset  - Anything that is used in and is necessary to the completion of a business task. Assets include both tangible and intangible items such as equipment, software code, data, facilities, personnel, market value and public opinion.
  • authentication - The process of proving an individual is a claimed identity. AuthenticationThe process of proving an individual is a claimed identity. Authentication is the first element of the AAA services concept, which includes Authentication, Authorisation, and Accounting. Authentication occurs after the initial step of identification (i.e. claiming an identity). Authentication is accomplished by providing one or […]
  • authorisation - The security mechanism determining and enforcing what authenticated users are authorised to do within a computer system. The dominant forms of authorisationThe security mechanism determining and enforcing what authenticated users are authorised to do within a computer system. The dominant forms of authorisation are DAC, MAC and RBAC. DAC (Discretionary Access Control) manages access using […]
b
  • backing up - Creating a duplicate copy of data onto a separate physical storage device or online/cloud storage solution. A backup is the only insurance against data loss. With a backup, damaged or lost data files can be restored. Backups should be created on a regular, periodic basis such as daily. A common strategy is based on the […]
  • BCP (Business Continuity Planning) - A business management plan used to resolve issues that threaten core business tasks. (Also known as Business Continuity Management.) The goal of BCPA business management plan used to resolve issues that threaten core business tasks. (Also known as Business Continuity Management.) The goal of BCP is to prevent the failure of mission critical processes when […]
c
  • ciphertext - The unintelligible and seeming random form of data that is produced by the cryptographic function of encryption. CiphertextThe unintelligible and seeming random form of data that is produced by the cryptographic function of encryption. Ciphertext is produced by a symmetric algorithm when a data set is transformed by the encryption process using a selected key. […]
  • clickjacking - A malicious technique by which a victim is tricked into clicking on a URL, button or other screen object other than that intended by or perceived by the user. ClickjackingA malicious technique by which a victim is tricked into clicking on a URL, button or other screen object other than that intended by or perceived […]
  • cloud computing  - A means to offer computing services to the public or for internal use through remote services. Most cloud computing systems are based on remote virtualisation where the application or operating environment offered to customers is hosted on the cloud provider’s computer hardware. There are a wide range of cloud solutions including software applications (examples include […]
  • CND (Computer Network Defense) - The establishment of a security perimeterThe boundary of a network or private environment where specific security policies and rules are enforced. The systems and users within the security boundary are forced into compliance with local security rules while anything outside is not under such restrictions. The security perimeter prevents any interactions between outside entities and […]
  • cracker - The proper term to refer to an unauthorised attacker of computers, networks and technology instead of the misused term “hackerA person who has knowledge and skill in analysing program code or a computer system, modifying its functions or operations and altering its abilities and capabilities. A hacker may be ethical and authorised (the original definition) […]
  • critical infrastructure - The physical or virtual systems and assets that are vital to an organisation or country. If these systems are compromised, the result would be catastrophic. If an organisation’s mission critical processes are interrupted, this could result in the organisation ceasing to exist. If a country’s critical infrastructureThe physical or virtual systems and assets that are […]
  • cryptography - The application of mathematical processes on data-at-rest and data-in-transit to provide the security benefits of confidentiality, authenticationThe process of proving an individual is a claimed identity. Authentication is the first element of the AAA services concept, which includes Authentication, Authorisation, and Accounting. Authentication occurs after the initial step of identification (i.e. claiming an identity). Authentication […]
  • CVE (Common Vulnerabilities and Exposures) - An online database of attacks, exploits and compromises operated by the MITRE organisation for the benefit of the public. It includes any and all attacks and abuses known for any type of computer system or software product. Often new attacks and exploits are documented in a CVE long before a vendor admits to the issue […]
  • cyber ecosystem - The collection of computers, networks, communication pathways, software, data and users that comprise either a local private network or the world-wide Internet. It is the digital environment within which software operates and data is manipulated and exchanged.
  • cyber teams - Groups of professional or amateur penetration testing specialists who are tasked with evaluating and potentially improving the security stance of an organisation. Common cyber teamsGroups of professional or amateur penetration testing specialists who are tasked with evaluating and potentially improving the security stance of an organisation. Common cyber teams include the red, blue and purple/white […]
  • cyberattack - Any attempt to violate the security perimeterThe boundary of a network or private environment where specific security policies and rules are enforced. The systems and users within the security boundary are forced into compliance with local security rules while anything outside is not under such restrictions. The security perimeter prevents any interactions between outside entities […]
  • cyberespionage - The unethical act of violating the privacy and security of an organisation in order to leak data or disclose internal/private/confidential information. CyberespionageThe unethical act of violating the privacy and security of an organisation in order to leak data or disclose internal/private/confidential information. Cyberespionage can be performed by individuals, organisation or governments for the direct purpose […]
  • cybersecurity - The efforts to design, implement, and maintain security for an organisation’s network, which is connected to the Internet. It is a combination of logical/technical-, physical- and personnel-focused countermeasures, safeguards and security controls. An organisation’s cybersecurityThe efforts to design, implement, and maintain security for an organisation's network, which is connected to the Internet. It is a […]
d
  • data breach - The occurrence of disclosure of confidential information, access to confidential information, destruction of data assets or abusive use of a private IT environment. Generally, a data breachThe occurrence of disclosure of confidential information, access to confidential information, destruction of data assets or abusive use of a private IT environment. Generally, a data breach results in […]
  • data integrity - A security benefit that verifies data is unmodified and therefore original, complete and intact. Integrity is verified through the use of cryptographic hashing. A hashing algorithm generates a fixed length output known as a hash value, fingerprint or MAC (Message Authenticating Code), which is derived from the input data but which does not contain the […]
  • data mining - The activity of analysing and/or searching through data in order to find items of relevance, significance or value. The results of data miningThe activity of analysing and/or searching through data in order to find items of relevance, significance or value. The results of data mining are known as meta-data. Data mining can be a discovery […]
  • data theft - The act of intentionally stealing data. Data theftThe act of intentionally stealing data. Data theft can occur via data loss (physical theft) or data leakage (logical theft) event. Data loss occurs when a storage device is lost or stolen. Data leakage occurs when copies of data is possessed by unauthorised entities. can occur via data […]
  • DDoS (Distributed Denial of Service) Attack - An attack which attempts to block access to and use of a resource. It is a violation of availability. DDOSAn attack which attempts to block access to and use of a resource. It is a violation of availability. DDOS (or DDoS) is a variation of the DoS attack (see DOS) and can include flooding attacks, […]
  • decrypt - The act which transforms ciphertextThe unintelligible and seeming random form of data that is produced by the cryptographic function of encryption. Ciphertext is produced by a symmetric algorithm when a data set is transformed by the encryption process using a selected key. Ciphertext can converted back into its original form (i.e. plain text) by performing […]
  • digital certificate - A means by which to prove identity or provide authenticationThe process of proving an individual is a claimed identity. Authentication is the first element of the AAA services concept, which includes Authentication, Authorisation, and Accounting. Authentication occurs after the initial step of identification (i.e. claiming an identity). Authentication is accomplished by providing one or more […]
  • digital forensics - The means of gathering digital information to be used as evidence in a legal procedure. Digital forensicsThe means of gathering digital information to be used as evidence in a legal procedure. Digital forensics focuses on gathering, preserving and analysing the fragile and volatile data from a computer system and/or network. Computer data that is relevant […]
  • DLP (Data Loss Prevention) - A collection of security mechanisms which aim at preventing the occurrence of data loss and/or data leakage. Data loss occurs when a storage device is lost or stolen while data leakage occurs when copies of data is possessed by unauthorised entities. In both cases, data is accessible to those who should not have access. DLPA […]
  • DMZ (Demilitarized Zone) - A segment or subnet of a private network where resources are hosted and accessed by the general public from the Internet. The DMZA segment or subnet of a private network where resources are hosted and accessed by the general public from the Internet. The DMZ is isolated from the private network using a firewall and […]
  • DOS (Denial of Service) - An attack that attempts to block access to and use of a resource. It is a violation of availability. DOSAn attack that attempts to block access to and use of a resource. It is a violation of availability. DOS (or DoS) attacks include flooding attacks, connection exhaustion and resource demand. A flooding attack sends massive […]
  • drive-by download - A type of web-based attack that automatically occurs based on the simple act of visiting a malicious or compromised/poisoned Web site. A drive-by downloadA type of web-based attack that automatically occurs based on the simple act of visiting a malicious or compromised/poisoned Web site. A drive-by download is accomplished by taking advantage of the default […]
e
  • eavesdropping - The act of listening in on a transaction, communication, data transfer or conversation. EavesdroppingThe act of listening in on a transaction, communication, data transfer or conversation. Eavesdropping can be used to refer to both data packet capture on a network link (also known as sniffing or packet capture) and to audio recording using a microphone […]
  • encode - The act which transforms plaintext or cleartext (i.e. the original form of normal standard data) into ciphertextThe unintelligible and seeming random form of data that is produced by the cryptographic function of encryption. Ciphertext is produced by a symmetric algorithm when a data set is transformed by the encryption process using a selected key. Ciphertext […]
  • encryption key - The secret number value used by a symmetric encryption algorithm to control the encryption and decryption process. A key is a number defined by its length in binary digits. Generally, the longer the key length, the more security (i.e. defense against confidentiality breaches) it provides. The length of the key also determines the key space, […]
f
  • firewall - A security tool, which may be a hardware or software solution that is used to filter network traffic. A firewallA security tool, which may be a hardware or software solution that is used to filter network traffic. A firewall is based on an implicit deny stance where all traffic is blocked by default. Rules, filters […]
h
  • hacker - A person who has knowledge and skill in analysing program code or a computer system, modifying its functions or operations and altering its abilities and capabilities. A hackerA person who has knowledge and skill in analysing program code or a computer system, modifying its functions or operations and altering its abilities and capabilities. A hacker […]
  • hacktivism - Attackers who hack for a cause or belief rather than some form of personal gain. HacktivismAttackers who hack for a cause or belief rather than some form of personal gain. Hacktivism is often viewed by attackers as a form of protest or fighting for their perceived “right” or “justice.” However, it is still an illegal […]
  • honeypot - A trap or decoy for attackers. A honeypotA trap or decoy for attackers. A honeypot is used to distract attackers in order to prevent them from attacking actual production systems. It is a false system that is configured to look and function as a production system and is positioned where it would be encountered by […]
i
  • IaaS (Infrastructure-as-a-Service) - A type of cloud computing service where the provider offers the customer the ability to craft virtual networks within their computing environment. An IaaSA type of cloud computing service where the provider offers the customer the ability to craft virtual networks within their computing environment. An IaaS solution enables a customer to select which operating […]
  • identity cloning - A form of identity theft in which the attacker takes on the identity of a victim and then attempts to live and act as the stolen identity. Identity cloningA form of identity theft in which the attacker takes on the identity of a victim and then attempts to live and act as the stolen identity. […]
  • identity fraud - A form of identity theft in which a transaction, typically financial, is performed using the stolen identity of another individual. The fraud is due to the attacker impersonating someone else.
  • IDS (Intrusion Detection System) - A security tool that attempts to detect the presence of intruders or the occurrence of security violations in order to notify administrators, enable more detailed or focused logging or even trigger a response such as disconnecting a session or blocking an IP address. An IDSA security tool that attempts to detect the presence of intruders […]
  • information security policy - A written account of the security strategy and goals of an organisation. A security policy is usually comprised of standards, policies (or SOPs – Standard Operating Procedures) and guidelines. All hardware, software, facilities and personnel must abide by the terms of the security policy of an organisation. (Also known as security policy.)
  • insider threat - The likelihood or potential that an employee or another form of internal personnel may pose a risk to the stability or security of an organisation. An insider has both physical access and logical access (through their network logon credentials). These are the two types of access that an outside attacker must first gain before launching […]
  • IPS (Intrusion Prevention System) - A security tool that attempts to detect the attempt to compromise the security of a target and then prevent that attack from becoming successful. An IPSA security tool that attempts to detect the attempt to compromise the security of a target and then prevent that attack from becoming successful. An IPS is considered a more […]
  • ISP (Internet Service Provider) - The organisation that provides connectivity to the Internet for individuals or companies. Some ISPs offer additional services above that of just connectivity such as e-mail, web hosting and domain registration.
j
  • JBOH (JavaScript-Binding-Over-HTTP) - A form of Android-focused mobile device attack that enables an attacker to be able to initiate the execution of arbitrary code on a compromised device. A JBOHA form of Android-focused mobile device attack that enables an attacker to be able to initiate the execution of arbitrary code on a compromised device. A JBOH attack often […]
k
  • keylogger - Any means by which the keystrokes of a victim are recorded as they are typed into the physical keyboard. A keyloggerAny means by which the keystrokes of a victim are recorded as they are typed into the physical keyboard. A keylogger can be a software solution or a hardware device used to capture anything that […]
l
  • LAN (Local Area Network) - An interconnection of devices (i.e. a network) that is contained within a limited geographic area (typically a single building). For a typical LANAn interconnection of devices (i.e. a network) that is contained within a limited geographic area (typically a single building). For a typical LAN, all of the network cables or interconnection media is owned […]
  • link jacking - A potentially unethical practice of redirecting a link to a middle-man or aggregator site or location rather than the original site the link seemed to indicate it was directed towards. For example, a news aggregation service may publish links that seem as if they point to the original source of their posted articles, but when […]
m
  • malware (malicious software) - Any code written for the specific purpose of causing harm, disclosing information or otherwise violating the security or stability of a system. MalwareAny code written for the specific purpose of causing harm, disclosing information or otherwise violating the security or stability of a system. Malware includes a wide range of types of malicious programs including: […]
o
  • outsider threat - The likelihood or potential that an outside entity, such as an ex-employee, competitor or even an unhappy customer, may pose a risk to the stability or security of an organisation. An outsider must often gain logical or physical access to the target before launching malicious attacks.
  • outsourcing - The action of obtaining services from an external entity. Rather than performing certain tasks and internal functions, outsourcingThe action of obtaining services from an external entity. Rather than performing certain tasks and internal functions, outsourcing enables an organisation to take advantages of external entities that can provide services for a fee. Outsourcing is often used […]
  • OWASP (Open Web Application Security Project) - An Internet community focused on understanding web technologies and exploitations. Their goal is to help anyone with a website improve the security of their site through defensive programming, design and configuration. Their approach includes understanding attacks in order to know how to defend against them. OWASPAn Internet community focused on understanding web technologies and exploitations. […]
p
  • PaaS (Platform-as-a-Service) - A type of cloud computing service where the provider offers the customer the ability to operate custom code or applications. A PaaSA type of cloud computing service where the provider offers the customer the ability to operate custom code or applications. A PaaS operator determines which operating systems or execution environments are offered. A PaaS […]
  • packet sniffing - The act of collecting frames or packets off of a data network communication. This activity allows the evaluation of the header contents as well as the payload of network communications. Packet sniffingThe act of collecting frames or packets off of a data network communication. This activity allows the evaluation of the header contents as well […]
  • patch - An update or change or an operating system or application. A patchAn update or change or an operating system or application. A patch is often used to repair flaws or bugs in deployed code as well as introduce new features and capabilities. It is good security practice to test all updates and patches before implementation […]
  • patch management - The management activity related to researching, testing, approving and installing updates and patches to computer systems, which includes firmware, operating systems and applications. A patchAn update or change or an operating system or application. A patch is often used to repair flaws or bugs in deployed code as well as introduce new features and capabilities. […]
  • payment card skimmers - A malicious device used to read the contents of an ATM, debit or credit card when inserted into a POSAn attack that gains access to the POS (Point of Sale) devices at a retail outlet enabling an attacker to learn payment card information as well as other customer details. POS intrusions can occur against a […]
  • pen testing - A means of security evaluation where automated tools and manual exploitations are performed by security and attack experts. This is an advanced form of security assessment that should only be used by environments with a mature security infrastructure. A penetration test will use the same tools, techniques and methodologies as criminal hackers, and thus, it […]
  • phishing - A social engineeringAn attack focusing on people rather than technology. This type of attack is psychological and aims to either gain access to information or to a logical or physical environment. A social engineering attack may be used to gain access to a facility by tricking a worker into assisting by holding the door when […]
  • PKI (Public Key Infrastructure) - A security framework (i.e. a recipe) for using cryptographic concepts in support of secure communications, storage and job tasks. A PKIA security framework (i.e. a recipe) for using cryptographic concepts in support of secure communications, storage and job tasks. A PKI solution is a combination of symmetric encryption, asymmetric encryption, hashing and digital certificate-based authentication. […]
  • POS (Point of Sale) intrusions - An attack that gains access to the POSAn attack that gains access to the POS (Point of Sale) devices at a retail outlet enabling an attacker to learn payment card information as well as other customer details. POS intrusions can occur against a traditional brick-and-mortar retail location as well as any online retail websites. (See […]
r
  • ransomware - A form of malwareAny code written for the specific purpose of causing harm, disclosing information or otherwise violating the security or stability of a system. Malware includes a wide range of types of malicious programs including: virus, worm, Trojan horse, logic bomb, backdoor, Remote Access Trojan (RAT), rootkit, ransomware and spyware/adware. that holds a victim’s […]
  • restore - The process of returning a system back to a state of normalcy. A restoreThe process of returning a system back to a state of normalcy. A restore or restoration process may involve formatting the main storage device before re-installing the operating system and applications as well as copying data from backups onto the reconstituted system. […]
  • risk assessment - The process of evaluating the state of risk of an organisation. Risk assessmentThe process of evaluating the state of risk of an organisation. Risk assessment is often initiated through taking an inventory of all assets, assigning each asset a value, and then considering any potential threats against each asset. Threats are evaluated for their exposure […]
  • risk management - The process of performing a risk assessmentThe process of evaluating the state of risk of an organisation. Risk assessment is often initiated through taking an inventory of all assets, assigning each asset a value, and then considering any potential threats against each asset. Threats are evaluated for their exposure factor (EF) (i.e. the amount of […]
s
  • SaaS (Software-as-a-Service) - A type of cloud computing service where the provider offers the customer the ability to use a provided application. Examples of a SaaSA type of cloud computing service where the provider offers the customer the ability to use a provided application. Examples of a SaaS include online e-mail services or online document editing systems. A […]
  • sandboxing - A means of isolating applications, code or entire operating systems in order to perform testing or evaluation. The sandbox limits the actions and resources available to the constrained item. This allows for the isolated item to be used for evaluation while preventing any harm or damage to be caused to the host system or related […]
  • SCADA (Supervisory Control and Data Acquisition) - A complex mechanism used to gather data and physical world metrics as well as perform measurement or management actions of the monitored systems for the purposes of automatic large complex real-world processes such as oil refining, nuclear power generation or water filtration. SCADAA complex mechanism used to gather data and physical world metrics as well […]
  • security control - Anything used as part of a security response strategy which addresses a threat in order to reduce risk. (Also known as countermeasure or safeguard.)
  • security perimeter - The boundary of a network or private environment where specific security policies and rules are enforced. The systems and users within the security boundary are forced into compliance with local security rules while anything outside is not under such restrictions. The security perimeterThe boundary of a network or private environment where specific security policies and […]
  • SIEM (Security Information and Event Management) - A formal process by which the security of an organisation is monitored and evaluated on a constant basis. SIEMA formal process by which the security of an organisation is monitored and evaluated on a constant basis. SIEM helps to automatically identify systems that are out of compliance with the security policy as well as to […]
  • sniffing - See packet sniffingThe act of collecting frames or packets off of a data network communication. This activity allows the evaluation of the header contents as well as the payload of network communications. Packet sniffing requires that the network interface card be placed into promiscuous mode in order to disable the MAC (Media Access Control) address […]
  • social engineering - An attack focusing on people rather than technology. This type of attack is psychological and aims to either gain access to information or to a logical or physical environment. A social engineeringAn attack focusing on people rather than technology. This type of attack is psychological and aims to either gain access to information or to […]
  • SPAM - A form of unwanted or unsolicited messages or communications typically received via e-mail but also occurring through text messaging, social networks or VoIP. Most SPAMA form of unwanted or unsolicited messages or communications typically received via e-mail but also occurring through text messaging, social networks or VoIP. Most SPAM is advertising, but some may include […]
  • spear phishing - A form of social engineeringAn attack focusing on people rather than technology. This type of attack is psychological and aims to either gain access to information or to a logical or physical environment. A social engineering attack may be used to gain access to a facility by tricking a worker into assisting by holding the […]
  • spoof (spoofing) - The act of falsifying the identity of the source of a communication or interaction. It is possible to spoofThe act of falsifying the identity of the source of a communication or interaction. It is possible to spoof IP address, MAC address and email address. IP address, MAC address and email address.
  • spyware - A form of malwareAny code written for the specific purpose of causing harm, disclosing information or otherwise violating the security or stability of a system. Malware includes a wide range of types of malicious programs including: virus, worm, Trojan horse, logic bomb, backdoor, Remote Access Trojan (RAT), rootkit, ransomware and spyware/adware. that monitors user activities […]
  • supply chain - The path of linked organisations involved in the process of transforming original or raw materials into a finished product that is delivered to a customer. An interruption of the supply chainThe path of linked organisations involved in the process of transforming original or raw materials into a finished product that is delivered to a customer. […]
t
  • threat assessment - The process of evaluating the actions, events and behaviours that can cause harm to an assetAnything that is used in and is necessary to the completion of a business task. Assets include both tangible and intangible items such as equipment, software code, data, facilities, personnel, market value and public opinion. or organisation. Threat assessmentThe process […]
  • Trojan Horse (Trojan) - A form of malwareAny code written for the specific purpose of causing harm, disclosing information or otherwise violating the security or stability of a system. Malware includes a wide range of types of malicious programs including: virus, worm, Trojan horse, logic bomb, backdoor, Remote Access Trojan (RAT), rootkit, ransomware and spyware/adware. where a malicious payload […]
  • two-factor authentication - The means of proving identity using two authenticationThe process of proving an individual is a claimed identity. Authentication is the first element of the AAA services concept, which includes Authentication, Authorisation, and Accounting. Authentication occurs after the initial step of identification (i.e. claiming an identity). Authentication is accomplished by providing one or more authentication factors—Type […]
  • two-step authentication - A means of authenticationThe process of proving an individual is a claimed identity. Authentication is the first element of the AAA services concept, which includes Authentication, Authorisation, and Accounting. Authentication occurs after the initial step of identification (i.e. claiming an identity). Authentication is accomplished by providing one or more authentication factors—Type 1: something you know […]
u
  • unauthorised access - Any access or use of a computer system, network or resource which is in violation of the company security policy or when the person or user was not explicitly granted authorisationThe security mechanism determining and enforcing what authenticated users are authorised to do within a computer system. The dominant forms of authorisation are DAC, MAC […]
v
  • virus - A form of malwareAny code written for the specific purpose of causing harm, disclosing information or otherwise violating the security or stability of a system. Malware includes a wide range of types of malicious programs including: virus, worm, Trojan horse, logic bomb, backdoor, Remote Access Trojan (RAT), rootkit, ransomware and spyware/adware. that often attaches itself […]
  • vishing - A form of phishingA social engineering attack that attempts to collect information from victims. Phishing attacks can take place over e-mail, text messages, through social networks or via smart phone apps. The goal of a phishing attack may be to learn logon credentials, credit card information, system configuration details or other company, network, computer or […]
  • VPN (Virtual Private Network) - A communication link between systems or networks that is typically encrypted in order to provide a secured, private, isolate pathway of communications.
  • vulnerability - Any weakness in an assetAnything that is used in and is necessary to the completion of a business task. Assets include both tangible and intangible items such as equipment, software code, data, facilities, personnel, market value and public opinion. or security protection which would allow for a threat to cause harm. It may be a […]
w
  • whitelist - A security mechanism prohibiting the execution of any program that is not on a pre-approved list of software. The whitelistA security mechanism prohibiting the execution of any program that is not on a pre-approved list of software. The whitelist is often a list of the file name, path, file size and hash value of the […]
  • Wi-Fi - A means to support network communication using radio waves rather than cables. The current Wi-FiA means to support network communication using radio waves rather than cables. The current Wi-Fi or wireless networking technologies are based on the IEE 802.11 standard and its numerous amendments, which address speed, frequency, authentication and encryption. or wireless networking technologies […]
  • worm - A form of malwareAny code written for the specific purpose of causing harm, disclosing information or otherwise violating the security or stability of a system. Malware includes a wide range of types of malicious programs including: virus, worm, Trojan horse, logic bomb, backdoor, Remote Access Trojan (RAT), rootkit, ransomware and spyware/adware. that focuses on replication […]
z
  • zombie - A term related to the malicious concept of a botnet. The term zombieA term related to the malicious concept of a botnet. The term zombie can be used to refer to the system that is host to the malware agent of the botnet or to the malware agent itself. If the former, the zombie is […]