802.11   A wireless specification created by the Institute of Electrical and Electronics Engineers (IEEE) that helped globally standardize wireless local area network communications.

802.1x   A port-based network access control method that requires users to authenticate prior to connecting to a wired or wireless network.

acceptable use policy (AUP)   A policy that states what employee responsibilities are with respect to accessing and using information resources within the organization.

acceptance testing   A testing method used to determine if software is performing in a way that is acceptable to users based on business requirements.

access control list (ACL)   In terms of file systems, it’s a list of permissions by user, computer, and group accounts, associated with a specific object.

Active Directory (AD)   A Microsoft Windows directory service technology that provides a structured, secure, and hierarchical object database for a network including users, computers, group policies, printers, and other services.

ActiveX   A Microsoft software framework designed for Internet Explorer, built on object-oriented programming technologies, for the purpose of running dynamic media content.

Address Space Layout Randomization (ASLR)   Involves the operating system randomizing the operating locations of various portions of an application (such as the application executable, APIs, libraries, and heap memory) in order to confuse a hacker’s attempt at predicting a buffer overflow target.

Advanced Encryption Standard (AES)   A symmetric block encryption algorithm adopted by the U.S. government and widely used to encrypt data.

after-action report   A post-incident process that implements the security recommendations gleaned from the lessons-learned report.

Agile   An accelerated development approach that favors smaller milestones, reduced long-term planning, and the ability to revisit previous phases without restriction.

alert fatigue   The result of administrators no longer monitoring alerts due to too many false positives.

algorithm   A step-by-step mathematical process frequently used for cryptography.

annualized loss expectancy (ALE)   The expected monetary loss associated with an asset and a specific risk over a one-year period. It can be expressed as the product of the single loss expectancy (SLE) and the annualized rate of occurrence (ARO).

annualized rate of occurrence (ARO)   The probability that a specific risk will occur in a single year.

artificial intelligence (AI)   Involves computers performing tasks with a human-like intelligence.

Asynchronous JavaScript and XML (AJAX)   A common programming methodology used to improve the end-user experience in web applications by permitting web applications to send and retrieve data from a server in the background without interfering with the content of the existing page.

attestation   The act of certifying some element to be true and doing so in a fashion that provides a form of evidence as to its authenticity.

audit   The process of inspecting organizational records and processes to determine compliance with requirements.

authentication   The process of verifying the legitimacy of a claimed identity.

Authentication, Authorization, and Accounting (AAA)   The set of security services used to manage the critical functions of determining identity, permissions, and activity tracking.

Authentication Header (AH)   A protocol from the IPSec suite that provides integrity, data origin authentication, and protection from replay attacks. AH does not provide confidentiality.

authorization   The process of determining the access scope and permissions a user has to resources.

baseline   A point-in-time measurement of what we agree is the acceptable level of normal performance.

benchmark   A point-in-time measurement that is only focused on that particular point in time.

big data   Refers to huge amounts of mostly unstructured data that is often too large for standard systems to process.

black-box testing   Simulates black hat hackers by starting off penetration tests without prior knowledge of the organizational network.

blockchain   A large chain of financial transaction records that, rather than being stored on centralized financial servers, are actually chained to each other as a decentralized and linear series of blocks.

Blowfish   A symmetric block cipher that uses key sizes between 32 and 448 bits, with 16 rounds of processing on 64-bit message blocks.

Bluetooth   A wireless technology standard designed for exchanging information between devices such as mice, keyboards, headsets, smartphones, smart watches, and gaming controllers—at relatively short distances and slow speeds.

bots   Automated programs that perform a specific task, such as crawling the Web from link to link.

bring your own device (BYOD)   A mobile device strategy that allows users to bring personal mobile devices into the workplace to access organizational resources.

buffer overflow   Occurs when the size of the data being read is larger than the destination buffer, which causes an overflow condition resulting in application failure.

building automation system (BAS)   A centralized management system that controls and monitors facilities and environmental technologies.

business continuity planning (BCP)   The plans a business develops to continue critical operations in the event of a major disruption.

business impact analysis (BIA)   Documents the various risks to an organization and the resulting impact from disasters should those risks come to fruition.

business partnership agreement (BPA)   A type of legal agreement between partners establishing the terms, conditions, and expectations of the relationship between the partners.

CAST-128   A symmetric block cipher with either 40-bit or 128-bit keys, while utilizing 12 or 16 rounds of processing on 64-bit message blocks.

Certificate Authority (CA)   A service that generates, issues, validates, and revokes digital certificates.

certification revocation list (CRL)   A list of certificates that have been revoked by a Certificate Authority.

chain of custody   A detailed record of evidence handling, from its collection, preservation, and analysis, to presentation in court and disposal.

Challenge Handshake Authentication Protocol (CHAP)   A three-way handshake protocol used to authenticate a user over a network without having to send a cleartext password.

change monitoring   A monitoring technique that checks for signs of failed or successful attempts at modifying network configuration baselines as well as any signs of unauthorized devices or behaviors being introduced into the network.

chief information security officer (CISO)   The title for the executive-level position with responsibility over information security in an organization.

choose your own device (CYOD)   A mobile device strategy that enables a business to publish a limited list of devices that employees can buy.

cipher   A cryptographic algorithm that performs a specific method of encryption or decryption. AES, RSA, and SHA-2 are examples of ciphers.

ciphertext   The resulting encrypted data that was caused by inputting the original plaintext into an encryption cipher.

clickjacking   An attack where a user is tricked into clicking something on a web page, causing a different operation than the one expected to be performed.

closed-circuit television (CCTV)   A private television system usually hardwired in security applications to record visual information.

cloud computing   According to NIST, cloud computing is defined as “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (for example, networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”

cloud security broker   Cloud-based security policy environments that reside between an organization’s on-premises network and some other cloud provider’s network.

code reuse   Involves the authorized use of someone else’s proven code, or knowledge about code, to improve your software development efforts.

code review   The proofreading of source code to discover and mitigate software vulnerabilities before they make it onto the finished product.

code signing   The application of digital signature technology to computer code, executable files, scripts, and resource files.

Common Access Card (CAC)   A smartcard-based personnel identification system implemented by the U.S. Department of Defense that can be used for a variety of identification purposes, including computer system authentication.

Common Criteria   An international standard for computer security evaluations and certification.

Common Internet File System (CIFS)   The name associated with an Application layer network protocol used for file and resource sharing. From Microsoft, CIFS is also known as Server Message Block (SMB).

community cloud   A model that involves a group of organizations that collectively own, share, or consume a common cloud computing infrastructure as a result of mutual interests like software interfaces and security features.

Computer Emergency Response Team (CERT)   The name CERT is a trademark held by the Software Engineering Institute and should not be used without their permission. This term has been used to identify the members of the expert group that investigates and responds to computer security incidents. A more correct term to use for incident response teams is computer security incident response team (CSIRT) or computer incident response team (CIRT).

computer incident response team (CIRT)   The term used to identify the members of the expert group that investigates and responds to computer security incidents.

configuration baseline   A standardized configuration across an application, operating system, or device.

configuration lockdown   The concept of sealing configurations into our network devices to prevent unauthorized changes.

configuration management database (CMDB)   Automatically tracks the state of enterprise assets such as hardware, software, policies, documentation, networks, and staff throughout the life cycle of these assets—in addition to managing and tracking the relationships between these assets.

configuration profile   A group of settings applied to mobile devices and computers to control device features including the operating system and applications.

containerization   The process of isolating corporate data into a protected and encrypted container stored on the mobile device.

containers   An OS feature in which its kernel divides itself into multiple isolated instances, or containers—each of which is allocated to an application. From the application’s viewpoint, a complete OS instance has been allocated, when in fact it has only received a smaller isolated OS “portion.” Containers have a reduced hardware footprint as compared to virtual machines.

content management system (CMS)   Typically, web-based applications that encourage enterprise-wide collaboration with web applications and documentation between multiple contributors creating, editing, and publishing content.

context-aware authentication   Builds on conventional authentication methods by also considering the user’s technological and environmental characteristics.

context-aware management   The application of restrictive policies to mobile devices based on certain device conditions like location or time of day.

continuity of operations (COOP)   A detailed plan of how essential functions of an organization will be handled during an emergency or disaster.

continuous monitoring   Involves tracking changes to the information system that occur during its lifetime and then determining the impact of those changes on the system security controls.

Control Objectives for Information and Related Technologies (COBIT)   A set of best practices for IT management created by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI).

corporate owned, personally enabled (COPE)   A mobile device strategy in which corporations buy devices for employees while permitting business and personal usage of devices.

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)   An enhanced data cryptographic encapsulation mechanism designed for use over wireless LANs based on the counter mode with CBC-MAC from AES.

Credential Security Support Provider (CredSSP)   CredSSP lets an application delegate a user’s credentials from client to server over a secure channel.

cross-certification trust model   A process involving the CAs from one hierarchical trust model trusting the CAs from another hierarchical trust model.

cross-site request forgery (CSRF or XSRF)   A method of attacking a system by sending malicious input to the system and relying on the parsers and execution elements to perform the requested actions, thus instantiating the attack. XSRF exploits the trust a site has in the user’s browser.

cross-site scripting (XSS)   A method of attacking a system by sending script commands to the system input and relying on the parsers and execution elements to perform the requested scripted actions, thus instantiating the attack. XSS exploits the trust a user has for the site.

cryptocurrency   A digital form of currency that uses powerful cryptographic methods to secure financial transactions through a decentralized or peer-to-peer network.

cryptographic service provider   Windows software libraries that make the Microsoft CryptoAPI available to applications that require cryptographic capabilities.

cryptography   The science of hiding or making information unreadable to unauthorized parties.

cryptoprocessor   Chips often built inside of Trusted Platform Modules (TPMs) that perform complex cryptographic functions.

customer relationship management (CRM)   A model, typically implemented via a software suite, that facilitates interactions with customers, customer service, technical support, and other areas of the business.

cyclic redundancy check (CRC)   An error-detection methodology that can offer limited data integrity functionality.

data custodian   The individual responsible for implementing the decisions made by the data owners.

Data Encryption Standard (DES)   An older symmetric block cipher that uses 56-bit keys.

Data Execution Prevention (DEP)   A security feature of an operating system that can be driven by software, hardware, or both, designed to prevent the execution of code from blocks of data in memory.

data loss prevention (DLP)   Technology, processes, and procedures designed to detect when unauthorized removal of data from a system occurs. DLP is typically active, preventing the loss of data, either by blocking the transfer or dropping the connection.

data owner   The individual responsible for deciding how certain data should be used and managed.

data remnants   Unwanted pieces of information that remain after a deletion operation.

data retention   A requirement that organizations hold onto data for a predetermined period of time, typically, as per a state or federal law.

data sovereignty   A concept that stipulates that once data has been collected on foreign soil, it is subject to the laws of that particular nation.

data-at-rest encryption   Refers to the encryption of data while it is inactive on a storage medium.

database activity monitor   A tool that monitors the transactions and other activity of database services.

data-in-transit encryption   Refers to the encryption of data as it travels across a network.

data-in-use encryption   Refers to the encryption of data while it is in use in memory types such as RAM, in addition to cache and register memory locations on the CPU.

dd   A Unix and Linux command-line tool that allows for the conversion, formatting, and copying of files. This includes drive cloning, disk wiping, data recovery, backup, and modification of boot records.

de facto standard   A standard that is widely accepted by an industry but for which no formal standardization process has been undertaken.

decryption   The process of using a decryption key to convert unreadable ciphertext into readable plaintext.

deep learning   A deeper form of machine learning in which technology tools don’t use any baseline factors to guide the learning; rather, the technology decides for itself what learning and classification modalities to implement based on the inputs it receives.

deep packet inspection   A technique used by application-level and next-generation firewalls involving the scanning and analyzing the headers, state, and data portions of packets before allowing or dropping them.

demerger   The process of breaking apart two previously combined organizations into separate organizations.

demilitarized zone (DMZ)   A network zone of limited trust that exists between trusted and untrusted zones to protect trusted zones from direct contact with untrusted zones.

denial of service (DoS)   Actions taken to make a resource unavailable for its intended use. A DoS attack is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have available for use.

deperimeterization   The removal of the logical barrier between organizations and the outside world.

deterrence   The process of discouraging threat actors from performing unauthorized actions through warnings or the threat of consequences.

Diffie-Hellman (DH)   An algorithm that enables two systems to generate and securely distribute a symmetric key over a public channel. Although it allows for key distribution, it does not provide encryption or digital signature functionality.

digital certificate   Electronic documents used to provide attribution of a public key to a user, computer, or service.

Digital Encryption Standard (DES)   A 56-bit key-based block cipher, now considered obsolete. Its successor, triple DES, involves three rounds of DES, and has in turn been replaced by AES.

digital forensics   The application of scientific methods to electronic data systems for the purposes of gathering specific information from a system.

Digital Rights Management (DRM)   Uses technology to restrict how digital copyrighted works can be used once published.

digital signature   The implementation of both hashing and asymmetric cryptography to verify integrity and nonrepudiation of information.

Digital Signature Algorithm (DSA)   A U.S. government standard for implementing digital signatures.

direct object reference   Occurs when an application request refers to the actual name of objects, such as files, folders, database, or storage elements.

DirectAccess   A Microsoft remote access technology that allows connectivity for remote users without requiring user interaction or pre-established VPN connections.

Directory Service   Centralized identity and access management systems that store information about network objects, in addition to providing authentication, authorization, location, management, and auditing services upon those network objects.

disaster recovery plan (DRP)   A detailed operational plan for the prioritized recovery of services after a disaster or other form of service disruption.

discretionary access control (DAC)   An access control model where the owner of data decides who can access data and at what level.

disruptive technologies   Groundbreaking advancements that change everything about how people perform tasks.

distributed denial of service (DDoS)   A method of denial of service in which the attack comes from a distributed vector.

divestiture   The process of an organization selling off one of its business units.

Domain Name Service (Server) (DNS)   A service that converts a human-recognizable network name (such as www.example.com) to an IP address.

due care   Addresses whether the organization has a minimal set of policies that provides reasonable assurance of success in maintaining security.

due diligence   Requires that management actually do something to ensure security, such as implement procedures for testing and review of audit records, internal security controls, and personnel behavior.

dumpster diving   The process of digging through people’s trash to find confidential information.

Dynamic Link Library (DLL)   A shared library file that can contain code, data, and resources, and acts as a shared library element in Microsoft Windows environments.

eavesdropping   The unauthorized interception of communications between other parties.

e-discovery   The electronic discovery of evidence.

electromagnetic interference (EMI)   The disruption of electronics due to an electromagnetic field.

ElGamal   An asymmetric cipher that is based on Diffie-Hellman but is capable of not only digital signatures but also encryption and key exchange.

Elliptic Curve Cryptography (ECC)   An asymmetric cipher that provides digital signatures, key distribution, and encryption capabilities. ECC has found a niche in low-power and computationally constrained devices.

Encapsulated Security Payload (ESP)   A protocol from the IPSec suite that provides confidentiality, connectionless integrity, data origin authentication, and protection from replay attacks.

Encrypted File System (EFS)   A security feature of Windows (from Windows 2000 onward) that enables the transparent encryption/decryption of files on the system.

encryption   Process of converting readable information into an unreadable format.

enterprise license agreement (ELA)   A software licensing model in which software is licensed for use across an enterprise, as opposed to a per-machine installation model.

enterprise resilience   Consists of an organization’s ability to adapt to short-term and long-term changes.

enterprise resource planning (ERP)   Business process management software that permits enterprises to use a consolidated platform of business application modules to manage enterprise-wide activities such as customer service, human resources, accounting, sales, payroll, purchase orders, and many more.

enterprise security architecture (ESA)   A framework to align operational security capabilities with organizational goals and objectives.

Enterprise Service Bus (ESB)   A software architecture model used to define communications between software applications in a Service Oriented Architecture.

Evaluation Assurance Level (EAL)   A method of rating operating systems according to their level of security testing and design.

eXtensible Access Control Markup Language (XACML)   Defines a declarative access control policy language.

Extensible Authentication Protocol (EAP)   An authentication framework designed to define message formats and methods providing for the transport and usage of the keying material and parameters used in authentication. EAP is not a specific authentication mechanism.

Federal Information Security Management Act (FISMA)   A law aimed at government agencies for the sole purpose of enforcing various security requirements on government networks and devices.

federation   A group of trusted organizational networks that permit users from one network to seamlessly use its network credentials to access resources located at another network without having to resort to a separate identity-verification step involving user interaction.

Fiber Channel Over Ethernet (FCOE)   The encapsulation of fiber channel frames over an Ethernet network, permitting the use of the Fiber Channel Protocol across an Ethernet-based network.

file integrity monitoring (FIM)   Software that ensures that operating system, application, and data files maintain their intended state.

File Transfer Protocol (FTP)   An application-level protocol for the transfer of files from one system to another.

File Transfer Protocol Secure (FTPS)   An application-level protocol used to transfer files over a network connection that uses FTP over an SSL or TLS connection.

fingerprinting   The process of determining specific details about a system, including port numbers, services, operating systems, vulnerabilities, and accounts.

flood guard   A network device that blocks flooding-type DoS/DDoS attacks, frequently part of an IDS/IPS.

Foremost   A forensic data recovery command-line tool used on Linux primarily for law enforcement to recover deleted or corrupted data from drives.

fuzzing   A software testing methodology used to detect input validation errors.

gap analysis   Analyses the differences between an organization’s present state of security and its recommended or desired state.

General Data Protection Regulation (GDPR)   A privacy law signed by the European Union (EU) enforcing data protection and privacy requirements for all individuals within the EU, and other parties that conduct business with the EU.

Generic Routing Encapsulation (GRE)   A tunneling protocol designed to encapsulate a number of different protocols across an IP network.

geofencing   The process of creating a logical or virtual boundary around a mobile device.

geolocation   The process of identifying a device’s geographical location by using GPS or cell towers.

geotagging   The process of attaching geographically related information to common media types such as pictures, videos, SMS messages, and even websites.

GNU Privacy Guard (GPG)   A series of well-known cryptographic functions that provide for key exchange, confidentiality, integrity, and nonrepudiation of electronic communications.

Governance, Risk, and Compliance (GRC)   A unified management approach to strategically achieving business objectives, keeping risks at a tolerable level, and following all required laws and requirements.

Gramm–Leach–Bliley Act (GLBA)   A financial law that includes provisions for financial organizations to protect the privacy of customer data. The Safeguards Rule and Privacy Rule carry out these requirements.

gray-box testing   Simulates a malicious non-administrator who has partial knowledge of the network.

Group Policy   A set of rules that provides for centralized management and configuration of a Windows operating system, user configurations, and applications.

guidelines   Specify optional and recommended security controls or processes to be followed.

hard disk drive (HDD)   A physical device designed to store data, typically on magnetic spinning platters.

hardware security module (HSM)   Devices that provide key generation and safeguarding services, speed up specific cryptographic operations on platforms requiring strong authentication, and provide access control capabilities.

hashed message authentication code (HMAC)   The use of a cryptographic hash function and a message authentication code to ensure the integrity and authenticity of a message.

hashing   The process of running data through a mathematical function to produce a message digest of a specified size.

Health Information Technology for Economic and Clinical Health Act (HITECH)   An extension of HIPAA that widens the scope of privacy and security protections available under HIPAA. It increases the potential legal liability for noncompliance and provides for more enforcement.

Health Insurance Portability and Accountability Act (HIPAA)   A healthcare regulation signed in 1996 that provides standards for the management and protection of protected health information (PHI).

heating, ventilation, and air conditioning (HVAC)   A facilities management system that permits central control of the heating and cooling temperatures for the enterprise.

host intrusion detection system (HIDS)   An intrusion detection mechanism that is located on and designed to protect a specific machine.

host intrusion prevention system (HIPS)   An intrusion prevention mechanism, which is an IDS with automated actions in response to specific rules, located on the host it is protecting.

HTTP interceptor   A device or program that captures web traffic between the source web browser and the destination website.

hunt teaming   A comprehensive process of security teams seeking out any signs of attack against the organizational network.

hybrid cloud   A combination of multiple cloud models such as public, private, and community cloud models.

hyper-converged infrastructures   Virtualizes converged infrastructures into a software-defined solution.

Hypertext Markup Language version 5 (HTML5)   An enhanced version of HTML that supports more multimedia capabilities, added mobile device support, plus many other features.

Hypertext Transfer Protocol (HTTP)   A protocol for the transfer of material across the Internet that contains links to additional material.

Hypertext Transfer Protocol over SSL/TLS (HTTPS)   A protocol for the transfer of material across the Internet that contains links to additional material that is carried over a secure tunnel via SSL or TLS.

hypervisor   Software that can virtualize hardware into software versions of CPUs, RAM, hard drives, and NICs, to enable the utilization of multiple isolated operating systems on the same set of physical hardware.

IDEA   A symmetric block cipher that uses a 128-bit key size and performs 8.5 rounds of processing on 64-bit message blocks.

identification   The process of a user, device, or service claiming an identity.

identity management   The process in a computer system of managing the individual identities and assigning credentials to users.

identity proofing   The process of verifying people’s identities before an organization issues them accounts and credentials.

Identity Provider (IdP)   A Security Assertion Markup Language (SAML) item that creates, maintains, and manages individual identity information.

incident response   A team-led activity of detecting and responding to security breaches.

incident response team   A group of people who prepare for and respond to any emergency incident, such as a natural disaster or an interruption of business operations.

information classification   The process of placing specialized security labels on objects like files and folders to indicate their criticality and sensitivity to an organization.

information technology governance (IT governance)   The implementation of processes where executive management actively ensures that IT is being used in the most effective and efficient manner by those responsible for it.

Information Technology Infrastructure Library (ITIL)   An IT services framework that provides best practices for the alignment of IT services with organizational objectives.

Infrared Data Association (IrDA)   An organization that created a set of protocols permitting communications between devices using infrared wireless signals.

infrastructure as a service (IaaS)   The automatic, on-demand provisioning of infrastructure elements, operating as a service; a common element of cloud computing.

inherent risk   The risk that an incident will pose if no security controls are put into place.

initialization vector (IV)   A data value used to seed a cryptographic algorithm, providing for a measure of randomness.

Inline Network Encryptors (INE)   Devices that encrypt sensitive information en route between sources and destinations across insecure networks like the Internet and company WAN links.

integer overflow   Occurs when a number is too large to be stored in the variable.

Integrity Measurement Architecture (IMA)   A secure boot method that provides assurances that the Linux OS has a trusted boot environment.

interconnection security agreement (ISA)   An agreement that documents the IT security requirements between organizations that own connected systems.

International Organization for Standardization (ISO)   The world’s largest standards organization, which creates standards for many industries, including security and technology.

Internet Control Message Protocol (ICMP)   The protocol in the IP protocol suite for transmitting messages concerning errors in packet transmissions in IP networks.

Internet Engineering Task Force (IETF)   A large, international community of network administrators, designers, vendors, and researchers who are concerned with the evolution of the Internet and its continued operation.

Internet Key Exchange (IKE)   A protocol used when setting up IPSec to document the required security association between the parties.

Internet Protocol (IP)   A suite of protocols that define the requirements for packet transfers across IP networks.

Internet Protocol Security (IPSec)   A suite of protocols for security packets that traverse an IP network.

interoperability agreement   A broad category of agreements that include data, technology, and communication-sharing requirements between two or more organizations.

jailbreaking   The process of removing certain security restrictions from iOS devices such as iPhones and iPads.

JavaScript   A scripting language developed by Netscape and designed to be operated within a browser instance.

JavaScript Object Notation (JSON)   A language-independent data format derived from JavaScript. It utilizes a simple text format for the storage and exchange of data between a browser and web applications.

job rotation   Provides cross-training benefits in addition to reducing employee fraud.

key   A small secretive piece of alphanumerical information fed into a cipher to turn a cipher’s predicable plaintext/ciphertext patterns into outcomes unpredictable to those without the key—while being predictable to those in possession of the key.

key distribution center (KDC)   A system designed to reduce the risks associated with the exchange of cryptographic keys. Also, a component of the Kerberos authentication system.

key escrow   The process of giving keys to a third party so that they can decrypt and read sensitive information if the need arises.

key performance indicators   Quantifiable metrics used to evaluate the success of technology, processes, or people meeting an organization’s performance goals.

key risk indicators   Measure the amount of risk an activity brings to an organization.

Layer 2 Tunneling Protocol (L2TP)   A networking protocol designed to establish a tunnel to support virtual private networks (VPNs). L2TP does not provide encryption services itself, instead relying on the traffic generator and consumer to set up encryption over the tunnel.

least privilege   Ensures that each individual in the organization is supplied with only the absolute minimum amount of information and privileges needed to perform their work tasks.

legal hold   A process that permits organizational compliance with legal directives to preserve all digital and paper records in anticipation of possible litigation.

lessons learned   A post-incident process of evaluating what took place during the incident, including organizational successes and mistakes.

Lightweight Directory Access Protocol (LDAP)   An application protocol for accessing and maintaining directory information over IP, using a subset of the standard Directory Access Protocol.

Lightweight Extensible Authentication Protocol (LEAP)   A version of EAP developed by Cisco prior to 802.11i to push 802.1X and WEP adoption.

load balancer   A network device that distributes computing across multiple computers.

Local Area Network Manager (LANMAN)   A Microsoft method of storing a password so that it can be exchanged with other, non-Microsoft-based networks. Now considered insecure because of its methods that can be exploited to reveal passwords.

logical unit number (LUN)   A unique identifier, used in the management of block storage elements shared as a storage area network (SAN). It identifies a specific logical unit, which may be a part of a hard disk drive, an entire hard disk, or several hard disks in a storage device.

loop protection   The requirement to prevent bridge loops at the Layer 2 level, which is typically resolved using the spanning tree algorithm on switch devices.

machine learning (ML)   A type of AI where computers use certain built-in learning factors to guide its learning and adaptation of data.

managed security service (MSS)   The outsourcing of security and network services to another organization.

managed security service provider (MSSP)   Third-party organization that provides dedicated security services to cloud subscribers.

mandatory access control (MAC)   An access control system that enforces security and requires every object have an identity and a base set of rules that are always and consistently applied.

mandatory vacation   Forced employee vacations to permit organizational audits into employee activities to determine possible malicious activities or fraud being committed against the organization.

Master Boot Record (MBR)   A strip of data on a hard drive in Windows systems meant to result in specific initial functions or identification.

master service agreement   An all-encompassing agreement between multiple organizations that serves as the building block for future agreements, transactions, and business documents.

MD5   A hashing algorithm that produces 128-bit ciphertext hashes with four rounds of processing on 512-bit blocks.

mean time between failure (MTBF)   The statistically determined period of time between failures of the system.

mean time to recovery (MTTR)   The average time a system will take to recover from a failure.

media access control (MAC)   A data communication protocol that enables multiple communication channels to a host while enabling channel-access-control mechanisms to manage the traffic flow in the Data Link layer of the OSI stack.

memdump   A Linux command-line utility that can dump physical and kernel memory contents to both local storage and network locations.

memorandum of agreement (MOA)   A document between parties specifying the details of responsibilities for a cooperative effort associated with a project or common goal.

memorandum of understanding (MOU)   A document executed between two parties that defines some form of agreement.

memory dumping   The process of dumping memory contents to the hard drive for offline analysis.

memory leak   Occurs when an application fails to correctly manage memory, which can lead to a memory shortage.

message authentication   Uses codes to authenticate messages.

message authentication code (MAC)   A short piece of data used to authenticate a message. See “hashed message authentication code (HMAC).”

MicroSD hardware security module   Tiny hardware security module card that plugs into the microSD port of smart devices such as Android smartphones and tablets.

Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)   Microsoft’s first proprietary implementation of CHAP. It provides better password storage than CHAP but is otherwise considered weak by today’s standards.

Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAPv2)   An enhanced Microsoft proprietary protocol that provides mutual authentication between endpoints to prevent rogue server attacks and other nonrepudiation and integrity violations. It also uses different keys for sending and receiving.

mobile device management (MDM)   Software that enables enterprises to manage heterogenous mobile devices and desktops by using various policies to control device features, the operating system, and applications.

Multimedia Messaging Service (MMS)   An enhanced text messaging service that can also include pictures and videos.

Multiprotocol Label Switching (MPLS)   A highly scalable routing methodology that uses short labels for routing rather than looking up long network addresses in complex routing tables. MPLS can carry both circuit-based and packet-based traffic.

multitenancy   The process of cloud computing organizations making a shared set of resources available to multiple organizations and customers.

National Institute of Standards and Technology (NIST)   A U.S. government agency charged with developing and maintaining standards associated with technology and measurements.

nbtstat   A command-line tool that allows troubleshooting of NetBIOS-related issues by displaying TCP/IP connections and protocol statistics based on NetBIOS network activity.

nc   A Unix/Linux command-line utility designed to connect to or host various types of network connections with other systems.

near field communication (NFC)   A group of communication protocols that permit devices such as smartphones to communicate when they are within a few centimeters of each other.

netstat   A command-line tool designed to display generalized network connections and protocol statistics for the TCP/IP protocol suite.

network access control (NAC)   A technical approach to improving network security through the control of network access by ensuring all devices have proper security controls in place and active before granting network access.

Network Address Translation (NAT)   The act of modifying IP addresses to packets when crossing a network device to allow local IP addresses (nonroutable IP addresses) the ability to be routed across an IP network.

network attached storage (NAS)   The use of network connections to attach file-level storage to computers.

Network Basic Input/Output System (NetBIOS)   A system that provides communication services across a local area network.

network enumerator   Software that scans systems and give us more details such as usernames, groups, shares, and audit options.

network intrusion detection system (NIDS)   An intrusion detection system that monitors traffic using a sensor on a network connection allowing it to cover multiple machines.

network intrusion prevention system (NIPS)   An intrusion prevention system that monitors traffic using a sensor on a network connection allowing it to cover multiple machines.

Network Mapper (Nmap)   An industry-leading port scanner that can perform numerous port scan types, spoofing, network enumeration, and other network features.

New Technology LANMAN (NTLM)   A deprecated security suite from Microsoft that provides authentication, integrity, and confidentiality for users. Because it does not support current cryptographic methods, it is no longer recommended for use.

nondisclosure agreement (NDA)   A legal contract between parties detailing the restrictions and requirements borne by each party with respect to confidentiality issues pertaining to information to be shared.

nonrepudiation   The assurance that a message, action, or activity originated from the stated source.

NX (no-execute) bit   Refers to CPUs reserving certain areas of memory for containing code that should not be executed.

OAuth   A token-based authorization standard that permits an end user’s resources or account information to be shared with third parties without also sharing their password.

object request broker (ORB)   The concept of using a piece of software to allow computer programs to make calls between different programs on different systems.

Online Certificate Status Protocol (OSCP)   A protocol used to quickly request the revocation status of a digital certificate. This is an alternative to certificate revocation lists.

open source intelligence   Refers to the collection of valuable information from public sources.

OpenID   A protocol that provides users with a mechanism to consolidate their various digital identities.

operating level agreement (OLA)   An internal agreement in an organization as to the requirements to support a service level agreement.

order of volatility   Describes the order in which digital evidence should be collected before it disappears.

out-of-band management   A network management technique that uses a dedicated interface to deliver management traffic through a separate channel from normal network communications.

outsourcing   An act of using another organization to assume responsibility over a business process.

passive vulnerability scanner   Scanners that analyze network traffic in order to non-intrusively discover vulnerabilities with organizational assets.

Password Authentication Protocol (PAP)   A plaintext authentication protocol used by Point-to-Point Protocol (PPP) to validate users.

password cracker   Specialized tool designed to determine unknown passwords via dictionary, brute-force, hybrid, or rainbow table attacks.

patch management   The process of acquiring, testing, deploying, and maintaining a patching solution for an organization’s devices.

Payment Card Industry Data Security Standard (PCI DSS)   A standard created by credit card companies that requires all organizations that process payment cards to protect both the transactions and the cardholder data with a variety of security controls.

penetration testing   The practice of simulating attacks on organizational targets in order to prepare organizations for malicious hackers.

Perfect Forward Secrecy (PFS)   The property of a cryptosystem where the case of a future compromise of a key does not affect security of previous messages using different keys. This implies that the compromise of a single key only compromises messages encrypted by that key.

personally identifiable information (PII)   Information that can be used to identify individuals, including elements such as social security number (or other government ID number), date of birth, address, and so on.

pharming   Using phishing e-mails to redirect victims to hacker websites.

phishing   Using e-mail to trick victims into revealing confidential account and financial information through malicious links, filling out website forms, or running software they shouldn’t.

piggybacking   The process of unauthorized individuals tricking an authorized individual into consenting to give them access into a restricted area.

pivoting   The process of compromising a host in order to use that host to compromise other hosts on the network.

platform as a service (PaaS)   A cloud computing service that permits customers to develop, run, and manage their applications directly on the cloud platform. This frees customers from having to also build and maintain the underlying infrastructure. Microsoft Azure or Amazon AWS are common PaaS examples.

Point-to-Point Protocol (PPP)   A protocol for connecting network nodes at the Data Link layer. PPP is capable of providing authentication and encryption and is compatible with many different physical network methodologies.

Point-to-Point Tunneling Protocol (PPTP)   The use of generic routing encapsulation over PPP to create a methodology used for virtual private networking.

Port Address Translation (PAT)   The manipulation of port information in an IP datagram at a point in the network to map ports in a fashion similar to Network Address Translation’s change of network address.

port scanner   A tool designed to scan one or more systems to determine which TCP/UDP ports are “open,” “closed,” or “filtered.”

Port Security   Provides assurances that only approved devices are permitted to communicate on its ports.

pre-shared key (PSK)   A secret that has been previously shared between parties and is used to establish a secure channel.

Pretty Good Privacy (PGP)   A popular program used to encrypt and decrypt files and e-mails for secure communications across insecure networks. Developed by Philip Zimmerman in 1991, for safe political free speech worldwide, it has become the de facto standard. Now a commercial product, freeware and similar versions are available on the Web.

privacy   The desire to control the use of one’s personal data.

privacy impact assessment   A process for determining whether privacy-related data is properly handled by the organization.

private cloud   Allows the local organization to be the sole beneficiary of an infrastructure that duplicates many of the public cloud benefits, like on-demand self-servicing, ubiquitous network access, resource pooling, rapid elasticity, agility, and service measuring.

privilege escalation   An attack that elevates the privileges of the currently logged-on user to a higher level to increase control over the compromised system.

procedure   The operational-level, step-by-step details on how to achieve a specific business process.

process   Predictable series of steps needed to achieve an objective.

Protected Extensible Authentication Protocol (PEAP)   A protected version of EAP developed by Cisco, Microsoft, and RSA Security that functions by encapsulating the EAP frames in a TLS tunnel.

Protection Profiles (PPs)   The Common Criteria replacement for EALs, PPs provide more accurate and trustworthy assurance levels for operating system evaluations.

protocol analyzer   A hardware or software tool designed to capture and analyze traffic passing over a communications channel, such as a network.

proxy server   A hardware or software system that acts as a connection intermediary between internal clients and Internet resources.

pseudorandom numbers   Numbers that may be deterministically generated and hence are not actually random—but appear to be random.

public cloud   Involves a public organization providing cloud services to paying customers (using a pay-as-you-go or subscription-based model) or nonpaying customers.

public key infrastructure (PKI)   The protocols, software, and systems used to manage the public keys in an enterprise setting.

push-based authentication   The process of pushing out a special access code to the user’s device that the user must input to a form in order to authenticate to a system.

qualitative risk analysis   A method for determining risk by using word-based risk descriptions such as “low,” “medium,” and “high.”

quality of service (QoS)   The system of providing different priorities to network traffic of various types to reduce traffic issues for delay-sensitive traffic such as voice and video. The system is based on resource reservation rather than actual quality measurement.

quantitative risk analysis   A method for determining risk by using calculations based on historical data associated with risk.

race condition   Software flaws that arise from different threads or processes having a dependence on an object or resource that affects another thread or process.

radio frequency identification (RFID)   A wireless technology that uses antennas, radio frequencies, and chips (tags) to keep track of an object or person’s location.

rainbow table   A “pre-computed” table that stores a mapping of plaintext passwords and their associated hash values to help attackers perform password attacks.

rapid application development (RAD)   A software development methodology that favors the use of rapid prototypes and changes as opposed to extensive advance planning.

RC4   A stream cipher that was frequently used in older Wi-Fi and SSL scenarios.

RC5   A symmetric block cipher with key sizes up to 2048 bits, 1 to 255 rounds of processing, on 32-bit, 64-bit, or 128-bit message blocks.

RC6   A symmetric block cipher that uses key sizes of 128, 192, and 256 bits, and performs 20 rounds of processing on 128-bit message blocks.

Real-time Transport Protocol (RTP)   A protocol for a standardized packet format used to carry audio and video traffic over IP networks.

reconnaissance   The methodical process of collecting as much information about a target as possible before attempting to hack it.

recovery agent (RA)   In Microsoft Windows environments, an RA is the entity authorized by the system to use a public key recovery certificate to decrypt other users’ files using a special private key function associated with the Encrypting File System (EFS).

recovery time objective (RTO)   The amount of time a business has to restore a process before unacceptable outcomes result from a disruption.

Registration Authority (RA)   The PKI component that accepts a request for a digital certificate and performs the necessary steps of registering and authenticating the person requesting the certificate.

regression testing   Determines if changes to software have resulted in unintended losses of functionality and security.

remote access server (RAS)   A server whose specific purpose is to manage remote access services to a network.

Remote Authentication Dial-in User Server (RADIUS)   A remote access networking protocol that provides for authentication, authorization, and accounting, as described in RFC 2865 and 2866.

Remote Desktop Protocol (RDP)   A Microsoft protocol that provides a secure, graphical, remote access connection over a network between computers via port 3389.

remote wiping   The process of sending a signal to a remote device to erase specified data.

remotely triggered black hole (RTBH)   A more advanced type of black hole routing in that ISPs react to DDoS attack traffic by triggering an immediate routing table update to deny traffic from affecting a destination company network.

Representational State Transfer (REST)   A framework that relies on various web protocols to define how clients and servers can exchange web resources with a high degree of interoperability.

Request for Information (RFI)   A process by which one party specifies in a formal document a request for responses on a specific topic, typically used to gather information before issuing some decision.

Request for Proposal (RFP)   A process by which one party specifies in a formal offering a request for other parties to submit proposals in accordance with the specifications in the document.

Request for Quote (RFQ)   A process by which a party submits the requirements for some aspect of work, requesting quotes for completion of the tasks described.

residual risk   The risk that remains after all security controls and countermeasures have been implemented.

resource exhaustion   A form of denial of service where a required resource that performs some specific action is not available at the time of need.

return on investment (ROI)   A measurement of the benefit of an investment minus the cost of the investment.

reverse proxy server   A server or device that provides remote Internet devices with access to servers behind an enterprise firewall.

reverse social engineering   Used to trick victims into first initiating dialogue with the attacker.

RIPEMD   A hashing algorithm that is largely a replacement for MD5 and similar in power and performance to SHA-1. It comes in several versions, including RIPEMD-128, RIPEMD-160, RIPEMD-256, and RIPEMD-320.

risk   Refers to the probability of a threat causing a loss, and the impact of the loss caused by the threat.

risk assessment   The process of evaluating the probability and impact of negative outcomes from future events, with the subsequent intent on reducing or removing the risk of such negative outcomes.

risk management   A business process involving the identification, assessment, analyzation, and mitigation of business risks.

risk profile   Represents a cross-section of an organization’s comfort level concerning which risks it will and will not tolerate.

role-based access control (RBAC)   An access control system where users are grouped into roles and permissions are granted by role rather than by individual user. This reduces the level of administration associated with user changes.

rooting   The process of granting actual root-level privileges to the Android OS.

RSA   An asymmetric cipher that provides all the primary public key cryptographic functions, including key exchange, confidentiality, integrity, and nonrepudiation.

rule-based access control (RBAC)   An access control system where permissions are granted by rules rather than by individual user. This reduces the level of administration associated with user changes.

runtime debugging   Involves the analysis of software while it is actively running in memory.

sandboxing   The practice of separating programs or files from a more generalized computing environment for testing and verification purposes.

Sarbanes–Oxley Act (SOX)   A U.S. government regulation that mandates corporations to implement various internal controls as well as auditing and disclosure practices. It was created to protect businesses, investors, and customers from corporate scandals.

Secure Boot   A booting process made available through UEFI firmware that will only load trusted, digitally signed boot files, as per the original equipment manufacturer (OEM).

Secure Copy Protocol (SCP)   A network protocol that supports secure file transfers.

secure enclave   Involves the use of a separate coprocessor from the system’s main processor to prevent the main processor from having direct access to information stored in the secure encrypted enclave.

Secure FTP   A method of secure file transfer that involves the tunneling of FTP through an SSH connection. This is different from SFTP, which is defined as Secure Shell File Transfer Protocol.

Secure Hypertext Transfer Protocol (SHTTP)   An alternative to HTTPS in which only the transmitted pages and POST fields are encrypted. Rendered moot, by and large, by widespread adoption of HTTPS.

Secure Real-Time Protocol (SRTP)   A secure implementation of RTP providing encryption, message authentication, integrity controls, and replay protection.

Secure Shell (SSH)   A protocol for obtaining a remote shell session with an operating system over a secured channel, using TCP port 22.

Secure Shell File Transfer Protocol (SFTP)   A secure file transfer subsystem associated with the Secure Shell (SSH) protocol.

Secure Sockets Layer (SSL)   An outdated protocol for securing communication sessions over IP networks using TCP. Its successor is Transport Layer Security (TLS).

Secure/Multipurpose Internet Mail Extensions (S/MIME)   The use of public key cryptography to secure MIME attachments to e-mail.

security as a service (SECaaS)   A series of security services provided to consumers by a cloud provider.

Security Assertions Markup Language (SAML)   Security Assertion Markup Language (SAML) is an XML-based standard for exchanging authentication and authorization data.

Security Content Automation Protocol (SCAP)   A method of using specific protocols and data exchanges to automate the determination of vulnerability management, measurement, and policy compliance across a system or set of systems.

Security Development Life Cycle (SDLC)   A name used to describe the addition of security checks into a Software Development Life Cycle. Also called Security System Development Life Cycle (SSDLC).

security information event management (SIEM)   The name used for a broad range of technological solutions for the collection and analysis of security-related information across the enterprise.

security policies   Documents that provide the foundation for organizational security goals. They may include standards, processes, procedures, baselines, and guidance to ensure business requirements are met.

Security System Development Life Cycle (SSDLC)   A name used to describe the addition of security checks into a Software Development Life Cycle. Also called Security Development Life Cycle (SDLC).

separation of duties   Requires multiple individuals to work together to complete a single function.

Serpent   Uses key sizes of 128, 192, and 256 bits with 32 rounds of processing on 128-bit blocks.

Server Message Block (SMB)   The name associated with an Application layer network protocol used for file and resource sharing. From Microsoft, SMB is also known as Common Internet File Sharing (CIFS).

service level agreement (SLA)   An agreement between parties concerning the expected or contracted uptime associated with a system.

Service Oriented Architecture (SOA)   A framework for software engineering that supports interoperable services.

service provider (SP)   In general terms, a service provider is an organization that provides IT services to others. When used with respect to SAML, a service provider is “a role donned by a system entity where the system entity provides services to principals or other system entities,” per SAML specs.

Service Provisioning Markup Language (SPML)   A web protocol that permits the sharing of user, resource, and service provisioning information between a group of organizations.

SHA-1   A hashing algorithm that uses 160-bit hashes with 80 rounds of processing on 512-bit blocks.

SHA-2   A hashing algorithm published in 2001 as a bigger and stronger version of the SHA-1 algorithm by using SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256 ciphers.

SHA-3   A hashing algorithm that is an alternative to SHA-2 and comes in different varieties, such as SHA3-224, SHA3-256, SHA3-384, and SHA-512.

Shibboleth   An open source and web-based federated identity solution that is very popular worldwide.

Short Message Service (SMS)   A popular form of text messaging typically sent via mobile devices.

shoulder surfing   Involves observing someone entering in credentials.

sideloading   The process of installing applications from sources outside the official app stores.

Simple Certificate Enrollment Protocol (SCEP)   A protocol that provides an easy process for network equipment, software, and mobile devices to enroll in digital certificates.

Simple Mail Transfer Protocol (SMTP)   The standard protocol used in the routing of e-mail messages across a network.

Simple Network Management Protocol (SNMP)   A standard protocol used to manage network devices across a network remotely.

Simple Object Access Protocol (SOAP)   An XML-based specification for exchanging information associated with web services.

single loss expectancy (SLE)   The expected loss associated with a single incident of a risk event.

single sign-on (SSO)   A subset of a federated identity management system where a user’s credentials are trusted across multiple distinct systems.

single tenancy   The process of cloud computing organizations granting each customer their own virtualized software environment to ensure more privacy and performance and that control requirements are held to a greater standard.

Skipjack   A symmetric block cipher that uses key sizes of 128, 192, and 256 bits, with 32 rounds of processing on 128-bit blocks.

smishing   Involves sending unsolicited SMS messages to targets.

SOAP   A specification for exchanging information associated with web services.

social engineering   Focuses on manipulating or compromising people into revealing confidential information.

software as a service (SaaS)   The provisioning of software as a service, commonly known as on-demand software.

software assurance   The process of providing guarantees that any acquired or developed software is fit for use and meets prescribed security requirements.

Software Development Life Cycle (SDLC)   Represents the various processes and procedures employed to develop software.

Software Requirements Traceability Matrix (SRTM)   A document, typically in the form of a table, that allows the cross-reference of requirements, implementation, and testing information.

software-defined networking   Centralizes the configuration and control of network devices by decoupling the control element of network devices from the forwarding element.

solid-state drive (SSD)   A mass storage device, such as a hard drive, that is composed of electronic memory as opposed to a physical device of spinning platters.

spam filter   A security appliance designed to remove spam at the Network layer before it enters e-mail servers.

Spam over Internet Messaging (SPIM)   Spam sent over an instant messaging channel.

spear phishing   A type of phishing that targets a specific individual as opposed to the random individuals targeted by regular phishing attacks.

Spiral   Utilizes the incremental progress and revisitation rights of Agile, but within the relative confines of the Waterfall approach.

standard   The required elements regarding the implementation of controls or procedures in support of a security policy.

standard operating environment (SOE)   An IT industry term used to describe a standard implementation of hardware and software to optimize operational efficiencies.

Start of Authority (SOA)   An SOA record in a DNS system contains information about a zone and the DNS records associated with it.

state management   A method of managing web-based connections generally through the use of cookies and session IDs.

steganography   A form of security that is designed to hide the fact that it is hiding something.

storage area network (SAN)   A dedicated network that provides access to data storage.

Structured Query Language (SQL) injection   A code injection attack that involves the insertion of malicious SQL commands to attack a database server.

Subscriber Identity Module (SIM)   An integrated circuit or hardware element that securely stores the International Mobile Subscriber Identity (IMSI) and the related key used to identify and authenticate subscribers on mobile telephones.

Supervisory Control and Data Acquisition (SCADA)   A generic term used to describe the industrial control system networks used to interconnect infrastructure elements (such as manufacturing plants, oil and gas pipelines, power generation and distribution systems, and so on) and computer systems.

symmetric key encryption   Characterized by the use of the same key for both encryption and decryption.

system on a chip (SoC)   An electronic device that combines the functions of CPUs, memory, and other hardware onto a single circuit board.

Systems Development Life Cycle (SDLC)   A process for the initiating, developing/acquiring, implementing, operating/maintaining, and disposing of systems.

tailgating   The process of unauthorized individuals tricking an authorized individual into providing access into a restricted area without their consent.

tcpdump   A command-line tool commonly used on Unix/Linux operating systems to capture network packets transferred over networks.

telecommuter   An individual who primarily works from home.

teleworker   An individual who primarily travels to locations other than the main office, such as branch offices or customer sites.

Telnet   A network protocol used to provide cleartext bidirectional communication over TCP.

Temporal Key Integrity Protocol (TKIP)   TKIP, also called Wi-Fi Protected Access (WPA), was created to replace the WEP protocol after it was discovered to be flawed.

Terminal Access Controller Access Control System (TACACS)   A remote authentication system that uses the TACACS protocol, defined in RFC 1492, and TCP or UDP port 49.

tethering   The process of sharing a wireless Internet connection with other devices via the Wi-Fi, USB, or Bluetooth protocol.

threat actor   An individual responsible for actions that lead to losses for other individuals or organizations.

threat intelligence   The methodical process of collecting information about cybersecurity threats.

threat modeling   A process of identifying and analyzing a threat’s objectives, attack vectors, requirements, and the various ways in which it might exploit the vulnerabilities of an asset.

tokenization   The process of using a nonsensitive value (token) as a substitute for the original sensitive value (credit card number).

total cost of ownership (TCO)   A financial methodology where all costs, both direct and indirect, are included in the estimate.

Transmission Control Protocol / Internet Protocol (TCP/IP)   A connection-oriented protocol for communication over IP networks.

Transport Layer Security (TLS)   The IETF standard protocol for establishing a secure connection over an IP network, built upon and replacing SSL.

Triple Digital Encryption Standard (3DES)   The use of three rounds of DES to improve security. Triple DES is now considered obsolete.

Trivial File Transfer Protocol (TFTP)   A simplified version of FTP used for low-overhead file transfers using UDP port 69.

trusted operating system   An OS we can place a certain level of trust in based on the various levels established by the Orange Book or other government requirements.

Trusted Platform Module (TPM)   A secure chip that contains a cryptoprocessor that stores keys and provides other cryptographic functions in hardware.

Tshark   A network protocol analyzer that captures network traffic from a live network or can read packets that were previously captured and saved into capture files.

Twofish   A symmetric block cipher that uses key sizes between 128 and 256 bits, with 16 rounds of processing on 128-bit blocks.

Type 1 Hypervisor   Server-based hypervisor that sits between the VMs and the hardware.

Type 2 Hypervisor   Client-based hypervisor that sits between the VMs and the host operating system.

unified communications systems   A term that describes all forms of business communication—audio, video, multimedia data, text, and messaging.

unified threat management   Network devices that incorporate the functions of multiple network and security appliances into a single appliance.

uninterruptible power supply (UPS)   A power supply with a built-in battery that provides power even in the event of loss of line power.

unit testing   Isolates every line of code in an application and performs an individual test on that code.

Universal Description Discovery and Integration (UDDI)   An OASIS-backed standard that uses XML to allow entities to register themselves and locate web services across the Internet.

universal resource locator (URL)   A specific character string used to point to a specific item across the Internet.

user acceptance testing (UAT)   The application of acceptance-testing criteria to determine fitness for use according to end-user requirements.

User Access Control (UAC)   A Microsoft Windows security methodology of having a user run in nonprivileged mode until privilege is required and then specifically asking the user to respond to the request for higher privilege. Used as a security feature to prevent shadow installs.

User Datagram Protocol (UDP)   A connectionless protocol for data transmission across an IP network.

video teleconferencing (VTC)   A business process of using video signals to carry audio and visual signals between separate locations, thus allowing participants to communicate via a virtual meeting instead of traveling to a physical location. Modern video-conferencing equipment can provide very realistic connectivity when lighting and backgrounds are controlled.

Virtual Desktop Infrastructure (VDI)   The use of servers to host virtual desktops by moving the processing to the server and using the desktop machine as merely a display terminal. VDI offers operating efficiencies as well as cost and security benefits.

virtual local area network (VLAN)   A switching methodology designed to segment a network into a series of administratively enforced segments. Although frequently used for security, VLANs are designed for traffic control, not security.

Virtual Machine (VM)   An emulation or simulation of a computer system. They permit the running of an operating system in an isolated window, which behaves like a separate instance of a computer.

Virtual Network Computing (VNC)   A platform-independent graphical desktop sharing protocol that uses the Remote Frame Buffer (RFB) protocol.

virtual private network (VPN)   A methodology of tunneling across a public open network to provide a private network service with required security attributes of confidentiality, integrity, and authentication.

virtual storage area network (vSAN)   Using the VLAN model, portions of fiber channel storage can be used to create fabrics of virtual storage areas.

virtual TPMs   Pieces of software that simulate the capabilities of a physical TPM chip in order to provide VMs with TPM-like capabilities.

virtualization   The act of creating a virtual or simulated version of real things like computers, devices, operating systems, or applications.

vishing   The process of calling people on the phone while pretending to be a trusted entity.

VM escape   Occurs when malware escapes the VM, goes through the hypervisor, and attacks the host computer.

vulnerability assessment   Employs various techniques to discover vulnerabilities in systems without exploiting them.

war dialing   Involves an individual dialing up different modem phone numbers until an open modem accepts the connection.

Waterfall   Follows a strict, sequential life-cycle approach, where each development phase must be finished before beginning the next. It does not permit revisiting previous phases until the completion of the projection.

watermarking   Embedding a branded logo, trademark, or owner details into digital content for authentication of copyright materials and also the enforcement of their legal protections.

web application firewall (WAF)   A firewall that operates at the application level, specifically designed to protect web applications by examining requests at the application stack level.

Web Services Description Language (WSDL)   An XML-based language for machine readable description of a web service’s functionality details.

whaling   A type of phishing that targets important individuals like executives, politicians, or celebrities.

Where Are You From (WAYF)   A service designed to send a user to the Identity Provider (IdP) of his home organization.

white-box testing   Simulates a malicious administrator who has complete knowledge of the network.

wildcard certificate   A specific form of certificate that is bound to multiple subordinate DNS domains simultaneously.

Wired Equivalent Privacy (WEP)   An encryption scheme designed for Wi-Fi connections. A poor design allows the key to be determined after traffic has been intercepted, thus making the level of protection weak. Replaced by the WPA and WPA2 protocols.

wireless access point (WAP)   A device that connects a wireless network to a wired network.

wireless controller   Network appliances or software solutions that enable administrators to centralize security configurations across multiple WAPs simultaneously.

wireless intrusion detection system (WIDS)   An intrusion detection system established to cover a wireless network.

wireless intrusion prevention system (WIPS)   An intrusion prevention system established to cover a wireless network.

Wi-Fi Protected Access (WPA)   A replacement security protocol for WEP on wireless networks, also known as TKIP, but one that is also flawed, thus leading to the development of WPA2, a secure wireless protocol.

XACML   See “eXtensible Access Control Markup Language.”

zero knowledge proof   The process of proving to others that you know a secret without actually sharing the secret with them.

zero-day vulnerability   Occurs when a software error or hole impacting security is discovered and exploited before a patch is developed to address the vulnerability.