Information Security Glossary of Terms


  • Access Control - Access Control ensures that resources are only granted to those users who are entitled to them.
  • Auditing - Auditing is the information gathering and analysis of assets to ensure such things as policy compliance and security from vulnerabilities
  • Authentication - Authentication is the process of confirming the correctness of the claimed identity.
  • Authenticity - Authenticity is the validity and conformance of the original informatio
  • Authorization - Authorization is the approval, permission, or empowerment for someone or something to do something.
  • Availability - Availability is the need to ensure that the business purpose of the system can be met and that it is accessible to those who need to use it
  • Basic Authentication - Basic Authentication is the simplest web-based authentication scheme that works by sending the username and password with each reques
  • Botnet - A botnet is a large number of compromised computers that are used to create and send spam or viruses or flood a network with messages as a denial of service attac
  • Business Continuity Plan (BCP) - A Business Continuity Plan is the plan for emergency response, backup operations, and post-disaster recovery steps that will ensure the availability of critical resources and facilitate the continuity of operations in an emergency situation
  • Business Impact Analysis (BIA) - A Business Impact Analysis determines what levels of impact to a system are tolerable.
  • Checksum - A value that is computed by a function that is dependent on the contents of a data object and is stored or transmitted together with the object, for the purpose of detecting changes in the dat
  • Cipher - A cryptographic algorithm for encryption and decryption.
  • Ciphertext - Ciphertext is the encrypted form of the message being sen
  • Confidentiality - Confidentiality is the need to ensure that information is disclosed only to those who are authorized to view it.
  • Configuration Management - Establish a known baseline condition and manage it.
  • Cookie - Data exchanged between an HTTP server and a browser (a client of the server) to store state information on the client side and retrieve it later for server use. An HTTP server, when sending data to a client, may send along a cookie, which the client retains after the HTTP connection closes. A server can use this mechanism to maintain persistent client-side state information for HTTP-based applications, retrieving the state information in later connections.
  • Data Aggregation - Data Aggregation is the ability to get a more complete picture of the information by analyzing several different types of records at once.
  • Data Custodian - A Data Custodian is the entity currently using or manipulating the data, and therefore, temporarily taking responsibility for the data
  • Data Steward (Owner) - A Data Owner is the entity having responsibility and authority for the dat
  • Data User - A person, organization entity, or automated process that accesses a system, whether authorized to do so or not.
  • Data Warehousing - Data Warehousing is the consolidation of several previously independent databases into one location.
  • Day Zero - The "Day Zero" or "Zero Day" is the day a new vulnerability is made known. In some cases, a "zero day" exploit is referred to an exploit for which no patch is available yet. ("day one"-> day at which the patch is made available).
  • Denial of Service - The prevention of authorized access to a system resource or the delaying of system operations and functions.
  • Dictionary Attack - An attack that tries all of the phrases or words in a dictionary, trying to crack a password or key. A dictionary attack uses a predefined list of words compared to a brute force attack that tries all possible combination
  • Disaster Recovery Plan (DRP) - A Disaster Recovery Plan is the process of recovery of IT systems in the event of a disruption or disaster.
  • Due Care - Due care ensures that a minimal level of protection is in place in accordance with the best practice in the industry.
  • Due Diligence - Due diligence is the requirement that organizations must develop and deploy a protection plan to prevent fraud, abuse, and additional deploy a means to detect them if they occu
  • Dumpster Diving - Dumpster Diving is obtaining passwords and corporate directories by searching through discarded media
  • Encryption - Cryptographic transformation of data (called "plaintext") into a form (called "cipher text") that conceals the data's original meaning to prevent it from being known or use
  • Event - An event is an observable occurrence in a system or network
  • Exposure - A threat action whereby sensitive data is directly released to an unauthorized entit
  • File Transfer Protocol (FTP) - A TCP/IP protocol specifying the transfer of text or binary files across the network.
  • Firewall - A logical or physical discontinuity in a network to prevent unauthorized access to data or resources.
  • Flooding - An attack that attempts to cause a failure in (especially, in the security of) a computer system or other data processing entity by providing more input than the entity can process properl
  • Gateway - A network point that acts as an entrance to another network
  • Hardening - Hardening is the process of identifying and fixing vulnerabilities on a system
  • HTTPS - When used in the first part of a URL (the part that precedes the colon and specifies an access scheme or protocol), this term specifies the use of HTTP enhanced by a security mechanism, which is usually referred to as SSL. Note: Commonly called SSL, standard is TLS 1.2
  • Hyperlink - In hypertext or hypermedia, an information object (such as a word, a phrase, or an image; usually highlighted by color or underscoring) that points (indicates how to connect) to related information that is located elsewhere and can be retrieved by activating the link.
  • Hypertext Markup Language (HTML) - The set of markup symbols or codes inserted in a file intended for display on a World Wide Web browser page.
  • Hypertext Transfer Protocol (HTTP) - The protocol in the Internet Protocol (IP) family used to transport hypertext documents across an internet.
  • Identity - Identity is whom someone or what something is, for example, the name by which something is known.
  • Incident - An incident as an adverse network event in an information system or network or the threat of the occurrence of such an event
  • Incident Handling - Incident Handling is an action plan for dealing with intrusions, cyber-theft, denial of service, fire, floods, and other security-related events. It is comprised of a six step process: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learne
  • Integrity - Integrity is the need to ensure that information has not been changed accidentally or deliberately, and that it is accurate and complete
  • Internet Protocol (IP) - The method or protocol by which data is sent from one computer to another on the Internet
  • Internet Protocol Security (IPsec) - A developing standard for security at the network or packet processing layer of network communication
  • Internet Standard - A specification, approved by the IESG and published as an RFC, that is stable and well-understood, is technically competent, has multiple, independent, and interoperable implementations with substantial operational experience, enjoys significant public support, and is recognizably useful in some or all parts of the Interne
  • Intrusion Detection - A security management system for computers and networks. An IDS gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions (attacks from outside the organization) and misuse (attacks from within the organization)
  • IP Address - A computer's inter-network address that is assigned for use by the Internet Protocol and other protocols. An IP version 4 address is written as a series of four 8-bit numbers separated by periods
  • IP Flood - A denial of service attack that sends a host more echo request ("ping") packets than the protocol implementation can handle.
  • IP Forwarding - IP forwarding is an Operating System option that allows a host to act as a router. A system that has more than 1 network interface card must have IP forwarding turned on in order for the system to be able to act as a router
  • IP Spoofing - The technique of supplying a false IP address.
  • Least Privilege - Least Privilege is the principle of allowing users or applications the least amount of permissions necessary to perform their intended function
  • MAC Address - A physical address; a numeric value that uniquely identifies that network device from every other device on the planet.
  • Malicious Code - Software (e.g., Trojan horse) that appears to perform a useful or desirable function, but actually gains unauthorized access to system resources or tricks a user into executing other malicious logic
  • Malware - A generic term for a number of different types of malicious code
  • NAT - Network Address Translation. It is used to share one or a small number of publicly routable IP addresses among a larger number of hosts. The hosts are assigned private IP addresses, which are then "translated" into one of the publicly routed IP addresses. Typically home or small business networks use NAT to share a single DLS or Cable modem IP address. However, in some cases NAT is used for servers as an additional layer of protection
  • National Institute of Standards and Technology (NIST) - National Institute of Standards and Technology, a unit of the US Commerce Department. Formerly known as the National Bureau of Standards, NIST promotes and maintains measurement standards. It also has active programs for encouraging and assisting industry and science to develop and use these standard
  • Netmask - 32-bit number indicating the range of IP addresses residing on a single IP network/subnet/supernet. This specification displays network masks as hexadecimal numbers. For example, the network mask for a class C IP network is displayed as 0xffffff00. Such a mask is often displayed elsewhere in the literature as 255.255.255.0
  • Network Address Translation - The translation of an Internet Protocol address used within one network to a different IP address known within another network. One network is designated the inside network and the other is the outside
  • Network Mapping - To compile an electronic inventory of the systems and the services on your networ
  • Non-Repudiation - Non-repudiation is the ability for a system to prove that a specific user and only that specific user sent a message and that it hasn't been modified
  • One-Way Encryption - Irreversible transformation of plaintext to cipher text, such that the plaintext cannot be recovered from the cipher text by other than exhaustive procedures even if the cryptographic key is known.
  • One-Way Function - A (mathematical) function, f, which is easy to compute the output based on a given input. However given only the output value it is impossible (except for a brute force attack) to figure out what the input value is.
  • Packet - A piece of a message transmitted over a packet-switching network. One of the key features of a packet is that it contains the destination address in addition to the data. In IP networks, packets are often called datagrams
  • Packet Switched Network - A packet switched network is where individual packets each follow their own paths through the network from one endpoint to another.
  • Partitions - Major divisions of the total physical hard disk spac
  • Password Authentication Protocol (PAP) - Password Authentication Protocol is a simple, weak authentication mechanism where a user enters the password and it is then sent across the network, usually in the clear.
  • Password Cracking - Password cracking is the process of attempting to guess passwords, given the password file information
  • Password Sniffing - Passive wiretapping, usually on a local area network, to gain knowledge of passwords.
  • Patch - A patch is a small update released by a software manufacturer to fix bugs in existing program
  • Patching - Patching is the process of updating software to a different version.
  • Payload - Payload is the actual application data a packet contains.
  • Penetration - Gaining unauthorized logical access to sensitive data by circumventing a system's protections.
  • Penetration Testing - Penetration testing is used to test the external perimeter security of a network or facility.
  • Permutation - Permutation keeps the same letters but changes the position within a text to scramble the message.
  • Personal Firewalls - Personal firewalls are those firewalls that are installed and run on individual PCs
  • Pharming - This is a more sophisticated form of MITM attack. A user’s session is redirected to a masquerading website. This can be achieved by corrupting a DNS server on the Internet and pointing a URL to the masquerading website’s IP. Almost all users use a URL like www.worldbank.com instead of the real IP (192.86.99.140) of the website. Changing the pointers on a DNS server, the URL can be redirected to send traffic to the IP of the pseudo website. At the pseudo website, transactions can be mimicked and information like login credentials can be gathered. With this the attacker can access the real www.worldbank.com site and conduct transactions using the credentials of a valid user on that website.
  • Phishing - The use of e-mails that appear to originate from a trusted source to trick a user into entering valid credentials at a fake website. Typically the e-mail and the web site looks like they are part of a bank the user is doing business with.
  • Ping of Death - An attack that sends an improperly large ICMP echo request packet (a "ping") with the intent of overflowing the input buffers of the destination machine and causing it to crash.
  • Ping Scan - A ping scan looks for machines that are responding to ICMP Echo Requests.
  • Ping Sweep - An attack that sends ICMP echo requests ("pings") to a range of IP addresses, with the goal of finding hosts that can be probed for vulnerabilities
  • Plaintext - Ordinary readable text before being encrypted into ciphertext or after being decrypted.
  • Port - A port is nothing more than an integer that uniquely identifies an endpoint of a communication stream. Only one process per machine can listen on the same port number.
  • Port Scan - A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services, each associated with a "well-known" port number, the computer provides. Port scanning, a favorite approach of computer cracker, gives the assailant an idea where to probe for weaknesses. Essentially, a port scan consists of sending a message to each port, one at a time. The kind of response received indicates whether the port is used and can therefore be probed for weakness.
  • Proprietary Information - Proprietary information is that information unique to a company and its ability to compete, such as customer lists, technical data, product costs, and trade secrets
  • Protocol - A formal specification for communicating; an IP address the special set of rules that end points in a telecommunication connection use when they communicate. Protocols exist at several levels in a telecommunication connection.
  • Public Key - The publicly-disclosed component of a pair of cryptographic keys used for asymmetric cryptography.
  • Public Key Encryption - The popular synonym for "asymmetric cryptography
  • Public Key Infrastructure (PKI) - A PKI (public key infrastructure) enables users of a basically unsecured public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. The public key infrastructure provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificate
  • Reconnaissance - Reconnaissance is the phase of an attack where an attackers finds new systems, maps out networks, and probes for specific, exploitable vulnerabilities.
  • Registry - The Registry in Windows operating systems in the central set of settings and information required to run the Windows computer.
  • Risk - Risk is the product of the level of threat with the level of vulnerability. It establishes the likelihood of a successful attack.
  • Risk Assessment - A Risk Assessment is the process by which risks are identified and the impact of those risks determined.
  • Risk Averse - Avoiding risk even if this leads to the loss of opportunity. For example, using a (more expensive) phone call vs. sending an e-mail in order to avoid risks associated with e-mail may be considered "Risk Averse"
  • Root - Root is the name of the administrator account in Unix systems.
  • Rootkit - A collection of tools (programs) that a hacker uses to mask intrusion and obtain administrator-level access to a computer or computer network.
  • Router - Routers interconnect logical networks by forwarding information to other networks based upon IP addresses.
  • Safety - Safety is the need to ensure that the people involved with the company, including employees, customers, and visitors, are protected from harm
  • Secure Shell (SSH) - A program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another.
  • Security Policy - A set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources.
  • Sensitive Information - Sensitive information, as defined by the federal government, is any unclassified information that, if compromised, could adversely affect the national interest or conduct of federal initiatives.
  • Separation of Duties - Separation of duties is the principle of splitting privileges among multiple individuals or systems.
  • Server - A system entity that provides a service in response to requests from other system entities called clients.
  • Session - A session is a virtual connection between two hosts by which network traffic is passed.
  • Session Hijacking - Take over a session that someone else has established.
  • Sniffer - A sniffer is a tool that monitors network traffic as it received in a network interfac
  • Sniffing - A synonym for "passive wiretapping."
  • Social Engineering - A euphemism for non-technical or low-technology means - such as lies, impersonation, tricks, bribes, blackmail, and threats - used to attack information system
  • Spam - E-mail that is unsolicited and irrelevant to University business sent out in large quantities.
  • Sub Network - A separately identifiable part of a larger network that typically represents a certain limited number of host computers, the hosts in a building or geographic area, or the hosts on an individual local area network.
  • Subnet Mask - A subnet mask (or number) is used to determine the number of bits used for the subnet and host portions of the address. The mask is a 32-bit value that uses one-bits for the network and subnet portions and zero-bits for the host portion
  • Switch - A switch is a networking device that keeps track of MAC addresses attached to each of its ports so that data is only transmitted on the ports that are the intended recipient of the data.
  • System Security Officer (SSO) - A person responsible for enforcement or administration of the security policy that applies to the system.
  • System-Specific Policy - A System-specific policy is a policy written for a specific system or device.
  • TCP/IP - A synonym for "Internet Protocol Suite;" in which the Transmission Control Protocol and the Internet Protocol are important parts. TCP/IP is the basic communication language or protocol of the Internet. It can also be used as a communications protocol in a private network (either an Intranet or an Extranet).
  • Threat - A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm.
  • Threat Assessment - A threat assessment is the identification of types of threats that an organization might be exposed to.
  • Threat Model - A threat model is used to describe a given threat and the harm it could to do a system if it has a vulnerability.
  • Threat Vector - The method a threat uses to get to the target.
  • Topology - The geometric arrangement of a computer system. Common topologies include a bus, star, and ring. The specific physical, i.e., real, or logical, i.e., virtual, arrangement of the elements of a network. Note 1: Two networks have the same topology if the connection configuration is the same, although the networks may differ in physical interconnections, distances between nodes, transmission rates, and/or signal types. Note 2: The common types of network topology are illustrated
  • Transport Layer Security (TLS) - and its predecessor, Secure Sockets Layer (SSL), both frequently referred to as "SSL", are cryptographic protocols that provide communications security over a computer network
  • Trojan Horse - A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.
  • Tunnel - A communication channel created in a computer network by encapsulating a communication protocol's data packets in (on top of) a second protocol that normally would be carried above, or at the same layer as, the first one. Most often, a tunnel is a logical point-to-point link - i.e., an OSI layer 2 connection - created by encapsulating the layer 2 protocol in a transport protocol (such as TCP), in a network or inter-network layer protocol (such as IP), or in another link layer protocol. Tunneling can move data between computers that use a protocol not supported by the network connecting them.
  • UDP Scan - UDP scans perform scans to determine which UDP ports are open.
  • Uniform Resource Locator (URL) - The global address of documents and other resources on the World Wide Web. The first part of the address indicates what protocol to use, and the second part specifies the IP address or the domain name where the resource is located. For example, http://www.pcwebopedia.com/index.html .
  • Unprotected Share - In Windows terminology, a "share" is a mechanism that allows a user to connect to file systems and printers on other systems. An "unprotected share" is one that allows anyone to connect to it.
  • User - A person, organization entity, or automated process that accesses a system, whether authorized to do so or not.
  • Virtual Private Network (VPN) - A restricted-use, logical (i.e., artificial or simulated) computer network that is constructed from the system resources of a relatively public, physical (i.e., real) network (such as the Internet), often by using encryption (located at hosts or gateways), and often by tunneling links of the virtual network across the real network. For example, if a corporation has LANs at several different sites, each connected to the Internet by a firewall, the corporation could create a VPN by (a) using encrypted tunnels to connect from firewall to firewall across the Internet and (b) not allowing any other traffic through the firewalls. A VPN is generally less expensive to build and operate than a dedicated real network, because the virtual network shares the cost of system resources with other users of the real network.
  • Virus - A hidden, self-replicating section of computer software, usually malicious logic, that propagates by infecting - i.e., inserting a copy of itself into and becoming part of - another program. A virus cannot run by itself; it requires that its host program be run to make the virus active.
  • Vulnerability – a system flaw that can leave it open to attack.
  • Vulnerability management - process surrounding vulnerability scanning, also taking into account other aspects such as risk acceptance, remediation etc. security risks.
  • Vulnerability scanning - using a computer program to identify vulnerabilities in networks, computer infrastructure or applications.
  • Web of Trust - A web of trust is the trust that naturally evolves as a user starts to trust other's signatures, and the signatures that they trust.
  • Web Server - A software process that runs on a host computer connected to the Internet to respond to HTTP requests for documents from client web browsers.
  • Wiretapping - Monitoring and recording data that is flowing between two points in a communication system.
  • World Wide Web ("the Web", WWW, W3) - The global, hypermedia-based collection of information and services that is available on Internet servers and is accessed by browsers using Hypertext Transfer Protocol and other information retrieval mechanisms.
  • Worm - A computer program that can run independently, can propagate a complete working version of itself onto other hosts on a network, and may consume computer resources destructively.
  • Zero Day - The "Day Zero" or "Zero Day" is the day a new vulnerability is made known. In some cases, a "zero day" exploit is referred to an exploit for which no patch is available yet. ("day one" - day at which the patch is made available).
  • Zero-day attack - A zero-day (or zero-hour or day zero) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others or undisclosed to the software developer. Zero-day exploits (actual code that can use a security hole to carry out an attack) are used or shared by attackers before the software developer knows about the vulnerability.

(Source sans.org and wikipedia.org)