Access control |
Processes and rules that control physical access to a facility and also access to information systems. Access control is a crucial component of Information Security, which cannot exist without specific controls placed on who can and cannot perform certain operations on a company's data.
Back to top |
Audit Log |
In case of needed system recovery, changes to data and records are stored in an audit log. Most commercial systems include a feature or set of features that enable this activity, which introduces some system overhead, but also helps hedge against failure or downtime. These also help with compliance auditing and reporting in many cases.
Back to top
|
Audit Trail |
Information that identifies activities completed by a computer system and verifies authenticity of any changes, including timestamps and information on which user(s) made and/or authorized such changes.
Back to top |
Authentication |
Process of verifying authenticity of data, a source, or a person. Authentication is a key piece of access control. |
Biometric Access Controls |
Systems which use physical characteristics (e.g. voice, fingerprints, eye/retina scan) to authenticate users.
Back to top |
Bot |
(a.k.a. Robot) Programs designed to complete automated tasks on the Internet. Typical tasks include searching/monitoring for specific content/keywords, indexing, and acting as agents/avatars. Bots can be malicious (e.g. a spam-bot) or useful (e.g. a search engine webcrawler).
Back to top |
Certification Authority |
Third-party clearing house who issues Digital Certificates and Signatures.
Back to top |
Cipher |
A way to encrypt data (generic term), or sometimes used to refer to the encrypted text itself. Encryption ciphers use a complex mathematical algorithm to "scramble" messages, and they generate a key that can be used to later decrypt that data by an authorized party.
Back to top |
Cracker |
Codeset that aims to "crack" a code, perhaps a password or other encryption method, in order to access data or systems that should otherwise be locked down.
Back to top
|
Cyber Crime |
Any criminal activity which uses digital/network-based means to achieve the intended malfeasance.
Back to top |
Cyberwar |
Using technical means to target information or information systems in a planned attack. Cyberterrorism and Cyberwar are very similar terms.
Back to top |
Data Encryption |
A method to mask or scramble data so that only the holder of the encryption key can decode that data and view/access it.
Back to top |
Decryption |
The process by which encrypted data can be decoded using the encryption key.
Back to top |
Denial of Service (DoS) Attack |
Internet attack on a website that prevents that website from delivering the expected/promised level of service or access to that digital property.
Back to top |
Digital Certificate |
A certification of authenticity and trust used online, primarily for ecommerce companies to ensure it is safe to do business directly with them.
Back to top |
DMZ (De-Militarized Zone) |
A piece of an organization's network that is kept separate in order to enable different levels of secure access to various parts of said network. For example, different DMZs may be set up for the company website, extranet, intranet, VPN, etc.
Back to top |
Hacker |
An individual who is adept at breaking (a.k.a. "hacking") into networks and computer systems. White Hat Hackers are typically security personnel who practice hacking for the purposes of identifying vulnerabilities or weaknesses in a network's security. Black Hat Hackers are focused on hacking into systems for malicious intent.
Back to top |
Information Asset |
A piece of information stored somewhere on a private network that has value to the organization owning it, and that the organization wants/needs to protect.
Back to top
|
Information Security incident |
An event that is very likely to be a breach of a company's Information Security rules, processes, or policy. Once confirmed, it is a Security Breach.
Back to top |
Information Security Policy (Security Policy) |
A document that is officially approved as company policy, which outlines the organization's stance on what is required to ensure the required level of security for the company. These documents typically include standards for behavior, data handling, IT systems, and any other topic that is needed to ensure the highest possible level of security and compliance with any regulations that the company should enforce.
Back to top |
Information Security Risk Assessment |
Effort to place value on information and technology assets, to identify any threats against those assets, to determine the likelihood that such threats will occur, and to anticipate the expected impact of such transgressions. This exercise is most frequently undertaken as a starting point for establishing an official Security Policy.
Back to top |
Lockout |
Countermeasure used to block unauthorized access to a network after an attempted or successful break in has occurred.
Back to top |
Logical Security |
Software-based security solutions that are deployed to prevent intrusions, unauthorized access, etc.
Back to top |
Malicious Code |
Any software code that is designed specifically to incite an undesireable and unexpected event on a computer or system.
Back to top |
Mirroring |
Copying a stream of data to send to a second destination for purposes of backup/failover or out-of-band monitoring. This is typically done in a switch via a SPAN or through the use of an inline Tap.
Back to top |
Pen-Testing (Penetration Testing) |
Internal process whereby security personnel test the perimeter defense of a network for potential entry points, intended to identify and plan against intrusion or unauthorized entry into a system.
Back to top |
Privilege |
Level of permission or access a user has within a given system, network, or software application.
Back to top |
Proxy Server |
Server that acts on behalf of client PCs for accessing external websites and delivering information from those websites to clients.
Back to top |
Security Administrator |
Individuals who are responsible for the day-to-day operations of the security infrastructure, and who are responsible for enforcing the established company security policy.
Back to top |
Security Breach |
A security incident that has been confirmed to be a malicious and unwanted event on a network.
Back to top |
Smurf Attack |
A very technical attack that exploits features of the IP protocol (within TCP/IP) used for communications over the internet.
Back to top |
Sniffer |
A hardware or software product that captures and analyzes data packets as they traverse the network.
Back to top |
Social Engineering |
Similar to phishing, except this technique tends to be a verbal breach of data privacy, whereby an impersonator claims to need a key piece of personal data (e.g. a password) and is able to extract that information using persuasion and lies.
Back to top |
SPAN |
Switched Port Analyzer
Back to top |
Spoofing |
Intercepting, changing, and forwarding data to the intended recipient in an effort to trick them. Also used to refer to identity hacking.
Back to top |
Stealth Bomb |
Malicious code that has been set up to look like something else. Often used as email attachments claiming to be important information.
Back to top |
Tap |
Test Access Point
Back to top |
Three Strikes |
The practice of setting up authentication systems to lock out an account after three failed attempts to login.
Back to top |
Time Bomb |
Malicious code that is scheduled to wreak some sort of unwanted havoc at a predetermined time or date in the future.
Back to top |
Virtual Private Network (VPN) |
A network that emulates a private network but is delivered via "the cloud".
Back to top |
Contact