Glossary

Item	Description
3DES	Triple Digital Encryption Standard.
3DES	In cryptography, Triple DES is the common name for the Triple Data Encryption Algorithm symmetric-key block cipher, which applies the Data Encryption Standard cipher algorithm three times to each data block.
3G	3G refers to the third generation of cellular data standards.
3G	Cell phone companies often market mobile phones as “3G devices,” but there is no single 3G standard. Rather, 3G is a broad label given to cellular technologies that support data transfer rates of 14.4 Mbps or faster.
3-Way Handshake	Machine A sends a packet with a SYN flag set to Machine B. B acknowledges A's SYN with a SYN/ACK. A acknowledges B's SYN/ACK with an ACK.
4G	4G is the fourth generation of cellular data standards. Like 3G, there is no single 4G technology. Instead, 4G an umbrella of technologies that conform to the requirements established by the International Telecommunications Union. All 4G devices must support a data transfer rate of at least 100 Mbps.
802.11b	802.11b is a Wi-Fi standard developed by the IEEE for transmitting data over a wireless network. It operates on a 2.4 GHz band and allows for wireless data transfers up to 11 Mbps.
802.11g	802.11g is a Wi-Fi standard developed by the IEEE for transmitting data over a wireless network. It operates on a 2.4 GHz bandwidth and supports data transfer rates up to 54 Mbps. 802.11g is backward compatible with 802.11b hardware, but if there are any 802.11b-based computers on the network, the entire network will have to run at 11 Mbps (the max speed that 802.11b supports). However, you can configure your 802.11g wireless router to only accept 802.11g devices, which will ensure your network runs at its top speed.
AAA	Authentication, Authorization, and Accounting.
AAC	Application Asset Controls,
AAR	Authorized Asset Repository. The approved database in which all software assets and installation data is held.
ABC	Anti-Bribary and Corruption.
ACA	Application Criticality Assessment.
ACKPIGGYBACKING	The practice of sending an ACK inside another packet going to the same destination.
ACL	Access Control List. A list of permissions attached to an object.
Access Control	Access Control ensures that resources are only granted to those users who are entitled to them.
Access Control List	ACL.
Access Control List	A list of permissions attached to an object.
Access Control Service	A security service that provides protection of system resources against unauthorized access. The two basic mechanisms for implementing this service are ACLs and tickets.
Access Matrix	An Access Matrix uses rows to represent subjects and columns to represent objects with privileges listed in each cell.
Account Harvesting	The process of collecting all the legitimate account names on a system.
Active Content	Program code embedded in the contents of a web page. When the page is accessed by a web browser, the embedded code is automatically downloaded and executed on the user's workstation. Ex. Java, ActiveX (MS).
Active Directory	AD.
Active Directory	A directory service implemented by Microsoft for Windows domain networks.
Activity Monitors	Aim to prevent virus infection by monitoring for malicious activity on a system, and blocking that activity when possible.
AD	Active Directory. A directory service implemented by Microsoft for Windows domain networks.
ADAL	Authoritive Data Access Layer.
Address Resolution Protocol	ARP.
Address Resolution Protocol	A protocol for mapping an Internet Protocol address to a physical machine address that is recognized in the local network. A table, usually called the ARP cache, is used to maintain a correlation between each MAC address and its corresponding IP address. ARP provides the protocol rules for making this correlation and providing address conversion in both directions.
ADS	Authoritive Data Source.
ADSL	Asymmetric Digital Subscriber Line (ADSL) is a technology for transmitting digital information at high bandwidth on existing phone lines to homes and businesses. Unlike regular dialup phone service, ADSL provides continuously-available, “always on” connection.
Advanced Encryption Standard	AES.
Advanced Encryption Standard	An encryption standard being developed by NIST. Intended to specify an unclassified, publicly-disclosed, symmetric encryption algorithm.
AEOD	After End-of-Day.
AES	Advanced Encryption Standard. An encryption standard being developed by NIST. Intended to specify an unclassified, publicly-disclosed, symmetric encryption algorithm.
AIRB	Advanced Internal Rating Based Approach.
A&L	Assets and Liabilities
Algorithm	A finite set of step-by-step instructions for a problem-solving or computation procedure, especially one that can be implemented by a computer.
AML	Anti money laundering (AML) is a term mainly used in the financial and legal industries to describe the legal controls that require financial institutions and other regulated entities to prevent or report money laundering activities.
AMSC	Application Management Service Centre.
aPass	Application Platform as a Service. A category of computing services that provide a platform allowing customers to develop, run, and manage applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an app. Enabled rapid application development and delivery.
Applet	An applet is any small application that performs one specific task, sometimes running within the context of a larger program, perhaps as a plug-in. The term typically also refers to Java applets, i.e., programs written in the Java programming language designed for distribution on the WWW which can be downloaded to a user workstation from an Internet server and executed via an interpreter on a Java-capable Web browser.
AQM	Active Queue Management.
ARM	Approved Reporting Mechanism.
ARP	Address Resolution Protocol. A protocol for mapping an Internet Protocol address to a physical machine address that is recognized in the local network. A table, usually called the ARP cache, is used to maintain a correlation between each MAC address and its corresponding IP address. ARP provides the protocol rules for making this correlation and providing address conversion in both directions.
ARPANET	Advanced Research Projects Agency Network. A pioneer packet-switched network that was built in the early 1970s under contract to the US Government, led to the development of today's Internet, and was decommissioned in June 1990.
ASCII	American Standard Code for Information Interchange.
ASN	Autonomous System Number.
ASN	A globally unique number assigned by a registrar for the purposes of Internet routing,
Asymmetric Cryptography	Public-key cryptography. A modern branch of cryptography in which the algorithms employ a pair of keys (a public key and a private key) and use a different component of the pair for different steps of the algorithm.
Asymmetric Warfare	Asymmetric warfare is the application of dissimilar strategies, tactics, capabilities and approaches used to circumvent or negate an opponent's strengths while exploiting his weaknesses.
Auditing	The information gathering and analysis of assets to ensure such things as policy compliance and security from vulnerabilities.
Asymmetric Digital Subscriber Line	ADSL.
Asymmetric Digital Subscriber Line	Asymmetric Digital Subscriber Line (ADSL) is a technology for transmitting digital information at high bandwidth on existing phone lines to homes and businesses. Unlike regular dialup phone service, ADSL provides continuously-available, “always on” connection.
Asynchronous Transfer Mode	Asynchronous Transfer Mode (ATM) is a broadband technology that permits large volumes of voice, image, text, or video data to be transmitted simultaneously. It is a CCITT standard combining constant bandwidth with consistent delay characteristics. I.e. the downside characteristics of packet switching are overcome.
ATM	Asynchronous Transfer Mode (ATM) is a broadband technology that permits large volumes of voice, image, text, or video data to be transmitted simultaneously. It is a CCITT standard combining constant bandwidth with consistent delay characteristics. I.e. the downside characteristics of packet switching are overcome.
ATP	Accelerated Training Program.
AUA	Assets Under Administration.
AUM	Assets Under Management.
Authentication	The process of confirming the correctness of the claimed identity.
Authorization	The approval, permission, or empowerment for someone or something to do something.
Autonomous System	One network or series of networks that are all under one administrative control. An autonomous system is also sometimes referred to as a routing domain. For the purposes of Internet routing, an autonomous system is assigned a globally unique number by a registrar, called an Autonomous System Number (ASN).
Autonomous System Number	ASN.
Autonomous System Number	A globally unique number assigned by a registrar for the purposes of Internet routing.
Availability	The need to ensure that the business purpose of the system can be met and that it is accessible to those who need to use it.
Backdoor	A backdoor is a tool installed after a compromise to give an attacker easier access to the compromised system around any security mechanisms that are in place.
Bandwidth	Commonly used to mean the capacity of a communication channel to pass data through the channel in a given amount of time. Usually expressed in bits per second.
Banner	A banner is the information that is displayed to a remote user trying to connect to a service. This may include version information, system information, or a warning about authorized use.
BAP	Business and Personal.
Basic Authentication	Basic Authentication is the simplest web-based authentication scheme that works by sending the username and password with each request.
Bastion Host	A bastion host has been hardened in anticipation of vulnerabilities that have not been discovered yet.
BAU	Business as Usual.
BBS	Bulletin Board System.
BBS	A Bulletin Board System (BBS) is a computerized meeting and announcement system that allows people to carry on discussions, upload and download files, and record observations and points of view without having to be simultaneously connected to the system at any given time.
BCM	Business Continuity Management. The management of a Business Continuity Plan (BCP).
BCP	Business Continuity Plan. A Business Continuity Plan is the plan for emergency response, backup operations, and post-disaster recovery steps that will ensure the availability of critical resources and facilitate the continuity of operations in an emergency situation.
BDC	Business Delivery and Control.
BEOD	Before End-of-Day.
Berkeley Internet Name Domain	BIND is an implementation of DNS. DNS is used for domain name to IP address resolution. BIND is also a verb used in the context of 'binding' a service or application to a specific IP, PORT, or SOCKET for network or inter-process communication.
BIOS	Basic Input Output System. The built-in software on a motherboard or main board of a computer that makes it possible for a computer to boot up. BIOS contains software that determines what the computer can do without accessing the operating system and controls the hardware peripherals and other miscellaneous functions.
BGP	Border Gateway Protocol. An inter-autonomous system routing protocol. BGP is used to exchange routing information for the Internet and is the protocol used between Internet service providers (ISP).
BIA	Business Impact Analysis.
BIA	A Business Impact Analysis determines what levels of impact to a system are tolerable.
BIND	Berkeley Internet Name Domain.
BIND	BIND is an implementation of DNS. DNS is used for domain name to IP address resolution. BIND is also a verb used in the context of 'binding' a service or application to a specific IP, PORT, or SOCKET for network or inter-process communication.
Biometrics	Biometrics use physical characteristics of the users to identify the user.
Bit	The smallest unit of information storage; a contraction of the term “binary digit;” one of two symbols “0” (zero) and “1” (one) - that are used to represent binary numbers.
Block Cipher	A block cipher encrypts one block of data at a time.
Blog	Blog is a direct means for an individual to share ideas, thoughts, opinions, and information concerning a particular topic with an audience, using the Web as the medium. It usually takes the form of a diary or Narrative (in reverse chronological order) initiated, and frequently updated, by the blogger. Its main value lies in the establishment of networks and the social capital created as a result, and usually comprises ephemeral material.
BLoR	Business List of Records. An indexed list of relevant records.
BOM	Business Only Membership.
Border Gateway Protocol	BGP.
Border Gateway Protocol	An inter-autonomous system routing protocol. BGP is used to exchange routing information for the Internet and is the protocol used between Internet service providers (ISP).
Boot Record Infector	A boot record infector is a piece of malware that inserts malicious code into the boot sector of a disk.
Bot	Also called ‘Internet bots’; refers to computers that perform tasks without human input. Increasingly used for click-fraud and other malicious purposes.
Botnet	A botnet is a large number of compromised computers that are used to create and send spam or viruses or flood a network with messages as a denial of service attack.
B&R	Books and Records.
BRD	Business Requirements Document. High-level document illustrating a requirement of the business.
Break Glass	Temporary limited access to a production environment. This is a process through which controlled time limited access to production environments is granted to a technical resource.
Bridge	A mechanism (software or hardware) which connect two communication segments. Bridges generally operate at OSI Layer 2 or 3, but may operate from the physical layer up to the application layer. Some examples of bridging technologies: serial bridge (bridge multiple RS485 bus); wireless access bridge (bridge a wireless segment and a wired segment); Ethernet software bridge (OS level network interface bridging).
BRM	Business Risk Managers.
Broadcast	To send the same message to an unknown number of destinations without addressing. Examples: ARP, Radio. See also multicast.
Broadcast Address	An address used to broadcast a datagram to all hosts on a given network using UDP or ICMP protocol.
Browser	A client computer program that can retrieve and display information from servers on the World Wide Web.
Brute Force	A crypto-analysis technique or other kind of attack method involving an exhaustive procedure that tries all possibilities, one-by-one.
BSM	Balance Sheet Management.
BSS 7799	British Standard 7799.
BSS 7799	A standard code of practice and provides guidance on how to secure an information system. It includes the management framework, objectives, and control requirements for information security management systems.
BST	British Summer Time.
Buffer Overflow	A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them.
Bullet-proof hosting	Bullet-proof hosting is a service provided by some domain hosting or web hosting firms that allow their customer considerable leniency in the kinds of material they may upload and distribute. This leniency has been taken advantage of by spammers and providers of online gambling or pornography.
Bulletin Board System	BBS
Bulletin Board System	A Bulletin Board System (BBS) is a computerized meeting and announcement system that allows people to carry on discussions, upload and download files, and record observations and points of view without having to be simultaneously connected to the system at any given time.
Business Continuity Management	BCM.
Business Continuity Management	The management of a Business Continuity Plan (BCP).
Business Continuity Plan	BCP.
Business Continuity Plan	A Business Continuity Plan is the plan for emergency response, backup operations, and post-disaster recovery steps that will ensure the availability of critical resources and facilitate the continuity of operations in an emergency situation.
Business Impact Analysis	BIA.
Business Impact Analysis	A Business Impact Analysis determines what levels of impact to a system are tolerable.
Business Intelligence	Business intelligence is now widely accepted as being concerned with information technology solutions for transforming the output from large data collections into Intelligence; usually through the integration of sales, marketing, servicing, and support operations. It covers such activities as customer relationship management, enterprise resource planning and e-commerce using data mining techniques. Those people involved in business intelligence tend to regard it as one aspect of knowledge management. Systems based on business intelligence software were formerly known as Executive information Systems.
BYOD	Bring Your Own Device.
Byte	A fundamental unit of computer storage; the smallest addressable unit in a computer's architecture. Usually holds one character of information and usually means eight bits.
CA	Certificate Authority.
CAB	Change Advisory Board.
CAC	Call Admission Control.
CAC	The inspection and control all inbound and outbound voice network activity by a voice firewall based on user-defined policies.
Cache	Pronounced cash, a special high-speed storage mechanism. It can be either a reserved section of main memory or an independent high-speed storage device. Two types of caching are commonly used in personal computers: memory caching and disk caching.
Cache Cramming	Cache Cramming is the technique of tricking a browser to run cached Java code from the local disk, instead of the internet zone, so it runs with less restrictive permissions.
Cache Poisoning	Malicious or misleading data from a remote name server is saved [cached] by another name server. Typically used with DNS cache poisoning attacks.
Call Admission Control	CAC.
Call Admission Control	The inspection and control all inbound and outbound voice network activity by a voice firewall based on user-defined policies.
CAMS	Cash Management System.
Carding	Carding is a term used for a process to verify the validity of stolen card data. The thief presents the card information on a website that has real-time transaction processing. If the card is processed successfully, the thief knows that the card is still good. The specific item purchased is immaterial, and the thief does not need to purchase an actual product; a Web site subscription or charitable donation would be sufficient. The purchase is usually for a small monetary amount, both to avoid using the card's credit limit, and also to avoid attracting the card issuer's attention. A website known to be susceptible to carding is known as a cartable website.
Cash-out	The aspect of a cybercrime operation where stolen electronic funds are finally withdrawn from the finance system in the form of hard cash, often perpetrated by the use of ‘money mules’.
CCO	Chief Controls Office.
CCO	The Chief Controls Office centralizes and increases the focus on maintaining and enhancing an effective control framework.
CDC	Client Data Controls.
CDI	Client Data Interface.
Cell	A cell is a unit of data transmitted over an ATM network. A cell is also a single physical memory location within flash memory.
CERT	Computer Emergency Response Team. An organization that studies computer and network INFOSEC in order to provide incident response services to victims of attacks, publish alerts concerning vulnerabilities and threats, and offer other information to help improve computer and network security.
Certificate-based Authentication	Certificate-Based Authentication is the use of SSL and certificates to authenticate and encrypt HTTP traffic.
CFF	Common File Format.
CGI	Common Gateway Interface. This mechanism is used by HTTP servers (web servers) to pass parameters to executable scripts in order to generate responses dynamically.
Chain of Custody	Chain of Custody is the important application of the Federal rules of evidence and its handling.
Challenge Handshake Authentication Protocol	CHAP. The Challenge-Handshake Authentication Protocol uses a challenge/response authentication mechanism where the response varies every challenge to prevent replay attacks.
CHAP	Challenge Handshake Authentication Protocol.
CHAP	The Challenge-Handshake Authentication Protocol uses a challenge/response authentication mechanism where the response varies every challenge to prevent replay attacks.
Chatroom	The name for a discussion group or chat room.
Checksum	A value that is computed by a function that is dependent on the contents of a data object and is stored or transmitted together with the object, for the purpose of detecting changes in the data.
CI	Configuration Item.
CIP	Customer Identification Program.
Cipher	A cryptographic algorithm for encryption and decryption.
Ciphertext	Ciphertext is the encrypted form of the message being sent.
Circuit Switched Network	A circuit switched network is where a single continuous physical circuit connected two endpoints where the route was immutable once set up.
CIS	Customer Identification System.
CIS	Customer Information System.
CIT	Component Integration Testing.
CL	Control Language.
Client	A system entity that requests and uses a service provided by another system entity, called a “server.” In some cases, the server may itself be a client of some other server.
CMDB	Configuration Management Database.
CMOD	Central Management On Demand.
CMR	Customer Master Record.
CMS	Change Management Standard.
COA	Change of Address.
CoB	Close of Business.
Cold Disaster Recovery Site	Hardware is ordered, shipped and installed, and software is loaded. Basic telecommunications, telephone and utility connectivity might need turning on to continue some, but not all primary site operations. Relocation occurs within weeks or longer, depending on hardware arrival time, following a disaster. No data synchronization occurs between the primary and cold site, and could result in significant data loss. Offsite data backup tapes must be obtained and delivered to the cold site to restore operations. A cold site is the least expensive option.
Collision	A collision occurs when multiple systems transmit simultaneously on the same wire.
Common Gateway Interface	CGI. This mechanism is used by HTTP servers (web servers) to pass parameters to executable scripts in order to generate responses dynamically.
Competitive Intelligence	Competitive Intelligence is espionage using legal, or at least not obviously illegal, means.
Competitor Intelligence	Competitor Intelligence is a subdivision of Business intelligence that concerns the current and proposed business activities of competitors.
Compromise	Also called a security breach, a security compromise is a term used to describe an intentional or unintentional event that has exposed confidential data to unauthorized persons. The release of the information is very likely to have an adverse effect on the organisation's profits, legal standing and/or reputation.
Computer Emergency Response Team (CERT)	An organization that studies computer and network INFOSEC in order to provide incident response services to victims of attacks, publish alerts concerning vulnerabilities and threats, and offer other information to help improve computer and network security.
Computer Network	A collection of host computers together with the sub-network or inter-network through which they can exchange data.
CON	Change of Name.
Confidentiality	Confidentiality is the need to ensure that information is disclosed only to those who are authorized to view it.
Configuration Management	Establish a known baseline condition and manage it.
COO	Chief Operating Office.
Cookie	Data exchanged between an HTTP server and a browser (a client of the server) to store state information on the client side and retrieve it later for server use. An HTTP server, when sending data to a client, may send along a cookie, which the client retains after the HTTP connection closes. A server can use this mechanism to maintain persistent client-side state information for HTTP-based applications, retrieving the state information in later connections.
Corruption	A threat action that undesirably alters system operation by adversely modifying system functions or data.
Cost Benefit Analysis	A cost benefit analysis compares the cost of implementing countermeasures with the value of the reduced risk.
Countermeasure	Reactive methods used to prevent an exploit from successfully occurring once a threat has been detected. Intrusion Prevention Systems (IPS) commonly employ countermeasures to prevent intruders form gaining further access to a computer network. Other counter measures are patches, access control lists and malware filters.
Covert Channels	Covert Channels are the means by which information can be communicated between two parties in a covert fashion using normal system operations. For example by changing the amount of hard drive space that is available on a file server can be used to communicate information.
CP	Consultation Paper.
CR	Change Record.
CR	Change Request.
CRAID	Changes, Risks, Assumptions, Issues, Dependencies.
Crawler	A crawler uses existing Internet search engines to carry out automatic search and retrieval of selected Information on behalf of a user. It may also be known as Web crawler.
CRC	Cyclic Redundancy Check.
CRC	Sometimes called “cyclic redundancy code.” A type of checksum algorithm that is not a cryptographic hash but is used to implement data integrity service where accidental changes to data are expected.
Criminal Forum	A forum, usually web based, devoted to the black market trading of stolen credit card details, stolen identity details and tools to commit computer offences.
CRON	Cron is a Unix application that runs jobs for users and administrators at scheduled times of the day.
Crossover cable	A crossover cable reverses the pairs of cables at the other end and can be used to connect devices directly together.
Cryptanalysis	The mathematical science that deals with analysis of a cryptographic system in order to gain knowledge needed to break or circumvent the protection that the system is designed to provide. In other words, convert the cipher text to plain-text without knowing the key.
Cryptographic Algorithm	Hash. An algorithm that employs the science of cryptography, including encryption algorithms, cryptographic hash algorithms, digital signature algorithms, and key agreement algorithms.
CSI	Continual Service Improvements.
CSP	Content Security Policy.
CTRP	Countries, Towns, Regions and Ports.
Cut-through	Cut-Through is a method of switching where only the header of a packet is read before it is forwarded to its destination.
Cyberspace	Cyberspace is the notional environment in which communication over computer networks occurs. The term is currently used to describe the whole range of Information resources available through such networks.
Cyclic Redundancy Check	CRC. Sometimes called “cyclic redundancy code.” A type of checksum algorithm that is not a cryptographic hash but is used to implement data integrity service where accidental changes to data are expected.
Daemon	A program which is often started at the time the system boots and runs continuously without intervention from any of the users on the system. The daemon program forwards the requests to other programs (or processes) as appropriate. The term daemon is a Unix term, though many other operating systems provide support for daemons, though they're sometimes called other names. Windows, for example, refers to daemons and System Agents and services.
Data Aggregation	Data Aggregation is the ability to get a more complete picture of the information by analyzing several different types of records at once.
Data Custodian	A Data Custodian is the entity currently using or manipulating the data, and therefore, temporarily taking responsibility for the data.
Data Encryption Standard	DES. A widely-used method of data encryption using a private (secret) key. There are 72,000,000,000,000,000 (72 quadrillion) or more possible encryption keys that can be used. For each given message, the key is chosen at random from among this enormous number of keys. Like other private key cryptographic methods, both the sender and the receiver must know and use the same private key.
Data Mining	Data Mining is a technique used to analyze existing information, usually with the intention of pursuing new avenues to pursue business.
Data Owner	A Data Owner is the entity having responsibility and authority for the data.
Data Warehouse	A central repository for all or significant parts of the data that an enterprise’s various business systems collect. IBM sometimes uses the term “information warehouse.” Typically, a data warehouse is housed on an enterprise mainframe server. Data from various online transaction processing (OLTP) applications and other sources is selectively extracted and organized on the data warehouse database use by analytical applications and user queries. Term is often extended to the middleware and query tools that allow fast, flexible access to near-operational corporate data.
Data Warehousing	Data Warehousing is the consolidation of several previously independent databases into one location.
Datagram	Request for Comment 1594 says, “a self-contained, independent entity of data carrying sufficient information to be routed from the source to the destination computer without reliance on earlier exchanges between this source and destination computer and the transporting network.” The term has been generally replaced by the term packet. Datagrams or packets are the message units that the Internet Protocol deals with and that the Internet transports. A datagram or packet needs to be self-contained without reliance on earlier exchanges because there is no connection of fixed duration between the two communicating points as there is, for example, in most voice telephone conversations. (This kind of protocol is referred to as connectionless.)
Day Zero	The “Day Zero” or “Zero Day” is the day a new vulnerability is made known. In some cases, a “zero day” exploit is referred to an exploit for which no patch is available yet. (“day one” - day at which the patch is made available).
DB	Database.
DBC	Detailed Business Case.
DCF	Data Control Framework.
DCO	Device Configuration Overlay.
DCO	A hidden part of a hard drive that is used by personal computer manufacturers to specify the configuration of a hard drive (regardless of its actual size) to present the same number of sectors to the BIOS and operating system.
DCP	Demand Change Process.
DDOS	Distributed Denial of Service.
DDOS	Distributed Denial of Service (DDOS) is an attack in which multiple systems flood the bandwidth or resources of a targeted system in an attempt to make it unavailable. DDOS attacks fall into two basic categories based on the resources they seek to exhaust: application attacks (exploitation of software vulnerabilities) and network attacks (attempting to saturate the communications lines that connect servers to the Internet).
Decapsulation	Decapsulation is the process of stripping off one layer's headers and passing the rest of the packet up to the next higher layer on the protocol stack.
Decryption	Decryption is the process of transforming an encrypted message into its original plain-text.
Deep Web	Invisible Web. That portion (estimated to be between 60 and 80 per cent) of total Web content that consists of material that is not accessible by standard Search engines. It is usually to be found embedded within secure sites, or consists of archived material. Much of the Information may, however, be accessed through a gateway or a fee-based Database service.
Defacement	Defacement is the method of modifying the content of a website in such a way that it becomes “vandalized” or embarrassing to the website owner.
Defense In-Depth	Defense In-Depth is the approach of using multiple layers of security to guard against failure of a single security component.
Demilitarized Zone	DMZ.
Demilitarized Zone	In computer security, in general a demilitarized zone (DMZ) or perimeter network is a network area (a sub-network) that sits between an organization's internal network and an external network, usually the Internet. DMZ's help to enable the layered security model in that they provide sub-network segmentation based on security requirements or policy. DMZ's provide either a transit mechanism from a secure source to an insecure destination or from an insecure source to a more secure destination. In some cases, a screened subnet which is used for servers accessible from the outside is referred to as a DMZ.
Denial of Service	The prevention of authorized access to a system resource or the delaying of system operations and functions.
DES	Data Encryption Standard).
DES	A widely-used method of data encryption using a private (secret) key. There are 72,000,000,000,000,000 (72 quadrillion) or more possible encryption keys that can be used. For each given message, the key is chosen at random from among this enormous number of keys. Like other private key cryptographic methods, both the sender and the receiver must know and use the same private key.
D&I	Diversity and Inclusion.
Dictionary Attack	An attack that tries all of the phrases or words in a dictionary, trying to crack a password or key. A dictionary attack uses a predefined list of words compared to a brute force attack that tries all possible combinations.
Diffie-Hellman	A key agreement algorithm published in 1976 by Whitfield Diffie and Martin Hellman. Diffie-Hellman does key establishment, not encryption. However, the key that it produces may be used for encryption, for further key management operations, or for any other cryptography.
Digest Authentication	Digest Authentication allows a web client to compute MD5 hashes of the password to prove it has the password.
Digital Certificate	A digital certificate is an electronic “credit card” that establishes your credentials when doing business or other transactions on the Web. It is issued by a certification authority. It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real.
Digital Envelope	A digital envelope is an encrypted message with the encrypted session key.
Digital Signature	A digital signature is a hash of a message that uniquely identifies the sender of the message and proves the message hasn't changed since transmission.
Digital Signature Algorithm	DSA.
Digital Signature Algorithm	An asymmetric cryptographic algorithm that produces a digital signature in the form of a pair of large numbers. The signature is computed using rules and parameters such that the identity of the signer and the integrity of the signed data can be verified.
Digital Signature Standard	DSS.
Digital Signature Standard	The US Government standard that specifies the Digital Signature Algorithm (DSA), which involves asymmetric cryptography.
Disassembly	The process of taking a binary program and deriving the source code from it.
Disaster Recovery Plan	DRP.
Disaster Recovery Plan	A Disaster Recovery Plan is the process of recovery of IT systems in the event of a disruption or disaster.
Discretionary Access Control	DAC.
Discretionary Access Control	Discretionary Access Control consists of something the user can manage, such as a document password.
Dispensation	Temporary exclusion from Policy or Scope.
Disruption	A circumstance or event that interrupts or prevents the correct operation of system services and functions.
Distance Vector	Distance vectors measure the cost of routes to determine the best route to all known networks.
Distributed Denial of Service	DDOS.
Distributed Denial of Service	Distributed Denial of Service (DDOS) is an attack in which multiple systems flood the bandwidth or resources of a targeted system in an attempt to make it unavailable. DDOS attacks fall into two basic categories based on the resources they seek to exhaust: application attacks (exploitation of software vulnerabilities) and network attacks (attempting to saturate the communications lines that connect servers to the Internet).
Distributed Scans	Distributed Scans are scans that use multiple source addresses to gather information.
DLL	Dynamic Link Library.
DLL	A collection of small programs, any of which can be called when needed by a larger program that is running in the computer. The small program that lets the larger program communicate with a specific device such as a printer or scanner is often packaged as a DLL program (usually referred to as a DLL file).
DLP	Data Loss Prevention.
DMS	Document Management System.
DM&W	Document Management and Workflow.
DMZ	Demilitarized Zone.
DMZ	In computer security, in general a demilitarized zone (DMZ) or perimeter network is a network area (a sub-network) that sits between an organization's internal network and an external network, usually the Internet. DMZ's help to enable the layered security model in that they provide sub-network segmentation based on security requirements or policy. DMZ's provide either a transit mechanism from a secure source to an insecure destination or from an insecure source to a more secure destination. In some cases, a screened subnet which is used for servers accessible from the outside is referred to as a DMZ.
DNS	Domain Name System.
DNS	The domain name system (DNS) is the way that Internet domain names are located and translated into Internet Protocol addresses. A domain name is a meaningful and easy-to-remember “handle” for an Internet address.
Domain	A sphere of knowledge, or a collection of facts about some program entities or a number of network points or addresses, identified by a name. On the Internet, a domain consists of a set of network addresses. In the Internet's domain name system, a domain is a name with which name server records are associated that describe sub-domains or host. In Windows NT and Windows 2000, a domain is a set of network resources (applications, printers, and so forth) for a group of users. The user need only to log in to the domain to gain access to the resources, which may be located on a number of different servers in the network.
Domain Hijacking	Domain hijacking is an attack by which an attacker takes over a domain by first blocking access to the domain's DNS server and then putting his own server up in its place.
Domain Name	A domain name locates an organization or other entity on the Internet. For example, the domain name “www.sans.org” locates an Internet address for “sans.org” at Internet point 199.0.0.2 and a particular host server named “www”. The “org” part of the domain name reflects the purpose of the organization or entity (in this example, “organization”) and is called the top-level domain name. The “sans” part of the domain name defines the organization or entity and together with the top-level is called the second-level domain name.
Domain Name System	DNS.
Domain Name System	The domain name system (DNS) is the way that Internet domain names are located and translated into Internet Protocol addresses. A domain name is a meaningful and easy-to-remember “handle” for an Internet address.
Download	To download is to retrieve Information from the Internet.
DP	Discussion Paper.
DPIA	Data Protection Input Assessment.
DR	Disaster Recovery. Arrangement that, in the event of a crises, are sufficient to allow the organization to determine its position, manage its risk and close the impacted areas of the business in an orderly manner, ensuring that all legal, regulatory and contractual obligations are met.
Drop Site	Malware that steals data will upload the information to a Drop Site for later retrieval.
DSA	Digital Signature Algorithm.
DSA	An asymmetric cryptographic algorithm that produces a digital signature in the form of a pair of large numbers. The signature is computed using rules and parameters such that the identity of the signer and the integrity of the signed data can be verified.
DSS	Digital Signature Standard.
DSS	The US Government standard that specifies the Digital Signature Algorithm (DSA), which involves asymmetric cryptography.
DTU	Data Transfer Utility.
Due Care	Due care ensures that a minimal level of protection is in place in accordance with the best practice in the industry.
Due Diligence	Due diligence is the requirement that organizations must develop and deploy a protection plan to prevent fraud, abuse, and additionally deploy a means to detect them if they occur.
Dump	Generally used to mean the data from a database, in reference to online fraud the term usually refers to debit or credit card’s dumps, which were skimmed or hacked and may include credit card track data, PINs and CCV numbers.
DumpSec	DumpSec is a security tool that dumps a variety of information about a system's users, file system, registry, permissions, password policy, and services.
Dumpster Diving	Dumpster Diving is obtaining passwords and corporate directories by searching through discarded media.
DWB	Dispensation, Waivers and Breaches.
DX	Developer Experience.
Dynamic Link Library	DLL.
Dynamic Link Library	A collection of small programs, any of which can be called when needed by a larger program that is running in the computer. The small program that lets the larger program communicate with a specific device such as a printer or scanner is often packaged as a DLL program (usually referred to as a DLL file).
Dynamic Routing Protocol	Allows network devices to learn routes. Ex. RIP, EIGRP Dynamic routing occurs when routers talk to adjacent routers, informing each other of what networks each router is currently connected to. The routers must communicate using a routing protocol, of which there are many to choose from. The process on the router that is running the routing protocol, communicating with its neighbour routers, is usually called a routing daemon. The routing daemon updates the kernel's routing table with information it receives from neighbour routers.
E2E	End-to-End. The entire process.
EAD	Exposure at Default.
EAP	Extensible Authentication Protocol.
EAP	A framework that supports multiple, optional authentication mechanisms for PPP, including clear-text passwords, challenge-response, and arbitrary dialog sequences.
Eavesdropping	Eavesdropping is simply listening to a private conversation which may reveal information which can provide access to a facility or network.
e-Commerce	Electronic Commerce, also known as e-Commerce, covers a range of activities under which businesses and their customers can carry out transactions electronically between computer systems. This greatly reduces costs and improves efficiency.
Echo Reply	An echo reply is the response a machine that has received an echo request sends over ICMP.
Echo Request	An echo request is an ICMP message sent to a machine to determine if it is online and how long traffic takes to get to it.
EDS	European Data Store.
EFT	Electronic Funds Transfer is the transfer of cash or credit from one account to another using computers and telecommunications.
Egress Filtering	Filtering outbound traffic.
EGP
EGP	A protocol which distributes routing information to the routers which connect autonomous systems.
EGW	Engagement Gateway.
EIN	Employee Identification Number.
Electronic Commerce	Electronic Commerce, also known as e-Commerce, covers a range of activities under which businesses and their customers can carry out transactions electronically between computer systems. This greatly reduces costs and improves efficiency.
Electronic Funds Transfer	Electronic Funds Transfer (EFT) is the transfer of cash or credit from one account to another using computers and telecommunications.
Emanations Analysis	Gaining direct knowledge of communicated data by monitoring and resolving a signal that is emitted by a system and that contains the data but is not intended to communicate the data.
Encapsulation	The inclusion of one data structure within another structure so that the first data structure is hidden for the time being.
Encryption	Cryptographic transformation of data (called “plain-text”) into a form (called “cipher text”) that conceals the data's original meaning to prevent it from being known or used.
EOD	End-of-Day.
Ephemeral Port	Also called a transient port or a temporary port. Usually is on the client side. It is set up when a client application wants to connect to a server and is destroyed when the client application terminates. It has a number chosen at random that is greater than 1023.
Escrow Passwords	Escrow Passwords are passwords that are written down and stored in a secure location (like a safe) that are used by emergency personnel when privileged personnel are unavailable.
Espionage	Espionage is the use of illegal means (spying) to collect Information, more particularly secret or unpublished information.
Ethernet	The most widely-installed LAN technology. Specified in a standard, IEEE 802.3, an Ethernet LAN typically uses coaxial cable or special grades of twisted pair wires. Devices are connected to the cable and compete for access using a CSMA/CD protocol.
ETL	Extract, Transform, Load.
EUDA	End User Developed Application.
Event	An event is an observable occurrence in a system or network.
EXCO	Executive Committee, Executive Council.
Exploit	A sequence of actions or a program that enables an individual to take advantage of, or exploit, a vulnerability or security weakness in a program or system.
Exponential Backoff Algorithm	An exponential backoff algorithm is used to adjust TCP timeout values on the fly so that network devices don't continue to timeout sending data over saturated links.
Exposure	A threat action whereby sensitive data is directly released to an unauthorized entity.
Extended ACLS	Cisco. Extended ACLs are a more powerful form of Standard ACLs on Cisco routers. They can make filtering decisions based on IP addresses (source or destination), Ports (source or destination), protocols, and whether a session is established.
Extensible Authentication Protocol	EAP.
Extensible Authentication Protocol	A framework that supports multiple, optional authentication mechanisms for PPP, including clear-text passwords, challenge-response, and arbitrary dialog sequences.
Exterior Gateway Protocol	EGP.
Exterior Gateway Protocol	A protocol which distributes routing information to the routers which connect autonomous systems.
Extranet	Extranet is that portion of an organization’s Intranet that is accessible by selected individuals (for example, collaborators, suppliers, partners, major customers).
False Rejects	False Rejects are when an authentication system fails to recognize a valid user.
Fast File System	The first major revision to the Unix file system, providing faster read access and faster (delayed, asynchronous) write access through a disk cache and better file system layout on disk. It uses inodes (pointers) and data blocks.
Fast Flux	Protection method used by botnets consisting of a continuous and fast change of the DNS records for a domain name through different IP addresses.
FAT	Functional Acceptance Testing.
FAT	See FCT.
Fault Line Attacks	Fault Line Attacks use weaknesses between interfaces of systems to exploit gaps in coverage.
FCT	Functional Confidence Testing.
FCT	Functional testing covers Unit Testing, Smoke Testing, Sanity Testing, Intergration Testing (Top Down, Bottom Up), Interface and Useability Testing, System Testing, Regression Testing, Per User Acceptance Testing (Alpha and Beta), User Acceptance Testing, White Box and Black Box Testing, Globalization and Location Testing.
File Transfer Protocol	FTP. A TCP/IP protocol specifying the transfer of text or binary files across the network.
Filter A filter is used to specify which packets will or will not be used. It can be used in sniffers to determine which packets get displayed, or by firewalls to determine which packets get blocked.
Filtering Router	An inter-network router that selectively prevents the passage of data packets according to a security policy. A filtering router may be used as a firewall or part of a firewall. A router usually receives a packet from a network and decides where to forward it on a second network. A filtering router does the same, but first decides whether the packet should be forwarded at all, according to some security policy. The policy is implemented by rules (packet filters) loaded into the router.
Finger	A protocol to lookup user information on a given host. A Unix program that takes an e-mail address as input and returns information about the user who owns that e-mail address. On some systems, finger only reports whether the user is currently logged on. Other systems return additional information, such as the user's full name, address, and telephone number. Of course, the user must first enter this information into the system. Many e-mail programs now have a finger utility built into them.
Fingerprinting	Sending strange packets to a system in order to gauge how it responds to determine the operating system.
Firewall	A logical or physical discontinuity in a network to prevent unauthorized access to data or resources.
Flooding	An attack that attempts to cause a failure in (especially, in the security of) a computer system or other data processing entity by providing more input than the entity can process properly.
Forest	A forest is a set of Active Directory domains that replicate their databases with each other.
Fork Bomb	A Fork Bomb works by using the fork() call to create a new process which is a copy of the original. By doing this repeatedly, all available processes on the machine can be taken up.
Form-based Authentication	Form-Based Authentication uses forms on a webpage to ask a user to input username and password information.
Forward Lookup	Forward lookup uses an Internet domain name to find an IP address.
Forward Proxy	Forward Proxies are designed to be the server through which all requests are made.
FQDN	Fully Qualified Domain Name. The name of the physical host including the domain name; and where necessary the name of the DNS alias or availability group listener the application uses to connect.
Fragment Offset	The fragment offset field tells the sender where a particular fragment falls in relation to other fragments in the original larger packet.
Fragment Overlap Attack	A TCP/IP Fragmentation Attack that is possible because IP allows packets to be broken down into fragments for more efficient transport across various media. The TCP packet (and its header) are carried in the IP packet. In this attack the second fragment contains incorrect offset. When packet is reconstructed, the port number will be overwritten.
Fragmentation	The process of storing a data file in several “chunks” or fragments rather than in a single contiguous sequence of bits in one place on the storage medium.
Frames	Data that is transmitted between network points as a unit complete with addressing and necessary protocol control information. A frame is usually transmitted serial bit by bit and contains a header field and a trailer field that “frame” the data. (Some control frames contain no data.)
FTP	File Transfer Protocol).
FTP	A TCP/IP protocol specifying the transfer of text or binary files across the network.
Full Duplex	A type of duplex communications channel which carries data in both directions at once. Refers to the transmission of data in two directions simultaneously. Communications in which both sender and receiver can send at the same time.
Fully-Qualified Domain Name	A Fully-Qualified Domain Name is a server name with a hostname followed by the full domain name.
Fuzzing	The use of special regression testing tools to generate out-of-spec input for an application in order to find security vulnerabilities. Also see “regression testing”.
Gateway	A network point that acts as an entrance to another network.
GETHOSTBYADDR	The gethostbyaddr DNS query is when the address of a machine is known and the name is needed.
GETHOSTBYNAME	The gethostbyname DNS quest is when the name of a machine is known and the address is needed.
GIS	Global Information Security.
GNU	GNU is a Unix-like operating system that comes with source code that can be copied, modified, and redistributed. The GNU project was started in 1983 by Richard Stallman and others, who formed the Free Software Foundation.
GNUTELLA	An Internet file sharing utility. Gnutella acts as a server for sharing files while simultaneously acting as a client that searches for and downloads files from other users.
GTIS	Global Technology Infrastructure Group.
GW	Gateway.
Hactivist	An activist who uses illegal or legally ambiguous digital tools or methods in pursuit of political ends; methods employed include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins and virtual sabotage.
HAM	Hardware Asset Management.
Hardening	Hardening is the process of identifying and fixing vulnerabilities on a system.
Hash Function	An algorithm that computes a value based on a data object thereby mapping the data object to a smaller data object.
Hash Functions	(cryptographic) hash functions are used to generate a one way “check sum” for a larger text, which is not trivially reversed. The result of this hash function can be used to validate if a larger file has been altered, without having to compare the larger files to each other. Frequently used hash functions are MD5 and SHA1.
Header	A header is the extra information in a packet that is needed for the protocol stack to process the packet.
Hijack Attack	A form of active wiretapping in which the attacker seizes control of a previously established communication association.
Honey Client	See Honeymonkey.
Honey Pot	Programs that simulate one or more network services that you designate on your computer's ports. An attacker assumes you're running vulnerable services that can be used to break into the machine. A honey pot can be used to log access attempts to those ports including the attacker's keystrokes. This could give you advanced warning of a more concerted attack.
Honeymonkey	Automated system simulating a user browsing websites. The system is typically configured to detect web sites which exploit vulnerabilities in the browser. Also known as Honey Client.
Hops	A hop is each exchange with a gateway a packet takes on its way to the destination.
Host	Any computer that has full two-way access to other computers on the Internet. Or a computer with a web server that serves the pages for one or more Web sites.
Host-based ID	Host-based intrusion detection systems use information from the operating system audit records to watch all operations occurring on the host that the intrusion detection software has been installed upon. These operations are then compared with a pre-defined security policy. This analysis of the audit trail imposes potentially significant overhead requirements on the system because of the increased amount of processing power which must be utilized by the intrusion detection system. Depending on the size of the audit trail and the processing ability of the system, the review of audit data could result in the loss of a real-time analysis capability.
Host-Based Intrusion Detection	Host-based intrusion detection systems use information from the operating system audit records to watch all operations occurring on the host that the intrusion detection software has been installed upon. These operations are then compared with a pre-defined security policy. This analysis of the audit trail imposes potentially significant overhead requirements on the system because of the increased amount of processing power which must be utilised by the intrusion detection system. Depending on the size of the audit trail and the processing ability of the system the review of audit data could result in the loss of a real-time analysis capability.
Hot Disaster Recovery Site	It contains fully redundant hardware and software, with telecommunications, telephone and utility connectivity to continue all primary site operations. Failover occurs within minutes or hours, following a disaster. Daily data synchronization usually occurs between the primary and hot site, resulting in minimum or no data loss. Offsite data backup tapes might be obtained and delivered to the hot site to help restore operations. Backup tapes should be regularly tested to detect data corruption, malicious code and environmental damage. A hot site is the most expensive option.
Hot Fix	A hot fix is a single, cumulative package that includes one or more files that are used to address a problem in a software product (i.e. a software bug). Typically, hot fixes are made to address a specific customer situation and are not rolled out across the organisation. In Barclays context, these are typically immediate fixes to Live/Production environment arising due to High Severity incident. Since a hot fix package might contain several encompassed bug fixes, it is recommended that it is thoroughly regression tested in order to avoid injection of bugs in existing system functionality.
HPA	Host Protected Area. Sometimes called the Hidden Protected Area is a section of a hard drive that is hidden or not normally visible to the operating system, and is often used by software or personal computer manufactorers for system recovery and the backup of system configuration data.
HTML	Hypertext Markup Language. The set of markup symbols or codes inserted in a file intended for display on a World Wide Web browser page.
HTTP	Hypertext Transfer Protocol. The protocol in the Internet Protocol (IP) family used to transport hypertext documents across an internet.
HTTP Proxy	An HTTP Proxy is a server that acts as a middleman in the communication between HTTP clients and servers.
HTTPS	When used in the first part of a URL (the part that precedes the colon and specifies an access scheme or protocol), this term specifies the use of HTTP enhanced by a security mechanism, which is usually SSL.
HUB	A hub is a network device that operates by repeating data that it receives on one port to all the other ports. As a result, data transmitted by one host is retransmitted to all other hosts on the hub.
Humint	Humint is an abbreviation for Human Intelligence; that gathered by people directly from people, rather than from published sources. It may be conducted face-to-face, by means of telephone or online (email, chat rooms, intranets, and so on).
Hybrid Attack	A Hybrid Attack builds on the dictionary attack method by adding numerals and symbols to dictionary words.
Hybrid Encryption	An application of cryptography that combines two or more encryption algorithms, particularly a combination of symmetric and asymmetric encryption.
Hyperlink	In hypertext or hypermedia, an information object (such as a word, a phrase, or an image; usually highlighted by color or underscoring) that points (indicates how to connect) to related information that is located elsewhere and can be retrieved by activating the link.
Hypertext Markup Language	HTML. The set of markup symbols or codes inserted in a file intended for display on a World Wide Web browser page.
Hypertext Transfer Protocol	HTTP. The protocol in the Internet Protocol (IP) family used to transport hypertext documents across an internet.
ICMP	Internet Control Message Protocol.
ICMP	An Internet Standard protocol that is used to report error conditions during IP datagram processing and to exchange other information concerning the state of the IP network.
Identity	Identity is whom someone or what something is, for example, the name by which something is known.
IETF	Internet Engineering Task Force.
IETF	The body that defines standard Internet operating protocols such as TCP/IP. The IETF is supervised by the Internet Society Internet Architecture Board (IAB). IETF members are drawn from the Internet Society's individual and organization membership.
IMAP	Internet Message Access Protocol.
IMAP	A protocol that defines how a client should fetch mail from and return mail to a mail server. IMAP is intended as a replacement for or extension to the Post Office Protocol (POP). It is defined in RFC 1203 (v3) and RFC 2060 (v4).
Incident	An incident as an adverse network event in an information system or network or the threat of the occurrence of such an event.
Incident Handling	Incident Handling is an action plan for dealing with intrusions, cyber-theft, denial of service, fire, floods, and other security-related events. It is comprised of a six step process: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned.
Incremental Backups	Incremental backups only backup the files that have been modified since the last backup. If dump levels are used, incremental backups only backup files changed since last backup of a lower dump level.
Industrial Espionage	Espionage is the use of illegal means (spying) to collect Information, more particularly secret or unpublished information.
INETD	Inetd (or Internet Daemon) is an application that controls smaller internet services like telnet, ftp, and POP.
Inference Attack	Inference Attacks rely on the user to make logical connections between seemingly unrelated pieces of information.
Information Warfare	Information Warfare is the competition between offensive and defensive players over information resources.
Ingress Filtering	Ingress Filtering is filtering inbound traffic.
Input Validations Attack	Input Validations Attacks are where an attacker intentionally sends unusual input in the hopes of confusing an application.
Integrity	Integrity is the need to ensure that information has not been changed accidentally or deliberately, and that it is accurate and complete.
Integrity Star Property	In Integrity Star Property a user cannot read data of a lower integrity level then their own.
Intellectual Property	Intellectual Property refers to the definition and recording of a novel device, product, process or technique so that it may be bought, sold or legally protected. The main forms of protection take the form of Copyright, licenses, patents, registered designs, trademarks and trade secrets.
Intelligence	Intelligence is high-level, processed, exploitable Information.
International Organization for Standardization (ISO)	A voluntary, non-treaty, non-government organization, established in 1947, with voting members that are designated standards bodies of participating nations and non-voting observer organizations.
International Telecommunications Union	ITU-T.
International Telecommunications Union	Telecommunication Standardization Sector (formerly “CCITT”), a United Nations treaty organization that is composed mainly of postal, telephone, and telegraph authorities of the member countries and that publishes standards called “Recommendations.”
Internet	A term to describe connecting multiple separate networks together.
Internet Control Message Protocol	ICMP.
Internet Control Message Protocol	An Internet Standard protocol that is used to report error conditions during IP datagram processing and to exchange other information concerning the state of the IP network.
Internet Engineering Task Force	IETF.
Internet Engineering Task Force	The body that defines standard Internet operating protocols such as TCP/IP. The IETF is supervised by the Internet Society Internet Architecture Board (IAB). IETF members are drawn from the Internet Society's individual and organization membership.
Internet Message Access Protocol	IMAP.
Internet Message Access Protocol	A protocol that defines how a client should fetch mail from and return mail to a mail server. IMAP is intended as a replacement for or extension to the Post Office Protocol (POP). It is defined in RFC 1203 (v3) and RFC 2060 (v4).
Internet Protocol	IP.
Internet Protocol	The method or protocol by which data is sent from one computer to another on the Internet.
Internet Protocol Security	IPSEC.
Internet Protocol Security	A developing standard for security at the network or packet processing layer of network communication.
Internet Relay Chat	IRC.
Internet Relay Chat	Internet Relay Chat (IRC) is a huge, multi-user live chat facility. Private channels may be created for multi-person Conference calls.
Internet Service Provider	ISP.
Internet Service Provider	An Internet Service Provider (ISP) is a company selling access to the Internet.
Internet Standard	A specification, approved by the IESG and published as an RFC, that is stable and well-understood, is technically competent, has multiple, independent, and interoperable implementations with substantial operational experience, enjoys significant public support, and is recognizably useful in some or all parts of the Internet.
Interrupt	An Interrupt is a signal that informs the OS that something has occurred.
Intranet	A computer network, especially one based on Internet technology, that an organization uses for its own internal, and usually private, purposes and that is closed to outsiders.
Intrusion Detection	A security management system for computers and networks. An IDS gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions (attacks from outside the organization) and misuse (attacks from within the organization).
Invisible Web	Invisible Web is that portion (estimated to be between 60 and 80 per cent) of total Web content that consists of material that is not accessible by standard Search engines. It is usually to be found embedded within secure sites, or consists of archived material. Much of the Information may, however, be accessed through a gateway or a fee-based Database service.
IP	Internet Protocol).
IP	The method or protocol by which data is sent from one computer to another on the Internet.
IP Address	A computer's inter-network address that is assigned for use by the Internet Protocol and other protocols. An IP version 4 address is written as a series of four 8-bit numbers separated by periods.
IP Flood	A denial of service attack that sends a host more echo request (“ping”) packets than the protocol implementation can handle.
IP Forwarding	IP forwarding is an Operating System option that allows a host to act as a router. A system that has more than 1 network interface card must have IP forwarding turned on in order for the system to be able to act as a router.
IPSEC	Internet Protocol Security).
IPSEC	A developing standard for security at the network or packet processing layer of network communication.
IP Spoofing	The technique of supplying a false IP address.
IRC	Internet Relay Chat (IRC) is a huge, multi-user live chat facility. Private channels may be created for multi-person Conference calls.
IRM	Information Risk Management.
ISO	International Organization for Standardization).
ISO	A voluntary, non-treaty, non-government organization, established in 1947, with voting members that are designated standards bodies of participating nations and non-voting observer organizations.
ISP	Internet Service Provider).
ISP	An Internet Service Provider (ISP) is a company selling access to the Internet.
Issue-specific Policy	An Issue-Specific Policy is intended to address specific needs within an organization, such as a password policy.
ITU-T	International Telecommunications Union).
ITU-T	Telecommunication Standardization Sector (formerly “CCITT”), a United Nations treaty organization that is composed mainly of postal, telephone, and telegraph authorities of the member countries and that publishes standards called “Recommendations.”
Jitter	Jitter or Noise is the modification of fields in a database while preserving the aggregate characteristics of that make the database useful in the first place.
Jump Bag	A Jump Bag is a container that has all the items necessary to respond to an incident inside to help mitigate the effects of delayed reactions.
Kerberos	A system developed at the Massachusetts Institute of Technology that depends on passwords and symmetric cryptography (DES) to implement ticket-based, peer entity authentication service and access control service distributed in a client-server network environment.
Kernel	The essential centre of a computer operating system, the core that provides basic services for all other parts of the operating system. A synonym is nucleus. A kernel can be contrasted with a shell, the outermost part of an operating system that interacts with user commands. Kernel and shell are terms used more frequently in Unix and some other operating systems than in IBM mainframe systems.
KYC	Know Your Customer.
L2F	Layer 2 Forwarding Protocol).
L2F	An Internet protocol (originally developed by Cisco Corporation) that uses tunnelling of PPP over IP to create a virtual extension of a dial-up link across a network, initiated by the dial-up server and transparent to the dial-up user.
L2FP	Layer 2 Tunneling Protocol).
L2FP	An extension of the Point-to-Point Tunneling Protocol used by an Internet service provider to enable the operation of a virtual private network over the Internet.
Lattice Techniques	Lattice Techniques use security designations to determine access to information.
Layer 2 Forwarding Protocol	L2F. An Internet protocol (originally developed by Cisco Corporation) that uses tunneling of PPP over IP to create a virtual extension of a dial-up link across a network, initiated by the dial-up server and transparent to the dial-up user.
Layer 2 Tunneling Protocol	L2FP. An extension of the Point-to-Point Tunneling Protocol used by an Internet service provider to enable the operation of a virtual private network over the Internet.
Least Privilege	Least Privilege is the principle of allowing users or applications the least amount of permissions necessary to perform their intended function.
Legion	Software to detect unprotected shares.
Lightweight Directory Access Protocol	LDAP. A software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate Intranet.
Link State	With link state, routes maintain information about all routers and router-to-router links within a geographic area, and creates a table of best routes with that information.
List-based Access Control	List Based Access Control associates a list of users and their privileges with each object.
LKM	Loadable Kernel Modules.
LKM	Loadable Kernel Modules allow for the adding of additional functionality directly into the kernel while the system is running.
Loadable Kernel Modules	LKM. Loadable Kernel Modules allow for the adding of additional functionality directly into the kernel while the system is running.
Log Clipping	Log clipping is the selective removal of log entries from a system log to hide a compromise.
Logic Bombs	Logic bombs are programs or snippets of code that execute when a certain predefined event occurs. Logic bombs may also be set to go off on a certain date or when a specified set of circumstances occurs.
Logic Gate	A logic gate is an elementary building block of a digital circuit. Most logic gates have two inputs and one output. As digital circuits can only understand binary, inputs and outputs can assume only one of two states, 0 or 1.
Loopback Address	The loopback address (127.0.0.1) is a pseudo IP address that always refer back to the local host and are never sent out onto a network.
LTR	Large Transaction Report.
MAC	Mandatory Access Control).
MAC	Mandatory Access Control controls is where the system controls access to resources based on classification levels assigned to both the objects and the users. These controls cannot be changed by anyone.
MAC Address	A physical address; a numeric value that uniquely identifies that network device from every other device on the planet.
Malicious Code	Software (e.g., Trojan horse) that appears to perform a useful or desirable function, but actually gains unauthorized access to system resources or tricks a user into executing other malicious logic.
Malware	A generic term for a number of different types of malicious code.
Mandatory Access Control	MAC. Mandatory Access Control controls is where the system controls access to resources based on classification levels assigned to both the objects and the users. These controls cannot be changed by anyone.
Man in the Middle Attack	MITM.
Man in the Middle Attack	In cryptography, the man-in-the-middle attack (often abbreviated MITM) attack, is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.
Masquerade Attack	A type of attack in which one system entity illegitimately poses as (assumes the identity of) another entity.
MD5	A one way cryptographic hash function. Also see “hash functions” and “sha1”.
Measures of Effectiveness	MOE.
Measures of Effectiveness	Measures of Effectiveness is a probability model based on engineering concepts that allows one to approximate the impact a give action will have on an environment. In Information warfare it is the ability to attack or defend within an Internet environment.
MFT	Managed File Transfer.
MI	Management Information.
MITM Attack	Man in the Middle.
MITM Attack	In cryptography, the man-in-the-middle attack (often abbreviated MITM) attack, is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.
MOE	Measures of Effectiveness).
MOE	Measures of Effectiveness is a probability model based on engineering concepts that allows one to approximate the impact a give action will have on an environment. In Information warfare it is the ability to attack or defend within an Internet environment.
Monoculture	Monoculture is the case where a large number of users run the same software, and are vulnerable to the same attacks.
Morris Worm	A worm program written by Robert T. Morris, Jr. that flooded the ARPANET in November, 1988, causing problems for thousands of hosts.
MoSCoW	Must, Should, Could, Would.
Mule	Also known as a money mule, a mule is an individual who transfers stolen money or merchandise either in person, through a courier service or electronically to help obscure a scammer’s identity and/or location. Mules often are, or at least claim to be, unaware that the money or merchandise they are transferring is stolen.
Multi-Cast	Broadcasting from one host to a given set of hosts.
Multi-Homed	You are “multi-homed” if your network is directly connected to two or more ISP's.
Multiplexing	To combine multiple signals from possibly disparate sources, in order to transmit them over a single path.
NAT	Network Address Translation).
NAT	It is used to share one or a small number of publicly routable IP addresses among a larger number of hosts. The hosts are assigned private IP addresses, which are then “translated” into one of the publicly routed IP addresses. Typically home or small business networks use NAT to share a single DLS or Cable modem IP address. However, in some cases NAT is used for servers as an additional layer of protection.
National Institute of Standards and Technology	NIST. National Institute of Standards and Technology, a unit of the US Commerce Department. Formerly known as the National Bureau of Standards, NIST promotes and maintains measurement standards. It also has active programs for encouraging and assisting industry and science to develop and use these standards.
Natural Disaster	Any “act of God” (e.g., fire, flood, earthquake, lightning, or wind) that disables a system component.
Netmask	32-bit number indicating the range of IP addresses residing on a single IP network/subnet/supernet. This specification displays network masks as hexadecimal numbers. For example, the network mask for a class C IP network is displayed as 0xffffff00. Such a mask is often displayed elsewhere in the literature as 255.255.255.0.
Network Address Translation	NAT. The translation of an Internet Protocol address used within one network to a different IP address known within another network. One network is designated the inside network and the other is the outside.
Network-based IDS	A network-based IDS system monitors the traffic on its network segment as a data source. This is generally accomplished by placing the network interface card in promiscuous mode to capture all network traffic that crosses its network segment. Network traffic on other segments, and traffic on other means of communication (like phone lines) can't be monitored. Network-based IDS involves looking at the packets on the network as they pass by some sensor. The sensor can only see the packets that happen to be carried on the network segment it's attached to. Packets are considered to be of interest if they match a signature.Network-based intrusion detection passively monitors network activity for indications of attacks. Network monitoring offers several advantages over traditional host-based intrusion detection systems. Because many intrusions occur over networks at some point, and because networks are increasingly becoming the targets of attack, these techniques are an excellent method of detecting many attacks which may be missed by host-based intrusion detection mechanisms.
Network Mapping	To compile an electronic inventory of the systems and the services on your network.
Network Taps	Network taps are hardware devices that hook directly onto the network cable and send a copy of the traffic that passes through it to one or more other networked devices.
Newsgroup	Newsgroup is the name for a discussion group or chat room.
Nginx	Nginx Web Server. Nginx is a secure, fast and efficient web server.
Node	Node is any single device connected to a Network.
Non FCT	Non Functional Testing. Testing the application against client and performance requirements; including Load and Performance Testing, Ergonomics Testing, Stress and Volume Testing, Compatibility and Migration Testing, Data Conversion Testing, Security and Penetration Testing, Operational Readiness Testing, Installation Testing, Security Testing (Application Security, Network Security, System Security).
Non-printable character	A character that doesn't have a corresponding character letter to its corresponding ASCII code. Examples would be the Linefeed, which is ASCII character code 10 decimal, the Carriage Return, which is 13 decimal, or the bell sound, which is decimal 7. On a PC, you can often add non-printable characters by holding down the Alt key, and typing in the decimal value (i.e., Alt-007 gets you a bell). There are other character encoding schemes, but ASCII is the most prevalent.
Non-repudiation	Non-repudiation is the ability for a system to prove that a specific user and only that specific user sent a message and that it hasn't been modified.
Null Session	Known as Anonymous Logon, it is a way of letting an anonymous user retrieve information such as user names and shares over the network or connect without authentication. It is used by applications such as explorer.exe to enumerate shares on remote servers.
OAT	Operational Acceptance Testing. An assessment of the risk that the released solution will not meet the target availbility levels in the production environment. Areas to consider should include Deployment, Back out or Rollback, Failover and Resilience, Disaster Recovery, Backup and Restore, Alerting and Monitoring, Security, Batch Scheduling.
Octet	A sequence of eight bits. An octet is an eight-bit byte.
One-way Encryption	Irreversible transformation of plain-text to cipher text, such that the plain-text cannot be recovered from the cipher text by other than exhaustive procedures even if the cryptographic key is known.
One-way Function	A (mathematical) function, f, which is easy to compute the output based on a given input. However given only the output value it is impossible (except for a brute force attack) to figure out what the input value is.
Open Shortest Path First	(OSPF) Open Shortest Path First is a link state routing algorithm used in interior gateway routing. Routers maintain a database of all routers in the autonomous system with links between the routers, link costs, and link states (up and down).
Open Source Information	Open source information is unclassified published information. It includes non-proprietary Grey literature as well as information published electronically (on the Internet, for example).
Open Systems Interconnection	OSI is a standard description or “reference model” for how messages should be transmitted between any two points in a telecommunication network. Its purpose is to guide product implementers so that their products will consistently work with other products. The reference model defines seven layers of functions that take place at each end of a communication. Although OSI is not always strictly adhered to in terms of keeping related functions together in a well-defined layer, many if not most products involved in telecommunication make an attempt to describe themselves in relation to the OSI model. It is also valuable as a single reference view of communication that furnishes everyone a common ground for education and discussion.
OR	Operational Risk.
ORF	Operational Risk Framework.
ORIA	Operational Risk Impact Assessment. Consider Control Issues, Risk pain points, Clear risk alignment, Audit trails.
OSI	Open Systems Interconnection.
OSI	OSI is a standard description or “reference model” for how messages should be transmitted between any two points in a telecommunication network. Its purpose is to guide product implementers so that their products will consistently work with other products. The reference model defines seven layers of functions that take place at each end of a communication. Although OSI is not always strictly adhered to in terms of keeping related functions together in a well-defined layer, many if not most products involved in telecommunication make an attempt to describe themselves in relation to the OSI model. It is also valuable as a single reference view of communication that furnishes everyone a common ground for education and discussion.
OSI Layers	The main idea in OSI is that the process of communication between two end points in a telecommunication network can be divided into layers, with each layer adding its own set of special, related functions. Each communicating user or program is at a computer equipped with these seven layers of function. So, in a given message between users, there will be a flow of data through each layer at one end down through the layers in that computer and, at the other end, when the message arrives, another flow of data up through the layers in the receiving computer and ultimately to the end user or program. The actual programming and hardware that furnishes these seven layers of function is usually a combination of the computer operating system, applications (such as your Web browser), TCP/IP or alternative transport and network protocols, and the software and hardware that enable you to put a signal on one of the lines attached to your computer. OSI divides telecommunication into seven layers. The layers are in two groups. The upper four layers are used whenever a message passes from or to a user. The lower three layers (up to the network layer) are used when any message passes through the host computer or router. Messages intended for this computer pass to the upper layers. Messages destined for some other host are not passed up to the upper layers but are forwarded to another host. The seven layers are: Layer 7: The application layer…This is the layer at which communication partners are identified, quality of service is identified, user authentication and privacy are considered, and any constraints on data syntax are identified. (This layer is not the application itself, although some applications may perform application layer functions.) Layer 6: The presentation layer…This is a layer, usually part of an operating system, that converts incoming and outgoing data from one presentation format to another (for example, from a text stream into a popup window with the newly arrived text). Sometimes called the syntax layer. Layer 5: The session layer…This layer sets up, coordinates, and terminates conversations, exchanges, and dialogs between the applications at each end. It deals with session and connection coordination. Layer 4: The transport layer…This layer manages the end-to-end control (for example, determining whether all packets have arrived) and error-checking. It ensures complete data transfer. Layer 3: The network layer…This layer handles the routing of the data (sending it in the right direction to the right destination on outgoing transmissions and receiving incoming transmissions at the packet level). The network layer does routing and forwarding. Layer 2: The data-link layer…This layer provides synchronization for the physical level and does bit-stuffing for strings of 1's in excess of 5. It furnishes transmission protocol knowledge and management. Layer 1: The physical layer…This layer conveys the bit stream through the network at the electrical and mechanical level. It provides the hardware means of sending and receiving data on a carrier.
OSPF	Open Shortest Path First is a link state routing algorithm used in interior gateway routing. Routers maintain a database of all routers in the autonomous system with links between the routers, link costs, and link states (up and down).
Overload	Hindrance of system operation by placing excess burden on the performance capabilities of a system component.
Packet	A piece of a message transmitted over a packet-switching network. One of the key features of a packet is that it contains the destination address in addition to the data. In IP networks, packets are often called datagrams.
Packet Switched Network	A packet switched network is where individual packets each follow their own paths through the network from one endpoint to another.
PAN	Primary Account Number.
Partitions	Major divisions of the total physical hard disk space.
Password Authentication Protocol	PAP. Password Authentication Protocol is a simple, weak authentication mechanism where a user enters the password and it is then sent across the network, usually in the clear.
Password Cracking	Password cracking is the process of attempting to guess passwords, given the password file information.
Password Sniffing	Passive wiretapping, usually on a local area network, to gain knowledge of passwords.
PATS	Per Application Test Strategy.
Patch	A patch is a small update released by a software manufacturer to fix bugs in existing programs.
Patching	Patching is the process of updating software to a different version.
Payload	Payload is the actual application data a packet contains.
Penetration	Gaining unauthorized logical access to sensitive data by circumventing a system's protections.
Penetration Testing	Penetration testing is used to test the external perimeter security of a network or facility.
PERL	Practical Extraction and Reporting Language).
PERL	A script programming language that is similar in syntax to the C language and that includes a number of popular Unix facilities such as sed, awk, and tr.
Permutation	Permutation keeps the same letters but changes the position within a text to scramble the message.
Personal Firewalls	Personal firewalls are those firewalls that are installed and run on individual PCs.
PFS	Public Key Forward Secrecy.
PFS	For a key agreement protocol based on asymmetric cryptography, the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised if one of the private keys is compromised in the future.
Pharming	This is a more sophisticated form of MITM attack. A user's session is redirected to a masquerading website. This can be achieved by corrupting a DNS server on the Internet and pointing a URL to the masquerading website's IP. Almost all users use a URL like www.worldbank.com instead of the real IP (192.86.99.140) of the website. Changing the pointers on a DNS server, the URL can be redirected to send traffic to the IP of the pseudo website. At the pseudo website, transactions can be mimicked and information like login credentials can be gathered. With this the attacker can access the real www.worldbank.com site and conduct transactions using the credentials of a valid user on that website.
Phishing	The use of e-mails that appear to originate from a trusted source to trick a user into entering valid credentials at a fake website. Typically the e-mail and the web site looks like they are part of a bank the user is doing business with.
PII	Personal Identifiable Information.
Ping of Death	An attack that sends an improperly large ICMP echo request packet (a “ping”) with the intent of overflowing the input buffers of the destination machine and causing it to crash.
Ping Scan	A ping scan looks for machines that are responding to ICMP Echo Requests.
Ping Sweep	An attack that sends ICMP echo requests (“pings”) to a range of IP addresses, with the goal of finding hosts that can be probed for vulnerabilities.
PIR	Post Incident Review.
PGP	Pretty Good Privacy).
PGP	Trademark of Network Associates, Inc., referring to a computer program (and related protocols) that uses cryptography to provide data security for electronic mail and other applications on the Internet.
PKI	A PKI (public key infrastructure) enables users of a basically unsecured public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. The public key infrastructure provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates.
Plaintext	Ordinary readable text before being encrypted into ciphertext or after being decrypted.
PMI	Potential Major Incident.
PoC	Proof of Concept).
PoC	A proof of concept is realisation of a certain method or idea to demonstrate its feasibility, or a demonstration in principle, whose purpose is to verify that some concept or theory is probably capable of being useful. A proof-of-concept may or may not be complete, and is usually small and incomplete. In computer security the term is often used as a synonym for a zero-day exploit which, mainly for its early creation, does not take full advantage over some vulnerability.
POC	Point of Contact.
Point-to-Point	PPP.
Point-to-Point	A protocol for communication between two computers using a serial interface, typically a personal computer connected by phone line to a server. It packages your computer's TCP/IP packets and forwards them to the server where they can actually be put on the Internet.
Point-to-Point Tunneling Protocol	PPTP. A protocol (set of communication rules) that allows corporations to extend their own corporate network through private “tunnels” over the public Internet.
Poison Reverse	Split horizon with poisoned reverse (more simply, poison reverse) does include such routes in updates, but sets their metrics to infinity. In effect, advertising the fact that there routes are not reachable.
Polyinstantiation	Polyinstantiation is the ability of a database to maintain multiple records with the same key. It is used to prevent inference attacks.
Polymorphism	Polymorphism is the process by which malicious software changes its underlying code to avoid detection.
POP3	Post Office Protocol Version 3).
POP3	An Internet Standard protocol by which a client workstation can dynamically access a mailbox on a server host to retrieve mail messages that the server has received and is holding for the client.
Port	A port is nothing more than an integer that uniquely identifies an endpoint of a communication stream. Only one process per machine can listen on the same port number.
Port Scan	A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services, each associated with a “well-known” port number, the computer provides. Port scanning, a favorite approach of computer cracker, gives the assailant an idea where to probe for weaknesses. Essentially, a port scan consists of sending a message to each port, one at a time. The kind of response received indicates whether the port is used and can therefore be probed for weakness.
Possession	Possession is the holding, control, and ability to use information.
Post Office Protocol Version 3	POP3.
Post Office Protocol Version 3	An Internet Standard protocol by which a client workstation can dynamically access a mailbox on a server host to retrieve mail messages that the server has received and is holding for the client.
PPP	(Point-to-Point).
PPP	A protocol for communication between two computers using a serial interface, typically a personal computer connected by phone line to a server. It packages your computer's TCP/IP packets and forwards them to the server where they can actually be put on the Internet.
PR	Problem Record.
Practical Extraction and Reporting Language (PERL)	A script programming language that is similar in syntax to the C language and that includes a number of popular Unix facilities such as sed, awk, and tr.
Preamble	A preamble is a signal used in network communications to synchronize the transmission timing between two or more systems. Proper timing ensures that all systems are interpreting the start of the information transfer correctly. A preamble defines a specific series of transmission pulses that is understood by communicating systems to mean “someone is about to transmit data”. This ensures that systems receiving the information correctly interpret when the data transmission starts. The actual pulses used as a preamble vary depending on the network communication technology in use.
Pretty Good Privacy	PGP.
Pretty Good Privacy	Trademark of Network Associates, Inc., referring to a computer program (and related protocols) that uses cryptography to provide data security for electronic mail and other applications on the Internet.
Private Addressing	IANA has set aside three address ranges for use by private or non-Internet connected networks. This is referred to as Private Address Space and is defined in RFC 1918. The reserved address blocks are: 10.0.0.0 to 10.255.255.255 (10/8 prefix) 172.16.0.0 to 172.31.255.255 (172.16/12 prefix) 192.168.0.0 to 192.168.255.255 (192.168/16 prefix).
Program Infector	A program infector is a piece of malware that attaches itself to existing program files.
Program Policy	A program policy is a high-level policy that sets the overall tone of an organization's security approach.
Promiscuous Mode	When a machine reads all packets off the network, regardless of who they are addressed to. This is used by network administrators to diagnose network problems, but also by unsavory characters who are trying to eavesdrop on network traffic (which might contain passwords or other information).
Proof of Concept	PoC.
Proof of Concept	A proof of concept is realization of a certain method or idea to demonstrate its feasibility, or a demonstration in principle, whose purpose is to verify that some concept or theory is probably capable of being useful. A proof-of-concept may or may not be complete, and is usually small and incomplete. In computer security the term is often used as a synonym for a zero-day exploit which, mainly for its early creation, does not take full advantage over some vulnerability.
Proprietary Information	Proprietary information is that information unique to a company and its ability to compete, such as customer lists, technical data, product costs, and trade secrets.
Protocol	A formal specification for communicating; an IP address the special set of rules that end points in a telecommunication connection use when they communicate. Protocols exist at several levels in a telecommunication connection.
Protocol Stacks	OSI. A set of network protocol layers that work together.
Proxy Server	A server that acts as an intermediary between a workstation user and the Internet so that the enterprise can ensure security, administrative control, and caching service. A proxy server is associated with or part of a gateway server that separates the enterprise network from the outside network and a firewall server that protects the enterprise network from outside intrusion.
PT	Performance Testing.
Public Key	The publicly-disclosed component of a pair of cryptographic keys used for asymmetric cryptography.
Public Key Encryption	The popular synonym for “asymmetric cryptography”.
Public Key Infrastructure	PKI.
Public Key Infrastructure	A PKI (public key infrastructure) enables users of a basically unsecured public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. The public key infrastructure provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates.
Public Key Forward Secrecy	PFS.
Public Key Forward Secrecy	For a key agreement protocol based on asymmetric cryptography, the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised if one of the private keys is compromised in the future.
PWR	Product Work Request.
QAZ	A network worm.
Race Condition	A race condition exploits the small window of time between a security control being applied and when the service is used.
Radiation Monitoring	Radiation monitoring is the process of receiving images, data, or audio from an unprotected source by listening to radiation signals.
RAID	Redundant Array of Independent Disks.
RapidShare	RapidShare is one of the world’s largest file-hosting sites; upon uploading, the user is supplied with a unique download URL which enables anyone with whom the uploader shares the URL to download the file. No user is allowed to search the server for content.
RC	Root Cause.
Reconnaissance	Reconnaissance is the phase of an attack where an attackers finds new systems, maps out networks, and probes for specific, exploitable vulnerabilities.
RED	Random Early Detection.
Reflexive ACLS	CISCO. Reflexive ACLs for Cisco routers are a step towards making the router act like a stateful firewall. The router will make filtering decisions based on whether connections are a part of established traffic or not.
Registry	The Registry in Windows operating systems in the central set of settings and information required to run the Windows computer.
Regression Analysis	The use of scripted tests which are used to test software for all possible input is should expect. Typically developers will create a set of regression tests that are executed before a new version of a software is released. Also see “fuzzing”.
Regression Testing	The use of scripted tests which are used to test software for all possible input it should expect. Typically developers will create a set of regression tests that are executed before a new version of software is released.
Request for Comment	RFC.
Request for Comment	A series of notes about the Internet, started in 1969 (when the Internet was the ARPANET). An Internet Document can be submitted to the IETF by anyone, but the IETF decides if the document becomes an RFC. Eventually, if it gains enough interest, it may evolve into an Internet standard.
Resource Exhaustion	Resource exhaustion attacks involve tying up finite resources on a system, making them unavailable to others.
Response	A response is information sent that is responding to some stimulus.
Reverse Address Resolution Protocol	RARP.
Reverse Address Resolution Protocol	RARP (Reverse Address Resolution Protocol) is a protocol by which a physical machine in a local area network can request to learn its IP address from a gateway server's Address Resolution Protocol table or cache. A network administrator creates a table in a local area network's gateway router that maps the physical machine (or Media Access Control - MAC address) addresses to corresponding Internet Protocol addresses. When a new machine is set up, its RARP client program requests from the RARP server on the router to be sent its IP address. Assuming that an entry has been set up in the router table, the RARP server will return the IP address to the machine which can store it for future use.
Reverse Engineering	Acquiring sensitive data by disassembling and analyzing the design of a system component.
Reverse Lookup	Find out the hostname that corresponds to a particular IP address. Reverse lookup uses an IP (Internet Protocol) address to find a domain name.
Reverse Proxy	Reverse proxies take public HTTP requests and pass them to back-end webservers to send the content to it, so the proxy can then send the content to the end-user.
RFI	Request for Information.
RHEL	Redhat Enterprise Linux.
Risk	Risk is the product of the level of threat with the level of vulnerability. It establishes the likelihood of a successful attack.
Risk Assessment	A Risk Assessment is the process by which risks are identified and the impact of those risks determined.
Risk Averse	Avoiding risk even if this leads to the loss of opportunity. For example, using a (more expensive) phone call vs. sending an e-mail in order to avoid risks associated with e-mail may be considered “Risk Averse”.
Rivest-Shamir-Adleman	RSA.
Rivest-Shamir-Adleman	An algorithm for asymmetric cryptography, invented in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman.
Role Based Access Control (RBAC)	Role based access control assigns users to roles based on their organizational functions and determines authorization based on those roles.
ROM	Rough Order of Magnitude.
Root	Root is the name of the administrator account in Unix systems.
Rootkit	A collection of tools (programs) that a hacker uses to mask intrusion and obtain administrator-level access to a computer or computer network.
Router	Routers interconnect logical networks by forwarding information to other networks based upon IP addresses.
Routing Information Protocol	RIP.
Routing Information Protocol	Routing Information Protocol is a distance vector protocol used for interior gateway routing which uses hop count as the sole metric of a path's cost.
Routing Loop	A routing loop is where two or more poorly configured routers repeatedly exchange the same packet over and over.
RPA	Robotics Process Automation.
RPC Scans	RPC scans determine which RPC services are running on a machine.
RSS	Really Simple Syndication.
RSS	RSS is a family of web feed formats used to publish frequently updated works such as blog entries, news headlines, audio, and video in a standardised format. An RSS document (which is called a “feed”, “web feed” or “channel”) includes full or summarized text, plus metadata such as publishing dates and authorship. Web feeds benefit publishers by letting them syndicate content automatically. They benefit readers who want to subscribe to timely updates from favored websites or to aggregate feeds from many sites into one place.
RTM	Requirements Traceability Matrix. To link each requirement from a BRD to a function, Display the owner of the function, Provide the section of the FSD where each function is described, Make clear any requirements that are out-of-scope for the FSD, Ensure all requirements can be traced from the BRD through to the FSD, Display the MoSCoW qualifier for each requirement in the BRD, Enable all FSD owners to discuss and agree as to where solutions should reside and what they should look like.
RTQ	Risk Tolerance Questionnaire.
Rule Set Based Access Control	RSBAC.
Rule Set Based Access Control	Rule Set Based Access Control targets actions based on rules for entities operating on objects.
S/KEY	A security mechanism that uses a cryptographic hash function to generate a sequence of 64-bit, one-time passwords for remote user login. The client generates a one-time password by applying the MD4 cryptographic hash function multiple times to the user's secret key. For each successive authentication of the user, the number of hash applications is reduced by one.
Safety	Safety is the need to ensure that the people involved with the company, including employees, customers, and visitors, are protected from harm.
Salt	In cryptography, a salt consists of random bits that are used as one of the inputs to a one-way function. The other input is usually a password or passphrase. The output of the one-way function can be stored rather than the password, and still be used to authenticate users. The one-way function typically uses a cryptographic hash function. A salt can also be combined with a password by a key derivation function such as PBKDF2 to generate a key for use with a cipher or other cryptographic algorithm.
SAM	Software Asset Management.
SAN	Storage Area Network.
SBI	Standard Batch Interface.
Scareware	Scareware is scam software sold to consumers using social engineering to cause shock, anxiety or the perception of a threat. A tactic frequently used by criminals involves convincing users that a virus has infected their computer and suggesting that they purchase and download fake antivirus software to remove it. Usually the virus infection is entirely fictional and the software is non-functional or malware itself.
Scavenging	Searching through data residue in a system to gain unauthorized knowledge of sensitive data.
Secure Electronic Transactions	SET.
Secure Electronic Transactions	Secure Electronic Transactions is a protocol developed for credit card transactions in which all parties (customers, merchant, and bank) are authenticated using digital signatures, encryption protects the message and provides integrity, and provides end-to-end security for credit card transactions online.
Secure Shell	SSH.
Secure Shell	A program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another.
Secure Sockets Layer	SSL.
Secure Sockets Layer	A protocol developed by Netscape for transmitting private documents via the Internet. SSL works by using a public key to encrypt data that's transferred over the SSL connection.
Security Policy	A set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources.
Segment	Segment is another name for TCP packets.
Sensitive Information	Sensitive information, as defined by the federal government, is any unclassified information that, if compromised, could adversely affect the national interest or conduct of federal initiatives.
Separation of Duties	Separation of duties is the principle of splitting privileges among multiple individuals or systems.
Server	A system entity that provides a service in response to requests from other system entities called clients.
Session	A session is a virtual connection between two hosts by which network traffic is passed.
Session Hijacking	Take over a session that someone else has established.
Session Key	In the context of symmetric encryption, a key that is temporary or is used for a relatively short period of time. Usually, a session key is used for a defined period of communication between two computers, such as for the duration of a single connection or transaction set, or the key is used in an application that protects relatively large amounts of data and, therefore, needs to be re-keyed frequently.
SET	Secure Electronic Transactions).
SET	Secure Electronic Transactions is a protocol developed for credit card transactions in which all parties (customers, merchant, and bank) are authenticated using digital signatures, encryption protects the message and provides integrity, and provides end-to-end security for credit card transactions online.
SFTP	Secure File Transfer Protocol.
SHA1	A one way cryptographic hash function. Also see “MD5”.
Shadow Password Files	A system file in which encryption user password are stored so that they aren't available to people who try to break into the system.
Share	A share is a resource made public on a machine, such as a directory (file share) or printer (printer share).
Shell	A Unix term for the interactive user interface with an operating system. The shell is the layer of programming that understands and executes the commands a user enters. In some systems, the shell is called a command interpreter. A shell usually implies an interface with a command syntax (think of the DOS operating system and its “C:>” prompts and user commands such as “dir” and “edit”).
Signals Analysis	Gaining indirect knowledge of communicated data by monitoring and analyzing a signal that is emitted by a system and that contains the data but is not intended to communicate the data.
Signature	A Signature is a distinct pattern in network traffic that can be identified to a specific tool or exploit.
Simple Integrity Property	In Simple Integrity Property a user cannot write data to a higher integrity level than their own.
Simple Network Management Protocol	SNMP.
Simple Network Management Protocol	The protocol governing network management and the monitoring of network devices and their functions. A set of protocols for managing complex networks.
Simple Security Property	In Simple Security Property a user cannot read data of a higher classification than their own.
SIT	System Integration Testing. Testing of all the systems as a whole.
Skimming	Skimming is the theft of credit card information using an electronic device called a skimmer to read and store credit card numbers. Skimmers can be fitted to ATMs and these types of devices are often used in conjunction with a pinhole camera or keyboard overlay to capture the user’s PIN at the same time. Skimming can also be carried out by dishonest staff in scenarios where the victim’s card is out of view for long enough for the card to be passed through a small skimmer. The thief may also use a small keypad to unobtrusively transcribe the 3 or 4 digit Card Security Code which is not present on the magnetic strip.
SLA	Service Level Agreement.
Smartcard	A smartcard is an electronic badge that includes a magnetic strip or chip that can record and replay a set key.
SME	Subject Matter Expert.
Smurf	The Smurf attack works by spoofing the target address and sending a ping to the broadcast address for a remote network, which results in a large amount of ping replies being sent to the target.
Sniffer	A sniffer is a tool that monitors network traffic as it received in a network interface.
Sniffing	A synonym for “passive wiretapping.
SNMP	Simple Network Management Protocol.
SNMP	The protocol governing network management and the monitoring of network devices and their functions. A set of protocols for managing complex networks.
Social Engineering	A euphemism for non-technical or low-technology means - such as lies, impersonation, tricks, bribes, blackmail, and threats - used to attack information systems.
Socket	The socket tells a host's IP stack where to plug in a data stream so that it connects to the right application.
Socket Pair	A way to uniquely specify a connection, i.e., source IP address, source port, destination IP address, destination port.
Socks	A protocol that a proxy server can use to accept requests from client users in a company's network so that it can forward them across the Internet. SOCKS uses sockets to represent and keep track of individual connections. The client side of SOCKS is built into certain Web browsers and the server side can be added to a proxy server.
SOD	Start-of-Day.
Software	Computer programs (which are stored in and executed by computer hardware) and associated data (which also is stored in the hardware) that may be dynamically written or modified during execution.
SOM	Supplier Operating Model.
Source Port	The port that a host uses to connect to a server. It is usually a number greater than or equal to 1024. It is randomly generated and is different each time a connection is made.
Spam	Electronic junk mail or junk newsgroup postings.
Spanning Port	Configures the switch to behave like a hub for a specific port.
Spear-phishing	Spear-phishing is a targeted form of phishing that focuses on a single user or department within an organisation, often addressed from someone within the company in a position of trust such as the human resources or technical support divisions. The email may request information such as login credentials or ask recipients to click on a link, which deploys malware to their system. The term whaling has been coined for attacks directed specifically at senior executives and other high profile targets within businesses.
Split Horizon	Split horizon is a algorithm for avoiding problems caused by including routes in updates sent to the gateway from which they were learned.
Split Key	A cryptographic key that is divided into two or more separate data items that individually convey no knowledge of the whole key that results from combining the items.
Spoof	Attempt by an unauthorized entity to gain access to a system by posing as an authorized user.
Spyware	Spyware is any software application that is generally installed without the knowledge or consent of the user, to obtain, use, or interfere with personal information or resources, content, or setting, for malicious or undesirable purposes.
SQL	Structured Query Language.
SQLInjection	SQL injection is a type of input validation attack specific to database-driven applications where SQL code is inserted into application queries to manipulate the database.
SSH
SSH	A program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another.
SSL	Secure Sockets Layer.
SSL	A protocol developed by Netscape for transmitting private documents via the Internet. SSL works by using a public key to encrypt data that's transferred over the SSL connection.
SSO	Single Sign On.
SSO	System Security Officer.
:::A person responsible for enforcement or administration of the security policy that applies to the system.
ST
Stack Mashing	Stack mashing is the technique of using a buffer overflow to trick a computer into executing arbitrary code.
Standard ACLS	CISCO. Standard ACLs on Cisco routers make packet filtering decisions based on Source IP address only.
Star Property	In Star Property, a user cannot write data to a lower classification level without logging in at that lower classification level.
State Machine	A system that moves through a series of progressive conditions.
Stateful Inspection	Also referred to as dynamic packet filtering. Stateful inspection is a firewall architecture that works at the network layer. Unlike static packet filtering, which examines a packet based on the information in its header, stateful inspection examines not just the header information but also the contents of the packet up through the application layer in order to determine more about the packet than just information about its source and destination.
Static Host Tables	Static host tables are text files that contain hostname and address mapping.
Static Routing	Static routing means that routing table entries contain information that does not change.
Stealthing	Stealthing is a term that refers to approaches used by malicious code to conceal its presence on the infected system.
Steganalysis	Steganalysis is the process of detecting and defeating the use of steganography.
Steganography	Methods of hiding the existence of a message or other data. This is different than cryptography, which hides the meaning of a message but does not hide the message itself. An example of a steganographic method is “invisible” ink.
Stimulus	Stimulus is network traffic that initiates a connection or solicits a response.
Store-and-Forward	Store-and-Forward is a method of switching where the entire packet is read by a switch to determine if it is intact before forwarding it.
STP	Straight Through Processing.
Straight-through-Cable	A straight-through cable is where the pins on one side of the connector are wired to the same pins on the other end. It is used for interconnecting nodes on the network.
Stream Cipher	A stream cipher works by encryption a message a single bit, byte, or computer word at a time.
Strong Star Property	In Strong Star Property, a user cannot write data to higher or lower classifications levels than their own.
Sub Network	A separately identifiable part of a larger network that typically represents a certain limited number of host computers, the hosts in a building or geographic area, or the hosts on an individual local area network.
Subnet Mask	A subnet mask (or number) is used to determine the number of bits used for the subnet and host portions of the address. The mask is a 32-bit value that uses one-bits for the network and subnet portions and zero-bits for the host portion.
Switch	A switch is a networking device that keeps track of MAC addresses attached to each of its ports so that data is only transmitted on the ports that are the intended recipient of the data.
Switched Network	A communications network, such as the public switched telephone network, in which any user may be connected to any other user through the use of message, circuit, or packet switching and control devices. Any network providing switched communications service.
Symbolic Links	Special files which point at another file.
Symmetric Cryptography	A branch of cryptography involving algorithms that use the same key for two different steps of the algorithm (such as encryption and decryption, or signature creation and signature verification). Symmetric cryptography is sometimes called “secret-key cryptography” (versus public-key cryptography) because the entities that share the key.
Symmetric Key	A cryptographic key that is used in a symmetric cryptographic algorithm.
SYN Flood	A denial of service attack that sends a host more TCP SYN packets (request to synchronize sequence numbers, used when opening a connection) than the protocol implementation can handle.
Synchronization	Synchronization is the signal made up of a distinctive pattern of bits that network hardware looks for to signal that start of a frame.
Syslog	Syslog is the system logging facility for Unix systems.
System Security Officer (SSO)	A person responsible for enforcement or administration of the security policy that applies to the system.
System-specific Policy	A System-specific policy is a policy written for a specific system or device.
T1, T3	A digital circuit using TDM (Time-Division Multiplexing).
Tamper	To deliberately alter a system's logic, data, or control information to cause the system to perform unauthorized functions or services.
TBC	To be confirmed.
TCP	Transmission Control Protocol.
TCP	A set of rules (protocol) used along with the Internet Protocol to send data in the form of message units between computers over the Internet. While IP takes care of handling the actual delivery of the data, TCP takes care of keeping track of the individual units of data (called packets) that a message is divided into for efficient routing through the Internet. Whereas the IP protocol deals only with packets, TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and also guarantees that packets will be delivered in the same order in which they were sent.
TCP Fingerprinting	TCP fingerprinting is the user of odd packet header combinations to determine a remote operating system.
TCP Full Open Scan	TCP Full Open scans check each port by performing a full three-way handshake on each port to determine if it was open.
TCP Half Open Scan	TCP Half Open scans work by performing the first half of a three-way handshake to determine if a port is open.
TCP Wrapper	A software package which can be used to restrict access to certain network services based on the source of the connection; a simple tool to monitor and control incoming network traffic.
TCP/IP	A synonym for “Internet Protocol Suite;” in which the Transmission Control Protocol and the Internet Protocol are important parts. TCP/IP is the basic communication language or protocol of the Internet. It can also be used as a communications protocol in a private network (either an Intranet or an Extranet).
TCPDump	TCPDump is a freeware protocol analyzer for Unix that can monitor network traffic on a wire.
Technical Vulnerability Assessment (TVA)	A Technical Vulnerability Assessment is a key component of an organization’s Risk Assessment and Risk Management programs.
Telnet	A TCP-based, application-layer, Internet Standard protocol for remote login from one host to another.
Threat	A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm.
Threat Assessment	A threat assessment is the identification of types of threats that an organization might be exposed to.
Threat Model	A threat model is used to describe a given threat and the harm it could to do a system if it has a vulnerability.
Threat Vector	The method a threat uses to get to the target.
Time to Live	A value in an Internet Protocol packet that tells a network router whether or not the packet has been in the network too long and should be discarded.
Tiny Fragment Attack	With many IP implementations it is possible to impose an unusually small fragment size on outgoing packets. If the fragment size is made small enough to force some of a TCP packet's TCP header fields into the second fragment, filter rules that specify patterns for those fields will not match. If the filtering implementation does not enforce a minimum fragment size, a disallowed packet might be passed because it didn't hit a match in the filter. STD 5, RFC 791 states: Every Internet module must be able to forward a datagram of 68 octets without further fragmentation. This is because an Internet header may be up to 60 octets, and the minimum fragment is 8 octets.
TLS	Transport Layer Security.
TLS	A protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer.
T&M	Time and Materials.
Token Ring	A token ring network is a local area network in which all computers are connected in a ring or star topology and a binary digit or token-passing scheme is used in order to prevent the collision of data between two computers that want to send messages at the same time.
Token-based Access Control	Token based access control associates a list of objects and their privileges with each user. (The opposite of list based.)
TOM	Target Operating Model.
Topology	The geometric arrangement of a computer system. Common topologies include a bus, star, and ring. The specific physical, i.e., real, or logical, i.e., virtual, arrangement of the elements of a network. Note 1: Two networks have the same topology if the connection configuration is the same, although the networks may differ in physical interconnections, distances between nodes, transmission rates, and/or signal types. Note 2: The common types of network topology are illustrated.
TOR	Terms of Reference.
Traceroute	Traceroute is a tool the maps the route a packet takes from the local machine to a remote destination.
Trade Secret	A Trade Secret is Information (including a formula, pattern, compilation, program, device, method, technique or process) that derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use, and is a subject of efforts, that are reasonable under the circumstances, to maintain its secrecy.
Transmission Control Protocol	TCP.
Transmission Control Protocol	A set of rules (protocol) used along with the Internet Protocol to send data in the form of message units between computers over the Internet. While IP takes care of handling the actual delivery of the data, TCP takes care of keeping track of the individual units of data (called packets) that a message is divided into for efficient routing through the Internet. Whereas the IP protocol deals only with packets, TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and also guarantees that packets will be delivered in the same order in which they were sent.
Transport Layer Security	TLS.
Transport Layer Security	A protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer.
TRB	Test Review Board.
Triple DES	A block cipher, based on DES, that transforms each 64-bit plain-text block by applying the Data Encryption Algorithm three successive times, using either two or three different keys, for an effective key length of 112 or 168 bits.
Triple-wrapped	S/MIME usage: data that has been signed with a digital signature, and then encrypted, and then signed again.
Trojan Horse	A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.
Trunking	Trunking is connecting switched together so that they can share VLAN information between them.
Trust	Trust determine which permissions and what actions other systems or users can perform on remote machines.
Trusted Ports	Trusted ports are ports below number 1024 usually allowed to be opened by the root user.
TSBIA	Technical Service Baseline Impact Assessment.
Tunnel	A communication channel created in a computer network by encapsulating a communication protocol's data packets in (on top of) a second protocol that normally would be carried above, or at the same layer as, the first one. Most often, a tunnel is a logical point-to-point link - i.e., an OSI layer 2 connection - created by encapsulating the layer 2 protocol in a transport protocol (such as TCP), in a network or inter-network layer protocol (such as IP), or in another link layer protocol. Tunnelling can move data between computers that use a protocol not supported by the network connecting them.
TVA	Technical Vulnerability Assessment.
TVA	A Technical Vulnerability Assessment is a key component of an organization’s Risk Assessment and Risk Management programs.
UAT	User Acceptance Testing.
UDF	User Defined Field.
UDP	User Datagram Protocol
UDP	A communications protocol that, like TCP, runs on top of IP networks. Unlike TCP/IP, UDP/IP provides very few error recovery services, offering instead a direct way to send and receive datagrams over an IP network. It's used primarily for broadcasting messages over a network. UDP uses the Internet Protocol to get a datagram from one computer to another but does not divide a message into packets (datagrams) and reassemble it at the other end. Specifically, UDP doesn't provide sequencing of the packets that the data arrives in.
UDP Scan	UDP scans perform scans to determine which UDP ports are open.
Underground Economy	The Underground Economy (sometimes known as black market or black economy) is trade, goods and services that are not part of the official economy of a country; this may be legal activities where taxes are not paid, or illegal activities, such as drug trafficking, arms trafficking, and prostitution.
Unicast	Broadcasting from host to host.
Uniform Resource Identifier	URI.
Uniform Resource Identifier	The generic term for all types of names and addresses that refer to objects on the World Wide Web.
Uniform Resource Locator	URL.
Uniform Resource Locator	The global address of documents and other resources on the World Wide Web. The first part of the address indicates what protocol to use, and the second part specifies the IP address or the domain name where the resource is located. For example, http://www.pcwebopedia.com/index.html.
UNIX	A popular multi-user, multitasking operating system developed at Bell Labs in the early 1970s. Created by just a handful of programmers, Unix was designed to be a small, flexible system used exclusively by programmers.
Unprotected Share	In Windows terminology, a “share” is a mechanism that allows a user to connect to file systems and printers on other systems. An “unprotected share” is one that allows anyone to connect to it.
UPI	Unique Product Identifier.
URL	Uniform Resource Locator.
URL	The global address of documents and other resources on the World Wide Web. The first part of the address indicates what protocol to use, and the second part specifies the IP address or the domain name where the resource is located. For example, http://www.pcwebopedia.com/index.html.
User	A person, organization entity, or automated process that accesses a system, whether authorized to do so or not.
User Contingency Plan	User contingency plan is the alternative methods of continuing business operations if IT systems are unavailable.
User Datagram Protocol	UDP
User Datagram Protocol	A communications protocol that, like TCP, runs on top of IP networks. Unlike TCP/IP, UDP/IP provides very few error recovery services, offering instead a direct way to send and receive datagrams over an IP network. It's used primarily for broadcasting messages over a network. UDP uses the Internet Protocol to get a datagram from one computer to another but does not divide a message into packets (datagrams) and reassemble it at the other end. Specifically, UDP doesn't provide sequencing of the packets that the data arrives in.
Usenet	Usenet is an outdated term for a worldwide system of discussion groups, with comments passed among hundreds or thousands of machines. The system is completely decentralised, with numerous discussion areas, each of which is known as a Newsgroup. A Usenet is now more commonly referred to as a Social network.
VDI	Virtual Desktop Infrastructure.
Virtual Private Network	VPN
Virtual Private Network	A restricted-use, logical (i.e., artificial or simulated) computer network that is constructed from the system resources of a relatively public, physical (i.e., real) network (such as the Internet), often by using encryption (located at hosts or gateways), and often by tunneling links of the virtual network across the real network. For example, if a corporation has LANs at several different sites, each connected to the Internet by a firewall, the corporation could create a VPN by (a) using encrypted tunnels to connect from firewall to firewall across the Internet and (b) not allowing any other traffic through the firewalls. A VPN is generally less expensive to build and operate than a dedicated real network, because the virtual network shares the cost of system resources with other users of the real network.
Virus	A hidden, self-replicating section of computer software, usually malicious logic, that propagates by infecting - i.e., inserting a copy of itself into and becoming part of - another program. A virus cannot run by itself; it requires that its host program be run to make the virus active.
Voice Firewall	A physical discontinuity in a voice network that monitors, alerts and controls inbound and outbound voice network activity based on user-defined call admission control (CAC) policies, voice application layer security threats or unauthorized service use violations.
Voice Intrusion Prevention System	Voice IPS is a security management system for voice networks which monitors voice traffic for multiple calling patterns or attack/abuse signatures to proactively detect and prevent toll fraud, Denial of Service, telecom attacks, service abuse, and other anomalous activity.
VPN	Virtual Private Network.
VPN	A restricted-use, logical (i.e., artificial or simulated) computer network that is constructed from the system resources of a relatively public, physical (i.e., real) network (such as the Internet), often by using encryption (located at hosts or gateways), and often by tunneling links of the virtual network across the real network. For example, if a corporation has LANs at several different sites, each connected to the Internet by a firewall, the corporation could create a VPN by (a) using encrypted tunnels to connect from firewall to firewall across the Internet and (b) not allowing any other traffic through the firewalls. A VPN is generally less expensive to build and operate than a dedicated real network, because the virtual network shares the cost of system resources with other users of the real network.
W3	World Wide Web.
W3	The global, hypermedia-based collection of information (including text, audio, video, and graphics) and services that is available on Internet servers and is accessed by browsers using Hypertext Transfer Protocol and other information retrieval mechanisms.
W3C	World Wide Web Consortium
W3C	The W3C is an international organization that develops Web standards.
WAR	Work Area Recovery.
War Chalking	War chalking is marking areas, usually on sidewalks with chalk, that receive wireless signals that can be accessed.
War Dialer	A computer program that automatically dials a series of telephone numbers to find lines connected to computer systems, and catalogues those numbers so that a cracker can try to break into the systems.
War Dialing	War dialing is a simple means of trying to identify modems in a telephone exchange that may be susceptible to compromise in an attempt to circumvent perimeter security.
Warez	Warez refers primarily to copyrighted works distributed without fees or royalties, and may be traded, in general violation of copyright law. The term generally refers to unauthorized releases by organized groups, as opposed to file sharing between friends.
Warm Disaster Recovery Site	It contains partially redundant hardware and software, with telecommunications, telephone and utility connectivity to continue some, but not all primary site operations. Failover occurs within hours or days, following a disaster. Daily or weekly data synchronization usually occurs between the primary and warm site, resulting in minimum data loss. Offsite data backup tapes must be obtained and delivered to the warm site to restore operations. A warm site is the second most expensive option.
War Driving	War driving is the process of travelling around looking for wireless access point signals that can be used to get network access.
Web 2.0	Web 2.0 currently lacks a precise definition. It is true to say, however, that although Web 2.0 need not necessarily incorporate new technologies it is generally more interactive than hitherto, tending to encourage increased content creation, collaboration, and learning, and it places considerable emphasis on the user. It is very much oriented towards social networking.
Web of Trust	A web of trust is the trust that naturally evolves as a user starts to trust others' signatures, and the signatures that they trust.
Web Server	A software process that runs on a host computer connected to the Internet to respond to HTTP requests for documents from client web browsers.
WEP	Wired Equivalent Privacy.
WEP	A security protocol for wireless local area networks defined in the standard IEEE 802.11b.
WHOIS	An IP for finding information about resources on networks.
Wiki	Wiki (from the Hawaiian word for quickly) is a medium for collaboration that allows many people to participate in the production of a long-term knowledge repository or database, often devoted to a specific subject or field of interest. It is based upon a relatively unstructured collection of hyperlinked documents that may be modified or edited by any number of authors but that also incorporates a mechanism for comparing the result with the pre-edited version. A wiki allows users to gather all information pertinent to a project or activity in one central location.
Windowing	A windowing system is a system for sharing a computer's graphical display presentation resources among multiple applications at the same time. In a computer that has a graphical user interface (GUI), you may want to use a number of applications at the same time (this is called task). Using a separate window for each application, you can interact with each application and go from one application to another without having to reinitiate it. Having different information or activities in multiple windows may also make it easier for you to do your work. A windowing system uses a window manager to keep track of where each window is located on the display screen and its size and status. A windowing system doesn't just manage the windows but also other forms of graphical user interface entities.
Windump	Windump is a freeware tool for Windows that is a protocol analyzer that can monitor network traffic on a wire.
Wired Equivalent Privacy	WEP.
Wired Equivalent Privacy	A security protocol for wireless local area networks defined in the standard IEEE 802.11b.
Wireless Application Protocol	A specification for a set of communication protocols to standardize the way that wireless devices, such as cellular telephones and radio transceivers, can be used for Internet access, including e-mail, the World Wide Web, newsgroups, and Internet Relay Chat.
Wiretapping	Monitoring and recording data that is flowing between two points in a communication system.
World Wide Web Consortium	W3C.
World Wide Web Consortium	The W3C is an international organization that develops Web standards.
World Wide Web	WWW.
World Wide Web	Also known as “THE WEB” or W3.
Worm	A computer program that can run independently, can propagate a complete working version of itself onto other hosts on a network, and may consume computer resources destructively.
WWW	World Wide Web.
WWW	The global, hypermedia-based collection of information (including text, audio, video, and graphics) and services that is available on Internet servers and is accessed by browsers using Hypertext Transfer Protocol and other information retrieval mechanisms.
Zero Day	The “Day Zero” or “Zero Day” is the day a new vulnerability is made known. In some cases, a “zero day” exploit is referred to an exploit for which no patch is available yet. (“day one” - day at which the patch is made available).
Zero-day Attack	A zero-day (or zero-hour or day zero) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others or undisclosed to the software developer. Zero-day exploits (actual code that can use a security hole to carry out an attack) are used or shared by attackers before the software developer knows about the vulnerability.
Zombies	A zombie computer (often shortened as zombie) is a computer connected to the Internet that has been compromised by a hacker, a computer virus, or a trojan horse. Generally, a compromised machine is only one of many in a botnet, and will be used to perform malicious tasks of one sort or another under remote direction. Most owners of zombie computers are unaware that their system is being used in this way. Because the owner tends to be unaware, these computers are metaphorically compared to zombies.