Glossary of General Terms


Top          Index

1. A person who has the technological access on a computer workstation, server, or network system to make configuration changes, such as installing new software, specifying program settings and parameters, setting up or deleting user accounts and mailboxes, resetting passwords, and/or changing access permissions for other users. Non-administrators are blocked from making these kinds of changes, and from seeing any information about a computer or network system (such as security logs) that an ordinary user should not be able to see, in order to preserve the integrity of the system as well as confidentiality of data.

2. A person whose job is to perform configuration tasks, diagnose problems, and collect performance information on IT and communications systems.

advanced persistent threat (APT)

A well-funded and organized group of criminals or foreign government agency (threat actor) that targets a specific victim for penetration into the victim's IT system over an extended period of time, through a combination of infiltration methods (such as social engineering and malware insertion), while employing sophisticated technical methods to avoid detection, for the purpose of stealing confidential data and/or impacting operations. The efforts and costs expended by the APT for this extensive expertise and work are warranted because of the unique value of the victim's data (or IT system disruption) to that particular threat actor, who typically has an existing connection with the victim, such as being business competitors or geo-political rivals.

advanced threat

A type of attack on information security that uses sophisticated technological measures to bypass static defense systems such as firewalls, IPS, malware detection systems, and system hardening. Security systems that are marketed to defend against these are called advanced threat protection (ATP).

See also: attack

advanced threat protection (ATP)

Security systems that are marketed to defend an entire IT system against advanced threats, as opposed to software running on a workstaton or server that detects malware only on that system. An ATP system, in its fullest implementation, monitors all computers, devices, user actions, e-mail, web, and other network traffic for anomalistic behavior; subscribes to real-time updates on threat intelligence; performs complex analysis of potentially threatening behavior or software based on context and other factors to avoid false positives; and automatically mitigates detected threats throughout the IT system by any means necessary, such as reconfiguring access control lists in a router to block malicious traffic.

See also: advanced threat


See: anti-virus


Software that examines files on a computer's hard drive, attachments in e-mails received, and files downloaded from websites, to determine if the file is a virus, and automatically delete or quarantine any viruses found. Anti-virus software usually looks for similar types of malicious software, such as adware or spyware. It works by recognizing known virus files by their exact contents, or by observing that an unrecognized program file behaves like a virus (this is called heuristics). Anti-virus software can run on a workstation or server as described above, or on a network device that can inspect files as they traverse the device.

See also: spyware, malware, intrusion prevention system (IPS), anti-spam, unified threat manager (UTM)


Software that attempts to block unsolicited commercial e-mail (junk mail, or spam) from arriving in users' mailboxes. This can work by one or more of the following methods:

a. Examining the content of each message for known phrases, links to known illegitimate websites, or many other indicators that a message is an advertisement;

b. Blocking known senders of spam from sending any messages at all, regardless of content, based on block lists that are constantly updated through block list aggregators;

c. Using custom blacklists and whitelists to disallow and allow, respectively, messages from a given sender.

Anti-spam software can run on a workstation, e-mail server, or on a network device that can inspect messages as they are transferred from the e-mail server to the workstation. Although spam is often associated with viruses due to the fact that some viruses are transmitted via e-mail, anti-spam and anti-virus software perform distinct functions: anti-spam focuses on inbound e-mail, while anti-virus protects agains malicious program files regardless of their source. Also, although the term "spam" can apply to unwanted messages in media other than e-mail (such as comments on a web site), anti-spam software generally focuses only on e-mail spam, as this is by far the most disruptive and annoying of anything that can be called "spam".

See also: anti-virus, unified threat manager (UTM), spam


A package of software designed for you to accomplish tasks on a computer workstation. Examples for a typical computer include Microsoft Word (word processing), Microsoft Outlook (e-mail and calendar), Intuit QuickBooks (accounting), Mozilla Firefox (web browsing), Google Earth (planet browsing), a calculator, Adobe Dreamweaver (developing websites), a DVD player, a video editor, a chess game, a backup system, etc. The term fell out of common use for a while until late last decade, as mobile phones became capable of supporting installable applications. In the mobile phone realm, applications are called simply "apps". Server-based network applications run on a network-connected server (either in-house or on the Internet), to centrally store data and enable real-time collaboration.


See: advanced persistent threat (APT)


See: system architecture


See: advanced threat protection (ATP)


Any attempt by a human threat actor (or automated systems programmed by a human for this purpose) to exploit a vulnerability or create a security breach. These can be purely technological, entirely in the real-world (physical intrusion into the server room, or tricking a user into giving away his password), or a combination of the two.

See also: exploit, information security breach


The process of recording information about events by a computer or network device, for the purpose of later analysis to assess performance, or for forensics in the case of unauthorized access.

See also: log file


The process of confirming, through technological or other measures, that a user is who he says he is when trying to access protected information or services on a network. This can be done by typing a password or inserting a key card. For communications and network security, it also refers to ensuring that the source and/or target of a transmission is the intended source/target and not an impostor.

See also: password, certificate, smart card


An information security term that refers to necessary services and applications being up and running, and with data present and online, so users are able to log in and do their work. It also applies to communications systems' being operational.

See also: confidentiality, integrity


Top          Index

1. Formally, one or more copies of data or configuration information made for the purpose of recovery in case hardware failure or human error deletes or corrupts the data, or for archiving previous versions for historical purposes.

2. Colloquially, a secondary piece of equipment ready to be employed in case the primary device fails.

See also: replication

battery backup

See: UPS

best practices

Methods, standards, and configurations that provide the best balance between functionality and security for information systems in a typical environment with conventional risk thresholds. For a company that has not done the analysis required to assess risk thresholds and operational requirements, implementing best practices is most likely to provide the optimal configuration.


A temporary holding area of a computer's internal memory (RAM) for data being sent or received. When information comes in to the buffer, the computer processes it and moves it to where it needs to go, then clears the buffer so that more information can be received.

See also: buffer overflow

buffer overflow

A problem that occurs when a computer sends more data than a receiving computer can fit in its buffer. If the receiving computer is running poorly designed software, it may mistakenly place the excess data into areas of its memory outside the buffer, replacing other data or program code in use. This can cause the computer to crash, or even allow a clever criminal to deliberately replace legitimate program code with a virus.

See also: patch


A fault in any computer operation attributed to a mistake made by the programmer when the software was first developed, as opposed to a transient operational problem. To fix a bug, you need to either employ a workaround (that is, complete your work using some method that avoids the bug), or apply a patch from the software publisher that fixes the bug (if available).

See also: crash, error

business impact analysis

A business process that involves evaluating the potential loss, in terms of direct costs, lost revenue, and intangible costs such as lost reputation, in the event of realized threats.

business continuity

A business process that involves enabling a business to continue to operate with alternative arrangements in the event that:

1. A failure in the information technology system occurs, with an impact to business operations beyond what the Disaster Recovery plan was designed to handle, due to cost and risk assessment considerations.

2. The recovery procedures in the Disaster Recovery plan fail in execution, in spite of being designed and expected to handle the outage or problem at hand.

3. There is an incident that impacts operations not related to information technology, such as an earthquake, fire, flood, terrorist attack, sudden loss of key personnel, or a key supplier or business partner going out of business.


Top          Index

See: cloud access security broker


See: digital certificate

change control

See: change management

change management

A business process by which changes to the information technology system configuration, or to policies, procedures, or any aspect of business operations, are assessed in a methodical manner to ensure that otherwise unknown effects are identified. In relation to information security and business continuity, this process enables risk assessments to be updated accurately. This allows other changes, which may be required to maintain the current risk position, to be devised and implemented if feasible. If not feasible, the new risk position can be documented so that management can evaluate it in light of management-defined risk thresholds. The whole process can be simple and handled by an information technology systems manager, or involve a formal change control board with representatives from each company department to review each change, to anything in between, depending on the sophistication and size of the information technology system.


A computer or piece of software that requests information and services from another computer (the server). Examples include an e-mail client such as Microsoft Outlook or Mozilla Thunderbird, a web client (also called a browser) such as Microsoft Internet Explorer or Mozilla Firefox, and an FTP client for accessing files on an FTP server.

See also: server


1. Technically, a cloud is a set of services, which can include websites, e-mail and other messaging systems, databases, file storage, virus scanning, voice-over-IP telephony, and other applications, that run on a broad set of servers configured to provide the services on demand over the Internet to vast numbers of users; the servers should be able to handle spikes in service requests, and continue running without interruption in case any of the servers or facilities fail, typically meaning the servers are geographically dispersed, and services are virtualized. This is opposed to conventional hosted services which might run on a single server, or even redundant servers at a single location, with a fixed number of customers. The term is derived from the use of a cloud-like icon by IT systems engineers for many years to represent an abstract network in system diagrams. Previously, this was called "utility computing". Cloud computing has become more prevalent in recent years due to investments in infrastructure by huge companies like Google, Amazon, Rackspace, and Microsoft, as well as the maturity of virtualized computing.

2. Colloquially, "the cloud" is a buzzword that has replaced what was formerly called simply "hosted services", referring often to any service provided over the Internet. For example, someone may say that he is "moving to the cloud" when he moves his documents to a file hosting service and gets rid of his in-house server, which isn't accurate if the hosting service stores his files on a single server at their location. Also, some hosted service providers use the term "cloud" to describe their services even when they don't meet the definition of a cloud.

See also: virtual, hosted service

cloud access security broker

A software infrastructure application employed to prevent data loss or exposure, provide visibility on usage, implement encryption policy, and enforce other company security policies across company cloud-hosted applications. Users must access the company's cloud services by going through the CASB as a proxy. This intermediary security application enables security functions that may not be available natively within a given cloud application, as well as visibility on activities across different applications that can reveal unauthorized activities or indicators of compromise that might not otherwise be detected by monitoring usage of each cloud application individually.

See also: secure web gateway


The part of a computer program comprised of instructions and logic, which drives everything a computer does.

cold recovery site

A facility that maintained by a business that has the capability of being converted to a data center and/or office for employees within a few days or weeks. The electricity, phone lines, and Internet access should be available and activated, or able to be activated quickly, so the company can move in its equipment, restore data from backups, and resume business.

See also: warm recovery site, hot recovery site


See: colocation


A server, such as a web server, database/application server, or e-mail server, owned by the company that uses it, but stored in a hosting provider's facility. This is done to improve performance and uptime, as a decent hosting provider will have redundant connections to the Internet and backup electrical generators, and to improve security, as the server can be in a locked cage with an alarm inside the hosting provider's secure facility, and monitored 24 hours a day, as opposed to sitting in a closet in the company's office suite.

See also: hosted service


The process of meeting specific technical or operational requirements established by statute, government rules, or other agreements or contracts. The requirements relate to many aspects of information security, particularly confidentiality and availability, and specify not only measures to prevent breaches or downtime, but actions to take following a breach (such as notifying clients when their personal data was exposed).

See also: information security


An information security term referring to protecting information from unauthorized disclosure. Disclosure can mean:

1. Information being available to users or the public by accessing systems that are misconfigured and provide the information without required login.

2. Information being transmitted on untrusted networks without encryption or with weak encryption, enabling unauthorized users to observe the information in transit.

3. User account permissions being technically misconfigured, or configured properly but not in alignment with operational policy, allowing a user to access files that the user should not be able to access.

See also: availability, integrity


In general, the manner of implementing information technology systems at the operational level. Particularly, this includes the number of devices, how they are connected, peripherals and options attached to each device, partitioning of storage, selection of network communications protocols, software available, software programs and versions installed, software components running or scheduled to start, location and segmentation of databases, commands issued, and the value of numeric settings and other data to set software options for computers and other devices.

See also: system architecture

configuration management

The process of documenting configuration in a methodical manner to enable holistic analysis, assess the effect of proposed changes, and record a log of changes. Proper configuration management assists with rolling back problematic changes, performing forensic analysis following a breach, and can serve as a simplified manner of vulnerability management.

See also: information security breach, forensic analysis, vulnerability management


A text file that a web site puts on your computer to record information about what you did on the site. When you visit the web site again, the site can then pull that file from your computer to figure out who you are, and display things as they were before. Cookies are sometimes derided as a security threat, because web sites can read cookies left on your computer by other web sites, although cookies were originally designed not to allow this. The consequences are, theoretically, that a malicious web site can gain a saved password or other personal information you used on a legitimate site, which you did not intend for the malicious web site to have.


A state in which data is physically present, but the data has been changed in a manner that is not intended. This can occur due to software error, hardware malfunction, error or malicious acts by users, or an improper computer shutdown rendering updates to the data only partially complete. Examples include:

1. A document file that cannot be opened in its associated program (such as a word processor), preventing a user from viewing, printing, or editing the contents of the file.

2. A database with internal indexes that are not consistent, due to a sudden power loss on a server with no battery backup, preventing the server from making the database available.

3. A database table where all data in a particular column was accidentally set to the same value by a database administrator's mistake. If this were a User ID field, for example, then all information related to users elsewhere in the database (such as dates/times logged on and off, permissions assigned, files owned, and what's saved in each user's profile) would be disassociated from each user, rendering the application that depends on this database unusable.

4. A configuration file inside a router that turned into scrambled nonsense due to a fault in the internal storage, rendering the router unable to perform its functions.


A broad term describing the total failure of a program, computer component, or the computer itself, as opposed to a simple quirk or error message. For example, a program is said to crash when it stops responding to mouse clicks or keypresses, and you cannot recover the data you were working on. A computer is said to crash if it shuts down suddenly or fails to power on, or if everything on the screen freezes to the point you have to unplug it to try to start it again. A hard drive is said to crash when it physically fails to operate, rendering all the programs and data on it inaccessible, often permanently.

See also: bug, error

critical function

Any process of a business which, based on the stated mission, activities, and objectives of the business, is required by the business to such an extent that if the process is not functioning, the business itself is considered to be out of business.

cyber security

This can be considered a combination of:

1. A subcomponent of information security, covering only the electronic aspects of storing, processing, and transmitting information to be protected from being exposed, corrupted, or made unavailable, and

2. Protection of other electronic/technological operations that don't involve information, such as machine or weapons control systems.

A cyber security team, for example, might focus on information technology security configuration and practices, whereas management of paper records, new employee vetting, and user awareness training would be left to managers of the broader information security program. You generally only see this term in very large (as in global) business operations, or expeditionary forces such as the U.S. military.


Top          Index
data loss prevention

Technological and procedural methods to detect and prevent the unauthorized access, use, or transmission of certain types of information. As a simple example, an outbound e-mail server might scan all messages sent by your users (and their attachments) for social security numbers, to prevent violation of a policy against sending this kind of data through encrypted e-mail. As more complex example involves monitoring systems that can detect when a rogue user is uploading company files to his personal cloud storage.


A general term to refer to information managed in an organized system. A database is usually comprised of tables with rows and columns of information (text, numbers, or even images) and numerous indexes for cross-referencing. It will usually allow multiple users to access and manipulate the data at the same time, and can grow to be very large compared to typical document files. Depending on its size and type, a database may be contained in a single file, in several files in separate folders, or across several servers. The files making up the database are usually not stored alongside ordinary documents, because, unlike document files, database files must only be managed by trained personnel. Manually editing, renaming, or deleting one of the files that comprise a database can corrupt the entire database.

See also: database system

database system

Refers to the entire package surrounding a database. The basic components are:

a. The database itself;

b. User interface software that runs on personal computers or handheld devices to allow you to enter and view the data;

c. Back-end software that retrieves data and processes changes; and

d. A reporting system that enables searching, sorting, filtering, and organizing data into well-formatted printable reports for operators, executives, and clients.

Examples range from simple desktop applications (Outlook, QuickBooks) to major systems (SAP, Oracle), and many countless custom applications for job estimating, machine control, marketing, shipment tracking, inventory, club membership management, etc.

See also: database


A method by which a backup storage system saves backup storage space. During a backup, the deduplication system identifies files being backed up that already exist on the backup storage disk or tape from previous backups, and skips making another copy. Systems that do not support deduplication are not aware of the existing back up data on the backup storage device, and merely copy the same files again and again each time you run add new backups.

See also: backup


The setting for a configuration option in a computer program as specified by the programmer or system administrator; that is, the setting for any option that you have not changed in the application's configuration windows or menus. Network devices (such as switches, routers, and wireless access points) have well-known default passwords for logging in to perform remote configuration, which is referenced frequently when discussing the security implications of not changing them.


An information security approach that involves multiple layers and methods for protecting from security breaches. For example, gateway software to detect and block malware infiltrations at the e-mail server, software running on workstations to block the effects of malware that may get past the gateway, network segmentation to minimize spread of malware, and training and awareness to control the human element and minimize users' bypassing technological security controls. This term at a minimum describes a security position generally on which to assess security readiness in light of best practices, if a mature information security program is not in place. Ideally, security controls will be coordinated by an information security program that directs and applies the defenses optimally in light of risk assessments.

See also: best practices, information security


Someone who writes any kind of software, from device drivers to mobile apps to desktop or web-based applications. In the past, they have been called software engineers or just programmers.

digital certificate

A data file derived from a network of shared and secret information, and using sophisticated methods and technologies to authenticate users or computers, encrypt data, verify the source of a message, and/or verify the identity of a website you are visiting. Often simply referred to as a "certificate".

See also: PKI

digital signature

This does NOT mean a computerized image of your hand-written signature. It refers to a method by which an e-mail message is computationally manipulated, using digital certificates, so that the recipient's computer can verify that the message was in fact sent by the sender. It is also widely used to verify that a downloaded program file came from the original publisher, and not from an impostor (who might have inserted a virus).

See also: e-signature


An equipment failure, software malfunction, result of an errant or malicious user action, or other event (such as flood or fire) that causes information technology failures and/or data loss that, without active intervention to restore service, would impact critical business functions beyond a maximum specified threshold (how long the outage will last, the number of customers impacted, etc.). Thresholds are defined by management in relation to business requirements.

See also: high availability, fault tolerance

disaster recovery

A business process that involves restoring information technology systems to normal operations and recovering lost data in the event of an outage that, without active intervention to restore service, would impact critical business functions beyond a maximum threshold (how long the outage will last, the number of customers impacted, etc.) as specified by management. The outage can be hardware, software, or communications failure, or a loss of data due to accidental or malicious corruption or deletion.


See: data loss prevention


Acronym for demilitarized zone. This is a network security term that has always been vaguely defined in the IT industry. It can have different meanings depending on the context, and even those have changed over the years as approaches to network security have evolved. Most commonly, this refers to an area on a business network where you put computers intended to be accessible from the Internet (such as for remote access to the corporate e-mail system, or a public web server). This area is physically separated from the heavily-protected inner portion of the network (containing user workstations and servers holding private company data), for better security. Like any component of IT system security, a DMZ is one of many options available for securing a network, and is not necessarily more secure than having your web server and workstations all in the same area. However, many business and data management policies, such as SAS 70 and PCI compliance standards, may require a DMZ to be part of the network topology. A DMZ is also known as a "perimeter network" or "screened subnet".


A set of equipment (servers, computers, storage devices, and printers), shared data folders, a list of authorized users, and a set of security policies in a private network system all managed by one administrator and/or delegated administrative teams. The administrators can set up and remove user accounts, reset passwords, configure permissions on shared folders and printers, and control configuration of the computers in the domain. Generally, a given company or agency will have their entire network organized under one domain, unless security or legal requirements call for separation.


Top          Index

1. A type of device that sits on the border between two networks; for example, a router that connects a large private network to the Internet.

2. A generic reference to latest version of a given piece of software or data definition schema.


The process of scrambling a file stored on a computer, or any information sent from one user to another, so that only the owner or intended recipient can unscramble and view the information. This process typically uses a password or cryptographic key, which is mathematically integrated into the encryption process and therefore required to decrypt the data.

See also: tokenization


A user device that runs apps and accesses the Internet, such as desktop computer, laptop, tablet, or smartphone.


A general term referring to any problem that causes a computer not to do what the user expects, regardless of the cause. Errors can be caused by a fault in the program itself (bug); misconfiguration of the system; lack of training or understanding on the part of the user; hardware failure due to poor engineering or overheating, poor network connections, etc.; or transient conditions caused by pushing a program or the computer beyond what it was designed to do (such as running too many programs at once or creating excessively large data files).

See also: bug, crash


This is a broad term, applied to many of the custom systems recently designed to acquire a signature using e-mail or on a website, instead of more traditional postal mail or fax. Methods vary widely, from having the user draw his signature with a mouse, to typing secret codes tied to the signer's e-mail address, to just having the user type his name in a box.

See also: digital certificate


A network communication sent to a target (such as a computer server, workstation, or network device) that is specially designed to take advantage of a fault in the software on the target that handles network communications, in order to intrude into the target or simply cause it to crash. A common example is a buffer overflow attack.

See also: buffer overflow, intrusion


Top          Index
fault tolerance

A method of designing computers, networks, and storage systems to allow them to withstand spontaneous hardware component failure with no downtime. A common example is installing multiple hard drives in a server which duplicate all the data between them, so that if one fails, the server continues to operate running on the extra hard drive. A broader example, particularly for a company that uses its IT systems to provide 24/7 services over the Internet, might involve having multiple connections to the Internet using different providers. By itself, fault tolerance does not address faults caused by software errors or database corruption.

See also: high availability


A process by which partner IT systems are configured, by agreement between the system owners, to authenticate user logins through a central authentication provider. In other words, a user logs in with one account and credentials (such as a password) to a computer or web-based application, and from there can access other systems within the federation without having to provide credentials, or even being registered into the system prior to signing in for the first time. This requires coordination and technical configuration on the part of the system administrators. But, this simplifies collaboration between these systems, and improves the ability to monitor and control user accounts and access to enterprise data and applications that may be spread out on different domains, in addition to the benefit of a single sign-on experience for the users. Examples include a Wi-Fi hotspot that has users sign in using a LinkedIn account to gain access to the Internet, or a political opinion site that has users sign in with a Facebook account to post a comment. Another example is a parts supplier that allows access to their secure ordering website by employees of their customers. When a new person at a purchasing company wants to log in, the supplier doesn't have to create a user account on the supplier's system, or even have the user do any self-service registration. An authorized user can get into the supplier's website just by logging in to a computer on purchasing company's network with a valid user account on that network.

See also: single sign-on


A security device that restricts network communications depending on all kinds of factors, such as the identity of the transmitting and/or receiving computer, the identity of the user, and the type of communications being transmitted. Most typically, it is used to protect against criminals gaining access to data and files on a home or business network from outside the network. Because of the wide array of capabilities that modern firewalls can now perform, a device simply called a "firewall" now generally refers to a device that blocks or allows traffic based on the network address of the transmitter and receiver and the type of each network packet, without examining the content of the traffic. Devices that examine the traffic are called next-generation firewalls or unified threat managers.

See also: next-generation firewall (NGFW), unified threat manager (UTM)

forensic analysis

The process of preserving and analyzing evidence, as part of the incident response process, in order to determine, where possible, the extent of the breach (such as what data was disclosed or modified, or what malware may have been installed), the identities of the actors who executed the breach, and the vulnerabilities that were exploited.

See also: incident response, vulnerability


Top          Index

A clever and inquisitive computer user who digs into the inner workings of computers and network systems to gain detailed literal understanding of the system, and discover functionality of computers beyond what they may have been designed to do, as well as flaws to be addressed. While some hackers break the law with their activities, the term "hacker" is not intrinsically derogatory. All positive computer innovations were derived, to some extent, from the work of hackers.

hard drive

An internal component of personal computers and laptops, which stores the operating system, all application programs it came with or that have been installed, and all your data. This is the fastest and most accessible location for stored information, which will persist on the drive even after the computer is powered off, since it is stored on magnetic or solid-state media.


In the computer world, this term refers to physical equipment, including computers, monitors, peripherals such as keyboards and mice, and printers, as well as network routing and communications equipment, and the internal components of each of these. When a problem is determined to be a "hardware problem", for example, this means no amount of reprogramming can fix the problem, and components will need to be replaced.

See also: software

high availability

A method of designing computers, networks, storage systems, application software, and databases to allow applications and databases to be recovered quickly after spontaneous hardware component failure, software errors, or database corruption. A common example is virtual machine clustering, which involves having spare physical servers; if one physical server fails, all of the virtual machines that were running on that server will reboot on another server, restoring service within a few minutes.

See also: fault tolerance

hosted service

Information, computing, messaging, or data storage services provided by an outside company on servers not owned by the customers, and accessible via the Internet. The services and data may be accessible only by the customer of the hosted service provider (such as file storage and collaboration services for mobile users within a given company), or for the public in general (such as a web site).

See also: on-premises, cloud

hot recovery site

A facility that a company maintains, where the critical components of the company's current IT system are essentially duplicated (servers and workstations), with capability for failover of applications and databases, to enable instant or nearly instant transition to the alternate site.

See also: cold recovery site, warm recovery site


See: patch


A location where access to the Internet via Wi-Fi service is provided, either for free (such as in a coffee house), or for a fee (usually per hour or day, such as in a hotel or airport). Some cell phones can be set up as a "personal hotspot", where the phone connects to the Internet via its cellular service, while providing a Wi-Fi signal for you or others to connect to the phone and on to the Internet using a laptop.


Software that starts up and manages virtual machines, and arbitrates access to processor time, RAM, disk space, and network connections. The hypervisor manages moving a virtual machine from one physical server to another, and advanced hypervisors can do this without interrupting service. Major vendors of hypervisor software include Citrix, VMware, and Microsoft. Parallels is a well-known hypervisor for running a Windows virtual machine on a Mac.

See also: virtual machine


Top          Index
incident response

A planned business process by which an information security breach, or violation of policy, is detected, evaluated, and addressed, with defined roles and responsibilities and escalation thresholds. The process should also include forensic analysis.

See also: information security, information security breach, forensic analysis

indicator of compromise

Information found on an IT system that provides evidence of malware, unauthorized access, or unauthorized data exfiltration. Examples include direct evidence such as the presence of a malware executable file on a hard drive, or network sessions being established with servers known to host malware; indirect artifacts such as system logs having recorded the unauthorized activities; or more abstract evidence such as suspicious modifications to the system configuration.

information security

A business process that protects information assets and the business functions that rely on them. These assets include the intangible value of the intellectual property, as well as physical information, particularly the information technology system.

information security breach

An incident that threatens to affect or does in fact impact the availability, confidentiality, or integrity of information assets intended to be protected by the information security program; this can include a malicious act, user error, hardware or software malfunction, or environmental conditions such as power loss or natural disaster.

information systems

The overall business processes involved in collecting, storing, controlling, organizing, analyzing, manipulating, and transmitting information, including non-technical aspects such as marketing, research, legal, and human resources policies.

See also: information technology

information technology

Electronic equipment, including hardware and software, which is designed, programmed, and deployed to support information systems.

See also: information systems

integrated solution

As set of technology hardware, software, and/or services planned and implemented via high-level planning, in order to apply to and encompass the entire IT system.

See also: solution, point solution


An information security term referring to protection of information from corruption or other unauthorized changes, either where it is stored or in transit. These can be caused by hardware or software malfunction, or by malicious users who may be able to alter data even if they can't see it.

See also: availability, confidentiality, corruption


A communications infrastructure whereby individual users or computers on separate networks may communicate and share information. The largest in the world is, of course, what we simply call "the Internet", but which was originally called ARPANET when under development by the U.S. Department of Defense in the 1960s.


A situation where a user, with automated programs or by working real-time at his computer, performs functions on a computer or network system that he is not permitted to perform. Such functions include reading or modifying document files or databases, causing a computer or server to crash, stealing passwords, sending junk mail from the victim's system, causing ads to appear on a victim's screen, and installing software that encrypts the victim's files and demands ransom. Intrusion can be achieved by sophisticated means such as sending specially designed network communications to exploit a fault in the target system, by tricking a user into running a program that allows the unauthorized access, or simply by guessing a password.

intrusion detection system (IDS)

Software that identifies potential or actual intrusions by examining network traffic for exploits, and alerts the system administrator to take any necessary action to defend the system. This runs on a computer or device connected to the network where it can see all network traffic for analysis. Compared to a network-based intrusion prevention system (NIPS), an IDS requires less sophisticated software and hardware, and is less disruptive to implement, since it does not analyze the network traffic in real-time. But, since it relies on the administrator to figure out how to protect the network after an event is raised, we can expect that exploits would be more likely to pass compared to a properly-configured IPS.

See also: exploit, intrusion prevention system (IPS)

intrusion prevention system (IPS)

Software that identifies potential or actual intrusions and automatically blocks the intrusion from occuring. There are two types:

1. A network-based IPS (NIPS) works by examining network traffic for exploits, and blocking communications as needed to prevent the exploit from succeeding. This generally runs on a device between potential attackers and the protected computers (meaning, of course, on the Internet access gateway or firewall). Compared to an intrusion detection system (IDS), a NIPS requires very fast hardware and sophisticated software to be able to analyze the traffic and make a decision in real-time. Also, since it takes automated actions that actually affect network function (as opposed to only raising an alert as an IDS does), an IPS can be very disruptive if not configured properly, or if it simply generates many false positives.

2. A host-based IPS (HIPS) is software that runs on a computer or network device (the host) and examines everything the host does, blocking activities that may be the result of an intrusion. This is generally only seen on heavily managed enterprise networks, because it is much more complex than typical anti-virus software, and requires extensive configuration and continuous management to be useful in protecting the host without making the system difficult to use.

See also: exploit, anti-virus


See: indicator of compromise


Top          Index
key performance indicator

A specified threshold for a metric applied to IT, security, or routine business operations that measures the effectiveness of a program in meeting its defined objectives. Specifically, measures of KPIs must meet defined thresholds, or the implementation is considered to have failed. For example, KPIs for an information security program in a high security environment might include reducing the number of times a user or guest is able to view files for which he does not have permission to fewer than two per month, and with 100% of all such incidents being reported within one hour and properly mitigated according to the company's policy, including remedial or disciplinary action against the user who exposed the unauthorized data. The metrics in this case are the number of breaches and how many were reported; the KPI indicates, in reports to management, whether the thresholds were met. Another example: in an ordinary office where confidentiality is not as critical, but availability (uptime) of the system is, the KPI of the information security program might establish that no more than one system may be offline for more than one day per month due to spontaneous system failure or malware.

See also: metrics


See: key performance indicator


Top          Index

Acronym for local area network. A system of interconnected computers within a single room or building. This is a term that many IT professionals use to refer to computer communications within your office, as opposed to your phone system or anything outside your office (such as the Internet).

See also: network, WAN


The timeframe for managing information technology assets. The stages include pre-acquisition specifications and requirements, lab and/or pilot testing, migration from outgoing assets, deployment, user training, maintenance and performance monitoring, replacement, and disposal. This can apply to individual information technology assets (specific hardware, software, or data), or a solution including a combination of these.

See also: solution

log file

1. A file generated by computer programs recording events, status reports, and errors. Each line of a typical log file records the date and time of the event, the device or program affected, and what happened. Log files are either in plain text format for human administrators to read through, or some kind of a binary format. To read a binary file, an administrator must use a log viewer program that is capable of reading that particular type of log file. But, binary log files are more amenable to automated parsing and analysis by management and auditing software, which is especially useful when there are millions of log entires.

2. Sometimes the files making up a database transaction log are referred to as log files.

See also: plain text, auditing, transaction log

log in / log on

The process of entering your credentials (usually a user name and password) to identify yourself for the purpose of gaining access to secured services and data. The terms "sign in" or "sign on" mean the same thing.

log out / log off

The process of ending your work session with a system, so as to prevent anyone else from gaining access to secured services and data only you should access, and to free up resources for other users. The terms "sign out" or "sign off" mean the same thing.


Top          Index
malicious software

See: malware


This is a general term for any kind of malicious software such as viruses or spyware, that runs on your computer to do damage, such as disrupting your work, forcing your computer to open websites the program chooses, or steal your personal information and send it to a criminal. Malware gets installed on your computer either through technical faults that allow another computer to just push it onto yours, or through various methods of getting you to unknowingly install it yourself.

See also: spyware, anti-virus

maximum tolerable downtime

The maximum amount of time an application or data can be unavailable to users, as specified by business management. This is based on the impact on business functions, and analysis of anticipated lost revenue and other costs that are incurred for every hour, day, or week a given application or database might be unavailable.


Defined measures by which effectiveness of various plans and programs will be assessed, such as a Risk Management program, Information Security program, Incident Response plans, Disaster Recovery plans, and Business Continuity plans.

See also: key performance indicator


See: maximum tolerable downtime

multi-factor authentication

A process by which a user proves his identity (for the purpose of logging in) using more than just a user name and password. The three types of factors: something the user knows (such as a password), something the user has (a key), or proving presence of the user's physical body (retina scan, fingerprint, or voice/face recognition). The most common example in information technology is a key card (what the user has) with a PIN (what the user knows). For cloud services, this is commonly implemented with the usual password (what the user knows) and a verification message sent to the user's mobile phone (what the user has).


Top          Index

A collection of computers and other electronic devices that communicate with each other to share common functions and/or data.

See also: LAN, WAN, internet

next-generation firewall (NGFW)

A marketing term, appearing around 2007, that originally described firewalls targeted for the enterprise market, that perform application- and context-aware intrusion prevention in addition to the conventional function of blocking or allowing traffic based on network address and packet type. These originally left out junk mail blocking, anti-virus scanning, and website filtering, to keep the device from slowing down traffic and keep down the price, given their target market may have hundreds or thousands of users and generally had junk mail, anti-virus, and website filtering systems in place already. But, many NGFWs currently in production have added all these features due to advances in processing speed, and some products are clearly now targeted to the small/medium business market, blurring the distinction between NGFW and UTM.

See also: firewall, unified threat manager (UTM), intrusion prevention system (IPS)


Top          Index

A relatively new term referring to servers owned by a company and located at that company's site. Until recently, all business IT systems consisted primarily of on-premises servers, so they were simply called their "servers". In the current era, many companies (even large ones) now frequently do their internal work over the Internet on cloud services providers' systems, such as saving and sharing document files; storing users' mail, contacts, and calendars; and running internal database applications. As a result, the term "on-premises" has become more prevalent along with the need to differentiate services running in-house vs. in the cloud.

See also: cloud, hosted service


1. Data that is readily accessible. For example, data you can access on your hard drive is online, whereas data you copied to a tape and put on a shelf is offline. In common use today, though, this term refers to information accessible over the Internet, while anything not on the Internet, even though it is accessible immediately on your computer, is not considered "online". Here is an illustration: Before the Internet era, when computers were standalone devices, the term "online help" referred to program tutorials that were accessible from within a program by clicking a "Help" button, as opposed to printed in a bound paper book. Today, all programs have tutorials integrated into the program, so the term "online help" now refers to additional and more up-to-date information accessible on the Internet.

2. An active network connection, such as to the Internet generally, or to a specific network service.

operating system

The software that provides your computer or mobile phone its personality and capabilities. From the user's point of view, the primary functions of the operating system are management of programs (installing, uninstalling, and shortcuts), management of documents and databases (sorting, searching, renaming, deleting, backup, and restore), as well as integration of peripherals (printers, scanners, storage devices). The operating system itself consists of a kernel (core), and non-kernel components and utility programs. Examples of operating systems for computers are Microsoft Windows, Mac OS X, GNU/Linux, and FreeBSD. Examples of operating systems for mobile phones are BlackBerry OS, iOS, Symbian, Windows Phone, and Android.


Top          Index

A secret code you must enter to prove your identity to access protected resources, usually comprised of a single word, or a jumble of numbers, letters, and symbols (to avoid being easily guessed).


Functionally the same as a password, but comprised of a sentence or phrase (including spaces). You may hear this term in organizations that encourage users to try using passphrases rather than passwords, which will generally be harder for a criminal to guess or crack.


A small software package provided by the publisher of a software application or operating system, which updates components of an existing installation, to fix a bug in the software. Sometimes referred to as a "hotfix".

See also: update, upgrade

penetration testing

A process performed by highly-trained professionals to seek out and identify not just the existence of vulnerabilities, but to determine how far into an information technology system they can get exploiting multiple layers of vulnerabilities, what data can be accessed, and how easily an exploiter can avoid detection.

See also: vulnerability

perimeter network

See: DMZ


Acronym for Public Key Infrastructure. A database and set of servers managed by a trusted organization responsible for creating, distributing, and verifying the authenticity of digital certificates, which are used for authentication and encryption. For accessing secure websites or verifying most digitally signed e-mail, your computer uses certificates managed under dozens of PKIs administered by companies (such as VeriSign, Network Solutions, Thawte, Equifax, Comodo, DigiCert, and even several foreign companies) which have been designated as trustworthy by the developers of your computer software. For greater control and security, many companies institute their own internal PKI, managed by their IT department.

plain text

1. Another term for a text file.

2. Unencrypted information of any type sent over a network or saved on a hard drive which, if opened from the hard drive or captured in transit, would be easily read.

See also: encryption

point solution

An implementation of information technology hardware, software, and/or services to address a specific need, without considering whether or how the product integrates with the rest of the IT system.

See also: solution, integrated solution


A shared set of rules used by computers, mobile devices, peripherals, network equipment, and software applications when communicating with each other. The rules specify how to set up communications; authenticate the users or devices involved; configure encryption; transfer messages, commands, and data; correct errors; and verify receipt of transmissions. Sometimes referred to as a "language" in other glossaries, but this is an inaccurate simplification. A given protocol works the same regardless of the language used in the underlying communications. A good non-computer analogy is how we use the telephone. To communicate by telephone, you have to learn the protocol first, which is: Look up the phone number; pick up the receiver; wait for the dial tone; dial the number; wait for the person to pick up and say "Hello" before you start speaking; and say "Bye" to indicate the conversation is complete before hanging up. If you fail to follow any part of this, you will fail to complete the communication, or at the very least cause confusion (if you hang up without saying "Bye", for example, the other party may assume the call was cut off and call you back to ensure the conversation was complete). These rules are all the same whether you're speaking English or Quechua.

proxy server

In highly-controlled networks, this is an intermediary computer you must go through to access a given service (usually the Internet). It is generally employed to block certain activities to enforce your company's Internet usage rules, and to perform caching.


Top          Index
read only

A state where certain data can be seen but not changed. If you open a document file that someone else is accessing over the network, your software may alert you that the file is in a "read only" mode on your computer, because two people on different computers shouldn't modify a document at the same time. This term can also apply to physical media, such as a standard CD.

recovery point objective

The maximum allowable age of the most recent data backup, which will establish how much recently entered/modified data can be permanently lost (unrecoverable from backup) following a data loss event. The RPO is defined by business and departmental managers, and any designated data owners, balancing the cost of recreating data since the last backup vs. the cost of making more frequent backups, also considering the likelihood of a data loss event.

recovery time objective

A designation of how quickly technicians should be able to recover a software function, replace equipment, and/or restore lost data from backup, following an information technology system outage or data loss event. This will generally be a technical consideration, to be determined by the IT department, based on designated maximum tolerable downtime.

See also: maximum tolerable downtime


A process by which a database is copied continuously to another server, so that the other server will take over providing user access to the database in case the primary server fails. Both servers in a replication pair hold a current copy of the database.

See also: backup

risk assessment

A subcomponent of Risk Management; this is the process of evaluating the likelihood that risks will be realized, and the expected impact. For information technology systems in particular, the threat modeling process is used, along with information from vulnerability management, to estimate the likelihood that threats will be realized.

See also: risk management, threat modeling, vulnerability management

risk control

A measure put in place to reduce the likelihood and/or impact of realized threat. This can include technological restrictions and requirements for user access, high availability configuration, backup systems, operational policies, user awareness training, and insurance.

risk management

A business process that involves identifying assets to protect, identifying and evaluating risks to those assets, identifying and evaluating risk controls, defining metrics, implementing selected risk controls, and measuring the performance using defined metrics.


Another term for malware, along with "virus", "Trojan Horse", and "worm". The term is usually applied to malware that installs in the inner rings of system security on a computer, making it extremely difficult to detect and remove.

See also: spyware, virus


A networking device that sits between two or more computer networks, and conveys communications packets from one network to the appropriate target network based on the designated final destination of the packet. An example for a typical office is the router that connects the local area network (LAN) to the Internet.

See also: LAN, internet, switch, firewall


See: recovery point objective


See: recovery time objective


Top          Index

A computer operating environment that is securely separated from other software and data running on the same system through, and where access to shared system resources is monitored and tightly controlled, for the purpose of testing potentially malicious software in a safe manner.

screened subnet

See: DMZ

secure web gateway

A device or Internet-based service that filters web access to prevent accessing unauthorized content and malware, protect against data disclosure, ensure regulatory and company policy compliance, and provide visibility on usage. To deploy this, a company's workstations and mobile devices are configured to route all web traffic through the secure web gateway, whether the workstation/device is on company premises or off-site. While seemingly similar to a cloud access security broker (CASB), a secure web gateway focuses on security of on-premises equipment and data, while a CASB protects the data and activities within cloud applications. And compared to a next-generation firewall (NGFW), a secure web gateway focuses on browser (website) traffic, as opposed to trying to monitor and defend against all kinds of malicious inbound and outbound traffic as a NGFW does.

See also: cloud access security broker, next-generation firewall (NGFW)


A computer on a network designed and configured for physically storing shared files, granting or denying permissions to those who try to view them, managing access to shared printers, running shared application programs and databases that users access over the network, and providing network-wide control services. Not designed for direct operation by ordinary users. Sometimes people refer to networking equipment in their office (such as a router, DSL modem, or even a cabling patch panel) as a "server", but this is incorrect.

service pack

A set of software updates and patches all rolled into a single package.

See also: patch, update

shadow IT

A term to describe applications and file storage deployed by users outside the control of a company's IT administration and information security program. A typical example is where a user signed up for G Suite storage using his personal e-mail address, and uploads company files for sharing with partners there, bypassing security controls of in-house storage, permissions assignment, and data backups.


Acronym for Security Information and Event Management, which is software that communicates with servers, devices, and security appliances and applications on an enterprise network to collect log files and alert information into a central location. The more sophisticated SIEM systems can automatically analyze the aggregated data and identify potential security breaches or other problems, which might not be apparent by analyzing the logs of the devices separately.

sign in / sign on

See: log in / log on

sign out / sign off

See: log out / log off

single sign-on

A general term describing a system where a user signs in to a system once and then has access to related resources (such as shared folders, printers, and company intranet websites) without having to authenticate with each resource (such as by typing a password). One example is a system that saves passwords within a user's computer or cloud account data, and transparently sends the passwords every time the user attempts to access the resource. In this case, separate accounts and passwords still exist on each resource, and there is no coordination; the user's device manages single sign-on functionality. Another example is where servers in separate domains are configured to synchronize passwords, so a user can change a password on one system, and that system will update the password on the other; this approach is prone to problems due to synchronization problems or delays. Our last example is an IT system where an authenticating server provides a token once the user logs on, which the computer transparently sends to identify the user for authorized access to resources on the same company network (such as a Windows Server domain network, using an implementation of the Kerberos protocol). With this, there is only one account per user throughout the domain, handled by the authenticating server, and there are no separate passwords for the folders and printers within the domain. A single sign-on scheme reduces the number of passwords each user has to remember for various systems.

See also: domain, federation

smart card

A physical device that provides much greater authentication security than a simple password. Smart cards can be used for logging on to a computer, unlocking a door, or making payments. Each user's smart card holds a digital certificate only for that user, to prove the user's identity. The digital certificate itself is encrypted, requiring the user to enter a code (PIN) to unlock his digital certificate each time the smart card is used. This means that even if the card is lost or stolen, someone else cannot use the card without knowing the code; likewise, even if someone gets your code, he cannot do anything with it unless he also gets your card. Despite these advantages over passwords, smart cards are not widely used because a smart card system is expensive to implement and maintain.

See also: digital certificate, multi-factor authentication


The program instructions that drive everything your computer and networking equipment does. The term is a derivation of "hardware", in that it is part of your equipment, but it is transient and invisible. It can be installed by copying the program instructions from a CD, or copied from another computer or from a web site. Software can be stored in RAM (when it is being executed), in silicon chips, and magnetically on your hard drive.

See also: hardware


A term describing the implementation of information technology or communications hardware, software, and/or technical services to solve a problem, improve productivity, reduce costs, implement a user-facing application, utilize and manage data (enable access, move, duplicate, protect, recover, process, or analyze), or otherwise create new capabilities for a business operation based on information technology.

See also: point solution, integrated solution


Unsolicited advertising received via e-mail; this can also refer to advertising placed in any kind of system, such as links to websites placed in the comments section of a news website.


Acronym for Stateful Packet Inspection. This is a feature of a firewall to allow incoming transmissions from computers outside the network only if a computer or device on the inside network has an active communications session that it initiated with that outside computer. The firewall records outbound communications by protected computers on the internal network into a database, called the state table. It then inspects each inbound packet and uses the state table to determine if it should be allowed. As an example, a web server cannot initiate contact with your computer out of the blue; your firewall will block the transmission. But, if your enter the web server's address into your browser, your computer will initiate communication with the web server, and your firewall will take note in the state table. When the server responds, the firewall will examine the incoming packet (containing the web page you wanted to see), determine that it is a valid response to your communication, and allow the packet to reach your computer.

See also: firewall


A form of malware that, in general, tries to steal information from your computer, particularly passwords and financial information, and send it over the Internet to criminals.

See also: malware


Acronym for Secure Shell, a protocol for logging in to the command line interface of a remote computer or network device in a secure fashion, using digital certificates to confirm the identity of the server, and setting up encrypted communications to prevent eavesdropping. This protocol is most commonly used to log in to network devices such as routers, switches, and wireless access points to change the configuration or check the log files. It is also used to log in to UNIX-based computers over the Internet to manage the programs running on it (such as restarting a crashed web server) or change configuration options or review logs. The protocol was invented by a university student in Helsinki.


Acronym for Secure Sockets Layer, a protocol for accessing standard server services (such as web pages or e-mail) in a secure fashion, using digital certificates to confirm the identity of the server, and setting up encrypted communications to prevent eavesdropping. This protocol is in use when you visit a website using the https:// designator, and often for transport of e-mail. The latest versions of SSL are called TLS, an acronym for Transport Layer Security.


See: single sign-on


See: secure web gateway


A network device that connects multiple computers, and manages the communications traffic, within a local area network.

See also: router, LAN

system architecture

The structure of an information technology system, viewed from a broad level, and considering business requirements for performance, capacity, availability, security, fault tolerance, and expandability. The architecture establishes configuration standards for the components within.

See also: configuration


Top          Index

Magnetic storage technology used since the earliest days of computers. Data is stored on long, narrow strips of plastic coated with magnetic material and spooled on reels inside a plastic cartridge. Compared to current widely available storage technologies, data access on tape is very slow, because it requires a tape drive that forwards and rewinds the tape to find or record data to the proper part of the tape. Because of this, tape is used today only for backup and offline storage.


An event that can occur that affects information technology assets or resources, and which may impact information security or business continuity. Each particular threat is defined by an actor, an action, and the resource affected. The actor can be a person (internal or external), nature (flood, fire), or simply spontaneous (such as in the case of hardware failure, or manifestation of a software bug).

See also: vulnerability

threat intelligence

Analysis of known attacks by security service providers to identify emerging threats by known parameters (such as an Internet server the software tries to contact), or general behavior patterns that are identified as suspicious because of observation of similar attacks. The process involves gathering information from detected attacks that are reported to the security service provider by systems already protected by their software or systems, and other research techniques.

threat modeling

The process of identifying threats and estimating likelihood and impact.

thumb drive

A hardware device, about the size of your thumb, that you can plug into a computer's USB port, for transferring files to and from your computer. Thumb drives now come in many fancy shapes and colors, but also are able to store quite a bit of data, presenting a significant security risk in controlled networks.


See: SSL


The process of moving sensitive information (such as social security numbers, birthdates, or bank account numbers) out of a database and replacing the information with codes that are randomly generated to reference the actual information, but which cannot be decoded without access to the tokenization system. The reference table, algorithm, or other system used to generate tokens for the sensitive data, and retrieve the actual data from tokens, is kept separate from the database itself, and is not accessible by users or any automated processes that use the database. This way, if the raw data comprising the database is exposed, then only the tokens will be visible in the sensitive data fields, with no way for them to be decoded or cracked. This is considered more secure than encryption, because with encryption, the actual data, though scrambled, is present in the raw database, and many methods exist to decode the cryptographic keys used for encryption and access the data. Compared to encryption, implementing a tokenization system can greatly increase complexity of the database design and operations. It can be useful, though, in situations where government rules require certain sensitive data to be stored only in certain locales; with tokenization, the sensitive data fields and the tokenization system can be stored within the required boundaries, but then the non-sensitive portion of the database, along with the tokens, can be stored in any datacenter worldwide (for lower cost, better performance, etc.) without violating these rules, because a complete breach of that datacenter will only reveal the tokens in the sensitive data fields, which are meaningless without access to the tokenization system.

See also: encryption, database

transaction log

In some database systems, any changes (inserting, editing, or deleting information) are recorded to a set of files called the transaction log before being applied to the database file itself. While this improves speed and greatly reduces the chances of data loss in case of an unexpected shutdown other error, an experienced system administrator often must manually intervene in order to bring a transactional database back into operation following a crash. A database that does not use transaction logs generally comes back online by itself, but recent changes might be lost.

See also: database, log file, fault tolerance

Trojan Horse

Another term for malware, along with "virus", "rootkit", and "worm". The term is usually applied to malware that is installed deliberately (but unknowingly) by a user, because it came along with what the user thought was a legitimate software package. Named, obviously, after the ancient story of the Greek ruse in the Trojan War.

See also: spyware, virus

two-factor authentication

See: multi-factor authentication


Top          Index
unified threat manager (UTM)

A marketing term describing firewalls that appeared around 2004, targeted to the small/medium business market, that perform basic intrusion prevention in addition to the conventional function of blocking or allowing traffic based on address and packet type, and further examine the content of all communications so as to detect and block junk mail (anti-spam) and viruses (anti-virus), as well as perform website filtering (blocking access to disallowed websites based on address and/or content). Having all these functions available in one device was generally attractive to a business with limited IT support and without any of these various protection mechanisms already in place, and for which the slowdown by all these checks is not a problem due to light Internet access. But, some UTM manufacturers have, in recent years, added enterprise-grade features such as better performance, dynamic routing, clustering, scalability, and directory integration, blurring the distinction between UTM and NGFW.

See also: firewall, next-generation firewall (NGFW), intrusion prevention system (IPS)


A small program that installs new components of a software program, either to fix bugs or provide minor new features. These are generally provided free by software manufacturers.

See also: patch, upgrade


A new version of a particular application program or operating system, which requires completely replacing the existing version. For paid commercial software, software publishers usually offer the latest version of software at a discounted "upgrade price" to those who already own an earlier version, or for free to those who pay a monthly subscription fee to use the software. Regardless, the software upgrade package will always contain all the program components and functionality as the higher-priced version you would have to buy if you didn't have the previous version already (often colloquailly called the "full" version).

See also: patch, update


Acronym for uninterruptible power supply. Also known as a battery backup, this is a device that provides electricity in the event of a short-term power outage, by using a battery inside the device, which keeps itself charged so long as the power is on. The UPS immediately provides power to your computer, with no break in continuity, when it detects that electricity has stopped coming from the wall outlet.

utility computing

See: cloud


Top          Index

A broad and flexible term describing any situation where a hardware device, software application, or other function is emulated, including multiple separate instances. For example, a virtual printer might be represented as an icon in your Printers folder on your computer as if it were a real printer; this allows you to print from any application you have, but send the printed image into a PDF file or dial a fax machine, instead of physically printing it on a page. For another example, Microsoft uses the term SMTP virtual servers to describe their edition of the industry standard SMTP application when running on Windows Server. Normally, SMTP server software has a single configuration per server. On Windows Server, each SMTP virtual server has a separate configuration, mail queues, and logging. The Apache web server has also used the same term in the same manner. As another example, virtual applications are user programs (such as a word processor) installed on a server and accessed over the network, instead of being installed on each workstation in the organization. These run in a window on your workstation as if they were installed on that workstation. While performance will be slower, this makes it much easier to upgrade the application for all users or standardize its configuration. As another example, a virtual PBX is a phone system hosted transparently on the Internet, where inbound trunk lines go to the PBX provider's site, and your extensions connect via the Internet, requiring no physical PBX hardware. Finally, an entire computer, or set of computers and their local network, may be virtualized (see virtual machine, below).

See also: virtual machine

virtual desktop

A computer with a full desktop operating system and applications that runs as a virtual machine on a server, and is accessed by users over the network from a workstation or tablet. This allows a user to move around and have all the same software, network connections, and files available no matter what computer or tablet he uses to log in.

See also: virtual machine

virtual machine

A software application running on a computer that completely emulates an entirely separate computer, with its own installed operating system and applications. This enables the versatility of running single-purpose servers to avoid application software conflicts, without requiring a separate physical server for each. It also enhances fault tolerance, as a virtual machine can be copied, intact, to another physical server should its current physical server suffer a component failure. Each virtual machine must share processor time, RAM, and access to the network with other virtual machines running on the same host computer. Apart from servers, a user may choose to run a virtual machine on his computer; typically, this involves running a Windows virtual machine on a Mac, so that someone with a Mac can use applications that only run under Windows.

See also: virtual desktop


1. The process of emulating computer servers and workstations, computer components (such as hard drives or network adapters), physical networks (such as an Ethernet segment), or network services (firewalls, routers) in software. This usually involves consolidating multiple such physical components to operate simultaneously on one or a relatively small number of physical computers.

2. The process of transitioning a set of servers from running on separate physical machines to running as virtual machines.

See also: virtual machine


Another term for malware, along with "Trojan Horse", "rootkit", and "worm". The term can fairly be applied to most any malware. However, some IT professionals, IT trainers, and authors try to parse the technical differences between various types of malware, and object to using this term so generally. But in reality, there is no formal standard definition for these terms, so different sources might provide different definitions. Besides, malware is too complex to fall neatly into categories, and the naming of any given piece of malware is not helpful in preventing, detecting, and removing it.

See also: spyware


Acronym for Voice over Internet Protocol. A technology by which a phone can connect to a regular computer network instead of traditional copper wires, and convey your voice through computer data packets. When used to call from your office to another VoIP phone over the Internet, this allows for cost savings by avoiding long-distance and even international tolls from traditional phone service providers. Even if only used internally in your office (with a bridge to the conventional public phone system), this enables centralized phone and call control features only previously available with very expensive phone systems, and some features that are otherwise impossible. Drawbacks of VoIP include potential loss in quality of the audio and reliability (especially when talking over the public Internet), and greater security considerations due to its connection with your information technology system.


Acronym for virtual private network. This involves connecting to a network (not just to one computer) from outside that network, through the Internet. Once you are connected, you can access data and services on that remote network as if you were actually in the building and physically plugged into the network. This is a common technology for laptop users to access shared files, databases, and applications in their office while on the road, or for telecommuting users to work from home. The term can also refer to two geographically separated networks that operate as one congruent network due to a VPN link between the two networks; this will be managed by your IT service provider.


A weakness in an information technology system that can be exploited by a threat actor. This can be buggy software, a configuration error, ill-defined procedures, or users violating policies.

See also: threat

vulnerability management

A business process that involves identifying and eliminating or mitigating vulnerabilities in the information technology system. This can include configuration management by your information technology managers, vulnerability scanning, or penetration testing.

See also: penetration testing

vulnerability scanner

Software that examines your application servers, storage, workstations, and network devices to identify the presence of vulnerabilities, such as configuration settings that don't match intent, poor user account management enabling easy access by unauthorized users, easily-breakable authentication or encryption methods in use, and the presence of known exploitable software. More sophisticated systems can create a network map and find vulnerabilities not identified by analyzing any individual device.


Top          Index

Acronym for wide area network. A system of connecting computers across distances beyond the capabilities of LAN technologies (such as Ethernet), using anything from dedicated T1 links, ISDN, dial-up modems over the standard telephone network, fiber, or satellite.

See also: LAN, network

warm recovery site

A facility maintained by a business where there is some equipment in place, with communications services already running, and where some or all on-premises virtual machines, data files, and databases are replicated. With this additional preparation, all critical business operations can be moved within a day or two.

See also: cold recovery site, hot recovery site


Another term for malware, along with "virus", "Trojan Horse", and "rootkit". The term is usually applied to malware that spreads by itself from computer to computer over a local area network.

See also: spyware, virus


Top          Index

Any kind of computer or network infiltration that is unknown to anti-virus or intrusion prevention software; that is, the infiltration method or virus file is not listed in the threat/virus definition database of the security software. Zero-day attacks will not be stopped, except by security software that uses sophisticated methods to detect and prevent unknown viruses or exploits.

Back to top