Глоссарий





Новости переводов

07 февраля, 2024

Ghostwriting vs. Copywriting

30 января, 2024

Preparing a scientific article for publication in an electronic (online) journal

20 декабря, 2023

Translation and editing of drawings in CAD systems

10 декабря, 2023

About automatic speech recognition

30 ноября, 2023

Translation services for tunneling shields and tunnel construction technologies

22 ноября, 2023

Proofreading of English text

20 ноября, 2023

Chatbot machine learning language service



Глоссарии и словари бюро переводов Фларус

Поиск в глоссариях:  

Глоссарий терминов по социальной инженерии и информационной безопасности

Социальная инженерия относится к изощренному использованию обмана для манипулирования людьми с целью разглашения конфиденциальной или личной информации в мошеннических целях, когда злоумышленники пытаются использовать людей, а не уязвимости системы.



acceptable usage policy
    A document drawn up by an organisation that defines proper it system usage (network, system or website), restrictions and the responsibilities of users. while users might be aware of their organis...
advanced persistent threat (apt)
    A prolonged attack when an attacker gains access to a system or network for a prolonged period of time. the motivation for this category of attack is usually data exfiltration. common targets incl...
alert fatigue
    The phenomenon of users ignoring warnings of potential problems from their it security software, usually as a result of being exposed to a large number of frequent alarms.
angler phishing
    A recent trend where cyber criminals pose as customer support representatives of various organisations on social media platforms, such as twitter and facebook. here they can initiate an interactio... reverse social engineering;
anti-virus software
    Software designed to prevent and detect malware infections. early versions of anti-virus software were signature-based, which meant detection relied on a database of known malware. however, malwar... scareware;
baiting
    A social engineering attack that involves the attacker leaving malware infected portable storage media, such as usb memory sticks, in locations where people will find them. the hope is that the ta...
baselining
    Monitoring resource usage (such as email usage) to determine typical usage patterns so that significant deviations can be detected.
business email compromise (bec)
    A type of social engineering attack in which one party of a financial transaction gets impersonated. for example, in the buying or selling of a house, an attacker may impersonate the real estate a... ceo fraud;
business process compromise (bpc)
    A form of attack where business processes or their underlying systems have been manipulated by an attacker. for example, starting from 2011, the belgian port of antwerp was infiltrated by hackers ...
caller id spoofing
    A direct social engineering attack that often involves using a spoofed phone number to create a sense of trust. the number will appear on the victim’s caller identification display, leading them t...
ceo fraud
    A type of business email compromise in which the attacker purports to be the ceo, and uses a compromised or spoofed email address to make a payment request to an employee with the authority to iss... business email compromise (bec);
clean desk policy
    A policy which encourages employees to remove sensitive documents or materials from their workspace when they are not in use. a clean desk policy hopes to mitigate the risk of the insider threat. ...
clear text
    See plain text.
plain text;
clickbait
    A website url or email attachment that appears to be from a trusted source, but is actually connected to a source set up by a hacker. clickbait urls or attachments will often have alluring titles ...
clickjacking
    Occurs when an attacker tricks the target into clicking on something different to what they had expected. this can potentially reveal sensitive information, take control of their computer, or caus...
clone phishing
    Occurs when the text and graphics of an authentic email that has been previously sent to the target (e.g. from a financial institution) is copied and resent to them. the “new” version of the email...
credential harvesting
    Occurs when the login credentials for webmail, domain access, vpn access, etc. are collected via a compromised web browser, application, malware or dns server. this can have serious ramifications ... typo-squatting;
cyber-espionage
    Espionage geared towards financial, commercial and technological goals. organisations can spend millions of euros on research and development for new products and services only to have that intell...
data audit
    A data process involves the process of finding out where your organisation’s data is stored, how it is processed and whether it is compliant with data protection law. this process can be performed...
data breach
  1. Any event where confidential data is viewed, transmitted, stolen or used by an unauthorised individual. data breaches are often caused by user error, lost or stolen devices, data-stealing malw...
data egress
    Data leaving a network to an external location. this term is usually used in reference to authorised data.
data leak
    An unintentional release of confidential information to an untrusted environment. an increasingly large number of data leaks can now be attributed to social engineering attacks or plain human erro...
data loss prevention (dlp)
    This aims to prevent the unauthorised loss or exfiltration of data. dlp solutions typically monitor data traffic that leaves a network for document tags, watermarks and “dlp fingerprints”. dlp fun...
data minimisation
    Collecting the minimum amount of data needed to fulfil a purpose. data minimisation also refers to the practice of carrying the bare minimum of data on portable computing devices and storage media...
data portability
    Refers to data which is in a format that is easily accessible and easily transmissible to a third party. data portability is a stipulation in the gdpr which means organisations that are subject to...
data quality principle
    Personal data collected by organisations should be relevant for purpose, accurate and kept up-to-date.
data remanence
    In many computing environments, the execution of the “delete” or “move to trash” command does not actually result in data getting irreversibly deleted. data remanence is data that persists beyond ... data wiping;
data wiping
    Secure data wiping usually involves writing zeros or random characters to a storage device so that any stored data becomes overwritten and is unrecoverable. there are several free and commercial a... data remanence;
data-at-rest
    Inactive data that is stored on a physical storage device, such as the server, workstation, usb drive or smartphone.
data-in-motion
    (a.k.a. data in transit) – data that is transmitted over a network. data-in-motion can be secured by encrypting the communications channel (e.g. by using ipsec encryption) or by encrypting the dat...
data-in-use
    This is one of the three states of data. it primarily refers to data that is stored in a computing system while it’s being processed. for example, a user working on a microsoft word document will ...
de-identified information
    Records that have had personal data removed or obfuscated so that the information does not identify a data subject. information can be de-identified by using a code, algorithm or pseudonym. common...
digital rights management (drm)
    In the context of organisational data protection, drm, which is sometimes referred to as enterprise digital rights management (edrm), helps to protect data that has been properly classified and re...
distinguishable information
    Information that can be used to identify a data subject.
dmarc (domain-based message authentication, reporting & conformance)
    This is the email message validation standard that is used to prevent spoofed emails. dmarc combines sender policy framework with domainkeys identified mail protocols to confirm that a message cam...
dns cache poisoning
    The attacker “poisons” the dns cache of a dns server with incorrect routing information. this results in dns requests that resolve to the attacker’s proxy server and browser requests being surrept... pharming; pharming, credential harvesting;
domain keys identified mail (dkim)
    A system which allows receiving mail servers to check whether an email came from the domain that it purports to and was not modified during transport. this is done largely to prevent mail spoofing...
domain spoofing
    The creation of a website domain that is made to look like a bona fide website. the victim logs into the spoofed website domain with their real credentials, which are then used by the attacker. fo...
double-barrel attack
    A phishing technique where the victim is sent multiple emails from the same malicious sender. the initial emails do not contain an attack as they are used to establish some credibility and garner ...
doxing
    The release of confidential personal or organisational information from a compromised computer or storage device into the public domain. an infamous case of doxing involved 11.5 million leaked doc...
drive-by download
    Va malicious file that downloads automatically from a compromised website with little or no user intervention. drive-by-downloads usually exploit out-of-date website plug-ins. in 2011, visitors to...
dumpster diving
    Process whereby the attacker examines the contents of waste bins, skips or recycling bins for the purpose of obtaining confidential information, such as invoices, email printouts or company memos....
email hijacking
    Occurs when a bad actor takes control of a user’s email address via unauthorised means such as credential harvesting. once they have control, they can prey on the user’s contacts list to propagate...
encryption (device)
    Encryption is the scrambling of data so that it can only be accessed by someone with a decryption key. all devices that contain confidential or sensitive information should be encrypted. the login...
evil twin
    A wireless access point or computing device that spoofs the legitimate access point’s ssid or uses a similar name to another network. this can be used to instigate a man-in-the-middle attack where...
file-less malware
    This malware is extremely difficult to detect as it’s not written to the systems’ disk. instead, such infections reside in the systems’ memory, which can be within the windows registry, in a rootk...
form grabbing
    Malware that works by capturing data in a web form before the form is submitted. it is considered more effective than keylogging software, as it captures data even when a virtual keyboard, autofil...
fullz
    Hacker slang for information that is needed to steal one’s identity. cybercriminals will often offer some “free samples” of people’s identities to buyers on the dark web to show that they’re credi...
general data protection regulation (gdpr)
  1. This data protection regulation will allow individuals to have greater control over how their data is collected and controlled when it comes into effect in may 2018. under this regulation, all...
host intrusion prevention system (hips)
    Performs a similar role to anti-virus software in that it both detects and blocks threats, but its broader scope means that hips can detect changes to the operating system. however, with the evolu...
identity access management
    The system for controlling access to an organisation’s information assets. the whole premise of an iam solution is one identity per individual. that identity should be maintained, modified and mon...
incident reporting
    Modern day it security does not just come under the remit of the it department. instead, it is everyone’s job. it can greatly enhance an organisation’s security posture if incident reporting polic...
incident response (data breach)
    Organisations should develop contingency plans in preparation for a possible data breach. these should contain information, such as how individuals should be notified about the breach, how the bre...
inference attack
    This usually refers to a database when an authorised entity is able to infer sensitive information from authorised query results and prevailing common knowledge. for example, an authorised user ac...
instant messenger (im) attack
    Instant messenger tools, such as those provided by google, facebook and a host of other vendors, can provide a vector for a number of phishing attacks.
internal data
    Data generated from day-to-activities that are not identified as confidential or restricted. typical examples of internal data might include email correspondence with clients or internal telephone...
internationalized domain name (idn) homograph attack
    Website domain names can be registered using non-latin characters. this means that websites for popular domain names can be mimicked whilst appearing to be totally normal in the user’s browser. fo...
least access privilege
    The basic principle of it security, which dictates that people should only have access to data or systems that are strictly required for the performance of their duties. “privilege creep” occurs w...
linkable information
    Information which, when linked with other information, can be used to identify a data subject. for example, in a relational database, date-of-birth linked with a home address will probably identif...
mis-delivery (email)
    Email mis-delivery is a common cause of data breaches. this user error can occur when a user inadvertently sends an email containing sensitive data to the wrong recipient. mis-delivery errors can ...
mis-direction
    The act of deliberately drawing a target’s attention to one thing in order to distract them from another. this is often used in social engineering attacks.
multi-factor authentication (mfa)
    Passwords have an inherent weakness as they can be stolen, guessed or brute-forced. as a result, hardware manufacturers and software providers decided this more secure authentication solution was ...
open source intelligence techniques (osint)
    The practice of using publicly available information found in sources, such as google, linkedin, twitter, whois and facebook, to glean intelligence on an individual. using such sources has made it...
out of band (oob) authentication
    The use of a separate communication channel, such as an email, telephone, or in-person request, to verify the veracity of a request. this is considered to be a type of two-factor authentication. m...
pass the hash
    Many users erroneously believe that hashed passwords stored in their internet browser cannot be used in attacks. in reality, however, attackers can use what are known as “hash dumping tools” which...
personally identifiable information (pii)
    Any information, such as date of birth, credit card details, home address, driving license information etc., can be classified as pii. there is a thriving black market for pii on the so-called “da...
phishing susceptibility framework
    Framework that correlates user attributes, such as culture, age, gender and experiential factors (technology savviness and professional experience), to phishing attack susceptibility.
post-completion error
    Occurs when a user fails to complete a task securely. for instance, a user might be logged on to outlook web access or another email portal, but fails to log-out, leaving the email account open to...
pretexting
    This is using a fabricated story to elicit an action from a target. common pretexts include attackers “verifying your account information” or posing as “it support personnel investigating a proble...
privacy by design
    Designing systems and applications which have data protection by default. privacy experts have always espoused privacy by design, but under gdpr it has become an explicit requirement. for example,...
privacy notice
    This is a document that informs data subjects how you use their data. under gdpr, your privacy notice must contain a number of details, including the contact details of your company and dpo, the r...
protected health information (phi)
    This refers to any health information that is created or received by a health care provider, health plan, public health authority, employer, life insurer, school, university or healthcare clearing...
pseudo-randomised data
    This refers to data which has been partially anonymised. for example, somebody’s name might be replaced with a number.
qr code phishing
    While qr codes may seem innocuous, the information encoded in them can be used to open a url, send a text message or compose an email. this often automatically executes an action in the related ap...
remote access trojan (rat)
    A rat is a piece of malware that provides a backdoor for the administrative control of the target. the goal of some phishing attacks is to install a remote access trojan onto the target’s computer...
sandbox
    This is an isolated environment within a computer’s operating system that is used for the opening of suspicious or untested executable files. in the same way that armies blow up suspicious package... dynamic analysis;
scareware
    Also known as “fake anti-virus”, scareware software issue a pop-up alert that aims to frighten unsuspecting internet users into purchasing worthless security software. scareware can also take the ... anti-virus software;




Глоссарий терминов по социальной инженерии и информационной безопасности


Отказ от ответственности. Глоссарий терминов по социальной инженерии и информационной безопасности не охраняется авторским правом. Для создания глоссария редакторами бюро переводов были использованы материалы из открытых источников и опубликованы в образовательных целях. Если вы заметили неточность в терминологии, ошибки или факт неправомерного использования информации, свяжитесь с главным редактором бюро переводов по электронной почте.