IT Security Definitions

Definitions for some of the most common IT Security words and terms you need to know

Data Loss Prevention

Many firewalls include provisions for Data Loss Prevention (DLP). DLP software is a module that sits on top of the firewall’s operating system and watches the network for unauthorized information leaving the network.

For example, if a disgruntled employee tries to email a list of client credit card numbers to a personal email address, the DLP software will recognize that data and prevent that information from leaving the network.

DLP can be configured to protect ICD codes, credit/debit card numbers, social security numbers, and more.

Data Protection, Disaster Recovery, and Encryption

It is no longer enough just to have an offsite copy of your data and call it a day. Now you must ensure you have access to all the resources you need to restore your business to a fully operational state in the event that a disaster occurs.

Moreover, you must ensure that if those offsite backups are stolen, that the data is encrypted to prevent it from falling into the hands of an unauthorized user.

This ensures that you don’t fall victim to a disaster, or worse, a malicious attack aimed at corrupting or exposing their data.

Encrypted Email

In order to ensure that your emails don’t end up in the wrong hands, encrypted email solutions ensure that the only person who is able to read an email message is the person who it was intended for.

Encrypted Texting

With the popularity of text messaging ever on the rise, the need for secure communication between mobile devices is rising.

The same privacy threats to messages sent via email apply to text messages as well. In order to combat those threats, you can turn to encrypted texting solutions that provide a similar experience to encrypted email by ensuring that the only person able to read the message is the intended party.

Firewall Hardening

Many people, including some IT professionals, think that firewall installation is a “set it and forget it” procedure. They believe that once the firewall is in place on the network, they don’t need to do any further configuration. This is a dangerous misconception.

In order to provide the maximum amount of protection possible, a firewall must be configured properly for the network and steps must be taken to ensure that unneeded services, ports, and protocols are blocked at the network perimeter.

Additional hardening steps can also be taken as a precaution, such as blocking all traffic from certain IP addresses, networks, or even geographical regions.

Information Security Policy and Compliance Management

Creating an Information Security Policy can be a daunting prospect. In most cases, many users do not have the experience and/or knowledge necessary to create an Information Security Policy that will protect them and meet their regulatory requirements.

Managed Anti-Virus and Anti-Malware Software

In an organization with 20 or more workstations, keeping anti-malware software up-to-date can be a daunting task. Managed anti-virus and anti-malware software allows IT companies to deploy these applications from a central console and keep all associated workstations updated as a cohesive unit.

Most managed implementations allow you to utilize a central virus response system or quarantine that allows you to intervene automatically if and when a suspicious file is detected, cutting down on service calls and the amount of hands-on time to repair malware issues.

Managed Data Encryption

It isn’t uncommon to hear that a data breach was precipitated by the theft of a laptop or mobile device that contained confidential or proprietary data. Managed Data Encryption is an essential tool for combating these types of accidental data disclosure.

Managed Data Encryption products allow you to secure and manage your sensitive data from a centralized location, eliminating the need for per-workstation configuration that could open the door to errors in configuration or maintenance.

Patch Management

Many compliance standards have a requirement for the regulated entity to monitor for new security patches and apply these patches as soon as possible. A patch management system allows you to specify how and when these installations occur. In many cases, a patch management system can significantly cut down on the amount of hands-on time required to bring servers and workstations up-to-date and into compliance with regulatory requirements.

Personally Identifiable Information (PII)

Personally identifiable information, or PII, is any data that could potentially be used to identify a particular person. Examples include a full name, Social Security number, driver’s license number, bank account number, passport number, and email address.


Phishing is a type of social engineering where an attacker sends a fraudulent message designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure like ransomware.


Ransomware is a type of malware from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them.

Risk Assessments

Many compliance standards require a quarterly risk assessment to identify any issues that may be present in the information security infrastructure. By performing regular risk assessments, you can often catch small problems before they become big problems.

Even if you aren’t required by regulations to have a regular risk assessment, it is a very good idea for every company with a network to have a risk assessment performed annually. This will help identify potential problem areas that should be addressed before a data loss incident occurs.

Risk Management

IT risk management aims to manage the risks that come with the ownership, involvement, operation, influence, adoption and use of technology as part of a larger enterprise.

Security Information and Event Management (SIEM)

A SIEM system allows you to take event data from multiple sources, like servers, PCs, firewalls, and routers, and collect and collate all that information in one place. This centralized reporting allows you to spot trends easier and see patterns that might be out of the ordinary.

By centralizing the storage and analysis of logs, a SIEM provides almost real-time insight into the network and allows security personnel to take action against detected threats more quickly.

A SIEM can also assist in forensic analysis of a data breach or security event after it occurs.

Social Engineering

Social engineering is a form of techniques employed by cyber-criminals to lure unsuspecting users into sending them their confidential data, infecting their computers with malware or opening links to infected sites. In addition, hackers may try to exploit a user's lack of knowledge; thanks to the speed of technology, many consumers and employees don't realize the full value of personal data and are unsure how to best protect this information. 


Spear Phishing

Phishing attempts directed at specific individuals or companies is known as spear phishing. In contrast to bulk phishing, spear phishing attackers often gather and use personal information about their target to increase their probability of success.


Threat Actor

A threat actor, also called a malicious actor, is an entity that is partially or wholly responsible for an incident that impacts – or has the potential to impact -- an organization's security.
In threat intelligence, actors are generally categorized as external, internal or partner.  With external threat actors, no trust or privilege previously exists, while with internal or partner actors, some level of trust or privilege has previously existed. The actor may be an individual or an organization; the incident could be intentional or accidental and its purpose malicious or benign. 

Training (Administrator and User)

Training is critical to maintaining a secure computing environment. Without training, users may compromise data through ignorance of an established policy or procedure, or fail to notify the appropriate personnel of a suspected or confirmed breach.

Administrator training helps prepare the local administrator to deal with the most common security related issues that may arise on a day to day basis, while user training is focused on security best practices including basic information security and strong password selection.

Unsolicited Commercial Email (SPAM) Protection

Unsolicited commercial email, or spam, is responsible for countless dollars in productivity lost and hundreds of hours of wasted time. UCE Protection systems help to filter out the unwanted mail while ensuring that the messages you need to receive are delivered to you for your review.

UCE Protection systems also help to reduce the threat of viruses and other malware making their way into your networks through email attachments and malicious links.

Vulnerability Scanning

Vulnerability scanning can come in several forms. Some scans are focused on the network perimeter and are designed to ensure that your routers and firewalls are configured correctly to block unauthorized traffic. Other vulnerability scans are focused on applications and operating systems and are designed to seek out unpatched bugs that may allow intruders access to your systems.

A good vulnerability scanning suite will provide a robust mixture of various types of scans and provide a detailed analysis of your overall information security health.

Web Filtering

Web filtering is essential as a first line of defense against malware intrusion. A good web filtering application will block known malicious sites and prevent end users from accessing those sites before harmful content can be downloaded to the workstation. Additionally, web filtering can assist in maintaining a productive workforce by eliminating sites that are not aligned with the business and its goals.