Глоссарий

Глоссарий

Презентации продукции, тренинги и обмен информацией. Подразделение Rohde & Schwarz Cybersecurity регулярно участвует в многочисленных мероприятиях, представляя заказчикам новые продукты и сервисы. Благодаря переговорам с посредниками и конечными пользователями мы можем еще лучше адаптировать наши продукты под потребности клиентов. В повестку многих политических мероприятий входит тема ИТ-безопасности и защиты данных. Эксперты подразделения Rohde & Schwarz Cybersecurity регулярно выступают с презентациями на симпозиумах экспертов и конференциях ассоциаций, делясь своими знаниями по последним тенденциям и инновационным технологиям защиты от кибератак.

Благотворительная деятельность и вклад в спорт позволяют нам отдавать должное обществу, в котором мы живем.

В будущем мы будем выступать на следующих мероприятиях:

API

Application programming interface or application interface that enables systems to be linked to programs at source level.

Application (App)

Application software. A term often used in connection with applications for mobile devices such as laptops, tablets or smartphones.

APT attacks

Advanced persistent threats (APT) aim at large-scale infection of computers, spread of malware, theft of login credentials or the formation of a botnet (see 3. Botnet).

Authentication

The proof of authenticity. You can authenticate an identity by entering a password, using a smart card or biometric data, and data by cryptographic signatures.

Backdoors

Backdoors are access points included by software developers to circumvent security features, in case system access is required.

Botnet

A botnet is a remotely controlled network of several thousand computers, tablets or mobile devices that are misused to shut down websites by way of distributed denial-of-service (see 12. DDoS) attacks. Botnets are also used to send spam emails or steal data and are sometimes rented out to third parties.

Brute force

This machine, program-driven type of attack occurs using mass, systematic trial and error ("brute force") of countless combinations of usernames, passwords, and passphrases.

CEO Fraud

Targeted social engineering attacks on employees of public authorities and companies. Attackers use previously captured identity data, such as phone numbers, passwords or e-mail addresses, to impersonate CEOs, etc., and induce employees to pay out large sums of money.

Cloud computing

The provision, use and billing of IT services over a network, dynamically adapted to requirements. These services are offered and used exclusively via defined API and protocols. The services offered in cloud computing reflect the spectrum of cybersecurity and include complete infrastructures such as computing power and storage space, but also platforms and software.

Data protection

Includes protection of personal information that either directly identifies or allows for identification of a person. Since May 2018, it is governed by the European General Data Protection Regulation in order to improve consumer protection.

Data security

Encompasses all information protected by data protection laws, plus sensitive data such as corporate secrets and information related to development and research.

Digital certificate

Data set that includes information such as names, additional records and a signature of a person, group or system.

Digital fingerprint

Also called the hash value of a cryptographic hash function, it describes a checksum that allows the immediate validation of a data set.

Digital signature

Checksum proving the identity of a person and the integrity of information, created through a private key.

Digital transformation

Digitization of work processes and the required strategic preparation and planning.

Digitization

Conversion of analog to computerized processing and the increased usage of computers in general.

Distributed denial-of-service (DDoS)

Programmed and scheduled attacks on internet services, intended to overload the server and cause a downtime. Most commonly executed by botnets massively targeting net components or servers.

Drive-by-Exploits

The automated exploitation of security vulnerabilities on computers. Calling up a website without further interaction already leads to the exploitation of weak points in the browser, plug-ins or operating system in order to install malware unnoticed.

Emotet

Malware that extracts email contacts and content to further spread itself. If a computer is infected with Emotet, it will continue downloading other malware. It is paramount to warn against carelessly opening email attachments or links. “The safest browser in the world” offers protection against Emotet.

At the end of January 2021, investigators took over and smashed the infrastructure of the "Emotet" malware, which is considered the most dangerous in the world.

Exploit

The exploitation of security vulnerabilities in the code of software or hardware is called an exploit. See also drive-by exploits and zero-day exploits.

GDPR

Regulation of the European Union for the unification of the rules for the processing of personal data, valid since May 25th 2018

Injection attacks

If user input is not adequately filtered, applications can be vulnerable to injection attacks. An SQL injection vulnerability allows attackers to manipulate database queries so that desired database content is returned instead of what was originally intended. SQL injection can also be used to make changes to database content or execute program code.

IT baseline protection

"Considers the three core values of information security: Confidentiality, Availability, and Integrity. Other information security terms include authenticity, bindingness, reliability, and non-repudiation. It refers to a methodology for establishing a security management system as well as the state in which the standard security measures recommended by the BSI are implemented."

KRITIS

Critical infrastructure (or critical national infrastructure (CNI) in the UK) which can be a plant, a system or a component and are essential for the maintenance of social functioning

Malware

Malicious software that is designed to prevent and disrupt the use of computers and data (see Ransomware).

NIS

Law to implement the European directive to ensure high network and information security; in force since 06/29/2017. Defines measures within the European Union to ensure a high level of security for information and network systems

PCI DSS

Payment Card Industry Data Security Standard. A set of rules in payment transactions that is supported and used by leading credit card organizations to process secure transactions

Phishing

The compound term from "password" and "fishing" describes so-called social engineering, which is intended to persuade victims to unwittingly hand over access data. Successful phishing methods include manipulated e-mails and websites that look and sound deceptively real.

PSD2

The second payment service directive paves the way for open banking. Customers should be given more freedom in choosing online financial services

Public cloud

Public clouds allow you to work independently from software and hardware by provisioning applications, infrastructure, computing power and storage space.

Ransomware

Malware that encrypts data or denies access to computers with the intention of extorting a ransom. A distinction is made between two different kinds of ransomware: file-encrypting ransomware that encrypts data on a computer, and screen-locking ransomware that locks the screen and prevents access to data and the system. Ransomware can target any operating system, but Windows-based systems are currently the most common target.

Real-time

Input, transfer and output of data between devices without delay of transmission.

Security by Design

Cybersecurity requirements already implemented during the development of solutions and products.

Social engineering

Social engineering is a method of attack that uses human "weaknesses" such as curiosity or naivety, and sometimes even fear, to obtain data and access. Security precautions are circumvented in this way and people are induced to disclose sometimes very sensitive information. The "human vulnerability" is also known as the Layer 8 problem.

SQL Injection

In SQL injections, database commands are injected into an SQL database via input fields on websites in order to spy out data or gain control of the system.

Web Application Firewall

A process that protects websites and web applications. This application firewall analyzes traffic between clients and servers at the application level, monitors, filters and blocks HTTP traffic and is either installed as a standalone firewall or installed on the server.

Zero day exploits

Security loopholes in a software that are taken advantage of on the same day they occur. Thus, “zero days” pass between the loophole becoming public and the attack.

Your monthly cybersecurity update

Your monthly cybersecurity update

Contact Us

У вас есть вопросы или вам нужна дополнительная информация? Просто заполните эту форму, и мы свяжемся с вами в ближайшее время..

Ваш запрос отправлен. Мы свяжемся с вами в ближайшее время.
An error has occurred, please try again later.