Send email Copy Email Address

CISpA IT-Glossary

Principle for the clear identification of responsibility or authorship for (digital) processes and constructs, with the aim of ensuring accountability. This also predicates the assignment of competence, for example, as to who has access to certain data or who can access a server.

Enables hidden access to a computer, bypassing existing security mechanisms. Can either be deliberately built in by developers to gain access for service purposes or secretly installed by malware.

Refers to various forms of personalized information used to prove user identities to a system. These include user names, passwords, or biometric data.

Refers to methods for the secure conception, definition and construction of information systems for secure data transmission. Along with cryptanalysis, cryptography is part of the scientific field of cryptology.

When users are persuaded by manipulative designs or applications to perform actions that run counter to their original interests or intentions, this is referred to as a dark pattern.

Attacking security systems on behalf of their owners in order to find and close security gaps. Also referred to as white hat hacking, in reference to the fact that the good guys in Western movies often wear white hats.

A kind of multi-factor authentication that provides a strong authentication method on the Internet not using a password but a secret key, usually in conjunction with biometric features, hardware keys or smart cards.

Denotes a machine learning model consisting of two competing neural networks. GANs are capable of generating realistic images and texts.

A target on the Internet, a server for example, that pretends to contain valuable data. This “honeypot” is created with the intention of encouraging attacks in order to learn about attack methods and/or identify attackers.

Term describing the interface between different parts or components of a communication system. Distinctions are made, for example, between data interface, hardware interface, network interface, etc.

A programming or scripting language that is an extension of HTML and that enables the display of dynamic and interactive web pages. Enables, for example, the adaptation of web pages to different devices and screen sizes.

Refers to the unauthorized publication of information on the Internet and the loss of data that ensues for users.

Refers to the derivation of knowledge from large data sets. By recognizing patterns in known data, models are created for the prediction of future developments, such as the best route in a automotive navigation system.

Software whose program code can be accessed and used freely (but there may be restrictions on commercial use).

Computer program which converts semi-structured or unstructured data, such as text or web sites, into a structured format. In practice, a parser ensures, for example, that the HTML code of a website is displayed correctly by a browser.

Malware that encrypts data on a computer, making it inaccessible. The encryption can only be reversed by the correct key, which is (usually) revealed in exchange for a ransom payment.

Refers to hardware components such as special USB devices that are used for the identification and authentication of users.

A program that feigns usefulness but that is actually used to introduce malicious code. The term derives from the Trojan Horse which, according to legend, was used by the Greeks to enter besieged Troy.

A method used by hackers to exploit a previously unknown and unresolved vulnerability in the program code. "Zero-day" refers to the fact that the vulnerability was not known to the developers until the attack.