Security Glossary

Security Glossary: list of words often used in the security technology context, and their meaning.

Security Glossary


All | A B C D E F G H I L M N O P R S U V W | Submit a word
There are currently 69 words in this directory
In security systems a variety of encryption standards are used. AES, the Advanced Encryption Standard, is currently most commonly used. Encyption keys of 128, 192 or 256 bits can be used with AES.

Artificial intelligence (AI) is the are of Information Technology that researches howto make a computer to think and learn without human command. John McCarthy came up with the name "artificial intelligence" in 1955.

Acronym for Automatic Number Plate Recognition. Also called LPR - License Plate Recognition. Refers to camera's that are capable of reading license plates, usually on cars. These cameras use OCR (Optical Character Recognition) to convert an image into a 'string', the actual license plate information (characters and numbers). This can then be used as the ID for the vehicle in an access control system. ANPR cameras can use IR (infrared) light to isolate the plate from the rest of the picture. When colors need to be identified, ANPR-cameras with white light need to be used. When used with Wiegand-connected devices, the alphanumerical string needs to be converted to a number. (See video)

Founded in 1955, ASIS International is a global community of security practitioners, each of whom has a role in the protection of assets (people, property, and information).

Acronym for Automatic Vehicle Identification. Refers to technologies that can be used to remotely and automatically identify vehicles as part of a vehicular access control system (See video)

Amazon Web Services - a cloud solution for hosting and data storage

Bluetooth Low Energy - a technology for transmitting data/information between devices which is energy efficient. Particularly useful with wireless devices to conserve battery utilization.

Building Management System - a system which can control multiple elements (such as HVAC, lighting, power monitoring, etc.) of a facility

Acronym for Closed-Circuit Television. Refers to video surveillance: using video cameras to monitor the situation in specific areas. Video surveillance cameras traditionally often used RG59 coax cables. Nowadays network cables or CAT5 cables are more popular.

Cloud connecting is also becoming more popular in security. The word cloud refers to a public IP-network (the Internet) or a non-public (private) IP-network. Cloud-based systems allow for the setup of global, widespread systems with hosts that still connect and communicate real-time. Information is stored in a virtualized database or storage facility that not necessarily is situated on one specific server. In cloud-based access control systems readers often connect to the cloud using an IP-connection, which connect them to a cloud based access control server, which is approachable from anywhere by any host (computer or device) that is allowed to connect.

Crime Prevention Through Environmental Design (CPTED) is defined as a multi-disciplinary approach for reducing crime through urban and environmental design and the management and use of built environments.

Dark web
The part of the world wide web (http pages) that can not be found using search engines and the domain name system (DNS).

Dead zone
Used in video surveillance. Area without CCTV coverage.

Deep Learning
Deep Learning is a machine learning method. It allows us to train an AI to predict outputs, given a set of inputs. Both supervised and unsupervised learning can be used to train the AI.

Deep web
The part of the world wide web that is not easily found and seen using search engines like Google. It often refers to the hidden data behind web sites. The difference with dark web is that web pages on the dark web are deliberately kept hidden from the general public.

Domain Name System. The system that converts the friendly URL into an IP-address, the actual identifier of the host (computer) you are trying to connect with.

Acronym for Electronic Access Control, also known as ePACS (Electronic Physical Access Control System) - A system consisting of hardware and software that is used to manage access of people to a zone, building, are or any closed perimeter. The system stores authorizations for access (location, time) for specific carriers (people, vehicles). When a carrier approaches a perimeter, it is identified using for example RFID cards (something you have), PIN-code (something you know) or biometrics (something you are). The EAC system then, based on the authorizations, decides to grant or deny access. Access related events usually are stored in an event log.
EAC can also refer to Extended Access Control, a protocol to securely connect a smart card (like a credit card) to a terminal.

Enterprise Risk Management (ERM) refers to methods, process and policies for risk analysis and risk mitigation. ERM provide a framework for risk management, where risks are deemed relevant when they potentially affect the organisations capability to meet its own objectives. In corporate environments this usually translates into business continuity. Risk analysis usually comprises assessing the likelihood and impact of incidents. Security measures are expected to help mitigate risk and support compliance with internal and external (legal) guidelines. (See video)

FIPS 201 (Federal Information Processing Standard Publication 201) is a United States federal government standard that specifies Personal Identity Verification (PIV) requirements for Federal employees and contractors.rnIn response to HSPD-12, the NIST Computer Security Division initiated a new program for improving the identification and authentication of Federal employees and contractors for access to Federal facilities and information systems. FIPS 201 was developed to satisfy the technical requirements of HSPD-12, approved by the Secretary of Commerce, and issued on February 25, 2005.

Acronym for Facial Recognition. A biometric identification technology that uses facial characteristics.

Acronym for Global Security Operations Center, a centralized location (sometimes virtual) where security staff are anticipating, detecting, assessing, and responding to operational risk events using security systems and according to security procedures. Variations include: SOC (Security Operations Center), JSOC (Joint Security Operations Center), NOC (National Operations Center).

H.265 and H.264
H.265 is also known as High Efficiency Video Coding (HVEC) and MPEG-H Part 2. H.265 is a video compression standard designed for modern high-resolution video. It is a successor to the widely-used H.264 codec (also called AVC or MPEG-4 Part 10) and offers significant improvements.

HyperText Markup Language - The coding language used to create web pages.

Acronym for Identity and Access Management. Used in IT and converged security environments. It is about managing the access to digital and physical zones by roles and the carriers (people) that perform that role. Traditionally each system in IT and security would have its own user administration module. By moving user and access related data from subsystems to one IAM-system, users have only one identity throughout the landscape of systems. This makes managing the identities and access rights more efficient, less prone to human errors and more easily monitored and maintained throughout the access lifecycle of each individual. (

Intrusion Detection System. Terminology is used in both physical security and information security. In physical security it refers to the detection of unauthorized access to restricted zones or perimeters. Often uses PIR sensors to detect presence. In information security the system is used to detect unauthorized access to restricted zones in the IT infrastructure.

An Incident Management System is a system that is used to collect, analyze and respond to security incidents. Incidents are often presented on an IMD - Incident Management Dashboard.

In security systems IP refers often the Internet Protocol: the networking topology that is used to connect devices to a network of hosts with an IP-address. Ip-connections can be wired (with UTP-cables) or wireless.
IP can also refer to the protection grade of the casing of a product. The Ingress Protection Rating. For example IP65. First digit: solid particle protection, second digit: Liquid ingress protection.
IP also often refers to intellectual property.

Integrated Physical Security: IPS does not mean reverting to a bunker philosophy. It does, however, involve a sometimes difficult balancing act between effective and adequate security and being able to carry on business as usual. Source Einstein, S. & Philpott, D. 2011 - The Integrated Physical Security Handbook.

Information Technology / Information and Communication Technology. Infrastructure of hardware and software, including but not limited to the network infrastructure.

Acronym for License Plate Recognition. Also called ANPR - Automatic Number Plate Recognition. Refers to camera's that are capable of reading license plates, usually on cars. These cameras use OCR (Optical Character Recognition) to convert an image into a 'string', the actual license plate information (characters and numbers). This can then be used as the ID for the vehicle in an access control system. ANPR cameras can use IR (infrared) light to isolate the plate from the rest of the picture. When colors need to be identified, ANPR-cameras with white light need to be used. When used with Wiegand-connected devices, the alphanumerical string needs to be converted to a number. (See video)

Machine Learning
Machine learning is an application of artificial intelligence (AI) that provides systems the ability to automatically learn and improve from experience without being explicitly programmed. Machine learning focuses on the development of computer programs that can access data and use it learn for themselves.

Mobile Access
The use of smartphones and wearables is growing in popularity. Vendors like HID Global, STiD, Salto have released systems in which access control cards are virtualized and stored on the smartphone or wearable. Major advantages are the more effective distribution of cards (no physical distribution) and the ability to use the available network for additional communication (virtual offline access cards on the phone suddenly are online) and integrate with other apps and enjoy the computing power of the phone. (See video and special)

Acronyms for Network Video Recorder and Digital Video Recorder. Both store footage from connected video cameras and make that footage accessible. The NVR connects to IP-connected cameras. The DVR uses proprietary cabling to cameras.

Offline Access Control
In offline access control systems access rights (authorizations) are stored on a card or devices that is carried around, usually by people. Based on those access rights the reader decides whether the carrier should be allowed access. Important events can then also be stored on the card. In these types of systems the reader is often integrated in the lock and is batter-operated, which saves in cabling expenses. To compensate for the absence of a network, these systems often use 'network-on-card' principles.

Online Access Control
In online access control systems the access related authorizations and events are stored in a centralized database, which is used by the devices (readers, access panels) in the system to decide whether people are allowed access and to store those events. Biggest advantage when compared to offline access control: access rights are updated at all locations immediately after they are changed and events at one location can easily trigger automated events at another location.

ONVIF is an acronym for Open Network Video Interface Forum. ONVIF is an open industry forum that provides and promotes standardized interfaces for effective interoperability of IP-based physical security products, often cameras and related products.

Acronym for Open Supervised Device Protocol. OSDP is an access control communications standard developed by the Security Industry Association (SIA) to improve interoperability among access control and security products. The current major version is version 2. It is most commonly used to connect readers to access panels. The standard is based on RS-485. Compared to Wiegand connections, major advantages are: increased security (encrypted communication channel), better manageability and longer cable lengths. (See video)

Open Source Intelligence - information that is gathered and deducted from sources that are, in essence, publicly available.

OSS is an acronym for Open Security Standards, managed by the OSS-Association. The first issued standard is the OSS Standard Offline which prescribes how to store access rights (authorizations) on cards in offline access control installations.

OT network
Operational Technology (OT) network: The network in buildings that connect buidling management related systems, like elevators, lighting, HVAC, surveillance, or essentially, anything attached to the building. Nowadays IT and OT networks are more and more consolidated into one network.

Printed Control Board / Printed Circuit Board, the electronics boards which can be found in many products, including security devices. A variety of PCB production techniques exist, including through hole mounting and SMT, surface-mount technology, which leads to SMD, surface-mount devices.

A Passive InfraRed detector is an electronic sensor that measures infrared (IR) light radiating from objects in its field of view. They are most often used in PIR-based motion detectors, which are often used in Intrusion Detection Systems (IDS).

Acronym for Power over Ethernet. Set of standards that prescribes how to power IP-connected devices using the connected UTP-cable without the need for additional power cabling. Simplifies installation of devices.

Prox Cards
Prox is short for proximity. The phrase 'prox cards' often refers to low frequency RFID cards which operate at 120/125 kHz. Prox cards have been the unwritten standard for access control cards for decades. Nowadays so called Smart Cards are more popular. Typical brands of Prox Cards are HID Prox, EM and Nedap. Despite their name, prox cards often offer a longer read range than smart sards. Security features of these types of cards often are limited. (See video)

Physical Security Information Management (PSIM) refers to systems that allow for the management and control and also the integration of a variety of security subsystems, which are normally not connected. If an enterprise for example is using one are more access control systems, a video management system and an intercom system, PSIM software would allow these systems to collaborate and support the security manager with a centralized graphical user interface (GUI) to the information, events and control from all connected subsystems. It is believed that PSIM systems offer more valuable integrated security related information and events while optimizing the efficiency of the management and administration of security related systems. PSIM systems are also called security management systems.

Can mean a number of things. Sometimes PSS refers to a Physical Security Specialist or Private.Professional Security Services. In perimeter security PSS is also used as an acronym for Perimeter Surveillance Station - a location with staff and supporting systems with the intent to protect a perimeter.

Acronym for Radio Frequency IDentification: a technology that is used to identify objects and people using radio communication. Usually a powered and mounted RFID transmitter/receiver sends out a signal, which is reflected or answered by a small antenna and chip inside a RFID label. Labels usually contain a 'unique' number that is used to identify the person or the object. Labels can be battery-less (passive) or battery-assisted ((semi-)active)). RFID systems operate at several pre-defined radio frequencies, like for example 120/125 kHz (example: HID Prox cards), 13,56 MHz (example: MIFARE and HID iCLASS cards) and appr. 900 MHz (example: UHF tags). (See video)

RS-232 / RS-422 / RS-485
In security systems serial protocols are often used to connect devices. In access control systems for example often RS-485 is used to connect readers to access panels. Serial protocols follow industry standards, but often leave room for interpretation. Manufacturers often implement their documented versions of a specific protocol to support their installers or integrators when deploying their products in the field. The several protocols vary in specifications that relate to the number of cables, the supported topology, communications ability (full, half duplex), cable lengths, etc.

Real-Time Location Services: systems that use active RFID or other technologies to locate and follow specific objects for security or process optimization purposes.

Secure Access Service Edge, a term introduced by Gartner, SASE strengthens performance and robustness of wide-area networking and security by mixing a cloud based topology with on-premise and edge device installations.

Software Bill of Materials, list of open source or commercial software components that are used in a product.

SD-WAN is an acronym for software-defined Wide Area Networking. SD-WAN decouples the networking hardware from its control mechanism.

Security Convergence
Security convergence refers to efforts and systems that aim to combine physical and information security, at a technical, functional and organisational level. The basic idea is that conceptually there should be no difference in providing access to a building or to an application or to directories or files. Monitoring physical activity and digital activity with security in mind both serve the same purpose: ensuring business continuity. (See video)

Security Industry Group
Group of security professionals, initiated on LinkedIn. Currently over 100k of members. Linked to this website.

The Security Industry Association (SIA) is a trade association for global security solution providers, representing nearly 1,000 member companies. Originates from the United States.

Acronym for Security Information and Event Management. Combination of SIM - Security Information Management and SEM - Security Event Management. Refers to all software and related services that collect security related events and messages from a collection of applications and hardware, perform an analysis of that information and generate security related events. (< a href="">See video)

Acronym for Session Initiation Protocol. SIP is an IP-based protocol that allows communication using voice, video and multimedia. VoIP (voice over IP) uses SIP to communicate between devices and phone systems. Many intercom systems in security use SIP.

Smart Cards
The phrase 'smart cards' in security usually refers to cards that operate at 13,56 MHz and that follow the ISO 14443 standards. Typical brands include names like iCLASS from HID, Advant from Legic, MIFARE Classic and DESFire from NXP. (between-proximity-cards-and-smart-cards/">See video)

Simple Network Management Protocol (SNMP) is a set of protocols for network management and monitoring. Network devices suchrnas routers, switches, servers, cameras, and the like support SNMP. SNMP is used by devices to manipulate or request information.

Security Operations Center - The control room with staff that is equipped to oversee and manage all security related systems and services.

Sock puppet
An online identity used for purposes of deception. Or an actual puppet made of a sock 😉

Standalone Access Control
In standalone access control the access rights (authorizations) are usually stored in the embedded software of the reader, which is connected or integrated with a lock or barrier. Advantages of standalone systems are the simplicity of installation (no additional server or service needed). Disadvantage: access rights are managed locally. When more than one entrance is managed, people usually prefer online or offline access control systems.

Surface web
The portion of the web that is available to the general public.

UHF is an acronym for Ultra High Frequencies. UHF frequencies are also used for RFID-applications. Officially UHF refers to radio frequencies between 300 and 3000 MHz. In security UHF often refers to readers and tags that operate around 900 MHz (between 868-918, depending on region) and that are used to identify vehicles and people. These systems conform to the EPC Gen II standard, which is rebranded as RAIN RFID by the RAIN RFID consortium. UHF supports longer read ranges (several meters, depending on reader and tag specifications), usually with passive, battery-less, tags. The EPC Gen II v2 standard incorporates encrypted communication to support tag authentication. (See video)

VCA is an acronym for Video Content Analysis. VCA refers to the ability of cameras (using embedded or server installed software) to analyze camera footage and provide relevant information on the processed images. VCA examples are facial recognition, behavioral pattern recognition and license plate recognition.

Acronym for Video Management System. A Video Management System (Software/Server) refers to part of the video surveillance topology that is used to collect video footage from cameras and to store it somewhere. The VMS-system allows for the viewing of live video and stored video images and footage. A VMS can be installed locally, in the cloud or it can be part of a NVR or DVR.

Video Surveillance as a Service. Often based on cloud based video surveillance.

Wiegand originally referred to Wiegand cards and cards readers that used the Wiegand effect, as invented by John Wiegand.
Nowadays Wiegand refers to Wiegand Interfacing; the way readers in access control are connected to access panels. Wiegand interfaces are very popular globally because of their simplicity and easy set- up.
Wiegand nowadays also refers to the programming format that is used to store an ID, a number, on an access control card. The widely used Wiegand 26 format refers to the use of 26 bits top store the ID and facility code.

World Wide Web, the browser based part of the Internet, using the HTPP protocol (HyperText Transfer Protocol)

Submit a word