Computer Security Risk
Any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability.
Crimeware
Software used by cybercriminals.
Hacker
Someone who access a computer or network illegally.
Cracker
Someone who access a computer or network illegally but has the intent of destroying data, stealing information or other maicious action.
Script Kiddie
Does not have the technical skills and knowledge of a cracker.
Cyberextortionist
Someone who uses e-mail as a vehicle for extortion.
Cyberterrorist
Someone who uses the Internet or netowrk to destroy or damage computers for political reasons.
Cyberwarfare
An attack whos goal ranges from disabling a governments computer network to crippling a country.
Computer Emergency Response Team Coordination Center (CERT/CC)
A federally funded Internet Security research and development center.
Virus
A potentially damaging computer program that effects, or infects, a computer negatively by altering the way the computer works without the users knowledge or permission.
Worm
A program that copies itself repeatedly possible shutting down the computer or network.
Trojan Horse
A program that hides within or looks like a legitimate program.
Rootkit
A program that hides in a computer and allows someone from a remote location to take full control of the computer.
Malware
Programs that act without a users knowledge and deliberately alter the computers operations.
Payload
The destructive event or prank the program is inteded to deliver.
Macros
Instructions saved in software such as a word processing or spreadhseet program.
Virus Signature (Virus Definition)
A known specific pattern of virus code.
Inoculate
An intivirus program records information such as the file size and file creation date in a separate inoculation file.
Quarantine
A separate area of a hard disk that holds the infected file until the infection can be removed.
Virus Hoax
An e-mail message that warns users of nonexistent virus or other malware.
Botnet
A group of compromised computers connected to a network such as the Internet that are used as part of a network that attacks other networks.
Zombie
A compromised computer whose owner is unaware the computer is being controlled remotely by an outsider.
Bot
A program that performs a repetitive task on a network.
Zombie Army
Malicious bots on unprotected computers.
Denial of Service Attack (DoS attack)
An assault whos purpose is to disrupt computer access to an Internet service such as the Web or e-mail.
Distributed DoS attack
In which a zombie army is used to attack computers or computer networks.
Back Door
A program or set of instructions in a program that allow users to bypass security controls when accessing a program, computer, or network.
Spoofing
A technique intruders use to make their network or Internet transmission appear legitimate to a victim computer or network.
E-mail Spoofing
When the senders address or other components of the e-mail header are altered so that it appears the e-mail originated from a different sender.
Firewall
A hardware and/or software that protects a network's resources from intrusion by users on another network such as the Internet.
Proxy Server
A server outside the organizations network that controls which communications pass into the organizations network.
Personal Firewall
A utility program that detects and protects a personal computer and its data from unauthorized intrusions.
Intrusion Detection Software
Automatically analyzes all network traffic, assesses system vulnerabilities, identifies any unathorized intrusions, and notifies network administrators of suspicious behavior patterns or system breaches.
Honeypot
A vulnerable computer that is set up to entice an intruder to break into it.
Unauthorized Access
The use of a computer or network without permission.
Unauthorized Use
The use of a computer or its data for unapproved or possibly illegal activities.
Access Control
A security measure that defines who can access a computer, when they can access it, and what actions they can take while accessing the computer.
Audit Trail
Records in a file both successful and unsuccessful access attempts.
Authentication
Verifies that the individual is the person he or she claims to be.
Indentification
Verifies that an individual is a valid user.
User name (user ID)
A unique combination of characters, such as letters of the aplhabet or numbers that identifies one specific user.
Password
Private combination of characters associated with the user name that allows access to certain computer resources.
Passphrase
A private combination of words, often containing mixed capilization and punctuatio, associated with a user name that allows access to certain computer resources.
Possessed Object
any item that you must carry to gain access to a computer or computer facility.
Biometric Device
Authenticates a persons identity by translating a personal characteristic such as a fingerprint, into a digital code that is compared with a digital code stored in the computer verifying a physical or behavioral characteristic.
Biometric payment
Where a customers fingerprint is read by a reader that is linked to a payment method such as a checking account or credit card.
Digital Forensics
The discovery, collection, and analysis of evidence found on computers and networks.
Hardware Theft
The act of stealing computer equipment.
Hardware Vandalism
The act of defacing or destroying computer equipment.
Real Time Location System (RTLS)
A system that tracks and identifies the location of high-risk or high-value items.
Software Theft
Occurs when someone steals software media, intentionally erases programs, illegally copies a program, or illegally registers or activates a program.
Keygen (key generator)
A program that creates software registration numbers and sometimes activation codes.
License Agreement
The right to use the software.
Business Software Alliance (BSA)
Formed by major worlwide software companies to promote a better understanding of software piracy problems.
Encryption
A process of converting readable data into enreadable characters to prevent unauthorized access.
Decrypt
To decipher data into a readable form.
Plaintext
The unencrypted readable data.
Ciphertext
The encrypted (scrambled) data.
Encryption (algorithm or cypher)
A set opf steps that can convert readable plain text into unreadable ciphertext.
Encryption Key
A set of characters that the originator of the data uses to encrypt the plaintext and the recipient of the data uses to decrypt the ciphertext.
Key Encryption (Symmetric key encryption)
Uses two encryption keys; a public key and a private key.
Surge Protector
Uses special electrical components to smooth out minor noise, provide a stable current flow, and keep an overvoltage from reaching the computer and other electronic equipment.
Underwriters Laboratories (UL) 1449 standard
Allows no more than 500 maximum volts to pass through the line.
Uninterruptible Power Supply (UPS)
a device that contains surge protection circuits and one or more batteries that can provide power during a temporary or permanent loss of power.
Standby UPS
Switches to battery power when a problem occurs in the power line.
Offiline UPS
Switches to battery power when a problem occurs in the power line.
Online UPS
Always runs off the battery, which provides continuous protection.
Fault Tolerant Computer
Has duplicate components so that it can continue to operate when one of its main components fail.
Restore
Copying the backed up files to their original location on the computer.
Full Backup
Copies all of the files in the computer.
Selective Back Up
Users choose which folders and files to inlcude in a backup.
Three-generation backup
A policy to preserve three copies of important files.
Grandparent
The oldest copy of the file.
Parent
The second oldest of the file.
Child
The most recent copy of the file.
To "Back Up
To make a copy of the file.
A Backup
A duplicate of a file, program, or disk that can be used if the original is lost, damaged, or destroyed.
War Driving (Access Point Mapping)
Individuals attempt to detect wireless networks via their notebook computer or mobile device while driving a vehicle through areas they suspect have a wireless network.
War Flying
Where individuals use airplanes instead of vehicles to detect unsecured wireless networks.
WAP
Wireless Access Point
Wi-Fi Protected Access
A security standard that improves on older security standards by authenticating network users and providing more advanced encryption techniques.
802.11i Network (WPA2)
The most recent network security standard, conforms to the governments security standards and uses more sophisticated encryption technicques than WPA.
Repetitive Strain Injury (RSI)
An injury or disorder oif the muscles, nerves, tendons, ligaments, and joints.
Computer Vision Syndrome
A type of health-related condition due to computer usage that causes sore, tired, burning, itching, dry, blurry, double vision, to the eyes.
Ergonomics
An applied science devoted to incorporating comfort, efficiency, and safety into the design of items in the workplace.
Computer Addiction
Occurs when the computer comsumes someone's entire social life.
Computer Ethics
The moral guidelines that govern the use of computers and information systems.
Intellectual Property (IP)
Refers to unique and original work such as ideas, inventions, art, writings, processes, company, product names, and logos.
Intellectual Property Rights
The rights to which creators are entitiled for their work.
Copyright
Gives authors and artist rights to duplicate, publich, and sell their materials.
Digital Rights Management (DRM)
A strategy designed to prevent illegal distribution of movies, music, and other digital content.
Code of Conduct
A written guideline that helps determine whether a specific computer action is ethical or unethical.
Green Computing
Reducing the electricity and environmental waste while using a computer.
ENERGY STAR Program
Designed by the DOE and EPA to help reduce the amount of electricity used by computers and related devices.
Power Usage Effectiveness (PUE)
A ratio that measures how much power enters the computer facility, or data center, against the amount of power required to run the computers.
Information Privacy
The right of individuals and companies to deny or restrict the collection and use of information about them.
Cookie
A small text file that a Web server stores on your computer.
Pharming
A scam, similar to phishing, where a perpetrator attempts to obtain your personal and financial information, except they do so via spoofing.
Clickjacking
An object that can be clicked on a Web site, such as a button.
Spyware
A program placed on a computer without the user's knowledge that secretely collects information about the user.
Adware
A program that displays an oline advertisement in a banner or pop-up window on Web pages, email pages, or other Internet services.
Web Bug
Hidden on web pages or in e-mail messages in the form of graphical images.
1970 Fair Credit Reporting Act
A law with an apparent legal loophole, that limits the rights of others veiwing a credit report to only those with a legitimate business need.
Social Engineering
Gaining unauthorized access to or obtaining confidential information by taking advantage og the trusting human nature of some victims and the naivety of others.
Employee Monitoring
The use of computers to observe, record, and review an employee's use of a computer, including communications such as email messages, keyboard activity, and Web sites visited.
Content Filtering
The process of restricting access to certain material on the Web.
Internet Content Rating Association (ICRA)
A rating system which is similar to movies and videos. If content at the Web site goes beyond the rating limits set, a user cannot access the Web site.
Web Filtering Software
A program that restricts access to specified Web sites.