computer security
The protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide.
security threats
Backdoors, denial-of-service attacks, direct-access attacks, eavesdropping, malware, spoofing, tampering, privilege escalation, phishing, and clickjacking.
Internet safety
The knowledge of maximizing the user's personal safety and security risks to private information and property associated with using the internet, and the self-protection from computer crime in general.
Internet personal safety threats
Cyberstalking, cyberbullying, online predation, and obscene/offensive content.
malware
Botnets, viruses, Trojan horses, spyware, scareware, ransomware, and worms.
Internet privacy
The right or mandate of personal privacy concerning the storing, repurposing, provision to third parties, and displaying of information pertaining to oneself via the Internet.
Internet privacy risks
Activity monitoring, content searches, and social network profiling.
multi-factor authentication
A method of computer access control which a user can pass by successfully presenting several separate authentication stages through credentials based on knowledge (something you know), possession (something you have), and inherence (something you are).
password manager
A software application that helps a user store and organize passwords.
authentication
The process of confirming identity.
authorization
The function of specifying access rights to resources.
backup
Copying and archiving of computer data so it may be used to restore the original after a data loss event.
biometrics
Refers to measurements of human characteristics.
BitLocker
A full disk encryption feature included with the Ultimate and Enterprise editions of Windows Vista and later Windows operating systems.
bot
A software application that runs automated tasks over the Internet.
botnet
A number of Internet-connected computers communicating with other similar machines in an effort to complete repetitive tasks and objectives.
brute-force attack
A cryptanalytic attack that consists of systematically checking all possible keys or passwords until the correct one is found.
computer forensics
A branch of digital forensic science pertaining to the recovery and investigation of material found in computers and digital storage media, often related to computer crime.
computer security
The protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide.
cyber crime
Any crime that involves a computer and a network.
cryptography
The practice and study of techniques for secure communication in the presence of third parties.
denial-of-service attack
An attempt to make a machine or network resource unavailable to its intended users.
device hardening
The process of securing a system by reducing its surface of vulnerability through the removal of unnecessary software, unnecessary usernames or logins and the disabling or removal of unnecessary services.
dictionary attack
A technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities from a list.
disaster recovery plan
A documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster.
dumpster diving
The practice of sifting through commercial or residential waste to find items that have been discarded by their owners, but that may prove useful to the collector.
encryption
The process of encoding messages or information in such a way that only authorized parties can read it.
ethical hacker
A computer security expert, who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems.
firewall
A network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules.
hacking
Seek and exploit weaknesses in a computer system or computer network.
identity theft
The deliberate use of someone else's personal information, usually as a method to gain a financial advantage or obtain credit and other benefits in the other person's name.
keystroke logging
The action of recording the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored.
malware
Any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.
multi-factor authentication
A method of computer access control which a user can pass by successfully presenting authentication factors from at least two of the three categories of knowledge, possession, and inherence.
packet sniffer
A computer program that can intercept and log traffic passing over a digital network.
password complexity
The length and character set combinations used to create a password, such as upper case and lower case letters, numbers, and punctuation.
password confidentiality
A set of rules or a promise that limits access or places restrictions on password sharing.
password cracking
The process of recovering passwords from data that have been stored in or transmitted by a computer system, most often through brute-force or dictionary attacks.
password expiration
A policy that requires users to change passwords periodically.
password reuse
A policy that prevents users from repeating recently used passwords.
permissions
Access rights assigned to specific users and groups of users to control the ability of the users to view or make changes to system objects.
phishing
The attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.
physical security
Measures designed to deny unauthorized access to facilities, equipment and resources, and to protect personnel and property from damage or harm.
ransomware
A type of malware which restricts access to the computer system that it infects, and demands a fee be paid to the operators of the malware in order for the restriction to be removed.
rootkit
A stealthy type of software, typically malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer.
security patch
A change applied to an asset to correct the weakness described by a vulnerability.
shoulder surfing
Using direct observation techniques to obtain information such as passwords, PINs, security codes, and similar data.
single sign-on
A property of access control systems that allows a user to log in once and gain access to all interrelated systems without being prompted to log in again.
social engineering
Psychological manipulation of people to cause them to perform actions or divulge confidential information.
spam
Unsolicited electronic messages, especially advertising.
spoofing
Concealing the identity of the sender by impersonating another computing system.
spyware
Software that aims to gather information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge.
Trojan
A non-self-replicating type of malware program containing malicious code that, when executed typically causes loss or theft of data, and possible system harm.
virus
A malware program that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or firmware.
worm
A standalone malware computer program that replicates itself in order to spread to other computers.
WPA / WPA2 (Wi-Fi Protected Access)
Security protocol used secure wireless computer networks.
zombie computer
A computer connected to the Internet that has been compromised by a hacker, computer virus or Trojan horse and can be used to perform malicious tasks of one sort or another under remote direction.