Adware
Any software program intended for marketing purposes such as those used to deliver and display advertising banners or popups to the user's screen or tracking the user's online usage or purchasing activity.
Attack
An act that takes advantage of a vulnerability to compromise a controlled system.
Availability Disruption
A situation in which a product or service is not delivered to the organization as expected.
Back Door
Synonymous with trap door. An electronic hole in software that is left open by accident or intention that allows an attacker to access the system at will with special privileges. Can be installed by a virus, worm or by an attacker who takes control of a s
blackout
a lengthy loss of power
boot virus
a program that infects the key operating system files located in a computer's boot sector.
bot
an abbreviation of "robot." An automated software program that executes certain commands when it receives a specific input.
brownout
a prolonged drop in voltage.
brute force attack
the application of computing and network resources to try every possible combination of options of a password.
buffer overflow
synonymous with buffer overrun. an application error that occurs when more data is sent to a buffer that it can handle.
change control
a process to assure an organization that changes to systems are managed and all parties that need to be informed are aware of the planned changes.
competitive intelligence
information gained legally that gives an organization an advantage over its competition
cracker
an individual who removes an application's software protection that is designed to prevent unauthorized duplication, or a criminal hacker.
cracking
attempting to reverse-calculate a password
cross-site scripting (XSS)
occurs when an application running on a web server gathers data from a user in order to steal it
cyberactivist
synonymous with hacktivist. an individual who uses technology as a tool for civil disobedience.
cyberterrorism
the act of hacking to conduct terrorist activities through network or internet pathways
denial-of-service (DoS) attack
an attack in which the attacker sends a large number of connection or information requests to overwhelm and cripple a target.
dictionary attack
a form of brute force attack on passwords that uses a list of commonly used passwords instead of random combinations. in cryptography, this is done by encrypting each entry in the dictionary with the same cryptosystem used by the target, then comparing th
distributed denial-of-service (DDoS) attack
an attack in which a coordinated stream of connection requests is launched against a target from many locations at the same time.
DNS cache poisoning
changing a legitimate host entry in a domain name server (DNS) to point to an attacker's website.
dust contamination
a threat to the hardware components of information systems that falls in the forces of nature or acts of God category because it is unexpected or can occur with very little warning. Can shorten the life of information systems or disrupt normal operations,
earthquake
a threat to the hardware components of information systems that falls in the forces of nature or acts of God category because it is unexpected or can occur with very little warning. As a sudden movement of the earth's crust caused by the release of stress
electrostatic discharge (ESD)
a threat to the hardware components of information systems that falls in the forces of nature or acts of God category because it is unexpected or can occur with very little warning. A spark produced from a buildup of static electricity.
elite hacker
synonymous with expert hacker. an individual who develops software scripts and program exploits used by novice or unskilled hackers. this individual is also a master of several programming languages, networking protocols, and operating systems, who also e
expert hacker
synonymous with expert hacker. an individual who develops software scripts and program exploits used by novice or unskilled hackers. this individual is also a master of several programming languages, networking protocols, and operating systems, who also e
fault
The complete loss of power for a moment.
fire
a threat to the hardware components of information systems that falls in the forces of nature or acts of God category because it is unexpected or can occur with very little warning. In this context, this threat is usually structural and damages the buildi
flood
a threat to the hardware components of information systems that falls in the forces of nature or acts of God category because it is unexpected or can occur with very little warning. Usually involves an overflowing of water onto land that is normally dry,
hackers
people who use an create computer software to gain access to information illegally.
hacktivist
synonymous with cyberactivist. an individual who uses technology as a tool for civil disobedience.
hurricane or typhoon
a threat to the hardware components of information systems that falls in the forces of nature or acts of God category because it is unexpected or can occur with very little warning.in this context, these tropical cyclones, which typically originate in the
industrial espionage
information gained illegally that gives an organization an advantage over its competition.
integer bugs
a mathematical computing bug that is exploited indirectly by an attacker to corrupt other areas of memory in order to control an application.
landslide or mudslide
a threat to the hardware components of information systems that falls in the forces of nature or acts of God category because it is unexpected or can occur with very little warning. Specifically, this is the downward sliding of a mass of earth and rock th
lightning
a threat to the hardware components of information systems that falls in the forces of nature or acts of God category because it is unexpected or can occur with very little warning. An abrupt, discontinuous natural electric discharge in the atmosphere, us
macro virus
a virus that is contained in a downloaded file attachment such as word processing documents, spread sheets, and database applications
mail bomb
a form of denial-of-service attack in which the abuser sends a large number of connections or information requests to overwhelm and cripple a target
malicious code
synonymous with malware or malicious software. software designed to damage, destroy or deny service to the target system.
malicious software
synonymous with malware or malicious code. software designed to damage, destroy or deny service to the target system.
malware
synonymous with malicious software or malicious code. software designed to damage, destroy or deny service to the target system.
man-in-the-middle
synonymous with TCP hijacking. an attack in which the abuser records data packets from the network, modifies them, and inserts them back into the network.
man-in-the-middle attack
an attack designed to intercept the transmission of a public key or even to insert a known key structure in place of the requested public key
packet monkeys
hackers of limited skill (also known as script kiddies) who use automated exploits to engage in distributed denial-of-service attacks.
packet sniffer
a network tool that collects copies of packets from the network and analyzes them
password attack
an attempt to repeatedly guess passwords to commonly used accounts
pharming
the redirection of legitimate web traffic to an illegitimate site for the purpose of obtaining private information
phishing
an attempt to obtain personal or financial information using fraudulent means, usually by posing as a legitimate entity.
phreaker
a person who hacks the public telephone network to make free calls and disrupt services
polymorphic threat
a threat that changes its apparent shape over time, to become a new threat not detectable by techniques looking for a preconfigured signature.
sag
a momentary incidence of low voltage.
script kiddies
hackers of limited skill who use expertly written software to exploit a system but do not fully understand or appreciate the systems that hack.
service level agreement (SLA)
the contract of a web host provider covering responsibility for internet services as well as for hardware and software used to operate the web site
shoulder surfing
the act of observing information without authorization by looking over a shoulder or spotting information from a distance
sniffer
a program or device that can monitor data traveling over a network
social engineering
the process of using social skills to convince people to reveal access credentials or other valuable information to the attacker.
software piracy
the unlawful use or duplication of software-based intellectual property
spam
unsolicited commercial e-mail.
spear phishing
a highly targeted phishing attack that usually appears to be from an employer, colleague or other legitimate correspondent.
spoofing
a technique used to gain unauthorized access to computers, wherein the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host.
spyware
any technology that aids in gathering information about a person or organization without their knowledge
surge
a prolonged increase in voltage
TCP hijacking attack
an attack in which the abuser records data packets from the network, modifies them, and inserts them back into the network.
theft
the illegal taking of another's property
threat agent
a specific instance or component that represents a danger to an organization's assets. threats can be accidental or purposeful, for example lightning strikes or hackers
timing attack
an attack in which an abuser explores the contents of a web browser's cache. these attacks allow a web designer to create a malicious form of cookie to store on the client's system
tornado or severe windstorm
a threat to the hardware components of information systems that falls in the forces of nature or acts of God category because it is unexpected or can occur with very little warning. Because these storms are typically rotating columns of air whirling at a
trap door
in cryptography, a secret mechanism that enables you to easily accomplish the reverse function in a one-way mechanism. also known as a back door.
trespass
the act of entering a premises or system without authorization.
trojan horses
software programs that hide their true nature (usually destructive), and reveal their designed behavior only when activated
tsunami
a threat to the hardware components of information systems that falls in the forces of nature or acts of God category because it is unexpected or can occur with very little warning. Specifically, this is a very large ocean wave caused by an underwater ear
unskilled hacker
an individual who depends on the expertise of others to abuse systems
virus
one of two forms of malicious code or malware. a virus requires a host software environment in which to execute and it cannot function without such a host
virus hoax
e-mail warning of a virus that is fictitious
vulnerability
weakness in a controlled system, where controls are not present or are no longer effective.
worm
one of two forms of malicious code or malware. a virus that replicates itself on other machines without the need of another program environment.
zombie
a computer that has been compromised and may later be used as an agent to be directed towards a target. the use as an agent is controlled remotely (usually by way of a transmitted command) by the attacker.
data
many organizations find that their most valuable asset is their ___
attack, vulnerability
a(n) ___ is an act that exploits a(n) ___
vectors
attack programs use any of the six attack ___ to spread themselves
back door
using a known or previously installed access mechanism is called using a ___
denial of service
when an attacker floods a target system with a large volume of traffic to prevent it accomplishing its designed goal, this is known as a ___ attack
mail bombing
a form of DoS that uses attempted delivery of mass quantities of email is called ___
ensure that systems and their contents remain the same
the principal goal of the information security program should be to ___
management, technology
information security has more to do with ___ than with ___
data
many organizations find that their most valuable asset is their ___
declined
the 2006 CSI/FBI Computer Crime and Security Survey found that detected cyber security breaches had ___ within the last 12 months
hoaxes
warnings of attacks that are not valid are usually called ___
brute force
applying computer and network resources to try exhaustive combinations for access is called a(n) ___ attack
dictionary attack
when a program tries using all commonly used passwords, this is known as a ___
password crack
when a program tires to reverse-calculate passwords, this is known as a ___
spoofing
when an attacker conceals its true identity and adopts some other identity, this is known as ___
main-in-the-middle
another name for TCP hijacking is ___
spam
unsolicited commercial e-mail is also called ___
social engineering
using nontechnical means to gain information about organizations or systems is called ___
pharming
___ is "the redirection of legitimate Web traffic to an illegitimate site for the purpose of obtaining private information