bpa

hacker

A person who breaks into a computer system

phreaking

Subverting the phone system to get free service

script kiddle

An amateur hacker who simply uses the hacking tools developed by others

hacktivism

Cracking into a system as a political act

hackers manifesto

A document, written anonymously, that justifies cracking into systems as an ethical exercise

backdoors

Shortcuts into programs created by system designers to facilitate system maintenance but used and abused by crackers

program overflow

When a program tries to place more information into a memory location than that location can handle

malicious code

Code designed to breach system security and threaten digital information

virus

An uninvited guest program with the potential to damage files and the operating system

worm

A type of bot that can roam a network looking for vulnerable systems and replicate itself on those systems

bot

A software program that can roam the Internet autonomously; bots can be quite benign and useful, such as those used by Google and other search engines to find Web pages to list in search results

trojan program

A program that poses as an innocent program

dumpster diving

Picking through people's trash to find things of value

sniffer

A software pro-gram that allows the user to listen in on network traffic

Denial of Service attack (DOS)

Attacks that prevent legitimate users from using the system or accessing information

repudiation attack

Attacks on a system that injure the information's reliability

risk

The relationship between vulnerability and threat

vulnerability

The sensitivity of information combined with the skill level the attacker needs to threaten that information

threat

The likely agent of a possible attack, the event that would occur as a result of an attack, and the target of the attack

integrity

Assurance that information is what you think it is and hasn't been modified

availability

Accessibility of information and services on a normal basis

accountability

Making sure a system is as secure as feasible and a record of activities exists for reconstructing a break- in

authentication

A technique for verifying that someone is who he or she claims to be; a password is one type of authentication

VPN

A private network connection that " tunnels" through a larger public network and is restricted to authorized users

disaster recovery plan

A written plan for responding to natural or other disasters, intended to minimize downtime and damage to systems and data

honeypot

A trap, such as a prgram or system, laid by a system administrator to catch and track intruders

encryption key

A string of bits used in an encryption algorithm to encrypt or decrypt data

digital certificate

The digital equivalent of an ID card; used with encryption and issued by a third- party certification authority

firewall

Software and/ or hardware that sits between an external network and an internal computer system that monitors

demilitarized zone (DMZ)

The location outside or between firewalls that's more vulnerable to attack from outside

copyright

The legal right granted to an author, a composer, an artist, a publisher, a playwright, or a distributor to exclusive sale, publication, production, or distribution of literary, artistic, musical, or dramatic works

patent

A government grant that gives the sole right to make, use, and sell an invention for a specified period of time

spyware

Software that can track, collect, and transmit to a third party or Web site certain information about a user's computer habits

802.11i

Sometimes called WPA2, a network standard developed by IEEE with enhanced security for wireless communications.

access control

Security measure that defines who can access a computer, when they can access it, and what actions they can take while accessing the computer

adware

Program that displays an online advertisement in a banner or pop-up window on Web pages, e-mail, or other Internet services

anti-spam program

Program that attempts to remove spam before it reaches a user's inbox

antivirus program

Program that protects a computer against viruses by identifying and removing any computer viruses found in memory, on storage media, or on incoming files

audit trail

Computer file that records both successful and unsuccessful access attempts

back door

Program or set of instructions in a program that allow users to bypass security controls when accessing a program, computer, or network

back up

To make a copy of selected files or an entire hard disk to another storage medium

backup

Duplicate of a file, program, or disk placed on a separate storage medium that can be used if the original is lost, damaged, or destroyed

biometric device

Device that translates a personal characteristic into a digital code that is compared with a digital code stored in a computer

botnet

Group of compromised computers connected to a network such as the Internet that are used as part of a network that attacks other networks, usually for nefarious purposes

CAPTCHA

Completely Automated Public Turing test to tell Computers and Humans Apart; program used by some Web sites to provide further protection for a user's password by verifying that user input is not computer generated

certificate authority

Authorized person or company that issues and verifies digital certificates

clickjacking

Scam in which an object that can be clicked on a Web site, such as a button, image, or link, contains a malicious program

code of conduct

Written guidelines that help determine whether a specific computer action is ethical or unethical

computer addiction

Growing health problem that occurs when the computer consumes someone's entire social life

computer crime

Any illegal act involving a computer

computer ethics

Moral guidelines that govern the use of computers and information systems

computer security risk

Any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability

computer vision syndrome

Eyestrain due to prolonged computer usage

content filtering

Process of restricting access to certain material on the Web

cookie

Small text file that a Web server stores on a computer

copyright

Exclusive rights given to authors and artists to duplicate, publish, and sell their materials

cracker

Someone who accesses a computer or network illegal with the intent of destroying data, stealing information, or other malicious action

cybercrime

Online or Internetbased illegal acts

cyberextortionist

Someone who uses e-mail as a vehicle for extortion

cyberterrorist

Someone who uses the Internet or network to destroy or damage computers for political reasons

decrypt

Process of deciphering encrypted data into a readable form

denial of service attack

Assault on a computer or network whose purpose is to disrupt computer access to an Internet service such as the Web or e-mail

digital certificate

A notice that guarantees a user or a Web site is legitimate

digital forensics

The discovery, collection, and analysis of evidence found on computers and networks

digital rights management

Strategy designed to prevent illegal distribution of movies, music, and other digital content

digital signature

Encrypted code that a person, Web site, or organization attaches to an electronic message to verify the identity of the message sender

DoS attack

Assault on a computer or network whose purpose is to disrupt computer access to an Internet service such as the Web or e-mail

e-mail filtering

Service that blocks e-mail messages from designated sources

employee monitoring

The use of computers to observe, record, and review an employee's use of a computer, including communications such as e-mail messages, keyboard activity (used to measure productivity), and Web sites visited

encryption

The process of encoding data and information to an unreadable form

encryption algorithm

Set of steps that can convert readable plaintext into unreadable ciphertext

encryption key

Set of characters that the originator of the encrypted data uses to encrypt the plaintext and the recipient of the data uses to decrypt the ciphertext

ENERGY STAR program

Program developed by the United States Department of Energy (DOE) and the United States Environmental Protection Agency (EPA) to help reduce the amount of electricity used by computers and related devices

Fair Credit Reporting Act

1970 law that limits the rights of others viewing a credit report to only those with a legitimate business need

firewall

Hardware and/or software that protects a network's resources from intrusion by users on another network such as the Internet

green computing

Practices that involve reducing the electricity consumed and environmental waste generated when using a computer

hacker

Someone who accesses a computer or network illegally

hardware theft

The act of stealing computer equipment

hardware vandalism

The act of defacing or destroying computer equipment

information privacy

Right of individuals and companies to deny or restrict the collection and use of information about them

information theft

Computer security risk that occurs when someone steals personal or confidential information

inoculate

Capability of an antivirus program to record information such as file size and file creation date in a separate file in order to detect viruses

intellectual property rights

Rights to which creators are entitled for their work

intrusion detection software

Program that automatically analyzes all network traffic, assesses system vulnerabilities, identifies any unauthorized intrusions, and notifies network administrators of suspicious behavior patterns or system breaches

license agreement

An agreement issued by a software manufacturer that gives the user the right to use the software

malware

Short for malicious software; programs that act without a user's knowledge and deliberately alter a computer's operations

noise

Electrical disturbance that can degrade communications

online security service

Web site that evaluates a computer to check for Internet and e-mail vulnerabilities

overvoltage

Electrical disturbance that occurs when the incoming electrical power increases significantly above the normal 120 volts

password

Private combination of characters associated with a user name that allows access to certain computer resources

payload

Destructive event or prank a malicious-logic program is intended to deliver

personal firewall

Utility program that detects and protects a personal computer from unauthorized intrusions

personal identification number (PIN)

Numeric password, either assigned by a company or selected by a user

pharming

Scam, similar to phishing, where a perpetrator attempts to obtain your personal and financial information, except they do so via spoofing

phishing

Scam in which a perpetrator attempts to obtain your personal and/or financial information

phishing filter

Program that warns or blocks you from potentially fraudulent or suspicious Web sites

piracy

Unauthorized and illegal duplication of copyrighted material

possessed object

Any item that a user must carry to gain access to a computer or computer facility

power surge

Electrical disturbance that occurs when the incoming electrical power increases significantly above the normal 120 volts

product activation

Technique that some software manufacturers use to ensure that software is not installed on more computers than legally licensed