ITM 100 Class 9 (4.2) Key Terms 2025/2026

Exam review from textbook.

adware

Software that, although purporting to serve some useful function and often fulfilling that function, also allows Internet advertisers to display advertisements without the consent of the computer user.

antispyware software

Refers to specialized software designed to detect, prevent, and remove spyware from computers and other digital devices.

antivirus software

Scans and searches hard drives to prevent, detect, and remove known viruses, adware, and spyware.

authentication

A method for confirming users’ identities.

authorization

The process of providing a user with permission including access levels and abilities such as file access, hours of access, and amount of allocated storage space.

biometrics

The identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting.

black-hat hacker

Breaks into other people’s computer systems and may just look around or may steal and destroy information.

bug bounty program

A crowdsourcing initiative that rewards individuals for discovering and reporting software bugs.

certificate authority

A trusted third party, such as VeriSign, that validates user identities by means of digital certificates.

content filtering

Occurs when organizations use software that filters content to prevent the transmission of unauthorized information.

cracker

A hacker with criminal intent.

cryptography

The science that studies encryption, which is the hiding of messages so that only the sender and receiver can read them.

cyberattack

Malicious attempts to access or damage a computer system.

cyberespionage

Includes governments that are after some form of information about other governments.

cybersecurity

Involves prevention, detection, and response to cyberattacks that can have wide-ranging effects on the individual, organizations, community, and at the national level.

cyberterrorism

The use of computer and networking technologies against persons or property to intimidate or coerce governments, individuals, or any segment of society to attain political, religious, or ideological goals.

cyberterrorists

Seek to cause harm to people or to destroy critical systems or information and use the Internet as a weapon of mass destruction.

cybervigilantes

Include individuals that seek notoriety or want to make a social or political point such as WikiLeaks.

cyberwar

An organized attempt by a country’s military to disrupt or destroy information and communication systems for another country.

decrypt

Decodes information and is the opposite of encrypt.

destructive agents

Malicious agents designed by spammers and other Internet attackers to farm email addresses off websites or deposit spyware on machines.

digital certificate

A data file that identifies individuals or organizations online and is comparable to a digital signature.

digital footprint

Everything a customer does on a company’s website or applications and is collected and analyzed for target marketing such as customized ads and coupons.

digital identity

Represents an individual or entity in the digital realm and encompasses user names, passwords, biometric data, email addresses, and social media profiles.

downtime

Refers to a period of time when a system is unavailable.

drive-by hacking

A computer attack where an attacker accesses a wireless computer network, intercepts data, uses network services, and/or sends attack instructions without entering the office or organization that owns the network.

dumpster diving

Looking through people’s trash, another way hackers obtain information.

encryption

Scrambles information into an alternative form that requires a key or password to decrypt the information.

ethical hacker

A person who hacks into a computer system to find vulnerabilities to help a company test its security.

firewall

Hardware and/or software that guards a private network by analyzing the information leaving and entering the network.

hackers

Experts in technology who use their knowledge to break into computers and computer networks, either for profit or motivated by the challenge.

hactivists

Have philosophical and political reasons for breaking into systems and will often deface the website as a protest.

HIPAA Security Rule

Ensures national standards for securing patient data that is stored or transferred electronically.

identity theft

Forging someone’s identity for the purpose of fraud.

information security

A broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization.

information security plan

Details how an organization will implement the information security policies.

information security policies

Identify the rules required to maintain information security, such as requiring users to log off before leaving for lunch or meetings, never sharing passwords with anyone, and changing passwords every 30 days.

insiders

Legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident.

intrusion detection software (IDS)

Features full-time monitoring tools that search for patterns in network traffic to identify intruders.

malware

Software that is intended to damage or disable computers and computer systems.

multifactor authentication

Requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification).

network behavior analysis

Gathers an organization's computer network traffic patterns to identify unusual or suspicious operations.

nonsensitive PII

Information transmitted without encryption and includes information collected from public records, phone books, corporate directories, websites, etc.

personally identifiable information (PII)

Any data that could potentially identify a specific individual.

pharming

Reroutes requests for legitimate websites to false websites.

pharming attack

Uses a zombie farm, often by an organized crime association, to launch a massive phishing attack.

phishing

A technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate sources.

public key encryption (PKE)

Encryption system that uses two keys: a public key that everyone can have and a private key for only the recipient.

ransomware

A form of malicious software that infects your computer and asks for money.

scareware

A type of malware designed to trick victims into giving up personal information to purchase or download useless and potentially dangerous software.

script kiddies or script bunnies

Find hacking code on the Internet and click-and-point their way into systems to cause damage or spread viruses.

sensitive PII

Information transmitted with encryption and, when disclosed, results in a breach of an individual's privacy and can potentially cause the individual harm.

single-factor authentication

The traditional security process that requires a user name and password.

smart card

A device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing.

social engineering

Hackers use their social skills to trick people into revealing access credentials or other valuable information.

spyware

A special class of adware that collects data about the user and transmits it over the Internet without the user’s knowledge or permission.

tokens

Small electronic devices that change user passwords automatically.

two-factor authentication

Requires the user to provide two means of authentication: what the user knows (password) and what the user has (security token).

virus

Software written with malicious intent to cause annoyance or damage.

voiceprint

A set of measurable characteristics of a human voice that uniquely identifies an individual.

white-hat hackers

Work at the request of the system owners to find system vulnerabilities and plug the holes.

worm

Malware computer program that spreads itself not only from file to file but also from computer to compute