Chapter 2

Bring your own device (BYOD)

Bring your own device (BYOD)

a business policy that permits, and in some cases encourages, employees to use their own mobile devices (smartphones, tablets, or laptops) to access company computing resources and applications.

Exploit

an attack on information system that takes advaantage of a particular system vulnerablity

Zero Day Attack

an attack that takes place before the security community becomes aware of and fixes a security vulnerability.

Careless insider

An inside (employee, business partner, contractor, consultant) who does not follow the organization’s security polices and enables a cyberattack to occur

Malicious employees

An insider who deliberately attempts to gain access to and/or disrupt a company’s information systems and business operations

Cybercriminal

Someone who attacks a computer system or network for financial gain

Hacktivist

An individual who hacks computers or Web sites in order to promote a political ideology

Lone wolf attacker

Someone who violates computer or Internet security maliciously or for illegal personal gain

Cyberterrorist

State-sponsored individual or group who attempts to destroy the infrastructure components of governments, financial institutions, corporations, utilities, and emergency response units

attack vector

The technique used to gain unauthorized access to a device or a network.

Advanced persistent threat

A network attack in which an intruder gains access to a network and stays there—undetected—with the intention of stealing data over a long period of time.

Blended threat

A sophisticated threat that combines the features of a virus, worm, Trojan horse, and other malicious code into a single payload.

Phishing

The act of fraudulently using email to try to get the recipient to reveal personal data.

Rootkit

A set of programs that enables its user to gain administrator-level access to a computer without the end user’s consent or knowledge. Once installed, the attacker can gain full control of the system and even obscure the presence of the rootkit from legitimate system administrators.

Smishing

A variation of phishing that involves the use of texting.

Social engineering

The use of deception to trick individuals into divulging data needed to gain access to an information system or network.

Spam

The use of email systems to send unsolicited email to large numbers of people.

Trojan horse

A seemingly harmless program in which malicious code is hidden. A victim on the receiving end of a Trojan horse is usually tricked into opening it because it appears to be useful software from a legitimate source.

Virus

A piece of programming code, usually disguised as something else, that causes a computer to behave in an unexpected and usually undesirable manner.

Vishing

Similar to smishing except that the victims receive a voice mail message telling them to call a phone number or access a Web site.

Worm

A harmful program that resides in the active memory of the computer and duplicates itself. Worms differ from viruses in that they can propagate without human intervention, often sending copies of themselves to other computers by email.

Ransomware

is malware that stops you from using your computer or accessing the data on your computer until you meet certain demands, such as paying a ransom or, in some cases, sending compromising photos to the attacker

distributed denial-of-service (DDoS) attack

A cyberattack in which a malicious hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks.

botnet

A large group of computers controlled from one or more remote locations by hackers without the knowledge or consent of their owners.

data breach

The unintended release of sensitive data or the access of sensitive data by unauthorized individuals.

Cyberespionage

The deployment of malware that secretly steals data in the computer systems of organizations.

Cyberterrorism

The intimidation of government or civilian population by using information technology to disable critical national infrastructure (e.g., energy, transportation, financial, law enforcement, emergency response) to achieve political, religious, or ideological goals.

Department of Homeland Security (DHS)

A large federal agency with more than 240,000 employees and a budget of almost $65 billion whose goal is to provide for a “safer, more secure America, which is resilient against terrorism and other potential threats.”

U.S. Computer Emergency Readiness Team (US-CERT)

A partnership between the Department of Homeland Security and the public and private sectors; established to provide timely handling of security incidents as well as conducting improved analysis of such incidents.

DIRECT IMPACT

This is the value of the assets (cash, inventory, equipment, patents, copyrights, trade secrets, data) stolen or damaged due to the cyberattack.

BUSINESS DISRUPTION

A successful cyberattack may make it impossible for the organization to operate in an effective manner for several hours or days. This can cause a loss of existing business and customers as well as the loss of potential new business and customers.

Recovery cost

It may take people from the IS organization and business areas days or weeks to repair affected systems and recover lost or compromised data.

Legal consequences

There is the prospect of monetary penalties for businesses that fail to comply with data protection legislation. For example, the European Union General Data Protection Regulation (GDPR) has established strong guidelines for how organizations process and handle data so that the personal information of individuals is protected.

Reputation damage

A successful cyberattack can erode the trust your organization has established with your customers, suppliers, business partners, and shareholders.

CIA security triad

Confidentiality, integrity, and availability form the basis of the CIA security triad.

Risk assessment

The process of assessing security-related risks to an organization’s computers and networks from both internal and external threats.

reasonable assurance

The recognition that managers must use their judgment to ensure that the cost of control does not exceed the system’s benefits or the risks involved.

disaster recovery plan

A documented process for recovering an organization’s business information system assets—including hardware, software, data, networks, and facilities—in the event of a disaster such as a flood, fire, or electrical outage.

business continuity plan

A document that includes an organization’s disaster recovery plan, occupant emergency evacuation plan, continuity of operations plan, and an incident management plan.

mission-critical processes

A process that plays a pivotal role in an organization’s continued operations and goal attainment.

Failover

A backup technique that involves automatically switching applications and programs to a redundant or replicated server, network, or database to prevent interruption of service.

security policy

Defines an organization’s security requirements, as well as the controls and sanctions needed to meet those requirements.

security audit

A process that enables the organization to identify its potential threats, establish a benchmark of where it is, determine where it needs to be, and develop a plan to meet those needs.

Biometric authentication

The process of verifying your identity using your physiological measurements (fingerprint, shape of your face, shape of your hand, vein pattern, your iris, or retina) or behavioral measurements (voice recognition, gait, gesture, or other unique behaviors).

firewall

A system of software, hardware, or a combination of both that stands guard between an organization’s internal network and the Internet, and limits network access based on the organization’s access policy.

next-generation firewall (NGFW)

A hardware- or software-based network security system that can detect and block sophisticated attacks by filtering network traffic dependent on the packet contents.

Encryption

The process of scrambling messages or data in such a way that only authorized parties can read it.

encryption key

A value that is applied (using an algorithm) to a set of unencrypted text (plaintext) to produce encrypted text that appears as a series of seemingly random characters (ciphertext) that is unreadable by those without the encryption key needed to decipher it.

Transport Layer Security (TLS)

A communications protocol or system of rules that ensures privacy between communicating applications and their users on the Internet.

Antivirus software

Should be installed on each user’s personal computer to scan a computer’s memory and disk drives regularly for viruses.

virus signature

Code that indicates the presence of a specific virus.

intrusion detection system (IDS)

Software and/or hardware that monitors system and network resources and activities and notifies network security personnel when it detects network traffic that attempts to circumvent the security measures of a networked computer environment.

managed security service provider (MSSP)

A company that monitors, manages, and maintains computer and network security for other organizations.

Computer forensics

A discipline that combines elements of law and computer science to identify, collect, examine, and preserve data from computer systems, networks, and storage devices in a manner that preserves the integrity of the data gathered so that it is admissible as evidence in a court of law.