Chapter 9. Cybercrime and Information System Security

advanced persistent threat (APT)

A network attack in which an intruder gains access to a network and stays there—undetected—with the intention of stealing data over a long period of time.

antivirus software

Software that scans a computer’s memory, disk drives, and USB ports regularly for viruses.

blended threat

A sophisticated threat that combines the features of a virus, worm, Trojan horse, and other malicious code into a single payload.

botnet

A term used to describe a large group of computers, that are controlled from one or more remote locations by hackers, without the knowledge or consent of their owners.

bring your own device (BYOD)

A business policy that permits, and in some cases encourages, employees to use their own mobile devices (smartphones, tablets, or laptops) to access company computing resources and applications, including email, corporate databases, the corporate intranet, and the Internet.

CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart)

Software that generates and grades tests that humans can pass all but the most sophisticated computer programs cannot.

computer forensics

A discipline that combines elements of law and computer science to identify, collect, examine, and preserve data from computer systems, networks, and storage devices in a manner that preserves the integrity of the data gathered so that it is admissible as evidence in a court of law.

Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act

An act that states that it is legal to spam, provided the messages meet a few basic requirements.

cyberespionage

The deployment of malware that secretly steals data in the computer systems of organizations, such as government agencies, military contractors, political organizations, and manufacturing firms.

cyberterrorism

The intimidation of government or civilian population by using information technology to disable critical national infrastructure (e.g., energy, transportation, financial, law enforcement, emergency response) to achieve political, religious, or ideological goals.

data breach

The unintended release of sensitive data or the access of sensitive data by unauthorized individuals.

Department of Homeland Security (DHS)

A large federal agency with more than 240,000 employees and a budget of almost $65 billion whose goal is to provide for a “safer, more secure America, which is resilient against terrorism and other potential threats.”

distributed denial-of-service (DDoS) attack

An attack in which a malicious hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks.

exploit

An attack on an information system that takes advantage of a particular system vulnerability.

firewall

A system of software, hardware, or a combination of both that stands guard between an organization’s internal network and the Internet and limits network access based on the organization’s access policy.

identity theft

The theft of personal information, which is then used without the owner’s permission, often to commit fraud or other crimes.

intrusion detection system (IDS)

Software and/or hardware that monitors system and network resources and activities and notifies network security personnel when it detects network traffic that attempts to circumvent the security measures of a networked computer environment.

logic bomb

A form of Trojan horse malware that executes when it is triggered by a specific event.

managed security service provider (MSSP)

A company that monitors, manages, and maintains computer and network security for other organizations.

next-generation firewall (NGFW)

A hardware- or software-based network security system that is able to detect and block sophisticated attacks by filtering network traffic dependent on the packet contents.

phishing

The act of fraudulently using email to try to get the recipient to reveal personal data.

ransomware

Malware that stops you from using your computer or accessing your data until you meet certain demands such as paying a ransom or sending photos to the attacker.

reasonable assurance

The IS security concept that recognizes that managers must use their judgment to ensure that the cost of control does not exceed the system’s benefits or the risks involved.

risk assessment

The process of assessing security-related risks to an organization’s computers and networks from both internal and external threats.

rootkit

A set of programs that enables its user to gain administrator-level access to a computer without the end user’s consent or knowledge.

security audit

A careful and thorough analysis that evaluates whether an organization has a well-considered security policy in place and if it is being followed.

security policy

A statement that defines an organization’s security requirements, as well as the controls and sanctions needed to meet those requirements.

smishing

Another variation of phishing that involves the use of Short Message Service (SMS) texting.

spam

The use of email systems to send unsolicited email to large numbers of people.

spear-phishing

A variation of phishing in which the phisher sends fraudulent emails to a certain organization’s employees.

Trojan horse

A seemingly harmless program in which malicious code is hidden.

U.S. Computer Emergency Readiness Team (US-CERT)

A partnership between the Department of Homeland Security and the public and private sectors; established to provide timely handling of security incidents as well as conducting improved analysis of such incidents.

virus

A piece of programming code, usually disguised as something else, that causes a computer to behave in an unexpected and usually undesirable manner.

virus signature

A sequence of bytes that indicates the presence of a specific virus.

vishing

Similar to smishing except that the victims receive a voice mail message telling them to call a phone number or access a Web site.

worm

A harmful program that resides in the active memory of the computer and duplicates itself.

zero-day attack

An attack that takes place before the security community and/or software developers become aware of and fix a security vulnerability.

zombie

A computer that has been taken over by a hacker to be used as part of a botnet.