Computer Science -- Lecture 8

Antivirus software

Software designed to detect, remove, and/or prevent malicious software

Information security

The techniques and policies used to ensure proper access to data

Confidentiality

Ensuring that data is protected from unauthorized access

Availability

The degree to which authorized users can access information for legitimate purposes

Integrity

Ensuring that data can be modified only by appropriate mechanisms

Risk Analysis

Determining the nature and likelihood of the risks to key data

User authentication

The process of vertifying the credentials of a particular user of a computer or software system

Authentication credentials

Information users provide to identify themselves for computer access

Smart card

A card with an embedded memory chip used to identify users and control access

Biometrics

Using physiological characteristics, such as fingerprints, to identify users and control access

Password criteria

A set of rules that must be followed when creating a password

Password management software

A program that helps you manage sensitive data, such as passwords, in a secure manner

CAPTCHA

A software mechanism used to verify that a web form is submitted by a human and not an automated prgram

Trojan horse

A malicious program disguised as a benevolent resource

Logic bomb

A malicious program that is set up to execute when a specific system event occurs

Password guessing

An attempt to gain access to a computer system by methodically trying to determine a user's password.

Phishing

Using a web page to masquerade as part of a trusted system to trick users into revealing security information

Spoofing

An attack on a computer system in which a malicious user masquerades as an authorized user.

Back door

A program feature that gives special and unauthorized access to a software system to anyone who knows it exist

Buffer overflow

A defect an a computer program that could cause a system to crash and leave the user with heightened privileges

Denial-of-service

An attack on a network resource that prevents authorized users from accessing the system

Man-in-the-middle

A security attack in which network communication is intercepted in an attempt to obtain key data

Cryptography

The field of study related to encoded information

Encryption

The process of converting plaintext into ciphertext

Decryption

The process of converting ciphertext into plaintext

Cipher

An algorithm used to encrypt and decrypt text

Substitution cipher

A cipher that substitutes one character with another

Caesar cipher

A substitution cipher that shifts characters a certain number of positions in the alphabet

Transposition cipher

A cipher that rearranges the order of existing characters in a message

Route cipher

A transposition cipher that lays out a message in a grid and traverses it in a particular way

Cryptanalysis

The process of decrypting a message without knowing the cipher or the key used to encrypt it

Public-key cryptography

An approach to cryptography in which each user has two related keys, one public and one private

Digital signature

Data that is appended to a message, made from the message itself and the sender's private key, to ensure the authenticity of the message

Digital certificate

A representation of a sender's authenticated public key used to minimize malicious forgeries

Security policy

A written document describing the constraints or behavior an organization embraces regarding the information provided by its users

GPS (Global Positioning System)

A system that uses satellites to pinpoint the location of any GPS reciever

Wiki

A website whose content can be created and edited by multiple users

Fingerprint analysis

A technique used for user authentication that compares a scanned fingerprint to a stored copy of the authorized user's fingerprint

Malicious code (malware)

A computer program that attempts to bypass appropriate authorization safeguards and/or performs unauthorized functions

Virus

A malicious, self-replicating program that embeds itself into other code

Worm

A malicious stand-alone program that often targets network resources

Heuristics

Strategies used to identify general patterns