Computer and/or internet usage policies for people within an organization, with clearly spelled-out penalties for noncompliance.
Software for securing information systems that allows only specific users access to specific computers, applications, or data.
Free software paid for by advertisements appearing during the use of the software.
Software used to keep track of computer activity, enabling auditors to spot suspicious activity.
The process of confirming the identity of a user who is attempting to access a restricted system or Web site.
A copy of critical data on a separate storage medium.
A facility allowing businesses to continue functioning in the event a disaster strikes.
Body characteristics such as fingerprints, retinal patterns in the eye, or facial characteristics that allow the unique identification of a person.
A computer criminal who "owns" a botnet.
A collection of zombie computers used for destructive activities or spamming.
Business continuity plan
A plan describing how a business resumes operation after a disaster.
Short for "completely automated turing test to tell computers and humans apart" A system designed to prevent automated mechanisms from repeatedly attempting to submit forms or gain access to a system. A CAPTCHA requires the user to enter letters or numbers that are presented in the form of a distorted image before submitting an online form.
A trusted middleman between computers that verifies that a web site is a trusted site and that provides a large-scale public-key encryption.
Cold backup site
A backup facility consisting of an empty warehouse with all the necessary connections for power and communication but nothing else.
A facility in which businesses can rent space for servers or other information systems equipment.
Computer-assisted auditing tool
Software used to test information systems controls.
The use of a computer to commit an illegal act.
The use of formal investigative techniques to evaluate digital information for judicial review.
Control objectives for information and related technology (COBIT)
A set of best practices that help organizations to both maximize the benefits from their information systems infrastructure and establish appropriate controls.
A small text file (typically containing certain information collected from/about a user or data related to the user's browsing session) passed by a web server to a web browser to be stored on a user's computer; this message is then sent back to the server each time the user's browser requests a page from that server.
A form of intellectual property, referring to creations of the mind such as music, literature, or software.
An individual who breaks into computer systems with the intention of doing damage or committing a crime.
The use of a computer to intentionally cause emotional distress to a person.
The use of a computer to communicate obscene, vulgar, or threatening content that causes a reasonable person to endure distress.
The dubious practice of registering a domain name, then trying to sell the name to the person, company, or organization most likely to want it.
The use of computer to repeatedly engage in threatening or harassing behavior.
The use of computer and networking technologies against persons or property to intimidate or coerce governments, individuals, or any segment of society to attain political, religious, or ideological goals.
An organized attempt by a country's military to disrupt or destroy the information and communications systems of another country.
Denial of service attack
An attack by crackers--often using zombie computers --that makes a network resource(ex. a website) unavailable to users or available with only a poor degree of service.
Disaster recovery plan
An organizational plan that spells out detailed procedures for recovering from systems-related disasters, such as virus infections and other disasters that might strike critical information systems.
A computer attack in which an attacker accesses a wireless computer network, intercepts data, uses network services, and/or sends attack instructions without entering the office or organization that owns the network.
The process of encoding messages or files so that only intended recipients can decipher and understand them.
Hardware or software designed to keep unauthorized users out of network systems.
An individual who gains unauthorized access to computer systems.
A cybercriminal pursuing political, religious, or ideological goals.
A computer, data, or network site that is designed to be enticing to crackers so as to detect, deflect, or counteract illegal activity.
Hot backup site
A fully equipped backup, having everything from hardware, software, and current data to office equipment.
Stealing another person's security number, credit card number, and other personal information for the purpose of using the victim's credit rating to borrow money, buy merchandise, or run up debt that are never repaid.
The intentional change of electronic information by unauthorized users.
Information systems audit
An assessment of the state of an organization's information systems controls to determine necessary changes and to help ensure the information systems' availability, confidentiality, and integrity.
Information systems controls
Controls helping to ensure the reliability of information, consisting of policies and their physical implementation, access restrictions, and record keeping of actions and transactions.
Information systems security
Precautions taken to keep all aspects of information systems safe from unauthorized use or access.
Information systems security plan
An ongoing planning process to secure information systems that involves risk assessment, risk-reduction planning, and plan implementation as well as ongoing monitoring.
Covert activities, such as the theft of trade secrets, bribery, blackmail and technological surveillance to gain an advantage over rivals.
A trusted adversary who operates within an organization's boundaries.
A false message circulated online about any topic of public interest, typically asking the recipient to perform a certain action.
IS risk management
Understanding and evaluating the interplay between threats, vulnerabilities, and impacts to information systems resources in order to implement effective IS controls.
Software used to generate fake license or registration keys to circumvent a program's protection mechanism.
A type of computer virus that lies in wait for unsuspecting computer users to perform a triggering operation before executing its instructions.
Malicious software, such as viruses, worms, or trojan horses.
To store data synchronously on independent systems to achieve redundancy for purposes of reliability and/or performance.
A cybercriminal using the internet to target vulnerable people, usually the young or old, for sexual or financial purposes.
A type of intellectual property typically referring to a process, machine, or material inventions.
Independent citizens or supporters of a country that perpetrate computer attacks on perceived or real enemies.
Attempts to trick financial account and credit card holders into giving away their authorization information, usually by sending spam messages to literally millions of e-mail accounts. Also known as "spoofing"
Recovery point objective
An objective specifying how timely backup data should be preserved.
Recovery time objective
An objective specifying the maximum time allowed to recover from a catastrophic event.
Disassembling a piece of software in order to understand its functioning.
A computer system security policy in which no countermeasures are adopted and any damages that occur are simply absorbed.
The process in which the value of the assets being protected are assessed, the likelihood of their being compromised is determined, and the costs of their being compromised are compared are compared with the costs of the protections to be taken.
The process of taking active countermeasures to protect information systems.
A computer system security policy in which someone else absorbs the risk, as with insurance.
A U.S. government regulation mandating companies to demonstrate compliance with accounting standards and establishing controls and corporate governance.
Secure sockets layer (SSL)
A popular public-key encryption method used on the internet.
A type of computer crime where individuals make illegal copies of software protected by copyright laws.
Electronic junk mail
A hardware or software device used to fight spam and other e-mail threats, such as directory harvest attacks, phishing attacks, viruses, and more.
A sophisticated fraudulent e-mail attack that targets a specific person or organization by personalizing the message in order to make the message appear as if it is from a trusted source, such as an individual within the recipient's company, a government entity, or a well-known company.
Spam via internet messaging
Software that covertly gathers information about a user through an internet connection without the user's knowledge.
A computer worm designed to find and infect a particular piece of industrial hardware; used in an attack against Iranian nuclear plants.
A type of computer virus that lies in wait for a specific date before executing its instructions.
A program that appears to be a legitimate, benign program, but carries a destructive payload. Trojan horses typically do not replicate themselves.
A technology used by VPN's to encapsulate, encrypt, and securely transmit data over the public internet infrastructure, enabling business partners to exchange information in a secured, private manner between organizational networks.
An information systems security breach where an unauthorized individual sees, manipulates, or otherwise handles electronically stored information.
Virtual private network (VPN)
A network connection that is constructed dynamically within an existing network--often called a "secure tunnel" -- in order to securely connect remote users or nodes to an organization's network.
A destructive program that disrupts the normal functioning of computer systems.
A set of activities designed to detect and prevent computer viruses.
A slang term for stolen proprietary software that is sold or shared for free over the internet.
The act of defacing websites
An information disclosure portal where volunteers submit and analyze classified and restricted material provided by whistleblowers.
A destructive computer code that is designed to copy and send itself throughout networked computers.
A virus-infected computer that can be used to launch attacks on web sites.