Security – Policies, procedures, and technical measures used to prevent unauthorized access, alteration,
theft, or physical damage to information systems.
Controls – All of the methods, policies, and procedures that ensure protection of the organization’s
assets, accuracy, and reliability of its records, and operational adherence to management standards.
War Driving – Technique in which eavesdroppers drive by buildings or park outside and try to intercept
wireless network traffic.
Malware – Malicious software programs such as computer viruses, worms and Trojan horses.
Computer virus – Vogue software program that attaches itself to other software programs or data files
in order to be executed, often causing hardware and software malfunctions.
Worms – Independent software programs that propagate themselves to disrupt the operation of
computer networks or destroy data and other programs.
Trojan horse – A software program that appears legitimate but contains a second hidden function that
may cause damage.
Spyware – Technology that aids in gathering information about a person or organization without their
Key logger – Spyware that records every keystroke made on a computer to steal personal information or
passwords or to launch Internet attacks.
Hacker – A person who gains unauthorized access to a computer network for profit, criminal mischief, or
Cyber vandalism – Intentional disruption, defacement, or destruction of a Web site or corporate
Spoofing – Attempts by hackers to hide their true identities by using fake e-mail addresses or
masquerading as someone else; may involve redirecting a Web link to an address different from the
intended one, with the site masquerading as the intended destination.
Sniffer – Type of eavesdropping program that monitors information travelling over a network.
Denial-of-service (DoS) attack – Flooding a network server or Web server with false communications
requests for services in order to crash the network.
Distributed denial-of-service (DDoS) – Numerous computers inundating and overwhelming a network
from numerous launch points.
Botnet – A group of computers that have been infected with bot malware without users’ knowledge,
enabling a hacker to use the amassed resources of the computers to launch distributed denial-of-service
attacks, phishing campaigns, or spam. Computer crime- The commission of illegal acts through the use of a computer or against a computer
Identity theft – Theft of key pieces of personal information, such as credit card or social insurance
numbers, in order to obtain merchandise and services in the name of the victim or to obtain false
Phishing- Form of spoofing involving setting up fake websites or sending e-mail messages that resemble
those of legitimate businesses that ask users for confidential personal data.
Evil twin – Wireless network that pretends to be legitimate or entice participants to log on and reveal
passwords or credit card numbers.
Pharming – Phising technique that redirects users to a bogus Web page, even when an individual enters
the correct Web page address.
Click fraud – Fraudently clicking on an online pay-per-click advertising to generate an improper charge
Social engineering – Tricking people into revealing their passwords or other information by pretending
to be legitimate users or member of a company in need of information.
Bugs – Software program code defects.
Patches – Small pieces of software that repair software flaws without disturbing the proper operation of
C-SOX – Act passed by parliament that imposes the responsibility on companies and their managements
to safeguard the accuracy and integrity of financial information that is used internally and released
Computer forensics – The scientific collection, examination, authentication, preservation, and analysis
of data held on or retrieved from computer storage media in such a way that the information can be
used as evidence in a court of law.
General controls – Overall control environment governing the design, security, and use of computer
programs and the security of data files in general throughout the organization’s information technology
Application controls – Specific controls unique to each computerized application that ensure that only