September 19th, 2009 11:03 EST
Key Cybersecurity Terms That You Should Know
Glossary of Key Cybersecurity Terms
(Vocabulary grows as technology advances)
Authentication - A security measure designed to verify an individual`s authorization to access computer or security information.
Botnet (also zombies) - A collection of computers subject to centralized remote control by an outside party, usually without the knowledge of the owners, using surreptitiously installed software robots. The robots are spread by trojan horses and viruses. The botnets can be used to launch denial-of-service attacks and transmit spam.
CATs - Small FBI Cyber Action Teams made up of computer analysts, forensic investigators and malicious-code experts ready to travel anywhere in the world where a cyber intrusion occurred.
Cracking (also Crackers) - Discovering passwords by various methods; more generally gaining unauthorized access to secured computers or data. Crackers specialize in gaining unauthorized access.
Cyber Command - The U.S. Air Force, Army and Navy run independent centers to protect assets and track attacks, including those by foreign governments and entities. A unified Defense Department Cyber Command opens in late 2009 under the command of the National Security Agency director, Lieutenant General Keith Alexander.
Cyber crime - Criminal activities that make use of computers or networks.
Cyberspace - An environment in which digitized information is distributed on networks of computers.
Cybersecurity - Measures taken to protect computers or critical infrastructure, although some experts suggest that it is about protecting everything of value.
Cyber warfare - Using computers and the Internet to attack others via their computer systems. Targets may include military computer networks, power grids, banks, and government and media Web sites. Most often the goal is to disrupt the functioning of the target system.
Cyber warriors - Military specialists, law enforcement officials, computer forensics experts and civil engineers who defend national and economic security assets.
Denial-of-service attack - Flooding the networks or servers of individuals or organizations with false data requests so they are unable to respond to requests from legitimate users.
Encryption - A method of protecting information by transforming it using a cipher so only those who have the key can read it.
Hacker - A person with special expertise in computer systems and software. A hacker who attempts to gain unauthorized access to computer systems is a "cracker."
Hacktivist - An individual who breaches Web sites or secured communications systems to deliver political messages, including those related to foreign policy, or propaganda. It has been described by Naval Postgraduate School Professor Dorothy Denning as "the marriage of hacking and activism."
Identity management - A method of validating a person`s identity when he/she tries to access a network.
Incident management - Executing a defensive response when a network`s security is threatened.
Malicious code (also malware) - Any code that can be used to attack a computer by spreading viruses, crashing networks, gathering intelligence, corrupting data, distributing misinformation and interfering with military or civilian operations including navigation, transportation, logistics, communications and command and control functions.
Pharming - A method of capturing sensitive information (such as Social Security numbers and passwords) by fooling a user into entering such information on a fake Web site that masks as a legitimate one.
Phishing - Using fake e-mail to trick individuals into revealing personal information, such as Social Security numbers, debit and credit card account numbers and passwords, for nefarious uses.
Risk Management - Identifying vulnerabilities in a network and developing a strategy to protect against attack.
Script kiddie - An unsophisticated cracker who uses cracking tools found on the Internet to gain access to poorly protected computer systems.
Server - A computer set up to provide information on request via a network.
Spam - Unsolicited bulk e-mail that may contain malicious software. Spam is now said to account for around 81 percent of all e-mail traffic.
Spoofing - Making a message or transaction appear to come from a source other than the originator.
Spyware - Software that collects information without a user`s knowledge and transfers it to a third party.
Trojan horse - Code masking as a useful program that when activated performs malicious activity such as locating protected passwords or damaging data on a computer`s hard disk.
Virus - A program designed to degrade service, cause inexplicable symptoms or damage networks.
(Distributed by the Bureau of International Information Programs, U.S. Department of State. Web site: http://www.america.gov)