Module 1
Distributed Denial-of-Service (DDOS) Attack
A DoS attack in which a coordinated stream of requests is launched against a target from many locations at the same time using bots or zombies.
Advanced Persistent Threat (APT)
A collection of processes, usually directed by a human agent, that targets a specific organization or individual.
Service Level Agreement (SLA)
A document or part of a document that specifies the expected level of service from a service provider. An <term> usually contains provisions for minimum acceptable availability and penalties or remediation procedures for downtime.
TCP Hijacking (Session Hijacking)
A form of man-in-the-middle attack whereby the attacker inserts himself into TCP/IP-based communications. TCP/IP is short for Transmission Control Protocol/Internet Protocol.
Pretexting
A form of social engineering in which the attacker pretends to be an authority figure who needs information to confirm the target's identity, but the real object is to trick the target into revealing confidential information. Pretexting is commonly performed by telephone.
Phishing
A form of social engineering in which the attacker provides what appears to be a legitimate communication (usually e-mail), but it contains hidden or embedded code that redirects the reply to a third-party site in an effort to extract personal or confidential information.
Advance-Fee Fraud
A form of social engineering, typically conducted via e-mail, in which an organization or some third party indicates that the recipient is due an exorbitant amount of money and needs only a small advance fee or personal banking information to facilitate the transfer. This may also involve prepayment for services with a payment larger than required; the overpayment is returned and then the initial payment is repudiated.
Man-in-the-Middle
A group of attacks whereby a person intercepts a communications stream and inserts himself in the conversation to convince each of the legitimate parties that the attacker is the other communications partner. Some man-in-the-middle attacks involve encryption functions.
Script Kiddie
A hacker of limited skill who uses expertly written software to attack a system. Also known as skids, skiddies, or script bunnies.
Professional Hacker
A hacker who conducts attacks for personal financial benefit or for a crime organization or foreign government. Not to be confused with a penetration tester.
Cracker
A hacker who intentionally removes or bypasses software copyright protection designed to prevent unauthorized duplication or use.
Phreaker
A hacker who manipulates the public telephone system to make free calls or disrupt services.
Hacktivist
A hacker who seeks to interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency. See also cyberactivist.
Expert Hacker
A hacker who uses extensive knowledge of the inner workings of computer hardware and software to gain unauthorized access to systems and information. Also known as elite hackers, <term>s often create automated exploits, scripts, and tools used by other hackers.
Brownout
A long-term decrease in the quality of electrical power availability.
Surge
A long-term increase in electrical power availability.
Blackout
A long-term interruption (outage) in electrical power availability.
Maintenance Hook
A malware payload that provides access to a system by bypassing normal access controls. A back door is also an intentional access control bypass left by a system designer to facilitate development. Also known as a Back Door.
Back Door (Trap Door)
A malware payload that provides access to a system by bypassing normal access controls. A back door is also an intentional access control bypass left by a system designer to facilitate development. Also known as a Maintenance Hook.
Trojan Horse
A malware program that hides its true nature and reveals its designed behavior only when activated.
Hacker
A person who accesses systems and information without authorization and often illegally.
Vulnerability
A potential weakness in an asset or its defensive control system(s).
Novice Hacker
A relatively unskilled hacker who uses the work of expert hackers to perform attacks. Also known as a neophyte, noob, or newbie. This category of hackers includes script kiddies and packet monkeys.
Packet Monkey
A script kiddie who uses automated exploits to engage in denial-of-service attacks.
Sag
A short-term decrease in electrical power availability.
Spike
A short-term increase in electrical power availability, also known as a swell.
Fault
A short-term interruption in electrical power availability.
Loss
A single instance of an information asset suffering damage or destruction, unintended or unauthorized modification or disclosure, or denial of use.
Packet Sniffer
A software program or hardware appliance that can intercept, copy, and interpret network traffic.
Security
A state of being secure and free from danger or harm. Also, the actions taken to make someone or something secure.
Rainbow Table
A table of hash values and their corresponding plaintext values that can be used to look up password values if an attacker is able to steal a system's encrypted password file.
Spoofing
A technique for gaining unauthorized access to computers using a forged or modified source IP address to give the perception that messages are coming from a trusted host.
Exploit
A technique used to compromise a system. This term can be a verb or a noun. Threat agents may attempt to <term> a system or other information asset by using it illegally for their personal gain.
Virus
A type of malware that is attached to other executable programs. When activated, it replicates and propagates itself to multiple systems, spreading by multiple communications vectors. For example, a virus might send copies of itself to all users in the infected system's e-mail program.
Worm
A type of malware that is capable of activation and replication without being attached to an existing program.
Macro Virus
A type of virus written in a specific macro language to target applications that use the language. The virus is activated when the application's product is opened. A macro virus typically affects documents, slideshows, e-mails, or spreadsheets created by office suite applications.
Dictionary Password Attack
A variation of the brute-force password attack that attempts to narrow the range of possible passwords guessed by using a list of common passwords and possibly including attempts based on the target's personal information.
Boot-sector Virus
Also known as a boot virus, a type of virus that targets the boot sector or Master Boot Record (MBR) of a computer system's hard drive or removable storage media.
Boot Virus
Also known as a boot-sector virus, a type of virus that targets the boot sector or Master Boot Record (MBR) of a computer system's hard drive or removable storage media.
Bot (Zombie)
An abbreviation of robot, an automated software program that executes certain commands when it receives a specific input. See also zombie.
Mail Bomb
An attack designed to overwhelm the receiver with excessive quantities of e-mail.
Denial-of-Service (DOS) Attack
An attack that attempts to overwhelm a computer target's ability to handle incoming communications, prohibiting legitimate users from accessing those systems.
Brute Force Password Attack
An attempt to guess a password by attempting every possible combination of characters and numbers in it.
Availability
An attribute of information that describes how data is accessible and correctly formatted for use without interference or obstruction.
Confidentiality
An attribute of information that describes how data is protected from disclosure or exposure to unauthorized individuals or systems.
Integrity
An attribute of information that describes how data is whole, complete, and uncorrupted.
Penetration Tester
An information security professional with authorization to attempt to gain system access in an effort to identify and recommend resolutions for vulnerabilities in those systems.
Attack (Threat Event)
An intentional or unintentional act that can damage or otherwise compromise information and the systems that support it.
Availability Disruption
An interruption in service, usually from a service provider, which causes an adverse event within an organization.
Asset
An organizational resource that is being protected. An <term> can be logical, such as a Web site, software information, or data; or an <term> can be physical, such as a person, computer system, hardware, or other tangible object. <term>s, particularly information assets, are the focus of what security efforts are attempting to protect.
Threat
Any event or circumstance that has the potential to adversely affect operations and assets. The term threat source is commonly used interchangeably with the more generic term threat. While the two terms are technically distinct, in order to simplify discussion the text will continue to use the term threatto describe threat sources.
Spear Phishing
Any highly targeted phishing attack.
Cracking
Attempting to reverse-engineer, remove, or bypass a password or other access control protection, such as the copyright protection on software.
Ransomware
Computer software specifically designed to identify and encrypt valuable information in a victim's system in order to extort payment for the key needed to unlock the encryption.
Malware
Computer software specifically designed to perform malicious or unwanted actions.
Clickbait
Content such as e-mail attachments or embedded links crafted to convince unsuspecting users into clicking them, which results in more Web traffic for the content provider or the installation of unwanted software or malware.
Rooting
Escalating privileges to gain administrator-level control over a computer system (including smartphones). Typically associated with Linux and Android operating systems. See also jailbreaking.
Jailbreaking
Escalating privileges to gain administrator-level control over a smartphone operating system (typically associated with Apple iOS smartphones). See also rooting.
Cyberwarfare
Formally sanctioned offensive operations conducted by a government or state against information or systems of another government or state. Sometimes called information warfare.
Policy
Guidelines that dictate certain behavior within the organization. In business, a statement of managerial intent designed to guide and regulate employee behavior in the organization; in IT, a computer configuration specification used to standardize system and user behavior.
Disclosure
In information security, the intentional or unintentional exposure of an information asset to unauthorized parties.
Privacy
In the context of information security, the right of individuals or groups to protect themselves and their information from unauthorized access, providing confidentiality.
Polymorphic Threat
Malware (a virus or worm) that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for preconfigured signatures.
Information Security (InfoSec)
Protection of the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission, via the application of policy, education, training and awareness, and technology.
Accountability
The access control mechanism that ensures all actions on a system—authorized or unauthorized—can be attributed to an authenticated identity. Also known as auditability.
Authorization
The access control mechanism that represents the matching of an authenticated entity to a list of information assets and corresponding access levels.
Authentication
The access control mechanism that requires the validation and verification of an unauthenticated entity's purported identity.
Identification
The access control mechanism whereby unverified entities who seek access to a resource provide a label by which they are known to the system.
Information Extortion
The act of an attacker or trusted insider who steals information from a computer system and demands compensation for its return or for an agreement not to disclose the information. Also known as cyberextortion.
Mean Time to Diagnose (MTTD)
The average amount of time a computer repair technician needs to determine the cause of a failure.
Mean Time to Repair (MTTR)
The average amount of time a computer repair technician needs to resolve the cause of a failure through replacement or repair of a faulty unit.
Mean Time Between Failures (MTBF)
The average amount of time between hardware failures, calculated as the total amount of operation time for a specified number of units divided by the total number of failures.
Mean Time to Failure (MTTF)
The average amount of time until the next hardware failure.
Competitive Intelligence
The collection and analysis of information about an organization's business competitors through legal and ethical means to gain business intelligence and competitive advantage.
Industrial Espionage
The collection and analysis of information about an organization's business competitors, often through illegal or unethical means, to gain an unfair competitive advantage. Also known as corporate spying, which is distinguished from espionage for national security reasons.
Information Aggregation
The collection and combination of pieces of nonprivate data, which could result in information that violates privacy. Not to be confused with aggregate information.
Cyberterrorism
The conduct of terrorist activities by online attackers.
Intellectual Property (IP)
The creation, ownership, and control of original ideas as well as the representation of those ideas.
Shoulder Surfing
The direct, covert observation of individual information or system use.
Information Asset
The focus of information security; within the context of risk management, any collection, set, or database of information or any asset that collects, stores, processes, or transmits information of value to the organization. Here the terms data and information are interchangeable.
Theft
The illegal taking of another's property, which can be physical, electronic, or intellectual.
C.I.A. Triad
The industry standard for computer security since the development of the mainframe. The standard is based on three characteristics that describe the utility of information: confidentiality, integrity, and availability.
Domain Name System (DNS) Poisoning
The intentional hacking and modification of a DNS database to redirect legitimate traffic to illegitimate Internet locations. Also known as DNS spoofing.
Tools, Techniques, and Procedures (TTP)
The means and methods used by adversaries to attack an information asset. Also referred to as tactics, techniques, and procedures.
Noise
The presence of additional and disruptive signals in network communications or electrical power delivery.
Management
The process of achieving objectives by appropriately applying a given set of resources.
Planning
The process of creating designs or schemes for future efforts or performance.
Leadership
The process of influencing others and gaining their willing cooperation to achieve an objective by providing purpose, direction, and motivation.
Controlling
The process of monitoring progress and making necessary adjustments to achieve desired goals or objectives.
Social Engineering
The process of using social skills to convince people to reveal access credentials or other valuable information to an attacker.
Pharming
The redirection of legitimate user Web traffic to illegitimate Web sites with the intent to collect personal information.
Governance
The set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately, and verifying that the enterprise's resources are used responsibly.
Threat Agent
The specific instance or a component of a threat.
Organizing
The structuring of resources to maximize their efficiency and ease of use.
Software Piracy
The unauthorized duplication, installation, or distribution of copyrighted computer software, which is a violation of intellectual property.
Privilege Escalation
The unauthorized modification of an authorized or unauthorized system user account to gain advanced access and control over system resources.
Trespass
Unauthorized entry into the real or virtual property of another party.
Spam
Unsolicited commercial e-mail, typically advertising transmitted in bulk.