Computer Fraud Abuse Act
This law makes it a federal crime to access classified information or financial information without authorization.
Electronic Communication Privacy Act
These laws make it illegal to intercept any communication, regardless of how it was transmitted.
Certified Information Systems Security Professional (CISSP)
Non-vendor-specific, certification issued by the International Information Systems Security Certification Consortium Inc. (ISC2)
Users who attempt to break into a computer system or network with the owner's permission.
Global Information Assurance Certification (GIAC)
An organization founded by the SANS Institute in 1999 to validate the skills of security professionals. GIAC certifications encompass many areas of expertise in the security field.
the company might give a tester some information about which OSs are running but not provide any network topology information (diagrams of routers, switched, switches, intrusion detection systems firewalls, and so forth).
A user who attempts to break into a computer system or network without authorization fromt he owner
Institute for Security and Open Methodologies (ISECOM)
A nonprofit organization that provides training and certification programs for security professionals.
Open Source Security Testing Methodology Manual (OSSTMM)
This security manual developed by Peter Herzog has become one of the most widely used security-testing methodologies to date.
OSSTMM Professional Security Tester (OPST)
An ISECOM-designated certification for penetration and security testers. See also Institute for Security and Open Methodologies (ISECOM).
A derogatory term for unskilled crackers or hackers who steal program code and use it to hack into network systems instead of creating the programs themselves.
In this test a security professional performs an attack on a network with permission from the owner to discover vulnerabilities; penetration testers are also called ethical hackers.
Similar to packet monkeys, a term for unskilled hackers or crackers who use scripts or programs written by others to penetrate networks.
network; they also analyze security policies and procedures
report vulnerabilities to management and recommend solutions
SysAdmin Audit Network Security (SANS) Institute
Founded in 1989 this organization conducts training worldwide and offers multiple certifications through GIAC in many aspects of computer security and forensics.