system of moral principles that human beings use to judge right and wrong and to devlop rules of conduct.
Natural laws and rights
ethical system that judges the morality of an action based on how well it adheres to broadly accepted rules, regardless of the action's actual consequences.
ethical system that judges whether an act is right or wrong by considering the consequences of the action, weighing its positive effects against its harmful ones.
Intellectual property (IP)
Intangible assets such as music, written works, software, art, designs, movies, creative ideas, discoveries, inventions and other expressions of the human mind that may be legally protected by means of copyrights or patents.
Digital rights management (DRM)
Technologies that software developers, publishers, media companies, and other intellectual property owners use to control access to their digital content.
protection of data about individuals.
intermediary server that receives and analyzes requests from clients and then directs them to their destinations; sometimes used to protect privacy.
term that encompasses the protection of an organization's information assets against misuse, disclosure, unauthorized access, or destruction.
malicious software designed to attack computer systems.
malicious software program that can damage files or other programs. Virus can also reproduce itself and spread to other computers by email, instant messaging, file transfer, or other means.
Software that monitors a user's activity on the computer and on the internet, often installed without the user's knowledge. May use the u=internet connection to send the data it collects to third parties.
monitoring software that records a user's keystrokes.
self-replicating program that sends copies to other nodes on a computer network and may contain malicious code intended to cause damage.
seemingly useful, or at least harmless, program that instalss malicious code to allow remote access to the computer, as for botnet.
combination of the terms robot and network referring to a collection of computers that have been compromised by malware and used to attack other computers.
Distributed denial of service (DDoS)
An attack in which computers in a botnet are directed to flood a single website server with rapid-fire page request, causing it to slow down or crash.
attempt to steal passwords or other sensitive information by persuading the victim, often in email, to enter the information into a fraudulent website that masquerades as the authentic version.
matrix that lists an organization's vulnerabilities, with ratings that assess each one in terms of likelihood and impact on business operations, reputation, and other areas.
Steps in incident response plan
Identify the threat, Contain the damage, Determine the cause, Recover the systems, Evaluate lessons learned.
Incidence response plan
plan that an organization uses to categorize a security threat, determine the cause, preserve any evidence, and also get the systems back online so the organization can resume business.
combination of two or more authentications a user must pass to access an information system, such as fingerprint scan combined with a password.
technique that scrambles data using mathematical formulas, so that it cannot be read without applying the key to decrypt it.
Public key encryption
security measure that uses a pair of keys, one to encrypt the data and the other to decrypt it. One key is public, widely shared with everyone, but the other is private, known only to the recipient.
defensive technical control that inspects incoming and outgoing traffic and either blocks or permits it according to rules the organization establishes. It can be a hardware device or a software program.
gateway service that permits users to log in once with a single user ID and password to gain access to multiple software applications.
art of manipulating people into breaking normal information security procedures or divulging confidential information.