INFORMATION SECURITY JARGON BUSTER

Malware – malicious software

Generic term for ‘rogue’ computer program code introduced to a computer or computer network by an outside agency to inflict damage to existing software, operating systems or information or to gain illegal access to information. For example such code can be self generating and pass from computer to computer via e-mail or other electronic communication.

Denial of Service

These are attacks designed to deny a particular service that you could rely on to conduct your business. For example designed to overtax a web server with multiple requests which are intended to slow it down and possibly cause it to crash.

Digital (or cyber) Crime

Terms commonly used to describe the growing threat to computers and the information stored on, and processed by, them.

Ethical Hacker

Term used to describe qualified and vetted IT professionals who are employed normally by reputable and established business organisations, to test the security of their clients’ IT infrastructures by attempting to hack into them and show how sensitive information might be accessed or corrupted.

Firewall

A Firewall is a gateway into the computer or network from the outside world. A firewall can be installed on an individual computer as part of the operating system or as part of separate Security software (e.g. McAfee), or can be a separate piece of hardware with suitably configured software providing a gateway into a network. The key to an effective firewall is ensuring that it is configured properly and kept up to date otherwise its’ effectiveness is compromised.

Hacker

Most common term used to describe the perpetrators of Digital crime. In the early days of the internet it was headlines like ‘Student hacks into Defence Department computer’ which grabbed the attention, now the Hacker is more often a professional criminal intent on gaining financial reward from ‘hacking’.

ISMS

Information Security Management System – is the collection of Standards, Procedures and Policies specifically targeted at maintaining the security and integrity of all company information (electronic or hard copy). The objectives and scope of the ISMS are defined by the ISMS Policy.

ISMS Policy

See above.

ISO27001

The international standard against which an ISMS can be accredited.

Key Logging

Another means of obtaining secure user information without the users knowledge, in this case a computer program is introduced into the computer which will record keystrokes as the user is entering data and transmit these back to the criminal.

Password Crackers

Used by hackers to identify passwords, these can be run in the background for considerable time without a users knowledge to automatically generate passwords and attempt login to identified user profiles on the computer system. Because they can go undetected and run for significant time the number of different password combinations they can try is almost unlimited. They are proven to be very effective.

Vulnerability Assessment

Generally refers to the first level of test conducted by an Ethical Hacker during which the IT infrastructure will be tested for vulnerabilities which a hacker could exploit.

Penetration Test

Takes the Vulnerability Assessment a step further to show exactly how a hacker can exploit identified vulnerabilities.

Pharming

The purpose of this is similar to Phishing (i.e. to persuade a user to part with secure information), but instead of using e-mail the criminal manages to replicate a genuine website and lure the user into using this instead of the genuine site it is mirroring. The lock you see on a genuine secure site (indication that the site is protected with a digital certificate) is one way in which this can be combated.

Phishing

These are e-mails sent by someone with criminal intent purporting to be a legitimate service provider asking for confidential user details (e.g. user accounts, passwords, personal identification numbers, credit card details etc.).

Scanning

By use of vulnerability scanners all discovered hosts would be tested for vulnerabilities. The result would then be analysed to determine if there any vulnerabilities that could be exploited to gain access to a target host on a network.

Social Engineering

Normally uses a limited range of distinct subject matter to entice users to open and run an attachment say. Usually associated with phishing/E-mail type attacks.

The main themes are:

Sexual - Sexual ideas/pictures/websites,
Curiosity - Friendly themes/appealing to someone’s passion or obsession,
Fear - Reputable sources/virus alert,
Authority - Current affairs/bank e-mails/company e-mails.

Spam

Term generally applied (in the context of electronic Information Security) to unwanted and unsolicited e-mails which, as well as being annoying and clogging up a computer network, can be a means by which viruses are introduced to a computer or computer network.

SQL Injection

When a hacker interactively executes unexpected SQL commands on the database server by adding additional syntax into standard parameters, this may enable the hacker to gain escalated privileges or to change data.

Trojans (Trojan Horses)

Is computer software which a hacker will introduce to your computer system and could go unnoticed providing a ‘back door’ by which the hacker can access secure information. For example key logging will be achieved using a Trojan.