Business Security Consultants

Business Security Consultants, Inc.

Securing the Future of Your Business

Information Systems Security Assessment

Business Continuity Plans

White Papers

Information Systems Security - Terminology

Compliance: PCI & HIPPA

Webinars

Home

Support

Information Systems Security - Terminology

Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction.

The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users. The terms computer system security, means the collective processes and mechanisms by which sensitive and valuable information and services are protected from publication, tampering or collapse by unauthorized activities or untrustworthy individuals and unplanned events respectively.

The main goals of Information Security are to protect the confidentiality, integrity and availability of information (known as the CIA triad).

Information Systems Security - Terminology

Botnet: A botnet is a collection of infected computers that are remotely controlled by a hacker. Once a computer is infected with a bot, the hacker can control the computer remotely via the internet. From then on, the computer is a “zombie,” doing the bidding of the hacker, although the user is completely unaware. Collectively, such computers are called a botnet. The hacker can share or sell access to control the botnet, allowing others to use it for malicious purposes.
Brute force attack: it is an attack in which hackers try a large number of possible key or password combinations to gain unauthorized access to a system or file.
Buffer overflow: A buffer overflow occurs when a program stores excess data by overwriting other parts of the computer’s memory, causing errors or crashes.
Denial Of Service (DoS): A type of attack that denies legitimate users access to a server or services by consuming sufficient system resources or network bandwidth or by rendering a service unavailable.
Encryption Algorithm: A mathematical formula or method used to scramble information before it is transmitted over unsecured media.
Firewall: A hardware device or software application designed to filter incoming traffic based on predefined rules and patterns. Firewalls can filter traffic based on protocol uses, source or destination addresses, and port addresses; and they can even apply state-based rules to block unwanted activities or transactions.
Malware: A general term for malicious software including viruses, worms, Trojan horses and spyware. Many people use the terms malware and viruses interchangeably.
Patches: Software add-ons designed to fix software bugs, including security, in operating systems or applications. Patching against new security vulnerabilities is critical to protect against malware. Many
high-profile threats take advantage of security vulnerabilities, such as Conficker. If your patches are not applied or not up to date, you risk leaving your computer open to hackers.
Phishing: the process of tricking recipients into sharing sensitive information with an unknown third party. Typically, you receive an email that appears to come from a reputable organization, such
as a bank. The email includes what appears to be a link to the organization’s website. However, if you follow the link, you are connected to a replica of the website. Any details you enter, such as account numbers, PINs or passwords, can be stolen and used by the hackers who created the bogus site.
Ransomware : Software that denies you access to your files until you pay a ransom. In the past, malicious software typically corrupted or deleted data, but now it can hold your data hostage instead. For example, the Archiveus Trojan copies the contents of the My Documents folder into a password-protected file and then deletes the original files. It leaves a message telling you that you require a 30-character password to access the folder, and that you will be sent the password if you make purchases from an online pharmacy.
Rootkit: A piece of software that hides programs or processes running on a computer. It is often used to conceal computer misuse or data theft. A significant proportion of current malware installs rootkits upon infection to hide its activity. A rootkit can hide keystroke loggers or password sniffers, which capture confidential information and send it to hackers via the internet. It can also allow hackers to use the computer for illicit purposes (e.g., launching a denial-of-service attack against other computers, or sending out spam email) without the user’s knowledge.
Virtual Private Network (VPN): A popular technology that supports reasonably secure, logical, private network links across some unsecure public networks such as the Internet. VPNs are more secure than traditional remote access because they can be encrypted and because they support tunneling (the hiding of numerous types of protocols and sessions within a single host-to-host connection).
Worm: A special type of virus designed primarily to reproduce and replicate itself on as many computer systems as possible. It normally does not alter files but rather remains resident in a computer's memory. They usually rely on access to operating systems capabilities that are invisible to users.