An agreement between two or more entities to allow access to data or information. Details the controls that are to be put in place to protect the data, including how the data will be used, stored, shared and disposed of.
A cipher selected as an official Federal Information Processing Standard (FIPS) for the United States in 1976, and which has subsequently enjoyed widespread use internationally. The algorithm is a sixteen round block cipher which uses a 64bit block and a 56bit key.
Interruption in an authorised user's access to a computer network, typically with malicious intent. A DOS attack is a cyber-attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet or the organisation’s Intranet.
A documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster. Such a plan, ordinarily documented in written form, specifies procedures the organisation is to follow in the event of a disaster.
A set of standards that describe document processing, encryption algorithms and other information technology standards for use within non-military government agencies and by government contractors and vendors who work with the agencies. (United States of America Federal.)
A message authentication code that makes use of a cryptographic key along with a hash function.
The ability of the anti-virus software to detect patterns of behavior on the machine
A system that monitors a network for malicious activities such as security threats or policy
A software update comprised code inserted (or patched) into the code of an executable program.
The security-oriented probing of a computer system or network to seek out vulnerabilities
A software program that provides cryptographic privacy and authentication for data communication.
A hacker gains access to a group of computers and then uses them to carry out a variety of attacks on other computers
Cross-site request forgery (or “sea-surf”) attack. Malware from someone who appears to be a trusted user of a site
Distributed denial of service attack. Flooding a network or website or network with requests, making it impossible for legitimate users to access the site
Phony email, usually an alert about a non-existent threat, that is passed throughout a system by a large number of individuals who believe it to be true – and that overwhelms the system as a result
Recording the keystrokes made by an authorized user
Redirecting users from a legitimate site to a bogus one; information entered on the phony site is captured for fraudulent purposes
Directing users to a bogus site through an email that appears legitimate; information entered on the phony site is captured for fraudulent purposes
Restricts access to a computer; owner must pay ransom to have it removed
Making small, undetectable changes over an extended period of time; “penny shaving” is a type of salami attack
Scam software that appears to be legitimate, to encourage download
Phishing using text messages rather than emails
Accessing a secure network by changing the remote computer’s IP address to that of a computer with special privileges; often used in DDoS attacks
Tricking a user (through an email or phone call) into entering credit card information into a bogus voice response system; information entered into the phony system is captured for fraudulent purposes
Cross-site scripting attack. Malware injected into a trusted site, presented through a hyperlink
Changing the appearance of a website and/or reducing its usability, usually by replacing the legitimate website with a phony one