IT Security Dictionary

Adware: Software that displays advertising banners on web browsers. While not malware, many users consider adware invasive. Adware programs often create unwanted effects on a system, such as annoying popup ads and, in some instances, the degradation in either network connection or system performance.

Authentication/ Authenticity: The act of verifying the claimed identity of an entity. The property that ensures that the identity of a subject or resource is the one claimed and applies to entities such as users, processes, systems and information.

Chain Letters: Chain mail is forwarded e-mails that you then forward on. The e-mail threatens dire reprisals, monetary gains, health promises etc. They prey on the oldest human weakness – superstition. If you forward chain letters, stop! If others send them to you, stop them! The more you send, the more you will get. Sending or receiving chain letters increases your exposure to spam, scams and other junk mail.

Cookies: These text files are created on computers that visit web sites. They contain information on user browsing habits. When a user returns to a web site, a cookie provides information on the user's preferences and allows the site to display in customized formats and to show targeted content such as advertising. Cookies can collect user information that can then be obtained by another site or program for monetary gain.

Cracker (more commonly referred to as hacker): An individual who attempts to gain unauthorized access to a computer system. These individuals often have malicious intentions and many means at their disposal for breaking into a system. The more common term is hacker.

Denial of Service: An attack specifically to prevent the normal functioning of a system and lawful access to the system by authorized users. Hackers can cause denial of service attacks by destroying or modifying data, or by overloading the system's servers until service to authorized users is delayed or prevented.

eUSB (encrypted Universal Serial Bus) : A portable device (traditionally referred to as a memory stick), equipped (programmed) with encryption software that is used as an electronic means to store and/or transfer information.

E-mail Spoofing: The forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source. Distributors of spam often use spoofing in an attempt to get recipients to open, and possibly even respond to, their solicitations.

Encryption: The transformation of readable data or information into an unreadable stream of alpha/numeric using a reversible coding process.

Firewall: A software application or an IT system that acts as a security barrier between two network segments and mediates access between those two networks according to an approved set of rules. Firewalls protect a computer network from unauthorized access and are often considered the first line of defense in protecting a computer network against external threats. Network firewalls may also be configured to limit how internal users connect externally.

Hacker: Originally, this was any person who explored the details of programmable systems and how to stretch their capabilities. Now the term more commonly refers to individuals who seek and exploit unauthorized access to computer systems for the purpose of stealing or corrupting data.

Hoaxes - Hoaxes attempt to trick or defraud users. A hoax could be malicious, instructing users to delete a file necessary to the operating system by claiming it is a virus. Other hoaxes convince users to send money or volunteer personal information.

Keyloggers: Programs that log keyboard activity. Certain malware employ these programs to gather user information. Keyloggers usually catch and store all keyboard activity, from which valuable information may be obtained such as logon credentials and credit card numbers. Legitimate keylogging programs can be used by corporations to monitor employees, and by parents to monitor their children.

Macro Viruses: Unlike other virus types, macro viruses are not specific to an operating system and spread with ease via e-mail attachments, floppy disks, web downloads, file transfers, and cooperative applications. Popular applications that support macros (such as Microsoft Word and Microsoft Excel) are the most common platforms for this type of virus. Macro viruses infect at different points during a file's use; for example, when it is opened, saved, closed, or deleted.

Malware: Programs that perform unexpected or unauthorized malicious actions. It is a general term used to refer to both viruses and Trojans, which respectively include replicating and non-replicating malicious code. Also includes Bots and Spyware.

Need to Know Principle: This means that access to information and/or assets must be limited to individuals who have been security screened to a level equal to, or above the level of the information or asset, and whose duties require access to the information or asset. Personnel are not entitled to access information or assets for the purposes of convenience or personal interest, status, rank, office, or level of clearance.

Phishing: A form of identity theft, in which a scammer uses an authentic-looking e-mail from a legitimate business to trick recipients into giving out sensitive personal information (e.g. credit card, bank account, Social Insurance/Security numbers). The spoofed e-mail message urges the recipient to click on a link to update their personal profile or carry out some transaction. The link then takes the victim to a fake web site designed to look like the real thing (known as web site spoofing). Any personal or financial information entered is then routed directly to the scammer.

Portable Storage Devices (PSD) : An external digital storage device, including external hard drives and USB based memory sticks, along with Portable Medias such as Compact Disks and DVDs. All offer the ability for the fast, easy transfer of large amounts of information. Because of their portable nature, small size and ability to hold vast amounts of information, these devices (or Medias) can lead to an increased risk of information loss through loss, theft and/or unauthorized use/removal form departmental premises.

Sensitive Document Collaboration Service (SDCS) : The Sensitive Document Collaboration Service (SDCS) allows for secure electronic storage and handling of Protected “C” and ‘Secret’ information within a secure network location with the combined use of Access Control Lists and Entrust Encryption. It fully facilitates collaboration from multiple contributors across the department and supports Information Management and IT Security Policies and Procedures relating to the safeguarding of sensitive material. Employees using this repository require Secret Clearance for information higher than Protected C. Employees requiring access to this repository are asked to contact their SDCS Branch coordinator.

Social Engineering: A hacker’s method to gain access to buildings, computer systems or data by taking advantage of people rather than using technical hacking techniques, in an attempt to acquire sensitive information. Read more about social engineering.

Spam: The electronic version of “junk mail”. The term refers to unsolicited, often unwanted e-mail messages. Spam does not necessarily contain viruses, and valid messages from legitimate sources could fall into this category. To reduce the amount of spam you receive:

Don't distribute your e-mail address;
Check privacy policies of the site you are visiting;
Be aware of options selected by default;
Use filters;
Don't follow links in spam messages;
Disable the automatic downloading of graphics in HTML mail;
Don't spam other people.

Spyware: Software or hardware installed on a computer without the user's knowledge. It gathers information about the user for later retrieval by whoever controls the spyware. Spyware employs a user's Internet connection in the background without their knowledge. Getting rid of spyware is usually done with some kind of anti-spyware tool. If you are very familiar with the operating system, you can attempt a manual clean-up of spyware.

Trojan (or Trojan Horse): Program in which malicious or harmful code is contained within apparently harmless programming or data, in such a way that it can do its chosen form of damage. In one celebrated case, a Trojan Horse was distributed as a program purported to find and destroy computer viruses. A Trojan Horse may be widely redistributed as one part of a more troubling computer virus.

Virus: A program or programming code that self-replicates. Viruses can be transmitted as attachments to an e-mail or in a downloaded file, or be present on a diskette or CD. The immediate source of the e-mail note, downloaded file, or diskette you've received is usually unaware they are sending you a virus. Some viruses take immediate effect; others lie dormant until circumstances cause their code to be executed by the computer. Some viruses are benign or playful, but others can be quite harmful, erasing data or requiring your hard disk to be reformatted.

Web Site Spoofing: A replica of an entire trusted site, where all the links are under one phishing domain. Logos, fonts and colors of existing legitimate sites are used to make the spoofed site look realistic. It is predominantly used to swindle money from unsuspecting web surfers.

Worms: A self-replicating virus that does not alter files, but resides in active memory and duplicates itself. Worms reside in automated parts of an operating system and are usually invisible to the user. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks.