Is a server outside a companys network that controls which communications pass into the companys network?

Glossary Chapter 5 acceptable use policy (AUP) Outlines the activities for which a computer and network may and may not be used. access control A security measure that defines who can access a computer, device, or network, when they can access it, and what actions they can take while accessing it. adware A program that displays an online advertisement in a banner or pop-up window on webpages, email, or other Internet services. audit trail Electronic file that records both successful and unsuccessful access attempt. back door A program or set of instructions in a program that allows users to bypass security controls when accessing a program, computer, or network. backup A duplicate of content on a storage medium that you can use in case the original is lost, damaged, or destroyed. biometric device Device that authenticates a person's identity by translating a personal characteristic, such as a fingerprint, into a digital code that is compared with a digital code stored in a computer verifying a physical or behavioral characteristic. biometric payment Payment method where the customer's fingerprint is read by a fingerprint reader that is linked to a payment method such as a checking account or credit card. bot A program that performs a repetitive task on a network. botnet A group of compromised computers or mobile devices connected to a network such as the Internet that are used to attack other networks, usually for nefarious purposes. Also called zombie army. browsing history A list of all websites you have visited over a period of time. Business Software Alliance (BSA) Alliance formed by major worldwide software companies to promote understanding of software piracy. CAPTCHA A program developed at Carnegie Mellon University that displays an image containing a series of distorted characters for a user to identify and enter in order to verify that user input is from humans and not computer programs. CERT/CC A federally funded Internet security research and development center. certificate authority (CA) Online providers that issue digital certificates. child Term used in three-generation backups to refer to the most recent copy of the file. ciphertext Encrypted (scrambled) data. clickjacking Scam in which an object that can be clicked on a website, such as a button, image, or link, contains a malicious program. cloud backup Backup method in which files are backed up to the cloud as they change. code of conduct A written guidelines that helps determine whether a specific action is ethical/unethical or allowed/not allowed. computer crime Any illegal act involving the use of a computer or related devices. Computer Emergency Response Team Coordination Center A federally funded Internet security research and development center. computer ethics The moral guidelines that govern the use of computers, mobile devices, and information systems. content filtering The process of restricting access to certain material. continuous data protection (CDP) Backup method in which all data is backed up whenever a change is made. cookie A small text file that a web server stores on your computer. copyright Exclusive rights given to authors, artists, and other creators of original work to duplicate, publish, and sell their materials. cracker Someone who accesses a computer or network illegally with the intent of destroying data, stealing information, or other malicious action. crimeware Software used by cybercriminals. cybercrime Online or Internet-based illegal acts such as distributing malicious software or committing identity theft. cyberextortionist Someone who demands payment to stop an attack on an organization's technology infrastructure. cyberforensics The discovery, collection, and analysis of evidence found on computers and networks. Also called digital forensics. cyberterrorist Someone who uses the Internet or network to destroy or damage computers for political reasons. cyberwarfare A cybercrime attack whose goal ranges from disabling a government's computer network to crippling a country. decrypt The process of decoding encrypted data. denial of service attack (DoS attack) An assault whose purpose is to disrupt computer access to an Internet service such as the web or email. differential backup Backup method that copies only the files that have changed since the last full backup. (or) Fast backup method that requires minimal storage space to back up. digital certificate A notice that guarantees a user or a website is legitimate. digital rights management A strategy designed to prevent illegal distribution of movies, music, and other digital content. digital security risk Any event or action that could cause a loss of or damage to computer or mobile device hardware, software, data, information, or processing capability. digital signature An encrypted code that a person, website, or organization attaches to an electronic message to verify the identity of the message sender. disaster recovery plan A written plan that describes the steps an organization would take to restore its computer operations in the event of a disaster. distributed DoS attack (DDoS attack) Type of DoS attack in which a zombie army is used to attack computers or computer networks. email spoofing Spoofing that occurs when the sender's address or other components of an email header are altered so that it appears that the email message originated from a different sender. employee monitoring The use of computers, mobile devices, or cameras to observe, record, and review an employee's use of a technology, including communications such as email messages, keyboard activity (used to measure productivity), and websites visited. encryption The process of converting data that is readable by humans into encoded characters to prevent unauthorized access. encryption algorithm A set of steps that can convert readable plaintext into unreadable ciphertext. Also called cypher. encryption key A set of characters that the originator of the data uses to encrypt the plaintext and the recipient of the data uses to decrypt the ciphertext. end-user license agreement (EULA) License agreement included with software purchased by individual users. Also called single-user license agreement. ENERGY STAR program Program developed by the United States Department of Energy (DOE) and the United States Environmental Protection Agency (EPA) to help reduce the amount of electricity used by computers and related devices. face recognition system Biometric device that captures a live face image and compares it with a stored image to determine if the person is a legitimate user. fingerprint reader Biometric device that captures curves and indentations of a fingerprint. Also called a fingerprint scanner. firewall Hardware and/or software that protects a network's resources from intrusion by users on another network, such as the Internet. full backup Backup method that provides the best protection against data loss because it copies all program and data files. (or) Fastest recovery method in which all files are saved. Also called an archival backup. grandparent Term used in three-generation backups to refer to the oldest copy of the file. green computing Practices that involve reducing the electricity and environmental waste while using a computers, mobile devices, and related technologies. hacker Someone who accesses a computer or network illegally. hand geometry system Biometric device that measures the shape and size of a person's hand. incremental backup Fastest backup method that requires minimal storage space to back up because only most recent changes are saved. (or) Backup method that copies only the files that have changed since the last full or incremental backup. information privacy The right of individuals and companies to deny or restrict the collection, use, and dissemination of information about them. information theft Illegal act that occurs when someone steals person or confidential information. intellectual property (IP) Unique and original works such as ideas, inventions, art, writings, processes, company and product names, and logos. intellectual property rights The rights to which creators are entitled for their work. IP Unique and original works such as ideas, inventions, art, writings, processes, company and product names, and logos. IP spoofing Spoofing that occurs when an intruder computer fools a network into believing its IP address is associated with a trusted source. iris recognition system Biometric device that uses iris recognition technology to read patterns in the iris of the eye. keygen Program that creates software registration numbers and sometimes activation codes. Short for key generator. license agreement The right to use a program or app, which provides specific conditions for use of the software and that a user typically must accept before using the software. MAC address A unique hardware identifier for a computer or device. Short for Media Access Control address. madware Adware on mobile phones. Short for mobile adware. malware Programs that act without a user's knowledge and deliberately alter the operations of computers and mobile devices. Also called malicious software. network license A legal agreement that allows multiple users to access software on the server simultaneously. off-site A location separate from the computer or mobile device site. online security service A web app that evaluates our computer or mobile device to check for Internet and email vulnerabilities. parent Term used in three-generation backups to refer to the second oldest copy of the file. passphrase Similar to a password; several words separated by spaces. password A private combination of characters associated with the user name that allows access to certain computer, mobile device, or network resources. payload The destructive event or prank a virus was created to deliver. personal firewall A security tool that detects and protects a personal computer and its data from unauthorized intrusions. phishing A scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and/or financial information. phishing filter A program that warns or blocks you from potentially fraudulent or suspicious websites. PIN A numeric password, either assigned by a company or selected by a user. plaintext Unencrypted, readable data. power usage effectiveness (PUE) A ratio that measures how much power enters the computer facility or data center against the amount of power required to run the computers and devices. private key encryption Encryption method where both the originator and the recipient use the same secret key to encrypt and decrypt the data. Also called symmetric key encryption. product activation Process in which users, either online or on the phone, provide the software product's identification number to associate the software with the computer or mobile device on which the software is installed. proxy server A server outside the organization's network that controls which communications pass into the organization's network. public key encryption Encryption method that uses two encryption keys: a public key and a private key. Also called assymetric key encryption. PUE A ratio that measures how much power enters the computer facility or data center against the amount of power required to run the computers and devices. restore Copying backed up files to their original location on a computer or mobile device. rootkit A program that hides in a computer or mobile device and allows someone from a remote location to take full control of the computer or device, often for nefarious purposes. script kiddie Cybercriminal who has the same intent as a cracker but does not have the technical skills and knowledge. secure site A website that uses encryption techniques to secure its data. selective backup Fast backup method that provides great flexibility. session cookie A file used by online shopping sites to keep track of items in a user's shopping cart. signature verification system Biometric device that recognizes the shape of your handwritten signature, as well as measures the pressure exerted and the motion used to write the signature. site license A legal agreement that permits users to install software on multiple computers-usually at a volume discount. social engineering Scam in which perpetrators gain unauthorized access to or obtain confidential information by taking advantage of the trusting human nature of some victims and the naivety of others. software piracy The unauthorized and illegal duplication of copyrighted software. Also called piracy. software theft Illegal act that occurs when occurs when someone steals software media, intentionally erases programs, illegally registers and/or activates a program or illegally copies a program. spoofing A technique intruders use to make their network or Internet transmission appear legitimate to a victim computer or network. spyware A program placed on a computer or mobile device without the user's knowledge that secretly collects information about the user and then communicates the information it collects to some outside source while the user is online. SSID A network name. Short for service set identifier. technology ethics The moral guidelines that govern the use of computers, mobile devices, information systems, and related technologies. trojan horse A destructive program that hides within or looks like a legitimate program. two-step verification Also known as two-factor verification, a computer or mobile device uses two separate methods, one after the next, to verify the identity of a user. unauthorized access The use of a computer or network without permission. unauthorized use The use of a computer or its data for unapproved or possibly illegal activities. user name A unique combination of characters, such as letters of the alphabet or numbers, that identifies one specific user. Also called user ID, log on name, or sign on name. Also called user ID. virtual private network (VPN) Network that provides a mobile user with a secure connection to a company network server, as if the user has a private line. virus A potentially damaging computer program that affects, or infects, a computer negatively by altering the way the computer works without the user's knowledge or permission. voice verification system Biometric device that compares a person's live speech with their stored voice pattern. VPN Network that provides a mobile user with a secure connection to a company network server, as if the user has a private line. web filtering software A program that restricts access to certain material on the web. worm Malware that resides in active memory and replicates itself over a network to infect machines, using up the system resources and possibly shutting down the system. zombie A compromised computer or device whose owner is unaware the computer or device is being controlled remotely by an outsider.

Is a program that hides within or look like a legitimate program?

What is an attack whose goal ranges from disabling a government's computer network to crippling a country?

Is a program that displays advertisements on a mobile device?

What is it called when an organization implements security procedures to protect the hardware network and software from intrusion?