This article can also be found in the Premium Editorial Download "Information Security magazine: CISO survival guide: 18 of the best security tips."
Download it now to read this article plus other related content.
Lost in Translation
There's a lot of jargon in security that can turn off business executives. Here are some common terms translated into plain English.
A group of compromised computers used without their owners' knowledge by Internet criminals to send spam, viruses, or launch DDoS attacks.
Distributed Denial of Service. Online attackers use multiple compromised computers to send a flood of messages to a target system such as an e-commerce site, forcing it to shut down, preventing legitimate users from accessing the site.
Demilitarized zone. A subnetwork between a company's private network and the outside public network, where organizations often place their Web servers.
An attack on a computer system that takes advantage of a vulnerability on the system.
Host Intrusion Detection Systems/Network Intrusion Detection Systems. HIDS are installed on individual computers to detect attacks. NIDS monitor network traffic for potential attacks.
Testing the security of a system or network by trying to break its controls and gain access.
An attacker sends a series of messages to a computer to figure out which network services it has in order
to probe those services for vulnerabilities. Each service is associated with a port number.
A collection of programs that provides administrator-level access to a computer. An attacker that breaks through the user-access controls of a computer can install a rootkit, which can hide the intrusion and provide privileged access.
Less skilled hacker; typically uses existing programs and scripts to launch attacks.
Fraudulent email that targets a specific organization and aims to fool the recipient into divulging confidential data. Generally, the message will appear to come from someone within the recipient's company, such as an IT administrator.
A computer program that appears harmless but contains malicious code.
An exploit that takes advantage of a vulnerability that isn't generally known until the exploit surfaces; consequently no patch is available.
This was first published in July 2007