Access Control System The system of preventing unauthorised access to the resources of an IT product, programs, processes, systems, or other IT products. Some suppliers consider preventing unauthorised users from logging on to the system to be access control. In reality, access control should also stop logged on users accessing objects (files, devices, etc) for which they have no authorisation.

Accessibility The fast adoption of Information Technology has made access to information easier and cheaper especially through the Internet. As more and more information and services are delivered to the public through the Internet, we certainly do not want to exclude people with special needs from enjoying the services. Not only does an "accessible" web site improve service to people with disability, it also caters for readers with slow modems, and less sophisticated browsers.

Address Spoofing Compromising the address to make the receiver to believe they originated from the actual sender.

Administrative It refers to the aspects of policies, procedures, security awareness, etc.

AES Advanced Encryption Standard (AES) will become a federal standard for the encryption of commercial and government data, and is intended to replace DES. National Institute of Standards and Technology (NIST), a division of US Department of Commerce, is currently taking nominations for the AES. Public was invited to propose suitable block ciphers as candidates of AES.

http://www.infosec.gov.hk Page 1 of 21 Glossary for Information Security & Prevention of Computer Related Crime

Anti-antivirus Virus A virus that attacks, disables, or avoids infecting specific anti-virus software. Also called a retrovirus.

Anti-virus Software A software that is designed to stop viruses, eliminate viruses, and/or recover data affected by viruses.

Antivirus Virus A virus that specifically looks for and removes another virus.

Application Gateway A system used to restrict access to services or functions across a firewall boundary.

Asymmetric Encryption Two different keys are used with one for encryption and the other for decryption. The decryption key cannot be derived from the encryption key.

Audit Trail Audit trail is defined as a chronological record of system activities to enable the reconstruction and examination of the sequence of events and/or changes in an event.

Authentication A process or method to identify and to prove the identity of a user/party who attempts to send message or access data. Message authentication refers to a process used to prove the integrity of specific information.

Authentication Token A portable device operates by using challenge/response, time sequence, or other techniques in order to authenticate a user.

Authorisation A process to grant rights to a person for accessing data or using specific information resources.

Availability A condition in which information or processes are reasonably accessible and used by an authorised party including timely and critical operations.

http://www.infosec.gov.hk Page 2 of 21 Glossary for Information Security & Prevention of Computer Related Crime

allow a hacker to monitor almost everything on the affected computer such as steal data from it, upload and activate viruses on it, erase information and so on.

Backup Copies of programs, databases and other files made with the purpose of allowing the information to be restored if it is lost due to computer failure, virus infection or other unforeseen event.

Basic In/Out System (BIOS) Chips on the motherboard of a computer contain read only memory instructions that are used to start up a computer. The operating system of a PC also makes use of BIOS instructions and settings to access hardware components such as a disk drive. Some BIOS/CMOS settings can be set to scan for viruses, causing problems for some installation programs.

Biometrics Use of measurable physiological characteristics to authenticate a user such as fingerprints or facial characteristics.

Boot To start a computer so that it is ready to run programs for the user. A PC can be booted either by turning its power on, (Cold Boot) or by pressing Ctrl+Alt+Del (Warm Boot).

Boot Sector Virus Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive, the virus can spread.

Bug An error in the design or implementation of a program that causes it to do something that neither the user nor the program author had intended to be done.

http://www.infosec.gov.hk Page 3 of 21 Glossary for Information Security & Prevention of Computer Related Crime

Certificate An electronic document attesting to the binding of a public key to an individual or entity. It allows verification of the claim that a specific public key belongs to a specific individual. A certificate is issued and digitally signed by a trusted third party or Certification Authority.

Certification Authority A trusted authority or party that digitally signs certificates in order to validate the identity of a person or party.

Certificate Management A management mechanisms includes tasks of storage, dissemination, publication, revocation and suspension of certificates.

Certificate Revocation Lists Certificate Revocation Lists (CRL) are periodically issued lists, digitally signed by the Certification Authority, of identified certificates that have been suspended or revoked prior to their expiration dates. It normally shows information such as the CRL issuer's name, date of issue, suspended or revoked certificate's serial numbers.

Certificate Servers A server which performs the certification process of public keys.

Challenge/Response An authentication technique used by a system/server to authenticate a user. A server usually sends an unpredictable challenge (a set of numbers or letters) to the user, and the client/user will then compute a response using some special form of authentication token.

Chat Rooms A chat room is a Web site, part of a Web site, or part of an online service, that provides a venue for communities of users with a common interest to communicate in real time.

Ciphertext A scrambled, unreadable contents of an encrypted, secretive message or data which is converted from plaintext using an encryption algorithm.

http://www.infosec.gov.hk Page 4 of 21 Glossary for Information Security & Prevention of Computer Related Crime

Cluster This is the unit of disk storage used by the operating system. A cluster consists of one or several logical disk sectors, located sequentially. The length of a cluster on floppy disks is usually 1 or 2 sectors, on hard disks it is generally 4 or 8.

CMOS Abbreviation for Complimentary Metal Oxide Semiconductor. A battery-powered chip in computers that preserves basic data about system' s hardware.

Cold Boot Start the computer by switching on the power. A cold boot recycles the computer's random access memory (RAM), thus removing any viruses that might be present in memory.

Companion Virus A virus that creates a new program with the same file name as an existing program, but in a different place or with a different file type, so that typing the program's name on the command line causes the virus program to be executed instead of the original program.

Compromise A violation of a security policy in which an unauthorised disclosure or lost of sensitive information may be resulted.

Confidentiality The condition in which the sensitive data is protected and disclosed to authorised parties only, e.g. assurance of privacy using encryption or other methods.

Cookie A piece of information or code sent by a Web Server to a Web Browser such that the Browser software is expected to save and send back to the Server whenever the Browser makes additional requests. Cookie may contain information such as login or registration information.

http://www.infosec.gov.hk Page 5 of 21 Glossary for Information Security & Prevention of Computer Related Crime

of a handful of fairly well-known tricks that exploit common weaknesses in the security of target systems.

CRC Cyclic Redundancy Code. A CRC is a type of checksum. A checksum algorithm takes a file (or other string of bytes) and calculates from it a few bytes (the checksum) that depend on the entire file. The idea is that, if anything in the file changes, the checksum will change. CRC checksums are usually used to detect random, uncorrelated changes in files.

Cross-certification A condition in which two or more different certificate issuing authorities trust among themselves by issuing certificates having the other as the subject of the certificate.

Cryptography Cryptography is the art of keeping messages secret by using different methods. It normally deals with all aspects of secure messaging, authentication, digital signatures, and electronic money. Cryptanalysis is the art of breaking these methods. Cryptology is the study of cryptography and cryptanalysis.

Data Driven Attack A form of attack encoded in innocuous-seeming data which is then executed by a user or software to enforce the attack.

Debugging A process of testing a program and figuring out where the problems are to make the program works as intended. Some bugs are like viruses but are removed by the skilled programmer as they realize the errors in their programming statements.

Decryption The reverse process of encryption in which encoded messages or ciphertext is decoded from its protected, scrambled form into original plaintext so that they can be easily readable.

Denial of Service A prevention of the use of information resources either intentionally or unintentionally, which affects the availability of the information resources. Examples of such attacks are SYN flood, Ping O death and Ping flooding.

http://www.infosec.gov.hk Page 6 of 21 Glossary for Information Security & Prevention of Computer Related Crime

government for the encryption of commercial and government data. US government has started to use Triple-DES (input data is encrypted three times using DES) until Advanced Encryption Standard (AES) is ready for general use.

Detective Detective controls are used to identify undesirable events that have occurred.

Diffle Hellman A mechanism which is used for setting up a secret and unauthenticated connection between two parties.

Digital Certificate A certificate in electronic format such that data stored in the certificate can be used to verify the identity of the owner of the certificate. The certificate usually contains information such as user's public key, name and email address.

Digital Signature A block of data which is generated using some secret/private key, and only the corresponding public key can be used to verify that this block of data was really created by that private key. Digital signature is usually used to verify whether a message really comes from the claimed originator, and simultaneously guarantees the integrity of the message.

Direct Infector It is a virus that activates when an infected file is executed.

Disassembler This is a utility which translates machine instructions to assembly language. Such utilities are valuable for debugging programs and also for virus analysis.

DNS Domain Name System (DNS) is a distributed database system used to map IP addresses to host names.

DNS Spoofing Pretend to be the DNS name of another system by compromising the domain name server for a valid domain.

http://www.infosec.gov.hk Page 7 of 21 Glossary for Information Security & Prevention of Computer Related Crime

DOS Boot Record The first physical sector on a floppy disk or the first logical sector of a hard disk partition. It identifies the disk' s architecture and contains the boot program.

Downloading Software and Other Files Downloading is the transmission of a file from one computer system to another, usually smaller computer system. From the Internet user's point-of-view, to download a file is to request it from another computer (or from a Web page on another computer) and to receive it.

Dropper A dropper is a program that installs a virus or Trojan Horse. Dropper by itself is not a virus.

Email Electronic mail. A message sent or retrieved electronically. The term is also used as a verb: "to email someone" is to send that person a message by electronic means. The software used to send and receive email is called email client software.

Encryption A process to encode the contents of message so as to hide it from outsiders. That is, it is a process of scrambling and transforming data from an easily readable and understandable format (plaintext) into an unintelligible format that seems to be useless and not readily understandable (ciphertext).

Error Log The log which records all the errors encountered in a system.

EXE File A PC-DOS executable file similar to a COM file, except that it is not restricted in size (except for memory limitations), and that it may contain relocatable code.

Extranet A collaborative network that uses Internet technology to link businesses with their suppliers, customers, or other trading partners. The information can be shared among these parties or open to public.

http://www.infosec.gov.hk Page 8 of 21 Glossary for Information Security & Prevention of Computer Related Crime

File Infector Virus Some viruses infect executable files. There are a variety of mechanisms that they use to do so. Usually, the virus will get control when the program is first executed. In most cases, the virus will return control to the original program after it has completed its own execution.

Filtering Router A router or system used to check the source and destination network addresses of data packets, and either permits or denies the packet passing through.

Firewall A firewall is a system or combination of systems that helps to prevent outsiders from obtaining unauthorised access to internal information resources. The firewall enforces the access control policy, i.e. permit or deny, between two networks. It provides a single point where access control and audit can be imposed.

Hacker A person who illegally gains access to your computer system.

Hacking Hacking means illegally accessing other people's computer systems for destroying, disrupting or carrying out illegal activities on the network or computer systems.

Hash A one-way algorithm which maps or translates one set of bits into another (generally smaller) in such a way that the algorithm yields the same hash results every time for the same message, and it is computationally infeasible for a message to be reconstituted from the hash result. Also, two different messages cannot produce the same hash results.

Heuristic This is a technique for assessing the probability that a file contains a computer virus.

http://www.infosec.gov.hk Page 9 of 21 Glossary for Information Security & Prevention of Computer Related Crime

proliferation of pointless emails that can increase to such an extent that they overload systems.

Host Any computer on a network that is a repository for services available to other computers on the network.

HTTP Hypertext Transfer Protocol (HTTP) is an application-layer protocol which allows the transfer of text, graphics, sound or movies over the World Wide Web via a hypertext interface of a web browser.

ICQ ICQ ("I Seek You") is a program you can download that will let you know when friends and contacts are also online on the Internet.

Impacts Results of an unwanted incident.

Inoculate To generate information or data about a file that can be used to verify the integrity of the file at a later time.

Insider Attack An attack originating from the inside of an internal network.

Integrity A condition in which the data has not been changed or destroyed in an unauthorised way, such that the current state is identical with the original state before transmission.

Integrity Check A mechanism to verify that the present state of data has not been tampered or modified, often using digital signatures or hashing algorithms.

Internet The world's largest collection of networks ranging from small organisations to large corporations, universities or governments.

http://www.infosec.gov.hk Page 10 of 21 Glossary for Information Security & Prevention of Computer Related Crime

Intrusion Detection A method or process to detect the break-ins or attempts to attack via the use of software systems which operate on the network. Intrusion detection systems often combine the network monitoring with real-time capture and analysis in order to identify for attacks.

IP Internet Protocol (IP) is a fundamental protocol used in TCP/IP networking which is used to address and deliver datagrams across the Internet.

IP Address A 32-bit address which shows a unique node on an IP network.

IP Spoofing A specific type of address spoofing. An attack in which a system impersonates another system by using its IP network address.

Kerberos A distributed authentication system which can identify the users, client and server applications to each other.

Key Distribution System A security facility for the purpose of generating and distributing key in electrical form.

Key Escrow A mechanism for providing storage of private keys in order to ensure that third party can access to the encrypted data.

Key Exchange A mechanism for transferring secret keys securely across an untrusted channel.

Key Generation A process of creating key pairs during certificate application process.

Key Length Number of bits used to represent the key size.

Key Management The process of storing, managing or distributing keys to authorised parties.

http://www.infosec.gov.hk Page 11 of 21 Glossary for Information Security & Prevention of Computer Related Crime

management system, otherwise the security of all encrypted data may be collapsed if a compromise exists.

Linux Linux is an example of Open Source Software designed to provide personal computer users a free or very low-cost operating system. Linux is publicly open and extendible by contributors.

Logic Bomb A Trojan Horse, which is left within a computing system with the intent of it executing when some condition occurs. The logic bomb could be triggered by a change in a file, by a particular input sequence to the program, or at a particular time or date. Logic bombs get their name from malicious actions that they can take when triggered.

Macro Viruses Macro viruses are programs written in the macro language which is provided with some software applications (word processors, spreadsheets, etc.) To propagate, macro viruses exploit the capabilities of the macro languages to transfer themselves from one infected file (document or spreadsheet) to another.

Mailbomb A mail bomb is the sending of a massive amount of email to a specific person or system. A huge amount of mail may simply fill up the recipient's disk space on the server or, in some cases, may be too much for a server to handle and may cause the server to stop functioning.

Malicious Code Attack Malicious code refers to viruses, worms, Trojan horses and other undesirable software. Attack made by using such software is to cause disruption either by deleting files, sending emails, or rendering the host system inoperable.

Master Boot Record (MBR) The first physical sector on a hard disk. It contains the master boot record program and information on how a hard disk is partitioned.

http://www.infosec.gov.hk Page 12 of 21 Glossary for Information Security & Prevention of Computer Related Crime

program does not leave its code in memory after termination and the memory area that it occupied is freed.

Message Digest A summary or compact representative of a message which changes with the original message.

MIME Multipurpose Internet Mail Extensions (MIME) is a standard for attaching non-text files to the standard Internet mail messages.

Multipartite Multipartite viruses usually infect both boot records and files.

Name Resolution A process of mapping a host name to an IP address.

Network Management System A generic term used to describe systems or actions that help maintain, characterize, or solve problems on a network.

News Groups A newsgroup is a discussion about a particular subject consisting of notes written to a central Internet site and redistributed through Usenet, a worldwide network of news discussion groups.

Non-repudiation Provide proof of the origin such that the sender cannot deny sending the message, and the recipient cannot deny the receipt of the message.

One-time Passwords Passwords which are generated and only used once for authentication, and will not be reused for next time authentication.

Overwriting Viruses This is a type of file virus which overwrites the contents of a target file with its own code, destroying the original contents of the target file.

Packet A unit of protocol data.

http://www.infosec.gov.hk Page 13 of 21 Glossary for Information Security & Prevention of Computer Related Crime

Packet Flooding A packet is the unit of data that is routed between an origin and a destination on the Internet or any other network. Packet flooding is the forwarding by a router of a packet from any node to every other node attached to the router except the node from which the packet arrived. Packet flooding is a way to distribute routing information updates quickly to every node in a large network.

Packet Sniffing A technique which uses network monitoring tools to eavesdrop on packets passing through a network. This technique can be used as a form of attack.

Parasitic Viruses A type of file virus which changes the contents of the target file while infecting it. This leaves the original contents of the file completely or at least partly not usable.

Partition Table A table in the master boot record of a hard disk that specifies how the disk is set up, such as the size and location of the partitions, which operating system each partition uses, and which partition the computer will boot from.

Password A private and unique series of numbers or letters which enable a user to gain access to a system or service. A passphrase is a longer password.

Payload This is a term used to describe the activity initiated by a virus. Typical virus payloads include displaying a message or deleting files.

PEM Privacy Enhanced Mail (PEM) is a standard for message encryption and authentication of senders.

PGP Pretty Good Privacy (PGP) is an application protocol which is commonly used for encryption and authentication for email messages and data files.

http://www.infosec.gov.hk Page 14 of 21 Glossary for Information Security & Prevention of Computer Related Crime

Ping O Death A denial of service attack that sends a ping message of greater than 65,536 bytes so as to crash a system.

PKI A Public Key Infrastructure (PKI) consists of protocols, services and standards supporting the public key cryptography applications. It often includes services and protocols for managing the public keys through the use of Certification Authority.

Plaintext A message text or data that is freely readable and understandable by anyone.

Polymorphic Virus A type of virus that changes its telltale code segments so that it " looks" different from one infected file to another, thus making detection more difficult.

Port A 16-bit identifiers for TCP or UDP which serves to identify which process or application is sending or receiving data.

Preventative Preventative controls aim to deter and avoid undesirable events from taking place.

Private Key A data file storing a mathematical key which is assigned and known only to a single individual, used for creating digital signature and decrypting messages previously encrypted by the sender, using the individual's own public key.

Protocol A set of rules for governing the transmission and receipt of data.

Proxy A software that can accept or reject the connection of a user to the target destination with some kind of rules or authentication mechanisms.

http://www.infosec.gov.hk Page 15 of 21 Glossary for Information Security & Prevention of Computer Related Crime

the messages or files which can then be decrypted with the corresponding private key.

Public Key Cryptography A technique that uses a pair of keys for encryption and decryption. One key is used by the sender to encrypt the message, namely the public key. The other key, the private key is used to decrypt the message received from the sender.

Random Access Memory (RAM) The computer's working memory that determines the size and number of programs that can be run at the same time, as well as the amount of data that can be processed instantly.

Reactive Reactive controls are used to respond to undesirable events that have occurred.

Registration Authority An entity trusted to register other entities in applying for certificate and revoking their certificates. The authority may assign each applicant a relative distinguished value or name for the new certificate applied.

Repudiation Denial by an entity involved in a communication.

Resident Extension In PC-DOS, programs can install a part of themselves in memory, and this part can remain active after the program has ended. This memory resident part is called a resident extension, since it is effectively an extension to the operating system. Many viruses install themselves as resident extensions, which will then look for files to infect when those files are accessed or executed later.

RSA Rivest-Shamir-Adleman is a popular public key cryptosystem which offers encryption and digital signing functions.

http://www.infosec.gov.hk Page 16 of 21 Glossary for Information Security & Prevention of Computer Related Crime

S/MIME Secure Multi-purpose Internet Mail Extension (S/MIME) is a specification for encrypting and authenticating MIME data.

Seals of Approval Symbols of security granted by an independent audit organization to reassure that proper security measures have been put into place.

Secure Channel A communication path which can provide some means of protection from security threats.

Security Incident It is an adverse event that poses a threat to your computer in respect of confidentiality, integrity, availability, non-repudiation and authentication.

Security Management System One of five categories of network management defined by ISO for the management of OSI networks. Security management subsystems are responsible for controlling access to network resources, such as functions that enable the changing of passwords and alter the identifications and security classes of communications channels including integrity and resilience of the management capability.

Security Policy A document which states the requirements and good practices regarding the security protections and operational control.

Security Risk Assessment It refers to the process of identifying and analyzing the risks, vulnerabilities and threats that may affect information assets.

Self-Extracting Files A file which, when run, decompresses part of itself into one or more new files. It is common to store and transmit groups of files in a self-extracting file to conserve both disk space and transmission time.

Server Authentication It allows a client to identify that it is communicating with the target party, not a malicious third party.

http://www.infosec.gov.hk Page 17 of 21 Glossary for Information Security & Prevention of Computer Related Crime

order to protect data during transmission. It is created at the beginning of a communications session.

S-HTTP Secure HyperText Transfer Protocol (S-HTTP) is an extension of the HTTP with security enhancements for WWW-based commerce.

SKIP Simple Key Management Protocol (SKIP) is an authentication/encryption system that secures the network at the IP packet level.

Smart Card A read-only card with a chip storing an encrypted password or the private key which makes it difficult to be sniffed or stolen by the intruder.

SNMP Simple Network Management Protocol (SNMP) is a set of standards for communication with devices connected to a TCP/IP network.

Social Engineering To talk, lie or play acting or verbal wordings to trick legitimate users for secrets of the systems such as the user lists, user passwords and network architecture.

Spam Unsolicited email, often of a commercial nature, sent indiscriminately to multiple mailing lists, individuals, or newsgroups.

SSL Secure Sockets Layer (SSL) is a protocol designed by Netscape Communications to enable encrypted, authenticated communications across the Internet. It is a security layer between the application and transport layers, which protects the application-layer protocols such as HTTP and is transparent to application developers or users. It provides privacy, authentication and message integrity.

Static Passwords Reusable passwords which are used repeatedly for many times for authentication purposes.

http://www.infosec.gov.hk Page 18 of 21 Glossary for Information Security & Prevention of Computer Related Crime

System Boot Records Each logical PC-DOS or OS/2 drive (e.g. C:, D:, etc.) has a system boot record associated with it. The system boot record contains code that tells the system about that logical drive and tables that contain an index to the files on it.

Technological It refers to logical controls such as passwords, encryption, protocols, anti-virus software, firewall, etc.

Terminate-and-Stay-Resident Program (TSR Program) A program that loads itself into random access memory (RAM) and remains there so that it can be instantly activated. The TSR is removed from memory when the computer is turned off.

Threat A potential cause of an unwanted event which may result in harm to an organization and its assets.

Time Bomb A logic bomb activated at a certain time or date.

Timestamp A time mark or notation that indicates the date and the time of an action, and the identity of the person or device that sent or received the time stamp.

Trojan Horse A software which pretends to be normally run but actually with attack programs on back ends.

Trust Confidence in the reliability and validity of an identity.

Trusted Third Party An independent third party that contributes to the trustworthiness of computer-based information transfers.

http://www.infosec.gov.hk Page 19 of 21 Glossary for Information Security & Prevention of Computer Related Crime

in text that is displayed to the screen. Some are the result of small changes made to the original virus, apparently to create a new virus which is not detected by certain anti-virus programs. Some are the result of large changes, such as combining the spreading part of one virus with the damage part of another.

Virus A computer virus is a block of executable code that would replicate itself by attaching to other files or replacing another program.

Virus Attacks Attack of a computer or a computer system by virus spread over the network or the Internet.

Virus Signature Specific strings of binary code in most viruses (except polymorphic ones) that allow antivirus software to detect them. New viruses contain new signatures, which is why it is essential to keep signature files up to date.

Vulnerabilities A weakness in the software and/or hardware design that allows circumvention of the system security.

Warm Boot To restart the computer by pressing Ctrl+Alt+Del. A warm boot can be detected and emulated by some virus, so a virus in memory may still be there when the warm boot is completed.

Web Defacement Change of the content (usually the main page) of a web site with some messages by hacker or by virus.

Web Surfing To explore a sequence of Web sites in a random, unplanned way, or simply use the Web to look for something in a questing way.

Website Intrusion Attacks that invade a website. These intrusions can be attacks from outside the organization and misuse from within the organization.

http://www.infosec.gov.hk Page 20 of 21 Glossary for Information Security & Prevention of Computer Related Crime http://www.infosec.gov.hk Page 21 of 21

Worm A worm is a program that spreads over network. Unlike a virus, worm does not attach itself to a host program.