Just because you’ve invested in the latest and greatest IT tools and security measures doesn’t guarantee safety from hacks and incidents. Tech only goes so far; expertise, continual education and your people are as critical to preserving your IT network integrity as any software program available.
According to an online article in Entrepreneur, “Research by CompTIA and other organizations consistently shows that the main cause of security breaches is human error by employees, who either don’t follow policy or haven’t received the training that would alert them to a potential security threat.
“Too often, though, companies ignore the risk that’s present every day within their four walls. According to an October 2015 CompTIA-commissioned survey of 1,200 full-time workers across the U.S. titled ‘Cyber Secure: A Look at Employee Cybersecurity Habits in the Workplace,’ 45 percent say they do not receive any form of cybersecurity training at work. We can’t expect employees -- the first line of defense -- to act securely without providing them with the knowledge and resources to do so.”
In that spirit of ongoing staff education, our cybersecurity and IT terms series continues as part of this important effort to keep your people educated on security and IT terminology. Knowledge is power and in this case it’s also peace of mind and increased protection for your brand and the people that believe in it.
This backdoor Trojan allows hackers to access and control an infected system. TROJ_QAZ was initially distributed as "Notepad.exe" but might also appear with different filenames. Once an infected file is executed, TROJ_QAZ modifies the Windows registry so that it becomes active every time Windows is started. TROJ_QAZ also renames the original "notepad.exe" file to "note.com" and then copies itself as "notepad.exe" to the Windows folder. This way, the Trojan is also launched every time a user runs Notepad. TROJ_QAZ also attempts to spread itself to other shared drives on local networks. This Trojan does not mass email itself out to lists in the users address book however.
A type of malware attack where the victim is forced to pay a ransom in order to get their network or data back. This, along with targeted spear phishing attacks, is one of the biggest cybersecurity threats of 2016.
Additional or alternative systems, subsystems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of another system, sub-system, asset, or process.
Risk assessment is a systematic process to analyze and identify any possible threats or risks that may leave sensitive information vulnerable to attacks. It also employs methods to calculate the risk impact and eliminate such threats.
A software application designed to hide the existence of certain processes or programs from normal methods of detection. Malware often takes the form of a rootkit, and the term now strongly connotes "malicious application."
A virtual container in which untrusted programs can be safely run for analysis and evaluation.
A set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources.
Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner.
System Security Officer (SSO)
A person responsible for enforcement or administration of the security policy that applies to the system.
A piece of malware that often allows a hacker to gain remote access to a computer through a “back door”.
Authentication that requires presentation of at least two of the three authentication factors: knowledge (something the user knows, such as a password), possession (something the user has, such as a smart card or other token), or inherence (something the user is, such as a fingerprint or other biometric marker).
The process of identifying and evaluating entities, actions, or occurrences that have or indicate the potential to harm life, information, operations, and/or property.
User Experience (UX)
The overall experience of a person using a product such as a website or computer application, especially in terms of how easy or pleasing it is to use.
The Vocabulary for Event Recording and Incident Sharing (VERIS) is a set of metrics designed to provide a common language for describing security incidents in a structured and repeatable manner. VERIS is a response to one of the most critical and persistent challenges in the security industry - a lack of quality information. VERIS targets this problem by helping organizations to collect useful incident-related information and to share that information - anonymously and responsibly - with others.
A computer attack strategy, in which the victim is a particular group (organization, industry, or region). In this attack, the attacker guesses or observes which websites the group often uses and infects one or more of them with malware. Eventually, some member of the targeted group gets infected.Relying on websites that the group trusts makes this strategy efficient, even with groups that are resistant to spear phishing and other forms of phishing.
A computer worm is a malicious, self-replicating software program (popularly termed as 'malware') which affects the functions of software and hardware programs.
No key terms for Z available currently.
American Technology Services provides the oversight, technology and support that your organization and team need to stay on top of security threats and to keep your IT infrastructure running smoothly. We hope you can share these terms with your team to keep them protecting the digital front lines of your organization.