System Admin

1. Domain name-refers to the memorable portion of the name of a web address, listed in a URL. It is a host name that corresponds to a numeric IP address. In the example, http://www.carlow.edu; "carlow.edu" is the domain name for the web site. The last portion of the domain ".com" is the "domain suffix". (10/12/07, W. Watson)

2. URL-Uniform Resource Locator- is a standardized naming convention for accessing documents and other resources accessible over the internet or intranet. An example of a URL is, http://www.carlow.edu (10/12/07, W. Watson)

3. Social engineering- is a collection of technology used to manipulate people into performing actions or divulging confidential information. (SF 10/15/07)

4. Phishing - Phishing is a term that means to attempt to obtain personal details via email scam for use in identity theft. Phishing is an online scam where emails are sent to unsuspecting people asking them to update their personal information under the guise of a being a well known company. Typically, there is a link to click that takes the recipient to a website where they input personal details. The emails are sent enmasse to every email address a scammer can think of, and often appear to be coming from a bank or financial institution. Another common phishing scame is an email that appears to be from ebay, but is not. When recipients provide their personal details, the scammer then has access to information they would not otherwise, which they use to their own advantage. (MJT - 10/13/07).

5. Intrusion detection software - software with the ability to detect if an outside source (intruder) is attemping to compromise the integrety of the system. (re)

6. Authentication-authentication and authorize are terms used to describe the process of identifying a person and making sure they are really who they say they are. A password is a very basic method of authorizing someone. (10/12/07, W. Watson)

7. Biometrics - A device that authenticates a person requesting access by verifying personal characteristics such as fingerprints, hand size, signature and typing patterns, and retinal (eye) and voice patterns. It translates a personal characteristic into a digital code that is compared to a digital code stored in the computer. If the digital code in the computer does not match the personal characteristic code, access is denied. (10/13/07 - DMW) While this method is highly reliable it is very costly limiting its use.

8. Content filtering - this is the ability through a program/software to be able to "block" certain sites or ads from access to or from your system or pc. Content filitering is typically used for 1) web filtering, 2) e-mail spam filtering, 3) prevent transmission of unauthrized information. Parents can set up content filters to prevent children from accessing inappropriate sites, and as we learned earlier about spam - spam can be sent to you via e-mail and can bog down your computer or cause viruses. The filtering works by identifying character strings that will be blocked out. There are several software companies or sites that offer free downloads for filtering such as: cybersitter, mailmarshall, internetreferee.com, and newbie.org provides a guide to the filtering of e-mail. 10/12/07 - S. Jones.

9. Spam - the abuse of electronic messaging systems to indiscriminately send unsolicited bulk email messages. (10/13/07 DMW) Spamming has become economically viable since advertisers have no real operating costs outside of those related to managing their mailing lists. It is difficult to hold the senders of mass mailings accountable. Because the barrier to entry is so low, spamers are numerous and the volume of unsolicited mail becomes very high. (DH)

10.Encryption - This is basically a term for converting data into code, so to speak, so that only those authorized can decipher the information. Encryption is converting the info from "plaintext" into "cypertext". The opposite of encryption is decryption when the "coded" information is de-coded back into plaintext. In order to recover encrypted information, you must have the decryption key which is an algorithm to undo the special code. Encryption is a good idea whenever any sensitive data is being shared ie) credit card transactions online. Also, encryption is also recommended with wirless communications because they are easier to tap into. 10/12/07 - S. Jones

11. Public key encryption - A software technology which permits users/people to communicate by email with eachother ensuring that no one but the sender and receiver can read the text. It is based on cryptographic technology which uses a key pair (complementary keys) to maintain secure communications. They are the public key, encryts the message and the private key which then unscrambles the information when it reaches the proper destination. 10/12/07 - S. Jones

12. Cyber Terrorists - Cyber Terrorists are those who use the internet, via email, spoofing websites, spam, etc. to terrorize other nations or groups they are against. An example would be attaining access to confidential information and then using that information against that group. (MJT - 10/13/07).

13. Computer Hoaxes - A computer user receiving a deceptive alert which is deiseminated bia forwarded by an email warning of one of a computer virus, internet worm or other secuity threats which really does not exit. (mme)

14. Worm (virus) - a self-replicating computer program virus that can spread from file to file within a system, and from computer to computer It uses a network to send copies of itself to other computer terminals on the network. It may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program or executable file. Worms always harm the network, whereas viruses always infect or corrupt files on a targeted computer. (10/14/07 JD)

13. Denial of service attack- an attack against a computer or a network which attempts to limt access to the internet by means of flodding it with requests. For a webpage it would be an online resource or for an email it would cause the email system to overload. (mme)

15. Trojan horse virus - a program that installs malicious software secretly while under the guise of something else usually as an attachement or a downloadable file. Trojan horses are known for installing backdoor programs which allow unauthorized non permissible remote access to the victim's machine by unwanted parties - normally with malicious intentions. Just as the classical myth of the Trojan Horse, the malicious code is "hidden" in a computer program or other computer file which may appear to be useful, however, when this computer program or file is executed by the unsuspecting user, the malicious code is also executed resulting in the set up or installation of the malicious Trojan horse program. (10/14/07 JD)

16. Polymorphic viruses and worms - a virus that changes its binary code each time it infects a new file. (mme)
Polymorphic viruses are viruses change slightly each time they are executed and are meant to defeat anti-virus scanners which search for particular programming. (ww)

17. Spoofing is forging somebody else's IP address as the return address to create TCP/IP packets . One type of spoofing is refered to as the man-in-the-middle. The way the man-in-the-middle works is the packet attaches to a link between the two end points. After finding the link (sniffing) the packet can pretend to be one end of the connection. (re)
Spoofing can occur since routers use the "destination IP" address to forward packets through the Internet, but ignore the source IP address. That address is only used by the destination machine when it responds back to the source. (ww)

18. Packet tampering - Consists of altering the contents of packets as they travel over the internet. One reason an attacker may choose to do this is to intercept important data or change data. Network layer firewalls, also called packet filters do not allow packets to pass through the firewall unless they match an established ruleset. A proxy device may act as a firewall and makes tampering with an internal system from an external network more difficult. (pw)
Packet tampering is performed by cheaters playing on line games by going around the protection of the software by running in real-time and changing game data while in transmission from the server to the client. Some newer games encrypt the network data, but this uses up computer resources that could be used to make a faster-running or better game instead. (ww)

19. Ethical computer use policy - ethic refers to the motivation based on ideas of right and wrong (a moral philosophy of values). In the computer world, a company provides computer access and capabilities through various departments. The company relies heavily upon these systems to meet operational, financial, educational and informational needs. It is essential that computer systems, and computer networks, as well as the data they store and process, be operated and maintained in a secure environment and in a responsible manner. It is critical that these systems and machines be protected from misuse and unauthorized access. (mme) An ethical use policy contains general principles to guide computer use behavior. (mlo)

20. Information privacy policy- contains general principles regarding information security within an organization. It must be easy to find, read, and understand. It is intended to inform those collecting and working with the data how it is to be protected, shared, or not shared outside of the organization. When collecting the data, it informs the person (customer, employee) how the data will be protected, stored and shared or not shared. Data collection has been a concern on the privacy of individual and defined as the rights of individuals to control information about themselves. Laws have been enacted to control personal information. Years ago banks and financial institutions were concerned about private personal information (social security #'s, DOB, etc) being shared with too many people and wanted to protect individuals from having their personal information exploited in the wrong hands. (mme)

21. Acceptable use policy(computer) - is a policy that a user must agree to follow in order to be provided acees to a network or to the internet.(mlo) it is a set of rules applied by network and website owners which restrict the ways in which the network or site may be used. AUP documents are written for corporations, businesses, universities, schools, and website owners often to reduce the potential for legal action that may be taken by a user, and often with little prospect of enforcement.
Acceptable use policies are also integral to the framework of information security policies; it is often common practice to ask new members of an organization to sign an AUP before they are given access to its information systems. For this reason, an AUP must be concise and clear, while at the same time covering the most important points about what users are, and are not, allowed to do with the IT systems of the organization. It should refer users to the more comprehensive security policy where relevant. It should also, and very notably, define what sanctions will be applied if a user breaks the AUP. Compliance with this policy should, as usual, be measured by regular audits. (mme)

22. Employee Monitoring policies - When an organization chooses to monitor their employees during the workday it is imperative that they right an employing mnoitoring policy that explicitly states how when and where the monitoring takes place, and the consequences for not adehring to the policy. (mlo). A large number of companies search and read employee network communications. Sequel Technology sells software called Net Access Manager that allows companies to monitor and control all their employees’ activities on the Internet. The program lets managers read employee e-mail, restrict individual access to Web sites, and create reports on an employee’s Internet activity. With a large number of employees accessing the internet from their office computers, employers have the option (through programs) to make sure employee computer internet surfing is not inapproriate. (mme)

23. Clickstream - a way of recording all key stokes performed on a computer. (re)

24. Six-sigma (business term) - development of business processes to eliminate defects using DMAIC methodology (Define, Measure, Analyze, Improve, Control). Specialist hierarchy in the Six Sigma process is Executive, Leadership, Champion, Master Black Belt, Expert, Black Belt, Green Belt, and Yellow Belt. The process was developed by Motorola, very closely following the Toyota Method. Jack Welch employed Six Sigma at GE racking in record profits in 2000. It's interesting to note that healthcare is developing their own kind of Six Sigma to eliminate preventable medical errors. Many local healthcare providers are members of the Pittsburgh Regional Healthcare Initiative (PRHI). LS 10/12/07.

25. Balanced scorecard (business term) - The balanced scorecard is a strategic management system (not only a measurement system) that enables organizations to clarify their vision and strategy and translate them into action. It provides feedback around both the internal business processes and external outcomes in order to continuously improve strategic performance and results. When fully deployed, the balanced scorecard transforms strategic planning from an academic exercise into the nerve center of an enterprise. A concept for measuring whether the activities of a company are meeting its objectives in terms of vision and strategy. By focusing not only on financial outcomes but also on the human issues, the balanced scorecard helps to provide a more comprehensive view of a business which in turn helps organizations to act in their best long-term interests. Balanced Scorecard is simply a concise report featuring a set of measures that relate to the performance of an organization. By associating each measure with one or more expected values (targets), managers of the organization can be alerted when organizational performance is failing to meet their expectations. (10/13/07 - DMW)

26. Agility ( everyday meaning and or business meaning) - ability for a business to respond to change while staying innovative and competitive. LS 10/12/07.

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License