Columbus State University Print Logo

Office of Information Security

Office of Information Security

Glossary of Terms


Authentication is the process of verifying the identity of the user. The various authentication techniques include passwords, biometrics, and digital certificates.

Access Control

Access Control is a means of preventing improper access to computer resources. Access controls restrict access to authorized users and ensure that those users access only what they need to perform their duties.


Backing up is copying or saving data to a different location. The copied files can be restored in case of system crash or system failure.


A backdoor is a secret or invisible entry point that allows access to a computer system without the use of authentication.

Blended Attack

Malicious code that uses multiple methods to spread.

Cyber Crime

Cyber Crime relates to all unlawful computer activities.


A cookie is a small text file created by a website that collects and stores information about the user.


A digital certificate is an electronic 'key' that a secure server checks for before allowing a user access. A certificate may also be used to authenticate a sender's identity and provide the recipient a means to read the sent message.


Defense-in-Depth is a strategy that utilizes multiple defense techniques to countermand and prevent attacks. Defense techniques include firewalls, intrusion detection systems, data encryption and more. If an attack gets through the outermost layer, the next layer will provide additional protection.

DoS Attacks

DoS stands for “denial of service”. In a DoS attack, the network is flooded with useless traffic, rendering the network unavailable to authorized users.

Dumpster Diving

Dumpster Diving is the searching of someone else's trash in an attempt to obtain valuable information such as passwords, social security numbers, bank account numbers, etc.


Encryption is the process of encoding a message in such a way that only the intended recipient can decode it. Encryption does not prevent an attacker from intercepting the message, but it does render the message useless to the attacker.


An exploit is piece of software code that takes advantage of a bug, glitch, or vulnerability, leading to privilege escalation or denial of service on a computer system.

Email Spoofing

Email Spoofing is the technique of fooling the recipient of a message by concealing the original source of the message.


A Firewall is a device that inspects traffic between the Internet a private network or computer system. Suspicious packets or traffic are dropped by the firewall and are prevented from entering or leaving the network.


FERPA stands for Family Educational Rights and Privacy Act. This regulation protects student educational records from disclosure to third parties.


Hacking is the process of accessing a person's computer system without authorization.


HIPPA stands for Health Information Portability and Accountability Act. HIPPA states that patient data, in any form, must be kept confidential. Only the patient may access his or her information.

IP Spoofing

Spoofing can be compared to forgery. In IP Spoofing the IP address of a given computer system is forged by an attacker, just like a check can be forged by a thief. The attacker communicates under the shield or cover of the spoofed IP address and the receiver thinks they are communicating with a trusted source. The attacker can potentially compromise an entire network with a spoofed IP address.

Identity Theft

Identity Theft typically refers to deliberately stealing another person's identity and using it for financial gain. The most common example is credit card fraud.

Information Asset

An information asset is information that is owned, managed, or used by an organization. Information assets can be in any form: paper, electronic, film, etc.


IDS stands for Intrusion Detection System. An IDS monitors network traffic and logs suspicious or malicious behavior. An IDS typically notifies the network administrator so that an investigation can occur.

Malicious Software

Malicious software is a term used to categorize software that is destructive in nature, such as viruses, worms and Trojan horses.


Malware is another name for Malicious Software.


Masquerading is a type of attack where the attacker poses as someone they are not.


Phishing is a type of Social Engineering attack where the attacker tries to acquire personal information by attempting to get people to respond to an official-looking e-mail message.


A Password is a secret code used to prove a user's identity.


A Router is a device that transfers data packets using the best path from a particular source to a destination.


Computer sabotage is an activity whereby the attacker deletes files or intentionally damages hardware and/or software/or data.

Shoulder Surfing

Shoulder Surfing is the act of actually looking over another person's shoulder to try to gain information. Shoulder Surfers target bank customers using ATM machines, computer users in public places, and the like.

Social Engineering

Social Engineers trick their prey into revealing sensitive or confidential information. A Social Engineer disguised as a trusted individual might use the phone, e-mail, or even face-to-face conversation to try to get information.

Software Theft

Software Theft literally means the stealing or unauthorized copying of software.


Spam can be referred to as electronic junk mail: unwanted and unexpected. Spam may contain viruses, worms and Trojan horses.


SOX stands for the Sarbanes-Oxley Act. In general, this act covers issues such as establishing a public company accounting oversight board, auditor independence, corporate responsibility and enhanced financial disclosure.


Spyware is a program that secretly gathers information about the user of a system for malicious purposes. Spyware can be installed without the user's knowledge via free downloads or virus-infected programs.

Trojan Horse

A Trojan Horse is a harmful program hidden under the shield of another program. A Trojan Horse may delete program files or other data from one's computer.


A threat is an unwanted event, or the possibility of an event, that can cause harm to the system.


Tailgating refers to the unauthorized access to a computer system by following the entry of an authorized user.


A virus is a software program that can self-replicate. A computer virus is analogous to a biological virus, each becoming active when they attach themselves to a host.


A Virtual Private Network (VPN) uses the Internet, an insecure environment, to transfer information in a secure fashion. VPNs are commonly used for secure communication between home and a corporate or university network.


A Vulnerability is a flaw or weakness in a system that can be exploited and result in a system compromise.


A worm is similar in nature to a virus because it has also the property of self replication and has the ability to spread copies of itself from one computer to another. Unlike a virus, a worm can spread itself without being attached to a program.


A Zombie is a computer that is compromised and is being remotely controlled. Zombies are often used to launch attacks on other systems or send spam.