Cybersecurity Wiki - User contributions [en]

Adding a Reference

2010-08-09T20:02:09Z

Felix: /* 4.3 Categorization */

'''To add a new bibliographic reference entry:'''

=== 1. Research the Reference ===
Search for information on the reference including links to accessible copies online, reviews,
discussions and/or the web site of the author or sponsor.

=== 2. Create a BibTex Entry for the reference ===
Next create the BibTeX entry for the reference. (See [[Guidelines for adding Bibliography entries]].)

=== 3. Create a blank Wiki page for the reference ===
To do this within the wiki format, you need to choose an existing page to create the link. Normally, you will enter it into the listing of all references on the [[Cybersecurity Annotated Bibliography]]. Enter a new table entry in the correct alphabetical order by first (if more than one) author's last name (see next paragraph). The initial entry does not have to be complete (since some information will not yet be available such as level of expertise), however leave blank table entries ("| |") for missing data.

The title of the new reference page will normally be the short version of the reference title. For
example, if the title of the reference is "''Pricing Security: Vulnerabilities as Externalities'',"
the page will be named [[Pricing Security]]. The exception will be where that page already exists
([[Cyberwar]] for example), in which case you will need to include the subtitle (or some other distinguishing text) to create a unique page name.

Clicking on your newly created link will open a blank editing page (if it does not then you need to
come up with a new unique page name). Copy and paste the contents of the [[TemplateForSources | sample template]]
or some other reference page similar to the new reference into the newly created page. You should
copy the ''source'' of the template (by selecting the "edit" tab) rather than the displayed page text.

=== 4. Begin editing the template ===
(Note: You may find it easier to enter all the template information except for "Categorization" and "Keywords," then go back and complete these two sections last.)

==== 4.1 Full Title of Reference ====
The "Full Title of Reference" should contain both the main title and any subtitle separated by a colon.

e.g, Even though the wiki reference page is [[Four Grand Challenges in Trustworthy Computing]], the full title would be "Four Grand Challenges in Trustworthy Computing: Second in a Series of Conferences on Grand Research Challenges in Computer Science and Engineering."

==== 4.2 Full Citation ====
The full citation should consists of the bluebook formatted citation for the reference followed by a link to
the full text of the reference if available labeled as ''Web'' or ''SSRN'' depending on whether the link goes directly to the
text or to an intermediate SSRN page. This link should appear on the same line as the citation. If there is a second
source for the full text of the reference, it should follow, labled as ''AltWeb''.

(An example of the use of ''AltWeb'' is available at [[Why Information Security is Hard]].)

(An example of the use of ''SSRN'' is available at [[Overcoming Impediments to Information Sharing]].)

Note that ''Web'', ''AltWeb'', ''SSRN'', ''BibTex'' all are italicized.

On a separate line (place one blank line after the citation to force the Wiki to line space), put the following as applicable:

* A link to the ''BibTeX'' entry for the reference (this should show only a single BibTeX entry in detail format - e.g. [http://cyber.law.harvard.edu/cybersecurity/Special:Bibliography?f=wikibiblio.bib&title=Special:Bibliography&view=detailed&action=&keyword=DoD:2007 ''BibTeX'']

* A link to the ''Google Book''s entry for the reference, e.g., [http://books.google.com/books?id=ILaY4jBWXfcC&dq=Security+Engineering&ei=1NFRTNz5KJeMygTr6dDqBQ&cd=1 ''Google Books''] (This can often be found in the BibTeX entry.)

* A link to the ''WorldCat'' entry for the reference, e.g., [http://www.worldcat.org/title/security-engineering-a-guide-to-building-dependable-distributed-systems-second-edition/oclc/639194438&referer=brief_results ''World Cat''].

* A link to ''Amazon''.com's page for the reference (since this often contains useful reviews and other information about the work), e.g, [http://www.amazon.com/Security-Engineering-Building-Dependable-Distributed/dp/0470068523/ref=sr_1_1?ie=UTF8&s=books&qid=1280430777&sr=8-1 ''Amazon''].

(See [[Security Engineering]] for an example that contains all of these links.)

==== 4.3 Categorization ====
Note: ''Categories refer to the major themes of the reference.'' If the reference only mentions a category in passing but does not focus on it, then it need not be included.

Create links to the appropriate categories for the reference. When you add a link to a category to the reference page, you must also place a link back to the reference page
into the [[Table of Contents]] page for that category and ''every Table of Contents page higher in the hierarchy''. So, for example, if you categorize the reference
under TOC-> Issues-> Economics of Cybersecurity->Insurance, then links to it must appear under [[Insurance]], [[Economics of Cybersecurity]] and [[Issues]]. Links from
TOC Category pages back to the reference page should follow the table format shown in the TOC. If more than two authors, abbreviate to "<first author> et. al"

Enter the reference in the selected category page in alphabetical order by the [first] author's last name.

Categories should be separated by top level Table of Contents topics and in the following order (note only those top level topics in which the current reference has an applicable category need appear), i.e.:

* Overview:
* Resource by Type:
* Treats and Actors:
* Issues:
* Approaches:

Multiple categories within a single top level Table of Contents topic should be separated by semicolons and arranged in alphabetical order, i.e.

* Threats and Actors: [[The Threat and Skeptics]]; [[States]]; [[Security Targets]]

==== 4.4 Key Words ====
Add Glossary/Keyword entries in alphabetical order separated by commas. You can copy links from the [[List of Keyword links to copy into reference pages | Keyword Links]] page directly into the reference page. (Switch to "edit" mode to copy the link -- be careful not to change the text on the Keyword Links page though.) Make sure to create links from the [[Keyword Index and Glossary of Core Ideas]] page back to the reference. If another reference by the same author
is linked under a given keyword, use "[2]", "[3]", etc. for succeeding entries.

''Links to Keywords are appropriate even when the item is only mentioned in passing in the reference''. The purpose of keywords are to help someone unfamiliar with the term or
to provide a way to find other references with the same keyword but appearing in a separate category.

If you decide to add a new keyword to the [[Keyword Index and Glossary of Core Ideas]], make sure to update the [[List of Keyword links to copy into reference pages | Keyword Links]] page. It is also a good idea to email either David Abrams or Caroline Nolan of the addition.

====4.5 Synopsis====
Add the Synopsis. The goal is not merely to summarize the subject matter of the reference; rather, the synopsis should also summarize the author's conclusions as well. Typically this will be equivalent to an executive summary, and that section of the reference, if available, can provide the basis of the synopsis. Alternately, quoted opening or conclusion paragraphs from the reference may form the basis for the synopsis. Feel free to use wiki section headings "===", "====", etc. to provide clarity to the synopsis.

====4.6 Additional Notes and Highlights====
Finally, the "Additional Notes and Highlights" section provides a place to include information that does not fit in elsewhere.

Required: This section should begin with "Expertise Required: " followed by either "None" or one or more "<field> - <level>" pair separated by semicolons. Level is one of "Low", "Moderate" or "High" (although intermediate values "Low/Moderate" are allowed. If there are multiple field/level pairs, order them from highest expertise level to lowest, e.g.,

Expertise Required: Economics - Moderate; Law - Low

This is a subjective measure. "None" means a person with a college education but no specific expertise in the subject matter of the reference would be able to understand it. "High" suggests that a great deal of knowledge in the subject matter is required, possibly because of extensive mathematical equations or jargon filled discussion.

(Note that on the reference page, each expertise entry is ordered with subject matter first followed by level required; however, in the TOC, the highest level of competence is always placed first to allow the user to sort on that parameter.)

Other possible items to include in the Additional Notes and Highlights if available are:

* The table of contents of the reference: [[Overcoming Impediments to Information Sharing#Additional Notes and Highlights]].

* Biographic information about the author: [[Armed Attack in Cyberspace#Additional Notes and Highlights]] or about an organization [[Security Economics and the Internal Market#Additional Notes and Highlights]].

* Reviews of the reference: [[Do Data Breach Disclosure Laws Reduce Identity Theft#Additional Notes and Highlights]].

* Excerpts or chapters where the full reference is not available online: [[Cyber War#Additional Notes and Highlights]].

* Links to the author's home page: [[Why Information Security is Hard#Additional Notes and Highlights]].

* "See also" information that would be useful to the reader: [[Law and War in the Virtual Era#Additional Notes and Highlights]].

* Information on (and possibly links to) previous versions of the reference: [[A Roadmap for Cybersecurity Research#Additional Notes and Highlights]].

* Description of a useful appendix or glossary in the reference: [[Critical Infrastructure Threats and Terrorism#Additional Notes and Highlights]].

===5. Check your Work===

* Check all your links to make sure they work.
* Make sure that your reference is included in the [[Cybersecurity Annotated Bibliography]] list of all reference in the wiki.
* Make sure the reference appears in the selected categories and ''all the higher level categories'' of the selected categories.
* Make sure your category links not only work but properly link back to the reference.
* Make sure your keywords links not only work but properly link back to the reference.

Adding a Reference

2010-08-09T19:59:42Z

Felix: /* 4.2 Full Citation */

'''To add a new bibliographic reference entry:'''

=== 1. Research the Reference ===
Search for information on the reference including links to accessible copies online, reviews,
discussions and/or the web site of the author or sponsor.

=== 2. Create a BibTex Entry for the reference ===
Next create the BibTeX entry for the reference. (See [[Guidelines for adding Bibliography entries]].)

=== 3. Create a blank Wiki page for the reference ===
To do this within the wiki format, you need to choose an existing page to create the link. Normally, you will enter it into the listing of all references on the [[Cybersecurity Annotated Bibliography]]. Enter a new table entry in the correct alphabetical order by first (if more than one) author's last name (see next paragraph). The initial entry does not have to be complete (since some information will not yet be available such as level of expertise), however leave blank table entries ("| |") for missing data.

The title of the new reference page will normally be the short version of the reference title. For
example, if the title of the reference is "''Pricing Security: Vulnerabilities as Externalities'',"
the page will be named [[Pricing Security]]. The exception will be where that page already exists
([[Cyberwar]] for example), in which case you will need to include the subtitle (or some other distinguishing text) to create a unique page name.

Clicking on your newly created link will open a blank editing page (if it does not then you need to
come up with a new unique page name). Copy and paste the contents of the [[TemplateForSources | sample template]]
or some other reference page similar to the new reference into the newly created page. You should
copy the ''source'' of the template (by selecting the "edit" tab) rather than the displayed page text.

=== 4. Begin editing the template ===
(Note: You may find it easier to enter all the template information except for "Categorization" and "Keywords," then go back and complete these two sections last.)

==== 4.1 Full Title of Reference ====
The "Full Title of Reference" should contain both the main title and any subtitle separated by a colon.

e.g, Even though the wiki reference page is [[Four Grand Challenges in Trustworthy Computing]], the full title would be "Four Grand Challenges in Trustworthy Computing: Second in a Series of Conferences on Grand Research Challenges in Computer Science and Engineering."

==== 4.2 Full Citation ====
The full citation should consists of the bluebook formatted citation for the reference followed by a link to
the full text of the reference if available labeled as ''Web'' or ''SSRN'' depending on whether the link goes directly to the
text or to an intermediate SSRN page. This link should appear on the same line as the citation. If there is a second
source for the full text of the reference, it should follow, labled as ''AltWeb''.

(An example of the use of ''AltWeb'' is available at [[Why Information Security is Hard]].)

(An example of the use of ''SSRN'' is available at [[Overcoming Impediments to Information Sharing]].)

Note that ''Web'', ''AltWeb'', ''SSRN'', ''BibTex'' all are italicized.

On a separate line (place one blank line after the citation to force the Wiki to line space), put the following as applicable:

* A link to the ''BibTeX'' entry for the reference (this should show only a single BibTeX entry in detail format - e.g. [http://cyber.law.harvard.edu/cybersecurity/Special:Bibliography?f=wikibiblio.bib&title=Special:Bibliography&view=detailed&action=&keyword=DoD:2007 ''BibTeX'']

* A link to the ''Google Book''s entry for the reference, e.g., [http://books.google.com/books?id=ILaY4jBWXfcC&dq=Security+Engineering&ei=1NFRTNz5KJeMygTr6dDqBQ&cd=1 ''Google Books''] (This can often be found in the BibTeX entry.)

* A link to the ''WorldCat'' entry for the reference, e.g., [http://www.worldcat.org/title/security-engineering-a-guide-to-building-dependable-distributed-systems-second-edition/oclc/639194438&referer=brief_results ''World Cat''].

* A link to ''Amazon''.com's page for the reference (since this often contains useful reviews and other information about the work), e.g, [http://www.amazon.com/Security-Engineering-Building-Dependable-Distributed/dp/0470068523/ref=sr_1_1?ie=UTF8&s=books&qid=1280430777&sr=8-1 ''Amazon''].

(See [[Security Engineering]] for an example that contains all of these links.)

==== 4.3 Categorization ====
Note: ''Categories refer to the major themes of the reference.'' If the reference only mentions a category in passing but does not focus on it, then it need not be included.

Create links to the appropriate categories for the reference. When you add a link to a category to the reference page, you must also place a link back to the reference page
into the [[Table of Contents]] page for that category and ''every Table of Contents page higher in the hierarchy''. So, for example, if you categorize the reference
under TOC-> Issues-> Economics of Cybersecurity->Insurance, then links to it must appear under [[Insurance]], [[Economics of Cybersecurity]] and [[Issues]]. Links from
TOC Category pages back to the reference page should follow the table format shown in the TOC. If more than two authors, abbreviate to "<first author> et. al"

Enter the reference in the selected category page in alphabetical order by the [first] author's last name.

Categories should be separated by top level Table of Contents topics and in the following order (note only those top level topics in which the current reference has an applciable category need appear), i.e.:

* Overview:
* Resource by Type:
* Treats and Actors:
* Issues:
* Approaches:

Multiple categories within a single top level Table of Contents topic should be separated by semicolons and arranged in alphabetical order, i.e.

* Threats and Actors: [[The Threat and Skeptics]]; [[States]]; [[Security Targets]]

==== 4.4 Key Words ====
Add Glossary/Keyword entries in alphabetical order separated by commas. You can copy links from the [[List of Keyword links to copy into reference pages | Keyword Links]] page directly into the reference page. (Switch to "edit" mode to copy the link -- be careful not to change the text on the Keyword Links page though.) Make sure to create links from the [[Keyword Index and Glossary of Core Ideas]] page back to the reference. If another reference by the same author
is linked under a given keyword, use "[2]", "[3]", etc. for succeeding entries.

''Links to Keywords are appropriate even when the item is only mentioned in passing in the reference''. The purpose of keywords are to help someone unfamiliar with the term or
to provide a way to find other references with the same keyword but appearing in a separate category.

If you decide to add a new keyword to the [[Keyword Index and Glossary of Core Ideas]], make sure to update the [[List of Keyword links to copy into reference pages | Keyword Links]] page. It is also a good idea to email either David Abrams or Caroline Nolan of the addition.

====4.5 Synopsis====
Add the Synopsis. The goal is not merely to summarize the subject matter of the reference; rather, the synopsis should also summarize the author's conclusions as well. Typically this will be equivalent to an executive summary, and that section of the reference, if available, can provide the basis of the synopsis. Alternately, quoted opening or conclusion paragraphs from the reference may form the basis for the synopsis. Feel free to use wiki section headings "===", "====", etc. to provide clarity to the synopsis.

====4.6 Additional Notes and Highlights====
Finally, the "Additional Notes and Highlights" section provides a place to include information that does not fit in elsewhere.

Required: This section should begin with "Expertise Required: " followed by either "None" or one or more "<field> - <level>" pair separated by semicolons. Level is one of "Low", "Moderate" or "High" (although intermediate values "Low/Moderate" are allowed. If there are multiple field/level pairs, order them from highest expertise level to lowest, e.g.,

Expertise Required: Economics - Moderate; Law - Low

This is a subjective measure. "None" means a person with a college education but no specific expertise in the subject matter of the reference would be able to understand it. "High" suggests that a great deal of knowledge in the subject matter is required, possibly because of extensive mathematical equations or jargon filled discussion.

(Note that on the reference page, each expertise entry is ordered with subject matter first followed by level required; however, in the TOC, the highest level of competence is always placed first to allow the user to sort on that parameter.)

Other possible items to include in the Additional Notes and Highlights if available are:

* The table of contents of the reference: [[Overcoming Impediments to Information Sharing#Additional Notes and Highlights]].

* Biographic information about the author: [[Armed Attack in Cyberspace#Additional Notes and Highlights]] or about an organization [[Security Economics and the Internal Market#Additional Notes and Highlights]].

* Reviews of the reference: [[Do Data Breach Disclosure Laws Reduce Identity Theft#Additional Notes and Highlights]].

* Excerpts or chapters where the full reference is not available online: [[Cyber War#Additional Notes and Highlights]].

* Links to the author's home page: [[Why Information Security is Hard#Additional Notes and Highlights]].

* "See also" information that would be useful to the reader: [[Law and War in the Virtual Era#Additional Notes and Highlights]].

* Information on (and possibly links to) previous versions of the reference: [[A Roadmap for Cybersecurity Research#Additional Notes and Highlights]].

* Description of a useful appendix or glossary in the reference: [[Critical Infrastructure Threats and Terrorism#Additional Notes and Highlights]].

===5. Check your Work===

* Check all your links to make sure they work.
* Make sure that your reference is included in the [[Cybersecurity Annotated Bibliography]] list of all reference in the wiki.
* Make sure the reference appears in the selected categories and ''all the higher level categories'' of the selected categories.
* Make sure your category links not only work but properly link back to the reference.
* Make sure your keywords links not only work but properly link back to the reference.

Approaches

2010-08-03T19:40:14Z

Felix:

''[[Table of Contents | TOC->]][[Approaches]]''

Anderson, Ross (2001) [[Why Information Security is Hard]]

Anderson, Ross and Moore, Tyler (2006) [[The Economics of Information Security]]

Anderson, Ross J. (2008) [[Security Engineering]]

Anderson, Ross, et. al (2008) [[Security Economics and the Internal Market]]

Aviram, Amitai and Tor, Avishalom (2004) [[Overcoming Impediments to Information Sharing]]

Barkham, Jason (2001) [[Information Warfare and International Law on the Use of Force]]

Beard, Jack M. (2009) [[Law and War in the Virtual Era]]

Bohme, Rainer and Kataria, Gaurav (2006) [[Models and Measures for Correlation in Cyber-Insurance]]

Brown, Davis (2006) [[A Proposal for an International Convention To Regulate the Use of Information Systems in Armed Conflict]]

Camp, L. Jean and Lewis, Stephen (2004) [[Economics of Information Security]]

Center for Strategic and International Studies (2008) [[Securing Cyberspace for the 44th Presidency]]

Clarke, Richard A. and Knake, Robert (2010) [[Cyber War]]

Clinton, Larry (Undated) [[Cyber-Insurance Metrics and Impact on Cyber-Security]]

Department of Commerce (2010) [[Defense Industrial Base Assessment]]

Department of Defense ''(2005)'' [[Strategy for Homeland Defense and Civil Support]]

Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]

Department of Defense Office of General Counsel (1999) [[An Assessment of International Legal Issues in Information Operations]]

Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]

Deputy Chief of Staff for Intelligence (2006) [[Critical Infrastructure Threats and Terrorism]]

Dörmann, Knut (2004) [[Applicability of the Additional Protocols to Computer Network Attacks]]

Dunlap, Charles J. Jr. (2009) [[Towards a Cyberspace Legal Regime in the Twenty-First Century]]

Epstein, Richard A. and Brown, Thomas P. (2008) [[Cybersecurity in the Payment Card Industry]]

Gandal, Neil (2008) [[An Introduction to Key Themes in the Economics of Cyber Security]]

Grady, Mark F. and Parisi, Francesco (2006) [[The Law and Economics of Cybersecurity]]

Granick, Jennifer Stisa (2005) [[The Price of Restricting Vulnerability Publications]]

Hollis, Duncan B. (2007) [[Why States Need an International Law for Information Operations]]

Johnson, Eric M. (2008) [[Managing Information Risk and the Economics of Security]]

Johnson, Vincent R. (2005) [[Cybersecurity, Identity Theft, and the Limits of Tort Liability]]

Kobayashi, Bruce H. (2006) [[An Economic Analysis of the Private and Social Costs of the Provision of Cybersecurity and Other Public Security Goods]]

Kramer, Franklin D., et. al (2009) [[Cyberpower and National Security]]

Lernard, Thomas M. and Rubin, Paul H. (2005) [[An Economic Analysis of Notification Requirements for Data Security Breaches]]

Lernard, Thomas M. and Rubin, Paul H. (2006) [[Much Ado About Notification]]

Moore, Tyler and Clayton, Richard (2007) [[Examining the Impact of Website Take-down on Phishing]]

Moore, Tyler and Clayton, Richard (2008) [[The Consequence of Non-Cooperation in the Fight Against Phishing]]

Moore, Tyler and Clayton, Richard (2009) [[The Impact of Incentives on Notice and Take-down]]

National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]

National Cyber Security Summit Task Force (2004) [[Information Security Governance]]

National Infrastructure Advisory Council (2004) [[Hardening The Internet]]

National Institute of Standards and Technology (2006) [[SP 800-82: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security]]

National Research Council (2007) [[Toward a Safer and More Secure Cyberspace]]

National Research Council (1999) [[Trust in Cyberspace]]

Nye, Joseph (2010) [[Cyber Power]]

Powell, Benjamin (2005) [[Is Cybersecurity a Public Good]]

Romanosky et al. (2008) [[Do Data Breach Disclosure Laws Reduce Identity Theft]]

Schmitt, Michael N. (1999) [[Computer Network Attack and the Use of Force in International Law]]

Schneier, Bruce (2003) [[Beyond Fear]]

Schneier, Bruce (2008) [[Schneier on Security]]

Schwartz, Paul and Janger, Edward (2007) [[Notification of Data Security Breaches]]

Swire, Peter P (2004) [[A Model for When Disclosure Helps Security]]

Swire, Peter P (2006) [[A Theory of Disclosure for Security and Competitive Reasons]]

Watts, Sean (2010) [[Combatant Status and Computer Network Attack]]

Zittrain, Jonathan L. (2008) [[The Future of the Internet and How To Stop It]]

'''''Subcategories:'''''
*''[[Approaches | Approaches->]][[Regulation/Liability]]''
*''[[Approaches | Approaches->]][[Private Efforts/Organizations]]''
*''[[Approaches | Approaches->]][[Government Organizations]]''
*''[[Approaches | Approaches->]][[International Cooperation]]''
*''[[Approaches | Approaches->]][[International Law (including Laws of War)]]''
*''[[Approaches | Approaches->]][[Deterrence]]''
*''[[Approaches | Approaches->]][[Technology]]''

''[[Table of Contents | Jump to Table of Contents]]''

International Law (including Laws of War)

2010-08-03T19:40:00Z

Felix:

''[[Table of Contents | TOC->]][[Approaches | Approaches->]][[International Law (including Laws of War)]]''

Beard, Jack M. (2009) [[Law and War in the Virtual Era]]

Brown, Davis (2006) [[A Proposal for an International Convention To Regulate the Use of Information Systems in Armed Conflict]]

Department of Defense Office of General Counsel (1999) [[An Assessment of International Legal Issues in Information Operations]]

Dörmann, Knut (2004) [[Applicability of the Additional Protocols to Computer Network Attacks]]

Dunlap, Charles J. Jr. (2009) [[Towards a Cyberspace Legal Regime in the Twenty-First Century]]

Hollis, Duncan B. (2007) [[Why States Need an International Law for Information Operations]]

Nye, Joseph (2010) [[Cyber Power]]

Schmitt, Michael N., et. al (2004) [[Computers and War]]

Schmitt, Michael N. (1999) [[Computer Network Attack and the Use of Force in International Law]]

Schmitt, Michael N. (2002) [[Wired Warfare]]

Sklerov, Matthew J. (2009) [[Solving the Dilemma of State Responses to Cyberattacks]]

Todd, Graham H. (2009) [[Armed Attack in Cyberspace]]

Watts, Sean (2010) [[Combatant Status and Computer Network Attack]]

*'''''Subcategories:''''' ''None''

''[[Table of Contents | Jump to Table of Contents]]''

Privacy

2010-08-03T19:39:47Z

Felix:

''[[Table of Contents | TOC->]][[Issues | Issues->]][[Privacy]]''

Anderson, Ross and Moore, Tyler (2006) [[The Economics of Information Security]]

Camp, and L. Jean and Lewis, Stephen (2004) [[Economics of Information Security]]

Department of Homeland Security (2009) [[A Roadmap for Cybersecurity Research]]

Dunlap, Charles J. Jr. (2009) [[Towards a Cyberspace Legal Regime in the Twenty-First Century]]

Johnson, Vincent R. (2005) [[Cybersecurity, Identity Theft, and the Limits of Tort Liability]]

Schneier, Bruce (2003) [[Beyond Fear]]

Schneier, Bruce (2008) [[Schneier on Security]]

*'''''Subcategories:''''' ''None''

''[[Table of Contents| Jump to Table of Contents]]''

Psychology and Politics

2010-08-03T19:39:35Z

Felix:

''[[Table of Contents | TOC->]][[Issues | Issues->]][[Psychology and Politics]]''

Dunlap, Charles J. Jr. (2009) [[Towards a Cyberspace Legal Regime in the Twenty-First Century]]

National Cyber Security Summit Task Force (2004) [[Information Security Governance]]

Schneier, Bruce (2003) [[Beyond Fear]]

*'''''Subcategories:''''' ''None''

''[[Table of Contents| Jump to Table of Contents]]''

Issues

2010-08-03T19:39:16Z

Felix:

''[[Table of Contents | TOC->]][[Issues]]''

Anderson, Ross (2001) [[Why Information Security is Hard]]

Anderson, Ross and Moore, Tyler (2006) [[The Economics of Information Security]]

Anderson, Ross J. (2008) [[Security Engineering]]

Anderson, Ross, et. al (2008) [[Security Economics and the Internal Market]]

Arora et al. (2006) [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure]]

Aviram, Amitai and Tor, Avishalom (2004) [[Overcoming Impediments to Information Sharing]]

Barkham, Jason (2001) [[Information Warfare and International Law on the Use of Force]]

Beard, Jack M. (2009) [[Law and War in the Virtual Era]]

Bohme, Rainer (2005) [[Cyber-Insurance Revisited]]

Bohme, Rainer and Kataria, Gaurav (2006) [[Models and Measures for Correlation in Cyber-Insurance]]

Bohme, Rainer and Schwartz, Galina (2010) [[Modeling Cyber-Insurance]]

Brown, Davis (2006) [[A Proposal for an International Convention To Regulate the Use of Information Systems in Armed Conflict]]

Camp, and L. Jean and Lewis, Stephen (2004) [[Economics of Information Security]]

Camp, L. Jean and Lewis, Stephen (2004) [[Economics of Information Security]]

Camp, L. Jean and Wolfram, Catherine (2004) [[Pricing Security]]

Center for Strategic and International Studies (2008) [[Securing Cyberspace for the 44th Presidency]]

Clarke, Richard A. and Knake, Robert (2010) [[Cyber War]]

Clinton, Larry (Undated) [[Cyber-Insurance Metrics and Impact on Cyber-Security]]

Computing Research Association (2003) [[Four Grand Challenges in Trustworthy Computing]]

Department of Commerce (2010) [[Defense Industrial Base Assessment]]

Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]

Department of Defense Office of General Counsel (1999) [[An Assessment of International Legal Issues in Information Operations]]

Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]

Deputy Chief of Staff for Intelligence (2006) [[Critical Infrastructure Threats and Terrorism]]

Dörmann, Knut (2004) [[Applicability of the Additional Protocols to Computer Network Attacks]]

Dunlap, Charles J. Jr. (2009) [[Towards a Cyberspace Legal Regime in the Twenty-First Century]]

Epstein, Richard A. and Brown, Thomas P. (2008) [[Cybersecurity in the Payment Card Industry]]

Energetics Inc. (2006) [[Roadmap to Secure Control Systems in the Energy Sector]]

Financial Services Sector Coordinating Council for Critical Infrastructure Protection (2008) [[Research Agenda for the Banking and Finance Sector]]

Franklin, Jason, et. al (2007) [[An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants]]

Gandal, Neil (2008) [[An Introduction to Key Themes in the Economics of Cyber Security]]

Grady, Mark F. and Parisi, Francesco (2006) [[The Law and Economics of Cybersecurity]]

Granick, Jennifer Stisa (2005) [[The Price of Restricting Vulnerability Publications]]

Hollis, Duncan B. (2007) [[Why States Need an International Law for Information Operations]]

Institute for Information Infrastructure Protection (2003) [[Cyber Security Research and Development Agenda]]

Johnson, Eric M. (2008) [[Managing Information Risk and the Economics of Security]]

Johnson, Vincent R. (2005) [[Cybersecurity, Identity Theft, and the Limits of Tort Liability]]

Kobayashi, Bruce H. (2006) [[An Economic Analysis of the Private and Social Costs of the Provision of Cybersecurity and Other Public Security Goods]]

Korns, Stephen W. (2009) [[Cyber Operations]]

Kramer, Franklin D., et. al (2009) [[Cyberpower and National Security]]

Lernard, Thomas M. and Rubin, Paul H. (2005) [[An Economic Analysis of Notification Requirements for Data Security Breaches]]

Lernard, Thomas M. and Rubin, Paul H. (2006) [[Much Ado About Notification]]

McAfee, Inc. (2010) [[McAfee Threats Report]]

Moore, Tyler and Clayton, Richard (2007) [[Examining the Impact of Website Take-down on Phishing]]

Moore, Tyler and Clayton, Richard (2008) [[The Consequence of Non-Cooperation in the Fight Against Phishing]]

Moore, Tyler and Clayton, Richard (2009) [[The Impact of Incentives on Notice and Take-down]]

Moore, Tyler, et. al (2009) [[The Economics of Online Crime]]

National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]

National Cyber Security Summit Task Force (2004) [[Information Security Governance]]

National Infrastructure Advisory Council (2004) [[Hardening The Internet]]

National Institute of Standards and Technology (2006) [[SP 800-82: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security]]

National Research Council (2007) [[Toward a Safer and More Secure Cyberspace]]

National Research Council (1999) [[Trust in Cyberspace]]

Nye, Joseph (2010) [[Cyber Power]]

Powell, Benjamin (2005) [[Is Cybersecurity a Public Good]]

Romanosky et al. (2008) [[Do Data Breach Disclosure Laws Reduce Identity Theft]]

Rotenberg et. al (2010) [[The Cyber War Threat Has Been Grossly Exaggerated]]

Schmit, Michael N., et. al (2004) [[Computers and War]]

Schmitt, Michael N. (1999) [[Computer Network Attack and the Use of Force in International Law]]

Schmitt, Michael N. (2002) [[Wired Warfare]]

Schneier, Bruce (2003) [[Beyond Fear]]

Schneier, Bruce (2008) [[Schneier on Security]]

Schwartz, Paul and Janger, Edward (2007) [[Notification of Data Security Breaches]]

Sklerov, Matthew J. (2009) [[Solving the Dilemma of State Responses to Cyberattacks]]

Swire, Peter P (2004) [[A Model for When Disclosure Helps Security]]

Swire, Peter P (2006) [[A Theory of Disclosure for Security and Competitive Reasons]]

Symantec Corporation (2010) [[Symantec Global Internet Security Threat Report]]

Telang, Rahul and Wattal, Sunil (2007) [[Impact of Software Vulnerability Announcements on the Market Value of Software Vendors]]

Thomas, Rob and Martin, Jerry (2006) [[The Underground Economy]]

Todd, Graham H. (2009) [[Armed Attack in Cyberspace]]

Trend Micro Incorporated (2010) [[Trend Micro Annual Report]]

van Eeten, Michel J. G. and Bauer, Johannes M. (2008) [[Economics of Malware]]

Varian, Hal (2004) [[System Reliability and Free Riding]]

Watts, Sean (2010) [[Combatant Status and Computer Network Attack]]

Zittrain, Jonathan L. (2008) [[The Future of the Internet and How To Stop It]]

'''''Subcategories:'''''
*''[[Issues | Issues->]][[Metrics]]''
*''[[Issues | Issues->]][[Economics of Cybersecurity | Economics of Cybersecurity->]][[Risk Management and Investment]]''
*''[[Issues | Issues->]][[Economics of Cybersecurity | Economics of Cybersecurity->]][[Incentives]]''
*''[[Issues | Issues->]][[Economics of Cybersecurity | Economics of Cybersecurity->]][[Insurance]]''
*''[[Issues | Issues->]][[Economics of Cybersecurity | Economics of Cybersecurity->]][[Behavioral Economics]]''
*''[[Issues | Issues->]][[Economics of Cybersecurity | Economics of Cybersecurity->]][[Market Failure]]''
*''[[Issues | Issues->]][[Supply Chain Issues]]''
*''[[Issues | Issues->]][[Usability/Human Factors]]''
*''[[Issues | Issues->]][[Psychology and Politics]]''
*''[[Issues | Issues->]][[Information Sharing/Disclosure]]''
*''[[Issues | Issues->]][[Public-Private Cooperation]]''
*''[[Issues | Issues->]][[Attribution]]''
*''[[Issues | Issues->]][[Identity Management]]''
*''[[Issues | Issues->]][[Privacy]]''
*''[[Issues | Issues->]][[Cybercrime]]''
*''[[Issues | Issues->]][[Cyberwar]]''
*''[[Issues | Issues->]][[Espionage | Espionage->]][[Government to Government]]''
*''[[Issues | Issues->]][[Espionage | Espionage->]][[Industrial]]''
*''[[Issues | Issues->]][[Espionage | Espionage->]][[Media Perceptions]]''

''[[Table of Contents| Jump to Table of Contents]]''

Cyberwar

2010-08-03T19:39:00Z

Felix:

''[[Table of Contents | TOC->]][[Issues | Issues->]][[Cyberwar]]''

Anderson, Ross J. (2008) [[Security Engineering]]

Barkham, Jason (2001) [[Information Warfare and International Law on the Use of Force]]

Beard, Jack M. (2009) [[Law and War in the Virtual Era]]

Brown, Davis (2006) [[A Proposal for an International Convention To Regulate the Use of Information Systems in Armed Conflict]]

Clarke, Richard A. and Knake, Robert (2010) [[Cyber War]]

Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]

Department of Defense Office of General Counsel (1999) [[An Assessment of International Legal Issues in Information Operations]]

Deputy Chief of Staff for Intelligence (2006) [[Critical Infrastructure Threats and Terrorism]]

Dörmann, Knut (2004) [[Applicability of the Additional Protocols to Computer Network Attacks]]

Dunlap, Charles J. Jr. (2009) [[Towards a Cyberspace Legal Regime in the Twenty-First Century]]

Hollis, Duncan B. (2007) [[Why States Need an International Law for Information Operations]]

Korns, Stephen W. (2009) [[Cyber Operations]]

Nye, Joseph (2010) [[Cyber Power]]

Rotenberg et. al ''(2010)'' [[The Cyber War Threat Has Been Grossly Exaggerated]]

Schmitt, Michael N. (1999) [[Computer Network Attack and the Use of Force in International Law]]

Schmitt, Michael N. (2002) [[Wired Warfare]]

Schmitt, Michael N., et. al (2004) [[Computers and War]]

Schneier, Bruce (2003) [[Beyond Fear]]

Sklerov, Matthew J. (2009) [[Solving the Dilemma of State Responses to Cyberattacks]]

Todd, Graham H. (2009) [[Armed Attack in Cyberspace]]

Watts, Sean (2010) [[Combatant Status and Computer Network Attack]]

'''''Subcategories:''''' ''None''

''[[Annotated_Bibliography | Jump to Annotated Bibliography]]''

Keyword Index and Glossary of Core Ideas

2010-08-03T19:38:27Z

Felix: /* SCADA Systems */

==Keyword Index and Glossary of Core Ideas==

===Air-Gapped Network===
Air gapping is a security measure that isolates a secure network from unsecure networks physically, electrically and electromagnetically.

See also: [[Keyword_Index_and_Glossary_of_Core_Ideas#Sneakernet | Sneakernet]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Antivirus===
Software which attempts to identify and delete or isolate [[#Malware |malware]]. Antivirus software may use both a database containing signatures of known threats and heuristics to identify malware. Usually run as a background service to scan files and email copied to the protected system.

References:
* [[Security_Engineering | Anderson]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Best Practices===

The processes, practices, and systems identified in public and private organizations that performed exceptionally well and are widely recognized as improving an organization's performance and efficiency in specific areas. Successfully identifying and applying best practices can reduce business expenses and improve organizational efficiency. [http://www.gao.gov/special.pubs/bprag/bprgloss.htm GAO Glossary]

* [[Hardening_The_Internet | National Infrastructure Advisory Council]]

===Black Hat===
A black hat is a computer [[#Hacker | hacker]] who works to harm others (e.g., steal identities, spread computer viruses, install bot software).

See also: [[#White_Hat | White Hat]]

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Blacklist===
A list of computers, IP addresses, user names or other identifiers to block from access to a computing resource.

See also: [[#Whitelist | Whitelist]]

References:
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Botnet===
A portmanteau of "robot" and "network." Refers to networks of sometimes millions of infected machines that are remotely controlled by malicious actors. A single infected computer may be referred to as a zombie computer. The owners of the computer remotely controlled is often unaware of the infection. The owners of a botnet may use the combined network processing power and bandwidth to send [[#SPAM | SPAM]], install [[#Malware | malware]] and mount [[#DDoS_Attack | DDoS attacks]] or may rent out the botnet to other malicious actors.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Power | Nye]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Schneier_on_Security | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===''Casus Belli''===
The justification for going to war. From the Latin "''casus''" meaning "incident" or "event" and "''belli''" meaning "of war."

References:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Wired_Warfare | Schmitt]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Civilian Participation===
The involvement of non-military persons in warfare. While civilians have often provided support to the military in kinetic wars, in [[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Warfare | cyber warfare]] civilians are able to remotely participate in direct attacks against opponents. This raises complicated questions of law when the combatants are not uniformed military personnel.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Combatant Status===
The legal status of combatants in warfare. Existing law distinguishes between uniformed military and civilian status.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Emergency Response Team===
A group of experts brought together to deal with computer security issues. The Computer Emergency Response Team (CERT) mandate is to develop and promote best management practices and technology applications to “resist attacks on networked systems, to limit damage, and to ensure continuity of critical services.” (Software Engineering Institute 2008). CERT may be formed by governments to handle security at the national level or by academic institutions or individual corporations.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Network Attack===
Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves. [http://www.fas.org/irp/doddir/dod/jp3_13.pdf Joint Doctrine for Information Operations JP 3-13 at I-9 (1998)]

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Information_Security | GAO]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Computers_and_War | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Communications Privacy Law===
Laws which regulate access to electronic communications. In the United States, the [http://www.usiia.org/legis/ecpa.html Electronic Communications Privacy Act (ECPA]) protects electronic communications while in transit and prohibits the unlawful access and disclosure of communication contents.

References:
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[Cybersecurity:_Preventing_Terrorist_Attacks_and_Protecting_Privacy_in_Cyberspace | Nojeim]]
* [[Cyber_Power | Nye]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===COTS Software===
Commercial Off The Shelf Software. Software that is prepackaged and sold as a commodity rather than custom written for a specific user/organization or purpose. Examples include operating systems, database management programs, email servers, application servers and office product suites. [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD at 18.]]

References:
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Trust in Cyberspace | National Research Council]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Credit Card Fraud===
Theft of goods or services using false or stolen credit card information.

See Also: [[#Shoulder_Surfing | Shoulder Surfing]]

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Crimeware===
Software tools designed to aid criminals in perpetrating online crime. Refers only to programs not generally considered desirable or usable for ordinary tasks. Thus, while a criminal may use Internet Explorer in the commission of a [[#Cyber_Crime | cybercrime]], the Internet Explorer application itself would not be considered crimeware.

References:
* [[2007_Malware_Report |Computer Economics]]
* [[Cybersecurity | Bauer and van Eeten]], [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Crime===
In its broadest definition, cybercrime includes all crime perpetrated with or involving a computer. Symantec defines it as any crime that is committed using a computer or network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime. The crime may take place on the computer alone or in addition to other locations. [http://www.symantec.com/norton/cybercrime/definition.jsp Symantec]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as an Externality===
Economists define externalities as instances where an individual or firm’s actions have
economic consequences for others for which there is no compensation. One important
distinction is between positive and negative externalities. Instances of the latter are most
commonly discussed, such as the environmental pollution caused by a plant, which may
have impacts on the value of neighboring homes. Important examples of positive
externalities are so common in communications networks that there is a class of "network
externalities. For instance, the simple act of installing telephone service to one additional
customer creates positive externalities on everyone on the telephone network because
they can now each reach one additional person.
Several attributes of computer security suggest that it is an externality. Most importantly,
the lack of security on one machine can cause adverse effects on another. The most
obvious example of this is from electronic commerce, where credit card numbers stolen
from machines lacking security are used to commit fraud at other sites.

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Pricing_Security | Camp and Wolfram]], [[Economics_of_Information_Security | 2]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as a Public Good===
In economics, a public good is a good that is non-rivalrous and non-excludable. Non-rivalry means that consumption of the good by one individual does not reduce availability of the good for consumption by others; and non-excludability that no one can be effectively excluded from using the good.

References:
* [[Security_Engineering | Anderson]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Terrorism===
A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. [http://judiciary.senate.gov/hearings/testimony.cfm?id=1054&wit_id=2995 FBI]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Beyond_Fear | Schneier]]
* [[The_Evolving_Landscape_of_Maritime_Cybersecurity | Shah]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Warfare===
Actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption. [[Cyber_War | Clarke]]

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_War | Clarke]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks#Full_Citation | Cornish]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Global_Cyber_Deterrence | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Data Mining===
The process of extracting hidden information and correlations from one or more databases or collections of data that would not normally be revealed by a simple database query.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy#Synopsis | Besunder]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Schneier on Security | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Department of Homeland Security===
Cabinet level department of the United States assigned, ''inter alia'', the task of protecting against terrorist threats and helping state and local authorities prepare for, respond to and recover from domestic disasters.

References:
* [[Cyber_War | Clarke]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Information_Security | GAO]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]], [[Schneier on Security | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===DDoS Attack===
The disabling of a targeted website or Internet connection by flooding it with such high levels of Internet traffic that it can no longer respond to normal connection requests. Often mounted by directing an army of zombie computers (see [[#Botnet | botnet]]) to connect to the targeted site simultaneously. The targeted site may crash while trying to respond to an overwhelming number of connections requests or it may be disabled because all available bandwidth and/or computing resources are tied up responding to the attack requests.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin. et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Digital Pearl Harbor===
A cyberwarfare attack similar in scale and surprise to the 1941 attack on Pearl Harbor. The expression is often invoked by those who argue that a cyber-based attack is either imminent or inevitable and that by not being properly prepared, the United States will suffer significant and unnecessary losses.

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Disclosure Policy===
A policy that governs the disclosure to clients and other stakeholder by a provider of a computer program or system of defects discovered in those products.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Schneier on Security | Schneier]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Distributed Denial of Service (DDoS)===
See: [[#DDoS_Attack | DDoS Attack]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Dumpster Diving===
A method of obtaining proprietary, confidential or useful information by searching through trash discarded by a target.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Einstein===
The operational name of the National Cybersecurity Protection System (NCPS). Was created in 2003 by the United States Computer Emergency Readiness Team (US-CERT)14 in order to aid in its ability to help reduce and prevent computer network vulnerabilities across the federal government. The initial version of Einstein provided an automated process for collecting, correlating, and analyzing agencies’ computer network traffic information from sensors installed at their Internet connections. The Einstein sensors collected
network flow records at participating agencies, which were then analyzed by US-CERT to detect certain types of malicious activity.

References:
* [[Information_Security | GAO]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===E.U. Cybersecurity===
Discussions relating to cybersecurity of the European Union and of European Union states.

References:
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Introduction_to_Country_Reports | ENISA]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Generativity===
Generativity is a system’s capacity to produce unanticipated change through unﬁltered contributions from broad and varied audiences.

References:

*[[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Geneva Conventions===
Four treaties and three additional protocols that regulates the conduct of hostilities between states and set the standards for humanitarian treatment of the victims of war.

See also: [[#Laws_of_War | Laws of War]]

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacker===
Advanced computer users who spend a lot of time on or with computers and work hard to find vulnerabilities in IT systems. [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]

References:
* [[Security_Engineering | Anderson]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[McAfee Threats Report | McAfee]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivism===
The nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development. [http://www.alexandrasamuel.com/dissertation/index.html Samuel, A.]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivist===
A portmanteau of [[#Hacker | "hacker"]] and "activist." Individuals that have a political motive for their activities, and identify that motivation by their actions, such as defacing opponents’ websites with counter-information or disinformation.

See also: [[#Hacktivism | Hacktivism]]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[McAfee Threats Report | McAfee]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Honeypot===
A computer, network or other information technology resource set as a trap to attract attacks. Honeypots may be used to collect metrics (how long does it take for an unprotected system to be breached), to test defenses, to examine methods of attack or to catch attackers. A honeypot system may also be used to collect [[#SPAM | SPAM]] so it can be added to a [[#Blacklist | blacklist]].

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Identity Fraud/Theft===
The exploitation by malevolent third parties of unwarranted access to clients' or consumers' identities. Often the result of lax data security or privacy measures.

References:
* [[Security_Engineering | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[2007_Malware_Report | Computer Economics]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Asymmetries===
Information asymmetry deals with the study of decisions in transactions where one party has more or better information than the other. This creates an imbalance of power in transactions which can sometimes cause the transactions to go awry.

The software market suffers from the same information asymmetry. Vendors may make claims about the security of their products, but buyers have no reason to trust them. In many cases, even the vendor does not know how secure its software is. So buyers have no reason to pay more for protection, and vendors are disinclined to invest in it.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Cyber_War | Clarke]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Wired_Warfare | Schmitt]]
* [[Schneier on Security | Schneier]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Intelligence Infrastructure/Information Infrastructure===
The network of computers and communication lines underlying critical services that American society has come to depend on: financial systems, the power grid, transportation, emergency services, and government programs. Information infrastructure includes the Internet, telecommunications networks, “embedded” systems (the built-in microprocessors that control machines from microwaves to missiles), and “dedicated” devices like individual personal computers. [http://www.cfr.org/publication/10212/targets_for_terrorism.html Council on Foreign Relations]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Cyber_Power | Nye]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Operations===
Actions taken to affect adversary information and information systems while defending one’s own information and information systems.” Information Operations (IO) can occur during peacetime and at every level of warfare.
Information warfare (IW), by contrast, is IO “conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries” [Joint Chiefs of Staff, Department of Defense, Dictionary of Military and Associated Terms, Joint Publication]

References:
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Interdependencies===
The inter-connections between supposedly independent but often interdependent systems.

See also: [[#SCADA_Systems | SCADA Systems]]

References:
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Cyber-Insurance_Revisited | Bohme]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Trust in Cyberspace | National Research Council]]
* [[Cybersecurity_and_Economic_Incentives | OECD]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | Schmitt]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===International Humanitarian Law===
That part of international law which seek, for humanitarian reasons, to limit the effects of armed conflict. It protects persons who are not or are no longer participating in the hostilities and restricts the means and methods of warfare. International humanitarian law is also known as the law of war or the law of armed conflict. International law is the body of rules governing relations between States. It is contained in agreements between States (treaties or conventions), in customary rules, which consist of State practise considered by them as as legally binding, and in general principles. [http://www.icrc.org/web/eng/siteeng0.nsf/html/humanitarian-law-factsheet ICRC]

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Relay Chat (IRC)===
A method of real-time Internet communication often used by criminals to buy and sell purloined information such as credit card numbers and personal identity information. IRC chatrooms may be open or private.

References:
* [[Security_Engineering | Anderson]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Service Providers===
A company that offers access to the Internet. Internet Service Providers may also provide add-on services such as web hosting, electronic mail, virus scanning, SPAM filtering, etc.

References:
* [[Security_Engineering | Anderson]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[The_Market_Consequences_of_Cybersecurity | OECD]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Keylogger===
Software or hardware that monitors and logs the keystrokes a user types into a computer. The keylogger may store the key sequences locally for later retrieval or send them to a remote location. A hardware keylogger can only be detected by physically inspecting the computer for unusual hardware.

References:
* [[Security_Engineering | Anderson]]
* [[2007_Malware_Report | Computer Economics]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

=== Kinetic Attack===
Traditional mode of warfare in which arms are used to kill opponents and/or destroy an opponent's infrastructure. Usually used to distinguish a cyber attack in which destruction of the opponent's resources is accomplished through targeted information system attacks without resorting to bullets, bombs or explosives.

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Computers_and_War | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Lawfare===
The use of international law to damage an opponent in a war without use of arms.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Laws of War===
The body of law that define the legality of using armed force to resolve a conflict (''jus ad bellum'') and the laws that define the legality of the actual hostilities and related activities (''jus in bello'').

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[Cyber-Apocalypse_Now | Gable]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Power | Nye]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Malware===
A variety of computer software designed to infiltrate a user's computer specifically for malicious purposes. Includes, ''inter alia'', computer virus software, botnet software, computer worms, spyware, trojan horses, crimeware and rootkits.

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[2007_Malware_Report | Computer Economics]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Cybersecurity Strategy (U.S.)===
A comprehensive policy to secure America’s digital infrastructure as part of the Administrative Branch's [http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative Comprehensive National Cybersecurity Initiative]. The goals of the policy are: to establish a front line of defense against current immediate threats; to defend against threats by enhancing U.S. counterintelligence capabilities and; to strengthen the future cybersecurity environment by expanding cyber education and redirecting research and development efforts to define and develop strategies to deter hostile or malicious activity in cyberspace.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Security_and_Regulation_in_the_United_States | Lewis]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Security===
Broadly refers to the requirement to maintain the survival of the nation-state through the use of economic, military and political power and the exercise of diplomacy. [http://en.wikipedia.org/wiki/National_security Wikipedia]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===New Normalcy===
New normalcy has become an episodic polict construct in U.S. strategic ideation. National leadership has relied on the new normalcy clarion call to illuminate moments in time when it is understood that the Nation faces not only a severe threat, but also a transcending reorientation. Often invoked in times of national crisis, new normalcy in the American experience signals a cardinal shift in the nature of U.S. security. ["Cyber Operations - The New Balance," Stephen W. Korns]

===Notice and Take-down===
Most commonly used to remove infringing web material under copyright law, a notice and take-down regime is a procedure by which an infringing web site is removed from a service provider's (ISP) network, or access to an allegedly infringing website, disabled. Websites violating copyright are subject to notice and take-down, as are phishing websites.

References:
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Organized Crime===
Groups having some manner of a formalized structure and whose primary objective is to obtain money through illegal activities. Such groups maintain their position through the use of actual or threatened violence, corrupt public officials, graft, or extortion, and generally have a significant impact on the people in their locales, region, or the country as a whole. [http://www.fbi.gov/hq/cid/orgcrime/glossary.htm FBI]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Outreach and Collaboration===
Working across government and with the private sector to share information on threats and other data, and to develop shared approaches to securing cyberspace. [http://www.fas.org/sgp/crs/natsec/R40836.pdf CRS Report for Congress, at 6 (2009).]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Pricing_Security | Camp and Wolfram]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Introduction_to_Country_Reports | ENISA]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
*[[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | Moore and Clayton]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Password Weakness===
Security threats caused by the use of easily guessable passwords which protect vital stores of confidential information stored online.

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Patching===
Patching refers to the installation of a piece of software designed to fix problems with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability or performance. Though meant to fix problems, poorly designed patches can sometimes introduce new problems. [http://en.wikipedia.org/wiki/Patch_%28computing%29 Wikipedia]

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Phishing===
The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]],
* [[2007_Malware_Report | Computer Economics]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Privacy Law===
Laws which regulate the protection of confidential personal information stored in private records or disclosed to a professional. Also includes laws which regulate the gathering of electronic data in which personal information is accumulated or misappropriated.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy | Besunder]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Red Team===
A structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners’ and adversaries’ perspectives. See [http://www.tradoc.army.mil/pao/tnsarchives/July05/070205.htm U.S. Army]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | Deputy Chief of Staff for Intelligence]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Research & Development===
Research and development (R&D) addressing cyber security and information infrastructure protection.

References:
* [[Pricing_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Research_Agenda_for_the_Banking_and_Finance_Sector | Financial Services Sector Coordinating Council for Critical Infrastructure Protection]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[Cyber_Security_Research_and_Development_Agenda | Institute for Information Infrastructure Protection]]
* [[The_Need_for_a_National_Cybersecurity_Research_and_Development_Agenda | Maughan]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Risk Modeling===
The creation of a model to estimate risk exposure, policy option efficacy and cost-benefit analysis of a particular threat and solution. See [http://cisac.stanford.edu/publications/how_much_is_enough__a_riskmanagement_approach_to_computer_security/ Soo Hoo, Kevin J.]

References:
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Making_the_Best_Use_of_Cybersecurity_Economic_Models | Rue and Pfleeger]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]
* [[Beyond_Fear | Schneier]]
* [[Managing_Online_Security_Risks | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SCADA Systems===
SCADA stands for "supervisory control and data acquisition" and in the cybersecurity context usually refers to industrial control systems that control infrastructure such as electrical power transmission and distribution, water treatment and distribution, wastewater collection and treatment, oil and gas pipelines and large communication systems. The focus is on whether as these systems are connected to the public Internet they become vulnerable to a remote attack.

References:
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[Cyber_Power | Nye]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Scareware===
Software or web site that purports to be security software reporting a threat against a user's computer to convince the user to purchase unneeded software or install malware.

* [[2007_Malware_Report | Computer Economics]]
* [[McAfee Threats Report | McAfee]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Script Kiddie===
A derogatory term for a [[#Black_Hat | Black Hat]] who uses canned tools and programs written by more skillful [[#Hacker | hackers]] to commit cyber crime without understanding how they work.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Security Trade-Offs===
There is no single correct level of security; how much security you have depends on what you’re willing to give up in order to get it. This trade-off is, by its very nature, subjective—secu- rity decisions are based on personal judgments. Different people have different senses of what constitutes a threat, or what level of risk is acceptable. What’s more, between different commu- nities, or organizations, or even entire societies, there is no agreed-upon way in which to define threats or evaluate risks, and the modern technological and media-filled world makes these evaluations even harder. [http://www.scribd.com/doc/12185921/beyond-fear-thinking-sensibly-about-security-in-an-uncertain-world-bruce-schneier-copernicus-books-2003 Bruce Schneier]

References:

*[[Cyber-Insurance_Revisited | Bohme]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Shoulder Surfing===
The process of obtaining passwords or other sensitive information by covertly watching an authorized user enter information into a computer system.

References:
* [[Security_Engineering | Anderson]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sneakernet===
Describes the transfer of data between computers or networks that are not physically, electrically or electromagnetically connected requiring information to be shared by physically transporting media contain the shared information from one computer to another. Initially described systems lacking the technology to network together, now usually refers to systems deliberately isolated for security reasons.

See also: [[#Air-Gapped_Network | Air-Gapped Network]]

===Social Engineering===
Conning a human into supplying passwords, computer access or other sensitive information by pretending to be a person with rights to the information or who the target believes they must surrender the information to.

References:
* [[Security_Engineering | Anderson]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Cyber_Power | Nye]]
* [[The_Market_Consequences_of_Cybersecurity:_Defining_Externalities_and_Ways_to_Address_Them | OECD]], [[Cybersecurity_and_Economic_Incentives | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Social Network===
A software application or website that allows a large group of users to interact with each other, often allowing the creation of online portals or identities to share with specific people or the online world at large.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Software Vulnerability===

A software vulnerablilty refers to the existence of a flaw -- or "bug" -- in software that may allow a third party or program to obtain unauthorized access to the flaw and exploit it. [http://www.spi.dod.mil/tenets.htm U.S. Air Force Software Protection Initiative]

References:
* [[Security_Engineering | Anderson]]
* [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission Impact of Foreign Influence on DoD Software | DoD]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The Price of Restricting Vulnerability Publications | Granick]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SPAM===
Unwanted or junk email usually sent indiscriminately in bulk selling illegal or near illegal goods or services. Even with low response rates and heavy filtering, SPAM can stil be economically viable because of the extremely low costs in sending even huge quantities of electronic messages. Commonly believed to be named after the [http://www.youtube.com/watch?v=anwy2MPT5RE Monty Python skit] where the breakfast meat Spam overwhelms all other food choices.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sponsored Attacks===
[[#Computer_Network_Attack | Computer network attacks]] commissioned by, supported by or carried out by a state or government.

Reverences:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===State Affiliation===
Under the control or command of a recognized state or government.

References:
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Tragedy of Commons===
A situation, first described in an influential article written by ecologist Garrett Hardin for the journal Science, in 1968, in which multiple individuals, acting independently, and solely and rationally consulting their own self-interest, will ultimately deplete a shared limited resource even when it is clear that it is not in anyone's long-term interest for this to happen. The term can be applied to any issue related to the management of a shared resource, from energy to the public domain, to cybersecurity.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Transparency===
A set of policies, practices and procedures that allow citizens to have accessibility, usability, informativeness, understandability and auditability of information and process held by centers of authority. [http://en.wikipedia.org/wiki/Transparency_(social) Wikipedia]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Trojan===
[[#Malware | Malware]] which masquerades as some other type of program such as a link to a web site, a desirable image, etc. to trick a user into installing it. Named for the Ancient Greek legend of the [http://www.mlahanas.de/Greeks/Mythology/TrojanHorse.html Trojan Horse].

References:
* [[Security_Engineering | Anderson]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
*[[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Military Technologies===
Warfare made possible by advances in remotely controlled or semiautomated military technologies which remove the operator from risk of harm while attacking an opponent.

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Global_Cyber_Deterrence_Views_from_China | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Warfare===

See: [[#Virtual_Military_Technologies | Virtual Military Technologies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===White Hat===
A white hat is a computer [[#Hacker | hacker]] who works to find and fix computer security risks. White hat consultants are often hired to attempt to break into their client's network to see if all security holes have been addressed.

See also: [[#Black_Hat | Black Hat]]

References:
* [[Security_Engineering | Anderson]], [[Why_Information_Security_is_Hard | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Whitelist===
A list of computers, IP (Internet Protocol) addresses, user names or other identifiers to specifically allow access to a computing resource. Normally combined with a default "no-access" policy.

See also: [[#Blacklist | Blacklist]]

References:
* [[Security_Engineering | Anderson]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Worm===
A type of malware that replicates itself and spreads to other computers through network connections.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Zero-Day Exploit===
[[#Malware | Malware]] designed to exploit a newly discovered security hole unknown to the software developer. "Zero-day" refers to the amount of time a developer has between learning of a security hole and the time it becomes public or when [[#Black_Hat | black hat]] [[#Hacker | hackers]] find out about it and try to use the security hole for nefarious purposes.

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[McAfee Threats Report | McAfee]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

Keyword Index and Glossary of Core Ideas

2010-08-03T19:38:13Z

Felix: /* Laws of War */

==Keyword Index and Glossary of Core Ideas==

===Air-Gapped Network===
Air gapping is a security measure that isolates a secure network from unsecure networks physically, electrically and electromagnetically.

See also: [[Keyword_Index_and_Glossary_of_Core_Ideas#Sneakernet | Sneakernet]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Antivirus===
Software which attempts to identify and delete or isolate [[#Malware |malware]]. Antivirus software may use both a database containing signatures of known threats and heuristics to identify malware. Usually run as a background service to scan files and email copied to the protected system.

References:
* [[Security_Engineering | Anderson]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Best Practices===

The processes, practices, and systems identified in public and private organizations that performed exceptionally well and are widely recognized as improving an organization's performance and efficiency in specific areas. Successfully identifying and applying best practices can reduce business expenses and improve organizational efficiency. [http://www.gao.gov/special.pubs/bprag/bprgloss.htm GAO Glossary]

* [[Hardening_The_Internet | National Infrastructure Advisory Council]]

===Black Hat===
A black hat is a computer [[#Hacker | hacker]] who works to harm others (e.g., steal identities, spread computer viruses, install bot software).

See also: [[#White_Hat | White Hat]]

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Blacklist===
A list of computers, IP addresses, user names or other identifiers to block from access to a computing resource.

See also: [[#Whitelist | Whitelist]]

References:
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Botnet===
A portmanteau of "robot" and "network." Refers to networks of sometimes millions of infected machines that are remotely controlled by malicious actors. A single infected computer may be referred to as a zombie computer. The owners of the computer remotely controlled is often unaware of the infection. The owners of a botnet may use the combined network processing power and bandwidth to send [[#SPAM | SPAM]], install [[#Malware | malware]] and mount [[#DDoS_Attack | DDoS attacks]] or may rent out the botnet to other malicious actors.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Power | Nye]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Schneier_on_Security | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===''Casus Belli''===
The justification for going to war. From the Latin "''casus''" meaning "incident" or "event" and "''belli''" meaning "of war."

References:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Wired_Warfare | Schmitt]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Civilian Participation===
The involvement of non-military persons in warfare. While civilians have often provided support to the military in kinetic wars, in [[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Warfare | cyber warfare]] civilians are able to remotely participate in direct attacks against opponents. This raises complicated questions of law when the combatants are not uniformed military personnel.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Combatant Status===
The legal status of combatants in warfare. Existing law distinguishes between uniformed military and civilian status.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Emergency Response Team===
A group of experts brought together to deal with computer security issues. The Computer Emergency Response Team (CERT) mandate is to develop and promote best management practices and technology applications to “resist attacks on networked systems, to limit damage, and to ensure continuity of critical services.” (Software Engineering Institute 2008). CERT may be formed by governments to handle security at the national level or by academic institutions or individual corporations.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Network Attack===
Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves. [http://www.fas.org/irp/doddir/dod/jp3_13.pdf Joint Doctrine for Information Operations JP 3-13 at I-9 (1998)]

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Information_Security | GAO]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Computers_and_War | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Communications Privacy Law===
Laws which regulate access to electronic communications. In the United States, the [http://www.usiia.org/legis/ecpa.html Electronic Communications Privacy Act (ECPA]) protects electronic communications while in transit and prohibits the unlawful access and disclosure of communication contents.

References:
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[Cybersecurity:_Preventing_Terrorist_Attacks_and_Protecting_Privacy_in_Cyberspace | Nojeim]]
* [[Cyber_Power | Nye]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===COTS Software===
Commercial Off The Shelf Software. Software that is prepackaged and sold as a commodity rather than custom written for a specific user/organization or purpose. Examples include operating systems, database management programs, email servers, application servers and office product suites. [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD at 18.]]

References:
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Trust in Cyberspace | National Research Council]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Credit Card Fraud===
Theft of goods or services using false or stolen credit card information.

See Also: [[#Shoulder_Surfing | Shoulder Surfing]]

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Crimeware===
Software tools designed to aid criminals in perpetrating online crime. Refers only to programs not generally considered desirable or usable for ordinary tasks. Thus, while a criminal may use Internet Explorer in the commission of a [[#Cyber_Crime | cybercrime]], the Internet Explorer application itself would not be considered crimeware.

References:
* [[2007_Malware_Report |Computer Economics]]
* [[Cybersecurity | Bauer and van Eeten]], [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Crime===
In its broadest definition, cybercrime includes all crime perpetrated with or involving a computer. Symantec defines it as any crime that is committed using a computer or network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime. The crime may take place on the computer alone or in addition to other locations. [http://www.symantec.com/norton/cybercrime/definition.jsp Symantec]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as an Externality===
Economists define externalities as instances where an individual or firm’s actions have
economic consequences for others for which there is no compensation. One important
distinction is between positive and negative externalities. Instances of the latter are most
commonly discussed, such as the environmental pollution caused by a plant, which may
have impacts on the value of neighboring homes. Important examples of positive
externalities are so common in communications networks that there is a class of "network
externalities. For instance, the simple act of installing telephone service to one additional
customer creates positive externalities on everyone on the telephone network because
they can now each reach one additional person.
Several attributes of computer security suggest that it is an externality. Most importantly,
the lack of security on one machine can cause adverse effects on another. The most
obvious example of this is from electronic commerce, where credit card numbers stolen
from machines lacking security are used to commit fraud at other sites.

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Pricing_Security | Camp and Wolfram]], [[Economics_of_Information_Security | 2]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as a Public Good===
In economics, a public good is a good that is non-rivalrous and non-excludable. Non-rivalry means that consumption of the good by one individual does not reduce availability of the good for consumption by others; and non-excludability that no one can be effectively excluded from using the good.

References:
* [[Security_Engineering | Anderson]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Terrorism===
A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. [http://judiciary.senate.gov/hearings/testimony.cfm?id=1054&wit_id=2995 FBI]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Beyond_Fear | Schneier]]
* [[The_Evolving_Landscape_of_Maritime_Cybersecurity | Shah]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Warfare===
Actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption. [[Cyber_War | Clarke]]

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_War | Clarke]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks#Full_Citation | Cornish]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Global_Cyber_Deterrence | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Data Mining===
The process of extracting hidden information and correlations from one or more databases or collections of data that would not normally be revealed by a simple database query.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy#Synopsis | Besunder]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Schneier on Security | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Department of Homeland Security===
Cabinet level department of the United States assigned, ''inter alia'', the task of protecting against terrorist threats and helping state and local authorities prepare for, respond to and recover from domestic disasters.

References:
* [[Cyber_War | Clarke]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Information_Security | GAO]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]], [[Schneier on Security | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===DDoS Attack===
The disabling of a targeted website or Internet connection by flooding it with such high levels of Internet traffic that it can no longer respond to normal connection requests. Often mounted by directing an army of zombie computers (see [[#Botnet | botnet]]) to connect to the targeted site simultaneously. The targeted site may crash while trying to respond to an overwhelming number of connections requests or it may be disabled because all available bandwidth and/or computing resources are tied up responding to the attack requests.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin. et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Digital Pearl Harbor===
A cyberwarfare attack similar in scale and surprise to the 1941 attack on Pearl Harbor. The expression is often invoked by those who argue that a cyber-based attack is either imminent or inevitable and that by not being properly prepared, the United States will suffer significant and unnecessary losses.

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Disclosure Policy===
A policy that governs the disclosure to clients and other stakeholder by a provider of a computer program or system of defects discovered in those products.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Schneier on Security | Schneier]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Distributed Denial of Service (DDoS)===
See: [[#DDoS_Attack | DDoS Attack]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Dumpster Diving===
A method of obtaining proprietary, confidential or useful information by searching through trash discarded by a target.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Einstein===
The operational name of the National Cybersecurity Protection System (NCPS). Was created in 2003 by the United States Computer Emergency Readiness Team (US-CERT)14 in order to aid in its ability to help reduce and prevent computer network vulnerabilities across the federal government. The initial version of Einstein provided an automated process for collecting, correlating, and analyzing agencies’ computer network traffic information from sensors installed at their Internet connections. The Einstein sensors collected
network flow records at participating agencies, which were then analyzed by US-CERT to detect certain types of malicious activity.

References:
* [[Information_Security | GAO]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===E.U. Cybersecurity===
Discussions relating to cybersecurity of the European Union and of European Union states.

References:
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Introduction_to_Country_Reports | ENISA]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Generativity===
Generativity is a system’s capacity to produce unanticipated change through unﬁltered contributions from broad and varied audiences.

References:

*[[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Geneva Conventions===
Four treaties and three additional protocols that regulates the conduct of hostilities between states and set the standards for humanitarian treatment of the victims of war.

See also: [[#Laws_of_War | Laws of War]]

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacker===
Advanced computer users who spend a lot of time on or with computers and work hard to find vulnerabilities in IT systems. [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]

References:
* [[Security_Engineering | Anderson]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[McAfee Threats Report | McAfee]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivism===
The nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development. [http://www.alexandrasamuel.com/dissertation/index.html Samuel, A.]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivist===
A portmanteau of [[#Hacker | "hacker"]] and "activist." Individuals that have a political motive for their activities, and identify that motivation by their actions, such as defacing opponents’ websites with counter-information or disinformation.

See also: [[#Hacktivism | Hacktivism]]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[McAfee Threats Report | McAfee]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Honeypot===
A computer, network or other information technology resource set as a trap to attract attacks. Honeypots may be used to collect metrics (how long does it take for an unprotected system to be breached), to test defenses, to examine methods of attack or to catch attackers. A honeypot system may also be used to collect [[#SPAM | SPAM]] so it can be added to a [[#Blacklist | blacklist]].

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Identity Fraud/Theft===
The exploitation by malevolent third parties of unwarranted access to clients' or consumers' identities. Often the result of lax data security or privacy measures.

References:
* [[Security_Engineering | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[2007_Malware_Report | Computer Economics]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Asymmetries===
Information asymmetry deals with the study of decisions in transactions where one party has more or better information than the other. This creates an imbalance of power in transactions which can sometimes cause the transactions to go awry.

The software market suffers from the same information asymmetry. Vendors may make claims about the security of their products, but buyers have no reason to trust them. In many cases, even the vendor does not know how secure its software is. So buyers have no reason to pay more for protection, and vendors are disinclined to invest in it.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Cyber_War | Clarke]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Wired_Warfare | Schmitt]]
* [[Schneier on Security | Schneier]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Intelligence Infrastructure/Information Infrastructure===
The network of computers and communication lines underlying critical services that American society has come to depend on: financial systems, the power grid, transportation, emergency services, and government programs. Information infrastructure includes the Internet, telecommunications networks, “embedded” systems (the built-in microprocessors that control machines from microwaves to missiles), and “dedicated” devices like individual personal computers. [http://www.cfr.org/publication/10212/targets_for_terrorism.html Council on Foreign Relations]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Cyber_Power | Nye]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Operations===
Actions taken to affect adversary information and information systems while defending one’s own information and information systems.” Information Operations (IO) can occur during peacetime and at every level of warfare.
Information warfare (IW), by contrast, is IO “conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries” [Joint Chiefs of Staff, Department of Defense, Dictionary of Military and Associated Terms, Joint Publication]

References:
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Interdependencies===
The inter-connections between supposedly independent but often interdependent systems.

See also: [[#SCADA_Systems | SCADA Systems]]

References:
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Cyber-Insurance_Revisited | Bohme]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Trust in Cyberspace | National Research Council]]
* [[Cybersecurity_and_Economic_Incentives | OECD]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | Schmitt]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===International Humanitarian Law===
That part of international law which seek, for humanitarian reasons, to limit the effects of armed conflict. It protects persons who are not or are no longer participating in the hostilities and restricts the means and methods of warfare. International humanitarian law is also known as the law of war or the law of armed conflict. International law is the body of rules governing relations between States. It is contained in agreements between States (treaties or conventions), in customary rules, which consist of State practise considered by them as as legally binding, and in general principles. [http://www.icrc.org/web/eng/siteeng0.nsf/html/humanitarian-law-factsheet ICRC]

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Relay Chat (IRC)===
A method of real-time Internet communication often used by criminals to buy and sell purloined information such as credit card numbers and personal identity information. IRC chatrooms may be open or private.

References:
* [[Security_Engineering | Anderson]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Service Providers===
A company that offers access to the Internet. Internet Service Providers may also provide add-on services such as web hosting, electronic mail, virus scanning, SPAM filtering, etc.

References:
* [[Security_Engineering | Anderson]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[The_Market_Consequences_of_Cybersecurity | OECD]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Keylogger===
Software or hardware that monitors and logs the keystrokes a user types into a computer. The keylogger may store the key sequences locally for later retrieval or send them to a remote location. A hardware keylogger can only be detected by physically inspecting the computer for unusual hardware.

References:
* [[Security_Engineering | Anderson]]
* [[2007_Malware_Report | Computer Economics]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

=== Kinetic Attack===
Traditional mode of warfare in which arms are used to kill opponents and/or destroy an opponent's infrastructure. Usually used to distinguish a cyber attack in which destruction of the opponent's resources is accomplished through targeted information system attacks without resorting to bullets, bombs or explosives.

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Computers_and_War | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Lawfare===
The use of international law to damage an opponent in a war without use of arms.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Laws of War===
The body of law that define the legality of using armed force to resolve a conflict (''jus ad bellum'') and the laws that define the legality of the actual hostilities and related activities (''jus in bello'').

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[Cyber-Apocalypse_Now | Gable]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Power | Nye]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Malware===
A variety of computer software designed to infiltrate a user's computer specifically for malicious purposes. Includes, ''inter alia'', computer virus software, botnet software, computer worms, spyware, trojan horses, crimeware and rootkits.

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[2007_Malware_Report | Computer Economics]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Cybersecurity Strategy (U.S.)===
A comprehensive policy to secure America’s digital infrastructure as part of the Administrative Branch's [http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative Comprehensive National Cybersecurity Initiative]. The goals of the policy are: to establish a front line of defense against current immediate threats; to defend against threats by enhancing U.S. counterintelligence capabilities and; to strengthen the future cybersecurity environment by expanding cyber education and redirecting research and development efforts to define and develop strategies to deter hostile or malicious activity in cyberspace.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Security_and_Regulation_in_the_United_States | Lewis]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Security===
Broadly refers to the requirement to maintain the survival of the nation-state through the use of economic, military and political power and the exercise of diplomacy. [http://en.wikipedia.org/wiki/National_security Wikipedia]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===New Normalcy===
New normalcy has become an episodic polict construct in U.S. strategic ideation. National leadership has relied on the new normalcy clarion call to illuminate moments in time when it is understood that the Nation faces not only a severe threat, but also a transcending reorientation. Often invoked in times of national crisis, new normalcy in the American experience signals a cardinal shift in the nature of U.S. security. ["Cyber Operations - The New Balance," Stephen W. Korns]

===Notice and Take-down===
Most commonly used to remove infringing web material under copyright law, a notice and take-down regime is a procedure by which an infringing web site is removed from a service provider's (ISP) network, or access to an allegedly infringing website, disabled. Websites violating copyright are subject to notice and take-down, as are phishing websites.

References:
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Organized Crime===
Groups having some manner of a formalized structure and whose primary objective is to obtain money through illegal activities. Such groups maintain their position through the use of actual or threatened violence, corrupt public officials, graft, or extortion, and generally have a significant impact on the people in their locales, region, or the country as a whole. [http://www.fbi.gov/hq/cid/orgcrime/glossary.htm FBI]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Outreach and Collaboration===
Working across government and with the private sector to share information on threats and other data, and to develop shared approaches to securing cyberspace. [http://www.fas.org/sgp/crs/natsec/R40836.pdf CRS Report for Congress, at 6 (2009).]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Pricing_Security | Camp and Wolfram]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Introduction_to_Country_Reports | ENISA]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
*[[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | Moore and Clayton]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Password Weakness===
Security threats caused by the use of easily guessable passwords which protect vital stores of confidential information stored online.

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Patching===
Patching refers to the installation of a piece of software designed to fix problems with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability or performance. Though meant to fix problems, poorly designed patches can sometimes introduce new problems. [http://en.wikipedia.org/wiki/Patch_%28computing%29 Wikipedia]

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Phishing===
The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]],
* [[2007_Malware_Report | Computer Economics]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Privacy Law===
Laws which regulate the protection of confidential personal information stored in private records or disclosed to a professional. Also includes laws which regulate the gathering of electronic data in which personal information is accumulated or misappropriated.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy | Besunder]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Red Team===
A structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners’ and adversaries’ perspectives. See [http://www.tradoc.army.mil/pao/tnsarchives/July05/070205.htm U.S. Army]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | Deputy Chief of Staff for Intelligence]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Research & Development===
Research and development (R&D) addressing cyber security and information infrastructure protection.

References:
* [[Pricing_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Research_Agenda_for_the_Banking_and_Finance_Sector | Financial Services Sector Coordinating Council for Critical Infrastructure Protection]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[Cyber_Security_Research_and_Development_Agenda | Institute for Information Infrastructure Protection]]
* [[The_Need_for_a_National_Cybersecurity_Research_and_Development_Agenda | Maughan]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Risk Modeling===
The creation of a model to estimate risk exposure, policy option efficacy and cost-benefit analysis of a particular threat and solution. See [http://cisac.stanford.edu/publications/how_much_is_enough__a_riskmanagement_approach_to_computer_security/ Soo Hoo, Kevin J.]

References:
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Making_the_Best_Use_of_Cybersecurity_Economic_Models | Rue and Pfleeger]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]
* [[Beyond_Fear | Schneier]]
* [[Managing_Online_Security_Risks | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SCADA Systems===
SCADA stands for "supervisory control and data acquisition" and in the cybersecurity context usually refers to industrial control systems that control infrastructure such as electrical power transmission and distribution, water treatment and distribution, wastewater collection and treatment, oil and gas pipelines and large communication systems. The focus is on whether as these systems are connected to the public Internet they become vulnerable to a remote attack.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[Cyber_Power | Nye]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Scareware===
Software or web site that purports to be security software reporting a threat against a user's computer to convince the user to purchase unneeded software or install malware.

* [[2007_Malware_Report | Computer Economics]]
* [[McAfee Threats Report | McAfee]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Script Kiddie===
A derogatory term for a [[#Black_Hat | Black Hat]] who uses canned tools and programs written by more skillful [[#Hacker | hackers]] to commit cyber crime without understanding how they work.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Security Trade-Offs===
There is no single correct level of security; how much security you have depends on what you’re willing to give up in order to get it. This trade-off is, by its very nature, subjective—secu- rity decisions are based on personal judgments. Different people have different senses of what constitutes a threat, or what level of risk is acceptable. What’s more, between different commu- nities, or organizations, or even entire societies, there is no agreed-upon way in which to define threats or evaluate risks, and the modern technological and media-filled world makes these evaluations even harder. [http://www.scribd.com/doc/12185921/beyond-fear-thinking-sensibly-about-security-in-an-uncertain-world-bruce-schneier-copernicus-books-2003 Bruce Schneier]

References:

*[[Cyber-Insurance_Revisited | Bohme]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Shoulder Surfing===
The process of obtaining passwords or other sensitive information by covertly watching an authorized user enter information into a computer system.

References:
* [[Security_Engineering | Anderson]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sneakernet===
Describes the transfer of data between computers or networks that are not physically, electrically or electromagnetically connected requiring information to be shared by physically transporting media contain the shared information from one computer to another. Initially described systems lacking the technology to network together, now usually refers to systems deliberately isolated for security reasons.

See also: [[#Air-Gapped_Network | Air-Gapped Network]]

===Social Engineering===
Conning a human into supplying passwords, computer access or other sensitive information by pretending to be a person with rights to the information or who the target believes they must surrender the information to.

References:
* [[Security_Engineering | Anderson]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Cyber_Power | Nye]]
* [[The_Market_Consequences_of_Cybersecurity:_Defining_Externalities_and_Ways_to_Address_Them | OECD]], [[Cybersecurity_and_Economic_Incentives | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Social Network===
A software application or website that allows a large group of users to interact with each other, often allowing the creation of online portals or identities to share with specific people or the online world at large.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Software Vulnerability===

A software vulnerablilty refers to the existence of a flaw -- or "bug" -- in software that may allow a third party or program to obtain unauthorized access to the flaw and exploit it. [http://www.spi.dod.mil/tenets.htm U.S. Air Force Software Protection Initiative]

References:
* [[Security_Engineering | Anderson]]
* [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission Impact of Foreign Influence on DoD Software | DoD]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The Price of Restricting Vulnerability Publications | Granick]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SPAM===
Unwanted or junk email usually sent indiscriminately in bulk selling illegal or near illegal goods or services. Even with low response rates and heavy filtering, SPAM can stil be economically viable because of the extremely low costs in sending even huge quantities of electronic messages. Commonly believed to be named after the [http://www.youtube.com/watch?v=anwy2MPT5RE Monty Python skit] where the breakfast meat Spam overwhelms all other food choices.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sponsored Attacks===
[[#Computer_Network_Attack | Computer network attacks]] commissioned by, supported by or carried out by a state or government.

Reverences:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===State Affiliation===
Under the control or command of a recognized state or government.

References:
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Tragedy of Commons===
A situation, first described in an influential article written by ecologist Garrett Hardin for the journal Science, in 1968, in which multiple individuals, acting independently, and solely and rationally consulting their own self-interest, will ultimately deplete a shared limited resource even when it is clear that it is not in anyone's long-term interest for this to happen. The term can be applied to any issue related to the management of a shared resource, from energy to the public domain, to cybersecurity.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Transparency===
A set of policies, practices and procedures that allow citizens to have accessibility, usability, informativeness, understandability and auditability of information and process held by centers of authority. [http://en.wikipedia.org/wiki/Transparency_(social) Wikipedia]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Trojan===
[[#Malware | Malware]] which masquerades as some other type of program such as a link to a web site, a desirable image, etc. to trick a user into installing it. Named for the Ancient Greek legend of the [http://www.mlahanas.de/Greeks/Mythology/TrojanHorse.html Trojan Horse].

References:
* [[Security_Engineering | Anderson]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
*[[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Military Technologies===
Warfare made possible by advances in remotely controlled or semiautomated military technologies which remove the operator from risk of harm while attacking an opponent.

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Global_Cyber_Deterrence_Views_from_China | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Warfare===

See: [[#Virtual_Military_Technologies | Virtual Military Technologies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===White Hat===
A white hat is a computer [[#Hacker | hacker]] who works to find and fix computer security risks. White hat consultants are often hired to attempt to break into their client's network to see if all security holes have been addressed.

See also: [[#Black_Hat | Black Hat]]

References:
* [[Security_Engineering | Anderson]], [[Why_Information_Security_is_Hard | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Whitelist===
A list of computers, IP (Internet Protocol) addresses, user names or other identifiers to specifically allow access to a computing resource. Normally combined with a default "no-access" policy.

See also: [[#Blacklist | Blacklist]]

References:
* [[Security_Engineering | Anderson]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Worm===
A type of malware that replicates itself and spreads to other computers through network connections.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Zero-Day Exploit===
[[#Malware | Malware]] designed to exploit a newly discovered security hole unknown to the software developer. "Zero-day" refers to the amount of time a developer has between learning of a security hole and the time it becomes public or when [[#Black_Hat | black hat]] [[#Hacker | hackers]] find out about it and try to use the security hole for nefarious purposes.

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[McAfee Threats Report | McAfee]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

Keyword Index and Glossary of Core Ideas

2010-08-03T19:38:01Z

Felix: /* Lawfare */

==Keyword Index and Glossary of Core Ideas==

===Air-Gapped Network===
Air gapping is a security measure that isolates a secure network from unsecure networks physically, electrically and electromagnetically.

See also: [[Keyword_Index_and_Glossary_of_Core_Ideas#Sneakernet | Sneakernet]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Antivirus===
Software which attempts to identify and delete or isolate [[#Malware |malware]]. Antivirus software may use both a database containing signatures of known threats and heuristics to identify malware. Usually run as a background service to scan files and email copied to the protected system.

References:
* [[Security_Engineering | Anderson]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Best Practices===

The processes, practices, and systems identified in public and private organizations that performed exceptionally well and are widely recognized as improving an organization's performance and efficiency in specific areas. Successfully identifying and applying best practices can reduce business expenses and improve organizational efficiency. [http://www.gao.gov/special.pubs/bprag/bprgloss.htm GAO Glossary]

* [[Hardening_The_Internet | National Infrastructure Advisory Council]]

===Black Hat===
A black hat is a computer [[#Hacker | hacker]] who works to harm others (e.g., steal identities, spread computer viruses, install bot software).

See also: [[#White_Hat | White Hat]]

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Blacklist===
A list of computers, IP addresses, user names or other identifiers to block from access to a computing resource.

See also: [[#Whitelist | Whitelist]]

References:
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Botnet===
A portmanteau of "robot" and "network." Refers to networks of sometimes millions of infected machines that are remotely controlled by malicious actors. A single infected computer may be referred to as a zombie computer. The owners of the computer remotely controlled is often unaware of the infection. The owners of a botnet may use the combined network processing power and bandwidth to send [[#SPAM | SPAM]], install [[#Malware | malware]] and mount [[#DDoS_Attack | DDoS attacks]] or may rent out the botnet to other malicious actors.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Power | Nye]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Schneier_on_Security | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===''Casus Belli''===
The justification for going to war. From the Latin "''casus''" meaning "incident" or "event" and "''belli''" meaning "of war."

References:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Wired_Warfare | Schmitt]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Civilian Participation===
The involvement of non-military persons in warfare. While civilians have often provided support to the military in kinetic wars, in [[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Warfare | cyber warfare]] civilians are able to remotely participate in direct attacks against opponents. This raises complicated questions of law when the combatants are not uniformed military personnel.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Combatant Status===
The legal status of combatants in warfare. Existing law distinguishes between uniformed military and civilian status.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Emergency Response Team===
A group of experts brought together to deal with computer security issues. The Computer Emergency Response Team (CERT) mandate is to develop and promote best management practices and technology applications to “resist attacks on networked systems, to limit damage, and to ensure continuity of critical services.” (Software Engineering Institute 2008). CERT may be formed by governments to handle security at the national level or by academic institutions or individual corporations.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Network Attack===
Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves. [http://www.fas.org/irp/doddir/dod/jp3_13.pdf Joint Doctrine for Information Operations JP 3-13 at I-9 (1998)]

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Information_Security | GAO]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Computers_and_War | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Communications Privacy Law===
Laws which regulate access to electronic communications. In the United States, the [http://www.usiia.org/legis/ecpa.html Electronic Communications Privacy Act (ECPA]) protects electronic communications while in transit and prohibits the unlawful access and disclosure of communication contents.

References:
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[Cybersecurity:_Preventing_Terrorist_Attacks_and_Protecting_Privacy_in_Cyberspace | Nojeim]]
* [[Cyber_Power | Nye]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===COTS Software===
Commercial Off The Shelf Software. Software that is prepackaged and sold as a commodity rather than custom written for a specific user/organization or purpose. Examples include operating systems, database management programs, email servers, application servers and office product suites. [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD at 18.]]

References:
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Trust in Cyberspace | National Research Council]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Credit Card Fraud===
Theft of goods or services using false or stolen credit card information.

See Also: [[#Shoulder_Surfing | Shoulder Surfing]]

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Crimeware===
Software tools designed to aid criminals in perpetrating online crime. Refers only to programs not generally considered desirable or usable for ordinary tasks. Thus, while a criminal may use Internet Explorer in the commission of a [[#Cyber_Crime | cybercrime]], the Internet Explorer application itself would not be considered crimeware.

References:
* [[2007_Malware_Report |Computer Economics]]
* [[Cybersecurity | Bauer and van Eeten]], [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Crime===
In its broadest definition, cybercrime includes all crime perpetrated with or involving a computer. Symantec defines it as any crime that is committed using a computer or network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime. The crime may take place on the computer alone or in addition to other locations. [http://www.symantec.com/norton/cybercrime/definition.jsp Symantec]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as an Externality===
Economists define externalities as instances where an individual or firm’s actions have
economic consequences for others for which there is no compensation. One important
distinction is between positive and negative externalities. Instances of the latter are most
commonly discussed, such as the environmental pollution caused by a plant, which may
have impacts on the value of neighboring homes. Important examples of positive
externalities are so common in communications networks that there is a class of "network
externalities. For instance, the simple act of installing telephone service to one additional
customer creates positive externalities on everyone on the telephone network because
they can now each reach one additional person.
Several attributes of computer security suggest that it is an externality. Most importantly,
the lack of security on one machine can cause adverse effects on another. The most
obvious example of this is from electronic commerce, where credit card numbers stolen
from machines lacking security are used to commit fraud at other sites.

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Pricing_Security | Camp and Wolfram]], [[Economics_of_Information_Security | 2]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as a Public Good===
In economics, a public good is a good that is non-rivalrous and non-excludable. Non-rivalry means that consumption of the good by one individual does not reduce availability of the good for consumption by others; and non-excludability that no one can be effectively excluded from using the good.

References:
* [[Security_Engineering | Anderson]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Terrorism===
A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. [http://judiciary.senate.gov/hearings/testimony.cfm?id=1054&wit_id=2995 FBI]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Beyond_Fear | Schneier]]
* [[The_Evolving_Landscape_of_Maritime_Cybersecurity | Shah]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Warfare===
Actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption. [[Cyber_War | Clarke]]

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_War | Clarke]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks#Full_Citation | Cornish]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Global_Cyber_Deterrence | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Data Mining===
The process of extracting hidden information and correlations from one or more databases or collections of data that would not normally be revealed by a simple database query.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy#Synopsis | Besunder]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Schneier on Security | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Department of Homeland Security===
Cabinet level department of the United States assigned, ''inter alia'', the task of protecting against terrorist threats and helping state and local authorities prepare for, respond to and recover from domestic disasters.

References:
* [[Cyber_War | Clarke]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Information_Security | GAO]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]], [[Schneier on Security | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===DDoS Attack===
The disabling of a targeted website or Internet connection by flooding it with such high levels of Internet traffic that it can no longer respond to normal connection requests. Often mounted by directing an army of zombie computers (see [[#Botnet | botnet]]) to connect to the targeted site simultaneously. The targeted site may crash while trying to respond to an overwhelming number of connections requests or it may be disabled because all available bandwidth and/or computing resources are tied up responding to the attack requests.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin. et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Digital Pearl Harbor===
A cyberwarfare attack similar in scale and surprise to the 1941 attack on Pearl Harbor. The expression is often invoked by those who argue that a cyber-based attack is either imminent or inevitable and that by not being properly prepared, the United States will suffer significant and unnecessary losses.

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Disclosure Policy===
A policy that governs the disclosure to clients and other stakeholder by a provider of a computer program or system of defects discovered in those products.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Schneier on Security | Schneier]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Distributed Denial of Service (DDoS)===
See: [[#DDoS_Attack | DDoS Attack]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Dumpster Diving===
A method of obtaining proprietary, confidential or useful information by searching through trash discarded by a target.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Einstein===
The operational name of the National Cybersecurity Protection System (NCPS). Was created in 2003 by the United States Computer Emergency Readiness Team (US-CERT)14 in order to aid in its ability to help reduce and prevent computer network vulnerabilities across the federal government. The initial version of Einstein provided an automated process for collecting, correlating, and analyzing agencies’ computer network traffic information from sensors installed at their Internet connections. The Einstein sensors collected
network flow records at participating agencies, which were then analyzed by US-CERT to detect certain types of malicious activity.

References:
* [[Information_Security | GAO]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===E.U. Cybersecurity===
Discussions relating to cybersecurity of the European Union and of European Union states.

References:
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Introduction_to_Country_Reports | ENISA]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Generativity===
Generativity is a system’s capacity to produce unanticipated change through unﬁltered contributions from broad and varied audiences.

References:

*[[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Geneva Conventions===
Four treaties and three additional protocols that regulates the conduct of hostilities between states and set the standards for humanitarian treatment of the victims of war.

See also: [[#Laws_of_War | Laws of War]]

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacker===
Advanced computer users who spend a lot of time on or with computers and work hard to find vulnerabilities in IT systems. [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]

References:
* [[Security_Engineering | Anderson]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[McAfee Threats Report | McAfee]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivism===
The nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development. [http://www.alexandrasamuel.com/dissertation/index.html Samuel, A.]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivist===
A portmanteau of [[#Hacker | "hacker"]] and "activist." Individuals that have a political motive for their activities, and identify that motivation by their actions, such as defacing opponents’ websites with counter-information or disinformation.

See also: [[#Hacktivism | Hacktivism]]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[McAfee Threats Report | McAfee]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Honeypot===
A computer, network or other information technology resource set as a trap to attract attacks. Honeypots may be used to collect metrics (how long does it take for an unprotected system to be breached), to test defenses, to examine methods of attack or to catch attackers. A honeypot system may also be used to collect [[#SPAM | SPAM]] so it can be added to a [[#Blacklist | blacklist]].

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Identity Fraud/Theft===
The exploitation by malevolent third parties of unwarranted access to clients' or consumers' identities. Often the result of lax data security or privacy measures.

References:
* [[Security_Engineering | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[2007_Malware_Report | Computer Economics]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Asymmetries===
Information asymmetry deals with the study of decisions in transactions where one party has more or better information than the other. This creates an imbalance of power in transactions which can sometimes cause the transactions to go awry.

The software market suffers from the same information asymmetry. Vendors may make claims about the security of their products, but buyers have no reason to trust them. In many cases, even the vendor does not know how secure its software is. So buyers have no reason to pay more for protection, and vendors are disinclined to invest in it.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Cyber_War | Clarke]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Wired_Warfare | Schmitt]]
* [[Schneier on Security | Schneier]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Intelligence Infrastructure/Information Infrastructure===
The network of computers and communication lines underlying critical services that American society has come to depend on: financial systems, the power grid, transportation, emergency services, and government programs. Information infrastructure includes the Internet, telecommunications networks, “embedded” systems (the built-in microprocessors that control machines from microwaves to missiles), and “dedicated” devices like individual personal computers. [http://www.cfr.org/publication/10212/targets_for_terrorism.html Council on Foreign Relations]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Cyber_Power | Nye]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Operations===
Actions taken to affect adversary information and information systems while defending one’s own information and information systems.” Information Operations (IO) can occur during peacetime and at every level of warfare.
Information warfare (IW), by contrast, is IO “conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries” [Joint Chiefs of Staff, Department of Defense, Dictionary of Military and Associated Terms, Joint Publication]

References:
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Interdependencies===
The inter-connections between supposedly independent but often interdependent systems.

See also: [[#SCADA_Systems | SCADA Systems]]

References:
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Cyber-Insurance_Revisited | Bohme]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Trust in Cyberspace | National Research Council]]
* [[Cybersecurity_and_Economic_Incentives | OECD]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | Schmitt]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===International Humanitarian Law===
That part of international law which seek, for humanitarian reasons, to limit the effects of armed conflict. It protects persons who are not or are no longer participating in the hostilities and restricts the means and methods of warfare. International humanitarian law is also known as the law of war or the law of armed conflict. International law is the body of rules governing relations between States. It is contained in agreements between States (treaties or conventions), in customary rules, which consist of State practise considered by them as as legally binding, and in general principles. [http://www.icrc.org/web/eng/siteeng0.nsf/html/humanitarian-law-factsheet ICRC]

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Relay Chat (IRC)===
A method of real-time Internet communication often used by criminals to buy and sell purloined information such as credit card numbers and personal identity information. IRC chatrooms may be open or private.

References:
* [[Security_Engineering | Anderson]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Service Providers===
A company that offers access to the Internet. Internet Service Providers may also provide add-on services such as web hosting, electronic mail, virus scanning, SPAM filtering, etc.

References:
* [[Security_Engineering | Anderson]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[The_Market_Consequences_of_Cybersecurity | OECD]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Keylogger===
Software or hardware that monitors and logs the keystrokes a user types into a computer. The keylogger may store the key sequences locally for later retrieval or send them to a remote location. A hardware keylogger can only be detected by physically inspecting the computer for unusual hardware.

References:
* [[Security_Engineering | Anderson]]
* [[2007_Malware_Report | Computer Economics]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

=== Kinetic Attack===
Traditional mode of warfare in which arms are used to kill opponents and/or destroy an opponent's infrastructure. Usually used to distinguish a cyber attack in which destruction of the opponent's resources is accomplished through targeted information system attacks without resorting to bullets, bombs or explosives.

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Computers_and_War | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Lawfare===
The use of international law to damage an opponent in a war without use of arms.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Laws of War===
The body of law that define the legality of using armed force to resolve a conflict (''jus ad bellum'') and the laws that define the legality of the actual hostilities and related activities (''jus in bello'').

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Cyber-Apocalypse_Now | Gable]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Power | Nye]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Malware===
A variety of computer software designed to infiltrate a user's computer specifically for malicious purposes. Includes, ''inter alia'', computer virus software, botnet software, computer worms, spyware, trojan horses, crimeware and rootkits.

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[2007_Malware_Report | Computer Economics]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Cybersecurity Strategy (U.S.)===
A comprehensive policy to secure America’s digital infrastructure as part of the Administrative Branch's [http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative Comprehensive National Cybersecurity Initiative]. The goals of the policy are: to establish a front line of defense against current immediate threats; to defend against threats by enhancing U.S. counterintelligence capabilities and; to strengthen the future cybersecurity environment by expanding cyber education and redirecting research and development efforts to define and develop strategies to deter hostile or malicious activity in cyberspace.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Security_and_Regulation_in_the_United_States | Lewis]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Security===
Broadly refers to the requirement to maintain the survival of the nation-state through the use of economic, military and political power and the exercise of diplomacy. [http://en.wikipedia.org/wiki/National_security Wikipedia]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===New Normalcy===
New normalcy has become an episodic polict construct in U.S. strategic ideation. National leadership has relied on the new normalcy clarion call to illuminate moments in time when it is understood that the Nation faces not only a severe threat, but also a transcending reorientation. Often invoked in times of national crisis, new normalcy in the American experience signals a cardinal shift in the nature of U.S. security. ["Cyber Operations - The New Balance," Stephen W. Korns]

===Notice and Take-down===
Most commonly used to remove infringing web material under copyright law, a notice and take-down regime is a procedure by which an infringing web site is removed from a service provider's (ISP) network, or access to an allegedly infringing website, disabled. Websites violating copyright are subject to notice and take-down, as are phishing websites.

References:
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Organized Crime===
Groups having some manner of a formalized structure and whose primary objective is to obtain money through illegal activities. Such groups maintain their position through the use of actual or threatened violence, corrupt public officials, graft, or extortion, and generally have a significant impact on the people in their locales, region, or the country as a whole. [http://www.fbi.gov/hq/cid/orgcrime/glossary.htm FBI]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Outreach and Collaboration===
Working across government and with the private sector to share information on threats and other data, and to develop shared approaches to securing cyberspace. [http://www.fas.org/sgp/crs/natsec/R40836.pdf CRS Report for Congress, at 6 (2009).]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Pricing_Security | Camp and Wolfram]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Introduction_to_Country_Reports | ENISA]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
*[[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | Moore and Clayton]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Password Weakness===
Security threats caused by the use of easily guessable passwords which protect vital stores of confidential information stored online.

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Patching===
Patching refers to the installation of a piece of software designed to fix problems with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability or performance. Though meant to fix problems, poorly designed patches can sometimes introduce new problems. [http://en.wikipedia.org/wiki/Patch_%28computing%29 Wikipedia]

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Phishing===
The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]],
* [[2007_Malware_Report | Computer Economics]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Privacy Law===
Laws which regulate the protection of confidential personal information stored in private records or disclosed to a professional. Also includes laws which regulate the gathering of electronic data in which personal information is accumulated or misappropriated.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy | Besunder]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Red Team===
A structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners’ and adversaries’ perspectives. See [http://www.tradoc.army.mil/pao/tnsarchives/July05/070205.htm U.S. Army]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | Deputy Chief of Staff for Intelligence]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Research & Development===
Research and development (R&D) addressing cyber security and information infrastructure protection.

References:
* [[Pricing_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Research_Agenda_for_the_Banking_and_Finance_Sector | Financial Services Sector Coordinating Council for Critical Infrastructure Protection]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[Cyber_Security_Research_and_Development_Agenda | Institute for Information Infrastructure Protection]]
* [[The_Need_for_a_National_Cybersecurity_Research_and_Development_Agenda | Maughan]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Risk Modeling===
The creation of a model to estimate risk exposure, policy option efficacy and cost-benefit analysis of a particular threat and solution. See [http://cisac.stanford.edu/publications/how_much_is_enough__a_riskmanagement_approach_to_computer_security/ Soo Hoo, Kevin J.]

References:
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Making_the_Best_Use_of_Cybersecurity_Economic_Models | Rue and Pfleeger]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]
* [[Beyond_Fear | Schneier]]
* [[Managing_Online_Security_Risks | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SCADA Systems===
SCADA stands for "supervisory control and data acquisition" and in the cybersecurity context usually refers to industrial control systems that control infrastructure such as electrical power transmission and distribution, water treatment and distribution, wastewater collection and treatment, oil and gas pipelines and large communication systems. The focus is on whether as these systems are connected to the public Internet they become vulnerable to a remote attack.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[Cyber_Power | Nye]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Scareware===
Software or web site that purports to be security software reporting a threat against a user's computer to convince the user to purchase unneeded software or install malware.

* [[2007_Malware_Report | Computer Economics]]
* [[McAfee Threats Report | McAfee]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Script Kiddie===
A derogatory term for a [[#Black_Hat | Black Hat]] who uses canned tools and programs written by more skillful [[#Hacker | hackers]] to commit cyber crime without understanding how they work.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Security Trade-Offs===
There is no single correct level of security; how much security you have depends on what you’re willing to give up in order to get it. This trade-off is, by its very nature, subjective—secu- rity decisions are based on personal judgments. Different people have different senses of what constitutes a threat, or what level of risk is acceptable. What’s more, between different commu- nities, or organizations, or even entire societies, there is no agreed-upon way in which to define threats or evaluate risks, and the modern technological and media-filled world makes these evaluations even harder. [http://www.scribd.com/doc/12185921/beyond-fear-thinking-sensibly-about-security-in-an-uncertain-world-bruce-schneier-copernicus-books-2003 Bruce Schneier]

References:

*[[Cyber-Insurance_Revisited | Bohme]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Shoulder Surfing===
The process of obtaining passwords or other sensitive information by covertly watching an authorized user enter information into a computer system.

References:
* [[Security_Engineering | Anderson]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sneakernet===
Describes the transfer of data between computers or networks that are not physically, electrically or electromagnetically connected requiring information to be shared by physically transporting media contain the shared information from one computer to another. Initially described systems lacking the technology to network together, now usually refers to systems deliberately isolated for security reasons.

See also: [[#Air-Gapped_Network | Air-Gapped Network]]

===Social Engineering===
Conning a human into supplying passwords, computer access or other sensitive information by pretending to be a person with rights to the information or who the target believes they must surrender the information to.

References:
* [[Security_Engineering | Anderson]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Cyber_Power | Nye]]
* [[The_Market_Consequences_of_Cybersecurity:_Defining_Externalities_and_Ways_to_Address_Them | OECD]], [[Cybersecurity_and_Economic_Incentives | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Social Network===
A software application or website that allows a large group of users to interact with each other, often allowing the creation of online portals or identities to share with specific people or the online world at large.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Software Vulnerability===

A software vulnerablilty refers to the existence of a flaw -- or "bug" -- in software that may allow a third party or program to obtain unauthorized access to the flaw and exploit it. [http://www.spi.dod.mil/tenets.htm U.S. Air Force Software Protection Initiative]

References:
* [[Security_Engineering | Anderson]]
* [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission Impact of Foreign Influence on DoD Software | DoD]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The Price of Restricting Vulnerability Publications | Granick]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SPAM===
Unwanted or junk email usually sent indiscriminately in bulk selling illegal or near illegal goods or services. Even with low response rates and heavy filtering, SPAM can stil be economically viable because of the extremely low costs in sending even huge quantities of electronic messages. Commonly believed to be named after the [http://www.youtube.com/watch?v=anwy2MPT5RE Monty Python skit] where the breakfast meat Spam overwhelms all other food choices.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sponsored Attacks===
[[#Computer_Network_Attack | Computer network attacks]] commissioned by, supported by or carried out by a state or government.

Reverences:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===State Affiliation===
Under the control or command of a recognized state or government.

References:
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Tragedy of Commons===
A situation, first described in an influential article written by ecologist Garrett Hardin for the journal Science, in 1968, in which multiple individuals, acting independently, and solely and rationally consulting their own self-interest, will ultimately deplete a shared limited resource even when it is clear that it is not in anyone's long-term interest for this to happen. The term can be applied to any issue related to the management of a shared resource, from energy to the public domain, to cybersecurity.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Transparency===
A set of policies, practices and procedures that allow citizens to have accessibility, usability, informativeness, understandability and auditability of information and process held by centers of authority. [http://en.wikipedia.org/wiki/Transparency_(social) Wikipedia]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Trojan===
[[#Malware | Malware]] which masquerades as some other type of program such as a link to a web site, a desirable image, etc. to trick a user into installing it. Named for the Ancient Greek legend of the [http://www.mlahanas.de/Greeks/Mythology/TrojanHorse.html Trojan Horse].

References:
* [[Security_Engineering | Anderson]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
*[[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Military Technologies===
Warfare made possible by advances in remotely controlled or semiautomated military technologies which remove the operator from risk of harm while attacking an opponent.

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Global_Cyber_Deterrence_Views_from_China | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Warfare===

See: [[#Virtual_Military_Technologies | Virtual Military Technologies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===White Hat===
A white hat is a computer [[#Hacker | hacker]] who works to find and fix computer security risks. White hat consultants are often hired to attempt to break into their client's network to see if all security holes have been addressed.

See also: [[#Black_Hat | Black Hat]]

References:
* [[Security_Engineering | Anderson]], [[Why_Information_Security_is_Hard | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Whitelist===
A list of computers, IP (Internet Protocol) addresses, user names or other identifiers to specifically allow access to a computing resource. Normally combined with a default "no-access" policy.

See also: [[#Blacklist | Blacklist]]

References:
* [[Security_Engineering | Anderson]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Worm===
A type of malware that replicates itself and spreads to other computers through network connections.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Zero-Day Exploit===
[[#Malware | Malware]] designed to exploit a newly discovered security hole unknown to the software developer. "Zero-day" refers to the amount of time a developer has between learning of a security hole and the time it becomes public or when [[#Black_Hat | black hat]] [[#Hacker | hackers]] find out about it and try to use the security hole for nefarious purposes.

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[McAfee Threats Report | McAfee]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

Keyword Index and Glossary of Core Ideas

2010-08-03T19:37:45Z

Felix: /* Lawfare */

==Keyword Index and Glossary of Core Ideas==

===Air-Gapped Network===
Air gapping is a security measure that isolates a secure network from unsecure networks physically, electrically and electromagnetically.

See also: [[Keyword_Index_and_Glossary_of_Core_Ideas#Sneakernet | Sneakernet]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Antivirus===
Software which attempts to identify and delete or isolate [[#Malware |malware]]. Antivirus software may use both a database containing signatures of known threats and heuristics to identify malware. Usually run as a background service to scan files and email copied to the protected system.

References:
* [[Security_Engineering | Anderson]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Best Practices===

The processes, practices, and systems identified in public and private organizations that performed exceptionally well and are widely recognized as improving an organization's performance and efficiency in specific areas. Successfully identifying and applying best practices can reduce business expenses and improve organizational efficiency. [http://www.gao.gov/special.pubs/bprag/bprgloss.htm GAO Glossary]

* [[Hardening_The_Internet | National Infrastructure Advisory Council]]

===Black Hat===
A black hat is a computer [[#Hacker | hacker]] who works to harm others (e.g., steal identities, spread computer viruses, install bot software).

See also: [[#White_Hat | White Hat]]

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Blacklist===
A list of computers, IP addresses, user names or other identifiers to block from access to a computing resource.

See also: [[#Whitelist | Whitelist]]

References:
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Botnet===
A portmanteau of "robot" and "network." Refers to networks of sometimes millions of infected machines that are remotely controlled by malicious actors. A single infected computer may be referred to as a zombie computer. The owners of the computer remotely controlled is often unaware of the infection. The owners of a botnet may use the combined network processing power and bandwidth to send [[#SPAM | SPAM]], install [[#Malware | malware]] and mount [[#DDoS_Attack | DDoS attacks]] or may rent out the botnet to other malicious actors.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Power | Nye]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Schneier_on_Security | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===''Casus Belli''===
The justification for going to war. From the Latin "''casus''" meaning "incident" or "event" and "''belli''" meaning "of war."

References:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Wired_Warfare | Schmitt]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Civilian Participation===
The involvement of non-military persons in warfare. While civilians have often provided support to the military in kinetic wars, in [[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Warfare | cyber warfare]] civilians are able to remotely participate in direct attacks against opponents. This raises complicated questions of law when the combatants are not uniformed military personnel.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Combatant Status===
The legal status of combatants in warfare. Existing law distinguishes between uniformed military and civilian status.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Emergency Response Team===
A group of experts brought together to deal with computer security issues. The Computer Emergency Response Team (CERT) mandate is to develop and promote best management practices and technology applications to “resist attacks on networked systems, to limit damage, and to ensure continuity of critical services.” (Software Engineering Institute 2008). CERT may be formed by governments to handle security at the national level or by academic institutions or individual corporations.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Network Attack===
Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves. [http://www.fas.org/irp/doddir/dod/jp3_13.pdf Joint Doctrine for Information Operations JP 3-13 at I-9 (1998)]

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Information_Security | GAO]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Computers_and_War | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Communications Privacy Law===
Laws which regulate access to electronic communications. In the United States, the [http://www.usiia.org/legis/ecpa.html Electronic Communications Privacy Act (ECPA]) protects electronic communications while in transit and prohibits the unlawful access and disclosure of communication contents.

References:
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[Cybersecurity:_Preventing_Terrorist_Attacks_and_Protecting_Privacy_in_Cyberspace | Nojeim]]
* [[Cyber_Power | Nye]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===COTS Software===
Commercial Off The Shelf Software. Software that is prepackaged and sold as a commodity rather than custom written for a specific user/organization or purpose. Examples include operating systems, database management programs, email servers, application servers and office product suites. [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD at 18.]]

References:
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Trust in Cyberspace | National Research Council]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Credit Card Fraud===
Theft of goods or services using false or stolen credit card information.

See Also: [[#Shoulder_Surfing | Shoulder Surfing]]

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Crimeware===
Software tools designed to aid criminals in perpetrating online crime. Refers only to programs not generally considered desirable or usable for ordinary tasks. Thus, while a criminal may use Internet Explorer in the commission of a [[#Cyber_Crime | cybercrime]], the Internet Explorer application itself would not be considered crimeware.

References:
* [[2007_Malware_Report |Computer Economics]]
* [[Cybersecurity | Bauer and van Eeten]], [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Crime===
In its broadest definition, cybercrime includes all crime perpetrated with or involving a computer. Symantec defines it as any crime that is committed using a computer or network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime. The crime may take place on the computer alone or in addition to other locations. [http://www.symantec.com/norton/cybercrime/definition.jsp Symantec]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as an Externality===
Economists define externalities as instances where an individual or firm’s actions have
economic consequences for others for which there is no compensation. One important
distinction is between positive and negative externalities. Instances of the latter are most
commonly discussed, such as the environmental pollution caused by a plant, which may
have impacts on the value of neighboring homes. Important examples of positive
externalities are so common in communications networks that there is a class of "network
externalities. For instance, the simple act of installing telephone service to one additional
customer creates positive externalities on everyone on the telephone network because
they can now each reach one additional person.
Several attributes of computer security suggest that it is an externality. Most importantly,
the lack of security on one machine can cause adverse effects on another. The most
obvious example of this is from electronic commerce, where credit card numbers stolen
from machines lacking security are used to commit fraud at other sites.

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Pricing_Security | Camp and Wolfram]], [[Economics_of_Information_Security | 2]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as a Public Good===
In economics, a public good is a good that is non-rivalrous and non-excludable. Non-rivalry means that consumption of the good by one individual does not reduce availability of the good for consumption by others; and non-excludability that no one can be effectively excluded from using the good.

References:
* [[Security_Engineering | Anderson]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Terrorism===
A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. [http://judiciary.senate.gov/hearings/testimony.cfm?id=1054&wit_id=2995 FBI]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Beyond_Fear | Schneier]]
* [[The_Evolving_Landscape_of_Maritime_Cybersecurity | Shah]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Warfare===
Actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption. [[Cyber_War | Clarke]]

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_War | Clarke]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks#Full_Citation | Cornish]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Global_Cyber_Deterrence | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Data Mining===
The process of extracting hidden information and correlations from one or more databases or collections of data that would not normally be revealed by a simple database query.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy#Synopsis | Besunder]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Schneier on Security | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Department of Homeland Security===
Cabinet level department of the United States assigned, ''inter alia'', the task of protecting against terrorist threats and helping state and local authorities prepare for, respond to and recover from domestic disasters.

References:
* [[Cyber_War | Clarke]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Information_Security | GAO]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]], [[Schneier on Security | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===DDoS Attack===
The disabling of a targeted website or Internet connection by flooding it with such high levels of Internet traffic that it can no longer respond to normal connection requests. Often mounted by directing an army of zombie computers (see [[#Botnet | botnet]]) to connect to the targeted site simultaneously. The targeted site may crash while trying to respond to an overwhelming number of connections requests or it may be disabled because all available bandwidth and/or computing resources are tied up responding to the attack requests.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin. et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Digital Pearl Harbor===
A cyberwarfare attack similar in scale and surprise to the 1941 attack on Pearl Harbor. The expression is often invoked by those who argue that a cyber-based attack is either imminent or inevitable and that by not being properly prepared, the United States will suffer significant and unnecessary losses.

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Disclosure Policy===
A policy that governs the disclosure to clients and other stakeholder by a provider of a computer program or system of defects discovered in those products.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Schneier on Security | Schneier]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Distributed Denial of Service (DDoS)===
See: [[#DDoS_Attack | DDoS Attack]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Dumpster Diving===
A method of obtaining proprietary, confidential or useful information by searching through trash discarded by a target.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Einstein===
The operational name of the National Cybersecurity Protection System (NCPS). Was created in 2003 by the United States Computer Emergency Readiness Team (US-CERT)14 in order to aid in its ability to help reduce and prevent computer network vulnerabilities across the federal government. The initial version of Einstein provided an automated process for collecting, correlating, and analyzing agencies’ computer network traffic information from sensors installed at their Internet connections. The Einstein sensors collected
network flow records at participating agencies, which were then analyzed by US-CERT to detect certain types of malicious activity.

References:
* [[Information_Security | GAO]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===E.U. Cybersecurity===
Discussions relating to cybersecurity of the European Union and of European Union states.

References:
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Introduction_to_Country_Reports | ENISA]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Generativity===
Generativity is a system’s capacity to produce unanticipated change through unﬁltered contributions from broad and varied audiences.

References:

*[[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Geneva Conventions===
Four treaties and three additional protocols that regulates the conduct of hostilities between states and set the standards for humanitarian treatment of the victims of war.

See also: [[#Laws_of_War | Laws of War]]

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacker===
Advanced computer users who spend a lot of time on or with computers and work hard to find vulnerabilities in IT systems. [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]

References:
* [[Security_Engineering | Anderson]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[McAfee Threats Report | McAfee]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivism===
The nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development. [http://www.alexandrasamuel.com/dissertation/index.html Samuel, A.]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivist===
A portmanteau of [[#Hacker | "hacker"]] and "activist." Individuals that have a political motive for their activities, and identify that motivation by their actions, such as defacing opponents’ websites with counter-information or disinformation.

See also: [[#Hacktivism | Hacktivism]]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[McAfee Threats Report | McAfee]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Honeypot===
A computer, network or other information technology resource set as a trap to attract attacks. Honeypots may be used to collect metrics (how long does it take for an unprotected system to be breached), to test defenses, to examine methods of attack or to catch attackers. A honeypot system may also be used to collect [[#SPAM | SPAM]] so it can be added to a [[#Blacklist | blacklist]].

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Identity Fraud/Theft===
The exploitation by malevolent third parties of unwarranted access to clients' or consumers' identities. Often the result of lax data security or privacy measures.

References:
* [[Security_Engineering | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[2007_Malware_Report | Computer Economics]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Asymmetries===
Information asymmetry deals with the study of decisions in transactions where one party has more or better information than the other. This creates an imbalance of power in transactions which can sometimes cause the transactions to go awry.

The software market suffers from the same information asymmetry. Vendors may make claims about the security of their products, but buyers have no reason to trust them. In many cases, even the vendor does not know how secure its software is. So buyers have no reason to pay more for protection, and vendors are disinclined to invest in it.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Cyber_War | Clarke]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Wired_Warfare | Schmitt]]
* [[Schneier on Security | Schneier]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Intelligence Infrastructure/Information Infrastructure===
The network of computers and communication lines underlying critical services that American society has come to depend on: financial systems, the power grid, transportation, emergency services, and government programs. Information infrastructure includes the Internet, telecommunications networks, “embedded” systems (the built-in microprocessors that control machines from microwaves to missiles), and “dedicated” devices like individual personal computers. [http://www.cfr.org/publication/10212/targets_for_terrorism.html Council on Foreign Relations]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Cyber_Power | Nye]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Operations===
Actions taken to affect adversary information and information systems while defending one’s own information and information systems.” Information Operations (IO) can occur during peacetime and at every level of warfare.
Information warfare (IW), by contrast, is IO “conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries” [Joint Chiefs of Staff, Department of Defense, Dictionary of Military and Associated Terms, Joint Publication]

References:
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Interdependencies===
The inter-connections between supposedly independent but often interdependent systems.

See also: [[#SCADA_Systems | SCADA Systems]]

References:
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Cyber-Insurance_Revisited | Bohme]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Trust in Cyberspace | National Research Council]]
* [[Cybersecurity_and_Economic_Incentives | OECD]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | Schmitt]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===International Humanitarian Law===
That part of international law which seek, for humanitarian reasons, to limit the effects of armed conflict. It protects persons who are not or are no longer participating in the hostilities and restricts the means and methods of warfare. International humanitarian law is also known as the law of war or the law of armed conflict. International law is the body of rules governing relations between States. It is contained in agreements between States (treaties or conventions), in customary rules, which consist of State practise considered by them as as legally binding, and in general principles. [http://www.icrc.org/web/eng/siteeng0.nsf/html/humanitarian-law-factsheet ICRC]

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Relay Chat (IRC)===
A method of real-time Internet communication often used by criminals to buy and sell purloined information such as credit card numbers and personal identity information. IRC chatrooms may be open or private.

References:
* [[Security_Engineering | Anderson]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Service Providers===
A company that offers access to the Internet. Internet Service Providers may also provide add-on services such as web hosting, electronic mail, virus scanning, SPAM filtering, etc.

References:
* [[Security_Engineering | Anderson]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[The_Market_Consequences_of_Cybersecurity | OECD]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Keylogger===
Software or hardware that monitors and logs the keystrokes a user types into a computer. The keylogger may store the key sequences locally for later retrieval or send them to a remote location. A hardware keylogger can only be detected by physically inspecting the computer for unusual hardware.

References:
* [[Security_Engineering | Anderson]]
* [[2007_Malware_Report | Computer Economics]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

=== Kinetic Attack===
Traditional mode of warfare in which arms are used to kill opponents and/or destroy an opponent's infrastructure. Usually used to distinguish a cyber attack in which destruction of the opponent's resources is accomplished through targeted information system attacks without resorting to bullets, bombs or explosives.

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Computers_and_War | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Lawfare===
The use of international law to damage an opponent in a war without use of arms.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Laws of War===
The body of law that define the legality of using armed force to resolve a conflict (''jus ad bellum'') and the laws that define the legality of the actual hostilities and related activities (''jus in bello'').

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Cyber-Apocalypse_Now | Gable]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Power | Nye]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Malware===
A variety of computer software designed to infiltrate a user's computer specifically for malicious purposes. Includes, ''inter alia'', computer virus software, botnet software, computer worms, spyware, trojan horses, crimeware and rootkits.

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[2007_Malware_Report | Computer Economics]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Cybersecurity Strategy (U.S.)===
A comprehensive policy to secure America’s digital infrastructure as part of the Administrative Branch's [http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative Comprehensive National Cybersecurity Initiative]. The goals of the policy are: to establish a front line of defense against current immediate threats; to defend against threats by enhancing U.S. counterintelligence capabilities and; to strengthen the future cybersecurity environment by expanding cyber education and redirecting research and development efforts to define and develop strategies to deter hostile or malicious activity in cyberspace.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Security_and_Regulation_in_the_United_States | Lewis]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Security===
Broadly refers to the requirement to maintain the survival of the nation-state through the use of economic, military and political power and the exercise of diplomacy. [http://en.wikipedia.org/wiki/National_security Wikipedia]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===New Normalcy===
New normalcy has become an episodic polict construct in U.S. strategic ideation. National leadership has relied on the new normalcy clarion call to illuminate moments in time when it is understood that the Nation faces not only a severe threat, but also a transcending reorientation. Often invoked in times of national crisis, new normalcy in the American experience signals a cardinal shift in the nature of U.S. security. ["Cyber Operations - The New Balance," Stephen W. Korns]

===Notice and Take-down===
Most commonly used to remove infringing web material under copyright law, a notice and take-down regime is a procedure by which an infringing web site is removed from a service provider's (ISP) network, or access to an allegedly infringing website, disabled. Websites violating copyright are subject to notice and take-down, as are phishing websites.

References:
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Organized Crime===
Groups having some manner of a formalized structure and whose primary objective is to obtain money through illegal activities. Such groups maintain their position through the use of actual or threatened violence, corrupt public officials, graft, or extortion, and generally have a significant impact on the people in their locales, region, or the country as a whole. [http://www.fbi.gov/hq/cid/orgcrime/glossary.htm FBI]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Outreach and Collaboration===
Working across government and with the private sector to share information on threats and other data, and to develop shared approaches to securing cyberspace. [http://www.fas.org/sgp/crs/natsec/R40836.pdf CRS Report for Congress, at 6 (2009).]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Pricing_Security | Camp and Wolfram]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Introduction_to_Country_Reports | ENISA]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
*[[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | Moore and Clayton]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Password Weakness===
Security threats caused by the use of easily guessable passwords which protect vital stores of confidential information stored online.

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Patching===
Patching refers to the installation of a piece of software designed to fix problems with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability or performance. Though meant to fix problems, poorly designed patches can sometimes introduce new problems. [http://en.wikipedia.org/wiki/Patch_%28computing%29 Wikipedia]

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Phishing===
The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]],
* [[2007_Malware_Report | Computer Economics]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Privacy Law===
Laws which regulate the protection of confidential personal information stored in private records or disclosed to a professional. Also includes laws which regulate the gathering of electronic data in which personal information is accumulated or misappropriated.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy | Besunder]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Red Team===
A structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners’ and adversaries’ perspectives. See [http://www.tradoc.army.mil/pao/tnsarchives/July05/070205.htm U.S. Army]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | Deputy Chief of Staff for Intelligence]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Research & Development===
Research and development (R&D) addressing cyber security and information infrastructure protection.

References:
* [[Pricing_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Research_Agenda_for_the_Banking_and_Finance_Sector | Financial Services Sector Coordinating Council for Critical Infrastructure Protection]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[Cyber_Security_Research_and_Development_Agenda | Institute for Information Infrastructure Protection]]
* [[The_Need_for_a_National_Cybersecurity_Research_and_Development_Agenda | Maughan]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Risk Modeling===
The creation of a model to estimate risk exposure, policy option efficacy and cost-benefit analysis of a particular threat and solution. See [http://cisac.stanford.edu/publications/how_much_is_enough__a_riskmanagement_approach_to_computer_security/ Soo Hoo, Kevin J.]

References:
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Making_the_Best_Use_of_Cybersecurity_Economic_Models | Rue and Pfleeger]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]
* [[Beyond_Fear | Schneier]]
* [[Managing_Online_Security_Risks | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SCADA Systems===
SCADA stands for "supervisory control and data acquisition" and in the cybersecurity context usually refers to industrial control systems that control infrastructure such as electrical power transmission and distribution, water treatment and distribution, wastewater collection and treatment, oil and gas pipelines and large communication systems. The focus is on whether as these systems are connected to the public Internet they become vulnerable to a remote attack.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[Cyber_Power | Nye]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Scareware===
Software or web site that purports to be security software reporting a threat against a user's computer to convince the user to purchase unneeded software or install malware.

* [[2007_Malware_Report | Computer Economics]]
* [[McAfee Threats Report | McAfee]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Script Kiddie===
A derogatory term for a [[#Black_Hat | Black Hat]] who uses canned tools and programs written by more skillful [[#Hacker | hackers]] to commit cyber crime without understanding how they work.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Security Trade-Offs===
There is no single correct level of security; how much security you have depends on what you’re willing to give up in order to get it. This trade-off is, by its very nature, subjective—secu- rity decisions are based on personal judgments. Different people have different senses of what constitutes a threat, or what level of risk is acceptable. What’s more, between different commu- nities, or organizations, or even entire societies, there is no agreed-upon way in which to define threats or evaluate risks, and the modern technological and media-filled world makes these evaluations even harder. [http://www.scribd.com/doc/12185921/beyond-fear-thinking-sensibly-about-security-in-an-uncertain-world-bruce-schneier-copernicus-books-2003 Bruce Schneier]

References:

*[[Cyber-Insurance_Revisited | Bohme]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Shoulder Surfing===
The process of obtaining passwords or other sensitive information by covertly watching an authorized user enter information into a computer system.

References:
* [[Security_Engineering | Anderson]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sneakernet===
Describes the transfer of data between computers or networks that are not physically, electrically or electromagnetically connected requiring information to be shared by physically transporting media contain the shared information from one computer to another. Initially described systems lacking the technology to network together, now usually refers to systems deliberately isolated for security reasons.

See also: [[#Air-Gapped_Network | Air-Gapped Network]]

===Social Engineering===
Conning a human into supplying passwords, computer access or other sensitive information by pretending to be a person with rights to the information or who the target believes they must surrender the information to.

References:
* [[Security_Engineering | Anderson]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Cyber_Power | Nye]]
* [[The_Market_Consequences_of_Cybersecurity:_Defining_Externalities_and_Ways_to_Address_Them | OECD]], [[Cybersecurity_and_Economic_Incentives | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Social Network===
A software application or website that allows a large group of users to interact with each other, often allowing the creation of online portals or identities to share with specific people or the online world at large.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Software Vulnerability===

A software vulnerablilty refers to the existence of a flaw -- or "bug" -- in software that may allow a third party or program to obtain unauthorized access to the flaw and exploit it. [http://www.spi.dod.mil/tenets.htm U.S. Air Force Software Protection Initiative]

References:
* [[Security_Engineering | Anderson]]
* [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission Impact of Foreign Influence on DoD Software | DoD]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The Price of Restricting Vulnerability Publications | Granick]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SPAM===
Unwanted or junk email usually sent indiscriminately in bulk selling illegal or near illegal goods or services. Even with low response rates and heavy filtering, SPAM can stil be economically viable because of the extremely low costs in sending even huge quantities of electronic messages. Commonly believed to be named after the [http://www.youtube.com/watch?v=anwy2MPT5RE Monty Python skit] where the breakfast meat Spam overwhelms all other food choices.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sponsored Attacks===
[[#Computer_Network_Attack | Computer network attacks]] commissioned by, supported by or carried out by a state or government.

Reverences:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===State Affiliation===
Under the control or command of a recognized state or government.

References:
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Tragedy of Commons===
A situation, first described in an influential article written by ecologist Garrett Hardin for the journal Science, in 1968, in which multiple individuals, acting independently, and solely and rationally consulting their own self-interest, will ultimately deplete a shared limited resource even when it is clear that it is not in anyone's long-term interest for this to happen. The term can be applied to any issue related to the management of a shared resource, from energy to the public domain, to cybersecurity.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Transparency===
A set of policies, practices and procedures that allow citizens to have accessibility, usability, informativeness, understandability and auditability of information and process held by centers of authority. [http://en.wikipedia.org/wiki/Transparency_(social) Wikipedia]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Trojan===
[[#Malware | Malware]] which masquerades as some other type of program such as a link to a web site, a desirable image, etc. to trick a user into installing it. Named for the Ancient Greek legend of the [http://www.mlahanas.de/Greeks/Mythology/TrojanHorse.html Trojan Horse].

References:
* [[Security_Engineering | Anderson]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
*[[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Military Technologies===
Warfare made possible by advances in remotely controlled or semiautomated military technologies which remove the operator from risk of harm while attacking an opponent.

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Global_Cyber_Deterrence_Views_from_China | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Warfare===

See: [[#Virtual_Military_Technologies | Virtual Military Technologies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===White Hat===
A white hat is a computer [[#Hacker | hacker]] who works to find and fix computer security risks. White hat consultants are often hired to attempt to break into their client's network to see if all security holes have been addressed.

See also: [[#Black_Hat | Black Hat]]

References:
* [[Security_Engineering | Anderson]], [[Why_Information_Security_is_Hard | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Whitelist===
A list of computers, IP (Internet Protocol) addresses, user names or other identifiers to specifically allow access to a computing resource. Normally combined with a default "no-access" policy.

See also: [[#Blacklist | Blacklist]]

References:
* [[Security_Engineering | Anderson]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Worm===
A type of malware that replicates itself and spreads to other computers through network connections.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Zero-Day Exploit===
[[#Malware | Malware]] designed to exploit a newly discovered security hole unknown to the software developer. "Zero-day" refers to the amount of time a developer has between learning of a security hole and the time it becomes public or when [[#Black_Hat | black hat]] [[#Hacker | hackers]] find out about it and try to use the security hole for nefarious purposes.

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[McAfee Threats Report | McAfee]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

Keyword Index and Glossary of Core Ideas

2010-08-03T19:37:33Z

Felix: /* Kinetic Attack */

==Keyword Index and Glossary of Core Ideas==

===Air-Gapped Network===
Air gapping is a security measure that isolates a secure network from unsecure networks physically, electrically and electromagnetically.

See also: [[Keyword_Index_and_Glossary_of_Core_Ideas#Sneakernet | Sneakernet]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Antivirus===
Software which attempts to identify and delete or isolate [[#Malware |malware]]. Antivirus software may use both a database containing signatures of known threats and heuristics to identify malware. Usually run as a background service to scan files and email copied to the protected system.

References:
* [[Security_Engineering | Anderson]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Best Practices===

The processes, practices, and systems identified in public and private organizations that performed exceptionally well and are widely recognized as improving an organization's performance and efficiency in specific areas. Successfully identifying and applying best practices can reduce business expenses and improve organizational efficiency. [http://www.gao.gov/special.pubs/bprag/bprgloss.htm GAO Glossary]

* [[Hardening_The_Internet | National Infrastructure Advisory Council]]

===Black Hat===
A black hat is a computer [[#Hacker | hacker]] who works to harm others (e.g., steal identities, spread computer viruses, install bot software).

See also: [[#White_Hat | White Hat]]

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Blacklist===
A list of computers, IP addresses, user names or other identifiers to block from access to a computing resource.

See also: [[#Whitelist | Whitelist]]

References:
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Botnet===
A portmanteau of "robot" and "network." Refers to networks of sometimes millions of infected machines that are remotely controlled by malicious actors. A single infected computer may be referred to as a zombie computer. The owners of the computer remotely controlled is often unaware of the infection. The owners of a botnet may use the combined network processing power and bandwidth to send [[#SPAM | SPAM]], install [[#Malware | malware]] and mount [[#DDoS_Attack | DDoS attacks]] or may rent out the botnet to other malicious actors.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Power | Nye]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Schneier_on_Security | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===''Casus Belli''===
The justification for going to war. From the Latin "''casus''" meaning "incident" or "event" and "''belli''" meaning "of war."

References:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Wired_Warfare | Schmitt]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Civilian Participation===
The involvement of non-military persons in warfare. While civilians have often provided support to the military in kinetic wars, in [[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Warfare | cyber warfare]] civilians are able to remotely participate in direct attacks against opponents. This raises complicated questions of law when the combatants are not uniformed military personnel.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Combatant Status===
The legal status of combatants in warfare. Existing law distinguishes between uniformed military and civilian status.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Emergency Response Team===
A group of experts brought together to deal with computer security issues. The Computer Emergency Response Team (CERT) mandate is to develop and promote best management practices and technology applications to “resist attacks on networked systems, to limit damage, and to ensure continuity of critical services.” (Software Engineering Institute 2008). CERT may be formed by governments to handle security at the national level or by academic institutions or individual corporations.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Network Attack===
Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves. [http://www.fas.org/irp/doddir/dod/jp3_13.pdf Joint Doctrine for Information Operations JP 3-13 at I-9 (1998)]

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Information_Security | GAO]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Computers_and_War | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Communications Privacy Law===
Laws which regulate access to electronic communications. In the United States, the [http://www.usiia.org/legis/ecpa.html Electronic Communications Privacy Act (ECPA]) protects electronic communications while in transit and prohibits the unlawful access and disclosure of communication contents.

References:
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[Cybersecurity:_Preventing_Terrorist_Attacks_and_Protecting_Privacy_in_Cyberspace | Nojeim]]
* [[Cyber_Power | Nye]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===COTS Software===
Commercial Off The Shelf Software. Software that is prepackaged and sold as a commodity rather than custom written for a specific user/organization or purpose. Examples include operating systems, database management programs, email servers, application servers and office product suites. [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD at 18.]]

References:
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Trust in Cyberspace | National Research Council]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Credit Card Fraud===
Theft of goods or services using false or stolen credit card information.

See Also: [[#Shoulder_Surfing | Shoulder Surfing]]

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Crimeware===
Software tools designed to aid criminals in perpetrating online crime. Refers only to programs not generally considered desirable or usable for ordinary tasks. Thus, while a criminal may use Internet Explorer in the commission of a [[#Cyber_Crime | cybercrime]], the Internet Explorer application itself would not be considered crimeware.

References:
* [[2007_Malware_Report |Computer Economics]]
* [[Cybersecurity | Bauer and van Eeten]], [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Crime===
In its broadest definition, cybercrime includes all crime perpetrated with or involving a computer. Symantec defines it as any crime that is committed using a computer or network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime. The crime may take place on the computer alone or in addition to other locations. [http://www.symantec.com/norton/cybercrime/definition.jsp Symantec]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as an Externality===
Economists define externalities as instances where an individual or firm’s actions have
economic consequences for others for which there is no compensation. One important
distinction is between positive and negative externalities. Instances of the latter are most
commonly discussed, such as the environmental pollution caused by a plant, which may
have impacts on the value of neighboring homes. Important examples of positive
externalities are so common in communications networks that there is a class of "network
externalities. For instance, the simple act of installing telephone service to one additional
customer creates positive externalities on everyone on the telephone network because
they can now each reach one additional person.
Several attributes of computer security suggest that it is an externality. Most importantly,
the lack of security on one machine can cause adverse effects on another. The most
obvious example of this is from electronic commerce, where credit card numbers stolen
from machines lacking security are used to commit fraud at other sites.

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Pricing_Security | Camp and Wolfram]], [[Economics_of_Information_Security | 2]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as a Public Good===
In economics, a public good is a good that is non-rivalrous and non-excludable. Non-rivalry means that consumption of the good by one individual does not reduce availability of the good for consumption by others; and non-excludability that no one can be effectively excluded from using the good.

References:
* [[Security_Engineering | Anderson]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Terrorism===
A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. [http://judiciary.senate.gov/hearings/testimony.cfm?id=1054&wit_id=2995 FBI]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Beyond_Fear | Schneier]]
* [[The_Evolving_Landscape_of_Maritime_Cybersecurity | Shah]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Warfare===
Actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption. [[Cyber_War | Clarke]]

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_War | Clarke]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks#Full_Citation | Cornish]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Global_Cyber_Deterrence | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Data Mining===
The process of extracting hidden information and correlations from one or more databases or collections of data that would not normally be revealed by a simple database query.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy#Synopsis | Besunder]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Schneier on Security | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Department of Homeland Security===
Cabinet level department of the United States assigned, ''inter alia'', the task of protecting against terrorist threats and helping state and local authorities prepare for, respond to and recover from domestic disasters.

References:
* [[Cyber_War | Clarke]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Information_Security | GAO]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]], [[Schneier on Security | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===DDoS Attack===
The disabling of a targeted website or Internet connection by flooding it with such high levels of Internet traffic that it can no longer respond to normal connection requests. Often mounted by directing an army of zombie computers (see [[#Botnet | botnet]]) to connect to the targeted site simultaneously. The targeted site may crash while trying to respond to an overwhelming number of connections requests or it may be disabled because all available bandwidth and/or computing resources are tied up responding to the attack requests.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin. et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Digital Pearl Harbor===
A cyberwarfare attack similar in scale and surprise to the 1941 attack on Pearl Harbor. The expression is often invoked by those who argue that a cyber-based attack is either imminent or inevitable and that by not being properly prepared, the United States will suffer significant and unnecessary losses.

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Disclosure Policy===
A policy that governs the disclosure to clients and other stakeholder by a provider of a computer program or system of defects discovered in those products.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Schneier on Security | Schneier]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Distributed Denial of Service (DDoS)===
See: [[#DDoS_Attack | DDoS Attack]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Dumpster Diving===
A method of obtaining proprietary, confidential or useful information by searching through trash discarded by a target.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Einstein===
The operational name of the National Cybersecurity Protection System (NCPS). Was created in 2003 by the United States Computer Emergency Readiness Team (US-CERT)14 in order to aid in its ability to help reduce and prevent computer network vulnerabilities across the federal government. The initial version of Einstein provided an automated process for collecting, correlating, and analyzing agencies’ computer network traffic information from sensors installed at their Internet connections. The Einstein sensors collected
network flow records at participating agencies, which were then analyzed by US-CERT to detect certain types of malicious activity.

References:
* [[Information_Security | GAO]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===E.U. Cybersecurity===
Discussions relating to cybersecurity of the European Union and of European Union states.

References:
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Introduction_to_Country_Reports | ENISA]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Generativity===
Generativity is a system’s capacity to produce unanticipated change through unﬁltered contributions from broad and varied audiences.

References:

*[[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Geneva Conventions===
Four treaties and three additional protocols that regulates the conduct of hostilities between states and set the standards for humanitarian treatment of the victims of war.

See also: [[#Laws_of_War | Laws of War]]

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacker===
Advanced computer users who spend a lot of time on or with computers and work hard to find vulnerabilities in IT systems. [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]

References:
* [[Security_Engineering | Anderson]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[McAfee Threats Report | McAfee]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivism===
The nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development. [http://www.alexandrasamuel.com/dissertation/index.html Samuel, A.]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivist===
A portmanteau of [[#Hacker | "hacker"]] and "activist." Individuals that have a political motive for their activities, and identify that motivation by their actions, such as defacing opponents’ websites with counter-information or disinformation.

See also: [[#Hacktivism | Hacktivism]]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[McAfee Threats Report | McAfee]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Honeypot===
A computer, network or other information technology resource set as a trap to attract attacks. Honeypots may be used to collect metrics (how long does it take for an unprotected system to be breached), to test defenses, to examine methods of attack or to catch attackers. A honeypot system may also be used to collect [[#SPAM | SPAM]] so it can be added to a [[#Blacklist | blacklist]].

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Identity Fraud/Theft===
The exploitation by malevolent third parties of unwarranted access to clients' or consumers' identities. Often the result of lax data security or privacy measures.

References:
* [[Security_Engineering | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[2007_Malware_Report | Computer Economics]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Asymmetries===
Information asymmetry deals with the study of decisions in transactions where one party has more or better information than the other. This creates an imbalance of power in transactions which can sometimes cause the transactions to go awry.

The software market suffers from the same information asymmetry. Vendors may make claims about the security of their products, but buyers have no reason to trust them. In many cases, even the vendor does not know how secure its software is. So buyers have no reason to pay more for protection, and vendors are disinclined to invest in it.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Cyber_War | Clarke]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Wired_Warfare | Schmitt]]
* [[Schneier on Security | Schneier]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Intelligence Infrastructure/Information Infrastructure===
The network of computers and communication lines underlying critical services that American society has come to depend on: financial systems, the power grid, transportation, emergency services, and government programs. Information infrastructure includes the Internet, telecommunications networks, “embedded” systems (the built-in microprocessors that control machines from microwaves to missiles), and “dedicated” devices like individual personal computers. [http://www.cfr.org/publication/10212/targets_for_terrorism.html Council on Foreign Relations]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Cyber_Power | Nye]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Operations===
Actions taken to affect adversary information and information systems while defending one’s own information and information systems.” Information Operations (IO) can occur during peacetime and at every level of warfare.
Information warfare (IW), by contrast, is IO “conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries” [Joint Chiefs of Staff, Department of Defense, Dictionary of Military and Associated Terms, Joint Publication]

References:
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Interdependencies===
The inter-connections between supposedly independent but often interdependent systems.

See also: [[#SCADA_Systems | SCADA Systems]]

References:
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Cyber-Insurance_Revisited | Bohme]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Trust in Cyberspace | National Research Council]]
* [[Cybersecurity_and_Economic_Incentives | OECD]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | Schmitt]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===International Humanitarian Law===
That part of international law which seek, for humanitarian reasons, to limit the effects of armed conflict. It protects persons who are not or are no longer participating in the hostilities and restricts the means and methods of warfare. International humanitarian law is also known as the law of war or the law of armed conflict. International law is the body of rules governing relations between States. It is contained in agreements between States (treaties or conventions), in customary rules, which consist of State practise considered by them as as legally binding, and in general principles. [http://www.icrc.org/web/eng/siteeng0.nsf/html/humanitarian-law-factsheet ICRC]

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Relay Chat (IRC)===
A method of real-time Internet communication often used by criminals to buy and sell purloined information such as credit card numbers and personal identity information. IRC chatrooms may be open or private.

References:
* [[Security_Engineering | Anderson]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Service Providers===
A company that offers access to the Internet. Internet Service Providers may also provide add-on services such as web hosting, electronic mail, virus scanning, SPAM filtering, etc.

References:
* [[Security_Engineering | Anderson]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[The_Market_Consequences_of_Cybersecurity | OECD]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Keylogger===
Software or hardware that monitors and logs the keystrokes a user types into a computer. The keylogger may store the key sequences locally for later retrieval or send them to a remote location. A hardware keylogger can only be detected by physically inspecting the computer for unusual hardware.

References:
* [[Security_Engineering | Anderson]]
* [[2007_Malware_Report | Computer Economics]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

=== Kinetic Attack===
Traditional mode of warfare in which arms are used to kill opponents and/or destroy an opponent's infrastructure. Usually used to distinguish a cyber attack in which destruction of the opponent's resources is accomplished through targeted information system attacks without resorting to bullets, bombs or explosives.

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Computers_and_War | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Lawfare===
The use of international law to damage an opponent in a war without use of arms.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Laws of War===
The body of law that define the legality of using armed force to resolve a conflict (''jus ad bellum'') and the laws that define the legality of the actual hostilities and related activities (''jus in bello'').

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Cyber-Apocalypse_Now | Gable]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Power | Nye]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Malware===
A variety of computer software designed to infiltrate a user's computer specifically for malicious purposes. Includes, ''inter alia'', computer virus software, botnet software, computer worms, spyware, trojan horses, crimeware and rootkits.

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[2007_Malware_Report | Computer Economics]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Cybersecurity Strategy (U.S.)===
A comprehensive policy to secure America’s digital infrastructure as part of the Administrative Branch's [http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative Comprehensive National Cybersecurity Initiative]. The goals of the policy are: to establish a front line of defense against current immediate threats; to defend against threats by enhancing U.S. counterintelligence capabilities and; to strengthen the future cybersecurity environment by expanding cyber education and redirecting research and development efforts to define and develop strategies to deter hostile or malicious activity in cyberspace.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Security_and_Regulation_in_the_United_States | Lewis]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Security===
Broadly refers to the requirement to maintain the survival of the nation-state through the use of economic, military and political power and the exercise of diplomacy. [http://en.wikipedia.org/wiki/National_security Wikipedia]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===New Normalcy===
New normalcy has become an episodic polict construct in U.S. strategic ideation. National leadership has relied on the new normalcy clarion call to illuminate moments in time when it is understood that the Nation faces not only a severe threat, but also a transcending reorientation. Often invoked in times of national crisis, new normalcy in the American experience signals a cardinal shift in the nature of U.S. security. ["Cyber Operations - The New Balance," Stephen W. Korns]

===Notice and Take-down===
Most commonly used to remove infringing web material under copyright law, a notice and take-down regime is a procedure by which an infringing web site is removed from a service provider's (ISP) network, or access to an allegedly infringing website, disabled. Websites violating copyright are subject to notice and take-down, as are phishing websites.

References:
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Organized Crime===
Groups having some manner of a formalized structure and whose primary objective is to obtain money through illegal activities. Such groups maintain their position through the use of actual or threatened violence, corrupt public officials, graft, or extortion, and generally have a significant impact on the people in their locales, region, or the country as a whole. [http://www.fbi.gov/hq/cid/orgcrime/glossary.htm FBI]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Outreach and Collaboration===
Working across government and with the private sector to share information on threats and other data, and to develop shared approaches to securing cyberspace. [http://www.fas.org/sgp/crs/natsec/R40836.pdf CRS Report for Congress, at 6 (2009).]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Pricing_Security | Camp and Wolfram]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Introduction_to_Country_Reports | ENISA]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
*[[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | Moore and Clayton]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Password Weakness===
Security threats caused by the use of easily guessable passwords which protect vital stores of confidential information stored online.

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Patching===
Patching refers to the installation of a piece of software designed to fix problems with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability or performance. Though meant to fix problems, poorly designed patches can sometimes introduce new problems. [http://en.wikipedia.org/wiki/Patch_%28computing%29 Wikipedia]

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Phishing===
The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]],
* [[2007_Malware_Report | Computer Economics]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Privacy Law===
Laws which regulate the protection of confidential personal information stored in private records or disclosed to a professional. Also includes laws which regulate the gathering of electronic data in which personal information is accumulated or misappropriated.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy | Besunder]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Red Team===
A structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners’ and adversaries’ perspectives. See [http://www.tradoc.army.mil/pao/tnsarchives/July05/070205.htm U.S. Army]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | Deputy Chief of Staff for Intelligence]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Research & Development===
Research and development (R&D) addressing cyber security and information infrastructure protection.

References:
* [[Pricing_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Research_Agenda_for_the_Banking_and_Finance_Sector | Financial Services Sector Coordinating Council for Critical Infrastructure Protection]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[Cyber_Security_Research_and_Development_Agenda | Institute for Information Infrastructure Protection]]
* [[The_Need_for_a_National_Cybersecurity_Research_and_Development_Agenda | Maughan]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Risk Modeling===
The creation of a model to estimate risk exposure, policy option efficacy and cost-benefit analysis of a particular threat and solution. See [http://cisac.stanford.edu/publications/how_much_is_enough__a_riskmanagement_approach_to_computer_security/ Soo Hoo, Kevin J.]

References:
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Making_the_Best_Use_of_Cybersecurity_Economic_Models | Rue and Pfleeger]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]
* [[Beyond_Fear | Schneier]]
* [[Managing_Online_Security_Risks | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SCADA Systems===
SCADA stands for "supervisory control and data acquisition" and in the cybersecurity context usually refers to industrial control systems that control infrastructure such as electrical power transmission and distribution, water treatment and distribution, wastewater collection and treatment, oil and gas pipelines and large communication systems. The focus is on whether as these systems are connected to the public Internet they become vulnerable to a remote attack.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[Cyber_Power | Nye]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Scareware===
Software or web site that purports to be security software reporting a threat against a user's computer to convince the user to purchase unneeded software or install malware.

* [[2007_Malware_Report | Computer Economics]]
* [[McAfee Threats Report | McAfee]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Script Kiddie===
A derogatory term for a [[#Black_Hat | Black Hat]] who uses canned tools and programs written by more skillful [[#Hacker | hackers]] to commit cyber crime without understanding how they work.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Security Trade-Offs===
There is no single correct level of security; how much security you have depends on what you’re willing to give up in order to get it. This trade-off is, by its very nature, subjective—secu- rity decisions are based on personal judgments. Different people have different senses of what constitutes a threat, or what level of risk is acceptable. What’s more, between different commu- nities, or organizations, or even entire societies, there is no agreed-upon way in which to define threats or evaluate risks, and the modern technological and media-filled world makes these evaluations even harder. [http://www.scribd.com/doc/12185921/beyond-fear-thinking-sensibly-about-security-in-an-uncertain-world-bruce-schneier-copernicus-books-2003 Bruce Schneier]

References:

*[[Cyber-Insurance_Revisited | Bohme]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Shoulder Surfing===
The process of obtaining passwords or other sensitive information by covertly watching an authorized user enter information into a computer system.

References:
* [[Security_Engineering | Anderson]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sneakernet===
Describes the transfer of data between computers or networks that are not physically, electrically or electromagnetically connected requiring information to be shared by physically transporting media contain the shared information from one computer to another. Initially described systems lacking the technology to network together, now usually refers to systems deliberately isolated for security reasons.

See also: [[#Air-Gapped_Network | Air-Gapped Network]]

===Social Engineering===
Conning a human into supplying passwords, computer access or other sensitive information by pretending to be a person with rights to the information or who the target believes they must surrender the information to.

References:
* [[Security_Engineering | Anderson]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Cyber_Power | Nye]]
* [[The_Market_Consequences_of_Cybersecurity:_Defining_Externalities_and_Ways_to_Address_Them | OECD]], [[Cybersecurity_and_Economic_Incentives | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Social Network===
A software application or website that allows a large group of users to interact with each other, often allowing the creation of online portals or identities to share with specific people or the online world at large.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Software Vulnerability===

A software vulnerablilty refers to the existence of a flaw -- or "bug" -- in software that may allow a third party or program to obtain unauthorized access to the flaw and exploit it. [http://www.spi.dod.mil/tenets.htm U.S. Air Force Software Protection Initiative]

References:
* [[Security_Engineering | Anderson]]
* [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission Impact of Foreign Influence on DoD Software | DoD]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The Price of Restricting Vulnerability Publications | Granick]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SPAM===
Unwanted or junk email usually sent indiscriminately in bulk selling illegal or near illegal goods or services. Even with low response rates and heavy filtering, SPAM can stil be economically viable because of the extremely low costs in sending even huge quantities of electronic messages. Commonly believed to be named after the [http://www.youtube.com/watch?v=anwy2MPT5RE Monty Python skit] where the breakfast meat Spam overwhelms all other food choices.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sponsored Attacks===
[[#Computer_Network_Attack | Computer network attacks]] commissioned by, supported by or carried out by a state or government.

Reverences:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===State Affiliation===
Under the control or command of a recognized state or government.

References:
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Tragedy of Commons===
A situation, first described in an influential article written by ecologist Garrett Hardin for the journal Science, in 1968, in which multiple individuals, acting independently, and solely and rationally consulting their own self-interest, will ultimately deplete a shared limited resource even when it is clear that it is not in anyone's long-term interest for this to happen. The term can be applied to any issue related to the management of a shared resource, from energy to the public domain, to cybersecurity.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Transparency===
A set of policies, practices and procedures that allow citizens to have accessibility, usability, informativeness, understandability and auditability of information and process held by centers of authority. [http://en.wikipedia.org/wiki/Transparency_(social) Wikipedia]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Trojan===
[[#Malware | Malware]] which masquerades as some other type of program such as a link to a web site, a desirable image, etc. to trick a user into installing it. Named for the Ancient Greek legend of the [http://www.mlahanas.de/Greeks/Mythology/TrojanHorse.html Trojan Horse].

References:
* [[Security_Engineering | Anderson]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
*[[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Military Technologies===
Warfare made possible by advances in remotely controlled or semiautomated military technologies which remove the operator from risk of harm while attacking an opponent.

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Global_Cyber_Deterrence_Views_from_China | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Warfare===

See: [[#Virtual_Military_Technologies | Virtual Military Technologies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===White Hat===
A white hat is a computer [[#Hacker | hacker]] who works to find and fix computer security risks. White hat consultants are often hired to attempt to break into their client's network to see if all security holes have been addressed.

See also: [[#Black_Hat | Black Hat]]

References:
* [[Security_Engineering | Anderson]], [[Why_Information_Security_is_Hard | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Whitelist===
A list of computers, IP (Internet Protocol) addresses, user names or other identifiers to specifically allow access to a computing resource. Normally combined with a default "no-access" policy.

See also: [[#Blacklist | Blacklist]]

References:
* [[Security_Engineering | Anderson]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Worm===
A type of malware that replicates itself and spreads to other computers through network connections.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Zero-Day Exploit===
[[#Malware | Malware]] designed to exploit a newly discovered security hole unknown to the software developer. "Zero-day" refers to the amount of time a developer has between learning of a security hole and the time it becomes public or when [[#Black_Hat | black hat]] [[#Hacker | hackers]] find out about it and try to use the security hole for nefarious purposes.

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[McAfee Threats Report | McAfee]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

Keyword Index and Glossary of Core Ideas

2010-08-03T19:37:19Z

Felix: /* Information Asymmetries */

==Keyword Index and Glossary of Core Ideas==

===Air-Gapped Network===
Air gapping is a security measure that isolates a secure network from unsecure networks physically, electrically and electromagnetically.

See also: [[Keyword_Index_and_Glossary_of_Core_Ideas#Sneakernet | Sneakernet]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Antivirus===
Software which attempts to identify and delete or isolate [[#Malware |malware]]. Antivirus software may use both a database containing signatures of known threats and heuristics to identify malware. Usually run as a background service to scan files and email copied to the protected system.

References:
* [[Security_Engineering | Anderson]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Best Practices===

The processes, practices, and systems identified in public and private organizations that performed exceptionally well and are widely recognized as improving an organization's performance and efficiency in specific areas. Successfully identifying and applying best practices can reduce business expenses and improve organizational efficiency. [http://www.gao.gov/special.pubs/bprag/bprgloss.htm GAO Glossary]

* [[Hardening_The_Internet | National Infrastructure Advisory Council]]

===Black Hat===
A black hat is a computer [[#Hacker | hacker]] who works to harm others (e.g., steal identities, spread computer viruses, install bot software).

See also: [[#White_Hat | White Hat]]

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Blacklist===
A list of computers, IP addresses, user names or other identifiers to block from access to a computing resource.

See also: [[#Whitelist | Whitelist]]

References:
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Botnet===
A portmanteau of "robot" and "network." Refers to networks of sometimes millions of infected machines that are remotely controlled by malicious actors. A single infected computer may be referred to as a zombie computer. The owners of the computer remotely controlled is often unaware of the infection. The owners of a botnet may use the combined network processing power and bandwidth to send [[#SPAM | SPAM]], install [[#Malware | malware]] and mount [[#DDoS_Attack | DDoS attacks]] or may rent out the botnet to other malicious actors.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Power | Nye]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Schneier_on_Security | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===''Casus Belli''===
The justification for going to war. From the Latin "''casus''" meaning "incident" or "event" and "''belli''" meaning "of war."

References:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Wired_Warfare | Schmitt]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Civilian Participation===
The involvement of non-military persons in warfare. While civilians have often provided support to the military in kinetic wars, in [[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Warfare | cyber warfare]] civilians are able to remotely participate in direct attacks against opponents. This raises complicated questions of law when the combatants are not uniformed military personnel.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Combatant Status===
The legal status of combatants in warfare. Existing law distinguishes between uniformed military and civilian status.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Emergency Response Team===
A group of experts brought together to deal with computer security issues. The Computer Emergency Response Team (CERT) mandate is to develop and promote best management practices and technology applications to “resist attacks on networked systems, to limit damage, and to ensure continuity of critical services.” (Software Engineering Institute 2008). CERT may be formed by governments to handle security at the national level or by academic institutions or individual corporations.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Network Attack===
Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves. [http://www.fas.org/irp/doddir/dod/jp3_13.pdf Joint Doctrine for Information Operations JP 3-13 at I-9 (1998)]

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Information_Security | GAO]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Computers_and_War | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Communications Privacy Law===
Laws which regulate access to electronic communications. In the United States, the [http://www.usiia.org/legis/ecpa.html Electronic Communications Privacy Act (ECPA]) protects electronic communications while in transit and prohibits the unlawful access and disclosure of communication contents.

References:
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[Cybersecurity:_Preventing_Terrorist_Attacks_and_Protecting_Privacy_in_Cyberspace | Nojeim]]
* [[Cyber_Power | Nye]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===COTS Software===
Commercial Off The Shelf Software. Software that is prepackaged and sold as a commodity rather than custom written for a specific user/organization or purpose. Examples include operating systems, database management programs, email servers, application servers and office product suites. [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD at 18.]]

References:
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Trust in Cyberspace | National Research Council]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Credit Card Fraud===
Theft of goods or services using false or stolen credit card information.

See Also: [[#Shoulder_Surfing | Shoulder Surfing]]

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Crimeware===
Software tools designed to aid criminals in perpetrating online crime. Refers only to programs not generally considered desirable or usable for ordinary tasks. Thus, while a criminal may use Internet Explorer in the commission of a [[#Cyber_Crime | cybercrime]], the Internet Explorer application itself would not be considered crimeware.

References:
* [[2007_Malware_Report |Computer Economics]]
* [[Cybersecurity | Bauer and van Eeten]], [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Crime===
In its broadest definition, cybercrime includes all crime perpetrated with or involving a computer. Symantec defines it as any crime that is committed using a computer or network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime. The crime may take place on the computer alone or in addition to other locations. [http://www.symantec.com/norton/cybercrime/definition.jsp Symantec]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as an Externality===
Economists define externalities as instances where an individual or firm’s actions have
economic consequences for others for which there is no compensation. One important
distinction is between positive and negative externalities. Instances of the latter are most
commonly discussed, such as the environmental pollution caused by a plant, which may
have impacts on the value of neighboring homes. Important examples of positive
externalities are so common in communications networks that there is a class of "network
externalities. For instance, the simple act of installing telephone service to one additional
customer creates positive externalities on everyone on the telephone network because
they can now each reach one additional person.
Several attributes of computer security suggest that it is an externality. Most importantly,
the lack of security on one machine can cause adverse effects on another. The most
obvious example of this is from electronic commerce, where credit card numbers stolen
from machines lacking security are used to commit fraud at other sites.

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Pricing_Security | Camp and Wolfram]], [[Economics_of_Information_Security | 2]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as a Public Good===
In economics, a public good is a good that is non-rivalrous and non-excludable. Non-rivalry means that consumption of the good by one individual does not reduce availability of the good for consumption by others; and non-excludability that no one can be effectively excluded from using the good.

References:
* [[Security_Engineering | Anderson]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Terrorism===
A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. [http://judiciary.senate.gov/hearings/testimony.cfm?id=1054&wit_id=2995 FBI]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Beyond_Fear | Schneier]]
* [[The_Evolving_Landscape_of_Maritime_Cybersecurity | Shah]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Warfare===
Actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption. [[Cyber_War | Clarke]]

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_War | Clarke]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks#Full_Citation | Cornish]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Global_Cyber_Deterrence | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Data Mining===
The process of extracting hidden information and correlations from one or more databases or collections of data that would not normally be revealed by a simple database query.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy#Synopsis | Besunder]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Schneier on Security | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Department of Homeland Security===
Cabinet level department of the United States assigned, ''inter alia'', the task of protecting against terrorist threats and helping state and local authorities prepare for, respond to and recover from domestic disasters.

References:
* [[Cyber_War | Clarke]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Information_Security | GAO]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]], [[Schneier on Security | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===DDoS Attack===
The disabling of a targeted website or Internet connection by flooding it with such high levels of Internet traffic that it can no longer respond to normal connection requests. Often mounted by directing an army of zombie computers (see [[#Botnet | botnet]]) to connect to the targeted site simultaneously. The targeted site may crash while trying to respond to an overwhelming number of connections requests or it may be disabled because all available bandwidth and/or computing resources are tied up responding to the attack requests.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin. et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Digital Pearl Harbor===
A cyberwarfare attack similar in scale and surprise to the 1941 attack on Pearl Harbor. The expression is often invoked by those who argue that a cyber-based attack is either imminent or inevitable and that by not being properly prepared, the United States will suffer significant and unnecessary losses.

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Disclosure Policy===
A policy that governs the disclosure to clients and other stakeholder by a provider of a computer program or system of defects discovered in those products.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Schneier on Security | Schneier]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Distributed Denial of Service (DDoS)===
See: [[#DDoS_Attack | DDoS Attack]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Dumpster Diving===
A method of obtaining proprietary, confidential or useful information by searching through trash discarded by a target.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Einstein===
The operational name of the National Cybersecurity Protection System (NCPS). Was created in 2003 by the United States Computer Emergency Readiness Team (US-CERT)14 in order to aid in its ability to help reduce and prevent computer network vulnerabilities across the federal government. The initial version of Einstein provided an automated process for collecting, correlating, and analyzing agencies’ computer network traffic information from sensors installed at their Internet connections. The Einstein sensors collected
network flow records at participating agencies, which were then analyzed by US-CERT to detect certain types of malicious activity.

References:
* [[Information_Security | GAO]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===E.U. Cybersecurity===
Discussions relating to cybersecurity of the European Union and of European Union states.

References:
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Introduction_to_Country_Reports | ENISA]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Generativity===
Generativity is a system’s capacity to produce unanticipated change through unﬁltered contributions from broad and varied audiences.

References:

*[[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Geneva Conventions===
Four treaties and three additional protocols that regulates the conduct of hostilities between states and set the standards for humanitarian treatment of the victims of war.

See also: [[#Laws_of_War | Laws of War]]

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacker===
Advanced computer users who spend a lot of time on or with computers and work hard to find vulnerabilities in IT systems. [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]

References:
* [[Security_Engineering | Anderson]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[McAfee Threats Report | McAfee]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivism===
The nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development. [http://www.alexandrasamuel.com/dissertation/index.html Samuel, A.]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivist===
A portmanteau of [[#Hacker | "hacker"]] and "activist." Individuals that have a political motive for their activities, and identify that motivation by their actions, such as defacing opponents’ websites with counter-information or disinformation.

See also: [[#Hacktivism | Hacktivism]]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[McAfee Threats Report | McAfee]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Honeypot===
A computer, network or other information technology resource set as a trap to attract attacks. Honeypots may be used to collect metrics (how long does it take for an unprotected system to be breached), to test defenses, to examine methods of attack or to catch attackers. A honeypot system may also be used to collect [[#SPAM | SPAM]] so it can be added to a [[#Blacklist | blacklist]].

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Identity Fraud/Theft===
The exploitation by malevolent third parties of unwarranted access to clients' or consumers' identities. Often the result of lax data security or privacy measures.

References:
* [[Security_Engineering | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[2007_Malware_Report | Computer Economics]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Asymmetries===
Information asymmetry deals with the study of decisions in transactions where one party has more or better information than the other. This creates an imbalance of power in transactions which can sometimes cause the transactions to go awry.

The software market suffers from the same information asymmetry. Vendors may make claims about the security of their products, but buyers have no reason to trust them. In many cases, even the vendor does not know how secure its software is. So buyers have no reason to pay more for protection, and vendors are disinclined to invest in it.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Cyber_War | Clarke]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Wired_Warfare | Schmitt]]
* [[Schneier on Security | Schneier]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Intelligence Infrastructure/Information Infrastructure===
The network of computers and communication lines underlying critical services that American society has come to depend on: financial systems, the power grid, transportation, emergency services, and government programs. Information infrastructure includes the Internet, telecommunications networks, “embedded” systems (the built-in microprocessors that control machines from microwaves to missiles), and “dedicated” devices like individual personal computers. [http://www.cfr.org/publication/10212/targets_for_terrorism.html Council on Foreign Relations]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Cyber_Power | Nye]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Operations===
Actions taken to affect adversary information and information systems while defending one’s own information and information systems.” Information Operations (IO) can occur during peacetime and at every level of warfare.
Information warfare (IW), by contrast, is IO “conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries” [Joint Chiefs of Staff, Department of Defense, Dictionary of Military and Associated Terms, Joint Publication]

References:
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Interdependencies===
The inter-connections between supposedly independent but often interdependent systems.

See also: [[#SCADA_Systems | SCADA Systems]]

References:
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Cyber-Insurance_Revisited | Bohme]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Trust in Cyberspace | National Research Council]]
* [[Cybersecurity_and_Economic_Incentives | OECD]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | Schmitt]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===International Humanitarian Law===
That part of international law which seek, for humanitarian reasons, to limit the effects of armed conflict. It protects persons who are not or are no longer participating in the hostilities and restricts the means and methods of warfare. International humanitarian law is also known as the law of war or the law of armed conflict. International law is the body of rules governing relations between States. It is contained in agreements between States (treaties or conventions), in customary rules, which consist of State practise considered by them as as legally binding, and in general principles. [http://www.icrc.org/web/eng/siteeng0.nsf/html/humanitarian-law-factsheet ICRC]

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Relay Chat (IRC)===
A method of real-time Internet communication often used by criminals to buy and sell purloined information such as credit card numbers and personal identity information. IRC chatrooms may be open or private.

References:
* [[Security_Engineering | Anderson]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Service Providers===
A company that offers access to the Internet. Internet Service Providers may also provide add-on services such as web hosting, electronic mail, virus scanning, SPAM filtering, etc.

References:
* [[Security_Engineering | Anderson]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[The_Market_Consequences_of_Cybersecurity | OECD]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Keylogger===
Software or hardware that monitors and logs the keystrokes a user types into a computer. The keylogger may store the key sequences locally for later retrieval or send them to a remote location. A hardware keylogger can only be detected by physically inspecting the computer for unusual hardware.

References:
* [[Security_Engineering | Anderson]]
* [[2007_Malware_Report | Computer Economics]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

=== Kinetic Attack===
Traditional mode of warfare in which arms are used to kill opponents and/or destroy an opponent's infrastructure. Usually used to distinguish a cyber attack in which destruction of the opponent's resources is accomplished through targeted information system attacks without resorting to bullets, bombs or explosives.

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Computers_and_War | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Lawfare===
The use of international law to damage an opponent in a war without use of arms.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Laws of War===
The body of law that define the legality of using armed force to resolve a conflict (''jus ad bellum'') and the laws that define the legality of the actual hostilities and related activities (''jus in bello'').

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Cyber-Apocalypse_Now | Gable]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Power | Nye]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Malware===
A variety of computer software designed to infiltrate a user's computer specifically for malicious purposes. Includes, ''inter alia'', computer virus software, botnet software, computer worms, spyware, trojan horses, crimeware and rootkits.

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[2007_Malware_Report | Computer Economics]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Cybersecurity Strategy (U.S.)===
A comprehensive policy to secure America’s digital infrastructure as part of the Administrative Branch's [http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative Comprehensive National Cybersecurity Initiative]. The goals of the policy are: to establish a front line of defense against current immediate threats; to defend against threats by enhancing U.S. counterintelligence capabilities and; to strengthen the future cybersecurity environment by expanding cyber education and redirecting research and development efforts to define and develop strategies to deter hostile or malicious activity in cyberspace.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Security_and_Regulation_in_the_United_States | Lewis]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Security===
Broadly refers to the requirement to maintain the survival of the nation-state through the use of economic, military and political power and the exercise of diplomacy. [http://en.wikipedia.org/wiki/National_security Wikipedia]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===New Normalcy===
New normalcy has become an episodic polict construct in U.S. strategic ideation. National leadership has relied on the new normalcy clarion call to illuminate moments in time when it is understood that the Nation faces not only a severe threat, but also a transcending reorientation. Often invoked in times of national crisis, new normalcy in the American experience signals a cardinal shift in the nature of U.S. security. ["Cyber Operations - The New Balance," Stephen W. Korns]

===Notice and Take-down===
Most commonly used to remove infringing web material under copyright law, a notice and take-down regime is a procedure by which an infringing web site is removed from a service provider's (ISP) network, or access to an allegedly infringing website, disabled. Websites violating copyright are subject to notice and take-down, as are phishing websites.

References:
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Organized Crime===
Groups having some manner of a formalized structure and whose primary objective is to obtain money through illegal activities. Such groups maintain their position through the use of actual or threatened violence, corrupt public officials, graft, or extortion, and generally have a significant impact on the people in their locales, region, or the country as a whole. [http://www.fbi.gov/hq/cid/orgcrime/glossary.htm FBI]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Outreach and Collaboration===
Working across government and with the private sector to share information on threats and other data, and to develop shared approaches to securing cyberspace. [http://www.fas.org/sgp/crs/natsec/R40836.pdf CRS Report for Congress, at 6 (2009).]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Pricing_Security | Camp and Wolfram]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Introduction_to_Country_Reports | ENISA]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
*[[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | Moore and Clayton]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Password Weakness===
Security threats caused by the use of easily guessable passwords which protect vital stores of confidential information stored online.

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Patching===
Patching refers to the installation of a piece of software designed to fix problems with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability or performance. Though meant to fix problems, poorly designed patches can sometimes introduce new problems. [http://en.wikipedia.org/wiki/Patch_%28computing%29 Wikipedia]

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Phishing===
The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]],
* [[2007_Malware_Report | Computer Economics]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Privacy Law===
Laws which regulate the protection of confidential personal information stored in private records or disclosed to a professional. Also includes laws which regulate the gathering of electronic data in which personal information is accumulated or misappropriated.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy | Besunder]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Red Team===
A structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners’ and adversaries’ perspectives. See [http://www.tradoc.army.mil/pao/tnsarchives/July05/070205.htm U.S. Army]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | Deputy Chief of Staff for Intelligence]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Research & Development===
Research and development (R&D) addressing cyber security and information infrastructure protection.

References:
* [[Pricing_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Research_Agenda_for_the_Banking_and_Finance_Sector | Financial Services Sector Coordinating Council for Critical Infrastructure Protection]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[Cyber_Security_Research_and_Development_Agenda | Institute for Information Infrastructure Protection]]
* [[The_Need_for_a_National_Cybersecurity_Research_and_Development_Agenda | Maughan]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Risk Modeling===
The creation of a model to estimate risk exposure, policy option efficacy and cost-benefit analysis of a particular threat and solution. See [http://cisac.stanford.edu/publications/how_much_is_enough__a_riskmanagement_approach_to_computer_security/ Soo Hoo, Kevin J.]

References:
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Making_the_Best_Use_of_Cybersecurity_Economic_Models | Rue and Pfleeger]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]
* [[Beyond_Fear | Schneier]]
* [[Managing_Online_Security_Risks | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SCADA Systems===
SCADA stands for "supervisory control and data acquisition" and in the cybersecurity context usually refers to industrial control systems that control infrastructure such as electrical power transmission and distribution, water treatment and distribution, wastewater collection and treatment, oil and gas pipelines and large communication systems. The focus is on whether as these systems are connected to the public Internet they become vulnerable to a remote attack.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[Cyber_Power | Nye]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Scareware===
Software or web site that purports to be security software reporting a threat against a user's computer to convince the user to purchase unneeded software or install malware.

* [[2007_Malware_Report | Computer Economics]]
* [[McAfee Threats Report | McAfee]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Script Kiddie===
A derogatory term for a [[#Black_Hat | Black Hat]] who uses canned tools and programs written by more skillful [[#Hacker | hackers]] to commit cyber crime without understanding how they work.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Security Trade-Offs===
There is no single correct level of security; how much security you have depends on what you’re willing to give up in order to get it. This trade-off is, by its very nature, subjective—secu- rity decisions are based on personal judgments. Different people have different senses of what constitutes a threat, or what level of risk is acceptable. What’s more, between different commu- nities, or organizations, or even entire societies, there is no agreed-upon way in which to define threats or evaluate risks, and the modern technological and media-filled world makes these evaluations even harder. [http://www.scribd.com/doc/12185921/beyond-fear-thinking-sensibly-about-security-in-an-uncertain-world-bruce-schneier-copernicus-books-2003 Bruce Schneier]

References:

*[[Cyber-Insurance_Revisited | Bohme]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Shoulder Surfing===
The process of obtaining passwords or other sensitive information by covertly watching an authorized user enter information into a computer system.

References:
* [[Security_Engineering | Anderson]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sneakernet===
Describes the transfer of data between computers or networks that are not physically, electrically or electromagnetically connected requiring information to be shared by physically transporting media contain the shared information from one computer to another. Initially described systems lacking the technology to network together, now usually refers to systems deliberately isolated for security reasons.

See also: [[#Air-Gapped_Network | Air-Gapped Network]]

===Social Engineering===
Conning a human into supplying passwords, computer access or other sensitive information by pretending to be a person with rights to the information or who the target believes they must surrender the information to.

References:
* [[Security_Engineering | Anderson]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Cyber_Power | Nye]]
* [[The_Market_Consequences_of_Cybersecurity:_Defining_Externalities_and_Ways_to_Address_Them | OECD]], [[Cybersecurity_and_Economic_Incentives | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Social Network===
A software application or website that allows a large group of users to interact with each other, often allowing the creation of online portals or identities to share with specific people or the online world at large.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Software Vulnerability===

A software vulnerablilty refers to the existence of a flaw -- or "bug" -- in software that may allow a third party or program to obtain unauthorized access to the flaw and exploit it. [http://www.spi.dod.mil/tenets.htm U.S. Air Force Software Protection Initiative]

References:
* [[Security_Engineering | Anderson]]
* [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission Impact of Foreign Influence on DoD Software | DoD]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The Price of Restricting Vulnerability Publications | Granick]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SPAM===
Unwanted or junk email usually sent indiscriminately in bulk selling illegal or near illegal goods or services. Even with low response rates and heavy filtering, SPAM can stil be economically viable because of the extremely low costs in sending even huge quantities of electronic messages. Commonly believed to be named after the [http://www.youtube.com/watch?v=anwy2MPT5RE Monty Python skit] where the breakfast meat Spam overwhelms all other food choices.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sponsored Attacks===
[[#Computer_Network_Attack | Computer network attacks]] commissioned by, supported by or carried out by a state or government.

Reverences:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===State Affiliation===
Under the control or command of a recognized state or government.

References:
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Tragedy of Commons===
A situation, first described in an influential article written by ecologist Garrett Hardin for the journal Science, in 1968, in which multiple individuals, acting independently, and solely and rationally consulting their own self-interest, will ultimately deplete a shared limited resource even when it is clear that it is not in anyone's long-term interest for this to happen. The term can be applied to any issue related to the management of a shared resource, from energy to the public domain, to cybersecurity.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Transparency===
A set of policies, practices and procedures that allow citizens to have accessibility, usability, informativeness, understandability and auditability of information and process held by centers of authority. [http://en.wikipedia.org/wiki/Transparency_(social) Wikipedia]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Trojan===
[[#Malware | Malware]] which masquerades as some other type of program such as a link to a web site, a desirable image, etc. to trick a user into installing it. Named for the Ancient Greek legend of the [http://www.mlahanas.de/Greeks/Mythology/TrojanHorse.html Trojan Horse].

References:
* [[Security_Engineering | Anderson]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
*[[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Military Technologies===
Warfare made possible by advances in remotely controlled or semiautomated military technologies which remove the operator from risk of harm while attacking an opponent.

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Global_Cyber_Deterrence_Views_from_China | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Warfare===

See: [[#Virtual_Military_Technologies | Virtual Military Technologies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===White Hat===
A white hat is a computer [[#Hacker | hacker]] who works to find and fix computer security risks. White hat consultants are often hired to attempt to break into their client's network to see if all security holes have been addressed.

See also: [[#Black_Hat | Black Hat]]

References:
* [[Security_Engineering | Anderson]], [[Why_Information_Security_is_Hard | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Whitelist===
A list of computers, IP (Internet Protocol) addresses, user names or other identifiers to specifically allow access to a computing resource. Normally combined with a default "no-access" policy.

See also: [[#Blacklist | Blacklist]]

References:
* [[Security_Engineering | Anderson]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Worm===
A type of malware that replicates itself and spreads to other computers through network connections.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Zero-Day Exploit===
[[#Malware | Malware]] designed to exploit a newly discovered security hole unknown to the software developer. "Zero-day" refers to the amount of time a developer has between learning of a security hole and the time it becomes public or when [[#Black_Hat | black hat]] [[#Hacker | hackers]] find out about it and try to use the security hole for nefarious purposes.

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[McAfee Threats Report | McAfee]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

Keyword Index and Glossary of Core Ideas

2010-08-03T19:37:05Z

Felix: /* DDoS Attack */

==Keyword Index and Glossary of Core Ideas==

===Air-Gapped Network===
Air gapping is a security measure that isolates a secure network from unsecure networks physically, electrically and electromagnetically.

See also: [[Keyword_Index_and_Glossary_of_Core_Ideas#Sneakernet | Sneakernet]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Antivirus===
Software which attempts to identify and delete or isolate [[#Malware |malware]]. Antivirus software may use both a database containing signatures of known threats and heuristics to identify malware. Usually run as a background service to scan files and email copied to the protected system.

References:
* [[Security_Engineering | Anderson]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Best Practices===

The processes, practices, and systems identified in public and private organizations that performed exceptionally well and are widely recognized as improving an organization's performance and efficiency in specific areas. Successfully identifying and applying best practices can reduce business expenses and improve organizational efficiency. [http://www.gao.gov/special.pubs/bprag/bprgloss.htm GAO Glossary]

* [[Hardening_The_Internet | National Infrastructure Advisory Council]]

===Black Hat===
A black hat is a computer [[#Hacker | hacker]] who works to harm others (e.g., steal identities, spread computer viruses, install bot software).

See also: [[#White_Hat | White Hat]]

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Blacklist===
A list of computers, IP addresses, user names or other identifiers to block from access to a computing resource.

See also: [[#Whitelist | Whitelist]]

References:
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Botnet===
A portmanteau of "robot" and "network." Refers to networks of sometimes millions of infected machines that are remotely controlled by malicious actors. A single infected computer may be referred to as a zombie computer. The owners of the computer remotely controlled is often unaware of the infection. The owners of a botnet may use the combined network processing power and bandwidth to send [[#SPAM | SPAM]], install [[#Malware | malware]] and mount [[#DDoS_Attack | DDoS attacks]] or may rent out the botnet to other malicious actors.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Power | Nye]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Schneier_on_Security | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===''Casus Belli''===
The justification for going to war. From the Latin "''casus''" meaning "incident" or "event" and "''belli''" meaning "of war."

References:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Wired_Warfare | Schmitt]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Civilian Participation===
The involvement of non-military persons in warfare. While civilians have often provided support to the military in kinetic wars, in [[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Warfare | cyber warfare]] civilians are able to remotely participate in direct attacks against opponents. This raises complicated questions of law when the combatants are not uniformed military personnel.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Combatant Status===
The legal status of combatants in warfare. Existing law distinguishes between uniformed military and civilian status.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Emergency Response Team===
A group of experts brought together to deal with computer security issues. The Computer Emergency Response Team (CERT) mandate is to develop and promote best management practices and technology applications to “resist attacks on networked systems, to limit damage, and to ensure continuity of critical services.” (Software Engineering Institute 2008). CERT may be formed by governments to handle security at the national level or by academic institutions or individual corporations.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Network Attack===
Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves. [http://www.fas.org/irp/doddir/dod/jp3_13.pdf Joint Doctrine for Information Operations JP 3-13 at I-9 (1998)]

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Information_Security | GAO]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Computers_and_War | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Communications Privacy Law===
Laws which regulate access to electronic communications. In the United States, the [http://www.usiia.org/legis/ecpa.html Electronic Communications Privacy Act (ECPA]) protects electronic communications while in transit and prohibits the unlawful access and disclosure of communication contents.

References:
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[Cybersecurity:_Preventing_Terrorist_Attacks_and_Protecting_Privacy_in_Cyberspace | Nojeim]]
* [[Cyber_Power | Nye]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===COTS Software===
Commercial Off The Shelf Software. Software that is prepackaged and sold as a commodity rather than custom written for a specific user/organization or purpose. Examples include operating systems, database management programs, email servers, application servers and office product suites. [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD at 18.]]

References:
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Trust in Cyberspace | National Research Council]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Credit Card Fraud===
Theft of goods or services using false or stolen credit card information.

See Also: [[#Shoulder_Surfing | Shoulder Surfing]]

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Crimeware===
Software tools designed to aid criminals in perpetrating online crime. Refers only to programs not generally considered desirable or usable for ordinary tasks. Thus, while a criminal may use Internet Explorer in the commission of a [[#Cyber_Crime | cybercrime]], the Internet Explorer application itself would not be considered crimeware.

References:
* [[2007_Malware_Report |Computer Economics]]
* [[Cybersecurity | Bauer and van Eeten]], [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Crime===
In its broadest definition, cybercrime includes all crime perpetrated with or involving a computer. Symantec defines it as any crime that is committed using a computer or network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime. The crime may take place on the computer alone or in addition to other locations. [http://www.symantec.com/norton/cybercrime/definition.jsp Symantec]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as an Externality===
Economists define externalities as instances where an individual or firm’s actions have
economic consequences for others for which there is no compensation. One important
distinction is between positive and negative externalities. Instances of the latter are most
commonly discussed, such as the environmental pollution caused by a plant, which may
have impacts on the value of neighboring homes. Important examples of positive
externalities are so common in communications networks that there is a class of "network
externalities. For instance, the simple act of installing telephone service to one additional
customer creates positive externalities on everyone on the telephone network because
they can now each reach one additional person.
Several attributes of computer security suggest that it is an externality. Most importantly,
the lack of security on one machine can cause adverse effects on another. The most
obvious example of this is from electronic commerce, where credit card numbers stolen
from machines lacking security are used to commit fraud at other sites.

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Pricing_Security | Camp and Wolfram]], [[Economics_of_Information_Security | 2]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as a Public Good===
In economics, a public good is a good that is non-rivalrous and non-excludable. Non-rivalry means that consumption of the good by one individual does not reduce availability of the good for consumption by others; and non-excludability that no one can be effectively excluded from using the good.

References:
* [[Security_Engineering | Anderson]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Terrorism===
A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. [http://judiciary.senate.gov/hearings/testimony.cfm?id=1054&wit_id=2995 FBI]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Beyond_Fear | Schneier]]
* [[The_Evolving_Landscape_of_Maritime_Cybersecurity | Shah]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Warfare===
Actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption. [[Cyber_War | Clarke]]

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_War | Clarke]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks#Full_Citation | Cornish]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Global_Cyber_Deterrence | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Data Mining===
The process of extracting hidden information and correlations from one or more databases or collections of data that would not normally be revealed by a simple database query.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy#Synopsis | Besunder]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Schneier on Security | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Department of Homeland Security===
Cabinet level department of the United States assigned, ''inter alia'', the task of protecting against terrorist threats and helping state and local authorities prepare for, respond to and recover from domestic disasters.

References:
* [[Cyber_War | Clarke]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Information_Security | GAO]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]], [[Schneier on Security | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===DDoS Attack===
The disabling of a targeted website or Internet connection by flooding it with such high levels of Internet traffic that it can no longer respond to normal connection requests. Often mounted by directing an army of zombie computers (see [[#Botnet | botnet]]) to connect to the targeted site simultaneously. The targeted site may crash while trying to respond to an overwhelming number of connections requests or it may be disabled because all available bandwidth and/or computing resources are tied up responding to the attack requests.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin. et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Digital Pearl Harbor===
A cyberwarfare attack similar in scale and surprise to the 1941 attack on Pearl Harbor. The expression is often invoked by those who argue that a cyber-based attack is either imminent or inevitable and that by not being properly prepared, the United States will suffer significant and unnecessary losses.

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Disclosure Policy===
A policy that governs the disclosure to clients and other stakeholder by a provider of a computer program or system of defects discovered in those products.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Schneier on Security | Schneier]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Distributed Denial of Service (DDoS)===
See: [[#DDoS_Attack | DDoS Attack]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Dumpster Diving===
A method of obtaining proprietary, confidential or useful information by searching through trash discarded by a target.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Einstein===
The operational name of the National Cybersecurity Protection System (NCPS). Was created in 2003 by the United States Computer Emergency Readiness Team (US-CERT)14 in order to aid in its ability to help reduce and prevent computer network vulnerabilities across the federal government. The initial version of Einstein provided an automated process for collecting, correlating, and analyzing agencies’ computer network traffic information from sensors installed at their Internet connections. The Einstein sensors collected
network flow records at participating agencies, which were then analyzed by US-CERT to detect certain types of malicious activity.

References:
* [[Information_Security | GAO]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===E.U. Cybersecurity===
Discussions relating to cybersecurity of the European Union and of European Union states.

References:
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Introduction_to_Country_Reports | ENISA]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Generativity===
Generativity is a system’s capacity to produce unanticipated change through unﬁltered contributions from broad and varied audiences.

References:

*[[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Geneva Conventions===
Four treaties and three additional protocols that regulates the conduct of hostilities between states and set the standards for humanitarian treatment of the victims of war.

See also: [[#Laws_of_War | Laws of War]]

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacker===
Advanced computer users who spend a lot of time on or with computers and work hard to find vulnerabilities in IT systems. [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]

References:
* [[Security_Engineering | Anderson]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[McAfee Threats Report | McAfee]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivism===
The nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development. [http://www.alexandrasamuel.com/dissertation/index.html Samuel, A.]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivist===
A portmanteau of [[#Hacker | "hacker"]] and "activist." Individuals that have a political motive for their activities, and identify that motivation by their actions, such as defacing opponents’ websites with counter-information or disinformation.

See also: [[#Hacktivism | Hacktivism]]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[McAfee Threats Report | McAfee]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Honeypot===
A computer, network or other information technology resource set as a trap to attract attacks. Honeypots may be used to collect metrics (how long does it take for an unprotected system to be breached), to test defenses, to examine methods of attack or to catch attackers. A honeypot system may also be used to collect [[#SPAM | SPAM]] so it can be added to a [[#Blacklist | blacklist]].

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Identity Fraud/Theft===
The exploitation by malevolent third parties of unwarranted access to clients' or consumers' identities. Often the result of lax data security or privacy measures.

References:
* [[Security_Engineering | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[2007_Malware_Report | Computer Economics]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Asymmetries===
Information asymmetry deals with the study of decisions in transactions where one party has more or better information than the other. This creates an imbalance of power in transactions which can sometimes cause the transactions to go awry.

The software market suffers from the same information asymmetry. Vendors may make claims about the security of their products, but buyers have no reason to trust them. In many cases, even the vendor does not know how secure its software is. So buyers have no reason to pay more for protection, and vendors are disinclined to invest in it.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Cyber_War | Clarke]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Wired_Warfare | Schmitt]]
* [[Schneier on Security | Schneier]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Intelligence Infrastructure/Information Infrastructure===
The network of computers and communication lines underlying critical services that American society has come to depend on: financial systems, the power grid, transportation, emergency services, and government programs. Information infrastructure includes the Internet, telecommunications networks, “embedded” systems (the built-in microprocessors that control machines from microwaves to missiles), and “dedicated” devices like individual personal computers. [http://www.cfr.org/publication/10212/targets_for_terrorism.html Council on Foreign Relations]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Cyber_Power | Nye]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Operations===
Actions taken to affect adversary information and information systems while defending one’s own information and information systems.” Information Operations (IO) can occur during peacetime and at every level of warfare.
Information warfare (IW), by contrast, is IO “conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries” [Joint Chiefs of Staff, Department of Defense, Dictionary of Military and Associated Terms, Joint Publication]

References:
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Interdependencies===
The inter-connections between supposedly independent but often interdependent systems.

See also: [[#SCADA_Systems | SCADA Systems]]

References:
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Cyber-Insurance_Revisited | Bohme]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Trust in Cyberspace | National Research Council]]
* [[Cybersecurity_and_Economic_Incentives | OECD]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | Schmitt]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===International Humanitarian Law===
That part of international law which seek, for humanitarian reasons, to limit the effects of armed conflict. It protects persons who are not or are no longer participating in the hostilities and restricts the means and methods of warfare. International humanitarian law is also known as the law of war or the law of armed conflict. International law is the body of rules governing relations between States. It is contained in agreements between States (treaties or conventions), in customary rules, which consist of State practise considered by them as as legally binding, and in general principles. [http://www.icrc.org/web/eng/siteeng0.nsf/html/humanitarian-law-factsheet ICRC]

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Relay Chat (IRC)===
A method of real-time Internet communication often used by criminals to buy and sell purloined information such as credit card numbers and personal identity information. IRC chatrooms may be open or private.

References:
* [[Security_Engineering | Anderson]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Service Providers===
A company that offers access to the Internet. Internet Service Providers may also provide add-on services such as web hosting, electronic mail, virus scanning, SPAM filtering, etc.

References:
* [[Security_Engineering | Anderson]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[The_Market_Consequences_of_Cybersecurity | OECD]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Keylogger===
Software or hardware that monitors and logs the keystrokes a user types into a computer. The keylogger may store the key sequences locally for later retrieval or send them to a remote location. A hardware keylogger can only be detected by physically inspecting the computer for unusual hardware.

References:
* [[Security_Engineering | Anderson]]
* [[2007_Malware_Report | Computer Economics]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

=== Kinetic Attack===
Traditional mode of warfare in which arms are used to kill opponents and/or destroy an opponent's infrastructure. Usually used to distinguish a cyber attack in which destruction of the opponent's resources is accomplished through targeted information system attacks without resorting to bullets, bombs or explosives.

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Computers_and_War | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Lawfare===
The use of international law to damage an opponent in a war without use of arms.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Laws of War===
The body of law that define the legality of using armed force to resolve a conflict (''jus ad bellum'') and the laws that define the legality of the actual hostilities and related activities (''jus in bello'').

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Cyber-Apocalypse_Now | Gable]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Power | Nye]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Malware===
A variety of computer software designed to infiltrate a user's computer specifically for malicious purposes. Includes, ''inter alia'', computer virus software, botnet software, computer worms, spyware, trojan horses, crimeware and rootkits.

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[2007_Malware_Report | Computer Economics]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Cybersecurity Strategy (U.S.)===
A comprehensive policy to secure America’s digital infrastructure as part of the Administrative Branch's [http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative Comprehensive National Cybersecurity Initiative]. The goals of the policy are: to establish a front line of defense against current immediate threats; to defend against threats by enhancing U.S. counterintelligence capabilities and; to strengthen the future cybersecurity environment by expanding cyber education and redirecting research and development efforts to define and develop strategies to deter hostile or malicious activity in cyberspace.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Security_and_Regulation_in_the_United_States | Lewis]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Security===
Broadly refers to the requirement to maintain the survival of the nation-state through the use of economic, military and political power and the exercise of diplomacy. [http://en.wikipedia.org/wiki/National_security Wikipedia]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===New Normalcy===
New normalcy has become an episodic polict construct in U.S. strategic ideation. National leadership has relied on the new normalcy clarion call to illuminate moments in time when it is understood that the Nation faces not only a severe threat, but also a transcending reorientation. Often invoked in times of national crisis, new normalcy in the American experience signals a cardinal shift in the nature of U.S. security. ["Cyber Operations - The New Balance," Stephen W. Korns]

===Notice and Take-down===
Most commonly used to remove infringing web material under copyright law, a notice and take-down regime is a procedure by which an infringing web site is removed from a service provider's (ISP) network, or access to an allegedly infringing website, disabled. Websites violating copyright are subject to notice and take-down, as are phishing websites.

References:
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Organized Crime===
Groups having some manner of a formalized structure and whose primary objective is to obtain money through illegal activities. Such groups maintain their position through the use of actual or threatened violence, corrupt public officials, graft, or extortion, and generally have a significant impact on the people in their locales, region, or the country as a whole. [http://www.fbi.gov/hq/cid/orgcrime/glossary.htm FBI]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Outreach and Collaboration===
Working across government and with the private sector to share information on threats and other data, and to develop shared approaches to securing cyberspace. [http://www.fas.org/sgp/crs/natsec/R40836.pdf CRS Report for Congress, at 6 (2009).]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Pricing_Security | Camp and Wolfram]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Introduction_to_Country_Reports | ENISA]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
*[[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | Moore and Clayton]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Password Weakness===
Security threats caused by the use of easily guessable passwords which protect vital stores of confidential information stored online.

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Patching===
Patching refers to the installation of a piece of software designed to fix problems with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability or performance. Though meant to fix problems, poorly designed patches can sometimes introduce new problems. [http://en.wikipedia.org/wiki/Patch_%28computing%29 Wikipedia]

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Phishing===
The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]],
* [[2007_Malware_Report | Computer Economics]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Privacy Law===
Laws which regulate the protection of confidential personal information stored in private records or disclosed to a professional. Also includes laws which regulate the gathering of electronic data in which personal information is accumulated or misappropriated.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy | Besunder]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Red Team===
A structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners’ and adversaries’ perspectives. See [http://www.tradoc.army.mil/pao/tnsarchives/July05/070205.htm U.S. Army]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | Deputy Chief of Staff for Intelligence]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Research & Development===
Research and development (R&D) addressing cyber security and information infrastructure protection.

References:
* [[Pricing_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Research_Agenda_for_the_Banking_and_Finance_Sector | Financial Services Sector Coordinating Council for Critical Infrastructure Protection]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[Cyber_Security_Research_and_Development_Agenda | Institute for Information Infrastructure Protection]]
* [[The_Need_for_a_National_Cybersecurity_Research_and_Development_Agenda | Maughan]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Risk Modeling===
The creation of a model to estimate risk exposure, policy option efficacy and cost-benefit analysis of a particular threat and solution. See [http://cisac.stanford.edu/publications/how_much_is_enough__a_riskmanagement_approach_to_computer_security/ Soo Hoo, Kevin J.]

References:
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Making_the_Best_Use_of_Cybersecurity_Economic_Models | Rue and Pfleeger]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]
* [[Beyond_Fear | Schneier]]
* [[Managing_Online_Security_Risks | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SCADA Systems===
SCADA stands for "supervisory control and data acquisition" and in the cybersecurity context usually refers to industrial control systems that control infrastructure such as electrical power transmission and distribution, water treatment and distribution, wastewater collection and treatment, oil and gas pipelines and large communication systems. The focus is on whether as these systems are connected to the public Internet they become vulnerable to a remote attack.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[Cyber_Power | Nye]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Scareware===
Software or web site that purports to be security software reporting a threat against a user's computer to convince the user to purchase unneeded software or install malware.

* [[2007_Malware_Report | Computer Economics]]
* [[McAfee Threats Report | McAfee]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Script Kiddie===
A derogatory term for a [[#Black_Hat | Black Hat]] who uses canned tools and programs written by more skillful [[#Hacker | hackers]] to commit cyber crime without understanding how they work.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Security Trade-Offs===
There is no single correct level of security; how much security you have depends on what you’re willing to give up in order to get it. This trade-off is, by its very nature, subjective—secu- rity decisions are based on personal judgments. Different people have different senses of what constitutes a threat, or what level of risk is acceptable. What’s more, between different commu- nities, or organizations, or even entire societies, there is no agreed-upon way in which to define threats or evaluate risks, and the modern technological and media-filled world makes these evaluations even harder. [http://www.scribd.com/doc/12185921/beyond-fear-thinking-sensibly-about-security-in-an-uncertain-world-bruce-schneier-copernicus-books-2003 Bruce Schneier]

References:

*[[Cyber-Insurance_Revisited | Bohme]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Shoulder Surfing===
The process of obtaining passwords or other sensitive information by covertly watching an authorized user enter information into a computer system.

References:
* [[Security_Engineering | Anderson]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sneakernet===
Describes the transfer of data between computers or networks that are not physically, electrically or electromagnetically connected requiring information to be shared by physically transporting media contain the shared information from one computer to another. Initially described systems lacking the technology to network together, now usually refers to systems deliberately isolated for security reasons.

See also: [[#Air-Gapped_Network | Air-Gapped Network]]

===Social Engineering===
Conning a human into supplying passwords, computer access or other sensitive information by pretending to be a person with rights to the information or who the target believes they must surrender the information to.

References:
* [[Security_Engineering | Anderson]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Cyber_Power | Nye]]
* [[The_Market_Consequences_of_Cybersecurity:_Defining_Externalities_and_Ways_to_Address_Them | OECD]], [[Cybersecurity_and_Economic_Incentives | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Social Network===
A software application or website that allows a large group of users to interact with each other, often allowing the creation of online portals or identities to share with specific people or the online world at large.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Software Vulnerability===

A software vulnerablilty refers to the existence of a flaw -- or "bug" -- in software that may allow a third party or program to obtain unauthorized access to the flaw and exploit it. [http://www.spi.dod.mil/tenets.htm U.S. Air Force Software Protection Initiative]

References:
* [[Security_Engineering | Anderson]]
* [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission Impact of Foreign Influence on DoD Software | DoD]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The Price of Restricting Vulnerability Publications | Granick]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SPAM===
Unwanted or junk email usually sent indiscriminately in bulk selling illegal or near illegal goods or services. Even with low response rates and heavy filtering, SPAM can stil be economically viable because of the extremely low costs in sending even huge quantities of electronic messages. Commonly believed to be named after the [http://www.youtube.com/watch?v=anwy2MPT5RE Monty Python skit] where the breakfast meat Spam overwhelms all other food choices.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sponsored Attacks===
[[#Computer_Network_Attack | Computer network attacks]] commissioned by, supported by or carried out by a state or government.

Reverences:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===State Affiliation===
Under the control or command of a recognized state or government.

References:
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Tragedy of Commons===
A situation, first described in an influential article written by ecologist Garrett Hardin for the journal Science, in 1968, in which multiple individuals, acting independently, and solely and rationally consulting their own self-interest, will ultimately deplete a shared limited resource even when it is clear that it is not in anyone's long-term interest for this to happen. The term can be applied to any issue related to the management of a shared resource, from energy to the public domain, to cybersecurity.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Transparency===
A set of policies, practices and procedures that allow citizens to have accessibility, usability, informativeness, understandability and auditability of information and process held by centers of authority. [http://en.wikipedia.org/wiki/Transparency_(social) Wikipedia]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Trojan===
[[#Malware | Malware]] which masquerades as some other type of program such as a link to a web site, a desirable image, etc. to trick a user into installing it. Named for the Ancient Greek legend of the [http://www.mlahanas.de/Greeks/Mythology/TrojanHorse.html Trojan Horse].

References:
* [[Security_Engineering | Anderson]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
*[[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Military Technologies===
Warfare made possible by advances in remotely controlled or semiautomated military technologies which remove the operator from risk of harm while attacking an opponent.

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Global_Cyber_Deterrence_Views_from_China | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Warfare===

See: [[#Virtual_Military_Technologies | Virtual Military Technologies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===White Hat===
A white hat is a computer [[#Hacker | hacker]] who works to find and fix computer security risks. White hat consultants are often hired to attempt to break into their client's network to see if all security holes have been addressed.

See also: [[#Black_Hat | Black Hat]]

References:
* [[Security_Engineering | Anderson]], [[Why_Information_Security_is_Hard | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Whitelist===
A list of computers, IP (Internet Protocol) addresses, user names or other identifiers to specifically allow access to a computing resource. Normally combined with a default "no-access" policy.

See also: [[#Blacklist | Blacklist]]

References:
* [[Security_Engineering | Anderson]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Worm===
A type of malware that replicates itself and spreads to other computers through network connections.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Zero-Day Exploit===
[[#Malware | Malware]] designed to exploit a newly discovered security hole unknown to the software developer. "Zero-day" refers to the amount of time a developer has between learning of a security hole and the time it becomes public or when [[#Black_Hat | black hat]] [[#Hacker | hackers]] find out about it and try to use the security hole for nefarious purposes.

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[McAfee Threats Report | McAfee]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

Keyword Index and Glossary of Core Ideas

2010-08-03T19:36:53Z

Felix: /* Cyber Warfare */

==Keyword Index and Glossary of Core Ideas==

===Air-Gapped Network===
Air gapping is a security measure that isolates a secure network from unsecure networks physically, electrically and electromagnetically.

See also: [[Keyword_Index_and_Glossary_of_Core_Ideas#Sneakernet | Sneakernet]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Antivirus===
Software which attempts to identify and delete or isolate [[#Malware |malware]]. Antivirus software may use both a database containing signatures of known threats and heuristics to identify malware. Usually run as a background service to scan files and email copied to the protected system.

References:
* [[Security_Engineering | Anderson]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Best Practices===

The processes, practices, and systems identified in public and private organizations that performed exceptionally well and are widely recognized as improving an organization's performance and efficiency in specific areas. Successfully identifying and applying best practices can reduce business expenses and improve organizational efficiency. [http://www.gao.gov/special.pubs/bprag/bprgloss.htm GAO Glossary]

* [[Hardening_The_Internet | National Infrastructure Advisory Council]]

===Black Hat===
A black hat is a computer [[#Hacker | hacker]] who works to harm others (e.g., steal identities, spread computer viruses, install bot software).

See also: [[#White_Hat | White Hat]]

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Blacklist===
A list of computers, IP addresses, user names or other identifiers to block from access to a computing resource.

See also: [[#Whitelist | Whitelist]]

References:
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Botnet===
A portmanteau of "robot" and "network." Refers to networks of sometimes millions of infected machines that are remotely controlled by malicious actors. A single infected computer may be referred to as a zombie computer. The owners of the computer remotely controlled is often unaware of the infection. The owners of a botnet may use the combined network processing power and bandwidth to send [[#SPAM | SPAM]], install [[#Malware | malware]] and mount [[#DDoS_Attack | DDoS attacks]] or may rent out the botnet to other malicious actors.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Power | Nye]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Schneier_on_Security | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===''Casus Belli''===
The justification for going to war. From the Latin "''casus''" meaning "incident" or "event" and "''belli''" meaning "of war."

References:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Wired_Warfare | Schmitt]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Civilian Participation===
The involvement of non-military persons in warfare. While civilians have often provided support to the military in kinetic wars, in [[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Warfare | cyber warfare]] civilians are able to remotely participate in direct attacks against opponents. This raises complicated questions of law when the combatants are not uniformed military personnel.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Combatant Status===
The legal status of combatants in warfare. Existing law distinguishes between uniformed military and civilian status.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Emergency Response Team===
A group of experts brought together to deal with computer security issues. The Computer Emergency Response Team (CERT) mandate is to develop and promote best management practices and technology applications to “resist attacks on networked systems, to limit damage, and to ensure continuity of critical services.” (Software Engineering Institute 2008). CERT may be formed by governments to handle security at the national level or by academic institutions or individual corporations.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Network Attack===
Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves. [http://www.fas.org/irp/doddir/dod/jp3_13.pdf Joint Doctrine for Information Operations JP 3-13 at I-9 (1998)]

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Information_Security | GAO]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Computers_and_War | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Communications Privacy Law===
Laws which regulate access to electronic communications. In the United States, the [http://www.usiia.org/legis/ecpa.html Electronic Communications Privacy Act (ECPA]) protects electronic communications while in transit and prohibits the unlawful access and disclosure of communication contents.

References:
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[Cybersecurity:_Preventing_Terrorist_Attacks_and_Protecting_Privacy_in_Cyberspace | Nojeim]]
* [[Cyber_Power | Nye]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===COTS Software===
Commercial Off The Shelf Software. Software that is prepackaged and sold as a commodity rather than custom written for a specific user/organization or purpose. Examples include operating systems, database management programs, email servers, application servers and office product suites. [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD at 18.]]

References:
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Trust in Cyberspace | National Research Council]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Credit Card Fraud===
Theft of goods or services using false or stolen credit card information.

See Also: [[#Shoulder_Surfing | Shoulder Surfing]]

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Crimeware===
Software tools designed to aid criminals in perpetrating online crime. Refers only to programs not generally considered desirable or usable for ordinary tasks. Thus, while a criminal may use Internet Explorer in the commission of a [[#Cyber_Crime | cybercrime]], the Internet Explorer application itself would not be considered crimeware.

References:
* [[2007_Malware_Report |Computer Economics]]
* [[Cybersecurity | Bauer and van Eeten]], [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Crime===
In its broadest definition, cybercrime includes all crime perpetrated with or involving a computer. Symantec defines it as any crime that is committed using a computer or network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime. The crime may take place on the computer alone or in addition to other locations. [http://www.symantec.com/norton/cybercrime/definition.jsp Symantec]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as an Externality===
Economists define externalities as instances where an individual or firm’s actions have
economic consequences for others for which there is no compensation. One important
distinction is between positive and negative externalities. Instances of the latter are most
commonly discussed, such as the environmental pollution caused by a plant, which may
have impacts on the value of neighboring homes. Important examples of positive
externalities are so common in communications networks that there is a class of "network
externalities. For instance, the simple act of installing telephone service to one additional
customer creates positive externalities on everyone on the telephone network because
they can now each reach one additional person.
Several attributes of computer security suggest that it is an externality. Most importantly,
the lack of security on one machine can cause adverse effects on another. The most
obvious example of this is from electronic commerce, where credit card numbers stolen
from machines lacking security are used to commit fraud at other sites.

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Pricing_Security | Camp and Wolfram]], [[Economics_of_Information_Security | 2]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as a Public Good===
In economics, a public good is a good that is non-rivalrous and non-excludable. Non-rivalry means that consumption of the good by one individual does not reduce availability of the good for consumption by others; and non-excludability that no one can be effectively excluded from using the good.

References:
* [[Security_Engineering | Anderson]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Terrorism===
A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. [http://judiciary.senate.gov/hearings/testimony.cfm?id=1054&wit_id=2995 FBI]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Beyond_Fear | Schneier]]
* [[The_Evolving_Landscape_of_Maritime_Cybersecurity | Shah]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Warfare===
Actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption. [[Cyber_War | Clarke]]

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_War | Clarke]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks#Full_Citation | Cornish]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Global_Cyber_Deterrence | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Data Mining===
The process of extracting hidden information and correlations from one or more databases or collections of data that would not normally be revealed by a simple database query.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy#Synopsis | Besunder]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Schneier on Security | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Department of Homeland Security===
Cabinet level department of the United States assigned, ''inter alia'', the task of protecting against terrorist threats and helping state and local authorities prepare for, respond to and recover from domestic disasters.

References:
* [[Cyber_War | Clarke]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Information_Security | GAO]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]], [[Schneier on Security | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===DDoS Attack===
The disabling of a targeted website or Internet connection by flooding it with such high levels of Internet traffic that it can no longer respond to normal connection requests. Often mounted by directing an army of zombie computers (see [[#Botnet | botnet]]) to connect to the targeted site simultaneously. The targeted site may crash while trying to respond to an overwhelming number of connections requests or it may be disabled because all available bandwidth and/or computing resources are tied up responding to the attack requests.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin. et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Digital Pearl Harbor===
A cyberwarfare attack similar in scale and surprise to the 1941 attack on Pearl Harbor. The expression is often invoked by those who argue that a cyber-based attack is either imminent or inevitable and that by not being properly prepared, the United States will suffer significant and unnecessary losses.

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Disclosure Policy===
A policy that governs the disclosure to clients and other stakeholder by a provider of a computer program or system of defects discovered in those products.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Schneier on Security | Schneier]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Distributed Denial of Service (DDoS)===
See: [[#DDoS_Attack | DDoS Attack]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Dumpster Diving===
A method of obtaining proprietary, confidential or useful information by searching through trash discarded by a target.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Einstein===
The operational name of the National Cybersecurity Protection System (NCPS). Was created in 2003 by the United States Computer Emergency Readiness Team (US-CERT)14 in order to aid in its ability to help reduce and prevent computer network vulnerabilities across the federal government. The initial version of Einstein provided an automated process for collecting, correlating, and analyzing agencies’ computer network traffic information from sensors installed at their Internet connections. The Einstein sensors collected
network flow records at participating agencies, which were then analyzed by US-CERT to detect certain types of malicious activity.

References:
* [[Information_Security | GAO]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===E.U. Cybersecurity===
Discussions relating to cybersecurity of the European Union and of European Union states.

References:
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Introduction_to_Country_Reports | ENISA]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Generativity===
Generativity is a system’s capacity to produce unanticipated change through unﬁltered contributions from broad and varied audiences.

References:

*[[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Geneva Conventions===
Four treaties and three additional protocols that regulates the conduct of hostilities between states and set the standards for humanitarian treatment of the victims of war.

See also: [[#Laws_of_War | Laws of War]]

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacker===
Advanced computer users who spend a lot of time on or with computers and work hard to find vulnerabilities in IT systems. [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]

References:
* [[Security_Engineering | Anderson]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[McAfee Threats Report | McAfee]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivism===
The nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development. [http://www.alexandrasamuel.com/dissertation/index.html Samuel, A.]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivist===
A portmanteau of [[#Hacker | "hacker"]] and "activist." Individuals that have a political motive for their activities, and identify that motivation by their actions, such as defacing opponents’ websites with counter-information or disinformation.

See also: [[#Hacktivism | Hacktivism]]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[McAfee Threats Report | McAfee]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Honeypot===
A computer, network or other information technology resource set as a trap to attract attacks. Honeypots may be used to collect metrics (how long does it take for an unprotected system to be breached), to test defenses, to examine methods of attack or to catch attackers. A honeypot system may also be used to collect [[#SPAM | SPAM]] so it can be added to a [[#Blacklist | blacklist]].

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Identity Fraud/Theft===
The exploitation by malevolent third parties of unwarranted access to clients' or consumers' identities. Often the result of lax data security or privacy measures.

References:
* [[Security_Engineering | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[2007_Malware_Report | Computer Economics]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Asymmetries===
Information asymmetry deals with the study of decisions in transactions where one party has more or better information than the other. This creates an imbalance of power in transactions which can sometimes cause the transactions to go awry.

The software market suffers from the same information asymmetry. Vendors may make claims about the security of their products, but buyers have no reason to trust them. In many cases, even the vendor does not know how secure its software is. So buyers have no reason to pay more for protection, and vendors are disinclined to invest in it.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Cyber_War | Clarke]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Wired_Warfare | Schmitt]]
* [[Schneier on Security | Schneier]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Intelligence Infrastructure/Information Infrastructure===
The network of computers and communication lines underlying critical services that American society has come to depend on: financial systems, the power grid, transportation, emergency services, and government programs. Information infrastructure includes the Internet, telecommunications networks, “embedded” systems (the built-in microprocessors that control machines from microwaves to missiles), and “dedicated” devices like individual personal computers. [http://www.cfr.org/publication/10212/targets_for_terrorism.html Council on Foreign Relations]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Cyber_Power | Nye]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Operations===
Actions taken to affect adversary information and information systems while defending one’s own information and information systems.” Information Operations (IO) can occur during peacetime and at every level of warfare.
Information warfare (IW), by contrast, is IO “conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries” [Joint Chiefs of Staff, Department of Defense, Dictionary of Military and Associated Terms, Joint Publication]

References:
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Interdependencies===
The inter-connections between supposedly independent but often interdependent systems.

See also: [[#SCADA_Systems | SCADA Systems]]

References:
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Cyber-Insurance_Revisited | Bohme]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Trust in Cyberspace | National Research Council]]
* [[Cybersecurity_and_Economic_Incentives | OECD]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | Schmitt]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===International Humanitarian Law===
That part of international law which seek, for humanitarian reasons, to limit the effects of armed conflict. It protects persons who are not or are no longer participating in the hostilities and restricts the means and methods of warfare. International humanitarian law is also known as the law of war or the law of armed conflict. International law is the body of rules governing relations between States. It is contained in agreements between States (treaties or conventions), in customary rules, which consist of State practise considered by them as as legally binding, and in general principles. [http://www.icrc.org/web/eng/siteeng0.nsf/html/humanitarian-law-factsheet ICRC]

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Relay Chat (IRC)===
A method of real-time Internet communication often used by criminals to buy and sell purloined information such as credit card numbers and personal identity information. IRC chatrooms may be open or private.

References:
* [[Security_Engineering | Anderson]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Service Providers===
A company that offers access to the Internet. Internet Service Providers may also provide add-on services such as web hosting, electronic mail, virus scanning, SPAM filtering, etc.

References:
* [[Security_Engineering | Anderson]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[The_Market_Consequences_of_Cybersecurity | OECD]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Keylogger===
Software or hardware that monitors and logs the keystrokes a user types into a computer. The keylogger may store the key sequences locally for later retrieval or send them to a remote location. A hardware keylogger can only be detected by physically inspecting the computer for unusual hardware.

References:
* [[Security_Engineering | Anderson]]
* [[2007_Malware_Report | Computer Economics]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

=== Kinetic Attack===
Traditional mode of warfare in which arms are used to kill opponents and/or destroy an opponent's infrastructure. Usually used to distinguish a cyber attack in which destruction of the opponent's resources is accomplished through targeted information system attacks without resorting to bullets, bombs or explosives.

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Computers_and_War | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Lawfare===
The use of international law to damage an opponent in a war without use of arms.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Laws of War===
The body of law that define the legality of using armed force to resolve a conflict (''jus ad bellum'') and the laws that define the legality of the actual hostilities and related activities (''jus in bello'').

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Cyber-Apocalypse_Now | Gable]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Power | Nye]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Malware===
A variety of computer software designed to infiltrate a user's computer specifically for malicious purposes. Includes, ''inter alia'', computer virus software, botnet software, computer worms, spyware, trojan horses, crimeware and rootkits.

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[2007_Malware_Report | Computer Economics]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Cybersecurity Strategy (U.S.)===
A comprehensive policy to secure America’s digital infrastructure as part of the Administrative Branch's [http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative Comprehensive National Cybersecurity Initiative]. The goals of the policy are: to establish a front line of defense against current immediate threats; to defend against threats by enhancing U.S. counterintelligence capabilities and; to strengthen the future cybersecurity environment by expanding cyber education and redirecting research and development efforts to define and develop strategies to deter hostile or malicious activity in cyberspace.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Security_and_Regulation_in_the_United_States | Lewis]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Security===
Broadly refers to the requirement to maintain the survival of the nation-state through the use of economic, military and political power and the exercise of diplomacy. [http://en.wikipedia.org/wiki/National_security Wikipedia]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===New Normalcy===
New normalcy has become an episodic polict construct in U.S. strategic ideation. National leadership has relied on the new normalcy clarion call to illuminate moments in time when it is understood that the Nation faces not only a severe threat, but also a transcending reorientation. Often invoked in times of national crisis, new normalcy in the American experience signals a cardinal shift in the nature of U.S. security. ["Cyber Operations - The New Balance," Stephen W. Korns]

===Notice and Take-down===
Most commonly used to remove infringing web material under copyright law, a notice and take-down regime is a procedure by which an infringing web site is removed from a service provider's (ISP) network, or access to an allegedly infringing website, disabled. Websites violating copyright are subject to notice and take-down, as are phishing websites.

References:
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Organized Crime===
Groups having some manner of a formalized structure and whose primary objective is to obtain money through illegal activities. Such groups maintain their position through the use of actual or threatened violence, corrupt public officials, graft, or extortion, and generally have a significant impact on the people in their locales, region, or the country as a whole. [http://www.fbi.gov/hq/cid/orgcrime/glossary.htm FBI]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Outreach and Collaboration===
Working across government and with the private sector to share information on threats and other data, and to develop shared approaches to securing cyberspace. [http://www.fas.org/sgp/crs/natsec/R40836.pdf CRS Report for Congress, at 6 (2009).]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Pricing_Security | Camp and Wolfram]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Introduction_to_Country_Reports | ENISA]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
*[[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | Moore and Clayton]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Password Weakness===
Security threats caused by the use of easily guessable passwords which protect vital stores of confidential information stored online.

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Patching===
Patching refers to the installation of a piece of software designed to fix problems with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability or performance. Though meant to fix problems, poorly designed patches can sometimes introduce new problems. [http://en.wikipedia.org/wiki/Patch_%28computing%29 Wikipedia]

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Phishing===
The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]],
* [[2007_Malware_Report | Computer Economics]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Privacy Law===
Laws which regulate the protection of confidential personal information stored in private records or disclosed to a professional. Also includes laws which regulate the gathering of electronic data in which personal information is accumulated or misappropriated.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy | Besunder]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Red Team===
A structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners’ and adversaries’ perspectives. See [http://www.tradoc.army.mil/pao/tnsarchives/July05/070205.htm U.S. Army]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | Deputy Chief of Staff for Intelligence]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Research & Development===
Research and development (R&D) addressing cyber security and information infrastructure protection.

References:
* [[Pricing_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Research_Agenda_for_the_Banking_and_Finance_Sector | Financial Services Sector Coordinating Council for Critical Infrastructure Protection]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[Cyber_Security_Research_and_Development_Agenda | Institute for Information Infrastructure Protection]]
* [[The_Need_for_a_National_Cybersecurity_Research_and_Development_Agenda | Maughan]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Risk Modeling===
The creation of a model to estimate risk exposure, policy option efficacy and cost-benefit analysis of a particular threat and solution. See [http://cisac.stanford.edu/publications/how_much_is_enough__a_riskmanagement_approach_to_computer_security/ Soo Hoo, Kevin J.]

References:
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Making_the_Best_Use_of_Cybersecurity_Economic_Models | Rue and Pfleeger]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]
* [[Beyond_Fear | Schneier]]
* [[Managing_Online_Security_Risks | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SCADA Systems===
SCADA stands for "supervisory control and data acquisition" and in the cybersecurity context usually refers to industrial control systems that control infrastructure such as electrical power transmission and distribution, water treatment and distribution, wastewater collection and treatment, oil and gas pipelines and large communication systems. The focus is on whether as these systems are connected to the public Internet they become vulnerable to a remote attack.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[Cyber_Power | Nye]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Scareware===
Software or web site that purports to be security software reporting a threat against a user's computer to convince the user to purchase unneeded software or install malware.

* [[2007_Malware_Report | Computer Economics]]
* [[McAfee Threats Report | McAfee]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Script Kiddie===
A derogatory term for a [[#Black_Hat | Black Hat]] who uses canned tools and programs written by more skillful [[#Hacker | hackers]] to commit cyber crime without understanding how they work.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Security Trade-Offs===
There is no single correct level of security; how much security you have depends on what you’re willing to give up in order to get it. This trade-off is, by its very nature, subjective—secu- rity decisions are based on personal judgments. Different people have different senses of what constitutes a threat, or what level of risk is acceptable. What’s more, between different commu- nities, or organizations, or even entire societies, there is no agreed-upon way in which to define threats or evaluate risks, and the modern technological and media-filled world makes these evaluations even harder. [http://www.scribd.com/doc/12185921/beyond-fear-thinking-sensibly-about-security-in-an-uncertain-world-bruce-schneier-copernicus-books-2003 Bruce Schneier]

References:

*[[Cyber-Insurance_Revisited | Bohme]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Shoulder Surfing===
The process of obtaining passwords or other sensitive information by covertly watching an authorized user enter information into a computer system.

References:
* [[Security_Engineering | Anderson]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sneakernet===
Describes the transfer of data between computers or networks that are not physically, electrically or electromagnetically connected requiring information to be shared by physically transporting media contain the shared information from one computer to another. Initially described systems lacking the technology to network together, now usually refers to systems deliberately isolated for security reasons.

See also: [[#Air-Gapped_Network | Air-Gapped Network]]

===Social Engineering===
Conning a human into supplying passwords, computer access or other sensitive information by pretending to be a person with rights to the information or who the target believes they must surrender the information to.

References:
* [[Security_Engineering | Anderson]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Cyber_Power | Nye]]
* [[The_Market_Consequences_of_Cybersecurity:_Defining_Externalities_and_Ways_to_Address_Them | OECD]], [[Cybersecurity_and_Economic_Incentives | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Social Network===
A software application or website that allows a large group of users to interact with each other, often allowing the creation of online portals or identities to share with specific people or the online world at large.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Software Vulnerability===

A software vulnerablilty refers to the existence of a flaw -- or "bug" -- in software that may allow a third party or program to obtain unauthorized access to the flaw and exploit it. [http://www.spi.dod.mil/tenets.htm U.S. Air Force Software Protection Initiative]

References:
* [[Security_Engineering | Anderson]]
* [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission Impact of Foreign Influence on DoD Software | DoD]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The Price of Restricting Vulnerability Publications | Granick]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SPAM===
Unwanted or junk email usually sent indiscriminately in bulk selling illegal or near illegal goods or services. Even with low response rates and heavy filtering, SPAM can stil be economically viable because of the extremely low costs in sending even huge quantities of electronic messages. Commonly believed to be named after the [http://www.youtube.com/watch?v=anwy2MPT5RE Monty Python skit] where the breakfast meat Spam overwhelms all other food choices.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sponsored Attacks===
[[#Computer_Network_Attack | Computer network attacks]] commissioned by, supported by or carried out by a state or government.

Reverences:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===State Affiliation===
Under the control or command of a recognized state or government.

References:
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Tragedy of Commons===
A situation, first described in an influential article written by ecologist Garrett Hardin for the journal Science, in 1968, in which multiple individuals, acting independently, and solely and rationally consulting their own self-interest, will ultimately deplete a shared limited resource even when it is clear that it is not in anyone's long-term interest for this to happen. The term can be applied to any issue related to the management of a shared resource, from energy to the public domain, to cybersecurity.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Transparency===
A set of policies, practices and procedures that allow citizens to have accessibility, usability, informativeness, understandability and auditability of information and process held by centers of authority. [http://en.wikipedia.org/wiki/Transparency_(social) Wikipedia]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Trojan===
[[#Malware | Malware]] which masquerades as some other type of program such as a link to a web site, a desirable image, etc. to trick a user into installing it. Named for the Ancient Greek legend of the [http://www.mlahanas.de/Greeks/Mythology/TrojanHorse.html Trojan Horse].

References:
* [[Security_Engineering | Anderson]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
*[[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Military Technologies===
Warfare made possible by advances in remotely controlled or semiautomated military technologies which remove the operator from risk of harm while attacking an opponent.

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Global_Cyber_Deterrence_Views_from_China | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Warfare===

See: [[#Virtual_Military_Technologies | Virtual Military Technologies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===White Hat===
A white hat is a computer [[#Hacker | hacker]] who works to find and fix computer security risks. White hat consultants are often hired to attempt to break into their client's network to see if all security holes have been addressed.

See also: [[#Black_Hat | Black Hat]]

References:
* [[Security_Engineering | Anderson]], [[Why_Information_Security_is_Hard | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Whitelist===
A list of computers, IP (Internet Protocol) addresses, user names or other identifiers to specifically allow access to a computing resource. Normally combined with a default "no-access" policy.

See also: [[#Blacklist | Blacklist]]

References:
* [[Security_Engineering | Anderson]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Worm===
A type of malware that replicates itself and spreads to other computers through network connections.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Zero-Day Exploit===
[[#Malware | Malware]] designed to exploit a newly discovered security hole unknown to the software developer. "Zero-day" refers to the amount of time a developer has between learning of a security hole and the time it becomes public or when [[#Black_Hat | black hat]] [[#Hacker | hackers]] find out about it and try to use the security hole for nefarious purposes.

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[McAfee Threats Report | McAfee]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

Keyword Index and Glossary of Core Ideas

2010-08-03T19:36:41Z

Felix: /* Civilian Participation */

==Keyword Index and Glossary of Core Ideas==

===Air-Gapped Network===
Air gapping is a security measure that isolates a secure network from unsecure networks physically, electrically and electromagnetically.

See also: [[Keyword_Index_and_Glossary_of_Core_Ideas#Sneakernet | Sneakernet]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Antivirus===
Software which attempts to identify and delete or isolate [[#Malware |malware]]. Antivirus software may use both a database containing signatures of known threats and heuristics to identify malware. Usually run as a background service to scan files and email copied to the protected system.

References:
* [[Security_Engineering | Anderson]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Best Practices===

The processes, practices, and systems identified in public and private organizations that performed exceptionally well and are widely recognized as improving an organization's performance and efficiency in specific areas. Successfully identifying and applying best practices can reduce business expenses and improve organizational efficiency. [http://www.gao.gov/special.pubs/bprag/bprgloss.htm GAO Glossary]

* [[Hardening_The_Internet | National Infrastructure Advisory Council]]

===Black Hat===
A black hat is a computer [[#Hacker | hacker]] who works to harm others (e.g., steal identities, spread computer viruses, install bot software).

See also: [[#White_Hat | White Hat]]

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Blacklist===
A list of computers, IP addresses, user names or other identifiers to block from access to a computing resource.

See also: [[#Whitelist | Whitelist]]

References:
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Botnet===
A portmanteau of "robot" and "network." Refers to networks of sometimes millions of infected machines that are remotely controlled by malicious actors. A single infected computer may be referred to as a zombie computer. The owners of the computer remotely controlled is often unaware of the infection. The owners of a botnet may use the combined network processing power and bandwidth to send [[#SPAM | SPAM]], install [[#Malware | malware]] and mount [[#DDoS_Attack | DDoS attacks]] or may rent out the botnet to other malicious actors.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Power | Nye]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Schneier_on_Security | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===''Casus Belli''===
The justification for going to war. From the Latin "''casus''" meaning "incident" or "event" and "''belli''" meaning "of war."

References:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Wired_Warfare | Schmitt]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Civilian Participation===
The involvement of non-military persons in warfare. While civilians have often provided support to the military in kinetic wars, in [[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Warfare | cyber warfare]] civilians are able to remotely participate in direct attacks against opponents. This raises complicated questions of law when the combatants are not uniformed military personnel.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Combatant Status===
The legal status of combatants in warfare. Existing law distinguishes between uniformed military and civilian status.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Emergency Response Team===
A group of experts brought together to deal with computer security issues. The Computer Emergency Response Team (CERT) mandate is to develop and promote best management practices and technology applications to “resist attacks on networked systems, to limit damage, and to ensure continuity of critical services.” (Software Engineering Institute 2008). CERT may be formed by governments to handle security at the national level or by academic institutions or individual corporations.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Network Attack===
Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves. [http://www.fas.org/irp/doddir/dod/jp3_13.pdf Joint Doctrine for Information Operations JP 3-13 at I-9 (1998)]

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Information_Security | GAO]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Computers_and_War | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Communications Privacy Law===
Laws which regulate access to electronic communications. In the United States, the [http://www.usiia.org/legis/ecpa.html Electronic Communications Privacy Act (ECPA]) protects electronic communications while in transit and prohibits the unlawful access and disclosure of communication contents.

References:
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[Cybersecurity:_Preventing_Terrorist_Attacks_and_Protecting_Privacy_in_Cyberspace | Nojeim]]
* [[Cyber_Power | Nye]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===COTS Software===
Commercial Off The Shelf Software. Software that is prepackaged and sold as a commodity rather than custom written for a specific user/organization or purpose. Examples include operating systems, database management programs, email servers, application servers and office product suites. [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD at 18.]]

References:
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Trust in Cyberspace | National Research Council]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Credit Card Fraud===
Theft of goods or services using false or stolen credit card information.

See Also: [[#Shoulder_Surfing | Shoulder Surfing]]

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Crimeware===
Software tools designed to aid criminals in perpetrating online crime. Refers only to programs not generally considered desirable or usable for ordinary tasks. Thus, while a criminal may use Internet Explorer in the commission of a [[#Cyber_Crime | cybercrime]], the Internet Explorer application itself would not be considered crimeware.

References:
* [[2007_Malware_Report |Computer Economics]]
* [[Cybersecurity | Bauer and van Eeten]], [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Crime===
In its broadest definition, cybercrime includes all crime perpetrated with or involving a computer. Symantec defines it as any crime that is committed using a computer or network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime. The crime may take place on the computer alone or in addition to other locations. [http://www.symantec.com/norton/cybercrime/definition.jsp Symantec]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as an Externality===
Economists define externalities as instances where an individual or firm’s actions have
economic consequences for others for which there is no compensation. One important
distinction is between positive and negative externalities. Instances of the latter are most
commonly discussed, such as the environmental pollution caused by a plant, which may
have impacts on the value of neighboring homes. Important examples of positive
externalities are so common in communications networks that there is a class of "network
externalities. For instance, the simple act of installing telephone service to one additional
customer creates positive externalities on everyone on the telephone network because
they can now each reach one additional person.
Several attributes of computer security suggest that it is an externality. Most importantly,
the lack of security on one machine can cause adverse effects on another. The most
obvious example of this is from electronic commerce, where credit card numbers stolen
from machines lacking security are used to commit fraud at other sites.

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Pricing_Security | Camp and Wolfram]], [[Economics_of_Information_Security | 2]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as a Public Good===
In economics, a public good is a good that is non-rivalrous and non-excludable. Non-rivalry means that consumption of the good by one individual does not reduce availability of the good for consumption by others; and non-excludability that no one can be effectively excluded from using the good.

References:
* [[Security_Engineering | Anderson]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Terrorism===
A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. [http://judiciary.senate.gov/hearings/testimony.cfm?id=1054&wit_id=2995 FBI]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Beyond_Fear | Schneier]]
* [[The_Evolving_Landscape_of_Maritime_Cybersecurity | Shah]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Warfare===
Actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption. [[Cyber_War | Clarke]]

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_War | Clarke]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks#Full_Citation | Cornish]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Global_Cyber_Deterrence | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Data Mining===
The process of extracting hidden information and correlations from one or more databases or collections of data that would not normally be revealed by a simple database query.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy#Synopsis | Besunder]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Schneier on Security | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Department of Homeland Security===
Cabinet level department of the United States assigned, ''inter alia'', the task of protecting against terrorist threats and helping state and local authorities prepare for, respond to and recover from domestic disasters.

References:
* [[Cyber_War | Clarke]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Information_Security | GAO]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]], [[Schneier on Security | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===DDoS Attack===
The disabling of a targeted website or Internet connection by flooding it with such high levels of Internet traffic that it can no longer respond to normal connection requests. Often mounted by directing an army of zombie computers (see [[#Botnet | botnet]]) to connect to the targeted site simultaneously. The targeted site may crash while trying to respond to an overwhelming number of connections requests or it may be disabled because all available bandwidth and/or computing resources are tied up responding to the attack requests.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin. et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Digital Pearl Harbor===
A cyberwarfare attack similar in scale and surprise to the 1941 attack on Pearl Harbor. The expression is often invoked by those who argue that a cyber-based attack is either imminent or inevitable and that by not being properly prepared, the United States will suffer significant and unnecessary losses.

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Disclosure Policy===
A policy that governs the disclosure to clients and other stakeholder by a provider of a computer program or system of defects discovered in those products.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Schneier on Security | Schneier]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Distributed Denial of Service (DDoS)===
See: [[#DDoS_Attack | DDoS Attack]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Dumpster Diving===
A method of obtaining proprietary, confidential or useful information by searching through trash discarded by a target.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Einstein===
The operational name of the National Cybersecurity Protection System (NCPS). Was created in 2003 by the United States Computer Emergency Readiness Team (US-CERT)14 in order to aid in its ability to help reduce and prevent computer network vulnerabilities across the federal government. The initial version of Einstein provided an automated process for collecting, correlating, and analyzing agencies’ computer network traffic information from sensors installed at their Internet connections. The Einstein sensors collected
network flow records at participating agencies, which were then analyzed by US-CERT to detect certain types of malicious activity.

References:
* [[Information_Security | GAO]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===E.U. Cybersecurity===
Discussions relating to cybersecurity of the European Union and of European Union states.

References:
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Introduction_to_Country_Reports | ENISA]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Generativity===
Generativity is a system’s capacity to produce unanticipated change through unﬁltered contributions from broad and varied audiences.

References:

*[[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Geneva Conventions===
Four treaties and three additional protocols that regulates the conduct of hostilities between states and set the standards for humanitarian treatment of the victims of war.

See also: [[#Laws_of_War | Laws of War]]

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacker===
Advanced computer users who spend a lot of time on or with computers and work hard to find vulnerabilities in IT systems. [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]

References:
* [[Security_Engineering | Anderson]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[McAfee Threats Report | McAfee]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivism===
The nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development. [http://www.alexandrasamuel.com/dissertation/index.html Samuel, A.]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivist===
A portmanteau of [[#Hacker | "hacker"]] and "activist." Individuals that have a political motive for their activities, and identify that motivation by their actions, such as defacing opponents’ websites with counter-information or disinformation.

See also: [[#Hacktivism | Hacktivism]]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[McAfee Threats Report | McAfee]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Honeypot===
A computer, network or other information technology resource set as a trap to attract attacks. Honeypots may be used to collect metrics (how long does it take for an unprotected system to be breached), to test defenses, to examine methods of attack or to catch attackers. A honeypot system may also be used to collect [[#SPAM | SPAM]] so it can be added to a [[#Blacklist | blacklist]].

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Identity Fraud/Theft===
The exploitation by malevolent third parties of unwarranted access to clients' or consumers' identities. Often the result of lax data security or privacy measures.

References:
* [[Security_Engineering | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[2007_Malware_Report | Computer Economics]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Asymmetries===
Information asymmetry deals with the study of decisions in transactions where one party has more or better information than the other. This creates an imbalance of power in transactions which can sometimes cause the transactions to go awry.

The software market suffers from the same information asymmetry. Vendors may make claims about the security of their products, but buyers have no reason to trust them. In many cases, even the vendor does not know how secure its software is. So buyers have no reason to pay more for protection, and vendors are disinclined to invest in it.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Cyber_War | Clarke]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Wired_Warfare | Schmitt]]
* [[Schneier on Security | Schneier]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Intelligence Infrastructure/Information Infrastructure===
The network of computers and communication lines underlying critical services that American society has come to depend on: financial systems, the power grid, transportation, emergency services, and government programs. Information infrastructure includes the Internet, telecommunications networks, “embedded” systems (the built-in microprocessors that control machines from microwaves to missiles), and “dedicated” devices like individual personal computers. [http://www.cfr.org/publication/10212/targets_for_terrorism.html Council on Foreign Relations]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Cyber_Power | Nye]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Operations===
Actions taken to affect adversary information and information systems while defending one’s own information and information systems.” Information Operations (IO) can occur during peacetime and at every level of warfare.
Information warfare (IW), by contrast, is IO “conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries” [Joint Chiefs of Staff, Department of Defense, Dictionary of Military and Associated Terms, Joint Publication]

References:
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Interdependencies===
The inter-connections between supposedly independent but often interdependent systems.

See also: [[#SCADA_Systems | SCADA Systems]]

References:
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Cyber-Insurance_Revisited | Bohme]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Trust in Cyberspace | National Research Council]]
* [[Cybersecurity_and_Economic_Incentives | OECD]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | Schmitt]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===International Humanitarian Law===
That part of international law which seek, for humanitarian reasons, to limit the effects of armed conflict. It protects persons who are not or are no longer participating in the hostilities and restricts the means and methods of warfare. International humanitarian law is also known as the law of war or the law of armed conflict. International law is the body of rules governing relations between States. It is contained in agreements between States (treaties or conventions), in customary rules, which consist of State practise considered by them as as legally binding, and in general principles. [http://www.icrc.org/web/eng/siteeng0.nsf/html/humanitarian-law-factsheet ICRC]

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Relay Chat (IRC)===
A method of real-time Internet communication often used by criminals to buy and sell purloined information such as credit card numbers and personal identity information. IRC chatrooms may be open or private.

References:
* [[Security_Engineering | Anderson]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Service Providers===
A company that offers access to the Internet. Internet Service Providers may also provide add-on services such as web hosting, electronic mail, virus scanning, SPAM filtering, etc.

References:
* [[Security_Engineering | Anderson]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[The_Market_Consequences_of_Cybersecurity | OECD]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Keylogger===
Software or hardware that monitors and logs the keystrokes a user types into a computer. The keylogger may store the key sequences locally for later retrieval or send them to a remote location. A hardware keylogger can only be detected by physically inspecting the computer for unusual hardware.

References:
* [[Security_Engineering | Anderson]]
* [[2007_Malware_Report | Computer Economics]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

=== Kinetic Attack===
Traditional mode of warfare in which arms are used to kill opponents and/or destroy an opponent's infrastructure. Usually used to distinguish a cyber attack in which destruction of the opponent's resources is accomplished through targeted information system attacks without resorting to bullets, bombs or explosives.

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Computers_and_War | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Lawfare===
The use of international law to damage an opponent in a war without use of arms.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Laws of War===
The body of law that define the legality of using armed force to resolve a conflict (''jus ad bellum'') and the laws that define the legality of the actual hostilities and related activities (''jus in bello'').

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Cyber-Apocalypse_Now | Gable]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Power | Nye]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Malware===
A variety of computer software designed to infiltrate a user's computer specifically for malicious purposes. Includes, ''inter alia'', computer virus software, botnet software, computer worms, spyware, trojan horses, crimeware and rootkits.

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[2007_Malware_Report | Computer Economics]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Cybersecurity Strategy (U.S.)===
A comprehensive policy to secure America’s digital infrastructure as part of the Administrative Branch's [http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative Comprehensive National Cybersecurity Initiative]. The goals of the policy are: to establish a front line of defense against current immediate threats; to defend against threats by enhancing U.S. counterintelligence capabilities and; to strengthen the future cybersecurity environment by expanding cyber education and redirecting research and development efforts to define and develop strategies to deter hostile or malicious activity in cyberspace.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Security_and_Regulation_in_the_United_States | Lewis]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Security===
Broadly refers to the requirement to maintain the survival of the nation-state through the use of economic, military and political power and the exercise of diplomacy. [http://en.wikipedia.org/wiki/National_security Wikipedia]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===New Normalcy===
New normalcy has become an episodic polict construct in U.S. strategic ideation. National leadership has relied on the new normalcy clarion call to illuminate moments in time when it is understood that the Nation faces not only a severe threat, but also a transcending reorientation. Often invoked in times of national crisis, new normalcy in the American experience signals a cardinal shift in the nature of U.S. security. ["Cyber Operations - The New Balance," Stephen W. Korns]

===Notice and Take-down===
Most commonly used to remove infringing web material under copyright law, a notice and take-down regime is a procedure by which an infringing web site is removed from a service provider's (ISP) network, or access to an allegedly infringing website, disabled. Websites violating copyright are subject to notice and take-down, as are phishing websites.

References:
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Organized Crime===
Groups having some manner of a formalized structure and whose primary objective is to obtain money through illegal activities. Such groups maintain their position through the use of actual or threatened violence, corrupt public officials, graft, or extortion, and generally have a significant impact on the people in their locales, region, or the country as a whole. [http://www.fbi.gov/hq/cid/orgcrime/glossary.htm FBI]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Outreach and Collaboration===
Working across government and with the private sector to share information on threats and other data, and to develop shared approaches to securing cyberspace. [http://www.fas.org/sgp/crs/natsec/R40836.pdf CRS Report for Congress, at 6 (2009).]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Pricing_Security | Camp and Wolfram]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Introduction_to_Country_Reports | ENISA]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
*[[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | Moore and Clayton]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Password Weakness===
Security threats caused by the use of easily guessable passwords which protect vital stores of confidential information stored online.

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Patching===
Patching refers to the installation of a piece of software designed to fix problems with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability or performance. Though meant to fix problems, poorly designed patches can sometimes introduce new problems. [http://en.wikipedia.org/wiki/Patch_%28computing%29 Wikipedia]

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Phishing===
The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]],
* [[2007_Malware_Report | Computer Economics]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Privacy Law===
Laws which regulate the protection of confidential personal information stored in private records or disclosed to a professional. Also includes laws which regulate the gathering of electronic data in which personal information is accumulated or misappropriated.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy | Besunder]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Red Team===
A structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners’ and adversaries’ perspectives. See [http://www.tradoc.army.mil/pao/tnsarchives/July05/070205.htm U.S. Army]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | Deputy Chief of Staff for Intelligence]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Research & Development===
Research and development (R&D) addressing cyber security and information infrastructure protection.

References:
* [[Pricing_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Research_Agenda_for_the_Banking_and_Finance_Sector | Financial Services Sector Coordinating Council for Critical Infrastructure Protection]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[Cyber_Security_Research_and_Development_Agenda | Institute for Information Infrastructure Protection]]
* [[The_Need_for_a_National_Cybersecurity_Research_and_Development_Agenda | Maughan]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Risk Modeling===
The creation of a model to estimate risk exposure, policy option efficacy and cost-benefit analysis of a particular threat and solution. See [http://cisac.stanford.edu/publications/how_much_is_enough__a_riskmanagement_approach_to_computer_security/ Soo Hoo, Kevin J.]

References:
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Making_the_Best_Use_of_Cybersecurity_Economic_Models | Rue and Pfleeger]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]
* [[Beyond_Fear | Schneier]]
* [[Managing_Online_Security_Risks | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SCADA Systems===
SCADA stands for "supervisory control and data acquisition" and in the cybersecurity context usually refers to industrial control systems that control infrastructure such as electrical power transmission and distribution, water treatment and distribution, wastewater collection and treatment, oil and gas pipelines and large communication systems. The focus is on whether as these systems are connected to the public Internet they become vulnerable to a remote attack.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[Cyber_Power | Nye]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Scareware===
Software or web site that purports to be security software reporting a threat against a user's computer to convince the user to purchase unneeded software or install malware.

* [[2007_Malware_Report | Computer Economics]]
* [[McAfee Threats Report | McAfee]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Script Kiddie===
A derogatory term for a [[#Black_Hat | Black Hat]] who uses canned tools and programs written by more skillful [[#Hacker | hackers]] to commit cyber crime without understanding how they work.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Security Trade-Offs===
There is no single correct level of security; how much security you have depends on what you’re willing to give up in order to get it. This trade-off is, by its very nature, subjective—secu- rity decisions are based on personal judgments. Different people have different senses of what constitutes a threat, or what level of risk is acceptable. What’s more, between different commu- nities, or organizations, or even entire societies, there is no agreed-upon way in which to define threats or evaluate risks, and the modern technological and media-filled world makes these evaluations even harder. [http://www.scribd.com/doc/12185921/beyond-fear-thinking-sensibly-about-security-in-an-uncertain-world-bruce-schneier-copernicus-books-2003 Bruce Schneier]

References:

*[[Cyber-Insurance_Revisited | Bohme]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Shoulder Surfing===
The process of obtaining passwords or other sensitive information by covertly watching an authorized user enter information into a computer system.

References:
* [[Security_Engineering | Anderson]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sneakernet===
Describes the transfer of data between computers or networks that are not physically, electrically or electromagnetically connected requiring information to be shared by physically transporting media contain the shared information from one computer to another. Initially described systems lacking the technology to network together, now usually refers to systems deliberately isolated for security reasons.

See also: [[#Air-Gapped_Network | Air-Gapped Network]]

===Social Engineering===
Conning a human into supplying passwords, computer access or other sensitive information by pretending to be a person with rights to the information or who the target believes they must surrender the information to.

References:
* [[Security_Engineering | Anderson]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Cyber_Power | Nye]]
* [[The_Market_Consequences_of_Cybersecurity:_Defining_Externalities_and_Ways_to_Address_Them | OECD]], [[Cybersecurity_and_Economic_Incentives | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Social Network===
A software application or website that allows a large group of users to interact with each other, often allowing the creation of online portals or identities to share with specific people or the online world at large.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Software Vulnerability===

A software vulnerablilty refers to the existence of a flaw -- or "bug" -- in software that may allow a third party or program to obtain unauthorized access to the flaw and exploit it. [http://www.spi.dod.mil/tenets.htm U.S. Air Force Software Protection Initiative]

References:
* [[Security_Engineering | Anderson]]
* [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission Impact of Foreign Influence on DoD Software | DoD]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The Price of Restricting Vulnerability Publications | Granick]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SPAM===
Unwanted or junk email usually sent indiscriminately in bulk selling illegal or near illegal goods or services. Even with low response rates and heavy filtering, SPAM can stil be economically viable because of the extremely low costs in sending even huge quantities of electronic messages. Commonly believed to be named after the [http://www.youtube.com/watch?v=anwy2MPT5RE Monty Python skit] where the breakfast meat Spam overwhelms all other food choices.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sponsored Attacks===
[[#Computer_Network_Attack | Computer network attacks]] commissioned by, supported by or carried out by a state or government.

Reverences:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===State Affiliation===
Under the control or command of a recognized state or government.

References:
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Tragedy of Commons===
A situation, first described in an influential article written by ecologist Garrett Hardin for the journal Science, in 1968, in which multiple individuals, acting independently, and solely and rationally consulting their own self-interest, will ultimately deplete a shared limited resource even when it is clear that it is not in anyone's long-term interest for this to happen. The term can be applied to any issue related to the management of a shared resource, from energy to the public domain, to cybersecurity.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Transparency===
A set of policies, practices and procedures that allow citizens to have accessibility, usability, informativeness, understandability and auditability of information and process held by centers of authority. [http://en.wikipedia.org/wiki/Transparency_(social) Wikipedia]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Trojan===
[[#Malware | Malware]] which masquerades as some other type of program such as a link to a web site, a desirable image, etc. to trick a user into installing it. Named for the Ancient Greek legend of the [http://www.mlahanas.de/Greeks/Mythology/TrojanHorse.html Trojan Horse].

References:
* [[Security_Engineering | Anderson]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
*[[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Military Technologies===
Warfare made possible by advances in remotely controlled or semiautomated military technologies which remove the operator from risk of harm while attacking an opponent.

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Global_Cyber_Deterrence_Views_from_China | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Warfare===

See: [[#Virtual_Military_Technologies | Virtual Military Technologies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===White Hat===
A white hat is a computer [[#Hacker | hacker]] who works to find and fix computer security risks. White hat consultants are often hired to attempt to break into their client's network to see if all security holes have been addressed.

See also: [[#Black_Hat | Black Hat]]

References:
* [[Security_Engineering | Anderson]], [[Why_Information_Security_is_Hard | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Whitelist===
A list of computers, IP (Internet Protocol) addresses, user names or other identifiers to specifically allow access to a computing resource. Normally combined with a default "no-access" policy.

See also: [[#Blacklist | Blacklist]]

References:
* [[Security_Engineering | Anderson]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Worm===
A type of malware that replicates itself and spreads to other computers through network connections.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Zero-Day Exploit===
[[#Malware | Malware]] designed to exploit a newly discovered security hole unknown to the software developer. "Zero-day" refers to the amount of time a developer has between learning of a security hole and the time it becomes public or when [[#Black_Hat | black hat]] [[#Hacker | hackers]] find out about it and try to use the security hole for nefarious purposes.

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[McAfee Threats Report | McAfee]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

Keyword Index and Glossary of Core Ideas

2010-08-03T19:36:08Z

Felix: /* Casus Belli */

==Keyword Index and Glossary of Core Ideas==

===Air-Gapped Network===
Air gapping is a security measure that isolates a secure network from unsecure networks physically, electrically and electromagnetically.

See also: [[Keyword_Index_and_Glossary_of_Core_Ideas#Sneakernet | Sneakernet]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Antivirus===
Software which attempts to identify and delete or isolate [[#Malware |malware]]. Antivirus software may use both a database containing signatures of known threats and heuristics to identify malware. Usually run as a background service to scan files and email copied to the protected system.

References:
* [[Security_Engineering | Anderson]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Best Practices===

The processes, practices, and systems identified in public and private organizations that performed exceptionally well and are widely recognized as improving an organization's performance and efficiency in specific areas. Successfully identifying and applying best practices can reduce business expenses and improve organizational efficiency. [http://www.gao.gov/special.pubs/bprag/bprgloss.htm GAO Glossary]

* [[Hardening_The_Internet | National Infrastructure Advisory Council]]

===Black Hat===
A black hat is a computer [[#Hacker | hacker]] who works to harm others (e.g., steal identities, spread computer viruses, install bot software).

See also: [[#White_Hat | White Hat]]

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Blacklist===
A list of computers, IP addresses, user names or other identifiers to block from access to a computing resource.

See also: [[#Whitelist | Whitelist]]

References:
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Botnet===
A portmanteau of "robot" and "network." Refers to networks of sometimes millions of infected machines that are remotely controlled by malicious actors. A single infected computer may be referred to as a zombie computer. The owners of the computer remotely controlled is often unaware of the infection. The owners of a botnet may use the combined network processing power and bandwidth to send [[#SPAM | SPAM]], install [[#Malware | malware]] and mount [[#DDoS_Attack | DDoS attacks]] or may rent out the botnet to other malicious actors.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Power | Nye]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Schneier_on_Security | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===''Casus Belli''===
The justification for going to war. From the Latin "''casus''" meaning "incident" or "event" and "''belli''" meaning "of war."

References:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Wired_Warfare | Schmitt]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Civilian Participation===
The involvement of non-military persons in warfare. While civilians have often provided support to the military in kinetic wars, in [[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Warfare | cyber warfare]] civilians are able to remotely participate in direct attacks against opponents. This raises complicated questions of law when the combatants are not uniformed military personnel.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Combatant Status===
The legal status of combatants in warfare. Existing law distinguishes between uniformed military and civilian status.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Emergency Response Team===
A group of experts brought together to deal with computer security issues. The Computer Emergency Response Team (CERT) mandate is to develop and promote best management practices and technology applications to “resist attacks on networked systems, to limit damage, and to ensure continuity of critical services.” (Software Engineering Institute 2008). CERT may be formed by governments to handle security at the national level or by academic institutions or individual corporations.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Network Attack===
Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves. [http://www.fas.org/irp/doddir/dod/jp3_13.pdf Joint Doctrine for Information Operations JP 3-13 at I-9 (1998)]

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Information_Security | GAO]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Computers_and_War | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Communications Privacy Law===
Laws which regulate access to electronic communications. In the United States, the [http://www.usiia.org/legis/ecpa.html Electronic Communications Privacy Act (ECPA]) protects electronic communications while in transit and prohibits the unlawful access and disclosure of communication contents.

References:
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[Cybersecurity:_Preventing_Terrorist_Attacks_and_Protecting_Privacy_in_Cyberspace | Nojeim]]
* [[Cyber_Power | Nye]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===COTS Software===
Commercial Off The Shelf Software. Software that is prepackaged and sold as a commodity rather than custom written for a specific user/organization or purpose. Examples include operating systems, database management programs, email servers, application servers and office product suites. [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD at 18.]]

References:
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Trust in Cyberspace | National Research Council]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Credit Card Fraud===
Theft of goods or services using false or stolen credit card information.

See Also: [[#Shoulder_Surfing | Shoulder Surfing]]

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Crimeware===
Software tools designed to aid criminals in perpetrating online crime. Refers only to programs not generally considered desirable or usable for ordinary tasks. Thus, while a criminal may use Internet Explorer in the commission of a [[#Cyber_Crime | cybercrime]], the Internet Explorer application itself would not be considered crimeware.

References:
* [[2007_Malware_Report |Computer Economics]]
* [[Cybersecurity | Bauer and van Eeten]], [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Crime===
In its broadest definition, cybercrime includes all crime perpetrated with or involving a computer. Symantec defines it as any crime that is committed using a computer or network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime. The crime may take place on the computer alone or in addition to other locations. [http://www.symantec.com/norton/cybercrime/definition.jsp Symantec]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as an Externality===
Economists define externalities as instances where an individual or firm’s actions have
economic consequences for others for which there is no compensation. One important
distinction is between positive and negative externalities. Instances of the latter are most
commonly discussed, such as the environmental pollution caused by a plant, which may
have impacts on the value of neighboring homes. Important examples of positive
externalities are so common in communications networks that there is a class of "network
externalities. For instance, the simple act of installing telephone service to one additional
customer creates positive externalities on everyone on the telephone network because
they can now each reach one additional person.
Several attributes of computer security suggest that it is an externality. Most importantly,
the lack of security on one machine can cause adverse effects on another. The most
obvious example of this is from electronic commerce, where credit card numbers stolen
from machines lacking security are used to commit fraud at other sites.

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Pricing_Security | Camp and Wolfram]], [[Economics_of_Information_Security | 2]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as a Public Good===
In economics, a public good is a good that is non-rivalrous and non-excludable. Non-rivalry means that consumption of the good by one individual does not reduce availability of the good for consumption by others; and non-excludability that no one can be effectively excluded from using the good.

References:
* [[Security_Engineering | Anderson]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Terrorism===
A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. [http://judiciary.senate.gov/hearings/testimony.cfm?id=1054&wit_id=2995 FBI]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Beyond_Fear | Schneier]]
* [[The_Evolving_Landscape_of_Maritime_Cybersecurity | Shah]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Warfare===
Actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption. [[Cyber_War | Clarke]]

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_War | Clarke]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks#Full_Citation | Cornish]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Global_Cyber_Deterrence | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Data Mining===
The process of extracting hidden information and correlations from one or more databases or collections of data that would not normally be revealed by a simple database query.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy#Synopsis | Besunder]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Schneier on Security | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Department of Homeland Security===
Cabinet level department of the United States assigned, ''inter alia'', the task of protecting against terrorist threats and helping state and local authorities prepare for, respond to and recover from domestic disasters.

References:
* [[Cyber_War | Clarke]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Information_Security | GAO]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]], [[Schneier on Security | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===DDoS Attack===
The disabling of a targeted website or Internet connection by flooding it with such high levels of Internet traffic that it can no longer respond to normal connection requests. Often mounted by directing an army of zombie computers (see [[#Botnet | botnet]]) to connect to the targeted site simultaneously. The targeted site may crash while trying to respond to an overwhelming number of connections requests or it may be disabled because all available bandwidth and/or computing resources are tied up responding to the attack requests.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin. et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Digital Pearl Harbor===
A cyberwarfare attack similar in scale and surprise to the 1941 attack on Pearl Harbor. The expression is often invoked by those who argue that a cyber-based attack is either imminent or inevitable and that by not being properly prepared, the United States will suffer significant and unnecessary losses.

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Disclosure Policy===
A policy that governs the disclosure to clients and other stakeholder by a provider of a computer program or system of defects discovered in those products.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Schneier on Security | Schneier]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Distributed Denial of Service (DDoS)===
See: [[#DDoS_Attack | DDoS Attack]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Dumpster Diving===
A method of obtaining proprietary, confidential or useful information by searching through trash discarded by a target.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Einstein===
The operational name of the National Cybersecurity Protection System (NCPS). Was created in 2003 by the United States Computer Emergency Readiness Team (US-CERT)14 in order to aid in its ability to help reduce and prevent computer network vulnerabilities across the federal government. The initial version of Einstein provided an automated process for collecting, correlating, and analyzing agencies’ computer network traffic information from sensors installed at their Internet connections. The Einstein sensors collected
network flow records at participating agencies, which were then analyzed by US-CERT to detect certain types of malicious activity.

References:
* [[Information_Security | GAO]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===E.U. Cybersecurity===
Discussions relating to cybersecurity of the European Union and of European Union states.

References:
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Introduction_to_Country_Reports | ENISA]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Generativity===
Generativity is a system’s capacity to produce unanticipated change through unﬁltered contributions from broad and varied audiences.

References:

*[[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Geneva Conventions===
Four treaties and three additional protocols that regulates the conduct of hostilities between states and set the standards for humanitarian treatment of the victims of war.

See also: [[#Laws_of_War | Laws of War]]

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacker===
Advanced computer users who spend a lot of time on or with computers and work hard to find vulnerabilities in IT systems. [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]

References:
* [[Security_Engineering | Anderson]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[McAfee Threats Report | McAfee]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivism===
The nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development. [http://www.alexandrasamuel.com/dissertation/index.html Samuel, A.]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivist===
A portmanteau of [[#Hacker | "hacker"]] and "activist." Individuals that have a political motive for their activities, and identify that motivation by their actions, such as defacing opponents’ websites with counter-information or disinformation.

See also: [[#Hacktivism | Hacktivism]]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[McAfee Threats Report | McAfee]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Honeypot===
A computer, network or other information technology resource set as a trap to attract attacks. Honeypots may be used to collect metrics (how long does it take for an unprotected system to be breached), to test defenses, to examine methods of attack or to catch attackers. A honeypot system may also be used to collect [[#SPAM | SPAM]] so it can be added to a [[#Blacklist | blacklist]].

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Identity Fraud/Theft===
The exploitation by malevolent third parties of unwarranted access to clients' or consumers' identities. Often the result of lax data security or privacy measures.

References:
* [[Security_Engineering | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[2007_Malware_Report | Computer Economics]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Asymmetries===
Information asymmetry deals with the study of decisions in transactions where one party has more or better information than the other. This creates an imbalance of power in transactions which can sometimes cause the transactions to go awry.

The software market suffers from the same information asymmetry. Vendors may make claims about the security of their products, but buyers have no reason to trust them. In many cases, even the vendor does not know how secure its software is. So buyers have no reason to pay more for protection, and vendors are disinclined to invest in it.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Cyber_War | Clarke]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Wired_Warfare | Schmitt]]
* [[Schneier on Security | Schneier]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Intelligence Infrastructure/Information Infrastructure===
The network of computers and communication lines underlying critical services that American society has come to depend on: financial systems, the power grid, transportation, emergency services, and government programs. Information infrastructure includes the Internet, telecommunications networks, “embedded” systems (the built-in microprocessors that control machines from microwaves to missiles), and “dedicated” devices like individual personal computers. [http://www.cfr.org/publication/10212/targets_for_terrorism.html Council on Foreign Relations]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Cyber_Power | Nye]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Operations===
Actions taken to affect adversary information and information systems while defending one’s own information and information systems.” Information Operations (IO) can occur during peacetime and at every level of warfare.
Information warfare (IW), by contrast, is IO “conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries” [Joint Chiefs of Staff, Department of Defense, Dictionary of Military and Associated Terms, Joint Publication]

References:
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Interdependencies===
The inter-connections between supposedly independent but often interdependent systems.

See also: [[#SCADA_Systems | SCADA Systems]]

References:
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Cyber-Insurance_Revisited | Bohme]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Trust in Cyberspace | National Research Council]]
* [[Cybersecurity_and_Economic_Incentives | OECD]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | Schmitt]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===International Humanitarian Law===
That part of international law which seek, for humanitarian reasons, to limit the effects of armed conflict. It protects persons who are not or are no longer participating in the hostilities and restricts the means and methods of warfare. International humanitarian law is also known as the law of war or the law of armed conflict. International law is the body of rules governing relations between States. It is contained in agreements between States (treaties or conventions), in customary rules, which consist of State practise considered by them as as legally binding, and in general principles. [http://www.icrc.org/web/eng/siteeng0.nsf/html/humanitarian-law-factsheet ICRC]

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Relay Chat (IRC)===
A method of real-time Internet communication often used by criminals to buy and sell purloined information such as credit card numbers and personal identity information. IRC chatrooms may be open or private.

References:
* [[Security_Engineering | Anderson]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Service Providers===
A company that offers access to the Internet. Internet Service Providers may also provide add-on services such as web hosting, electronic mail, virus scanning, SPAM filtering, etc.

References:
* [[Security_Engineering | Anderson]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[The_Market_Consequences_of_Cybersecurity | OECD]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Keylogger===
Software or hardware that monitors and logs the keystrokes a user types into a computer. The keylogger may store the key sequences locally for later retrieval or send them to a remote location. A hardware keylogger can only be detected by physically inspecting the computer for unusual hardware.

References:
* [[Security_Engineering | Anderson]]
* [[2007_Malware_Report | Computer Economics]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

=== Kinetic Attack===
Traditional mode of warfare in which arms are used to kill opponents and/or destroy an opponent's infrastructure. Usually used to distinguish a cyber attack in which destruction of the opponent's resources is accomplished through targeted information system attacks without resorting to bullets, bombs or explosives.

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Computers_and_War | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Lawfare===
The use of international law to damage an opponent in a war without use of arms.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Laws of War===
The body of law that define the legality of using armed force to resolve a conflict (''jus ad bellum'') and the laws that define the legality of the actual hostilities and related activities (''jus in bello'').

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Cyber-Apocalypse_Now | Gable]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Power | Nye]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Malware===
A variety of computer software designed to infiltrate a user's computer specifically for malicious purposes. Includes, ''inter alia'', computer virus software, botnet software, computer worms, spyware, trojan horses, crimeware and rootkits.

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[2007_Malware_Report | Computer Economics]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Cybersecurity Strategy (U.S.)===
A comprehensive policy to secure America’s digital infrastructure as part of the Administrative Branch's [http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative Comprehensive National Cybersecurity Initiative]. The goals of the policy are: to establish a front line of defense against current immediate threats; to defend against threats by enhancing U.S. counterintelligence capabilities and; to strengthen the future cybersecurity environment by expanding cyber education and redirecting research and development efforts to define and develop strategies to deter hostile or malicious activity in cyberspace.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Security_and_Regulation_in_the_United_States | Lewis]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Security===
Broadly refers to the requirement to maintain the survival of the nation-state through the use of economic, military and political power and the exercise of diplomacy. [http://en.wikipedia.org/wiki/National_security Wikipedia]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===New Normalcy===
New normalcy has become an episodic polict construct in U.S. strategic ideation. National leadership has relied on the new normalcy clarion call to illuminate moments in time when it is understood that the Nation faces not only a severe threat, but also a transcending reorientation. Often invoked in times of national crisis, new normalcy in the American experience signals a cardinal shift in the nature of U.S. security. ["Cyber Operations - The New Balance," Stephen W. Korns]

===Notice and Take-down===
Most commonly used to remove infringing web material under copyright law, a notice and take-down regime is a procedure by which an infringing web site is removed from a service provider's (ISP) network, or access to an allegedly infringing website, disabled. Websites violating copyright are subject to notice and take-down, as are phishing websites.

References:
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Organized Crime===
Groups having some manner of a formalized structure and whose primary objective is to obtain money through illegal activities. Such groups maintain their position through the use of actual or threatened violence, corrupt public officials, graft, or extortion, and generally have a significant impact on the people in their locales, region, or the country as a whole. [http://www.fbi.gov/hq/cid/orgcrime/glossary.htm FBI]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Outreach and Collaboration===
Working across government and with the private sector to share information on threats and other data, and to develop shared approaches to securing cyberspace. [http://www.fas.org/sgp/crs/natsec/R40836.pdf CRS Report for Congress, at 6 (2009).]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Pricing_Security | Camp and Wolfram]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Introduction_to_Country_Reports | ENISA]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
*[[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | Moore and Clayton]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Password Weakness===
Security threats caused by the use of easily guessable passwords which protect vital stores of confidential information stored online.

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Patching===
Patching refers to the installation of a piece of software designed to fix problems with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability or performance. Though meant to fix problems, poorly designed patches can sometimes introduce new problems. [http://en.wikipedia.org/wiki/Patch_%28computing%29 Wikipedia]

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Phishing===
The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]],
* [[2007_Malware_Report | Computer Economics]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Privacy Law===
Laws which regulate the protection of confidential personal information stored in private records or disclosed to a professional. Also includes laws which regulate the gathering of electronic data in which personal information is accumulated or misappropriated.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy | Besunder]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Red Team===
A structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners’ and adversaries’ perspectives. See [http://www.tradoc.army.mil/pao/tnsarchives/July05/070205.htm U.S. Army]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | Deputy Chief of Staff for Intelligence]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Research & Development===
Research and development (R&D) addressing cyber security and information infrastructure protection.

References:
* [[Pricing_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Research_Agenda_for_the_Banking_and_Finance_Sector | Financial Services Sector Coordinating Council for Critical Infrastructure Protection]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[Cyber_Security_Research_and_Development_Agenda | Institute for Information Infrastructure Protection]]
* [[The_Need_for_a_National_Cybersecurity_Research_and_Development_Agenda | Maughan]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Risk Modeling===
The creation of a model to estimate risk exposure, policy option efficacy and cost-benefit analysis of a particular threat and solution. See [http://cisac.stanford.edu/publications/how_much_is_enough__a_riskmanagement_approach_to_computer_security/ Soo Hoo, Kevin J.]

References:
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Making_the_Best_Use_of_Cybersecurity_Economic_Models | Rue and Pfleeger]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]
* [[Beyond_Fear | Schneier]]
* [[Managing_Online_Security_Risks | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SCADA Systems===
SCADA stands for "supervisory control and data acquisition" and in the cybersecurity context usually refers to industrial control systems that control infrastructure such as electrical power transmission and distribution, water treatment and distribution, wastewater collection and treatment, oil and gas pipelines and large communication systems. The focus is on whether as these systems are connected to the public Internet they become vulnerable to a remote attack.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[Cyber_Power | Nye]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Scareware===
Software or web site that purports to be security software reporting a threat against a user's computer to convince the user to purchase unneeded software or install malware.

* [[2007_Malware_Report | Computer Economics]]
* [[McAfee Threats Report | McAfee]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Script Kiddie===
A derogatory term for a [[#Black_Hat | Black Hat]] who uses canned tools and programs written by more skillful [[#Hacker | hackers]] to commit cyber crime without understanding how they work.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Security Trade-Offs===
There is no single correct level of security; how much security you have depends on what you’re willing to give up in order to get it. This trade-off is, by its very nature, subjective—secu- rity decisions are based on personal judgments. Different people have different senses of what constitutes a threat, or what level of risk is acceptable. What’s more, between different commu- nities, or organizations, or even entire societies, there is no agreed-upon way in which to define threats or evaluate risks, and the modern technological and media-filled world makes these evaluations even harder. [http://www.scribd.com/doc/12185921/beyond-fear-thinking-sensibly-about-security-in-an-uncertain-world-bruce-schneier-copernicus-books-2003 Bruce Schneier]

References:

*[[Cyber-Insurance_Revisited | Bohme]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Shoulder Surfing===
The process of obtaining passwords or other sensitive information by covertly watching an authorized user enter information into a computer system.

References:
* [[Security_Engineering | Anderson]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sneakernet===
Describes the transfer of data between computers or networks that are not physically, electrically or electromagnetically connected requiring information to be shared by physically transporting media contain the shared information from one computer to another. Initially described systems lacking the technology to network together, now usually refers to systems deliberately isolated for security reasons.

See also: [[#Air-Gapped_Network | Air-Gapped Network]]

===Social Engineering===
Conning a human into supplying passwords, computer access or other sensitive information by pretending to be a person with rights to the information or who the target believes they must surrender the information to.

References:
* [[Security_Engineering | Anderson]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Cyber_Power | Nye]]
* [[The_Market_Consequences_of_Cybersecurity:_Defining_Externalities_and_Ways_to_Address_Them | OECD]], [[Cybersecurity_and_Economic_Incentives | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Social Network===
A software application or website that allows a large group of users to interact with each other, often allowing the creation of online portals or identities to share with specific people or the online world at large.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Software Vulnerability===

A software vulnerablilty refers to the existence of a flaw -- or "bug" -- in software that may allow a third party or program to obtain unauthorized access to the flaw and exploit it. [http://www.spi.dod.mil/tenets.htm U.S. Air Force Software Protection Initiative]

References:
* [[Security_Engineering | Anderson]]
* [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission Impact of Foreign Influence on DoD Software | DoD]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The Price of Restricting Vulnerability Publications | Granick]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SPAM===
Unwanted or junk email usually sent indiscriminately in bulk selling illegal or near illegal goods or services. Even with low response rates and heavy filtering, SPAM can stil be economically viable because of the extremely low costs in sending even huge quantities of electronic messages. Commonly believed to be named after the [http://www.youtube.com/watch?v=anwy2MPT5RE Monty Python skit] where the breakfast meat Spam overwhelms all other food choices.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sponsored Attacks===
[[#Computer_Network_Attack | Computer network attacks]] commissioned by, supported by or carried out by a state or government.

Reverences:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===State Affiliation===
Under the control or command of a recognized state or government.

References:
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Tragedy of Commons===
A situation, first described in an influential article written by ecologist Garrett Hardin for the journal Science, in 1968, in which multiple individuals, acting independently, and solely and rationally consulting their own self-interest, will ultimately deplete a shared limited resource even when it is clear that it is not in anyone's long-term interest for this to happen. The term can be applied to any issue related to the management of a shared resource, from energy to the public domain, to cybersecurity.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Transparency===
A set of policies, practices and procedures that allow citizens to have accessibility, usability, informativeness, understandability and auditability of information and process held by centers of authority. [http://en.wikipedia.org/wiki/Transparency_(social) Wikipedia]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Trojan===
[[#Malware | Malware]] which masquerades as some other type of program such as a link to a web site, a desirable image, etc. to trick a user into installing it. Named for the Ancient Greek legend of the [http://www.mlahanas.de/Greeks/Mythology/TrojanHorse.html Trojan Horse].

References:
* [[Security_Engineering | Anderson]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
*[[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Military Technologies===
Warfare made possible by advances in remotely controlled or semiautomated military technologies which remove the operator from risk of harm while attacking an opponent.

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Global_Cyber_Deterrence_Views_from_China | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Warfare===

See: [[#Virtual_Military_Technologies | Virtual Military Technologies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===White Hat===
A white hat is a computer [[#Hacker | hacker]] who works to find and fix computer security risks. White hat consultants are often hired to attempt to break into their client's network to see if all security holes have been addressed.

See also: [[#Black_Hat | Black Hat]]

References:
* [[Security_Engineering | Anderson]], [[Why_Information_Security_is_Hard | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Whitelist===
A list of computers, IP (Internet Protocol) addresses, user names or other identifiers to specifically allow access to a computing resource. Normally combined with a default "no-access" policy.

See also: [[#Blacklist | Blacklist]]

References:
* [[Security_Engineering | Anderson]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Worm===
A type of malware that replicates itself and spreads to other computers through network connections.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Zero-Day Exploit===
[[#Malware | Malware]] designed to exploit a newly discovered security hole unknown to the software developer. "Zero-day" refers to the amount of time a developer has between learning of a security hole and the time it becomes public or when [[#Black_Hat | black hat]] [[#Hacker | hackers]] find out about it and try to use the security hole for nefarious purposes.

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[McAfee Threats Report | McAfee]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

Towards a Cyberspace Legal Regime in the Twenty-First Century

2010-08-03T19:35:12Z

Felix: /* Key Words */

==Full Title of Reference==
Towards a Cyberspace Legal Regime in the Twenty-First Century

==Full Citation==

Charles J. Dunlap, Jr., ''Towards a Cyberspace Legal Regime in the Twenty-First Century: Considerations for American Cyber-Warriors,'' 87 Neb. L. Rev. 712 (2009).

[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&view=detailed&startkey=Dunlap_CJ:2009&f=wikibiblio.bib BibTeX]

==Categorization==
* Threats and Actors: [[States]]
* Issues: [[Cyberwar]]; [[Psychology and Politics]]; [[Privacy]]
* Approaches: [[International Law (including Laws of War)]]

==Key Words==
[[Keyword_Index_and_Glossary_of_Core_Ideas#Casus_Belli | Casus Belli]], [[Keyword_Index_and_Glossary_of_Core_Ideas#Civilian_Participation | Civilian Participation]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Warfare | Cyber Warfare]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#DDoS_Attack | DDoS Attack]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Information_Asymmetries | Information Asymmetries]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Kinetic_Attack | Kinetic Attack]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Lawfare | Lawfare]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Laws_of_War | Laws of War]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#SCADA_Systems | SCADA Systems]]

==Synopsis==
This text was presented at the Air University 2008 Cyberspace Symposium, Maxwell AFB, AL, on 16 July 2008.
Before going int the detail of what should constitute a cyberspace legal regime in the twenty-first century, Major General Charles J. Dunlap, Jr makes important remarks about cyber-warfare:
* The cyber world in all its many dimensions is embedded in virtually all national security issues.
* Much of what transpires in the cyber realm does not resemble traditional military threats. However, current legal architecture for the law of war is built upon the concept of traditional military threats (not all laws and treaties are irrelevant; rather, it means that it takes hard work and innovative analysis to apply existing law to emerging cyber issues).
* Appropriate commanders should be given authority to utilize non-kinetic, or cyber, responses under the same rules that govern their use of weapon systems that result in kinetic effects.
* It may well be prudent, for many reasons, to support civilian law enforcement agencies as the first line of defense for such probes, even for cyber actions aimed at domestic military facilities.
* The notion of the teenage hacker able to cause catastrophic damage from the computer in his bedroom is outdated. Some years ago, the authors says, there may have been a "window of opportunity" where such scenarios might have occurred, but much has happened in the interim. If terrorist groups are a threat, he thinks that only a nation-state could cause the kind of debilitating damage that would equate to defeat in war.

'''Moving forward with international legal instruments regarding cyberwar''':

Whether consolidated in a unitary convention or strengthened in existing regimes, the scope of protections available is limited only by the imagination and the need for agreement. Possibilities offered by a number of people include:
* Reaffirming the sanctity of communications relay systems, including those in space -- a regime begun under the Hague Convention of 1907 and elaborated upon under the International Telecommunications Union ("ITU");
* Strengthening protections for communications systems and stations -- elements of which can be found within the ITU and the Law of the Sea Convention;
* Reinforcing the sanctity of navigational tools such as Tactical Air Navigation ("TACAN") and the Global Positioning System ("GPS"), including systems both terrestrial and those in space--a regime supported by the Chicago Convention and International Civil Aviation Organization;
* Reaffirming the sanctity of arms control verification tools, especially those in space -- a regime established through multiple arms control agreements;
* Protecting supervisory control and data acquisition ("SCADA") systems that control critical infrastructure like dams, pipelines, and nuclear reactors;
* Providing prohibitions and consequences for economic espionage;
* Agreements to cooperate in cyber criminal investigations modeled on mutual legal assistance treaties ("MLATs") or the Cybercrime convention;
* Creation of a tracking and logging regime to strip the anonymity of global hackers, much the way tracking materials can be embedded in high explosives to identify their origin;
* Baseline speech restrictions -- for example rules against terrorist incitement, bomb building instructions, exchange of computer network attack programs, and so forth -- so long as such rules comply with domestic laws, such as the U.S. First Amendment.

==Additional Notes and Highlights==

Towards a Cyberspace Legal Regime in the Twenty-First Century

2010-08-03T19:34:11Z

Felix: /* Categorization */

==Full Title of Reference==
Towards a Cyberspace Legal Regime in the Twenty-First Century

==Full Citation==

Charles J. Dunlap, Jr., ''Towards a Cyberspace Legal Regime in the Twenty-First Century: Considerations for American Cyber-Warriors,'' 87 Neb. L. Rev. 712 (2009).

[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&view=detailed&startkey=Dunlap_CJ:2009&f=wikibiblio.bib BibTeX]

==Categorization==
* Threats and Actors: [[States]]
* Issues: [[Cyberwar]]; [[Psychology and Politics]]; [[Privacy]]
* Approaches: [[International Law (including Laws of War)]]

==Key Words==
[[Keyword_Index_and_Glossary_of_Core_Ideas#Casus_Belli | Casus Belli]], [[Keyword_Index_and_Glossary_of_Core_Ideas#Civilian_Participation | Civilian Participation]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Combatant_Status | Combatant Status]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Warfare | Cyber Warfare]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#DDoS_Attack | DDoS Attack]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Geneva_Conventions | Geneva Conventions]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Information_Asymmetries | Information Asymmetries]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Kinetic_Attack | Kinetic Attack]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Lawfare | Lawfare]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Laws_of_War | Laws of War]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Malware | Malware]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#SCADA_Systems | SCADA Systems]]

==Synopsis==
This text was presented at the Air University 2008 Cyberspace Symposium, Maxwell AFB, AL, on 16 July 2008.
Before going int the detail of what should constitute a cyberspace legal regime in the twenty-first century, Major General Charles J. Dunlap, Jr makes important remarks about cyber-warfare:
* The cyber world in all its many dimensions is embedded in virtually all national security issues.
* Much of what transpires in the cyber realm does not resemble traditional military threats. However, current legal architecture for the law of war is built upon the concept of traditional military threats (not all laws and treaties are irrelevant; rather, it means that it takes hard work and innovative analysis to apply existing law to emerging cyber issues).
* Appropriate commanders should be given authority to utilize non-kinetic, or cyber, responses under the same rules that govern their use of weapon systems that result in kinetic effects.
* It may well be prudent, for many reasons, to support civilian law enforcement agencies as the first line of defense for such probes, even for cyber actions aimed at domestic military facilities.
* The notion of the teenage hacker able to cause catastrophic damage from the computer in his bedroom is outdated. Some years ago, the authors says, there may have been a "window of opportunity" where such scenarios might have occurred, but much has happened in the interim. If terrorist groups are a threat, he thinks that only a nation-state could cause the kind of debilitating damage that would equate to defeat in war.

'''Moving forward with international legal instruments regarding cyberwar''':

Whether consolidated in a unitary convention or strengthened in existing regimes, the scope of protections available is limited only by the imagination and the need for agreement. Possibilities offered by a number of people include:
* Reaffirming the sanctity of communications relay systems, including those in space -- a regime begun under the Hague Convention of 1907 and elaborated upon under the International Telecommunications Union ("ITU");
* Strengthening protections for communications systems and stations -- elements of which can be found within the ITU and the Law of the Sea Convention;
* Reinforcing the sanctity of navigational tools such as Tactical Air Navigation ("TACAN") and the Global Positioning System ("GPS"), including systems both terrestrial and those in space--a regime supported by the Chicago Convention and International Civil Aviation Organization;
* Reaffirming the sanctity of arms control verification tools, especially those in space -- a regime established through multiple arms control agreements;
* Protecting supervisory control and data acquisition ("SCADA") systems that control critical infrastructure like dams, pipelines, and nuclear reactors;
* Providing prohibitions and consequences for economic espionage;
* Agreements to cooperate in cyber criminal investigations modeled on mutual legal assistance treaties ("MLATs") or the Cybercrime convention;
* Creation of a tracking and logging regime to strip the anonymity of global hackers, much the way tracking materials can be embedded in high explosives to identify their origin;
* Baseline speech restrictions -- for example rules against terrorist incitement, bomb building instructions, exchange of computer network attack programs, and so forth -- so long as such rules comply with domestic laws, such as the U.S. First Amendment.

==Additional Notes and Highlights==

Towards a Cyberspace Legal Regime in the Twenty-First Century

2010-08-03T19:32:17Z

Felix: /* Synopsis */

==Full Title of Reference==
Towards a Cyberspace Legal Regime in the Twenty-First Century

==Full Citation==

Charles J. Dunlap, Jr., ''Towards a Cyberspace Legal Regime in the Twenty-First Century: Considerations for American Cyber-Warriors,'' 87 Neb. L. Rev. 712 (2009).

[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&view=detailed&startkey=Dunlap_CJ:2009&f=wikibiblio.bib BibTeX]

==Categorization==
* Threats and Actors: [[Military Networks (.mil)]], [[States]]
* Issues: [[Cyberwar]]; [[Government to Government]]
* Approaches: [[International Law (including Laws of War)]]

==Key Words==
[[Keyword_Index_and_Glossary_of_Core_Ideas#Casus_Belli | Casus Belli]], [[Keyword_Index_and_Glossary_of_Core_Ideas#Civilian_Participation | Civilian Participation]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Combatant_Status | Combatant Status]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Warfare | Cyber Warfare]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#DDoS_Attack | DDoS Attack]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Geneva_Conventions | Geneva Conventions]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Information_Asymmetries | Information Asymmetries]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Kinetic_Attack | Kinetic Attack]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Lawfare | Lawfare]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Laws_of_War | Laws of War]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Malware | Malware]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#SCADA_Systems | SCADA Systems]]

==Synopsis==
This text was presented at the Air University 2008 Cyberspace Symposium, Maxwell AFB, AL, on 16 July 2008.
Before going int the detail of what should constitute a cyberspace legal regime in the twenty-first century, Major General Charles J. Dunlap, Jr makes important remarks about cyber-warfare:
* The cyber world in all its many dimensions is embedded in virtually all national security issues.
* Much of what transpires in the cyber realm does not resemble traditional military threats. However, current legal architecture for the law of war is built upon the concept of traditional military threats (not all laws and treaties are irrelevant; rather, it means that it takes hard work and innovative analysis to apply existing law to emerging cyber issues).
* Appropriate commanders should be given authority to utilize non-kinetic, or cyber, responses under the same rules that govern their use of weapon systems that result in kinetic effects.
* It may well be prudent, for many reasons, to support civilian law enforcement agencies as the first line of defense for such probes, even for cyber actions aimed at domestic military facilities.
* The notion of the teenage hacker able to cause catastrophic damage from the computer in his bedroom is outdated. Some years ago, the authors says, there may have been a "window of opportunity" where such scenarios might have occurred, but much has happened in the interim. If terrorist groups are a threat, he thinks that only a nation-state could cause the kind of debilitating damage that would equate to defeat in war.

'''Moving forward with international legal instruments regarding cyberwar''':

Whether consolidated in a unitary convention or strengthened in existing regimes, the scope of protections available is limited only by the imagination and the need for agreement. Possibilities offered by a number of people include:
* Reaffirming the sanctity of communications relay systems, including those in space -- a regime begun under the Hague Convention of 1907 and elaborated upon under the International Telecommunications Union ("ITU");
* Strengthening protections for communications systems and stations -- elements of which can be found within the ITU and the Law of the Sea Convention;
* Reinforcing the sanctity of navigational tools such as Tactical Air Navigation ("TACAN") and the Global Positioning System ("GPS"), including systems both terrestrial and those in space--a regime supported by the Chicago Convention and International Civil Aviation Organization;
* Reaffirming the sanctity of arms control verification tools, especially those in space -- a regime established through multiple arms control agreements;
* Protecting supervisory control and data acquisition ("SCADA") systems that control critical infrastructure like dams, pipelines, and nuclear reactors;
* Providing prohibitions and consequences for economic espionage;
* Agreements to cooperate in cyber criminal investigations modeled on mutual legal assistance treaties ("MLATs") or the Cybercrime convention;
* Creation of a tracking and logging regime to strip the anonymity of global hackers, much the way tracking materials can be embedded in high explosives to identify their origin;
* Baseline speech restrictions -- for example rules against terrorist incitement, bomb building instructions, exchange of computer network attack programs, and so forth -- so long as such rules comply with domestic laws, such as the U.S. First Amendment.

==Additional Notes and Highlights==

Towards a Cyberspace Legal Regime in the Twenty-First Century

2010-08-03T19:21:47Z

Felix:

==Full Title of Reference==
Towards a Cyberspace Legal Regime in the Twenty-First Century

==Full Citation==

Charles J. Dunlap, Jr., ''Towards a Cyberspace Legal Regime in the Twenty-First Century: Considerations for American Cyber-Warriors,'' 87 Neb. L. Rev. 712 (2009).

[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&view=detailed&startkey=Dunlap_CJ:2009&f=wikibiblio.bib BibTeX]

==Categorization==
* Threats and Actors: [[Military Networks (.mil)]], [[States]]
* Issues: [[Cyberwar]]; [[Government to Government]]
* Approaches: [[International Law (including Laws of War)]]

==Key Words==
[[Keyword_Index_and_Glossary_of_Core_Ideas#Casus_Belli | Casus Belli]], [[Keyword_Index_and_Glossary_of_Core_Ideas#Civilian_Participation | Civilian Participation]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Combatant_Status | Combatant Status]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Warfare | Cyber Warfare]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#DDoS_Attack | DDoS Attack]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Geneva_Conventions | Geneva Conventions]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Information_Asymmetries | Information Asymmetries]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Kinetic_Attack | Kinetic Attack]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Lawfare | Lawfare]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Laws_of_War | Laws of War]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Malware | Malware]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#SCADA_Systems | SCADA Systems]]

==Synopsis==
This text was presented at the Air University 2008 Cyberspace Symposium, Maxwell AFB, AL, on 16 July 2008.
Before going int the detail of what should constitute a cyberspace legal regime in the twenty-first century, Major General Charles J. Dunlap, Jr makes important remarks about cyber-warfare:
* The cyber world in all its many dimensions is embedded in virtually all national security issues.
* Much of what transpires in the cyber realm does not resemble traditional military threats. However, current legal architecture for the law of war is built upon the concept of traditional military threats (not all laws and treaties are irrelevant; rather, it means that it takes hard work and innovative analysis to apply existing law to emerging cyber issues).
* Appropriate commanders should be given authority to utilize non-kinetic, or cyber, responses under the same rules that govern their use of weapon systems that result in kinetic effects.
* It may well be prudent, for many reasons, to support civilian law enforcement agencies as the first line of defense for such probes, even for cyber actions aimed at domestic military facilities.
* The notion of the teenage hacker able to cause catastrophic damage from the computer in his bedroom is outdated. Some years ago, the authors says, there may have been a "window of opportunity" where such scenarios might have occurred, but much has happened in the interim. If terrorist groups are a threat, he thinks that only a nation-state could cause the kind of debilitating damage that would equate to defeat in war.

'''Moving forward with international legal instruments regarding cyberwar''':
Whether consolidated in a unitary convention or strengthened in existing regimes, the scope of protections available is limited only by the imagination and the need for agreement. Possibilities offered by a number of people include:
* Reaffirming the sanctity of communications relay systems, including those in space -- a regime begun under the Hague Convention of 1907 and elaborated upon under the International Telecommunications Union ("ITU");
* Strengthening protections for communications systems and stations -- elements of which can be found within the ITU and the Law of the Sea Convention;
* Reinforcing the sanctity of navigational tools such as Tactical Air Navigation ("TACAN") and the Global Positioning System ("GPS"), including systems both terrestrial and those in space--a regime supported by the Chicago Convention and International Civil Aviation Organization;
* Reaffirming the sanctity of arms control verification tools, especially those in space -- a regime established through multiple arms control agreements;
* Protecting supervisory control and data acquisition ("SCADA") systems that control critical infrastructure like dams, pipelines, and nuclear reactors;
* Providing prohibitions and consequences for economic espionage;
* Agreements to cooperate in cyber criminal investigations modeled on mutual legal assistance treaties ("MLATs") or the Cybercrime convention;
* Creation of a tracking and logging regime to strip the anonymity of global hackers, much the way tracking materials can be embedded in high explosives to identify their origin;
* Baseline speech restrictions -- for example rules against terrorist incitement, bomb building instructions, exchange of computer network attack programs, and so forth -- so long as such rules comply with domestic laws, such as the U.S. First Amendment.

==Additional Notes and Highlights==

Issues

2010-08-03T15:31:26Z

Felix:

''[[Table of Contents | TOC->]][[Issues]]''

Anderson, Ross (2001) [[Why Information Security is Hard]]

Anderson, Ross and Moore, Tyler (2006) [[The Economics of Information Security]]

Anderson, Ross J. (2008) [[Security Engineering]]

Anderson, Ross, et. al (2008) [[Security Economics and the Internal Market]]

Arora et al. (2006) [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure]]

Aviram, Amitai and Tor, Avishalom (2004) [[Overcoming Impediments to Information Sharing]]

Barkham, Jason (2001) [[Information Warfare and International Law on the Use of Force]]

Beard, Jack M. (2009) [[Law and War in the Virtual Era]]

Bohme, Rainer (2005) [[Cyber-Insurance Revisited]]

Bohme, Rainer and Kataria, Gaurav (2006) [[Models and Measures for Correlation in Cyber-Insurance]]

Bohme, Rainer and Schwartz, Galina (2010) [[Modeling Cyber-Insurance]]

Brown, Davis (2006) [[A Proposal for an International Convention To Regulate the Use of Information Systems in Armed Conflict]]

Camp, and L. Jean and Lewis, Stephen (2004) [[Economics of Information Security]]

Camp, L. Jean and Lewis, Stephen (2004) [[Economics of Information Security]]

Camp, L. Jean and Wolfram, Catherine (2004) [[Pricing Security]]

Center for Strategic and International Studies (2008) [[Securing Cyberspace for the 44th Presidency]]

Clarke, Richard A. and Knake, Robert (2010) [[Cyber War]]

Clinton, Larry (Undated) [[Cyber-Insurance Metrics and Impact on Cyber-Security]]

Computing Research Association (2003) [[Four Grand Challenges in Trustworthy Computing]]

Department of Commerce (2010) [[Defense Industrial Base Assessment]]

Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]

Department of Defense Office of General Counsel (1999) [[An Assessment of International Legal Issues in Information Operations]]

Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]

Deputy Chief of Staff for Intelligence (2006) [[Critical Infrastructure Threats and Terrorism]]

Dörmann, Knut (2004) [[Applicability of the Additional Protocols to Computer Network Attacks]]

Dunlap, Charles J. Jr. ''(2009)'' [[Towards a Cyberspace Legal Regime in the Twenty-First Century]]

Epstein, Richard A. and Brown, Thomas P. (2008) [[Cybersecurity in the Payment Card Industry]]

Energetics Inc. (2006) [[Roadmap to Secure Control Systems in the Energy Sector]]

Financial Services Sector Coordinating Council for Critical Infrastructure Protection (2008) [[Research Agenda for the Banking and Finance Sector]]

Franklin, Jason, et. al (2007) [[An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants]]

Gandal, Neil (2008) [[An Introduction to Key Themes in the Economics of Cyber Security]]

Grady, Mark F. and Parisi, Francesco (2006) [[The Law and Economics of Cybersecurity]]

Granick, Jennifer Stisa (2005) [[The Price of Restricting Vulnerability Publications]]

Hollis, Duncan B. (2007) [[Why States Need an International Law for Information Operations]]

Institute for Information Infrastructure Protection (2003) [[Cyber Security Research and Development Agenda]]

Johnson, Eric M. (2008) [[Managing Information Risk and the Economics of Security]]

Johnson, Vincent R. (2005) [[Cybersecurity, Identity Theft, and the Limits of Tort Liability]]

Kobayashi, Bruce H. (2006) [[An Economic Analysis of the Private and Social Costs of the Provision of Cybersecurity and Other Public Security Goods]]

Korns, Stephen W. (2009) [[Cyber Operations]]

Kramer, Franklin D., et. al (2009) [[Cyberpower and National Security]]

Lernard, Thomas M. and Rubin, Paul H. (2005) [[An Economic Analysis of Notification Requirements for Data Security Breaches]]

Lernard, Thomas M. and Rubin, Paul H. (2006) [[Much Ado About Notification]]

McAfee, Inc. (2010) [[McAfee Threats Report]]

Moore, Tyler and Clayton, Richard (2007) [[Examining the Impact of Website Take-down on Phishing]]

Moore, Tyler and Clayton, Richard (2008) [[The Consequence of Non-Cooperation in the Fight Against Phishing]]

Moore, Tyler and Clayton, Richard (2009) [[The Impact of Incentives on Notice and Take-down]]

Moore, Tyler, et. al (2009) [[The Economics of Online Crime]]

National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]

National Cyber Security Summit Task Force (2004) [[Information Security Governance]]

National Infrastructure Advisory Council (2004) [[Hardening The Internet]]

National Institute of Standards and Technology (2006) [[SP 800-82: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security]]

National Research Council (2007) [[Toward a Safer and More Secure Cyberspace]]

National Research Council (1999) [[Trust in Cyberspace]]

Nye, Joseph (2010) [[Cyber Power]]

Powell, Benjamin (2005) [[Is Cybersecurity a Public Good]]

Romanosky et al. (2008) [[Do Data Breach Disclosure Laws Reduce Identity Theft]]

Rotenberg et. al (2010) [[The Cyber War Threat Has Been Grossly Exaggerated]]

Schmit, Michael N., et. al (2004) [[Computers and War]]

Schmitt, Michael N. (1999) [[Computer Network Attack and the Use of Force in International Law]]

Schmitt, Michael N. (2002) [[Wired Warfare]]

Schneier, Bruce (2003) [[Beyond Fear]]

Schneier, Bruce (2008) [[Schneier on Security]]

Schwartz, Paul and Janger, Edward (2007) [[Notification of Data Security Breaches]]

Sklerov, Matthew J. (2009) [[Solving the Dilemma of State Responses to Cyberattacks]]

Swire, Peter P (2004) [[A Model for When Disclosure Helps Security]]

Swire, Peter P (2006) [[A Theory of Disclosure for Security and Competitive Reasons]]

Symantec Corporation (2010) [[Symantec Global Internet Security Threat Report]]

Telang, Rahul and Wattal, Sunil (2007) [[Impact of Software Vulnerability Announcements on the Market Value of Software Vendors]]

Thomas, Rob and Martin, Jerry (2006) [[The Underground Economy]]

Todd, Graham H. (2009) [[Armed Attack in Cyberspace]]

Trend Micro Incorporated (2010) [[Trend Micro Annual Report]]

van Eeten, Michel J. G. and Bauer, Johannes M. (2008) [[Economics of Malware]]

Varian, Hal (2004) [[System Reliability and Free Riding]]

Watts, Sean (2010) [[Combatant Status and Computer Network Attack]]

Zittrain, Jonathan L. (2008) [[The Future of the Internet and How To Stop It]]

'''''Subcategories:'''''
*''[[Issues | Issues->]][[Metrics]]''
*''[[Issues | Issues->]][[Economics of Cybersecurity | Economics of Cybersecurity->]][[Risk Management and Investment]]''
*''[[Issues | Issues->]][[Economics of Cybersecurity | Economics of Cybersecurity->]][[Incentives]]''
*''[[Issues | Issues->]][[Economics of Cybersecurity | Economics of Cybersecurity->]][[Insurance]]''
*''[[Issues | Issues->]][[Economics of Cybersecurity | Economics of Cybersecurity->]][[Behavioral Economics]]''
*''[[Issues | Issues->]][[Economics of Cybersecurity | Economics of Cybersecurity->]][[Market Failure]]''
*''[[Issues | Issues->]][[Supply Chain Issues]]''
*''[[Issues | Issues->]][[Usability/Human Factors]]''
*''[[Issues | Issues->]][[Psychology and Politics]]''
*''[[Issues | Issues->]][[Information Sharing/Disclosure]]''
*''[[Issues | Issues->]][[Public-Private Cooperation]]''
*''[[Issues | Issues->]][[Attribution]]''
*''[[Issues | Issues->]][[Identity Management]]''
*''[[Issues | Issues->]][[Privacy]]''
*''[[Issues | Issues->]][[Cybercrime]]''
*''[[Issues | Issues->]][[Cyberwar]]''
*''[[Issues | Issues->]][[Espionage | Espionage->]][[Government to Government]]''
*''[[Issues | Issues->]][[Espionage | Espionage->]][[Industrial]]''
*''[[Issues | Issues->]][[Espionage | Espionage->]][[Media Perceptions]]''

''[[Table of Contents| Jump to Table of Contents]]''

Private Efforts/Organizations

2010-08-03T15:31:26Z

Felix:

''[[Table of Contents | TOC->]][[Approaches | Approaches->]][[Private Efforts/Organizations]]''

Bohme, Rainer and Kataria, Gaurav (2006) [[Models and Measures for Correlation in Cyber-Insurance]]

Bohme, Rainer and Schwartz, Galina (2010) [[Modeling Cyber-Insurance]]

Clinton, Larry (Undated) [[Cyber-Insurance Metrics and Impact on Cyber-Security]]

Moore, Tyler and Clayton, Richard (2009) [[The Impact of Incentives on Notice and Take-down]]

National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]

National Cyber Security Summit Task Force (2004) [[Information Security Governance]]

National Infrastructure Advisory Council (2004) [[Hardening The Internet]]

National Institute of Standards and Technology (2006) [[SP 800-82: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security]]

White House (2009) [[Cyberspace Policy Review]]

*'''''Subcategories:''''' ''None''

''[[Table of Contents | Jump to Table of Contents]]''

Incentives

2010-08-03T15:31:26Z

Felix:

''[[Table of Contents | TOC->]][[Issues | Issues->]][[Economics of Cybersecurity | Economics of Cybersecurity->]][[Incentives]]''

Anderson, Ross J. (2008) [[Security Engineering]]

Anderson, Ross (2001) [[Why Information Security is Hard]]

Anderson, Ross and Moore, Tyler (2006) [[The Economics of Information Security]]

Bohme, Rainer (2005) [[Cyber-Insurance Revisited]]

Bohme, Rainer and Schwartz, Galina (2010) [[Modeling Cyber-Insurance]]

Camp, L. Jean and Wolfram, Catherine (2004) [[Pricing Security]]

Gandal, Neil (2008) [[An Introduction to Key Themes in the Economics of Cyber Security]]

Grady, Mark F. and Parisi, Francesco (2006) [[The Law and Economics of Cybersecurity]]

Johnson, Eric M. (2008) [[Managing Information Risk and the Economics of Security]]

Johnson, Vincent R. (2005) [[Cybersecurity, Identity Theft, and the Limits of Tort Liability]]

Kobayashi, Bruce H. (2006) [[An Economic Analysis of the Private and Social Costs of the Provision of Cybersecurity and Other Public Security Goods]]

Lernard, Thomas M. and Rubin, Paul H. (2005) [[An Economic Analysis of Notification Requirements for Data Security Breaches]]

Moore, Tyler and Clayton, Richard (2009) [[The Impact of Incentives on Notice and Take-down]]

Moore, Tyler, et. al (2009) [[The Economics of Online Crime]]

National Research Council (2007) [[Toward a Safer and More Secure Cyberspace]]

National Research Council (1999) [[Trust in Cyberspace]]

Powell, Benjamin (2005) [[Is Cybersecurity a Public Good]]

Romanosky et al. (2008) [[Do Data Breach Disclosure Laws Reduce Identity Theft]]

Schwartz, Paul and Janger, Edward (2007) [[Notification of Data Security Breaches]]

Swire, Peter P (2004) [[A Model for When Disclosure Helps Security]]

Swire, Peter P (2006) [[A Theory of Disclosure for Security and Competitive Reasons]]

Telang, Rahul and Wattal, Sunil (2007) [[Impact of Software Vulnerability Announcements on the Market Value of Software Vendors]]

United States Secret Service (2004) [[Insider Threat Study]]

van Eeten, Michel J. G. and Bauer, Johannes M. (2008) [[Economics of Malware]]

Varian, Hal (2000) [[Managing Online Security Risks]]

Varian, Hal (2004) [[System Reliability and Free Riding]]

*'''''Subcategories:''''' ''None''

''[[Table of Contents| Jump to Table of Contents]]''

Issues

2010-08-03T15:31:26Z

Felix:

''[[Table of Contents | TOC->]][[Issues]]''

Anderson, Ross (2001) [[Why Information Security is Hard]]

Anderson, Ross and Moore, Tyler (2006) [[The Economics of Information Security]]

Anderson, Ross J. (2008) [[Security Engineering]]

Anderson, Ross, et. al (2008) [[Security Economics and the Internal Market]]

Arora et al. (2006) [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure]]

Aviram, Amitai and Tor, Avishalom (2004) [[Overcoming Impediments to Information Sharing]]

Barkham, Jason (2001) [[Information Warfare and International Law on the Use of Force]]

Beard, Jack M. (2009) [[Law and War in the Virtual Era]]

Bohme, Rainer (2005) [[Cyber-Insurance Revisited]]

Bohme, Rainer and Kataria, Gaurav (2006) [[Models and Measures for Correlation in Cyber-Insurance]]

Bohme, Rainer and Schwartz, Galina (2010) [[Modeling Cyber-Insurance]]

Brown, Davis (2006) [[A Proposal for an International Convention To Regulate the Use of Information Systems in Armed Conflict]]

Camp, and L. Jean and Lewis, Stephen (2004) [[Economics of Information Security]]

Camp, L. Jean and Lewis, Stephen (2004) [[Economics of Information Security]]

Camp, L. Jean and Wolfram, Catherine (2004) [[Pricing Security]]

Center for Strategic and International Studies (2008) [[Securing Cyberspace for the 44th Presidency]]

Clarke, Richard A. and Knake, Robert (2010) [[Cyber War]]

Clinton, Larry (Undated) [[Cyber-Insurance Metrics and Impact on Cyber-Security]]

Computing Research Association (2003) [[Four Grand Challenges in Trustworthy Computing]]

Department of Commerce (2010) [[Defense Industrial Base Assessment]]

Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]

Department of Defense Office of General Counsel (1999) [[An Assessment of International Legal Issues in Information Operations]]

Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]

Deputy Chief of Staff for Intelligence ''(2006)'' [[Critical Infrastructure Threats and Terrorism]]

Dörmann, Knut (2004) [[Applicability of the Additional Protocols to Computer Network Attacks]]

Dunlap, Charles J. Jr. ''(2009)'' [[Towards a Cyberspace Legal Regime in the Twenty-First Century]]

Epstein, Richard A. and Brown, Thomas P. (2008) [[Cybersecurity in the Payment Card Industry]]

Energetics Inc. (2006) [[Roadmap to Secure Control Systems in the Energy Sector]]

Financial Services Sector Coordinating Council for Critical Infrastructure Protection (2008) [[Research Agenda for the Banking and Finance Sector]]

Franklin, Jason, et. al (2007) [[An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants]]

Gandal, Neil (2008) [[An Introduction to Key Themes in the Economics of Cyber Security]]

Grady, Mark F. and Parisi, Francesco (2006) [[The Law and Economics of Cybersecurity]]

Granick, Jennifer Stisa (2005) [[The Price of Restricting Vulnerability Publications]]

Hollis, Duncan B. (2007) [[Why States Need an International Law for Information Operations]]

Institute for Information Infrastructure Protection (2003) [[Cyber Security Research and Development Agenda]]

Johnson, Eric M. (2008) [[Managing Information Risk and the Economics of Security]]

Johnson, Vincent R. (2005) [[Cybersecurity, Identity Theft, and the Limits of Tort Liability]]

Kobayashi, Bruce H. (2006) [[An Economic Analysis of the Private and Social Costs of the Provision of Cybersecurity and Other Public Security Goods]]

Korns, Stephen W. ''(2009)'' [[Cyber Operations]]

Kramer, Franklin D., et. al (2009) [[Cyberpower and National Security]]

Lernard, Thomas M. and Rubin, Paul H. (2005) [[An Economic Analysis of Notification Requirements for Data Security Breaches]]

Lernard, Thomas M. and Rubin, Paul H. (2006) [[Much Ado About Notification]]

McAfee, Inc. (2010) [[McAfee Threats Report]]

Moore, Tyler and Clayton, Richard (2007) [[Examining the Impact of Website Take-down on Phishing]]

Moore, Tyler and Clayton, Richard (2008) [[The Consequence of Non-Cooperation in the Fight Against Phishing]]

Moore, Tyler and Clayton, Richard (2009) [[The Impact of Incentives on Notice and Take-down]]

Moore, Tyler, et. al (2009) [[The Economics of Online Crime]]

National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]

National Cyber Security Summit Task Force (2004) [[Information Security Governance]]

National Infrastructure Advisory Council (2004) [[Hardening The Internet]]

National Institute of Standards and Technology (2006) [[SP 800-82: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security]]

National Research Council (2007) [[Toward a Safer and More Secure Cyberspace]]

National Research Council (1999) [[Trust in Cyberspace]]

Nye, Joseph (2010) [[Cyber Power]]

Powell, Benjamin (2005) [[Is Cybersecurity a Public Good]]

Romanosky et al. (2008) [[Do Data Breach Disclosure Laws Reduce Identity Theft]]

Rotenberg et. al ''(2010)'' [[The Cyber War Threat Has Been Grossly Exaggerated]]

Schmit, Michael N., et. al ''(2004)'' [[Computers and War]]

Schmitt, Michael N. (1999) [[Computer Network Attack and the Use of Force in International Law]]

Schmitt, Michael N. (2002) [[Wired Warfare]]

Schneier, Bruce (2003) [[Beyond Fear]]

Schneier, Bruce (2008) [[Schneier on Security]]

Schwartz, Paul and Janger, Edward (2007) [[Notification of Data Security Breaches]]

Sklerov, Matthew J. ''(2009)'' [[Solving the Dilemma of State Responses to Cyberattacks]]

Swire, Peter P (2004) [[A Model for When Disclosure Helps Security]]

Swire, Peter P (2006) [[A Theory of Disclosure for Security and Competitive Reasons]]

Symantec Corporation (2010) [[Symantec Global Internet Security Threat Report]]

Telang, Rahul and Wattal, Sunil (2007) [[Impact of Software Vulnerability Announcements on the Market Value of Software Vendors]]

Thomas, Rob and Martin, Jerry (2006) [[The Underground Economy]]

Todd, Graham H. ''(2009)'' [[Armed Attack in Cyberspace]]

Trend Micro Incorporated (2010) [[Trend Micro Annual Report]]

van Eeten, Michel J. G. and Bauer, Johannes M. (2008) [[Economics of Malware]]

Varian, Hal (2004) [[System Reliability and Free Riding]]

Watts, Sean (2010) [[Combatant Status and Computer Network Attack]]

Zittrain, Jonathan L. (2008) [[The Future of the Internet and How To Stop It]]

'''''Subcategories:'''''
*''[[Issues | Issues->]][[Metrics]]''
*''[[Issues | Issues->]][[Economics of Cybersecurity | Economics of Cybersecurity->]][[Risk Management and Investment]]''
*''[[Issues | Issues->]][[Economics of Cybersecurity | Economics of Cybersecurity->]][[Incentives]]''
*''[[Issues | Issues->]][[Economics of Cybersecurity | Economics of Cybersecurity->]][[Insurance]]''
*''[[Issues | Issues->]][[Economics of Cybersecurity | Economics of Cybersecurity->]][[Behavioral Economics]]''
*''[[Issues | Issues->]][[Economics of Cybersecurity | Economics of Cybersecurity->]][[Market Failure]]''
*''[[Issues | Issues->]][[Supply Chain Issues]]''
*''[[Issues | Issues->]][[Usability/Human Factors]]''
*''[[Issues | Issues->]][[Psychology and Politics]]''
*''[[Issues | Issues->]][[Information Sharing/Disclosure]]''
*''[[Issues | Issues->]][[Public-Private Cooperation]]''
*''[[Issues | Issues->]][[Attribution]]''
*''[[Issues | Issues->]][[Identity Management]]''
*''[[Issues | Issues->]][[Privacy]]''
*''[[Issues | Issues->]][[Cybercrime]]''
*''[[Issues | Issues->]][[Cyberwar]]''
*''[[Issues | Issues->]][[Espionage | Espionage->]][[Government to Government]]''
*''[[Issues | Issues->]][[Espionage | Espionage->]][[Industrial]]''
*''[[Issues | Issues->]][[Espionage | Espionage->]][[Media Perceptions]]''

''[[Table of Contents| Jump to Table of Contents]]''

Economics of Cybersecurity

2010-08-03T15:31:26Z

Felix:

''[[Table of Contents | TOC->]][[Issues | Issues->]][[Economics of Cybersecurity]]''

Anderson, Ross (2001) [[Why Information Security is Hard]]

Anderson, Ross and Moore, Tyler (2006) [[The Economics of Information Security]]

Anderson, Ross J. (2008) [[Security Engineering]]

Arora et al. (2006) [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure]]

Aviram, Amitai and Tor, Avishalom (2004) [[Overcoming Impediments to Information Sharing]]

Bohme, Rainer (2005) [[Cyber-Insurance Revisited]]

Bohme, Rainer and Kataria, Gaurav (2006) [[Models and Measures for Correlation in Cyber-Insurance]]

Bohme, Rainer and Schwartz, Galina (2010) [[Modeling Cyber-Insurance]]

Camp, and L. Jean and Lewis, Stephen (2004) [[Economics of Information Security]]

Camp, L. Jean and Wolfram, Catherine (2004) [[Pricing Security]]

Clinton, Larry (Undated) [[Cyber-Insurance Metrics and Impact on Cyber-Security]]

Computing Research Association (2003) [[Four Grand Challenges in Trustworthy Computing]]

Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]

Financial Services Sector Coordinating Council for Critical Infrastructure Protection (2008) [[Research Agenda for the Banking and Finance Sector]]

Franklin, Jason, et. al (2007) [[An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants]]

Gandal, Neil (2008) [[An Introduction to Key Themes in the Economics of Cyber Security]]

Grady, Mark F. and Parisi, Francesco (2006) [[The Law and Economics of Cybersecurity]]

Institute for Information Infrastructure Protection (2003) [[Cyber Security Research and Development Agenda]]

Johnson, Eric M. (2008) [[Managing Information Risk and the Economics of Security]]

Johnson, Vincent R. (2005) [[Cybersecurity, Identity Theft, and the Limits of Tort Liability]]

Kobayashi, Bruce H. (2006) [[An Economic Analysis of the Private and Social Costs of the Provision of Cybersecurity and Other Public Security Goods]]

Lernard, Thomas M. and Rubin, Paul H. (2005) [[An Economic Analysis of Notification Requirements for Data Security Breaches]]

Moore, Tyler and Clayton, Richard (2009) [[The Impact of Incentives on Notice and Take-down]]

Moore, Tyler, et. al (2009) [[The Economics of Online Crime]]

National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]

National Institute of Standards and Technology (2006) [[SP 800-82: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security]]

National Research Council (2007) [[Toward a Safer and More Secure Cyberspace]]

National Research Council (1999) [[Trust in Cyberspace]]

Powell, Benjamin (2005) [[Is Cybersecurity a Public Good]]

Romanosky et al. (2008) [[Do Data Breach Disclosure Laws Reduce Identity Theft]]

Schwartz, Paul and Janger, Edward (2007) [[Notification of Data Security Breaches]]

Swire, Peter P (2004) [[A Model for When Disclosure Helps Security]]

Swire, Peter P (2006) [[A Theory of Disclosure for Security and Competitive Reasons]]

Symantec Corporation (2010) [[Symantec Global Internet Security Threat Report]]

Telang, Rahul and Wattal, Sunil (2007) [[Impact of Software Vulnerability Announcements on the Market Value of Software Vendors]]

van Eeten, Michel J. G. and Bauer, Johannes M. (2008) [[Economics of Malware]]

Varian, Hal (2000) [[Managing Online Security Risks]]

Varian, Hal (2004) [[System Reliability and Free Riding]]

'''''Subcategories:'''''
*''[[Economics of Cybersecurity | Economics of Cybersecurity->]][[Risk Management and Investment]]''
*''[[Economics of Cybersecurity | Economics of Cybersecurity->]][[Incentives]]''
*''[[Economics of Cybersecurity | Economics of Cybersecurity->]][[Insurance]]''
*''[[Economics of Cybersecurity | Economics of Cybersecurity->]][[Behavioral Economics]]''
*''[[Economics of Cybersecurity | Economics of Cybersecurity->]][[Market Failure]]''

''[[Table of Contents| Jump to Table of Contents]]''

Insurance

2010-08-03T15:31:26Z

Felix:

''[[Table of Contents | TOC->]][[Issues | Issues->]][[Economics of Cybersecurity | Economics of Cybersecurity->]][[Insurance]]''

Anderson, Ross and Moore, Tyler (2006) [[The Economics of Information Security]]

Clinton, Larry (Undated) [[Cyber-Insurance Metrics and Impact on Cyber-Security]]

Bohme, Rainer (2005) [[Cyber-Insurance Revisited]]

Bohme, Rainer and Kataria, Gaurav (2006) [[Models and Measures for Correlation in Cyber-Insurance]]

Bohme, Rainer and Schwartz, Galina (2010) [[Modeling Cyber-Insurance]]

Johnson, Eric M. (2008) [[Managing Information Risk and the Economics of Security]]

*'''''Subcategories:''''' ''None''

''[[Table of Contents| Jump to Table of Contents]]''

Keyword Index and Glossary of Core Ideas

2010-08-03T15:31:26Z

Felix: /* Worm */

==Keyword Index and Glossary of Core Ideas==

===Air-Gapped Network===
Air gapping is a security measure that isolates a secure network from unsecure networks physically, electrically and electromagnetically.

See also: [[Keyword_Index_and_Glossary_of_Core_Ideas#Sneakernet | Sneakernet]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Antivirus===
Software which attempts to identify and delete or isolate [[#Malware |malware]]. Antivirus software may use both a database containing signatures of known threats and heuristics to identify malware. Usually run as a background service to scan files and email copied to the protected system.

References:
* [[Security_Engineering | Anderson]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Best Practices===

The processes, practices, and systems identified in public and private organizations that performed exceptionally well and are widely recognized as improving an organization's performance and efficiency in specific areas. Successfully identifying and applying best practices can reduce business expenses and improve organizational efficiency. [http://www.gao.gov/special.pubs/bprag/bprgloss.htm GAO Glossary]

* [[Hardening_The_Internet | National Infrastructure Advisory Council]]

===Black Hat===
A black hat is a computer [[#Hacker | hacker]] who works to harm others (e.g., steal identities, spread computer viruses, install bot software).

See also: [[#White_Hat | White Hat]]

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Blacklist===
A list of computers, IP addresses, user names or other identifiers to block from access to a computing resource.

See also: [[#Whitelist | Whitelist]]

References:
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Botnet===
A portmanteau of "robot" and "network." Refers to networks of sometimes millions of infected machines that are remotely controlled by malicious actors. A single infected computer may be referred to as a zombie computer. The owners of the computer remotely controlled is often unaware of the infection. The owners of a botnet may use the combined network processing power and bandwidth to send [[#SPAM | SPAM]], install [[#Malware | malware]] and mount [[#DDoS_Attack | DDoS attacks]] or may rent out the botnet to other malicious actors.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Power | Nye]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Schneier_on_Security | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===''Casus Belli''===
The justification for going to war. From the Latin "''casus''" meaning "incident" or "event" and "''belli''" meaning "of war."

References:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Wired_Warfare | Schmitt]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Civilian Participation===
The involvement of non-military persons in warfare. While civilians have often provided support to the military in kinetic wars, in [[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Warfare | cyber warfare]] civilians are able to remotely participate in direct attacks against opponents. This raises complicated questions of law when the combatants are not uniformed military personnel.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Combatant Status===
The legal status of combatants in warfare. Existing law distinguishes between uniformed military and civilian status.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Emergency Response Team===
A group of experts brought together to deal with computer security issues. The Computer Emergency Response Team (CERT) mandate is to develop and promote best management practices and technology applications to “resist attacks on networked systems, to limit damage, and to ensure continuity of critical services.” (Software Engineering Institute 2008). CERT may be formed by governments to handle security at the national level or by academic institutions or individual corporations.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Network Attack===
Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves. [http://www.fas.org/irp/doddir/dod/jp3_13.pdf Joint Doctrine for Information Operations JP 3-13 at I-9 (1998)]

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Information_Security | GAO]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Computers_and_War | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Communications Privacy Law===
Laws which regulate access to electronic communications. In the United States, the [http://www.usiia.org/legis/ecpa.html Electronic Communications Privacy Act (ECPA]) protects electronic communications while in transit and prohibits the unlawful access and disclosure of communication contents.

References:
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[Cybersecurity:_Preventing_Terrorist_Attacks_and_Protecting_Privacy_in_Cyberspace | Nojeim]]
* [[Cyber_Power | Nye]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===COTS Software===
Commercial Off The Shelf Software. Software that is prepackaged and sold as a commodity rather than custom written for a specific user/organization or purpose. Examples include operating systems, database management programs, email servers, application servers and office product suites. [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD at 18.]]

References:
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Trust in Cyberspace | National Research Council]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Credit Card Fraud===
Theft of goods or services using false or stolen credit card information.

See Also: [[#Shoulder_Surfing | Shoulder Surfing]]

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Crimeware===
Software tools designed to aid criminals in perpetrating online crime. Refers only to programs not generally considered desirable or usable for ordinary tasks. Thus, while a criminal may use Internet Explorer in the commission of a [[#Cyber_Crime | cybercrime]], the Internet Explorer application itself would not be considered crimeware.

References:
* [[2007_Malware_Report |Computer Economics]]
* [[Cybersecurity | Bauer and van Eeten]], [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Crime===
In its broadest definition, cybercrime includes all crime perpetrated with or involving a computer. Symantec defines it as any crime that is committed using a computer or network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime. The crime may take place on the computer alone or in addition to other locations. [http://www.symantec.com/norton/cybercrime/definition.jsp Symantec]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as an Externality===
Economists define externalities as instances where an individual or firm’s actions have
economic consequences for others for which there is no compensation. One important
distinction is between positive and negative externalities. Instances of the latter are most
commonly discussed, such as the environmental pollution caused by a plant, which may
have impacts on the value of neighboring homes. Important examples of positive
externalities are so common in communications networks that there is a class of "network
externalities. For instance, the simple act of installing telephone service to one additional
customer creates positive externalities on everyone on the telephone network because
they can now each reach one additional person.
Several attributes of computer security suggest that it is an externality. Most importantly,
the lack of security on one machine can cause adverse effects on another. The most
obvious example of this is from electronic commerce, where credit card numbers stolen
from machines lacking security are used to commit fraud at other sites.

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Pricing_Security | Camp and Wolfram]], [[Economics_of_Information_Security | 2]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as a Public Good===
In economics, a public good is a good that is non-rivalrous and non-excludable. Non-rivalry means that consumption of the good by one individual does not reduce availability of the good for consumption by others; and non-excludability that no one can be effectively excluded from using the good.

References:
* [[Security_Engineering | Anderson]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Terrorism===
A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. [http://judiciary.senate.gov/hearings/testimony.cfm?id=1054&wit_id=2995 FBI]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Beyond_Fear | Schneier]]
* [[The_Evolving_Landscape_of_Maritime_Cybersecurity | Shah]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Warfare===
Actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption. [[Cyber_War | Clarke]]

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_War | Clarke]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks#Full_Citation | Cornish]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Global_Cyber_Deterrence | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Data Mining===
The process of extracting hidden information and correlations from one or more databases or collections of data that would not normally be revealed by a simple database query.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy#Synopsis | Besunder]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Schneier on Security | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Department of Homeland Security===
Cabinet level department of the United States assigned, ''inter alia'', the task of protecting against terrorist threats and helping state and local authorities prepare for, respond to and recover from domestic disasters.

References:
* [[Cyber_War | Clarke]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Information_Security | GAO]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]], [[Schneier on Security | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===DDoS Attack===
The disabling of a targeted website or Internet connection by flooding it with such high levels of Internet traffic that it can no longer respond to normal connection requests. Often mounted by directing an army of zombie computers (see [[#Botnet | botnet]]) to connect to the targeted site simultaneously. The targeted site may crash while trying to respond to an overwhelming number of connections requests or it may be disabled because all available bandwidth and/or computing resources are tied up responding to the attack requests.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin. et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Digital Pearl Harbor===
A cyberwarfare attack similar in scale and surprise to the 1941 attack on Pearl Harbor. The expression is often invoked by those who argue that a cyber-based attack is either imminent or inevitable and that by not being properly prepared, the United States will suffer significant and unnecessary losses.

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Disclosure Policy===
A policy that governs the disclosure to clients and other stakeholder by a provider of a computer program or system of defects discovered in those products.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Schneier on Security | Schneier]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Distributed Denial of Service (DDoS)===
See: [[#DDoS_Attack | DDoS Attack]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Dumpster Diving===
A method of obtaining proprietary, confidential or useful information by searching through trash discarded by a target.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Einstein===
The operational name of the National Cybersecurity Protection System (NCPS). Was created in 2003 by the United States Computer Emergency Readiness Team (US-CERT)14 in order to aid in its ability to help reduce and prevent computer network vulnerabilities across the federal government. The initial version of Einstein provided an automated process for collecting, correlating, and analyzing agencies’ computer network traffic information from sensors installed at their Internet connections. The Einstein sensors collected
network flow records at participating agencies, which were then analyzed by US-CERT to detect certain types of malicious activity.

References:
* [[Information_Security | GAO]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===E.U. Cybersecurity===
Discussions relating to cybersecurity of the European Union and of European Union states.

References:
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Introduction_to_Country_Reports | ENISA]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Generativity===
Generativity is a system’s capacity to produce unanticipated change through unﬁltered contributions from broad and varied audiences.

References:

*[[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Geneva Conventions===
Four treaties and three additional protocols that regulates the conduct of hostilities between states and set the standards for humanitarian treatment of the victims of war.

See also: [[#Laws_of_War | Laws of War]]

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacker===
Advanced computer users who spend a lot of time on or with computers and work hard to find vulnerabilities in IT systems. [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]

References:
* [[Security_Engineering | Anderson]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[McAfee Threats Report | McAfee]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivism===
The nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development. [http://www.alexandrasamuel.com/dissertation/index.html Samuel, A.]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivist===
A portmanteau of [[#Hacker | "hacker"]] and "activist." Individuals that have a political motive for their activities, and identify that motivation by their actions, such as defacing opponents’ websites with counter-information or disinformation.

See also: [[#Hacktivism | Hacktivism]]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[McAfee Threats Report | McAfee]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Honeypot===
A computer, network or other information technology resource set as a trap to attract attacks. Honeypots may be used to collect metrics (how long does it take for an unprotected system to be breached), to test defenses, to examine methods of attack or to catch attackers. A honeypot system may also be used to collect [[#SPAM | SPAM]] so it can be added to a [[#Blacklist | blacklist]].

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Identity Fraud/Theft===
The exploitation by malevolent third parties of unwarranted access to clients' or consumers' identities. Often the result of lax data security or privacy measures.

References:
* [[Security_Engineering | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[2007_Malware_Report | Computer Economics]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Asymmetries===
Information asymmetry deals with the study of decisions in transactions where one party has more or better information than the other. This creates an imbalance of power in transactions which can sometimes cause the transactions to go awry.

The software market suffers from the same information asymmetry. Vendors may make claims about the security of their products, but buyers have no reason to trust them. In many cases, even the vendor does not know how secure its software is. So buyers have no reason to pay more for protection, and vendors are disinclined to invest in it.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Cyber_War | Clarke]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Wired_Warfare | Schmitt]]
* [[Schneier on Security | Schneier]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Intelligence Infrastructure/Information Infrastructure===
The network of computers and communication lines underlying critical services that American society has come to depend on: financial systems, the power grid, transportation, emergency services, and government programs. Information infrastructure includes the Internet, telecommunications networks, “embedded” systems (the built-in microprocessors that control machines from microwaves to missiles), and “dedicated” devices like individual personal computers. [http://www.cfr.org/publication/10212/targets_for_terrorism.html Council on Foreign Relations]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Cyber_Power | Nye]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Operations===
Actions taken to affect adversary information and information systems while defending one’s own information and information systems.” Information Operations (IO) can occur during peacetime and at every level of warfare.
Information warfare (IW), by contrast, is IO “conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries” [Joint Chiefs of Staff, Department of Defense, Dictionary of Military and Associated Terms, Joint Publication]

References:
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Interdependencies===
The inter-connections between supposedly independent but often interdependent systems.

See also: [[#SCADA_Systems | SCADA Systems]]

References:
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Cyber-Insurance_Revisited | Bohme]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Trust in Cyberspace | National Research Council]]
* [[Cybersecurity_and_Economic_Incentives | OECD]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | Schmitt]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===International Humanitarian Law===
That part of international law which seek, for humanitarian reasons, to limit the effects of armed conflict. It protects persons who are not or are no longer participating in the hostilities and restricts the means and methods of warfare. International humanitarian law is also known as the law of war or the law of armed conflict. International law is the body of rules governing relations between States. It is contained in agreements between States (treaties or conventions), in customary rules, which consist of State practise considered by them as as legally binding, and in general principles. [http://www.icrc.org/web/eng/siteeng0.nsf/html/humanitarian-law-factsheet ICRC]

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Relay Chat (IRC)===
A method of real-time Internet communication often used by criminals to buy and sell purloined information such as credit card numbers and personal identity information. IRC chatrooms may be open or private.

References:
* [[Security_Engineering | Anderson]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Service Providers===
A company that offers access to the Internet. Internet Service Providers may also provide add-on services such as web hosting, electronic mail, virus scanning, SPAM filtering, etc.

References:
* [[Security_Engineering | Anderson]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[The_Market_Consequences_of_Cybersecurity | OECD]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Keylogger===
Software or hardware that monitors and logs the keystrokes a user types into a computer. The keylogger may store the key sequences locally for later retrieval or send them to a remote location. A hardware keylogger can only be detected by physically inspecting the computer for unusual hardware.

References:
* [[Security_Engineering | Anderson]]
* [[2007_Malware_Report | Computer Economics]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

=== Kinetic Attack===
Traditional mode of warfare in which arms are used to kill opponents and/or destroy an opponent's infrastructure. Usually used to distinguish a cyber attack in which destruction of the opponent's resources is accomplished through targeted information system attacks without resorting to bullets, bombs or explosives.

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Computers_and_War | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Lawfare===
The use of international law to damage an opponent in a war without use of arms.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Laws of War===
The body of law that define the legality of using armed force to resolve a conflict (''jus ad bellum'') and the laws that define the legality of the actual hostilities and related activities (''jus in bello'').

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Cyber-Apocalypse_Now | Gable]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Power | Nye]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Malware===
A variety of computer software designed to infiltrate a user's computer specifically for malicious purposes. Includes, ''inter alia'', computer virus software, botnet software, computer worms, spyware, trojan horses, crimeware and rootkits.

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[2007_Malware_Report | Computer Economics]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Cybersecurity Strategy (U.S.)===
A comprehensive policy to secure America’s digital infrastructure as part of the Administrative Branch's [http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative Comprehensive National Cybersecurity Initiative]. The goals of the policy are: to establish a front line of defense against current immediate threats; to defend against threats by enhancing U.S. counterintelligence capabilities and; to strengthen the future cybersecurity environment by expanding cyber education and redirecting research and development efforts to define and develop strategies to deter hostile or malicious activity in cyberspace.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Security_and_Regulation_in_the_United_States | Lewis]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Security===
Broadly refers to the requirement to maintain the survival of the nation-state through the use of economic, military and political power and the exercise of diplomacy. [http://en.wikipedia.org/wiki/National_security Wikipedia]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===New Normalcy===
New normalcy has become an episodic polict construct in U.S. strategic ideation. National leadership has relied on the new normalcy clarion call to illuminate moments in time when it is understood that the Nation faces not only a severe threat, but also a transcending reorientation. Often invoked in times of national crisis, new normalcy in the American experience signals a cardinal shift in the nature of U.S. security. ["Cyber Operations - The New Balance," Stephen W. Korns]

===Notice and Take-down===
Most commonly used to remove infringing web material under copyright law, a notice and take-down regime is a procedure by which an infringing web site is removed from a service provider's (ISP) network, or access to an allegedly infringing website, disabled. Websites violating copyright are subject to notice and take-down, as are phishing websites.

References:
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Organized Crime===
Groups having some manner of a formalized structure and whose primary objective is to obtain money through illegal activities. Such groups maintain their position through the use of actual or threatened violence, corrupt public officials, graft, or extortion, and generally have a significant impact on the people in their locales, region, or the country as a whole. [http://www.fbi.gov/hq/cid/orgcrime/glossary.htm FBI]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Outreach and Collaboration===
Working across government and with the private sector to share information on threats and other data, and to develop shared approaches to securing cyberspace. [http://www.fas.org/sgp/crs/natsec/R40836.pdf CRS Report for Congress, at 6 (2009).]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Pricing_Security | Camp and Wolfram]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Introduction_to_Country_Reports | ENISA]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
*[[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | Moore and Clayton]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Password Weakness===
Security threats caused by the use of easily guessable passwords which protect vital stores of confidential information stored online.

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Patching===
Patching refers to the installation of a piece of software designed to fix problems with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability or performance. Though meant to fix problems, poorly designed patches can sometimes introduce new problems. [http://en.wikipedia.org/wiki/Patch_%28computing%29 Wikipedia]

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Phishing===
The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]],
* [[2007_Malware_Report | Computer Economics]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Privacy Law===
Laws which regulate the protection of confidential personal information stored in private records or disclosed to a professional. Also includes laws which regulate the gathering of electronic data in which personal information is accumulated or misappropriated.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy | Besunder]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Red Team===
A structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners’ and adversaries’ perspectives. See [http://www.tradoc.army.mil/pao/tnsarchives/July05/070205.htm U.S. Army]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | Deputy Chief of Staff for Intelligence]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Research & Development===
Research and development (R&D) addressing cyber security and information infrastructure protection.

References:
* [[Pricing_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Research_Agenda_for_the_Banking_and_Finance_Sector | Financial Services Sector Coordinating Council for Critical Infrastructure Protection]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[Cyber_Security_Research_and_Development_Agenda | Institute for Information Infrastructure Protection]]
* [[The_Need_for_a_National_Cybersecurity_Research_and_Development_Agenda | Maughan]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Risk Modeling===
The creation of a model to estimate risk exposure, policy option efficacy and cost-benefit analysis of a particular threat and solution. See [http://cisac.stanford.edu/publications/how_much_is_enough__a_riskmanagement_approach_to_computer_security/ Soo Hoo, Kevin J.]

References:
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Making_the_Best_Use_of_Cybersecurity_Economic_Models | Rue and Pfleeger]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]
* [[Beyond_Fear | Schneier]]
* [[Managing_Online_Security_Risks | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SCADA Systems===
SCADA stands for "supervisory control and data acquisition" and in the cybersecurity context usually refers to industrial control systems that control infrastructure such as electrical power transmission and distribution, water treatment and distribution, wastewater collection and treatment, oil and gas pipelines and large communication systems. The focus is on whether as these systems are connected to the public Internet they become vulnerable to a remote attack.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[Cyber_Power | Nye]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Scareware===
Software or web site that purports to be security software reporting a threat against a user's computer to convince the user to purchase unneeded software or install malware.

* [[2007_Malware_Report | Computer Economics]]
* [[McAfee Threats Report | McAfee]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Script Kiddie===
A derogatory term for a [[#Black_Hat | Black Hat]] who uses canned tools and programs written by more skillful [[#Hacker | hackers]] to commit cyber crime without understanding how they work.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Security Trade-Offs===
There is no single correct level of security; how much security you have depends on what you’re willing to give up in order to get it. This trade-off is, by its very nature, subjective—secu- rity decisions are based on personal judgments. Different people have different senses of what constitutes a threat, or what level of risk is acceptable. What’s more, between different commu- nities, or organizations, or even entire societies, there is no agreed-upon way in which to define threats or evaluate risks, and the modern technological and media-filled world makes these evaluations even harder. [http://www.scribd.com/doc/12185921/beyond-fear-thinking-sensibly-about-security-in-an-uncertain-world-bruce-schneier-copernicus-books-2003 Bruce Schneier]

References:

*[[Cyber-Insurance_Revisited | Bohme]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Shoulder Surfing===
The process of obtaining passwords or other sensitive information by covertly watching an authorized user enter information into a computer system.

References:
* [[Security_Engineering | Anderson]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sneakernet===
Describes the transfer of data between computers or networks that are not physically, electrically or electromagnetically connected requiring information to be shared by physically transporting media contain the shared information from one computer to another. Initially described systems lacking the technology to network together, now usually refers to systems deliberately isolated for security reasons.

See also: [[#Air-Gapped_Network | Air-Gapped Network]]

===Social Engineering===
Conning a human into supplying passwords, computer access or other sensitive information by pretending to be a person with rights to the information or who the target believes they must surrender the information to.

References:
* [[Security_Engineering | Anderson]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Cyber_Power | Nye]]
* [[The_Market_Consequences_of_Cybersecurity:_Defining_Externalities_and_Ways_to_Address_Them | OECD]], [[Cybersecurity_and_Economic_Incentives | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Social Network===
A software application or website that allows a large group of users to interact with each other, often allowing the creation of online portals or identities to share with specific people or the online world at large.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Software Vulnerability===

A software vulnerablilty refers to the existence of a flaw -- or "bug" -- in software that may allow a third party or program to obtain unauthorized access to the flaw and exploit it. [http://www.spi.dod.mil/tenets.htm U.S. Air Force Software Protection Initiative]

References:
* [[Security_Engineering | Anderson]]
* [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission Impact of Foreign Influence on DoD Software | DoD]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The Price of Restricting Vulnerability Publications | Granick]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SPAM===
Unwanted or junk email usually sent indiscriminately in bulk selling illegal or near illegal goods or services. Even with low response rates and heavy filtering, SPAM can stil be economically viable because of the extremely low costs in sending even huge quantities of electronic messages. Commonly believed to be named after the [http://www.youtube.com/watch?v=anwy2MPT5RE Monty Python skit] where the breakfast meat Spam overwhelms all other food choices.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sponsored Attacks===
[[#Computer_Network_Attack | Computer network attacks]] commissioned by, supported by or carried out by a state or government.

Reverences:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===State Affiliation===
Under the control or command of a recognized state or government.

References:
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Tragedy of Commons===
A situation, first described in an influential article written by ecologist Garrett Hardin for the journal Science, in 1968, in which multiple individuals, acting independently, and solely and rationally consulting their own self-interest, will ultimately deplete a shared limited resource even when it is clear that it is not in anyone's long-term interest for this to happen. The term can be applied to any issue related to the management of a shared resource, from energy to the public domain, to cybersecurity.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Transparency===
A set of policies, practices and procedures that allow citizens to have accessibility, usability, informativeness, understandability and auditability of information and process held by centers of authority. [http://en.wikipedia.org/wiki/Transparency_(social) Wikipedia]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Trojan===
[[#Malware | Malware]] which masquerades as some other type of program such as a link to a web site, a desirable image, etc. to trick a user into installing it. Named for the Ancient Greek legend of the [http://www.mlahanas.de/Greeks/Mythology/TrojanHorse.html Trojan Horse].

References:
* [[Security_Engineering | Anderson]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
*[[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Military Technologies===
Warfare made possible by advances in remotely controlled or semiautomated military technologies which remove the operator from risk of harm while attacking an opponent.

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Global_Cyber_Deterrence_Views_from_China | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Warfare===

See: [[#Virtual_Military_Technologies | Virtual Military Technologies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===White Hat===
A white hat is a computer [[#Hacker | hacker]] who works to find and fix computer security risks. White hat consultants are often hired to attempt to break into their client's network to see if all security holes have been addressed.

See also: [[#Black_Hat | Black Hat]]

References:
* [[Security_Engineering | Anderson]], [[Why_Information_Security_is_Hard | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Whitelist===
A list of computers, IP (Internet Protocol) addresses, user names or other identifiers to specifically allow access to a computing resource. Normally combined with a default "no-access" policy.

See also: [[#Blacklist | Blacklist]]

References:
* [[Security_Engineering | Anderson]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Worm===
A type of malware that replicates itself and spreads to other computers through network connections.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Zero-Day Exploit===
[[#Malware | Malware]] designed to exploit a newly discovered security hole unknown to the software developer. "Zero-day" refers to the amount of time a developer has between learning of a security hole and the time it becomes public or when [[#Black_Hat | black hat]] [[#Hacker | hackers]] find out about it and try to use the security hole for nefarious purposes.

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[McAfee Threats Report | McAfee]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

Keyword Index and Glossary of Core Ideas

2010-08-03T15:31:26Z

Felix: /* SPAM */

==Keyword Index and Glossary of Core Ideas==

===Air-Gapped Network===
Air gapping is a security measure that isolates a secure network from unsecure networks physically, electrically and electromagnetically.

See also: [[Keyword_Index_and_Glossary_of_Core_Ideas#Sneakernet | Sneakernet]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Antivirus===
Software which attempts to identify and delete or isolate [[#Malware |malware]]. Antivirus software may use both a database containing signatures of known threats and heuristics to identify malware. Usually run as a background service to scan files and email copied to the protected system.

References:
* [[Security_Engineering | Anderson]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Best Practices===

The processes, practices, and systems identified in public and private organizations that performed exceptionally well and are widely recognized as improving an organization's performance and efficiency in specific areas. Successfully identifying and applying best practices can reduce business expenses and improve organizational efficiency. [http://www.gao.gov/special.pubs/bprag/bprgloss.htm GAO Glossary]

* [[Hardening_The_Internet | National Infrastructure Advisory Council]]

===Black Hat===
A black hat is a computer [[#Hacker | hacker]] who works to harm others (e.g., steal identities, spread computer viruses, install bot software).

See also: [[#White_Hat | White Hat]]

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Blacklist===
A list of computers, IP addresses, user names or other identifiers to block from access to a computing resource.

See also: [[#Whitelist | Whitelist]]

References:
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Botnet===
A portmanteau of "robot" and "network." Refers to networks of sometimes millions of infected machines that are remotely controlled by malicious actors. A single infected computer may be referred to as a zombie computer. The owners of the computer remotely controlled is often unaware of the infection. The owners of a botnet may use the combined network processing power and bandwidth to send [[#SPAM | SPAM]], install [[#Malware | malware]] and mount [[#DDoS_Attack | DDoS attacks]] or may rent out the botnet to other malicious actors.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Power | Nye]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Schneier_on_Security | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===''Casus Belli''===
The justification for going to war. From the Latin "''casus''" meaning "incident" or "event" and "''belli''" meaning "of war."

References:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Wired_Warfare | Schmitt]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Civilian Participation===
The involvement of non-military persons in warfare. While civilians have often provided support to the military in kinetic wars, in [[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Warfare | cyber warfare]] civilians are able to remotely participate in direct attacks against opponents. This raises complicated questions of law when the combatants are not uniformed military personnel.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Combatant Status===
The legal status of combatants in warfare. Existing law distinguishes between uniformed military and civilian status.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Emergency Response Team===
A group of experts brought together to deal with computer security issues. The Computer Emergency Response Team (CERT) mandate is to develop and promote best management practices and technology applications to “resist attacks on networked systems, to limit damage, and to ensure continuity of critical services.” (Software Engineering Institute 2008). CERT may be formed by governments to handle security at the national level or by academic institutions or individual corporations.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Network Attack===
Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves. [http://www.fas.org/irp/doddir/dod/jp3_13.pdf Joint Doctrine for Information Operations JP 3-13 at I-9 (1998)]

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Information_Security | GAO]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Computers_and_War | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Communications Privacy Law===
Laws which regulate access to electronic communications. In the United States, the [http://www.usiia.org/legis/ecpa.html Electronic Communications Privacy Act (ECPA]) protects electronic communications while in transit and prohibits the unlawful access and disclosure of communication contents.

References:
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[Cybersecurity:_Preventing_Terrorist_Attacks_and_Protecting_Privacy_in_Cyberspace | Nojeim]]
* [[Cyber_Power | Nye]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===COTS Software===
Commercial Off The Shelf Software. Software that is prepackaged and sold as a commodity rather than custom written for a specific user/organization or purpose. Examples include operating systems, database management programs, email servers, application servers and office product suites. [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD at 18.]]

References:
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Trust in Cyberspace | National Research Council]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Credit Card Fraud===
Theft of goods or services using false or stolen credit card information.

See Also: [[#Shoulder_Surfing | Shoulder Surfing]]

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Crimeware===
Software tools designed to aid criminals in perpetrating online crime. Refers only to programs not generally considered desirable or usable for ordinary tasks. Thus, while a criminal may use Internet Explorer in the commission of a [[#Cyber_Crime | cybercrime]], the Internet Explorer application itself would not be considered crimeware.

References:
* [[2007_Malware_Report |Computer Economics]]
* [[Cybersecurity | Bauer and van Eeten]], [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Crime===
In its broadest definition, cybercrime includes all crime perpetrated with or involving a computer. Symantec defines it as any crime that is committed using a computer or network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime. The crime may take place on the computer alone or in addition to other locations. [http://www.symantec.com/norton/cybercrime/definition.jsp Symantec]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as an Externality===
Economists define externalities as instances where an individual or firm’s actions have
economic consequences for others for which there is no compensation. One important
distinction is between positive and negative externalities. Instances of the latter are most
commonly discussed, such as the environmental pollution caused by a plant, which may
have impacts on the value of neighboring homes. Important examples of positive
externalities are so common in communications networks that there is a class of "network
externalities. For instance, the simple act of installing telephone service to one additional
customer creates positive externalities on everyone on the telephone network because
they can now each reach one additional person.
Several attributes of computer security suggest that it is an externality. Most importantly,
the lack of security on one machine can cause adverse effects on another. The most
obvious example of this is from electronic commerce, where credit card numbers stolen
from machines lacking security are used to commit fraud at other sites.

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Pricing_Security | Camp and Wolfram]], [[Economics_of_Information_Security | 2]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as a Public Good===
In economics, a public good is a good that is non-rivalrous and non-excludable. Non-rivalry means that consumption of the good by one individual does not reduce availability of the good for consumption by others; and non-excludability that no one can be effectively excluded from using the good.

References:
* [[Security_Engineering | Anderson]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Terrorism===
A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. [http://judiciary.senate.gov/hearings/testimony.cfm?id=1054&wit_id=2995 FBI]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Beyond_Fear | Schneier]]
* [[The_Evolving_Landscape_of_Maritime_Cybersecurity | Shah]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Warfare===
Actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption. [[Cyber_War | Clarke]]

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_War | Clarke]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks#Full_Citation | Cornish]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Global_Cyber_Deterrence | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Data Mining===
The process of extracting hidden information and correlations from one or more databases or collections of data that would not normally be revealed by a simple database query.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy#Synopsis | Besunder]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Schneier on Security | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Department of Homeland Security===
Cabinet level department of the United States assigned, ''inter alia'', the task of protecting against terrorist threats and helping state and local authorities prepare for, respond to and recover from domestic disasters.

References:
* [[Cyber_War | Clarke]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Information_Security | GAO]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]], [[Schneier on Security | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===DDoS Attack===
The disabling of a targeted website or Internet connection by flooding it with such high levels of Internet traffic that it can no longer respond to normal connection requests. Often mounted by directing an army of zombie computers (see [[#Botnet | botnet]]) to connect to the targeted site simultaneously. The targeted site may crash while trying to respond to an overwhelming number of connections requests or it may be disabled because all available bandwidth and/or computing resources are tied up responding to the attack requests.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin. et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Digital Pearl Harbor===
A cyberwarfare attack similar in scale and surprise to the 1941 attack on Pearl Harbor. The expression is often invoked by those who argue that a cyber-based attack is either imminent or inevitable and that by not being properly prepared, the United States will suffer significant and unnecessary losses.

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Disclosure Policy===
A policy that governs the disclosure to clients and other stakeholder by a provider of a computer program or system of defects discovered in those products.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Schneier on Security | Schneier]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Distributed Denial of Service (DDoS)===
See: [[#DDoS_Attack | DDoS Attack]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Dumpster Diving===
A method of obtaining proprietary, confidential or useful information by searching through trash discarded by a target.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Einstein===
The operational name of the National Cybersecurity Protection System (NCPS). Was created in 2003 by the United States Computer Emergency Readiness Team (US-CERT)14 in order to aid in its ability to help reduce and prevent computer network vulnerabilities across the federal government. The initial version of Einstein provided an automated process for collecting, correlating, and analyzing agencies’ computer network traffic information from sensors installed at their Internet connections. The Einstein sensors collected
network flow records at participating agencies, which were then analyzed by US-CERT to detect certain types of malicious activity.

References:
* [[Information_Security | GAO]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===E.U. Cybersecurity===
Discussions relating to cybersecurity of the European Union and of European Union states.

References:
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Introduction_to_Country_Reports | ENISA]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Generativity===
Generativity is a system’s capacity to produce unanticipated change through unﬁltered contributions from broad and varied audiences.

References:

*[[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Geneva Conventions===
Four treaties and three additional protocols that regulates the conduct of hostilities between states and set the standards for humanitarian treatment of the victims of war.

See also: [[#Laws_of_War | Laws of War]]

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacker===
Advanced computer users who spend a lot of time on or with computers and work hard to find vulnerabilities in IT systems. [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]

References:
* [[Security_Engineering | Anderson]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[McAfee Threats Report | McAfee]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivism===
The nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development. [http://www.alexandrasamuel.com/dissertation/index.html Samuel, A.]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivist===
A portmanteau of [[#Hacker | "hacker"]] and "activist." Individuals that have a political motive for their activities, and identify that motivation by their actions, such as defacing opponents’ websites with counter-information or disinformation.

See also: [[#Hacktivism | Hacktivism]]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[McAfee Threats Report | McAfee]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Honeypot===
A computer, network or other information technology resource set as a trap to attract attacks. Honeypots may be used to collect metrics (how long does it take for an unprotected system to be breached), to test defenses, to examine methods of attack or to catch attackers. A honeypot system may also be used to collect [[#SPAM | SPAM]] so it can be added to a [[#Blacklist | blacklist]].

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Identity Fraud/Theft===
The exploitation by malevolent third parties of unwarranted access to clients' or consumers' identities. Often the result of lax data security or privacy measures.

References:
* [[Security_Engineering | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[2007_Malware_Report | Computer Economics]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Asymmetries===
Information asymmetry deals with the study of decisions in transactions where one party has more or better information than the other. This creates an imbalance of power in transactions which can sometimes cause the transactions to go awry.

The software market suffers from the same information asymmetry. Vendors may make claims about the security of their products, but buyers have no reason to trust them. In many cases, even the vendor does not know how secure its software is. So buyers have no reason to pay more for protection, and vendors are disinclined to invest in it.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Cyber_War | Clarke]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Wired_Warfare | Schmitt]]
* [[Schneier on Security | Schneier]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Intelligence Infrastructure/Information Infrastructure===
The network of computers and communication lines underlying critical services that American society has come to depend on: financial systems, the power grid, transportation, emergency services, and government programs. Information infrastructure includes the Internet, telecommunications networks, “embedded” systems (the built-in microprocessors that control machines from microwaves to missiles), and “dedicated” devices like individual personal computers. [http://www.cfr.org/publication/10212/targets_for_terrorism.html Council on Foreign Relations]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Cyber_Power | Nye]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Operations===
Actions taken to affect adversary information and information systems while defending one’s own information and information systems.” Information Operations (IO) can occur during peacetime and at every level of warfare.
Information warfare (IW), by contrast, is IO “conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries” [Joint Chiefs of Staff, Department of Defense, Dictionary of Military and Associated Terms, Joint Publication]

References:
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Interdependencies===
The inter-connections between supposedly independent but often interdependent systems.

See also: [[#SCADA_Systems | SCADA Systems]]

References:
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Cyber-Insurance_Revisited | Bohme]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Trust in Cyberspace | National Research Council]]
* [[Cybersecurity_and_Economic_Incentives | OECD]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | Schmitt]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===International Humanitarian Law===
That part of international law which seek, for humanitarian reasons, to limit the effects of armed conflict. It protects persons who are not or are no longer participating in the hostilities and restricts the means and methods of warfare. International humanitarian law is also known as the law of war or the law of armed conflict. International law is the body of rules governing relations between States. It is contained in agreements between States (treaties or conventions), in customary rules, which consist of State practise considered by them as as legally binding, and in general principles. [http://www.icrc.org/web/eng/siteeng0.nsf/html/humanitarian-law-factsheet ICRC]

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Relay Chat (IRC)===
A method of real-time Internet communication often used by criminals to buy and sell purloined information such as credit card numbers and personal identity information. IRC chatrooms may be open or private.

References:
* [[Security_Engineering | Anderson]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Service Providers===
A company that offers access to the Internet. Internet Service Providers may also provide add-on services such as web hosting, electronic mail, virus scanning, SPAM filtering, etc.

References:
* [[Security_Engineering | Anderson]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[The_Market_Consequences_of_Cybersecurity | OECD]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Keylogger===
Software or hardware that monitors and logs the keystrokes a user types into a computer. The keylogger may store the key sequences locally for later retrieval or send them to a remote location. A hardware keylogger can only be detected by physically inspecting the computer for unusual hardware.

References:
* [[Security_Engineering | Anderson]]
* [[2007_Malware_Report | Computer Economics]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

=== Kinetic Attack===
Traditional mode of warfare in which arms are used to kill opponents and/or destroy an opponent's infrastructure. Usually used to distinguish a cyber attack in which destruction of the opponent's resources is accomplished through targeted information system attacks without resorting to bullets, bombs or explosives.

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Computers_and_War | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Lawfare===
The use of international law to damage an opponent in a war without use of arms.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Laws of War===
The body of law that define the legality of using armed force to resolve a conflict (''jus ad bellum'') and the laws that define the legality of the actual hostilities and related activities (''jus in bello'').

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Cyber-Apocalypse_Now | Gable]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Power | Nye]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Malware===
A variety of computer software designed to infiltrate a user's computer specifically for malicious purposes. Includes, ''inter alia'', computer virus software, botnet software, computer worms, spyware, trojan horses, crimeware and rootkits.

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[2007_Malware_Report | Computer Economics]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Cybersecurity Strategy (U.S.)===
A comprehensive policy to secure America’s digital infrastructure as part of the Administrative Branch's [http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative Comprehensive National Cybersecurity Initiative]. The goals of the policy are: to establish a front line of defense against current immediate threats; to defend against threats by enhancing U.S. counterintelligence capabilities and; to strengthen the future cybersecurity environment by expanding cyber education and redirecting research and development efforts to define and develop strategies to deter hostile or malicious activity in cyberspace.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Security_and_Regulation_in_the_United_States | Lewis]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Security===
Broadly refers to the requirement to maintain the survival of the nation-state through the use of economic, military and political power and the exercise of diplomacy. [http://en.wikipedia.org/wiki/National_security Wikipedia]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===New Normalcy===
New normalcy has become an episodic polict construct in U.S. strategic ideation. National leadership has relied on the new normalcy clarion call to illuminate moments in time when it is understood that the Nation faces not only a severe threat, but also a transcending reorientation. Often invoked in times of national crisis, new normalcy in the American experience signals a cardinal shift in the nature of U.S. security. ["Cyber Operations - The New Balance," Stephen W. Korns]

===Notice and Take-down===
Most commonly used to remove infringing web material under copyright law, a notice and take-down regime is a procedure by which an infringing web site is removed from a service provider's (ISP) network, or access to an allegedly infringing website, disabled. Websites violating copyright are subject to notice and take-down, as are phishing websites.

References:
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Organized Crime===
Groups having some manner of a formalized structure and whose primary objective is to obtain money through illegal activities. Such groups maintain their position through the use of actual or threatened violence, corrupt public officials, graft, or extortion, and generally have a significant impact on the people in their locales, region, or the country as a whole. [http://www.fbi.gov/hq/cid/orgcrime/glossary.htm FBI]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Outreach and Collaboration===
Working across government and with the private sector to share information on threats and other data, and to develop shared approaches to securing cyberspace. [http://www.fas.org/sgp/crs/natsec/R40836.pdf CRS Report for Congress, at 6 (2009).]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Pricing_Security | Camp and Wolfram]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Introduction_to_Country_Reports | ENISA]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
*[[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | Moore and Clayton]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Password Weakness===
Security threats caused by the use of easily guessable passwords which protect vital stores of confidential information stored online.

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Patching===
Patching refers to the installation of a piece of software designed to fix problems with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability or performance. Though meant to fix problems, poorly designed patches can sometimes introduce new problems. [http://en.wikipedia.org/wiki/Patch_%28computing%29 Wikipedia]

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Phishing===
The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]],
* [[2007_Malware_Report | Computer Economics]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Privacy Law===
Laws which regulate the protection of confidential personal information stored in private records or disclosed to a professional. Also includes laws which regulate the gathering of electronic data in which personal information is accumulated or misappropriated.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy | Besunder]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Red Team===
A structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners’ and adversaries’ perspectives. See [http://www.tradoc.army.mil/pao/tnsarchives/July05/070205.htm U.S. Army]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | Deputy Chief of Staff for Intelligence]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Research & Development===
Research and development (R&D) addressing cyber security and information infrastructure protection.

References:
* [[Pricing_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Research_Agenda_for_the_Banking_and_Finance_Sector | Financial Services Sector Coordinating Council for Critical Infrastructure Protection]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[Cyber_Security_Research_and_Development_Agenda | Institute for Information Infrastructure Protection]]
* [[The_Need_for_a_National_Cybersecurity_Research_and_Development_Agenda | Maughan]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Risk Modeling===
The creation of a model to estimate risk exposure, policy option efficacy and cost-benefit analysis of a particular threat and solution. See [http://cisac.stanford.edu/publications/how_much_is_enough__a_riskmanagement_approach_to_computer_security/ Soo Hoo, Kevin J.]

References:
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Making_the_Best_Use_of_Cybersecurity_Economic_Models | Rue and Pfleeger]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]
* [[Beyond_Fear | Schneier]]
* [[Managing_Online_Security_Risks | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SCADA Systems===
SCADA stands for "supervisory control and data acquisition" and in the cybersecurity context usually refers to industrial control systems that control infrastructure such as electrical power transmission and distribution, water treatment and distribution, wastewater collection and treatment, oil and gas pipelines and large communication systems. The focus is on whether as these systems are connected to the public Internet they become vulnerable to a remote attack.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[Cyber_Power | Nye]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Scareware===
Software or web site that purports to be security software reporting a threat against a user's computer to convince the user to purchase unneeded software or install malware.

* [[2007_Malware_Report | Computer Economics]]
* [[McAfee Threats Report | McAfee]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Script Kiddie===
A derogatory term for a [[#Black_Hat | Black Hat]] who uses canned tools and programs written by more skillful [[#Hacker | hackers]] to commit cyber crime without understanding how they work.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Security Trade-Offs===
There is no single correct level of security; how much security you have depends on what you’re willing to give up in order to get it. This trade-off is, by its very nature, subjective—secu- rity decisions are based on personal judgments. Different people have different senses of what constitutes a threat, or what level of risk is acceptable. What’s more, between different commu- nities, or organizations, or even entire societies, there is no agreed-upon way in which to define threats or evaluate risks, and the modern technological and media-filled world makes these evaluations even harder. [http://www.scribd.com/doc/12185921/beyond-fear-thinking-sensibly-about-security-in-an-uncertain-world-bruce-schneier-copernicus-books-2003 Bruce Schneier]

References:

*[[Cyber-Insurance_Revisited | Bohme]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Shoulder Surfing===
The process of obtaining passwords or other sensitive information by covertly watching an authorized user enter information into a computer system.

References:
* [[Security_Engineering | Anderson]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sneakernet===
Describes the transfer of data between computers or networks that are not physically, electrically or electromagnetically connected requiring information to be shared by physically transporting media contain the shared information from one computer to another. Initially described systems lacking the technology to network together, now usually refers to systems deliberately isolated for security reasons.

See also: [[#Air-Gapped_Network | Air-Gapped Network]]

===Social Engineering===
Conning a human into supplying passwords, computer access or other sensitive information by pretending to be a person with rights to the information or who the target believes they must surrender the information to.

References:
* [[Security_Engineering | Anderson]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Cyber_Power | Nye]]
* [[The_Market_Consequences_of_Cybersecurity:_Defining_Externalities_and_Ways_to_Address_Them | OECD]], [[Cybersecurity_and_Economic_Incentives | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Social Network===
A software application or website that allows a large group of users to interact with each other, often allowing the creation of online portals or identities to share with specific people or the online world at large.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Software Vulnerability===

A software vulnerablilty refers to the existence of a flaw -- or "bug" -- in software that may allow a third party or program to obtain unauthorized access to the flaw and exploit it. [http://www.spi.dod.mil/tenets.htm U.S. Air Force Software Protection Initiative]

References:
* [[Security_Engineering | Anderson]]
* [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission Impact of Foreign Influence on DoD Software | DoD]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The Price of Restricting Vulnerability Publications | Granick]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SPAM===
Unwanted or junk email usually sent indiscriminately in bulk selling illegal or near illegal goods or services. Even with low response rates and heavy filtering, SPAM can stil be economically viable because of the extremely low costs in sending even huge quantities of electronic messages. Commonly believed to be named after the [http://www.youtube.com/watch?v=anwy2MPT5RE Monty Python skit] where the breakfast meat Spam overwhelms all other food choices.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sponsored Attacks===
[[#Computer_Network_Attack | Computer network attacks]] commissioned by, supported by or carried out by a state or government.

Reverences:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===State Affiliation===
Under the control or command of a recognized state or government.

References:
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Tragedy of Commons===
A situation, first described in an influential article written by ecologist Garrett Hardin for the journal Science, in 1968, in which multiple individuals, acting independently, and solely and rationally consulting their own self-interest, will ultimately deplete a shared limited resource even when it is clear that it is not in anyone's long-term interest for this to happen. The term can be applied to any issue related to the management of a shared resource, from energy to the public domain, to cybersecurity.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Transparency===
A set of policies, practices and procedures that allow citizens to have accessibility, usability, informativeness, understandability and auditability of information and process held by centers of authority. [http://en.wikipedia.org/wiki/Transparency_(social) Wikipedia]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Trojan===
[[#Malware | Malware]] which masquerades as some other type of program such as a link to a web site, a desirable image, etc. to trick a user into installing it. Named for the Ancient Greek legend of the [http://www.mlahanas.de/Greeks/Mythology/TrojanHorse.html Trojan Horse].

References:
* [[Security_Engineering | Anderson]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
*[[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Military Technologies===
Warfare made possible by advances in remotely controlled or semiautomated military technologies which remove the operator from risk of harm while attacking an opponent.

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Global_Cyber_Deterrence_Views_from_China | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Warfare===

See: [[#Virtual_Military_Technologies | Virtual Military Technologies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===White Hat===
A white hat is a computer [[#Hacker | hacker]] who works to find and fix computer security risks. White hat consultants are often hired to attempt to break into their client's network to see if all security holes have been addressed.

See also: [[#Black_Hat | Black Hat]]

References:
* [[Security_Engineering | Anderson]], [[Why_Information_Security_is_Hard | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Whitelist===
A list of computers, IP (Internet Protocol) addresses, user names or other identifiers to specifically allow access to a computing resource. Normally combined with a default "no-access" policy.

See also: [[#Blacklist | Blacklist]]

References:
* [[Security_Engineering | Anderson]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Worm===
A type of malware that replicates itself and spreads to other computers through network connections.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Zero-Day Exploit===
[[#Malware | Malware]] designed to exploit a newly discovered security hole unknown to the software developer. "Zero-day" refers to the amount of time a developer has between learning of a security hole and the time it becomes public or when [[#Black_Hat | black hat]] [[#Hacker | hackers]] find out about it and try to use the security hole for nefarious purposes.

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[McAfee Threats Report | McAfee]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

Keyword Index and Glossary of Core Ideas

2010-08-03T15:31:26Z

Felix: /* Risk Modeling */

==Keyword Index and Glossary of Core Ideas==

===Air-Gapped Network===
Air gapping is a security measure that isolates a secure network from unsecure networks physically, electrically and electromagnetically.

See also: [[Keyword_Index_and_Glossary_of_Core_Ideas#Sneakernet | Sneakernet]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Antivirus===
Software which attempts to identify and delete or isolate [[#Malware |malware]]. Antivirus software may use both a database containing signatures of known threats and heuristics to identify malware. Usually run as a background service to scan files and email copied to the protected system.

References:
* [[Security_Engineering | Anderson]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Best Practices===

The processes, practices, and systems identified in public and private organizations that performed exceptionally well and are widely recognized as improving an organization's performance and efficiency in specific areas. Successfully identifying and applying best practices can reduce business expenses and improve organizational efficiency. [http://www.gao.gov/special.pubs/bprag/bprgloss.htm GAO Glossary]

* [[Hardening_The_Internet | National Infrastructure Advisory Council]]

===Black Hat===
A black hat is a computer [[#Hacker | hacker]] who works to harm others (e.g., steal identities, spread computer viruses, install bot software).

See also: [[#White_Hat | White Hat]]

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Blacklist===
A list of computers, IP addresses, user names or other identifiers to block from access to a computing resource.

See also: [[#Whitelist | Whitelist]]

References:
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Botnet===
A portmanteau of "robot" and "network." Refers to networks of sometimes millions of infected machines that are remotely controlled by malicious actors. A single infected computer may be referred to as a zombie computer. The owners of the computer remotely controlled is often unaware of the infection. The owners of a botnet may use the combined network processing power and bandwidth to send [[#SPAM | SPAM]], install [[#Malware | malware]] and mount [[#DDoS_Attack | DDoS attacks]] or may rent out the botnet to other malicious actors.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Power | Nye]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Schneier_on_Security | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===''Casus Belli''===
The justification for going to war. From the Latin "''casus''" meaning "incident" or "event" and "''belli''" meaning "of war."

References:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Wired_Warfare | Schmitt]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Civilian Participation===
The involvement of non-military persons in warfare. While civilians have often provided support to the military in kinetic wars, in [[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Warfare | cyber warfare]] civilians are able to remotely participate in direct attacks against opponents. This raises complicated questions of law when the combatants are not uniformed military personnel.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Combatant Status===
The legal status of combatants in warfare. Existing law distinguishes between uniformed military and civilian status.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Emergency Response Team===
A group of experts brought together to deal with computer security issues. The Computer Emergency Response Team (CERT) mandate is to develop and promote best management practices and technology applications to “resist attacks on networked systems, to limit damage, and to ensure continuity of critical services.” (Software Engineering Institute 2008). CERT may be formed by governments to handle security at the national level or by academic institutions or individual corporations.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Network Attack===
Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves. [http://www.fas.org/irp/doddir/dod/jp3_13.pdf Joint Doctrine for Information Operations JP 3-13 at I-9 (1998)]

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Information_Security | GAO]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Computers_and_War | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Communications Privacy Law===
Laws which regulate access to electronic communications. In the United States, the [http://www.usiia.org/legis/ecpa.html Electronic Communications Privacy Act (ECPA]) protects electronic communications while in transit and prohibits the unlawful access and disclosure of communication contents.

References:
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[Cybersecurity:_Preventing_Terrorist_Attacks_and_Protecting_Privacy_in_Cyberspace | Nojeim]]
* [[Cyber_Power | Nye]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===COTS Software===
Commercial Off The Shelf Software. Software that is prepackaged and sold as a commodity rather than custom written for a specific user/organization or purpose. Examples include operating systems, database management programs, email servers, application servers and office product suites. [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD at 18.]]

References:
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Trust in Cyberspace | National Research Council]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Credit Card Fraud===
Theft of goods or services using false or stolen credit card information.

See Also: [[#Shoulder_Surfing | Shoulder Surfing]]

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Crimeware===
Software tools designed to aid criminals in perpetrating online crime. Refers only to programs not generally considered desirable or usable for ordinary tasks. Thus, while a criminal may use Internet Explorer in the commission of a [[#Cyber_Crime | cybercrime]], the Internet Explorer application itself would not be considered crimeware.

References:
* [[2007_Malware_Report |Computer Economics]]
* [[Cybersecurity | Bauer and van Eeten]], [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Crime===
In its broadest definition, cybercrime includes all crime perpetrated with or involving a computer. Symantec defines it as any crime that is committed using a computer or network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime. The crime may take place on the computer alone or in addition to other locations. [http://www.symantec.com/norton/cybercrime/definition.jsp Symantec]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as an Externality===
Economists define externalities as instances where an individual or firm’s actions have
economic consequences for others for which there is no compensation. One important
distinction is between positive and negative externalities. Instances of the latter are most
commonly discussed, such as the environmental pollution caused by a plant, which may
have impacts on the value of neighboring homes. Important examples of positive
externalities are so common in communications networks that there is a class of "network
externalities. For instance, the simple act of installing telephone service to one additional
customer creates positive externalities on everyone on the telephone network because
they can now each reach one additional person.
Several attributes of computer security suggest that it is an externality. Most importantly,
the lack of security on one machine can cause adverse effects on another. The most
obvious example of this is from electronic commerce, where credit card numbers stolen
from machines lacking security are used to commit fraud at other sites.

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Pricing_Security | Camp and Wolfram]], [[Economics_of_Information_Security | 2]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as a Public Good===
In economics, a public good is a good that is non-rivalrous and non-excludable. Non-rivalry means that consumption of the good by one individual does not reduce availability of the good for consumption by others; and non-excludability that no one can be effectively excluded from using the good.

References:
* [[Security_Engineering | Anderson]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Terrorism===
A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. [http://judiciary.senate.gov/hearings/testimony.cfm?id=1054&wit_id=2995 FBI]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Beyond_Fear | Schneier]]
* [[The_Evolving_Landscape_of_Maritime_Cybersecurity | Shah]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Warfare===
Actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption. [[Cyber_War | Clarke]]

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_War | Clarke]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks#Full_Citation | Cornish]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Global_Cyber_Deterrence | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Data Mining===
The process of extracting hidden information and correlations from one or more databases or collections of data that would not normally be revealed by a simple database query.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy#Synopsis | Besunder]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Schneier on Security | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Department of Homeland Security===
Cabinet level department of the United States assigned, ''inter alia'', the task of protecting against terrorist threats and helping state and local authorities prepare for, respond to and recover from domestic disasters.

References:
* [[Cyber_War | Clarke]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Information_Security | GAO]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]], [[Schneier on Security | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===DDoS Attack===
The disabling of a targeted website or Internet connection by flooding it with such high levels of Internet traffic that it can no longer respond to normal connection requests. Often mounted by directing an army of zombie computers (see [[#Botnet | botnet]]) to connect to the targeted site simultaneously. The targeted site may crash while trying to respond to an overwhelming number of connections requests or it may be disabled because all available bandwidth and/or computing resources are tied up responding to the attack requests.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin. et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Digital Pearl Harbor===
A cyberwarfare attack similar in scale and surprise to the 1941 attack on Pearl Harbor. The expression is often invoked by those who argue that a cyber-based attack is either imminent or inevitable and that by not being properly prepared, the United States will suffer significant and unnecessary losses.

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Disclosure Policy===
A policy that governs the disclosure to clients and other stakeholder by a provider of a computer program or system of defects discovered in those products.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Schneier on Security | Schneier]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Distributed Denial of Service (DDoS)===
See: [[#DDoS_Attack | DDoS Attack]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Dumpster Diving===
A method of obtaining proprietary, confidential or useful information by searching through trash discarded by a target.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Einstein===
The operational name of the National Cybersecurity Protection System (NCPS). Was created in 2003 by the United States Computer Emergency Readiness Team (US-CERT)14 in order to aid in its ability to help reduce and prevent computer network vulnerabilities across the federal government. The initial version of Einstein provided an automated process for collecting, correlating, and analyzing agencies’ computer network traffic information from sensors installed at their Internet connections. The Einstein sensors collected
network flow records at participating agencies, which were then analyzed by US-CERT to detect certain types of malicious activity.

References:
* [[Information_Security | GAO]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===E.U. Cybersecurity===
Discussions relating to cybersecurity of the European Union and of European Union states.

References:
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Introduction_to_Country_Reports | ENISA]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Generativity===
Generativity is a system’s capacity to produce unanticipated change through unﬁltered contributions from broad and varied audiences.

References:

*[[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Geneva Conventions===
Four treaties and three additional protocols that regulates the conduct of hostilities between states and set the standards for humanitarian treatment of the victims of war.

See also: [[#Laws_of_War | Laws of War]]

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacker===
Advanced computer users who spend a lot of time on or with computers and work hard to find vulnerabilities in IT systems. [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]

References:
* [[Security_Engineering | Anderson]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[McAfee Threats Report | McAfee]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivism===
The nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development. [http://www.alexandrasamuel.com/dissertation/index.html Samuel, A.]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivist===
A portmanteau of [[#Hacker | "hacker"]] and "activist." Individuals that have a political motive for their activities, and identify that motivation by their actions, such as defacing opponents’ websites with counter-information or disinformation.

See also: [[#Hacktivism | Hacktivism]]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[McAfee Threats Report | McAfee]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Honeypot===
A computer, network or other information technology resource set as a trap to attract attacks. Honeypots may be used to collect metrics (how long does it take for an unprotected system to be breached), to test defenses, to examine methods of attack or to catch attackers. A honeypot system may also be used to collect [[#SPAM | SPAM]] so it can be added to a [[#Blacklist | blacklist]].

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Identity Fraud/Theft===
The exploitation by malevolent third parties of unwarranted access to clients' or consumers' identities. Often the result of lax data security or privacy measures.

References:
* [[Security_Engineering | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[2007_Malware_Report | Computer Economics]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Asymmetries===
Information asymmetry deals with the study of decisions in transactions where one party has more or better information than the other. This creates an imbalance of power in transactions which can sometimes cause the transactions to go awry.

The software market suffers from the same information asymmetry. Vendors may make claims about the security of their products, but buyers have no reason to trust them. In many cases, even the vendor does not know how secure its software is. So buyers have no reason to pay more for protection, and vendors are disinclined to invest in it.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Cyber_War | Clarke]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Wired_Warfare | Schmitt]]
* [[Schneier on Security | Schneier]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Intelligence Infrastructure/Information Infrastructure===
The network of computers and communication lines underlying critical services that American society has come to depend on: financial systems, the power grid, transportation, emergency services, and government programs. Information infrastructure includes the Internet, telecommunications networks, “embedded” systems (the built-in microprocessors that control machines from microwaves to missiles), and “dedicated” devices like individual personal computers. [http://www.cfr.org/publication/10212/targets_for_terrorism.html Council on Foreign Relations]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Cyber_Power | Nye]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Operations===
Actions taken to affect adversary information and information systems while defending one’s own information and information systems.” Information Operations (IO) can occur during peacetime and at every level of warfare.
Information warfare (IW), by contrast, is IO “conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries” [Joint Chiefs of Staff, Department of Defense, Dictionary of Military and Associated Terms, Joint Publication]

References:
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Interdependencies===
The inter-connections between supposedly independent but often interdependent systems.

See also: [[#SCADA_Systems | SCADA Systems]]

References:
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Cyber-Insurance_Revisited | Bohme]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Trust in Cyberspace | National Research Council]]
* [[Cybersecurity_and_Economic_Incentives | OECD]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | Schmitt]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===International Humanitarian Law===
That part of international law which seek, for humanitarian reasons, to limit the effects of armed conflict. It protects persons who are not or are no longer participating in the hostilities and restricts the means and methods of warfare. International humanitarian law is also known as the law of war or the law of armed conflict. International law is the body of rules governing relations between States. It is contained in agreements between States (treaties or conventions), in customary rules, which consist of State practise considered by them as as legally binding, and in general principles. [http://www.icrc.org/web/eng/siteeng0.nsf/html/humanitarian-law-factsheet ICRC]

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Relay Chat (IRC)===
A method of real-time Internet communication often used by criminals to buy and sell purloined information such as credit card numbers and personal identity information. IRC chatrooms may be open or private.

References:
* [[Security_Engineering | Anderson]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Service Providers===
A company that offers access to the Internet. Internet Service Providers may also provide add-on services such as web hosting, electronic mail, virus scanning, SPAM filtering, etc.

References:
* [[Security_Engineering | Anderson]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[The_Market_Consequences_of_Cybersecurity | OECD]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Keylogger===
Software or hardware that monitors and logs the keystrokes a user types into a computer. The keylogger may store the key sequences locally for later retrieval or send them to a remote location. A hardware keylogger can only be detected by physically inspecting the computer for unusual hardware.

References:
* [[Security_Engineering | Anderson]]
* [[2007_Malware_Report | Computer Economics]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

=== Kinetic Attack===
Traditional mode of warfare in which arms are used to kill opponents and/or destroy an opponent's infrastructure. Usually used to distinguish a cyber attack in which destruction of the opponent's resources is accomplished through targeted information system attacks without resorting to bullets, bombs or explosives.

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Computers_and_War | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Lawfare===
The use of international law to damage an opponent in a war without use of arms.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Laws of War===
The body of law that define the legality of using armed force to resolve a conflict (''jus ad bellum'') and the laws that define the legality of the actual hostilities and related activities (''jus in bello'').

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Cyber-Apocalypse_Now | Gable]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Power | Nye]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Malware===
A variety of computer software designed to infiltrate a user's computer specifically for malicious purposes. Includes, ''inter alia'', computer virus software, botnet software, computer worms, spyware, trojan horses, crimeware and rootkits.

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[2007_Malware_Report | Computer Economics]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Cybersecurity Strategy (U.S.)===
A comprehensive policy to secure America’s digital infrastructure as part of the Administrative Branch's [http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative Comprehensive National Cybersecurity Initiative]. The goals of the policy are: to establish a front line of defense against current immediate threats; to defend against threats by enhancing U.S. counterintelligence capabilities and; to strengthen the future cybersecurity environment by expanding cyber education and redirecting research and development efforts to define and develop strategies to deter hostile or malicious activity in cyberspace.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Security_and_Regulation_in_the_United_States | Lewis]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Security===
Broadly refers to the requirement to maintain the survival of the nation-state through the use of economic, military and political power and the exercise of diplomacy. [http://en.wikipedia.org/wiki/National_security Wikipedia]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===New Normalcy===
New normalcy has become an episodic polict construct in U.S. strategic ideation. National leadership has relied on the new normalcy clarion call to illuminate moments in time when it is understood that the Nation faces not only a severe threat, but also a transcending reorientation. Often invoked in times of national crisis, new normalcy in the American experience signals a cardinal shift in the nature of U.S. security. ["Cyber Operations - The New Balance," Stephen W. Korns]

===Notice and Take-down===
Most commonly used to remove infringing web material under copyright law, a notice and take-down regime is a procedure by which an infringing web site is removed from a service provider's (ISP) network, or access to an allegedly infringing website, disabled. Websites violating copyright are subject to notice and take-down, as are phishing websites.

References:
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Organized Crime===
Groups having some manner of a formalized structure and whose primary objective is to obtain money through illegal activities. Such groups maintain their position through the use of actual or threatened violence, corrupt public officials, graft, or extortion, and generally have a significant impact on the people in their locales, region, or the country as a whole. [http://www.fbi.gov/hq/cid/orgcrime/glossary.htm FBI]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Outreach and Collaboration===
Working across government and with the private sector to share information on threats and other data, and to develop shared approaches to securing cyberspace. [http://www.fas.org/sgp/crs/natsec/R40836.pdf CRS Report for Congress, at 6 (2009).]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Pricing_Security | Camp and Wolfram]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Introduction_to_Country_Reports | ENISA]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
*[[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | Moore and Clayton]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Password Weakness===
Security threats caused by the use of easily guessable passwords which protect vital stores of confidential information stored online.

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Patching===
Patching refers to the installation of a piece of software designed to fix problems with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability or performance. Though meant to fix problems, poorly designed patches can sometimes introduce new problems. [http://en.wikipedia.org/wiki/Patch_%28computing%29 Wikipedia]

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Phishing===
The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]],
* [[2007_Malware_Report | Computer Economics]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Privacy Law===
Laws which regulate the protection of confidential personal information stored in private records or disclosed to a professional. Also includes laws which regulate the gathering of electronic data in which personal information is accumulated or misappropriated.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy | Besunder]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Red Team===
A structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners’ and adversaries’ perspectives. See [http://www.tradoc.army.mil/pao/tnsarchives/July05/070205.htm U.S. Army]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | Deputy Chief of Staff for Intelligence]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Research & Development===
Research and development (R&D) addressing cyber security and information infrastructure protection.

References:
* [[Pricing_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Research_Agenda_for_the_Banking_and_Finance_Sector | Financial Services Sector Coordinating Council for Critical Infrastructure Protection]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[Cyber_Security_Research_and_Development_Agenda | Institute for Information Infrastructure Protection]]
* [[The_Need_for_a_National_Cybersecurity_Research_and_Development_Agenda | Maughan]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Risk Modeling===
The creation of a model to estimate risk exposure, policy option efficacy and cost-benefit analysis of a particular threat and solution. See [http://cisac.stanford.edu/publications/how_much_is_enough__a_riskmanagement_approach_to_computer_security/ Soo Hoo, Kevin J.]

References:
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Making_the_Best_Use_of_Cybersecurity_Economic_Models | Rue and Pfleeger]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]
* [[Beyond_Fear | Schneier]]
* [[Managing_Online_Security_Risks | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SCADA Systems===
SCADA stands for "supervisory control and data acquisition" and in the cybersecurity context usually refers to industrial control systems that control infrastructure such as electrical power transmission and distribution, water treatment and distribution, wastewater collection and treatment, oil and gas pipelines and large communication systems. The focus is on whether as these systems are connected to the public Internet they become vulnerable to a remote attack.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[Cyber_Power | Nye]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Scareware===
Software or web site that purports to be security software reporting a threat against a user's computer to convince the user to purchase unneeded software or install malware.

* [[2007_Malware_Report | Computer Economics]]
* [[McAfee Threats Report | McAfee]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Script Kiddie===
A derogatory term for a [[#Black_Hat | Black Hat]] who uses canned tools and programs written by more skillful [[#Hacker | hackers]] to commit cyber crime without understanding how they work.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Security Trade-Offs===
There is no single correct level of security; how much security you have depends on what you’re willing to give up in order to get it. This trade-off is, by its very nature, subjective—secu- rity decisions are based on personal judgments. Different people have different senses of what constitutes a threat, or what level of risk is acceptable. What’s more, between different commu- nities, or organizations, or even entire societies, there is no agreed-upon way in which to define threats or evaluate risks, and the modern technological and media-filled world makes these evaluations even harder. [http://www.scribd.com/doc/12185921/beyond-fear-thinking-sensibly-about-security-in-an-uncertain-world-bruce-schneier-copernicus-books-2003 Bruce Schneier]

References:

*[[Cyber-Insurance_Revisited | Bohme]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Shoulder Surfing===
The process of obtaining passwords or other sensitive information by covertly watching an authorized user enter information into a computer system.

References:
* [[Security_Engineering | Anderson]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sneakernet===
Describes the transfer of data between computers or networks that are not physically, electrically or electromagnetically connected requiring information to be shared by physically transporting media contain the shared information from one computer to another. Initially described systems lacking the technology to network together, now usually refers to systems deliberately isolated for security reasons.

See also: [[#Air-Gapped_Network | Air-Gapped Network]]

===Social Engineering===
Conning a human into supplying passwords, computer access or other sensitive information by pretending to be a person with rights to the information or who the target believes they must surrender the information to.

References:
* [[Security_Engineering | Anderson]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Cyber_Power | Nye]]
* [[The_Market_Consequences_of_Cybersecurity:_Defining_Externalities_and_Ways_to_Address_Them | OECD]], [[Cybersecurity_and_Economic_Incentives | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Social Network===
A software application or website that allows a large group of users to interact with each other, often allowing the creation of online portals or identities to share with specific people or the online world at large.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Software Vulnerability===

A software vulnerablilty refers to the existence of a flaw -- or "bug" -- in software that may allow a third party or program to obtain unauthorized access to the flaw and exploit it. [http://www.spi.dod.mil/tenets.htm U.S. Air Force Software Protection Initiative]

References:
* [[Security_Engineering | Anderson]]
* [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission Impact of Foreign Influence on DoD Software | DoD]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The Price of Restricting Vulnerability Publications | Granick]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SPAM===
Unwanted or junk email usually sent indiscriminately in bulk selling illegal or near illegal goods or services. Even with low response rates and heavy filtering, SPAM can stil be economically viable because of the extremely low costs in sending even huge quantities of electronic messages. Commonly believed to be named after the [http://www.youtube.com/watch?v=anwy2MPT5RE Monty Python skit] where the breakfast meat Spam overwhelms all other food choices.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sponsored Attacks===
[[#Computer_Network_Attack | Computer network attacks]] commissioned by, supported by or carried out by a state or government.

Reverences:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===State Affiliation===
Under the control or command of a recognized state or government.

References:
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Tragedy of Commons===
A situation, first described in an influential article written by ecologist Garrett Hardin for the journal Science, in 1968, in which multiple individuals, acting independently, and solely and rationally consulting their own self-interest, will ultimately deplete a shared limited resource even when it is clear that it is not in anyone's long-term interest for this to happen. The term can be applied to any issue related to the management of a shared resource, from energy to the public domain, to cybersecurity.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Transparency===
A set of policies, practices and procedures that allow citizens to have accessibility, usability, informativeness, understandability and auditability of information and process held by centers of authority. [http://en.wikipedia.org/wiki/Transparency_(social) Wikipedia]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Trojan===
[[#Malware | Malware]] which masquerades as some other type of program such as a link to a web site, a desirable image, etc. to trick a user into installing it. Named for the Ancient Greek legend of the [http://www.mlahanas.de/Greeks/Mythology/TrojanHorse.html Trojan Horse].

References:
* [[Security_Engineering | Anderson]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
*[[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Military Technologies===
Warfare made possible by advances in remotely controlled or semiautomated military technologies which remove the operator from risk of harm while attacking an opponent.

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Global_Cyber_Deterrence_Views_from_China | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Warfare===

See: [[#Virtual_Military_Technologies | Virtual Military Technologies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===White Hat===
A white hat is a computer [[#Hacker | hacker]] who works to find and fix computer security risks. White hat consultants are often hired to attempt to break into their client's network to see if all security holes have been addressed.

See also: [[#Black_Hat | Black Hat]]

References:
* [[Security_Engineering | Anderson]], [[Why_Information_Security_is_Hard | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Whitelist===
A list of computers, IP (Internet Protocol) addresses, user names or other identifiers to specifically allow access to a computing resource. Normally combined with a default "no-access" policy.

See also: [[#Blacklist | Blacklist]]

References:
* [[Security_Engineering | Anderson]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Worm===
A type of malware that replicates itself and spreads to other computers through network connections.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Zero-Day Exploit===
[[#Malware | Malware]] designed to exploit a newly discovered security hole unknown to the software developer. "Zero-day" refers to the amount of time a developer has between learning of a security hole and the time it becomes public or when [[#Black_Hat | black hat]] [[#Hacker | hackers]] find out about it and try to use the security hole for nefarious purposes.

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[McAfee Threats Report | McAfee]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

Keyword Index and Glossary of Core Ideas

2010-08-03T15:31:26Z

Felix: /* Phishing */

==Keyword Index and Glossary of Core Ideas==

===Air-Gapped Network===
Air gapping is a security measure that isolates a secure network from unsecure networks physically, electrically and electromagnetically.

See also: [[Keyword_Index_and_Glossary_of_Core_Ideas#Sneakernet | Sneakernet]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Antivirus===
Software which attempts to identify and delete or isolate [[#Malware |malware]]. Antivirus software may use both a database containing signatures of known threats and heuristics to identify malware. Usually run as a background service to scan files and email copied to the protected system.

References:
* [[Security_Engineering | Anderson]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Best Practices===

The processes, practices, and systems identified in public and private organizations that performed exceptionally well and are widely recognized as improving an organization's performance and efficiency in specific areas. Successfully identifying and applying best practices can reduce business expenses and improve organizational efficiency. [http://www.gao.gov/special.pubs/bprag/bprgloss.htm GAO Glossary]

* [[Hardening_The_Internet | National Infrastructure Advisory Council]]

===Black Hat===
A black hat is a computer [[#Hacker | hacker]] who works to harm others (e.g., steal identities, spread computer viruses, install bot software).

See also: [[#White_Hat | White Hat]]

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Blacklist===
A list of computers, IP addresses, user names or other identifiers to block from access to a computing resource.

See also: [[#Whitelist | Whitelist]]

References:
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Botnet===
A portmanteau of "robot" and "network." Refers to networks of sometimes millions of infected machines that are remotely controlled by malicious actors. A single infected computer may be referred to as a zombie computer. The owners of the computer remotely controlled is often unaware of the infection. The owners of a botnet may use the combined network processing power and bandwidth to send [[#SPAM | SPAM]], install [[#Malware | malware]] and mount [[#DDoS_Attack | DDoS attacks]] or may rent out the botnet to other malicious actors.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Power | Nye]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Schneier_on_Security | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===''Casus Belli''===
The justification for going to war. From the Latin "''casus''" meaning "incident" or "event" and "''belli''" meaning "of war."

References:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Wired_Warfare | Schmitt]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Civilian Participation===
The involvement of non-military persons in warfare. While civilians have often provided support to the military in kinetic wars, in [[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Warfare | cyber warfare]] civilians are able to remotely participate in direct attacks against opponents. This raises complicated questions of law when the combatants are not uniformed military personnel.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Combatant Status===
The legal status of combatants in warfare. Existing law distinguishes between uniformed military and civilian status.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Emergency Response Team===
A group of experts brought together to deal with computer security issues. The Computer Emergency Response Team (CERT) mandate is to develop and promote best management practices and technology applications to “resist attacks on networked systems, to limit damage, and to ensure continuity of critical services.” (Software Engineering Institute 2008). CERT may be formed by governments to handle security at the national level or by academic institutions or individual corporations.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Network Attack===
Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves. [http://www.fas.org/irp/doddir/dod/jp3_13.pdf Joint Doctrine for Information Operations JP 3-13 at I-9 (1998)]

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Information_Security | GAO]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Computers_and_War | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Communications Privacy Law===
Laws which regulate access to electronic communications. In the United States, the [http://www.usiia.org/legis/ecpa.html Electronic Communications Privacy Act (ECPA]) protects electronic communications while in transit and prohibits the unlawful access and disclosure of communication contents.

References:
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[Cybersecurity:_Preventing_Terrorist_Attacks_and_Protecting_Privacy_in_Cyberspace | Nojeim]]
* [[Cyber_Power | Nye]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===COTS Software===
Commercial Off The Shelf Software. Software that is prepackaged and sold as a commodity rather than custom written for a specific user/organization or purpose. Examples include operating systems, database management programs, email servers, application servers and office product suites. [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD at 18.]]

References:
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Trust in Cyberspace | National Research Council]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Credit Card Fraud===
Theft of goods or services using false or stolen credit card information.

See Also: [[#Shoulder_Surfing | Shoulder Surfing]]

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Crimeware===
Software tools designed to aid criminals in perpetrating online crime. Refers only to programs not generally considered desirable or usable for ordinary tasks. Thus, while a criminal may use Internet Explorer in the commission of a [[#Cyber_Crime | cybercrime]], the Internet Explorer application itself would not be considered crimeware.

References:
* [[2007_Malware_Report |Computer Economics]]
* [[Cybersecurity | Bauer and van Eeten]], [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Crime===
In its broadest definition, cybercrime includes all crime perpetrated with or involving a computer. Symantec defines it as any crime that is committed using a computer or network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime. The crime may take place on the computer alone or in addition to other locations. [http://www.symantec.com/norton/cybercrime/definition.jsp Symantec]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as an Externality===
Economists define externalities as instances where an individual or firm’s actions have
economic consequences for others for which there is no compensation. One important
distinction is between positive and negative externalities. Instances of the latter are most
commonly discussed, such as the environmental pollution caused by a plant, which may
have impacts on the value of neighboring homes. Important examples of positive
externalities are so common in communications networks that there is a class of "network
externalities. For instance, the simple act of installing telephone service to one additional
customer creates positive externalities on everyone on the telephone network because
they can now each reach one additional person.
Several attributes of computer security suggest that it is an externality. Most importantly,
the lack of security on one machine can cause adverse effects on another. The most
obvious example of this is from electronic commerce, where credit card numbers stolen
from machines lacking security are used to commit fraud at other sites.

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Pricing_Security | Camp and Wolfram]], [[Economics_of_Information_Security | 2]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as a Public Good===
In economics, a public good is a good that is non-rivalrous and non-excludable. Non-rivalry means that consumption of the good by one individual does not reduce availability of the good for consumption by others; and non-excludability that no one can be effectively excluded from using the good.

References:
* [[Security_Engineering | Anderson]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Terrorism===
A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. [http://judiciary.senate.gov/hearings/testimony.cfm?id=1054&wit_id=2995 FBI]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Beyond_Fear | Schneier]]
* [[The_Evolving_Landscape_of_Maritime_Cybersecurity | Shah]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Warfare===
Actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption. [[Cyber_War | Clarke]]

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_War | Clarke]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks#Full_Citation | Cornish]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Global_Cyber_Deterrence | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Data Mining===
The process of extracting hidden information and correlations from one or more databases or collections of data that would not normally be revealed by a simple database query.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy#Synopsis | Besunder]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Schneier on Security | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Department of Homeland Security===
Cabinet level department of the United States assigned, ''inter alia'', the task of protecting against terrorist threats and helping state and local authorities prepare for, respond to and recover from domestic disasters.

References:
* [[Cyber_War | Clarke]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Information_Security | GAO]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]], [[Schneier on Security | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===DDoS Attack===
The disabling of a targeted website or Internet connection by flooding it with such high levels of Internet traffic that it can no longer respond to normal connection requests. Often mounted by directing an army of zombie computers (see [[#Botnet | botnet]]) to connect to the targeted site simultaneously. The targeted site may crash while trying to respond to an overwhelming number of connections requests or it may be disabled because all available bandwidth and/or computing resources are tied up responding to the attack requests.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin. et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Digital Pearl Harbor===
A cyberwarfare attack similar in scale and surprise to the 1941 attack on Pearl Harbor. The expression is often invoked by those who argue that a cyber-based attack is either imminent or inevitable and that by not being properly prepared, the United States will suffer significant and unnecessary losses.

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Disclosure Policy===
A policy that governs the disclosure to clients and other stakeholder by a provider of a computer program or system of defects discovered in those products.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Schneier on Security | Schneier]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Distributed Denial of Service (DDoS)===
See: [[#DDoS_Attack | DDoS Attack]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Dumpster Diving===
A method of obtaining proprietary, confidential or useful information by searching through trash discarded by a target.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Einstein===
The operational name of the National Cybersecurity Protection System (NCPS). Was created in 2003 by the United States Computer Emergency Readiness Team (US-CERT)14 in order to aid in its ability to help reduce and prevent computer network vulnerabilities across the federal government. The initial version of Einstein provided an automated process for collecting, correlating, and analyzing agencies’ computer network traffic information from sensors installed at their Internet connections. The Einstein sensors collected
network flow records at participating agencies, which were then analyzed by US-CERT to detect certain types of malicious activity.

References:
* [[Information_Security | GAO]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===E.U. Cybersecurity===
Discussions relating to cybersecurity of the European Union and of European Union states.

References:
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Introduction_to_Country_Reports | ENISA]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Generativity===
Generativity is a system’s capacity to produce unanticipated change through unﬁltered contributions from broad and varied audiences.

References:

*[[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Geneva Conventions===
Four treaties and three additional protocols that regulates the conduct of hostilities between states and set the standards for humanitarian treatment of the victims of war.

See also: [[#Laws_of_War | Laws of War]]

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacker===
Advanced computer users who spend a lot of time on or with computers and work hard to find vulnerabilities in IT systems. [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]

References:
* [[Security_Engineering | Anderson]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[McAfee Threats Report | McAfee]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivism===
The nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development. [http://www.alexandrasamuel.com/dissertation/index.html Samuel, A.]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivist===
A portmanteau of [[#Hacker | "hacker"]] and "activist." Individuals that have a political motive for their activities, and identify that motivation by their actions, such as defacing opponents’ websites with counter-information or disinformation.

See also: [[#Hacktivism | Hacktivism]]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[McAfee Threats Report | McAfee]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Honeypot===
A computer, network or other information technology resource set as a trap to attract attacks. Honeypots may be used to collect metrics (how long does it take for an unprotected system to be breached), to test defenses, to examine methods of attack or to catch attackers. A honeypot system may also be used to collect [[#SPAM | SPAM]] so it can be added to a [[#Blacklist | blacklist]].

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Identity Fraud/Theft===
The exploitation by malevolent third parties of unwarranted access to clients' or consumers' identities. Often the result of lax data security or privacy measures.

References:
* [[Security_Engineering | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[2007_Malware_Report | Computer Economics]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Asymmetries===
Information asymmetry deals with the study of decisions in transactions where one party has more or better information than the other. This creates an imbalance of power in transactions which can sometimes cause the transactions to go awry.

The software market suffers from the same information asymmetry. Vendors may make claims about the security of their products, but buyers have no reason to trust them. In many cases, even the vendor does not know how secure its software is. So buyers have no reason to pay more for protection, and vendors are disinclined to invest in it.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Cyber_War | Clarke]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Wired_Warfare | Schmitt]]
* [[Schneier on Security | Schneier]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Intelligence Infrastructure/Information Infrastructure===
The network of computers and communication lines underlying critical services that American society has come to depend on: financial systems, the power grid, transportation, emergency services, and government programs. Information infrastructure includes the Internet, telecommunications networks, “embedded” systems (the built-in microprocessors that control machines from microwaves to missiles), and “dedicated” devices like individual personal computers. [http://www.cfr.org/publication/10212/targets_for_terrorism.html Council on Foreign Relations]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Cyber_Power | Nye]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Operations===
Actions taken to affect adversary information and information systems while defending one’s own information and information systems.” Information Operations (IO) can occur during peacetime and at every level of warfare.
Information warfare (IW), by contrast, is IO “conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries” [Joint Chiefs of Staff, Department of Defense, Dictionary of Military and Associated Terms, Joint Publication]

References:
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Interdependencies===
The inter-connections between supposedly independent but often interdependent systems.

See also: [[#SCADA_Systems | SCADA Systems]]

References:
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Cyber-Insurance_Revisited | Bohme]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Trust in Cyberspace | National Research Council]]
* [[Cybersecurity_and_Economic_Incentives | OECD]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | Schmitt]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===International Humanitarian Law===
That part of international law which seek, for humanitarian reasons, to limit the effects of armed conflict. It protects persons who are not or are no longer participating in the hostilities and restricts the means and methods of warfare. International humanitarian law is also known as the law of war or the law of armed conflict. International law is the body of rules governing relations between States. It is contained in agreements between States (treaties or conventions), in customary rules, which consist of State practise considered by them as as legally binding, and in general principles. [http://www.icrc.org/web/eng/siteeng0.nsf/html/humanitarian-law-factsheet ICRC]

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Relay Chat (IRC)===
A method of real-time Internet communication often used by criminals to buy and sell purloined information such as credit card numbers and personal identity information. IRC chatrooms may be open or private.

References:
* [[Security_Engineering | Anderson]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Service Providers===
A company that offers access to the Internet. Internet Service Providers may also provide add-on services such as web hosting, electronic mail, virus scanning, SPAM filtering, etc.

References:
* [[Security_Engineering | Anderson]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[The_Market_Consequences_of_Cybersecurity | OECD]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Keylogger===
Software or hardware that monitors and logs the keystrokes a user types into a computer. The keylogger may store the key sequences locally for later retrieval or send them to a remote location. A hardware keylogger can only be detected by physically inspecting the computer for unusual hardware.

References:
* [[Security_Engineering | Anderson]]
* [[2007_Malware_Report | Computer Economics]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

=== Kinetic Attack===
Traditional mode of warfare in which arms are used to kill opponents and/or destroy an opponent's infrastructure. Usually used to distinguish a cyber attack in which destruction of the opponent's resources is accomplished through targeted information system attacks without resorting to bullets, bombs or explosives.

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Computers_and_War | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Lawfare===
The use of international law to damage an opponent in a war without use of arms.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Laws of War===
The body of law that define the legality of using armed force to resolve a conflict (''jus ad bellum'') and the laws that define the legality of the actual hostilities and related activities (''jus in bello'').

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Cyber-Apocalypse_Now | Gable]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Power | Nye]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Malware===
A variety of computer software designed to infiltrate a user's computer specifically for malicious purposes. Includes, ''inter alia'', computer virus software, botnet software, computer worms, spyware, trojan horses, crimeware and rootkits.

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[2007_Malware_Report | Computer Economics]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Cybersecurity Strategy (U.S.)===
A comprehensive policy to secure America’s digital infrastructure as part of the Administrative Branch's [http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative Comprehensive National Cybersecurity Initiative]. The goals of the policy are: to establish a front line of defense against current immediate threats; to defend against threats by enhancing U.S. counterintelligence capabilities and; to strengthen the future cybersecurity environment by expanding cyber education and redirecting research and development efforts to define and develop strategies to deter hostile or malicious activity in cyberspace.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Security_and_Regulation_in_the_United_States | Lewis]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Security===
Broadly refers to the requirement to maintain the survival of the nation-state through the use of economic, military and political power and the exercise of diplomacy. [http://en.wikipedia.org/wiki/National_security Wikipedia]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===New Normalcy===
New normalcy has become an episodic polict construct in U.S. strategic ideation. National leadership has relied on the new normalcy clarion call to illuminate moments in time when it is understood that the Nation faces not only a severe threat, but also a transcending reorientation. Often invoked in times of national crisis, new normalcy in the American experience signals a cardinal shift in the nature of U.S. security. ["Cyber Operations - The New Balance," Stephen W. Korns]

===Notice and Take-down===
Most commonly used to remove infringing web material under copyright law, a notice and take-down regime is a procedure by which an infringing web site is removed from a service provider's (ISP) network, or access to an allegedly infringing website, disabled. Websites violating copyright are subject to notice and take-down, as are phishing websites.

References:
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Organized Crime===
Groups having some manner of a formalized structure and whose primary objective is to obtain money through illegal activities. Such groups maintain their position through the use of actual or threatened violence, corrupt public officials, graft, or extortion, and generally have a significant impact on the people in their locales, region, or the country as a whole. [http://www.fbi.gov/hq/cid/orgcrime/glossary.htm FBI]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Outreach and Collaboration===
Working across government and with the private sector to share information on threats and other data, and to develop shared approaches to securing cyberspace. [http://www.fas.org/sgp/crs/natsec/R40836.pdf CRS Report for Congress, at 6 (2009).]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Pricing_Security | Camp and Wolfram]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Introduction_to_Country_Reports | ENISA]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
*[[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | Moore and Clayton]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Password Weakness===
Security threats caused by the use of easily guessable passwords which protect vital stores of confidential information stored online.

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Patching===
Patching refers to the installation of a piece of software designed to fix problems with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability or performance. Though meant to fix problems, poorly designed patches can sometimes introduce new problems. [http://en.wikipedia.org/wiki/Patch_%28computing%29 Wikipedia]

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Phishing===
The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]],
* [[2007_Malware_Report | Computer Economics]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Privacy Law===
Laws which regulate the protection of confidential personal information stored in private records or disclosed to a professional. Also includes laws which regulate the gathering of electronic data in which personal information is accumulated or misappropriated.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy | Besunder]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Red Team===
A structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners’ and adversaries’ perspectives. See [http://www.tradoc.army.mil/pao/tnsarchives/July05/070205.htm U.S. Army]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | Deputy Chief of Staff for Intelligence]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Research & Development===
Research and development (R&D) addressing cyber security and information infrastructure protection.

References:
* [[Pricing_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Research_Agenda_for_the_Banking_and_Finance_Sector | Financial Services Sector Coordinating Council for Critical Infrastructure Protection]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[Cyber_Security_Research_and_Development_Agenda | Institute for Information Infrastructure Protection]]
* [[The_Need_for_a_National_Cybersecurity_Research_and_Development_Agenda | Maughan]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Risk Modeling===
The creation of a model to estimate risk exposure, policy option efficacy and cost-benefit analysis of a particular threat and solution. See [http://cisac.stanford.edu/publications/how_much_is_enough__a_riskmanagement_approach_to_computer_security/ Soo Hoo, Kevin J.]

References:
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Making_the_Best_Use_of_Cybersecurity_Economic_Models | Rue and Pfleeger]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]
* [[Beyond_Fear | Schneier]]
* [[Managing_Online_Security_Risks | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SCADA Systems===
SCADA stands for "supervisory control and data acquisition" and in the cybersecurity context usually refers to industrial control systems that control infrastructure such as electrical power transmission and distribution, water treatment and distribution, wastewater collection and treatment, oil and gas pipelines and large communication systems. The focus is on whether as these systems are connected to the public Internet they become vulnerable to a remote attack.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[Cyber_Power | Nye]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Scareware===
Software or web site that purports to be security software reporting a threat against a user's computer to convince the user to purchase unneeded software or install malware.

* [[2007_Malware_Report | Computer Economics]]
* [[McAfee Threats Report | McAfee]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Script Kiddie===
A derogatory term for a [[#Black_Hat | Black Hat]] who uses canned tools and programs written by more skillful [[#Hacker | hackers]] to commit cyber crime without understanding how they work.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Security Trade-Offs===
There is no single correct level of security; how much security you have depends on what you’re willing to give up in order to get it. This trade-off is, by its very nature, subjective—secu- rity decisions are based on personal judgments. Different people have different senses of what constitutes a threat, or what level of risk is acceptable. What’s more, between different commu- nities, or organizations, or even entire societies, there is no agreed-upon way in which to define threats or evaluate risks, and the modern technological and media-filled world makes these evaluations even harder. [http://www.scribd.com/doc/12185921/beyond-fear-thinking-sensibly-about-security-in-an-uncertain-world-bruce-schneier-copernicus-books-2003 Bruce Schneier]

References:

*[[Cyber-Insurance_Revisited | Bohme]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Shoulder Surfing===
The process of obtaining passwords or other sensitive information by covertly watching an authorized user enter information into a computer system.

References:
* [[Security_Engineering | Anderson]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sneakernet===
Describes the transfer of data between computers or networks that are not physically, electrically or electromagnetically connected requiring information to be shared by physically transporting media contain the shared information from one computer to another. Initially described systems lacking the technology to network together, now usually refers to systems deliberately isolated for security reasons.

See also: [[#Air-Gapped_Network | Air-Gapped Network]]

===Social Engineering===
Conning a human into supplying passwords, computer access or other sensitive information by pretending to be a person with rights to the information or who the target believes they must surrender the information to.

References:
* [[Security_Engineering | Anderson]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Cyber_Power | Nye]]
* [[The_Market_Consequences_of_Cybersecurity:_Defining_Externalities_and_Ways_to_Address_Them | OECD]], [[Cybersecurity_and_Economic_Incentives | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Social Network===
A software application or website that allows a large group of users to interact with each other, often allowing the creation of online portals or identities to share with specific people or the online world at large.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Software Vulnerability===

A software vulnerablilty refers to the existence of a flaw -- or "bug" -- in software that may allow a third party or program to obtain unauthorized access to the flaw and exploit it. [http://www.spi.dod.mil/tenets.htm U.S. Air Force Software Protection Initiative]

References:
* [[Security_Engineering | Anderson]]
* [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission Impact of Foreign Influence on DoD Software | DoD]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The Price of Restricting Vulnerability Publications | Granick]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SPAM===
Unwanted or junk email usually sent indiscriminately in bulk selling illegal or near illegal goods or services. Even with low response rates and heavy filtering, SPAM can stil be economically viable because of the extremely low costs in sending even huge quantities of electronic messages. Commonly believed to be named after the [http://www.youtube.com/watch?v=anwy2MPT5RE Monty Python skit] where the breakfast meat Spam overwhelms all other food choices.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sponsored Attacks===
[[#Computer_Network_Attack | Computer network attacks]] commissioned by, supported by or carried out by a state or government.

Reverences:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===State Affiliation===
Under the control or command of a recognized state or government.

References:
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Tragedy of Commons===
A situation, first described in an influential article written by ecologist Garrett Hardin for the journal Science, in 1968, in which multiple individuals, acting independently, and solely and rationally consulting their own self-interest, will ultimately deplete a shared limited resource even when it is clear that it is not in anyone's long-term interest for this to happen. The term can be applied to any issue related to the management of a shared resource, from energy to the public domain, to cybersecurity.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Transparency===
A set of policies, practices and procedures that allow citizens to have accessibility, usability, informativeness, understandability and auditability of information and process held by centers of authority. [http://en.wikipedia.org/wiki/Transparency_(social) Wikipedia]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Trojan===
[[#Malware | Malware]] which masquerades as some other type of program such as a link to a web site, a desirable image, etc. to trick a user into installing it. Named for the Ancient Greek legend of the [http://www.mlahanas.de/Greeks/Mythology/TrojanHorse.html Trojan Horse].

References:
* [[Security_Engineering | Anderson]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
*[[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Military Technologies===
Warfare made possible by advances in remotely controlled or semiautomated military technologies which remove the operator from risk of harm while attacking an opponent.

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Global_Cyber_Deterrence_Views_from_China | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Warfare===

See: [[#Virtual_Military_Technologies | Virtual Military Technologies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===White Hat===
A white hat is a computer [[#Hacker | hacker]] who works to find and fix computer security risks. White hat consultants are often hired to attempt to break into their client's network to see if all security holes have been addressed.

See also: [[#Black_Hat | Black Hat]]

References:
* [[Security_Engineering | Anderson]], [[Why_Information_Security_is_Hard | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Whitelist===
A list of computers, IP (Internet Protocol) addresses, user names or other identifiers to specifically allow access to a computing resource. Normally combined with a default "no-access" policy.

See also: [[#Blacklist | Blacklist]]

References:
* [[Security_Engineering | Anderson]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Worm===
A type of malware that replicates itself and spreads to other computers through network connections.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Zero-Day Exploit===
[[#Malware | Malware]] designed to exploit a newly discovered security hole unknown to the software developer. "Zero-day" refers to the amount of time a developer has between learning of a security hole and the time it becomes public or when [[#Black_Hat | black hat]] [[#Hacker | hackers]] find out about it and try to use the security hole for nefarious purposes.

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[McAfee Threats Report | McAfee]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

Keyword Index and Glossary of Core Ideas

2010-08-03T15:07:24Z

Felix: /* Phishing */

==Keyword Index and Glossary of Core Ideas==

===Air-Gapped Network===
Air gapping is a security measure that isolates a secure network from unsecure networks physically, electrically and electromagnetically.

See also: [[Keyword_Index_and_Glossary_of_Core_Ideas#Sneakernet | Sneakernet]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Antivirus===
Software which attempts to identify and delete or isolate [[#Malware |malware]]. Antivirus software may use both a database containing signatures of known threats and heuristics to identify malware. Usually run as a background service to scan files and email copied to the protected system.

References:
* [[Security_Engineering | Anderson]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Best Practices===

The processes, practices, and systems identified in public and private organizations that performed exceptionally well and are widely recognized as improving an organization's performance and efficiency in specific areas. Successfully identifying and applying best practices can reduce business expenses and improve organizational efficiency. [http://www.gao.gov/special.pubs/bprag/bprgloss.htm GAO Glossary]

* [[Hardening_The_Internet | National Infrastructure Advisory Council]]

===Black Hat===
A black hat is a computer [[#Hacker | hacker]] who works to harm others (e.g., steal identities, spread computer viruses, install bot software).

See also: [[#White_Hat | White Hat]]

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Blacklist===
A list of computers, IP addresses, user names or other identifiers to block from access to a computing resource.

See also: [[#Whitelist | Whitelist]]

References:
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Botnet===
A portmanteau of "robot" and "network." Refers to networks of sometimes millions of infected machines that are remotely controlled by malicious actors. A single infected computer may be referred to as a zombie computer. The owners of the computer remotely controlled is often unaware of the infection. The owners of a botnet may use the combined network processing power and bandwidth to send [[#SPAM | SPAM]], install [[#Malware | malware]] and mount [[#DDoS_Attack | DDoS attacks]] or may rent out the botnet to other malicious actors.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Power | Nye]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Schneier_on_Security | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===''Casus Belli''===
The justification for going to war. From the Latin "''casus''" meaning "incident" or "event" and "''belli''" meaning "of war."

References:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Wired_Warfare | Schmitt]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Civilian Participation===
The involvement of non-military persons in warfare. While civilians have often provided support to the military in kinetic wars, in [[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Warfare | cyber warfare]] civilians are able to remotely participate in direct attacks against opponents. This raises complicated questions of law when the combatants are not uniformed military personnel.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Combatant Status===
The legal status of combatants in warfare. Existing law distinguishes between uniformed military and civilian status.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Emergency Response Team===
A group of experts brought together to deal with computer security issues. The Computer Emergency Response Team (CERT) mandate is to develop and promote best management practices and technology applications to “resist attacks on networked systems, to limit damage, and to ensure continuity of critical services.” (Software Engineering Institute 2008). CERT may be formed by governments to handle security at the national level or by academic institutions or individual corporations.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Network Attack===
Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves. [http://www.fas.org/irp/doddir/dod/jp3_13.pdf Joint Doctrine for Information Operations JP 3-13 at I-9 (1998)]

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Information_Security | GAO]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Computers_and_War | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Communications Privacy Law===
Laws which regulate access to electronic communications. In the United States, the [http://www.usiia.org/legis/ecpa.html Electronic Communications Privacy Act (ECPA]) protects electronic communications while in transit and prohibits the unlawful access and disclosure of communication contents.

References:
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[Cybersecurity:_Preventing_Terrorist_Attacks_and_Protecting_Privacy_in_Cyberspace | Nojeim]]
* [[Cyber_Power | Nye]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===COTS Software===
Commercial Off The Shelf Software. Software that is prepackaged and sold as a commodity rather than custom written for a specific user/organization or purpose. Examples include operating systems, database management programs, email servers, application servers and office product suites. [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD at 18.]]

References:
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Trust in Cyberspace | National Research Council]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Credit Card Fraud===
Theft of goods or services using false or stolen credit card information.

See Also: [[#Shoulder_Surfing | Shoulder Surfing]]

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Crimeware===
Software tools designed to aid criminals in perpetrating online crime. Refers only to programs not generally considered desirable or usable for ordinary tasks. Thus, while a criminal may use Internet Explorer in the commission of a [[#Cyber_Crime | cybercrime]], the Internet Explorer application itself would not be considered crimeware.

References:
* [[2007_Malware_Report |Computer Economics]]
* [[Cybersecurity | Bauer and van Eeten]], [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Crime===
In its broadest definition, cybercrime includes all crime perpetrated with or involving a computer. Symantec defines it as any crime that is committed using a computer or network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime. The crime may take place on the computer alone or in addition to other locations. [http://www.symantec.com/norton/cybercrime/definition.jsp Symantec]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as an Externality===
Economists define externalities as instances where an individual or firm’s actions have
economic consequences for others for which there is no compensation. One important
distinction is between positive and negative externalities. Instances of the latter are most
commonly discussed, such as the environmental pollution caused by a plant, which may
have impacts on the value of neighboring homes. Important examples of positive
externalities are so common in communications networks that there is a class of "network
externalities. For instance, the simple act of installing telephone service to one additional
customer creates positive externalities on everyone on the telephone network because
they can now each reach one additional person.
Several attributes of computer security suggest that it is an externality. Most importantly,
the lack of security on one machine can cause adverse effects on another. The most
obvious example of this is from electronic commerce, where credit card numbers stolen
from machines lacking security are used to commit fraud at other sites.

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Pricing_Security | Camp and Wolfram]], [[Economics_of_Information_Security | 2]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as a Public Good===
In economics, a public good is a good that is non-rivalrous and non-excludable. Non-rivalry means that consumption of the good by one individual does not reduce availability of the good for consumption by others; and non-excludability that no one can be effectively excluded from using the good.

References:
* [[Security_Engineering | Anderson]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Terrorism===
A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. [http://judiciary.senate.gov/hearings/testimony.cfm?id=1054&wit_id=2995 FBI]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Beyond_Fear | Schneier]]
* [[The_Evolving_Landscape_of_Maritime_Cybersecurity | Shah]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Warfare===
Actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption. [[Cyber_War | Clarke]]

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_War | Clarke]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks#Full_Citation | Cornish]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Global_Cyber_Deterrence | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Data Mining===
The process of extracting hidden information and correlations from one or more databases or collections of data that would not normally be revealed by a simple database query.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy#Synopsis | Besunder]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Schneier on Security | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Department of Homeland Security===
Cabinet level department of the United States assigned, ''inter alia'', the task of protecting against terrorist threats and helping state and local authorities prepare for, respond to and recover from domestic disasters.

References:
* [[Cyber_War | Clarke]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Information_Security | GAO]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]], [[Schneier on Security | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===DDoS Attack===
The disabling of a targeted website or Internet connection by flooding it with such high levels of Internet traffic that it can no longer respond to normal connection requests. Often mounted by directing an army of zombie computers (see [[#Botnet | botnet]]) to connect to the targeted site simultaneously. The targeted site may crash while trying to respond to an overwhelming number of connections requests or it may be disabled because all available bandwidth and/or computing resources are tied up responding to the attack requests.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin. et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Digital Pearl Harbor===
A cyberwarfare attack similar in scale and surprise to the 1941 attack on Pearl Harbor. The expression is often invoked by those who argue that a cyber-based attack is either imminent or inevitable and that by not being properly prepared, the United States will suffer significant and unnecessary losses.

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Disclosure Policy===
A policy that governs the disclosure to clients and other stakeholder by a provider of a computer program or system of defects discovered in those products.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Schneier on Security | Schneier]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Distributed Denial of Service (DDoS)===
See: [[#DDoS_Attack | DDoS Attack]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Dumpster Diving===
A method of obtaining proprietary, confidential or useful information by searching through trash discarded by a target.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Einstein===
The operational name of the National Cybersecurity Protection System (NCPS). Was created in 2003 by the United States Computer Emergency Readiness Team (US-CERT)14 in order to aid in its ability to help reduce and prevent computer network vulnerabilities across the federal government. The initial version of Einstein provided an automated process for collecting, correlating, and analyzing agencies’ computer network traffic information from sensors installed at their Internet connections. The Einstein sensors collected
network flow records at participating agencies, which were then analyzed by US-CERT to detect certain types of malicious activity.

References:
* [[Information_Security | GAO]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===E.U. Cybersecurity===
Discussions relating to cybersecurity of the European Union and of European Union states.

References:
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Introduction_to_Country_Reports | ENISA]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Generativity===
Generativity is a system’s capacity to produce unanticipated change through unﬁltered contributions from broad and varied audiences.

References:

*[[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Geneva Conventions===
Four treaties and three additional protocols that regulates the conduct of hostilities between states and set the standards for humanitarian treatment of the victims of war.

See also: [[#Laws_of_War | Laws of War]]

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacker===
Advanced computer users who spend a lot of time on or with computers and work hard to find vulnerabilities in IT systems. [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]

References:
* [[Security_Engineering | Anderson]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[McAfee Threats Report | McAfee]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivism===
The nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development. [http://www.alexandrasamuel.com/dissertation/index.html Samuel, A.]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivist===
A portmanteau of [[#Hacker | "hacker"]] and "activist." Individuals that have a political motive for their activities, and identify that motivation by their actions, such as defacing opponents’ websites with counter-information or disinformation.

See also: [[#Hacktivism | Hacktivism]]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[McAfee Threats Report | McAfee]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Honeypot===
A computer, network or other information technology resource set as a trap to attract attacks. Honeypots may be used to collect metrics (how long does it take for an unprotected system to be breached), to test defenses, to examine methods of attack or to catch attackers. A honeypot system may also be used to collect [[#SPAM | SPAM]] so it can be added to a [[#Blacklist | blacklist]].

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Identity Fraud/Theft===
The exploitation by malevolent third parties of unwarranted access to clients' or consumers' identities. Often the result of lax data security or privacy measures.

References:
* [[Security_Engineering | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[2007_Malware_Report | Computer Economics]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Asymmetries===
Information asymmetry deals with the study of decisions in transactions where one party has more or better information than the other. This creates an imbalance of power in transactions which can sometimes cause the transactions to go awry.

The software market suffers from the same information asymmetry. Vendors may make claims about the security of their products, but buyers have no reason to trust them. In many cases, even the vendor does not know how secure its software is. So buyers have no reason to pay more for protection, and vendors are disinclined to invest in it.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Cyber_War | Clarke]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Wired_Warfare | Schmitt]]
* [[Schneier on Security | Schneier]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Intelligence Infrastructure/Information Infrastructure===
The network of computers and communication lines underlying critical services that American society has come to depend on: financial systems, the power grid, transportation, emergency services, and government programs. Information infrastructure includes the Internet, telecommunications networks, “embedded” systems (the built-in microprocessors that control machines from microwaves to missiles), and “dedicated” devices like individual personal computers. [http://www.cfr.org/publication/10212/targets_for_terrorism.html Council on Foreign Relations]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Cyber_Power | Nye]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Operations===
Actions taken to affect adversary information and information systems while defending one’s own information and information systems.” Information Operations (IO) can occur during peacetime and at every level of warfare.
Information warfare (IW), by contrast, is IO “conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries” [Joint Chiefs of Staff, Department of Defense, Dictionary of Military and Associated Terms, Joint Publication]

References:
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Interdependencies===
The inter-connections between supposedly independent but often interdependent systems.

See also: [[#SCADA_Systems | SCADA Systems]]

References:
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Cyber-Insurance_Revisited | Bohme]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Trust in Cyberspace | National Research Council]]
* [[Cybersecurity_and_Economic_Incentives | OECD]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | Schmitt]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===International Humanitarian Law===
That part of international law which seek, for humanitarian reasons, to limit the effects of armed conflict. It protects persons who are not or are no longer participating in the hostilities and restricts the means and methods of warfare. International humanitarian law is also known as the law of war or the law of armed conflict. International law is the body of rules governing relations between States. It is contained in agreements between States (treaties or conventions), in customary rules, which consist of State practise considered by them as as legally binding, and in general principles. [http://www.icrc.org/web/eng/siteeng0.nsf/html/humanitarian-law-factsheet ICRC]

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Relay Chat (IRC)===
A method of real-time Internet communication often used by criminals to buy and sell purloined information such as credit card numbers and personal identity information. IRC chatrooms may be open or private.

References:
* [[Security_Engineering | Anderson]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Service Providers===
A company that offers access to the Internet. Internet Service Providers may also provide add-on services such as web hosting, electronic mail, virus scanning, SPAM filtering, etc.

References:
* [[Security_Engineering | Anderson]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[The_Market_Consequences_of_Cybersecurity | OECD]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Keylogger===
Software or hardware that monitors and logs the keystrokes a user types into a computer. The keylogger may store the key sequences locally for later retrieval or send them to a remote location. A hardware keylogger can only be detected by physically inspecting the computer for unusual hardware.

References:
* [[Security_Engineering | Anderson]]
* [[2007_Malware_Report | Computer Economics]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

=== Kinetic Attack===
Traditional mode of warfare in which arms are used to kill opponents and/or destroy an opponent's infrastructure. Usually used to distinguish a cyber attack in which destruction of the opponent's resources is accomplished through targeted information system attacks without resorting to bullets, bombs or explosives.

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Computers_and_War | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Lawfare===
The use of international law to damage an opponent in a war without use of arms.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Laws of War===
The body of law that define the legality of using armed force to resolve a conflict (''jus ad bellum'') and the laws that define the legality of the actual hostilities and related activities (''jus in bello'').

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Cyber-Apocalypse_Now | Gable]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Power | Nye]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Malware===
A variety of computer software designed to infiltrate a user's computer specifically for malicious purposes. Includes, ''inter alia'', computer virus software, botnet software, computer worms, spyware, trojan horses, crimeware and rootkits.

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[2007_Malware_Report | Computer Economics]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Cybersecurity Strategy (U.S.)===
A comprehensive policy to secure America’s digital infrastructure as part of the Administrative Branch's [http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative Comprehensive National Cybersecurity Initiative]. The goals of the policy are: to establish a front line of defense against current immediate threats; to defend against threats by enhancing U.S. counterintelligence capabilities and; to strengthen the future cybersecurity environment by expanding cyber education and redirecting research and development efforts to define and develop strategies to deter hostile or malicious activity in cyberspace.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Security_and_Regulation_in_the_United_States | Lewis]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Security===
Broadly refers to the requirement to maintain the survival of the nation-state through the use of economic, military and political power and the exercise of diplomacy. [http://en.wikipedia.org/wiki/National_security Wikipedia]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===New Normalcy===
New normalcy has become an episodic polict construct in U.S. strategic ideation. National leadership has relied on the new normalcy clarion call to illuminate moments in time when it is understood that the Nation faces not only a severe threat, but also a transcending reorientation. Often invoked in times of national crisis, new normalcy in the American experience signals a cardinal shift in the nature of U.S. security. ["Cyber Operations - The New Balance," Stephen W. Korns]

===Notice and Take-down===
Most commonly used to remove infringing web material under copyright law, a notice and take-down regime is a procedure by which an infringing web site is removed from a service provider's (ISP) network, or access to an allegedly infringing website, disabled. Websites violating copyright are subject to notice and take-down, as are phishing websites.

References:
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Organized Crime===
Groups having some manner of a formalized structure and whose primary objective is to obtain money through illegal activities. Such groups maintain their position through the use of actual or threatened violence, corrupt public officials, graft, or extortion, and generally have a significant impact on the people in their locales, region, or the country as a whole. [http://www.fbi.gov/hq/cid/orgcrime/glossary.htm FBI]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Outreach and Collaboration===
Working across government and with the private sector to share information on threats and other data, and to develop shared approaches to securing cyberspace. [http://www.fas.org/sgp/crs/natsec/R40836.pdf CRS Report for Congress, at 6 (2009).]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Pricing_Security | Camp and Wolfram]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Introduction_to_Country_Reports | ENISA]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
*[[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | Moore and Clayton]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Password Weakness===
Security threats caused by the use of easily guessable passwords which protect vital stores of confidential information stored online.

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Patching===
Patching refers to the installation of a piece of software designed to fix problems with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability or performance. Though meant to fix problems, poorly designed patches can sometimes introduce new problems. [http://en.wikipedia.org/wiki/Patch_%28computing%29 Wikipedia]

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Phishing===
The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[2007_Malware_Report | Computer Economics]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Privacy Law===
Laws which regulate the protection of confidential personal information stored in private records or disclosed to a professional. Also includes laws which regulate the gathering of electronic data in which personal information is accumulated or misappropriated.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy | Besunder]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Red Team===
A structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners’ and adversaries’ perspectives. See [http://www.tradoc.army.mil/pao/tnsarchives/July05/070205.htm U.S. Army]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | Deputy Chief of Staff for Intelligence]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Research & Development===
Research and development (R&D) addressing cyber security and information infrastructure protection.

References:
* [[Pricing_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Research_Agenda_for_the_Banking_and_Finance_Sector | Financial Services Sector Coordinating Council for Critical Infrastructure Protection]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[Cyber_Security_Research_and_Development_Agenda | Institute for Information Infrastructure Protection]]
* [[The_Need_for_a_National_Cybersecurity_Research_and_Development_Agenda | Maughan]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Risk Modeling===
The creation of a model to estimate risk exposure, policy option efficacy and cost-benefit analysis of a particular threat and solution. See [http://cisac.stanford.edu/publications/how_much_is_enough__a_riskmanagement_approach_to_computer_security/ Soo Hoo, Kevin J.]

References:
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Making_the_Best_Use_of_Cybersecurity_Economic_Models | Rue and Pfleeger]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]
* [[Beyond_Fear | Schneier]]
* [[Managing_Online_Security_Risks | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SCADA Systems===
SCADA stands for "supervisory control and data acquisition" and in the cybersecurity context usually refers to industrial control systems that control infrastructure such as electrical power transmission and distribution, water treatment and distribution, wastewater collection and treatment, oil and gas pipelines and large communication systems. The focus is on whether as these systems are connected to the public Internet they become vulnerable to a remote attack.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[Cyber_Power | Nye]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Scareware===
Software or web site that purports to be security software reporting a threat against a user's computer to convince the user to purchase unneeded software or install malware.

* [[2007_Malware_Report | Computer Economics]]
* [[McAfee Threats Report | McAfee]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Script Kiddie===
A derogatory term for a [[#Black_Hat | Black Hat]] who uses canned tools and programs written by more skillful [[#Hacker | hackers]] to commit cyber crime without understanding how they work.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Security Trade-Offs===
There is no single correct level of security; how much security you have depends on what you’re willing to give up in order to get it. This trade-off is, by its very nature, subjective—secu- rity decisions are based on personal judgments. Different people have different senses of what constitutes a threat, or what level of risk is acceptable. What’s more, between different commu- nities, or organizations, or even entire societies, there is no agreed-upon way in which to define threats or evaluate risks, and the modern technological and media-filled world makes these evaluations even harder. [http://www.scribd.com/doc/12185921/beyond-fear-thinking-sensibly-about-security-in-an-uncertain-world-bruce-schneier-copernicus-books-2003 Bruce Schneier]

References:

*[[Cyber-Insurance_Revisited | Bohme]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Shoulder Surfing===
The process of obtaining passwords or other sensitive information by covertly watching an authorized user enter information into a computer system.

References:
* [[Security_Engineering | Anderson]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sneakernet===
Describes the transfer of data between computers or networks that are not physically, electrically or electromagnetically connected requiring information to be shared by physically transporting media contain the shared information from one computer to another. Initially described systems lacking the technology to network together, now usually refers to systems deliberately isolated for security reasons.

See also: [[#Air-Gapped_Network | Air-Gapped Network]]

===Social Engineering===
Conning a human into supplying passwords, computer access or other sensitive information by pretending to be a person with rights to the information or who the target believes they must surrender the information to.

References:
* [[Security_Engineering | Anderson]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Cyber_Power | Nye]]
* [[The_Market_Consequences_of_Cybersecurity:_Defining_Externalities_and_Ways_to_Address_Them | OECD]], [[Cybersecurity_and_Economic_Incentives | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Social Network===
A software application or website that allows a large group of users to interact with each other, often allowing the creation of online portals or identities to share with specific people or the online world at large.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Software Vulnerability===

A software vulnerablilty refers to the existence of a flaw -- or "bug" -- in software that may allow a third party or program to obtain unauthorized access to the flaw and exploit it. [http://www.spi.dod.mil/tenets.htm U.S. Air Force Software Protection Initiative]

References:
* [[Security_Engineering | Anderson]]
* [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission Impact of Foreign Influence on DoD Software | DoD]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The Price of Restricting Vulnerability Publications | Granick]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SPAM===
Unwanted or junk email usually sent indiscriminately in bulk selling illegal or near illegal goods or services. Even with low response rates and heavy filtering, SPAM can stil be economically viable because of the extremely low costs in sending even huge quantities of electronic messages. Commonly believed to be named after the [http://www.youtube.com/watch?v=anwy2MPT5RE Monty Python skit] where the breakfast meat Spam overwhelms all other food choices.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sponsored Attacks===
[[#Computer_Network_Attack | Computer network attacks]] commissioned by, supported by or carried out by a state or government.

Reverences:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===State Affiliation===
Under the control or command of a recognized state or government.

References:
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Tragedy of Commons===
A situation, first described in an influential article written by ecologist Garrett Hardin for the journal Science, in 1968, in which multiple individuals, acting independently, and solely and rationally consulting their own self-interest, will ultimately deplete a shared limited resource even when it is clear that it is not in anyone's long-term interest for this to happen. The term can be applied to any issue related to the management of a shared resource, from energy to the public domain, to cybersecurity.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Transparency===
A set of policies, practices and procedures that allow citizens to have accessibility, usability, informativeness, understandability and auditability of information and process held by centers of authority. [http://en.wikipedia.org/wiki/Transparency_(social) Wikipedia]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Trojan===
[[#Malware | Malware]] which masquerades as some other type of program such as a link to a web site, a desirable image, etc. to trick a user into installing it. Named for the Ancient Greek legend of the [http://www.mlahanas.de/Greeks/Mythology/TrojanHorse.html Trojan Horse].

References:
* [[Security_Engineering | Anderson]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
*[[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Military Technologies===
Warfare made possible by advances in remotely controlled or semiautomated military technologies which remove the operator from risk of harm while attacking an opponent.

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Global_Cyber_Deterrence_Views_from_China | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Warfare===

See: [[#Virtual_Military_Technologies | Virtual Military Technologies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===White Hat===
A white hat is a computer [[#Hacker | hacker]] who works to find and fix computer security risks. White hat consultants are often hired to attempt to break into their client's network to see if all security holes have been addressed.

See also: [[#Black_Hat | Black Hat]]

References:
* [[Security_Engineering | Anderson]], [[Why_Information_Security_is_Hard | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Whitelist===
A list of computers, IP (Internet Protocol) addresses, user names or other identifiers to specifically allow access to a computing resource. Normally combined with a default "no-access" policy.

See also: [[#Blacklist | Blacklist]]

References:
* [[Security_Engineering | Anderson]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Worm===
A type of malware that replicates itself and spreads to other computers through network connections.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Zero-Day Exploit===
[[#Malware | Malware]] designed to exploit a newly discovered security hole unknown to the software developer. "Zero-day" refers to the amount of time a developer has between learning of a security hole and the time it becomes public or when [[#Black_Hat | black hat]] [[#Hacker | hackers]] find out about it and try to use the security hole for nefarious purposes.

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[McAfee Threats Report | McAfee]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

Keyword Index and Glossary of Core Ideas

2010-08-03T15:07:24Z

Felix: /* Interdependencies */

==Keyword Index and Glossary of Core Ideas==

===Air-Gapped Network===
Air gapping is a security measure that isolates a secure network from unsecure networks physically, electrically and electromagnetically.

See also: [[Keyword_Index_and_Glossary_of_Core_Ideas#Sneakernet | Sneakernet]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Antivirus===
Software which attempts to identify and delete or isolate [[#Malware |malware]]. Antivirus software may use both a database containing signatures of known threats and heuristics to identify malware. Usually run as a background service to scan files and email copied to the protected system.

References:
* [[Security_Engineering | Anderson]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Best Practices===

The processes, practices, and systems identified in public and private organizations that performed exceptionally well and are widely recognized as improving an organization's performance and efficiency in specific areas. Successfully identifying and applying best practices can reduce business expenses and improve organizational efficiency. [http://www.gao.gov/special.pubs/bprag/bprgloss.htm GAO Glossary]

* [[Hardening_The_Internet | National Infrastructure Advisory Council]]

===Black Hat===
A black hat is a computer [[#Hacker | hacker]] who works to harm others (e.g., steal identities, spread computer viruses, install bot software).

See also: [[#White_Hat | White Hat]]

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Blacklist===
A list of computers, IP addresses, user names or other identifiers to block from access to a computing resource.

See also: [[#Whitelist | Whitelist]]

References:
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Botnet===
A portmanteau of "robot" and "network." Refers to networks of sometimes millions of infected machines that are remotely controlled by malicious actors. A single infected computer may be referred to as a zombie computer. The owners of the computer remotely controlled is often unaware of the infection. The owners of a botnet may use the combined network processing power and bandwidth to send [[#SPAM | SPAM]], install [[#Malware | malware]] and mount [[#DDoS_Attack | DDoS attacks]] or may rent out the botnet to other malicious actors.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Power | Nye]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Schneier_on_Security | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===''Casus Belli''===
The justification for going to war. From the Latin "''casus''" meaning "incident" or "event" and "''belli''" meaning "of war."

References:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Wired_Warfare | Schmitt]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Civilian Participation===
The involvement of non-military persons in warfare. While civilians have often provided support to the military in kinetic wars, in [[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Warfare | cyber warfare]] civilians are able to remotely participate in direct attacks against opponents. This raises complicated questions of law when the combatants are not uniformed military personnel.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Combatant Status===
The legal status of combatants in warfare. Existing law distinguishes between uniformed military and civilian status.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Emergency Response Team===
A group of experts brought together to deal with computer security issues. The Computer Emergency Response Team (CERT) mandate is to develop and promote best management practices and technology applications to “resist attacks on networked systems, to limit damage, and to ensure continuity of critical services.” (Software Engineering Institute 2008). CERT may be formed by governments to handle security at the national level or by academic institutions or individual corporations.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Network Attack===
Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves. [http://www.fas.org/irp/doddir/dod/jp3_13.pdf Joint Doctrine for Information Operations JP 3-13 at I-9 (1998)]

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Information_Security | GAO]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Computers_and_War | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Communications Privacy Law===
Laws which regulate access to electronic communications. In the United States, the [http://www.usiia.org/legis/ecpa.html Electronic Communications Privacy Act (ECPA]) protects electronic communications while in transit and prohibits the unlawful access and disclosure of communication contents.

References:
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[Cybersecurity:_Preventing_Terrorist_Attacks_and_Protecting_Privacy_in_Cyberspace | Nojeim]]
* [[Cyber_Power | Nye]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===COTS Software===
Commercial Off The Shelf Software. Software that is prepackaged and sold as a commodity rather than custom written for a specific user/organization or purpose. Examples include operating systems, database management programs, email servers, application servers and office product suites. [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD at 18.]]

References:
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Trust in Cyberspace | National Research Council]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Credit Card Fraud===
Theft of goods or services using false or stolen credit card information.

See Also: [[#Shoulder_Surfing | Shoulder Surfing]]

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Crimeware===
Software tools designed to aid criminals in perpetrating online crime. Refers only to programs not generally considered desirable or usable for ordinary tasks. Thus, while a criminal may use Internet Explorer in the commission of a [[#Cyber_Crime | cybercrime]], the Internet Explorer application itself would not be considered crimeware.

References:
* [[2007_Malware_Report |Computer Economics]]
* [[Cybersecurity | Bauer and van Eeten]], [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Crime===
In its broadest definition, cybercrime includes all crime perpetrated with or involving a computer. Symantec defines it as any crime that is committed using a computer or network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime. The crime may take place on the computer alone or in addition to other locations. [http://www.symantec.com/norton/cybercrime/definition.jsp Symantec]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as an Externality===
Economists define externalities as instances where an individual or firm’s actions have
economic consequences for others for which there is no compensation. One important
distinction is between positive and negative externalities. Instances of the latter are most
commonly discussed, such as the environmental pollution caused by a plant, which may
have impacts on the value of neighboring homes. Important examples of positive
externalities are so common in communications networks that there is a class of "network
externalities. For instance, the simple act of installing telephone service to one additional
customer creates positive externalities on everyone on the telephone network because
they can now each reach one additional person.
Several attributes of computer security suggest that it is an externality. Most importantly,
the lack of security on one machine can cause adverse effects on another. The most
obvious example of this is from electronic commerce, where credit card numbers stolen
from machines lacking security are used to commit fraud at other sites.

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Pricing_Security | Camp and Wolfram]], [[Economics_of_Information_Security | 2]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as a Public Good===
In economics, a public good is a good that is non-rivalrous and non-excludable. Non-rivalry means that consumption of the good by one individual does not reduce availability of the good for consumption by others; and non-excludability that no one can be effectively excluded from using the good.

References:
* [[Security_Engineering | Anderson]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Terrorism===
A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. [http://judiciary.senate.gov/hearings/testimony.cfm?id=1054&wit_id=2995 FBI]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Beyond_Fear | Schneier]]
* [[The_Evolving_Landscape_of_Maritime_Cybersecurity | Shah]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Warfare===
Actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption. [[Cyber_War | Clarke]]

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_War | Clarke]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks#Full_Citation | Cornish]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Global_Cyber_Deterrence | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Data Mining===
The process of extracting hidden information and correlations from one or more databases or collections of data that would not normally be revealed by a simple database query.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy#Synopsis | Besunder]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Schneier on Security | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Department of Homeland Security===
Cabinet level department of the United States assigned, ''inter alia'', the task of protecting against terrorist threats and helping state and local authorities prepare for, respond to and recover from domestic disasters.

References:
* [[Cyber_War | Clarke]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Information_Security | GAO]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]], [[Schneier on Security | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===DDoS Attack===
The disabling of a targeted website or Internet connection by flooding it with such high levels of Internet traffic that it can no longer respond to normal connection requests. Often mounted by directing an army of zombie computers (see [[#Botnet | botnet]]) to connect to the targeted site simultaneously. The targeted site may crash while trying to respond to an overwhelming number of connections requests or it may be disabled because all available bandwidth and/or computing resources are tied up responding to the attack requests.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin. et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Digital Pearl Harbor===
A cyberwarfare attack similar in scale and surprise to the 1941 attack on Pearl Harbor. The expression is often invoked by those who argue that a cyber-based attack is either imminent or inevitable and that by not being properly prepared, the United States will suffer significant and unnecessary losses.

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Disclosure Policy===
A policy that governs the disclosure to clients and other stakeholder by a provider of a computer program or system of defects discovered in those products.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Schneier on Security | Schneier]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Distributed Denial of Service (DDoS)===
See: [[#DDoS_Attack | DDoS Attack]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Dumpster Diving===
A method of obtaining proprietary, confidential or useful information by searching through trash discarded by a target.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Einstein===
The operational name of the National Cybersecurity Protection System (NCPS). Was created in 2003 by the United States Computer Emergency Readiness Team (US-CERT)14 in order to aid in its ability to help reduce and prevent computer network vulnerabilities across the federal government. The initial version of Einstein provided an automated process for collecting, correlating, and analyzing agencies’ computer network traffic information from sensors installed at their Internet connections. The Einstein sensors collected
network flow records at participating agencies, which were then analyzed by US-CERT to detect certain types of malicious activity.

References:
* [[Information_Security | GAO]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===E.U. Cybersecurity===
Discussions relating to cybersecurity of the European Union and of European Union states.

References:
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Introduction_to_Country_Reports | ENISA]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Generativity===
Generativity is a system’s capacity to produce unanticipated change through unﬁltered contributions from broad and varied audiences.

References:

*[[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Geneva Conventions===
Four treaties and three additional protocols that regulates the conduct of hostilities between states and set the standards for humanitarian treatment of the victims of war.

See also: [[#Laws_of_War | Laws of War]]

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacker===
Advanced computer users who spend a lot of time on or with computers and work hard to find vulnerabilities in IT systems. [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]

References:
* [[Security_Engineering | Anderson]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[McAfee Threats Report | McAfee]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivism===
The nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development. [http://www.alexandrasamuel.com/dissertation/index.html Samuel, A.]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivist===
A portmanteau of [[#Hacker | "hacker"]] and "activist." Individuals that have a political motive for their activities, and identify that motivation by their actions, such as defacing opponents’ websites with counter-information or disinformation.

See also: [[#Hacktivism | Hacktivism]]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[McAfee Threats Report | McAfee]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Honeypot===
A computer, network or other information technology resource set as a trap to attract attacks. Honeypots may be used to collect metrics (how long does it take for an unprotected system to be breached), to test defenses, to examine methods of attack or to catch attackers. A honeypot system may also be used to collect [[#SPAM | SPAM]] so it can be added to a [[#Blacklist | blacklist]].

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Identity Fraud/Theft===
The exploitation by malevolent third parties of unwarranted access to clients' or consumers' identities. Often the result of lax data security or privacy measures.

References:
* [[Security_Engineering | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[2007_Malware_Report | Computer Economics]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Asymmetries===
Information asymmetry deals with the study of decisions in transactions where one party has more or better information than the other. This creates an imbalance of power in transactions which can sometimes cause the transactions to go awry.

The software market suffers from the same information asymmetry. Vendors may make claims about the security of their products, but buyers have no reason to trust them. In many cases, even the vendor does not know how secure its software is. So buyers have no reason to pay more for protection, and vendors are disinclined to invest in it.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Cyber_War | Clarke]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Wired_Warfare | Schmitt]]
* [[Schneier on Security | Schneier]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Intelligence Infrastructure/Information Infrastructure===
The network of computers and communication lines underlying critical services that American society has come to depend on: financial systems, the power grid, transportation, emergency services, and government programs. Information infrastructure includes the Internet, telecommunications networks, “embedded” systems (the built-in microprocessors that control machines from microwaves to missiles), and “dedicated” devices like individual personal computers. [http://www.cfr.org/publication/10212/targets_for_terrorism.html Council on Foreign Relations]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Cyber_Power | Nye]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Operations===
Actions taken to affect adversary information and information systems while defending one’s own information and information systems.” Information Operations (IO) can occur during peacetime and at every level of warfare.
Information warfare (IW), by contrast, is IO “conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries” [Joint Chiefs of Staff, Department of Defense, Dictionary of Military and Associated Terms, Joint Publication]

References:
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Interdependencies===
The inter-connections between supposedly independent but often interdependent systems.

See also: [[#SCADA_Systems | SCADA Systems]]

References:
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Cyber-Insurance_Revisited | Bohme]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Trust in Cyberspace | National Research Council]]
* [[Cybersecurity_and_Economic_Incentives | OECD]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | Schmitt]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===International Humanitarian Law===
That part of international law which seek, for humanitarian reasons, to limit the effects of armed conflict. It protects persons who are not or are no longer participating in the hostilities and restricts the means and methods of warfare. International humanitarian law is also known as the law of war or the law of armed conflict. International law is the body of rules governing relations between States. It is contained in agreements between States (treaties or conventions), in customary rules, which consist of State practise considered by them as as legally binding, and in general principles. [http://www.icrc.org/web/eng/siteeng0.nsf/html/humanitarian-law-factsheet ICRC]

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Relay Chat (IRC)===
A method of real-time Internet communication often used by criminals to buy and sell purloined information such as credit card numbers and personal identity information. IRC chatrooms may be open or private.

References:
* [[Security_Engineering | Anderson]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Service Providers===
A company that offers access to the Internet. Internet Service Providers may also provide add-on services such as web hosting, electronic mail, virus scanning, SPAM filtering, etc.

References:
* [[Security_Engineering | Anderson]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[The_Market_Consequences_of_Cybersecurity | OECD]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Keylogger===
Software or hardware that monitors and logs the keystrokes a user types into a computer. The keylogger may store the key sequences locally for later retrieval or send them to a remote location. A hardware keylogger can only be detected by physically inspecting the computer for unusual hardware.

References:
* [[Security_Engineering | Anderson]]
* [[2007_Malware_Report | Computer Economics]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

=== Kinetic Attack===
Traditional mode of warfare in which arms are used to kill opponents and/or destroy an opponent's infrastructure. Usually used to distinguish a cyber attack in which destruction of the opponent's resources is accomplished through targeted information system attacks without resorting to bullets, bombs or explosives.

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Computers_and_War | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Lawfare===
The use of international law to damage an opponent in a war without use of arms.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Laws of War===
The body of law that define the legality of using armed force to resolve a conflict (''jus ad bellum'') and the laws that define the legality of the actual hostilities and related activities (''jus in bello'').

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Cyber-Apocalypse_Now | Gable]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Power | Nye]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Malware===
A variety of computer software designed to infiltrate a user's computer specifically for malicious purposes. Includes, ''inter alia'', computer virus software, botnet software, computer worms, spyware, trojan horses, crimeware and rootkits.

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[2007_Malware_Report | Computer Economics]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Cybersecurity Strategy (U.S.)===
A comprehensive policy to secure America’s digital infrastructure as part of the Administrative Branch's [http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative Comprehensive National Cybersecurity Initiative]. The goals of the policy are: to establish a front line of defense against current immediate threats; to defend against threats by enhancing U.S. counterintelligence capabilities and; to strengthen the future cybersecurity environment by expanding cyber education and redirecting research and development efforts to define and develop strategies to deter hostile or malicious activity in cyberspace.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Security_and_Regulation_in_the_United_States | Lewis]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Security===
Broadly refers to the requirement to maintain the survival of the nation-state through the use of economic, military and political power and the exercise of diplomacy. [http://en.wikipedia.org/wiki/National_security Wikipedia]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===New Normalcy===
New normalcy has become an episodic polict construct in U.S. strategic ideation. National leadership has relied on the new normalcy clarion call to illuminate moments in time when it is understood that the Nation faces not only a severe threat, but also a transcending reorientation. Often invoked in times of national crisis, new normalcy in the American experience signals a cardinal shift in the nature of U.S. security. ["Cyber Operations - The New Balance," Stephen W. Korns]

===Notice and Take-down===
Most commonly used to remove infringing web material under copyright law, a notice and take-down regime is a procedure by which an infringing web site is removed from a service provider's (ISP) network, or access to an allegedly infringing website, disabled. Websites violating copyright are subject to notice and take-down, as are phishing websites.

References:
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Organized Crime===
Groups having some manner of a formalized structure and whose primary objective is to obtain money through illegal activities. Such groups maintain their position through the use of actual or threatened violence, corrupt public officials, graft, or extortion, and generally have a significant impact on the people in their locales, region, or the country as a whole. [http://www.fbi.gov/hq/cid/orgcrime/glossary.htm FBI]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Outreach and Collaboration===
Working across government and with the private sector to share information on threats and other data, and to develop shared approaches to securing cyberspace. [http://www.fas.org/sgp/crs/natsec/R40836.pdf CRS Report for Congress, at 6 (2009).]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Pricing_Security | Camp and Wolfram]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Introduction_to_Country_Reports | ENISA]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
*[[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | Moore and Clayton]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Password Weakness===
Security threats caused by the use of easily guessable passwords which protect vital stores of confidential information stored online.

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Patching===
Patching refers to the installation of a piece of software designed to fix problems with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability or performance. Though meant to fix problems, poorly designed patches can sometimes introduce new problems. [http://en.wikipedia.org/wiki/Patch_%28computing%29 Wikipedia]

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Phishing===
The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[2007_Malware_Report | Computer Economics]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Privacy Law===
Laws which regulate the protection of confidential personal information stored in private records or disclosed to a professional. Also includes laws which regulate the gathering of electronic data in which personal information is accumulated or misappropriated.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy | Besunder]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Red Team===
A structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners’ and adversaries’ perspectives. See [http://www.tradoc.army.mil/pao/tnsarchives/July05/070205.htm U.S. Army]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | Deputy Chief of Staff for Intelligence]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Research & Development===
Research and development (R&D) addressing cyber security and information infrastructure protection.

References:
* [[Pricing_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Research_Agenda_for_the_Banking_and_Finance_Sector | Financial Services Sector Coordinating Council for Critical Infrastructure Protection]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[Cyber_Security_Research_and_Development_Agenda | Institute for Information Infrastructure Protection]]
* [[The_Need_for_a_National_Cybersecurity_Research_and_Development_Agenda | Maughan]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Risk Modeling===
The creation of a model to estimate risk exposure, policy option efficacy and cost-benefit analysis of a particular threat and solution. See [http://cisac.stanford.edu/publications/how_much_is_enough__a_riskmanagement_approach_to_computer_security/ Soo Hoo, Kevin J.]

References:
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Making_the_Best_Use_of_Cybersecurity_Economic_Models | Rue and Pfleeger]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]
* [[Beyond_Fear | Schneier]]
* [[Managing_Online_Security_Risks | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SCADA Systems===
SCADA stands for "supervisory control and data acquisition" and in the cybersecurity context usually refers to industrial control systems that control infrastructure such as electrical power transmission and distribution, water treatment and distribution, wastewater collection and treatment, oil and gas pipelines and large communication systems. The focus is on whether as these systems are connected to the public Internet they become vulnerable to a remote attack.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[Cyber_Power | Nye]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Scareware===
Software or web site that purports to be security software reporting a threat against a user's computer to convince the user to purchase unneeded software or install malware.

* [[2007_Malware_Report | Computer Economics]]
* [[McAfee Threats Report | McAfee]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Script Kiddie===
A derogatory term for a [[#Black_Hat | Black Hat]] who uses canned tools and programs written by more skillful [[#Hacker | hackers]] to commit cyber crime without understanding how they work.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Security Trade-Offs===
There is no single correct level of security; how much security you have depends on what you’re willing to give up in order to get it. This trade-off is, by its very nature, subjective—secu- rity decisions are based on personal judgments. Different people have different senses of what constitutes a threat, or what level of risk is acceptable. What’s more, between different commu- nities, or organizations, or even entire societies, there is no agreed-upon way in which to define threats or evaluate risks, and the modern technological and media-filled world makes these evaluations even harder. [http://www.scribd.com/doc/12185921/beyond-fear-thinking-sensibly-about-security-in-an-uncertain-world-bruce-schneier-copernicus-books-2003 Bruce Schneier]

References:

*[[Cyber-Insurance_Revisited | Bohme]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Shoulder Surfing===
The process of obtaining passwords or other sensitive information by covertly watching an authorized user enter information into a computer system.

References:
* [[Security_Engineering | Anderson]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sneakernet===
Describes the transfer of data between computers or networks that are not physically, electrically or electromagnetically connected requiring information to be shared by physically transporting media contain the shared information from one computer to another. Initially described systems lacking the technology to network together, now usually refers to systems deliberately isolated for security reasons.

See also: [[#Air-Gapped_Network | Air-Gapped Network]]

===Social Engineering===
Conning a human into supplying passwords, computer access or other sensitive information by pretending to be a person with rights to the information or who the target believes they must surrender the information to.

References:
* [[Security_Engineering | Anderson]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Cyber_Power | Nye]]
* [[The_Market_Consequences_of_Cybersecurity:_Defining_Externalities_and_Ways_to_Address_Them | OECD]], [[Cybersecurity_and_Economic_Incentives | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Social Network===
A software application or website that allows a large group of users to interact with each other, often allowing the creation of online portals or identities to share with specific people or the online world at large.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Software Vulnerability===

A software vulnerablilty refers to the existence of a flaw -- or "bug" -- in software that may allow a third party or program to obtain unauthorized access to the flaw and exploit it. [http://www.spi.dod.mil/tenets.htm U.S. Air Force Software Protection Initiative]

References:
* [[Security_Engineering | Anderson]]
* [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission Impact of Foreign Influence on DoD Software | DoD]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The Price of Restricting Vulnerability Publications | Granick]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SPAM===
Unwanted or junk email usually sent indiscriminately in bulk selling illegal or near illegal goods or services. Even with low response rates and heavy filtering, SPAM can stil be economically viable because of the extremely low costs in sending even huge quantities of electronic messages. Commonly believed to be named after the [http://www.youtube.com/watch?v=anwy2MPT5RE Monty Python skit] where the breakfast meat Spam overwhelms all other food choices.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sponsored Attacks===
[[#Computer_Network_Attack | Computer network attacks]] commissioned by, supported by or carried out by a state or government.

Reverences:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===State Affiliation===
Under the control or command of a recognized state or government.

References:
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Tragedy of Commons===
A situation, first described in an influential article written by ecologist Garrett Hardin for the journal Science, in 1968, in which multiple individuals, acting independently, and solely and rationally consulting their own self-interest, will ultimately deplete a shared limited resource even when it is clear that it is not in anyone's long-term interest for this to happen. The term can be applied to any issue related to the management of a shared resource, from energy to the public domain, to cybersecurity.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Transparency===
A set of policies, practices and procedures that allow citizens to have accessibility, usability, informativeness, understandability and auditability of information and process held by centers of authority. [http://en.wikipedia.org/wiki/Transparency_(social) Wikipedia]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Trojan===
[[#Malware | Malware]] which masquerades as some other type of program such as a link to a web site, a desirable image, etc. to trick a user into installing it. Named for the Ancient Greek legend of the [http://www.mlahanas.de/Greeks/Mythology/TrojanHorse.html Trojan Horse].

References:
* [[Security_Engineering | Anderson]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
*[[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Military Technologies===
Warfare made possible by advances in remotely controlled or semiautomated military technologies which remove the operator from risk of harm while attacking an opponent.

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Global_Cyber_Deterrence_Views_from_China | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Warfare===

See: [[#Virtual_Military_Technologies | Virtual Military Technologies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===White Hat===
A white hat is a computer [[#Hacker | hacker]] who works to find and fix computer security risks. White hat consultants are often hired to attempt to break into their client's network to see if all security holes have been addressed.

See also: [[#Black_Hat | Black Hat]]

References:
* [[Security_Engineering | Anderson]], [[Why_Information_Security_is_Hard | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Whitelist===
A list of computers, IP (Internet Protocol) addresses, user names or other identifiers to specifically allow access to a computing resource. Normally combined with a default "no-access" policy.

See also: [[#Blacklist | Blacklist]]

References:
* [[Security_Engineering | Anderson]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Worm===
A type of malware that replicates itself and spreads to other computers through network connections.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Zero-Day Exploit===
[[#Malware | Malware]] designed to exploit a newly discovered security hole unknown to the software developer. "Zero-day" refers to the amount of time a developer has between learning of a security hole and the time it becomes public or when [[#Black_Hat | black hat]] [[#Hacker | hackers]] find out about it and try to use the security hole for nefarious purposes.

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[McAfee Threats Report | McAfee]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

Keyword Index and Glossary of Core Ideas

2010-08-03T15:07:24Z

Felix: /* Disclosure Policy */

==Keyword Index and Glossary of Core Ideas==

===Air-Gapped Network===
Air gapping is a security measure that isolates a secure network from unsecure networks physically, electrically and electromagnetically.

See also: [[Keyword_Index_and_Glossary_of_Core_Ideas#Sneakernet | Sneakernet]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Antivirus===
Software which attempts to identify and delete or isolate [[#Malware |malware]]. Antivirus software may use both a database containing signatures of known threats and heuristics to identify malware. Usually run as a background service to scan files and email copied to the protected system.

References:
* [[Security_Engineering | Anderson]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Best Practices===

The processes, practices, and systems identified in public and private organizations that performed exceptionally well and are widely recognized as improving an organization's performance and efficiency in specific areas. Successfully identifying and applying best practices can reduce business expenses and improve organizational efficiency. [http://www.gao.gov/special.pubs/bprag/bprgloss.htm GAO Glossary]

* [[Hardening_The_Internet | National Infrastructure Advisory Council]]

===Black Hat===
A black hat is a computer [[#Hacker | hacker]] who works to harm others (e.g., steal identities, spread computer viruses, install bot software).

See also: [[#White_Hat | White Hat]]

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Blacklist===
A list of computers, IP addresses, user names or other identifiers to block from access to a computing resource.

See also: [[#Whitelist | Whitelist]]

References:
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Botnet===
A portmanteau of "robot" and "network." Refers to networks of sometimes millions of infected machines that are remotely controlled by malicious actors. A single infected computer may be referred to as a zombie computer. The owners of the computer remotely controlled is often unaware of the infection. The owners of a botnet may use the combined network processing power and bandwidth to send [[#SPAM | SPAM]], install [[#Malware | malware]] and mount [[#DDoS_Attack | DDoS attacks]] or may rent out the botnet to other malicious actors.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Power | Nye]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Schneier_on_Security | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===''Casus Belli''===
The justification for going to war. From the Latin "''casus''" meaning "incident" or "event" and "''belli''" meaning "of war."

References:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Wired_Warfare | Schmitt]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Civilian Participation===
The involvement of non-military persons in warfare. While civilians have often provided support to the military in kinetic wars, in [[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Warfare | cyber warfare]] civilians are able to remotely participate in direct attacks against opponents. This raises complicated questions of law when the combatants are not uniformed military personnel.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Combatant Status===
The legal status of combatants in warfare. Existing law distinguishes between uniformed military and civilian status.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Emergency Response Team===
A group of experts brought together to deal with computer security issues. The Computer Emergency Response Team (CERT) mandate is to develop and promote best management practices and technology applications to “resist attacks on networked systems, to limit damage, and to ensure continuity of critical services.” (Software Engineering Institute 2008). CERT may be formed by governments to handle security at the national level or by academic institutions or individual corporations.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Network Attack===
Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves. [http://www.fas.org/irp/doddir/dod/jp3_13.pdf Joint Doctrine for Information Operations JP 3-13 at I-9 (1998)]

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Information_Security | GAO]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Computers_and_War | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Communications Privacy Law===
Laws which regulate access to electronic communications. In the United States, the [http://www.usiia.org/legis/ecpa.html Electronic Communications Privacy Act (ECPA]) protects electronic communications while in transit and prohibits the unlawful access and disclosure of communication contents.

References:
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[Cybersecurity:_Preventing_Terrorist_Attacks_and_Protecting_Privacy_in_Cyberspace | Nojeim]]
* [[Cyber_Power | Nye]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===COTS Software===
Commercial Off The Shelf Software. Software that is prepackaged and sold as a commodity rather than custom written for a specific user/organization or purpose. Examples include operating systems, database management programs, email servers, application servers and office product suites. [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD at 18.]]

References:
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Trust in Cyberspace | National Research Council]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Credit Card Fraud===
Theft of goods or services using false or stolen credit card information.

See Also: [[#Shoulder_Surfing | Shoulder Surfing]]

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Crimeware===
Software tools designed to aid criminals in perpetrating online crime. Refers only to programs not generally considered desirable or usable for ordinary tasks. Thus, while a criminal may use Internet Explorer in the commission of a [[#Cyber_Crime | cybercrime]], the Internet Explorer application itself would not be considered crimeware.

References:
* [[2007_Malware_Report |Computer Economics]]
* [[Cybersecurity | Bauer and van Eeten]], [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Crime===
In its broadest definition, cybercrime includes all crime perpetrated with or involving a computer. Symantec defines it as any crime that is committed using a computer or network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime. The crime may take place on the computer alone or in addition to other locations. [http://www.symantec.com/norton/cybercrime/definition.jsp Symantec]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as an Externality===
Economists define externalities as instances where an individual or firm’s actions have
economic consequences for others for which there is no compensation. One important
distinction is between positive and negative externalities. Instances of the latter are most
commonly discussed, such as the environmental pollution caused by a plant, which may
have impacts on the value of neighboring homes. Important examples of positive
externalities are so common in communications networks that there is a class of "network
externalities. For instance, the simple act of installing telephone service to one additional
customer creates positive externalities on everyone on the telephone network because
they can now each reach one additional person.
Several attributes of computer security suggest that it is an externality. Most importantly,
the lack of security on one machine can cause adverse effects on another. The most
obvious example of this is from electronic commerce, where credit card numbers stolen
from machines lacking security are used to commit fraud at other sites.

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Pricing_Security | Camp and Wolfram]], [[Economics_of_Information_Security | 2]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as a Public Good===
In economics, a public good is a good that is non-rivalrous and non-excludable. Non-rivalry means that consumption of the good by one individual does not reduce availability of the good for consumption by others; and non-excludability that no one can be effectively excluded from using the good.

References:
* [[Security_Engineering | Anderson]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Terrorism===
A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. [http://judiciary.senate.gov/hearings/testimony.cfm?id=1054&wit_id=2995 FBI]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Beyond_Fear | Schneier]]
* [[The_Evolving_Landscape_of_Maritime_Cybersecurity | Shah]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Warfare===
Actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption. [[Cyber_War | Clarke]]

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_War | Clarke]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks#Full_Citation | Cornish]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Global_Cyber_Deterrence | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Data Mining===
The process of extracting hidden information and correlations from one or more databases or collections of data that would not normally be revealed by a simple database query.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy#Synopsis | Besunder]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Schneier on Security | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Department of Homeland Security===
Cabinet level department of the United States assigned, ''inter alia'', the task of protecting against terrorist threats and helping state and local authorities prepare for, respond to and recover from domestic disasters.

References:
* [[Cyber_War | Clarke]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Information_Security | GAO]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]], [[Schneier on Security | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===DDoS Attack===
The disabling of a targeted website or Internet connection by flooding it with such high levels of Internet traffic that it can no longer respond to normal connection requests. Often mounted by directing an army of zombie computers (see [[#Botnet | botnet]]) to connect to the targeted site simultaneously. The targeted site may crash while trying to respond to an overwhelming number of connections requests or it may be disabled because all available bandwidth and/or computing resources are tied up responding to the attack requests.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin. et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Digital Pearl Harbor===
A cyberwarfare attack similar in scale and surprise to the 1941 attack on Pearl Harbor. The expression is often invoked by those who argue that a cyber-based attack is either imminent or inevitable and that by not being properly prepared, the United States will suffer significant and unnecessary losses.

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Disclosure Policy===
A policy that governs the disclosure to clients and other stakeholder by a provider of a computer program or system of defects discovered in those products.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Schneier on Security | Schneier]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Distributed Denial of Service (DDoS)===
See: [[#DDoS_Attack | DDoS Attack]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Dumpster Diving===
A method of obtaining proprietary, confidential or useful information by searching through trash discarded by a target.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Einstein===
The operational name of the National Cybersecurity Protection System (NCPS). Was created in 2003 by the United States Computer Emergency Readiness Team (US-CERT)14 in order to aid in its ability to help reduce and prevent computer network vulnerabilities across the federal government. The initial version of Einstein provided an automated process for collecting, correlating, and analyzing agencies’ computer network traffic information from sensors installed at their Internet connections. The Einstein sensors collected
network flow records at participating agencies, which were then analyzed by US-CERT to detect certain types of malicious activity.

References:
* [[Information_Security | GAO]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===E.U. Cybersecurity===
Discussions relating to cybersecurity of the European Union and of European Union states.

References:
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Introduction_to_Country_Reports | ENISA]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Generativity===
Generativity is a system’s capacity to produce unanticipated change through unﬁltered contributions from broad and varied audiences.

References:

*[[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Geneva Conventions===
Four treaties and three additional protocols that regulates the conduct of hostilities between states and set the standards for humanitarian treatment of the victims of war.

See also: [[#Laws_of_War | Laws of War]]

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacker===
Advanced computer users who spend a lot of time on or with computers and work hard to find vulnerabilities in IT systems. [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]

References:
* [[Security_Engineering | Anderson]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[McAfee Threats Report | McAfee]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivism===
The nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development. [http://www.alexandrasamuel.com/dissertation/index.html Samuel, A.]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivist===
A portmanteau of [[#Hacker | "hacker"]] and "activist." Individuals that have a political motive for their activities, and identify that motivation by their actions, such as defacing opponents’ websites with counter-information or disinformation.

See also: [[#Hacktivism | Hacktivism]]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[McAfee Threats Report | McAfee]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Honeypot===
A computer, network or other information technology resource set as a trap to attract attacks. Honeypots may be used to collect metrics (how long does it take for an unprotected system to be breached), to test defenses, to examine methods of attack or to catch attackers. A honeypot system may also be used to collect [[#SPAM | SPAM]] so it can be added to a [[#Blacklist | blacklist]].

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Identity Fraud/Theft===
The exploitation by malevolent third parties of unwarranted access to clients' or consumers' identities. Often the result of lax data security or privacy measures.

References:
* [[Security_Engineering | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[2007_Malware_Report | Computer Economics]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Asymmetries===
Information asymmetry deals with the study of decisions in transactions where one party has more or better information than the other. This creates an imbalance of power in transactions which can sometimes cause the transactions to go awry.

The software market suffers from the same information asymmetry. Vendors may make claims about the security of their products, but buyers have no reason to trust them. In many cases, even the vendor does not know how secure its software is. So buyers have no reason to pay more for protection, and vendors are disinclined to invest in it.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Cyber_War | Clarke]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Wired_Warfare | Schmitt]]
* [[Schneier on Security | Schneier]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Intelligence Infrastructure/Information Infrastructure===
The network of computers and communication lines underlying critical services that American society has come to depend on: financial systems, the power grid, transportation, emergency services, and government programs. Information infrastructure includes the Internet, telecommunications networks, “embedded” systems (the built-in microprocessors that control machines from microwaves to missiles), and “dedicated” devices like individual personal computers. [http://www.cfr.org/publication/10212/targets_for_terrorism.html Council on Foreign Relations]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Cyber_Power | Nye]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Operations===
Actions taken to affect adversary information and information systems while defending one’s own information and information systems.” Information Operations (IO) can occur during peacetime and at every level of warfare.
Information warfare (IW), by contrast, is IO “conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries” [Joint Chiefs of Staff, Department of Defense, Dictionary of Military and Associated Terms, Joint Publication]

References:
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Interdependencies===
The inter-connections between supposedly independent but often interdependent systems.

See also: [[#SCADA_Systems | SCADA Systems]]

References:
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Cyber-Insurance_Revisited | Bohme]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Trust in Cyberspace | National Research Council]]
* [[Cybersecurity_and_Economic_Incentives | OECD]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | Schmitt]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===International Humanitarian Law===
That part of international law which seek, for humanitarian reasons, to limit the effects of armed conflict. It protects persons who are not or are no longer participating in the hostilities and restricts the means and methods of warfare. International humanitarian law is also known as the law of war or the law of armed conflict. International law is the body of rules governing relations between States. It is contained in agreements between States (treaties or conventions), in customary rules, which consist of State practise considered by them as as legally binding, and in general principles. [http://www.icrc.org/web/eng/siteeng0.nsf/html/humanitarian-law-factsheet ICRC]

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Relay Chat (IRC)===
A method of real-time Internet communication often used by criminals to buy and sell purloined information such as credit card numbers and personal identity information. IRC chatrooms may be open or private.

References:
* [[Security_Engineering | Anderson]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Service Providers===
A company that offers access to the Internet. Internet Service Providers may also provide add-on services such as web hosting, electronic mail, virus scanning, SPAM filtering, etc.

References:
* [[Security_Engineering | Anderson]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[The_Market_Consequences_of_Cybersecurity | OECD]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Keylogger===
Software or hardware that monitors and logs the keystrokes a user types into a computer. The keylogger may store the key sequences locally for later retrieval or send them to a remote location. A hardware keylogger can only be detected by physically inspecting the computer for unusual hardware.

References:
* [[Security_Engineering | Anderson]]
* [[2007_Malware_Report | Computer Economics]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

=== Kinetic Attack===
Traditional mode of warfare in which arms are used to kill opponents and/or destroy an opponent's infrastructure. Usually used to distinguish a cyber attack in which destruction of the opponent's resources is accomplished through targeted information system attacks without resorting to bullets, bombs or explosives.

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Computers_and_War | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Lawfare===
The use of international law to damage an opponent in a war without use of arms.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Laws of War===
The body of law that define the legality of using armed force to resolve a conflict (''jus ad bellum'') and the laws that define the legality of the actual hostilities and related activities (''jus in bello'').

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Cyber-Apocalypse_Now | Gable]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Power | Nye]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Malware===
A variety of computer software designed to infiltrate a user's computer specifically for malicious purposes. Includes, ''inter alia'', computer virus software, botnet software, computer worms, spyware, trojan horses, crimeware and rootkits.

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[2007_Malware_Report | Computer Economics]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Cybersecurity Strategy (U.S.)===
A comprehensive policy to secure America’s digital infrastructure as part of the Administrative Branch's [http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative Comprehensive National Cybersecurity Initiative]. The goals of the policy are: to establish a front line of defense against current immediate threats; to defend against threats by enhancing U.S. counterintelligence capabilities and; to strengthen the future cybersecurity environment by expanding cyber education and redirecting research and development efforts to define and develop strategies to deter hostile or malicious activity in cyberspace.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Security_and_Regulation_in_the_United_States | Lewis]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Security===
Broadly refers to the requirement to maintain the survival of the nation-state through the use of economic, military and political power and the exercise of diplomacy. [http://en.wikipedia.org/wiki/National_security Wikipedia]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===New Normalcy===
New normalcy has become an episodic polict construct in U.S. strategic ideation. National leadership has relied on the new normalcy clarion call to illuminate moments in time when it is understood that the Nation faces not only a severe threat, but also a transcending reorientation. Often invoked in times of national crisis, new normalcy in the American experience signals a cardinal shift in the nature of U.S. security. ["Cyber Operations - The New Balance," Stephen W. Korns]

===Notice and Take-down===
Most commonly used to remove infringing web material under copyright law, a notice and take-down regime is a procedure by which an infringing web site is removed from a service provider's (ISP) network, or access to an allegedly infringing website, disabled. Websites violating copyright are subject to notice and take-down, as are phishing websites.

References:
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Organized Crime===
Groups having some manner of a formalized structure and whose primary objective is to obtain money through illegal activities. Such groups maintain their position through the use of actual or threatened violence, corrupt public officials, graft, or extortion, and generally have a significant impact on the people in their locales, region, or the country as a whole. [http://www.fbi.gov/hq/cid/orgcrime/glossary.htm FBI]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Outreach and Collaboration===
Working across government and with the private sector to share information on threats and other data, and to develop shared approaches to securing cyberspace. [http://www.fas.org/sgp/crs/natsec/R40836.pdf CRS Report for Congress, at 6 (2009).]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Pricing_Security | Camp and Wolfram]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Introduction_to_Country_Reports | ENISA]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
*[[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | Moore and Clayton]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Password Weakness===
Security threats caused by the use of easily guessable passwords which protect vital stores of confidential information stored online.

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Patching===
Patching refers to the installation of a piece of software designed to fix problems with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability or performance. Though meant to fix problems, poorly designed patches can sometimes introduce new problems. [http://en.wikipedia.org/wiki/Patch_%28computing%29 Wikipedia]

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Phishing===
The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[2007_Malware_Report | Computer Economics]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Privacy Law===
Laws which regulate the protection of confidential personal information stored in private records or disclosed to a professional. Also includes laws which regulate the gathering of electronic data in which personal information is accumulated or misappropriated.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy | Besunder]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Red Team===
A structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners’ and adversaries’ perspectives. See [http://www.tradoc.army.mil/pao/tnsarchives/July05/070205.htm U.S. Army]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | Deputy Chief of Staff for Intelligence]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Research & Development===
Research and development (R&D) addressing cyber security and information infrastructure protection.

References:
* [[Pricing_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Research_Agenda_for_the_Banking_and_Finance_Sector | Financial Services Sector Coordinating Council for Critical Infrastructure Protection]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[Cyber_Security_Research_and_Development_Agenda | Institute for Information Infrastructure Protection]]
* [[The_Need_for_a_National_Cybersecurity_Research_and_Development_Agenda | Maughan]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Risk Modeling===
The creation of a model to estimate risk exposure, policy option efficacy and cost-benefit analysis of a particular threat and solution. See [http://cisac.stanford.edu/publications/how_much_is_enough__a_riskmanagement_approach_to_computer_security/ Soo Hoo, Kevin J.]

References:
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Making_the_Best_Use_of_Cybersecurity_Economic_Models | Rue and Pfleeger]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]
* [[Beyond_Fear | Schneier]]
* [[Managing_Online_Security_Risks | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SCADA Systems===
SCADA stands for "supervisory control and data acquisition" and in the cybersecurity context usually refers to industrial control systems that control infrastructure such as electrical power transmission and distribution, water treatment and distribution, wastewater collection and treatment, oil and gas pipelines and large communication systems. The focus is on whether as these systems are connected to the public Internet they become vulnerable to a remote attack.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[Cyber_Power | Nye]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Scareware===
Software or web site that purports to be security software reporting a threat against a user's computer to convince the user to purchase unneeded software or install malware.

* [[2007_Malware_Report | Computer Economics]]
* [[McAfee Threats Report | McAfee]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Script Kiddie===
A derogatory term for a [[#Black_Hat | Black Hat]] who uses canned tools and programs written by more skillful [[#Hacker | hackers]] to commit cyber crime without understanding how they work.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Security Trade-Offs===
There is no single correct level of security; how much security you have depends on what you’re willing to give up in order to get it. This trade-off is, by its very nature, subjective—secu- rity decisions are based on personal judgments. Different people have different senses of what constitutes a threat, or what level of risk is acceptable. What’s more, between different commu- nities, or organizations, or even entire societies, there is no agreed-upon way in which to define threats or evaluate risks, and the modern technological and media-filled world makes these evaluations even harder. [http://www.scribd.com/doc/12185921/beyond-fear-thinking-sensibly-about-security-in-an-uncertain-world-bruce-schneier-copernicus-books-2003 Bruce Schneier]

References:

*[[Cyber-Insurance_Revisited | Bohme]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Shoulder Surfing===
The process of obtaining passwords or other sensitive information by covertly watching an authorized user enter information into a computer system.

References:
* [[Security_Engineering | Anderson]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sneakernet===
Describes the transfer of data between computers or networks that are not physically, electrically or electromagnetically connected requiring information to be shared by physically transporting media contain the shared information from one computer to another. Initially described systems lacking the technology to network together, now usually refers to systems deliberately isolated for security reasons.

See also: [[#Air-Gapped_Network | Air-Gapped Network]]

===Social Engineering===
Conning a human into supplying passwords, computer access or other sensitive information by pretending to be a person with rights to the information or who the target believes they must surrender the information to.

References:
* [[Security_Engineering | Anderson]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Cyber_Power | Nye]]
* [[The_Market_Consequences_of_Cybersecurity:_Defining_Externalities_and_Ways_to_Address_Them | OECD]], [[Cybersecurity_and_Economic_Incentives | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Social Network===
A software application or website that allows a large group of users to interact with each other, often allowing the creation of online portals or identities to share with specific people or the online world at large.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Software Vulnerability===

A software vulnerablilty refers to the existence of a flaw -- or "bug" -- in software that may allow a third party or program to obtain unauthorized access to the flaw and exploit it. [http://www.spi.dod.mil/tenets.htm U.S. Air Force Software Protection Initiative]

References:
* [[Security_Engineering | Anderson]]
* [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission Impact of Foreign Influence on DoD Software | DoD]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The Price of Restricting Vulnerability Publications | Granick]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SPAM===
Unwanted or junk email usually sent indiscriminately in bulk selling illegal or near illegal goods or services. Even with low response rates and heavy filtering, SPAM can stil be economically viable because of the extremely low costs in sending even huge quantities of electronic messages. Commonly believed to be named after the [http://www.youtube.com/watch?v=anwy2MPT5RE Monty Python skit] where the breakfast meat Spam overwhelms all other food choices.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sponsored Attacks===
[[#Computer_Network_Attack | Computer network attacks]] commissioned by, supported by or carried out by a state or government.

Reverences:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===State Affiliation===
Under the control or command of a recognized state or government.

References:
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Tragedy of Commons===
A situation, first described in an influential article written by ecologist Garrett Hardin for the journal Science, in 1968, in which multiple individuals, acting independently, and solely and rationally consulting their own self-interest, will ultimately deplete a shared limited resource even when it is clear that it is not in anyone's long-term interest for this to happen. The term can be applied to any issue related to the management of a shared resource, from energy to the public domain, to cybersecurity.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Transparency===
A set of policies, practices and procedures that allow citizens to have accessibility, usability, informativeness, understandability and auditability of information and process held by centers of authority. [http://en.wikipedia.org/wiki/Transparency_(social) Wikipedia]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Trojan===
[[#Malware | Malware]] which masquerades as some other type of program such as a link to a web site, a desirable image, etc. to trick a user into installing it. Named for the Ancient Greek legend of the [http://www.mlahanas.de/Greeks/Mythology/TrojanHorse.html Trojan Horse].

References:
* [[Security_Engineering | Anderson]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
*[[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Military Technologies===
Warfare made possible by advances in remotely controlled or semiautomated military technologies which remove the operator from risk of harm while attacking an opponent.

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Global_Cyber_Deterrence_Views_from_China | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Warfare===

See: [[#Virtual_Military_Technologies | Virtual Military Technologies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===White Hat===
A white hat is a computer [[#Hacker | hacker]] who works to find and fix computer security risks. White hat consultants are often hired to attempt to break into their client's network to see if all security holes have been addressed.

See also: [[#Black_Hat | Black Hat]]

References:
* [[Security_Engineering | Anderson]], [[Why_Information_Security_is_Hard | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Whitelist===
A list of computers, IP (Internet Protocol) addresses, user names or other identifiers to specifically allow access to a computing resource. Normally combined with a default "no-access" policy.

See also: [[#Blacklist | Blacklist]]

References:
* [[Security_Engineering | Anderson]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Worm===
A type of malware that replicates itself and spreads to other computers through network connections.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Zero-Day Exploit===
[[#Malware | Malware]] designed to exploit a newly discovered security hole unknown to the software developer. "Zero-day" refers to the amount of time a developer has between learning of a security hole and the time it becomes public or when [[#Black_Hat | black hat]] [[#Hacker | hackers]] find out about it and try to use the security hole for nefarious purposes.

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[McAfee Threats Report | McAfee]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

Keyword Index and Glossary of Core Ideas

2010-08-03T15:07:24Z

Felix: /* Botnet */

==Keyword Index and Glossary of Core Ideas==

===Air-Gapped Network===
Air gapping is a security measure that isolates a secure network from unsecure networks physically, electrically and electromagnetically.

See also: [[Keyword_Index_and_Glossary_of_Core_Ideas#Sneakernet | Sneakernet]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Antivirus===
Software which attempts to identify and delete or isolate [[#Malware |malware]]. Antivirus software may use both a database containing signatures of known threats and heuristics to identify malware. Usually run as a background service to scan files and email copied to the protected system.

References:
* [[Security_Engineering | Anderson]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Best Practices===

The processes, practices, and systems identified in public and private organizations that performed exceptionally well and are widely recognized as improving an organization's performance and efficiency in specific areas. Successfully identifying and applying best practices can reduce business expenses and improve organizational efficiency. [http://www.gao.gov/special.pubs/bprag/bprgloss.htm GAO Glossary]

* [[Hardening_The_Internet | National Infrastructure Advisory Council]]

===Black Hat===
A black hat is a computer [[#Hacker | hacker]] who works to harm others (e.g., steal identities, spread computer viruses, install bot software).

See also: [[#White_Hat | White Hat]]

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Blacklist===
A list of computers, IP addresses, user names or other identifiers to block from access to a computing resource.

See also: [[#Whitelist | Whitelist]]

References:
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Botnet===
A portmanteau of "robot" and "network." Refers to networks of sometimes millions of infected machines that are remotely controlled by malicious actors. A single infected computer may be referred to as a zombie computer. The owners of the computer remotely controlled is often unaware of the infection. The owners of a botnet may use the combined network processing power and bandwidth to send [[#SPAM | SPAM]], install [[#Malware | malware]] and mount [[#DDoS_Attack | DDoS attacks]] or may rent out the botnet to other malicious actors.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Power | Nye]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Schneier_on_Security | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===''Casus Belli''===
The justification for going to war. From the Latin "''casus''" meaning "incident" or "event" and "''belli''" meaning "of war."

References:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Wired_Warfare | Schmitt]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Civilian Participation===
The involvement of non-military persons in warfare. While civilians have often provided support to the military in kinetic wars, in [[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Warfare | cyber warfare]] civilians are able to remotely participate in direct attacks against opponents. This raises complicated questions of law when the combatants are not uniformed military personnel.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Combatant Status===
The legal status of combatants in warfare. Existing law distinguishes between uniformed military and civilian status.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Emergency Response Team===
A group of experts brought together to deal with computer security issues. The Computer Emergency Response Team (CERT) mandate is to develop and promote best management practices and technology applications to “resist attacks on networked systems, to limit damage, and to ensure continuity of critical services.” (Software Engineering Institute 2008). CERT may be formed by governments to handle security at the national level or by academic institutions or individual corporations.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Network Attack===
Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves. [http://www.fas.org/irp/doddir/dod/jp3_13.pdf Joint Doctrine for Information Operations JP 3-13 at I-9 (1998)]

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Information_Security | GAO]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Computers_and_War | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Communications Privacy Law===
Laws which regulate access to electronic communications. In the United States, the [http://www.usiia.org/legis/ecpa.html Electronic Communications Privacy Act (ECPA]) protects electronic communications while in transit and prohibits the unlawful access and disclosure of communication contents.

References:
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[Cybersecurity:_Preventing_Terrorist_Attacks_and_Protecting_Privacy_in_Cyberspace | Nojeim]]
* [[Cyber_Power | Nye]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===COTS Software===
Commercial Off The Shelf Software. Software that is prepackaged and sold as a commodity rather than custom written for a specific user/organization or purpose. Examples include operating systems, database management programs, email servers, application servers and office product suites. [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD at 18.]]

References:
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Trust in Cyberspace | National Research Council]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Credit Card Fraud===
Theft of goods or services using false or stolen credit card information.

See Also: [[#Shoulder_Surfing | Shoulder Surfing]]

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Crimeware===
Software tools designed to aid criminals in perpetrating online crime. Refers only to programs not generally considered desirable or usable for ordinary tasks. Thus, while a criminal may use Internet Explorer in the commission of a [[#Cyber_Crime | cybercrime]], the Internet Explorer application itself would not be considered crimeware.

References:
* [[2007_Malware_Report |Computer Economics]]
* [[Cybersecurity | Bauer and van Eeten]], [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Crime===
In its broadest definition, cybercrime includes all crime perpetrated with or involving a computer. Symantec defines it as any crime that is committed using a computer or network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime. The crime may take place on the computer alone or in addition to other locations. [http://www.symantec.com/norton/cybercrime/definition.jsp Symantec]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as an Externality===
Economists define externalities as instances where an individual or firm’s actions have
economic consequences for others for which there is no compensation. One important
distinction is between positive and negative externalities. Instances of the latter are most
commonly discussed, such as the environmental pollution caused by a plant, which may
have impacts on the value of neighboring homes. Important examples of positive
externalities are so common in communications networks that there is a class of "network
externalities. For instance, the simple act of installing telephone service to one additional
customer creates positive externalities on everyone on the telephone network because
they can now each reach one additional person.
Several attributes of computer security suggest that it is an externality. Most importantly,
the lack of security on one machine can cause adverse effects on another. The most
obvious example of this is from electronic commerce, where credit card numbers stolen
from machines lacking security are used to commit fraud at other sites.

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Pricing_Security | Camp and Wolfram]], [[Economics_of_Information_Security | 2]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as a Public Good===
In economics, a public good is a good that is non-rivalrous and non-excludable. Non-rivalry means that consumption of the good by one individual does not reduce availability of the good for consumption by others; and non-excludability that no one can be effectively excluded from using the good.

References:
* [[Security_Engineering | Anderson]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Terrorism===
A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. [http://judiciary.senate.gov/hearings/testimony.cfm?id=1054&wit_id=2995 FBI]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Beyond_Fear | Schneier]]
* [[The_Evolving_Landscape_of_Maritime_Cybersecurity | Shah]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Warfare===
Actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption. [[Cyber_War | Clarke]]

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_War | Clarke]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks#Full_Citation | Cornish]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Global_Cyber_Deterrence | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Data Mining===
The process of extracting hidden information and correlations from one or more databases or collections of data that would not normally be revealed by a simple database query.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy#Synopsis | Besunder]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Schneier on Security | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Department of Homeland Security===
Cabinet level department of the United States assigned, ''inter alia'', the task of protecting against terrorist threats and helping state and local authorities prepare for, respond to and recover from domestic disasters.

References:
* [[Cyber_War | Clarke]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Information_Security | GAO]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]], [[Schneier on Security | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===DDoS Attack===
The disabling of a targeted website or Internet connection by flooding it with such high levels of Internet traffic that it can no longer respond to normal connection requests. Often mounted by directing an army of zombie computers (see [[#Botnet | botnet]]) to connect to the targeted site simultaneously. The targeted site may crash while trying to respond to an overwhelming number of connections requests or it may be disabled because all available bandwidth and/or computing resources are tied up responding to the attack requests.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin. et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Digital Pearl Harbor===
A cyberwarfare attack similar in scale and surprise to the 1941 attack on Pearl Harbor. The expression is often invoked by those who argue that a cyber-based attack is either imminent or inevitable and that by not being properly prepared, the United States will suffer significant and unnecessary losses.

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Disclosure Policy===
A policy that governs the disclosure to clients and other stakeholder by a provider of a computer program or system of defects discovered in those products.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Schneier on Security | Schneier]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Distributed Denial of Service (DDoS)===
See: [[#DDoS_Attack | DDoS Attack]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Dumpster Diving===
A method of obtaining proprietary, confidential or useful information by searching through trash discarded by a target.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Einstein===
The operational name of the National Cybersecurity Protection System (NCPS). Was created in 2003 by the United States Computer Emergency Readiness Team (US-CERT)14 in order to aid in its ability to help reduce and prevent computer network vulnerabilities across the federal government. The initial version of Einstein provided an automated process for collecting, correlating, and analyzing agencies’ computer network traffic information from sensors installed at their Internet connections. The Einstein sensors collected
network flow records at participating agencies, which were then analyzed by US-CERT to detect certain types of malicious activity.

References:
* [[Information_Security | GAO]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===E.U. Cybersecurity===
Discussions relating to cybersecurity of the European Union and of European Union states.

References:
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Introduction_to_Country_Reports | ENISA]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Generativity===
Generativity is a system’s capacity to produce unanticipated change through unﬁltered contributions from broad and varied audiences.

References:

*[[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Geneva Conventions===
Four treaties and three additional protocols that regulates the conduct of hostilities between states and set the standards for humanitarian treatment of the victims of war.

See also: [[#Laws_of_War | Laws of War]]

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacker===
Advanced computer users who spend a lot of time on or with computers and work hard to find vulnerabilities in IT systems. [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]

References:
* [[Security_Engineering | Anderson]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[McAfee Threats Report | McAfee]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivism===
The nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development. [http://www.alexandrasamuel.com/dissertation/index.html Samuel, A.]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivist===
A portmanteau of [[#Hacker | "hacker"]] and "activist." Individuals that have a political motive for their activities, and identify that motivation by their actions, such as defacing opponents’ websites with counter-information or disinformation.

See also: [[#Hacktivism | Hacktivism]]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[McAfee Threats Report | McAfee]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Honeypot===
A computer, network or other information technology resource set as a trap to attract attacks. Honeypots may be used to collect metrics (how long does it take for an unprotected system to be breached), to test defenses, to examine methods of attack or to catch attackers. A honeypot system may also be used to collect [[#SPAM | SPAM]] so it can be added to a [[#Blacklist | blacklist]].

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Identity Fraud/Theft===
The exploitation by malevolent third parties of unwarranted access to clients' or consumers' identities. Often the result of lax data security or privacy measures.

References:
* [[Security_Engineering | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[2007_Malware_Report | Computer Economics]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Asymmetries===
Information asymmetry deals with the study of decisions in transactions where one party has more or better information than the other. This creates an imbalance of power in transactions which can sometimes cause the transactions to go awry.

The software market suffers from the same information asymmetry. Vendors may make claims about the security of their products, but buyers have no reason to trust them. In many cases, even the vendor does not know how secure its software is. So buyers have no reason to pay more for protection, and vendors are disinclined to invest in it.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Cyber_War | Clarke]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Wired_Warfare | Schmitt]]
* [[Schneier on Security | Schneier]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Intelligence Infrastructure/Information Infrastructure===
The network of computers and communication lines underlying critical services that American society has come to depend on: financial systems, the power grid, transportation, emergency services, and government programs. Information infrastructure includes the Internet, telecommunications networks, “embedded” systems (the built-in microprocessors that control machines from microwaves to missiles), and “dedicated” devices like individual personal computers. [http://www.cfr.org/publication/10212/targets_for_terrorism.html Council on Foreign Relations]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Cyber_Power | Nye]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Operations===
Actions taken to affect adversary information and information systems while defending one’s own information and information systems.” Information Operations (IO) can occur during peacetime and at every level of warfare.
Information warfare (IW), by contrast, is IO “conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries” [Joint Chiefs of Staff, Department of Defense, Dictionary of Military and Associated Terms, Joint Publication]

References:
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Interdependencies===
The inter-connections between supposedly independent but often interdependent systems.

See also: [[#SCADA_Systems | SCADA Systems]]

References:
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Cyber-Insurance_Revisited | Bohme]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Trust in Cyberspace | National Research Council]]
* [[Cybersecurity_and_Economic_Incentives | OECD]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | Schmitt]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===International Humanitarian Law===
That part of international law which seek, for humanitarian reasons, to limit the effects of armed conflict. It protects persons who are not or are no longer participating in the hostilities and restricts the means and methods of warfare. International humanitarian law is also known as the law of war or the law of armed conflict. International law is the body of rules governing relations between States. It is contained in agreements between States (treaties or conventions), in customary rules, which consist of State practise considered by them as as legally binding, and in general principles. [http://www.icrc.org/web/eng/siteeng0.nsf/html/humanitarian-law-factsheet ICRC]

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Relay Chat (IRC)===
A method of real-time Internet communication often used by criminals to buy and sell purloined information such as credit card numbers and personal identity information. IRC chatrooms may be open or private.

References:
* [[Security_Engineering | Anderson]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Service Providers===
A company that offers access to the Internet. Internet Service Providers may also provide add-on services such as web hosting, electronic mail, virus scanning, SPAM filtering, etc.

References:
* [[Security_Engineering | Anderson]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[The_Market_Consequences_of_Cybersecurity | OECD]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Keylogger===
Software or hardware that monitors and logs the keystrokes a user types into a computer. The keylogger may store the key sequences locally for later retrieval or send them to a remote location. A hardware keylogger can only be detected by physically inspecting the computer for unusual hardware.

References:
* [[Security_Engineering | Anderson]]
* [[2007_Malware_Report | Computer Economics]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

=== Kinetic Attack===
Traditional mode of warfare in which arms are used to kill opponents and/or destroy an opponent's infrastructure. Usually used to distinguish a cyber attack in which destruction of the opponent's resources is accomplished through targeted information system attacks without resorting to bullets, bombs or explosives.

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Computers_and_War | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Lawfare===
The use of international law to damage an opponent in a war without use of arms.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Laws of War===
The body of law that define the legality of using armed force to resolve a conflict (''jus ad bellum'') and the laws that define the legality of the actual hostilities and related activities (''jus in bello'').

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Cyber-Apocalypse_Now | Gable]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Power | Nye]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Malware===
A variety of computer software designed to infiltrate a user's computer specifically for malicious purposes. Includes, ''inter alia'', computer virus software, botnet software, computer worms, spyware, trojan horses, crimeware and rootkits.

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[2007_Malware_Report | Computer Economics]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Cybersecurity Strategy (U.S.)===
A comprehensive policy to secure America’s digital infrastructure as part of the Administrative Branch's [http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative Comprehensive National Cybersecurity Initiative]. The goals of the policy are: to establish a front line of defense against current immediate threats; to defend against threats by enhancing U.S. counterintelligence capabilities and; to strengthen the future cybersecurity environment by expanding cyber education and redirecting research and development efforts to define and develop strategies to deter hostile or malicious activity in cyberspace.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Security_and_Regulation_in_the_United_States | Lewis]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Security===
Broadly refers to the requirement to maintain the survival of the nation-state through the use of economic, military and political power and the exercise of diplomacy. [http://en.wikipedia.org/wiki/National_security Wikipedia]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===New Normalcy===
New normalcy has become an episodic polict construct in U.S. strategic ideation. National leadership has relied on the new normalcy clarion call to illuminate moments in time when it is understood that the Nation faces not only a severe threat, but also a transcending reorientation. Often invoked in times of national crisis, new normalcy in the American experience signals a cardinal shift in the nature of U.S. security. ["Cyber Operations - The New Balance," Stephen W. Korns]

===Notice and Take-down===
Most commonly used to remove infringing web material under copyright law, a notice and take-down regime is a procedure by which an infringing web site is removed from a service provider's (ISP) network, or access to an allegedly infringing website, disabled. Websites violating copyright are subject to notice and take-down, as are phishing websites.

References:
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Organized Crime===
Groups having some manner of a formalized structure and whose primary objective is to obtain money through illegal activities. Such groups maintain their position through the use of actual or threatened violence, corrupt public officials, graft, or extortion, and generally have a significant impact on the people in their locales, region, or the country as a whole. [http://www.fbi.gov/hq/cid/orgcrime/glossary.htm FBI]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Outreach and Collaboration===
Working across government and with the private sector to share information on threats and other data, and to develop shared approaches to securing cyberspace. [http://www.fas.org/sgp/crs/natsec/R40836.pdf CRS Report for Congress, at 6 (2009).]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Pricing_Security | Camp and Wolfram]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Introduction_to_Country_Reports | ENISA]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
*[[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | Moore and Clayton]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Password Weakness===
Security threats caused by the use of easily guessable passwords which protect vital stores of confidential information stored online.

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Patching===
Patching refers to the installation of a piece of software designed to fix problems with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability or performance. Though meant to fix problems, poorly designed patches can sometimes introduce new problems. [http://en.wikipedia.org/wiki/Patch_%28computing%29 Wikipedia]

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Phishing===
The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[2007_Malware_Report | Computer Economics]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Privacy Law===
Laws which regulate the protection of confidential personal information stored in private records or disclosed to a professional. Also includes laws which regulate the gathering of electronic data in which personal information is accumulated or misappropriated.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy | Besunder]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Red Team===
A structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners’ and adversaries’ perspectives. See [http://www.tradoc.army.mil/pao/tnsarchives/July05/070205.htm U.S. Army]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | Deputy Chief of Staff for Intelligence]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Research & Development===
Research and development (R&D) addressing cyber security and information infrastructure protection.

References:
* [[Pricing_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Research_Agenda_for_the_Banking_and_Finance_Sector | Financial Services Sector Coordinating Council for Critical Infrastructure Protection]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[Cyber_Security_Research_and_Development_Agenda | Institute for Information Infrastructure Protection]]
* [[The_Need_for_a_National_Cybersecurity_Research_and_Development_Agenda | Maughan]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Risk Modeling===
The creation of a model to estimate risk exposure, policy option efficacy and cost-benefit analysis of a particular threat and solution. See [http://cisac.stanford.edu/publications/how_much_is_enough__a_riskmanagement_approach_to_computer_security/ Soo Hoo, Kevin J.]

References:
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Making_the_Best_Use_of_Cybersecurity_Economic_Models | Rue and Pfleeger]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]
* [[Beyond_Fear | Schneier]]
* [[Managing_Online_Security_Risks | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SCADA Systems===
SCADA stands for "supervisory control and data acquisition" and in the cybersecurity context usually refers to industrial control systems that control infrastructure such as electrical power transmission and distribution, water treatment and distribution, wastewater collection and treatment, oil and gas pipelines and large communication systems. The focus is on whether as these systems are connected to the public Internet they become vulnerable to a remote attack.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[Cyber_Power | Nye]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Scareware===
Software or web site that purports to be security software reporting a threat against a user's computer to convince the user to purchase unneeded software or install malware.

* [[2007_Malware_Report | Computer Economics]]
* [[McAfee Threats Report | McAfee]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Script Kiddie===
A derogatory term for a [[#Black_Hat | Black Hat]] who uses canned tools and programs written by more skillful [[#Hacker | hackers]] to commit cyber crime without understanding how they work.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Security Trade-Offs===
There is no single correct level of security; how much security you have depends on what you’re willing to give up in order to get it. This trade-off is, by its very nature, subjective—secu- rity decisions are based on personal judgments. Different people have different senses of what constitutes a threat, or what level of risk is acceptable. What’s more, between different commu- nities, or organizations, or even entire societies, there is no agreed-upon way in which to define threats or evaluate risks, and the modern technological and media-filled world makes these evaluations even harder. [http://www.scribd.com/doc/12185921/beyond-fear-thinking-sensibly-about-security-in-an-uncertain-world-bruce-schneier-copernicus-books-2003 Bruce Schneier]

References:

*[[Cyber-Insurance_Revisited | Bohme]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Shoulder Surfing===
The process of obtaining passwords or other sensitive information by covertly watching an authorized user enter information into a computer system.

References:
* [[Security_Engineering | Anderson]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sneakernet===
Describes the transfer of data between computers or networks that are not physically, electrically or electromagnetically connected requiring information to be shared by physically transporting media contain the shared information from one computer to another. Initially described systems lacking the technology to network together, now usually refers to systems deliberately isolated for security reasons.

See also: [[#Air-Gapped_Network | Air-Gapped Network]]

===Social Engineering===
Conning a human into supplying passwords, computer access or other sensitive information by pretending to be a person with rights to the information or who the target believes they must surrender the information to.

References:
* [[Security_Engineering | Anderson]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Cyber_Power | Nye]]
* [[The_Market_Consequences_of_Cybersecurity:_Defining_Externalities_and_Ways_to_Address_Them | OECD]], [[Cybersecurity_and_Economic_Incentives | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Social Network===
A software application or website that allows a large group of users to interact with each other, often allowing the creation of online portals or identities to share with specific people or the online world at large.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Software Vulnerability===

A software vulnerablilty refers to the existence of a flaw -- or "bug" -- in software that may allow a third party or program to obtain unauthorized access to the flaw and exploit it. [http://www.spi.dod.mil/tenets.htm U.S. Air Force Software Protection Initiative]

References:
* [[Security_Engineering | Anderson]]
* [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission Impact of Foreign Influence on DoD Software | DoD]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The Price of Restricting Vulnerability Publications | Granick]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SPAM===
Unwanted or junk email usually sent indiscriminately in bulk selling illegal or near illegal goods or services. Even with low response rates and heavy filtering, SPAM can stil be economically viable because of the extremely low costs in sending even huge quantities of electronic messages. Commonly believed to be named after the [http://www.youtube.com/watch?v=anwy2MPT5RE Monty Python skit] where the breakfast meat Spam overwhelms all other food choices.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sponsored Attacks===
[[#Computer_Network_Attack | Computer network attacks]] commissioned by, supported by or carried out by a state or government.

Reverences:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===State Affiliation===
Under the control or command of a recognized state or government.

References:
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Tragedy of Commons===
A situation, first described in an influential article written by ecologist Garrett Hardin for the journal Science, in 1968, in which multiple individuals, acting independently, and solely and rationally consulting their own self-interest, will ultimately deplete a shared limited resource even when it is clear that it is not in anyone's long-term interest for this to happen. The term can be applied to any issue related to the management of a shared resource, from energy to the public domain, to cybersecurity.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Transparency===
A set of policies, practices and procedures that allow citizens to have accessibility, usability, informativeness, understandability and auditability of information and process held by centers of authority. [http://en.wikipedia.org/wiki/Transparency_(social) Wikipedia]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Trojan===
[[#Malware | Malware]] which masquerades as some other type of program such as a link to a web site, a desirable image, etc. to trick a user into installing it. Named for the Ancient Greek legend of the [http://www.mlahanas.de/Greeks/Mythology/TrojanHorse.html Trojan Horse].

References:
* [[Security_Engineering | Anderson]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
*[[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Military Technologies===
Warfare made possible by advances in remotely controlled or semiautomated military technologies which remove the operator from risk of harm while attacking an opponent.

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Global_Cyber_Deterrence_Views_from_China | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Warfare===

See: [[#Virtual_Military_Technologies | Virtual Military Technologies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===White Hat===
A white hat is a computer [[#Hacker | hacker]] who works to find and fix computer security risks. White hat consultants are often hired to attempt to break into their client's network to see if all security holes have been addressed.

See also: [[#Black_Hat | Black Hat]]

References:
* [[Security_Engineering | Anderson]], [[Why_Information_Security_is_Hard | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Whitelist===
A list of computers, IP (Internet Protocol) addresses, user names or other identifiers to specifically allow access to a computing resource. Normally combined with a default "no-access" policy.

See also: [[#Blacklist | Blacklist]]

References:
* [[Security_Engineering | Anderson]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Worm===
A type of malware that replicates itself and spreads to other computers through network connections.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Zero-Day Exploit===
[[#Malware | Malware]] designed to exploit a newly discovered security hole unknown to the software developer. "Zero-day" refers to the amount of time a developer has between learning of a security hole and the time it becomes public or when [[#Black_Hat | black hat]] [[#Hacker | hackers]] find out about it and try to use the security hole for nefarious purposes.

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[McAfee Threats Report | McAfee]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

Modeling Cyber-Insurance

2010-08-03T15:07:24Z

Felix: /* Key Words */

==Full Title of Reference==
Modeling Cyber-Insurance: Towards A Unified Framework

==Full Citation==

Rainer Bohme and Galina Schwartz, ''Modeling Cyber-Insurance: Towards A Unified Framework'', Workshop on the Economics of Information Security, Harvard University, Cambridge, MA (June 2010).
[http://www1.inf.tu-dresden.de/~rb21/publications/BS2010_Modeling_Cyber-Insurance_WEIS.pdf ''Web'']

[http://cyber.law.harvard.edu/cybersecurity/Special:Bibliography?f=wikibiblio.bib&title=Special:Bibliography&view=detailed&action=&keyword=Bohme+Schwartz:2010 ''BibTeX'']

==Categorization==
* Issues: [[Insurance]]; [[Incentives]]
* Approaches: [[Private Efforts/Organizations]]

==Key Words==
[[Keyword_Index_and_Glossary_of_Core_Ideas#Botnet | Botnet]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Disclosure_Policy | Disclosure Policy]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Interdependencies | Interdependencies]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Phishing | Phishing]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Risk_Modeling | Risk Modeling]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#SPAM | SPAM]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Worm | Worm]]

==Synopsis==
The paper proposes a comprehensive formal framework to classify all market models of cyber-insurance we are aware of. The framework features a common terminology and deals with the specific properties of cyber-risk in a unified way: interdependent security, correlated risk, and information asymmetries. A survey of existing models, tabulated according to our framework, reveals a discrepancy between informal arguments in favor of cyber-insurance as a tool to align incentives for better network security, and analytical results questioning the viability of a market for cyber-insurance. Using our framework, we show which parameters should be considered and endogenized in future models to close this gap.

===A General Framework for Modeling Cyber-Insurance Markets===
The unifying framework proposed by the authors permits to classify the literature and identify areas that have not been covered by the existing models. Their objectives are to take stock, systematize in a common terminology, and give a structured account of a growing field with contributions spread over disperse communities. Ultimately, such a unifying framework should help navigate the literature and stimulates research that results in a more formal basis for policy recommendations involving cyber-risk reallocation.

In addition, the authors suggest that this framework can be used to partly standardize the exposition of cyber-insurance papers, thus simplifying the tasks of authors’ presentation and evaluation of the results by the research community. One key theme in designing such a framework is to identify factors specific to cyber-risk and cyber-insurance. This clarifies where novel contributions are needed.

The framework breaks the modeling decisions down to five key components:
* network environment,
* demand side,
* supply side,
* information structure,
* organizational environment.
Each component covers several model attributes, which imply specific modeling decisions. All attributes are discussed, including their common formalization, with particular emphasis on attributes that are specific to cyberrisk. For less cyber-specific attributes, references to the standard economic literature on indemnity insurance are provided.

The framework introduces a unified way of dealing with both interdependent security and correlated risk, two obstacles to the development of a cyber-insurance market that so far have been studied only separately. The remaining subsections of Sect. 2 describe the standard economic approach to insurance, augmented to cyber-risk where specific properties arise.

===Using the Framework for a Literature Survey, and Concluding Remarks===
Section 3 applies the framework by classifying the relevant literature along the framework’s key components. The authors demonstrate the general usefulness of our framework and its suitability to ease comparisons between different models in a standardized terminology. The framework further permits to pinpoint the driving forces behind the results of models in the literature. Our hope is that this framework will serve as starting point for more systematic extensions in future work by both economists and security engineers.
General remarks on the state of the research field and possible directions are discussed in the concluding Section 4.

==Additional Notes and Highlights==
Expertise Requires: Economics - High

Outline:
1. Introduction
2. A General Framework for Modeling Cyber-Insurance Markets
2.1 Network Environment: Connected Nodes
2.1.1 Defense Function
2.1.2 Network Topology
2.1.3 Risk Arrival
2.1.4 Attacker Model
2.2 Demand Side: Agents
2.2.1 Node Control
2.2.2 Heterogeneity
2.2.3 Agents’ Risk Aversion
2.2.4 Action Space
2.2.5 Time
2.3 Supply Side: Insurers
2.3.1 Market Structure
2.3.2 Insurers’ Risk Aversion
2.3.3 Markup
2.3.4 Contract Design
2.3.5 Higher-Order Risk Transfer
2.4 Information Structure
2.4.1 Information Asymmetries in the Conventional Insurance Literature
2.4.2 Information Asymmetries Specific to Cyber-Insurance
2.4.3 Timing
2.5 Organizational Environment
2.5.1 Regulator
2.5.2 ICT Manufacturers
2.5.3 Network Intermediaries
2.5.4 Security Service Providers
3 Using the Framework for a Literature Survey
3.1 Market Models
3.1.1 Comparison Across Models
3.1.2 Discussion of Individual Models
3.2 Related Topics
4 Concluding Remarks

Modeling Cyber-Insurance

2010-08-03T15:07:24Z

Felix: /* Synopsis */

==Full Title of Reference==
Modeling Cyber-Insurance: Towards A Unified Framework

==Full Citation==

Rainer Bohme and Galina Schwartz, ''Modeling Cyber-Insurance: Towards A Unified Framework'', Workshop on the Economics of Information Security, Harvard University, Cambridge, MA (June 2010).
[http://www1.inf.tu-dresden.de/~rb21/publications/BS2010_Modeling_Cyber-Insurance_WEIS.pdf ''Web'']

[http://cyber.law.harvard.edu/cybersecurity/Special:Bibliography?f=wikibiblio.bib&title=Special:Bibliography&view=detailed&action=&keyword=Bohme+Schwartz:2010 ''BibTeX'']

==Categorization==
* Issues: [[Insurance]]; [[Incentives]]
* Approaches: [[Private Efforts/Organizations]]

==Key Words==
[[Keyword_Index_and_Glossary_of_Core_Ideas#Botnet | Botnet]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Disclosure_Policy | Disclosure Policy]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Honeypot | Honeypot]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Interdependencies | Interdependencies]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Phishing | Phishing]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Risk_Modeling | Risk Modeling]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#SPAM | SPAM]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Worm | Worm]]

==Synopsis==
The paper proposes a comprehensive formal framework to classify all market models of cyber-insurance we are aware of. The framework features a common terminology and deals with the specific properties of cyber-risk in a unified way: interdependent security, correlated risk, and information asymmetries. A survey of existing models, tabulated according to our framework, reveals a discrepancy between informal arguments in favor of cyber-insurance as a tool to align incentives for better network security, and analytical results questioning the viability of a market for cyber-insurance. Using our framework, we show which parameters should be considered and endogenized in future models to close this gap.

===A General Framework for Modeling Cyber-Insurance Markets===
The unifying framework proposed by the authors permits to classify the literature and identify areas that have not been covered by the existing models. Their objectives are to take stock, systematize in a common terminology, and give a structured account of a growing field with contributions spread over disperse communities. Ultimately, such a unifying framework should help navigate the literature and stimulates research that results in a more formal basis for policy recommendations involving cyber-risk reallocation.

In addition, the authors suggest that this framework can be used to partly standardize the exposition of cyber-insurance papers, thus simplifying the tasks of authors’ presentation and evaluation of the results by the research community. One key theme in designing such a framework is to identify factors specific to cyber-risk and cyber-insurance. This clarifies where novel contributions are needed.

The framework breaks the modeling decisions down to five key components:
* network environment,
* demand side,
* supply side,
* information structure,
* organizational environment.
Each component covers several model attributes, which imply specific modeling decisions. All attributes are discussed, including their common formalization, with particular emphasis on attributes that are specific to cyberrisk. For less cyber-specific attributes, references to the standard economic literature on indemnity insurance are provided.

The framework introduces a unified way of dealing with both interdependent security and correlated risk, two obstacles to the development of a cyber-insurance market that so far have been studied only separately. The remaining subsections of Sect. 2 describe the standard economic approach to insurance, augmented to cyber-risk where specific properties arise.

===Using the Framework for a Literature Survey, and Concluding Remarks===
Section 3 applies the framework by classifying the relevant literature along the framework’s key components. The authors demonstrate the general usefulness of our framework and its suitability to ease comparisons between different models in a standardized terminology. The framework further permits to pinpoint the driving forces behind the results of models in the literature. Our hope is that this framework will serve as starting point for more systematic extensions in future work by both economists and security engineers.
General remarks on the state of the research field and possible directions are discussed in the concluding Section 4.

==Additional Notes and Highlights==
Expertise Requires: Economics - High

Outline:
1. Introduction
2. A General Framework for Modeling Cyber-Insurance Markets
2.1 Network Environment: Connected Nodes
2.1.1 Defense Function
2.1.2 Network Topology
2.1.3 Risk Arrival
2.1.4 Attacker Model
2.2 Demand Side: Agents
2.2.1 Node Control
2.2.2 Heterogeneity
2.2.3 Agents’ Risk Aversion
2.2.4 Action Space
2.2.5 Time
2.3 Supply Side: Insurers
2.3.1 Market Structure
2.3.2 Insurers’ Risk Aversion
2.3.3 Markup
2.3.4 Contract Design
2.3.5 Higher-Order Risk Transfer
2.4 Information Structure
2.4.1 Information Asymmetries in the Conventional Insurance Literature
2.4.2 Information Asymmetries Specific to Cyber-Insurance
2.4.3 Timing
2.5 Organizational Environment
2.5.1 Regulator
2.5.2 ICT Manufacturers
2.5.3 Network Intermediaries
2.5.4 Security Service Providers
3 Using the Framework for a Literature Survey
3.1 Market Models
3.1.1 Comparison Across Models
3.1.2 Discussion of Individual Models
3.2 Related Topics
4 Concluding Remarks

Modeling Cyber-Insurance

2010-08-03T15:07:24Z

Felix: /* A General Framework for Modeling Cyber-Insurance Markets */

==Full Title of Reference==
Modeling Cyber-Insurance: Towards A Unified Framework

==Full Citation==

Rainer Bohme and Galina Schwartz, ''Modeling Cyber-Insurance: Towards A Unified Framework'', Workshop on the Economics of Information Security, Harvard University, Cambridge, MA (June 2010).
[http://www1.inf.tu-dresden.de/~rb21/publications/BS2010_Modeling_Cyber-Insurance_WEIS.pdf ''Web'']

[http://cyber.law.harvard.edu/cybersecurity/Special:Bibliography?f=wikibiblio.bib&title=Special:Bibliography&view=detailed&action=&keyword=Bohme+Schwartz:2010 ''BibTeX'']

==Categorization==
* Issues: [[Insurance]]; [[Incentives]]
* Approaches: [[Private Efforts/Organizations]]

==Key Words==
[[Keyword_Index_and_Glossary_of_Core_Ideas#Botnet | Botnet]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Disclosure_Policy | Disclosure Policy]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Honeypot | Honeypot]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Interdependencies | Interdependencies]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Phishing | Phishing]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Risk_Modeling | Risk Modeling]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#SPAM | SPAM]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Worm | Worm]]

==Synopsis==
The paper proposes a comprehensive formal framework to classify all market models of cyber-insurance we are aware of. The framework features a common terminology and deals with the specific properties of cyber-risk in a unified way: interdependent security, correlated risk, and information asymmetries. A survey of existing models, tabulated according to our framework, reveals a discrepancy between informal arguments in favor of cyber-insurance as a tool to align incentives for better network security, and analytical results questioning the viability of a market for cyber-insurance. Using our framework, we show which parameters should be considered and endogenized in future models to close this gap.

===A General Framework for Modeling Cyber-Insurance Markets===
The unifying framework proposed by the authors permits to classify the literature and identify areas that have not been covered by the existing models. Their objectives are to take stock, systematize in a common terminology, and give a structured account of a growing field with contributions spread over disperse communities. Ultimately, such a unifying framework should help navigate the literature and stimulates research that results in a more formal basis for policy recommendations involving cyber-risk reallocation.

In addition, the authors suggest that this framework can be used to partly standardize the exposition of cyber-insurance papers, thus simplifying the tasks of authors’ presentation and evaluation of the results by the research community. One key theme in designing such a framework is to identify factors specific to cyber-risk and cyber-insurance. This clarifies where novel contributions are needed.

The framework breaks the modeling decisions down to five key components:
* network environment,
* demand side,
* supply side,
* information structure,
* organizational environment.
Each component covers several model attributes, which imply specific modeling decisions. All attributes are discussed, including their common formalization, with particular emphasis on attributes that are specific to cyberrisk. For less cyber-specific attributes, references to the standard economic literature on indemnity insurance are provided.

The framework introduces a unified way of dealing with both interdependent security and correlated risk, two obstacles to the development of a cyber-insurance market that so far have been studied only separately. The remaining subsections of Sect. 2 describe the standard economic approach to insurance, augmented to cyber-risk where specific properties arise.

===Using the Framework for a Literature Survey, plus Concluding Remarks===
Section 3 applies the framework by classifying the relevant literature along the framework’s key components. The authors demonstrate the general usefulness of our framework and its suitability to ease comparisons between different models in a standardized terminology. The framework further permits to pinpoint the driving forces behind the results of models in the literature. Our hope is that this framework will serve as starting point for more systematic extensions in future work by both economists and security engineers.
General remarks on the state of the research field and possible directions are discussed in the concluding Section 4.

==Additional Notes and Highlights==
Expertise Requires: Economics - High

Outline:
1. Introduction
2. A General Framework for Modeling Cyber-Insurance Markets
2.1 Network Environment: Connected Nodes
2.1.1 Defense Function
2.1.2 Network Topology
2.1.3 Risk Arrival
2.1.4 Attacker Model
2.2 Demand Side: Agents
2.2.1 Node Control
2.2.2 Heterogeneity
2.2.3 Agents’ Risk Aversion
2.2.4 Action Space
2.2.5 Time
2.3 Supply Side: Insurers
2.3.1 Market Structure
2.3.2 Insurers’ Risk Aversion
2.3.3 Markup
2.3.4 Contract Design
2.3.5 Higher-Order Risk Transfer
2.4 Information Structure
2.4.1 Information Asymmetries in the Conventional Insurance Literature
2.4.2 Information Asymmetries Specific to Cyber-Insurance
2.4.3 Timing
2.5 Organizational Environment
2.5.1 Regulator
2.5.2 ICT Manufacturers
2.5.3 Network Intermediaries
2.5.4 Security Service Providers
3 Using the Framework for a Literature Survey
3.1 Market Models
3.1.1 Comparison Across Models
3.1.2 Discussion of Individual Models
3.2 Related Topics
4 Concluding Remarks

Modeling Cyber-Insurance

2010-08-03T15:07:24Z

Felix:

==Full Title of Reference==
Modeling Cyber-Insurance: Towards A Unified Framework

==Full Citation==

Rainer Bohme and Galina Schwartz, ''Modeling Cyber-Insurance: Towards A Unified Framework'', Workshop on the Economics of Information Security, Harvard University, Cambridge, MA (June 2010).
[http://www1.inf.tu-dresden.de/~rb21/publications/BS2010_Modeling_Cyber-Insurance_WEIS.pdf ''Web'']

[http://cyber.law.harvard.edu/cybersecurity/Special:Bibliography?f=wikibiblio.bib&title=Special:Bibliography&view=detailed&action=&keyword=Bohme+Schwartz:2010 ''BibTeX'']

==Categorization==
* Issues: [[Insurance]]; [[Incentives]]
* Approaches: [[Private Efforts/Organizations]]

==Key Words==
[[Keyword_Index_and_Glossary_of_Core_Ideas#Botnet | Botnet]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Disclosure_Policy | Disclosure Policy]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Honeypot | Honeypot]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Interdependencies | Interdependencies]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Phishing | Phishing]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Risk_Modeling | Risk Modeling]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#SPAM | SPAM]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Worm | Worm]]

==Synopsis==
The paper proposes a comprehensive formal framework to classify all market models of cyber-insurance we are aware of. The framework features a common terminology and deals with the specific properties of cyber-risk in a unified way: interdependent security, correlated risk, and information asymmetries. A survey of existing models, tabulated according to our framework, reveals a discrepancy between informal arguments in favor of cyber-insurance as a tool to align incentives for better network security, and analytical results questioning the viability of a market for cyber-insurance. Using our framework, we show which parameters should be considered and endogenized in future models to close this gap.

===A General Framework for Modeling Cyber-Insurance Markets===
The unifying framework proposed by the authors permits to classify the literature and identify areas that have not been covered by the existing models. Their objectives are to take stock, systematize in a common terminology, and give a structured account of a growing field with contributions spread over disperse communities. Ultimately, such a unifying framework should help navigate the literature and stimulates research that results in a more formal basis for policy recommendations involving cyber-risk reallocation.

In addition, the authors suggest that this framework can be used to partly standardize the exposition of cyber-insurance papers, thus simplifying the tasks of authors’ presentation and evaluation of the results by the research community. One key theme in designing such a framework is to identify factors specific to cyber-risk and cyber-insurance. This clarifies where novel contributions are needed.

The framework breaks the modeling decisions down to five key components:
*cnetwork environment,
* demand side,
* supply side,
* information structure,
* organizational environment.
Each component covers several model attributes, which imply specific modeling decisions. All attributes are discussed, including their common formalization, with particular emphasis on attributes that are specific to cyberrisk. For less cyber-specific attributes, references to the standard economic literature on indemnity insurance are provided.

The framework introduces a unified way of dealing with both interdependent security and correlated risk, two obstacles to the development of a cyber-insurance market that so far have been studied only separately. The remaining subsections of Sect. 2 describe the standard economic approach to insurance, augmented to cyber-risk where specific properties arise.

===Using the Framework for a Literature Survey, plus Concluding Remarks===
Section 3 applies the framework by classifying the relevant literature along the framework’s key components. The authors demonstrate the general usefulness of our framework and its suitability to ease comparisons between different models in a standardized terminology. The framework further permits to pinpoint the driving forces behind the results of models in the literature. Our hope is that this framework will serve as starting point for more systematic extensions in future work by both economists and security engineers.
General remarks on the state of the research field and possible directions are discussed in the concluding Section 4.

==Additional Notes and Highlights==
Expertise Requires: Economics - High

Outline:
1. Introduction
2. A General Framework for Modeling Cyber-Insurance Markets
2.1 Network Environment: Connected Nodes
2.1.1 Defense Function
2.1.2 Network Topology
2.1.3 Risk Arrival
2.1.4 Attacker Model
2.2 Demand Side: Agents
2.2.1 Node Control
2.2.2 Heterogeneity
2.2.3 Agents’ Risk Aversion
2.2.4 Action Space
2.2.5 Time
2.3 Supply Side: Insurers
2.3.1 Market Structure
2.3.2 Insurers’ Risk Aversion
2.3.3 Markup
2.3.4 Contract Design
2.3.5 Higher-Order Risk Transfer
2.4 Information Structure
2.4.1 Information Asymmetries in the Conventional Insurance Literature
2.4.2 Information Asymmetries Specific to Cyber-Insurance
2.4.3 Timing
2.5 Organizational Environment
2.5.1 Regulator
2.5.2 ICT Manufacturers
2.5.3 Network Intermediaries
2.5.4 Security Service Providers
3 Using the Framework for a Literature Survey
3.1 Market Models
3.1.1 Comparison Across Models
3.1.2 Discussion of Individual Models
3.2 Related Topics
4 Concluding Remarks

Modeling Cyber-Insurance

2010-08-03T14:48:38Z

Felix:

Approaches

2010-08-02T22:14:58Z

Felix:

''[[Table of Contents | TOC->]][[Approaches]]''

Anderson, Ross (2001) [[Why Information Security is Hard]]

Anderson, Ross and Moore, Tyler (2006) [[The Economics of Information Security]]

Anderson, Ross J. (2008) [[Security Engineering]]

Anderson, Ross, et. al (2008) [[Security Economics and the Internal Market]]

Aviram, Amitai and Tor, Avishalom (2004) [[Overcoming Impediments to Information Sharing]]

Barkham, Jason (2001) [[Information Warfare and International Law on the Use of Force]]

Beard, Jack M. (2009) [[Law and War in the Virtual Era]]

Bohme, Rainer and Kataria, Gaurav (2006) [[Models and Measures for Correlation in Cyber-Insurance]]

Brown, Davis (2006) [[A Proposal for an International Convention To Regulate the Use of Information Systems in Armed Conflict]]

Camp, L. Jean and Lewis, Stephen (2004) [[Economics of Information Security]]

Center for Strategic and International Studies (2008) [[Securing Cyberspace for the 44th Presidency]]

Clarke, Richard A. and Knake, Robert (2010) [[Cyber War]]

Clinton, Larry (Undated) [[Cyber-Insurance Metrics and Impact on Cyber-Security]]

Department of Commerce (2010) [[Defense Industrial Base Assessment]]

Department of Defense ''(2005)'' [[Strategy for Homeland Defense and Civil Support]]

Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]

Department of Defense Office of General Counsel (1999) [[An Assessment of International Legal Issues in Information Operations]]

Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]

Deputy Chief of Staff for Intelligence (2006) [[Critical Infrastructure Threats and Terrorism]]

Dörmann, Knut (2004) [[Applicability of the Additional Protocols to Computer Network Attacks]]

Epstein, Richard A. and Brown, Thomas P. (2008) [[Cybersecurity in the Payment Card Industry]]

Gandal, Neil (2008) [[An Introduction to Key Themes in the Economics of Cyber Security]]

Grady, Mark F. and Parisi, Francesco (2006) [[The Law and Economics of Cybersecurity]]

Granick, Jennifer Stisa (2005) [[The Price of Restricting Vulnerability Publications]]

Hollis, Duncan B. (2007) [[Why States Need an International Law for Information Operations]]

Johnson, Eric M. (2008) [[Managing Information Risk and the Economics of Security]]

Johnson, Vincent R. (2005) [[Cybersecurity, Identity Theft, and the Limits of Tort Liability]]

Kobayashi, Bruce H. (2006) [[An Economic Analysis of the Private and Social Costs of the Provision of Cybersecurity and Other Public Security Goods]]

Kramer, Franklin D., et. al (2009) [[Cyberpower and National Security]]

Lernard, Thomas M. and Rubin, Paul H. (2005) [[An Economic Analysis of Notification Requirements for Data Security Breaches]]

Lernard, Thomas M. and Rubin, Paul H. (2006) [[Much Ado About Notification]]

Moore, Tyler and Clayton, Richard (2007) [[Examining the Impact of Website Take-down on Phishing]]

Moore, Tyler and Clayton, Richard (2008) [[The Consequence of Non-Cooperation in the Fight Against Phishing]]

Moore, Tyler and Clayton, Richard (2009) [[The Impact of Incentives on Notice and Take-down]]

National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]

National Cyber Security Summit Task Force (2004) [[Information Security Governance]]

National Infrastructure Advisory Council (2004) [[Hardening The Internet]]

National Institute of Standards and Technology (2006) [[SP 800-82: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security]]

National Research Council (2007) [[Toward a Safer and More Secure Cyberspace]]

National Research Council (1999) [[Trust in Cyberspace]]

Nye, Joseph (2010) [[Cyber Power]]

Powell, Benjamin (2005) [[Is Cybersecurity a Public Good]]

Romanosky et al. (2008) [[Do Data Breach Disclosure Laws Reduce Identity Theft]]

Schmitt, Michael N. (1999) [[Computer Network Attack and the Use of Force in International Law]]

Schneier, Bruce (2003) [[Beyond Fear]]

Schneier, Bruce (2008) [[Schneier on Security]]

Schwartz, Paul and Janger, Edward (2007) [[Notification of Data Security Breaches]]

Swire, Peter P (2004) [[A Model for When Disclosure Helps Security]]

Swire, Peter P (2006) [[A Theory of Disclosure for Security and Competitive Reasons]]

Watts, Sean (2010) [[Combatant Status and Computer Network Attack]]

Zittrain, Jonathan L. (2008) [[The Future of the Internet and How To Stop It]]

'''''Subcategories:'''''
*''[[Approaches | Approaches->]][[Regulation/Liability]]''
*''[[Approaches | Approaches->]][[Private Efforts/Organizations]]''
*''[[Approaches | Approaches->]][[Government Organizations]]''
*''[[Approaches | Approaches->]][[International Cooperation]]''
*''[[Approaches | Approaches->]][[International Law (including Laws of War)]]''
*''[[Approaches | Approaches->]][[Deterrence]]''
*''[[Approaches | Approaches->]][[Technology]]''

''[[Table of Contents | Jump to Table of Contents]]''

Private Efforts/Organizations

2010-08-02T22:14:47Z

Felix:

''[[Table of Contents | TOC->]][[Approaches | Approaches->]][[Private Efforts/Organizations]]''

Bohme, Rainer and Kataria, Gaurav (2006) [[Models and Measures for Correlation in Cyber-Insurance]]

Clinton, Larry (Undated) [[Cyber-Insurance Metrics and Impact on Cyber-Security]]

Moore, Tyler and Clayton, Richard (2009) [[The Impact of Incentives on Notice and Take-down]]

National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]

National Cyber Security Summit Task Force (2004) [[Information Security Governance]]

National Infrastructure Advisory Council (2004) [[Hardening The Internet]]

National Institute of Standards and Technology (2006) [[SP 800-82: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security]]

White House (2009) [[Cyberspace Policy Review]]

*'''''Subcategories:''''' ''None''

''[[Table of Contents | Jump to Table of Contents]]''

Issues

2010-08-02T22:14:00Z

Felix:

''[[Table of Contents | TOC->]][[Issues]]''

Anderson, Ross (2001) [[Why Information Security is Hard]]

Anderson, Ross and Moore, Tyler (2006) [[The Economics of Information Security]]

Anderson, Ross J. (2008) [[Security Engineering]]

Anderson, Ross, et. al (2008) [[Security Economics and the Internal Market]]

Arora et al. (2006) [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure]]

Aviram, Amitai and Tor, Avishalom (2004) [[Overcoming Impediments to Information Sharing]]

Barkham, Jason (2001) [[Information Warfare and International Law on the Use of Force]]

Beard, Jack M. (2009) [[Law and War in the Virtual Era]]

Bohme, Rainer (2005) [[Cyber-Insurance Revisited]]

Bohme, Rainer and Kataria, Gaurav (2006) [[Models and Measures for Correlation in Cyber-Insurance]]

Bohme, Rainer and Schwartz, Galina ''(2010)'' [[Modeling Cyber-Insurance]]

Brown, Davis (2006) [[A Proposal for an International Convention To Regulate the Use of Information Systems in Armed Conflict]]

Camp, and L. Jean and Lewis, Stephen (2004) [[Economics of Information Security]]

Camp, L. Jean and Lewis, Stephen (2004) [[Economics of Information Security]]

Camp, L. Jean and Wolfram, Catherine (2004) [[Pricing Security]]

Center for Strategic and International Studies (2008) [[Securing Cyberspace for the 44th Presidency]]

Clarke, Richard A. and Knake, Robert (2010) [[Cyber War]]

Clinton, Larry (Undated) [[Cyber-Insurance Metrics and Impact on Cyber-Security]]

Computing Research Association (2003) [[Four Grand Challenges in Trustworthy Computing]]

Department of Commerce (2010) [[Defense Industrial Base Assessment]]

Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]

Department of Defense Office of General Counsel (1999) [[An Assessment of International Legal Issues in Information Operations]]

Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]

Deputy Chief of Staff for Intelligence ''(2006)'' [[Critical Infrastructure Threats and Terrorism]]

Dörmann, Knut (2004) [[Applicability of the Additional Protocols to Computer Network Attacks]]

Dunlap, Charles J. Jr. ''(2009)'' [[Towards a Cyberspace Legal Regime in the Twenty-First Century]]

Epstein, Richard A. and Brown, Thomas P. (2008) [[Cybersecurity in the Payment Card Industry]]

Energetics Inc. (2006) [[Roadmap to Secure Control Systems in the Energy Sector]]

Financial Services Sector Coordinating Council for Critical Infrastructure Protection (2008) [[Research Agenda for the Banking and Finance Sector]]

Franklin, Jason, et. al (2007) [[An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants]]

Gandal, Neil (2008) [[An Introduction to Key Themes in the Economics of Cyber Security]]

Grady, Mark F. and Parisi, Francesco (2006) [[The Law and Economics of Cybersecurity]]

Granick, Jennifer Stisa (2005) [[The Price of Restricting Vulnerability Publications]]

Hollis, Duncan B. (2007) [[Why States Need an International Law for Information Operations]]

Institute for Information Infrastructure Protection (2003) [[Cyber Security Research and Development Agenda]]

Johnson, Eric M. (2008) [[Managing Information Risk and the Economics of Security]]

Johnson, Vincent R. (2005) [[Cybersecurity, Identity Theft, and the Limits of Tort Liability]]

Kobayashi, Bruce H. (2006) [[An Economic Analysis of the Private and Social Costs of the Provision of Cybersecurity and Other Public Security Goods]]

Korns, Stephen W. ''(2009)'' [[Cyber Operations]]

Kramer, Franklin D., et. al (2009) [[Cyberpower and National Security]]

Lernard, Thomas M. and Rubin, Paul H. (2005) [[An Economic Analysis of Notification Requirements for Data Security Breaches]]

Lernard, Thomas M. and Rubin, Paul H. (2006) [[Much Ado About Notification]]

McAfee, Inc. (2010) [[McAfee Threats Report]]

Moore, Tyler and Clayton, Richard (2007) [[Examining the Impact of Website Take-down on Phishing]]

Moore, Tyler and Clayton, Richard (2008) [[The Consequence of Non-Cooperation in the Fight Against Phishing]]

Moore, Tyler and Clayton, Richard (2009) [[The Impact of Incentives on Notice and Take-down]]

Moore, Tyler, et. al (2009) [[The Economics of Online Crime]]

National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]

National Cyber Security Summit Task Force (2004) [[Information Security Governance]]

National Infrastructure Advisory Council (2004) [[Hardening The Internet]]

National Institute of Standards and Technology (2006) [[SP 800-82: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security]]

National Research Council (2007) [[Toward a Safer and More Secure Cyberspace]]

National Research Council (1999) [[Trust in Cyberspace]]

Nye, Joseph (2010) [[Cyber Power]]

Powell, Benjamin (2005) [[Is Cybersecurity a Public Good]]

Romanosky et al. (2008) [[Do Data Breach Disclosure Laws Reduce Identity Theft]]

Rotenberg et. al ''(2010)'' [[The Cyber War Threat Has Been Grossly Exaggerated]]

Schmit, Michael N., et. al ''(2004)'' [[Computers and War]]

Schmitt, Michael N. (1999) [[Computer Network Attack and the Use of Force in International Law]]

Schmitt, Michael N. (2002) [[Wired Warfare]]

Schneier, Bruce (2003) [[Beyond Fear]]

Schneier, Bruce (2008) [[Schneier on Security]]

Schwartz, Paul and Janger, Edward (2007) [[Notification of Data Security Breaches]]

Sklerov, Matthew J. ''(2009)'' [[Solving the Dilemma of State Responses to Cyberattacks]]

Swire, Peter P (2004) [[A Model for When Disclosure Helps Security]]

Swire, Peter P (2006) [[A Theory of Disclosure for Security and Competitive Reasons]]

Symantec Corporation (2010) [[Symantec Global Internet Security Threat Report]]

Telang, Rahul and Wattal, Sunil (2007) [[Impact of Software Vulnerability Announcements on the Market Value of Software Vendors]]

Thomas, Rob and Martin, Jerry (2006) [[The Underground Economy]]

Todd, Graham H. ''(2009)'' [[Armed Attack in Cyberspace]]

Trend Micro Incorporated (2010) [[Trend Micro Annual Report]]

van Eeten, Michel J. G. and Bauer, Johannes M. (2008) [[Economics of Malware]]

Varian, Hal (2004) [[System Reliability and Free Riding]]

Watts, Sean (2010) [[Combatant Status and Computer Network Attack]]

Zittrain, Jonathan L. (2008) [[The Future of the Internet and How To Stop It]]

'''''Subcategories:'''''
*''[[Issues | Issues->]][[Metrics]]''
*''[[Issues | Issues->]][[Economics of Cybersecurity | Economics of Cybersecurity->]][[Risk Management and Investment]]''
*''[[Issues | Issues->]][[Economics of Cybersecurity | Economics of Cybersecurity->]][[Incentives]]''
*''[[Issues | Issues->]][[Economics of Cybersecurity | Economics of Cybersecurity->]][[Insurance]]''
*''[[Issues | Issues->]][[Economics of Cybersecurity | Economics of Cybersecurity->]][[Behavioral Economics]]''
*''[[Issues | Issues->]][[Economics of Cybersecurity | Economics of Cybersecurity->]][[Market Failure]]''
*''[[Issues | Issues->]][[Supply Chain Issues]]''
*''[[Issues | Issues->]][[Usability/Human Factors]]''
*''[[Issues | Issues->]][[Psychology and Politics]]''
*''[[Issues | Issues->]][[Information Sharing/Disclosure]]''
*''[[Issues | Issues->]][[Public-Private Cooperation]]''
*''[[Issues | Issues->]][[Attribution]]''
*''[[Issues | Issues->]][[Identity Management]]''
*''[[Issues | Issues->]][[Privacy]]''
*''[[Issues | Issues->]][[Cybercrime]]''
*''[[Issues | Issues->]][[Cyberwar]]''
*''[[Issues | Issues->]][[Espionage | Espionage->]][[Government to Government]]''
*''[[Issues | Issues->]][[Espionage | Espionage->]][[Industrial]]''
*''[[Issues | Issues->]][[Espionage | Espionage->]][[Media Perceptions]]''

''[[Table of Contents| Jump to Table of Contents]]''

Issues

2010-08-02T22:13:37Z

Felix:

''[[Table of Contents | TOC->]][[Issues]]''

Anderson, Ross (2001) [[Why Information Security is Hard]]

Anderson, Ross and Moore, Tyler (2006) [[The Economics of Information Security]]

Anderson, Ross J. (2008) [[Security Engineering]]

Anderson, Ross, et. al (2008) [[Security Economics and the Internal Market]]

Arora et al. (2006) [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure]]

Aviram, Amitai and Tor, Avishalom (2004) [[Overcoming Impediments to Information Sharing]]

Barkham, Jason (2001) [[Information Warfare and International Law on the Use of Force]]

Beard, Jack M. (2009) [[Law and War in the Virtual Era]]

Bohme, Rainer ''(2005)'' [[Cyber-Insurance Revisited]]

Bohme, Rainer and Kataria, Gaurav (2006) [[Models and Measures for Correlation in Cyber-Insurance]]

Bohme, Rainer and Schwartz, Galina ''(2010)'' [[Modeling Cyber-Insurance]]

Brown, Davis (2006) [[A Proposal for an International Convention To Regulate the Use of Information Systems in Armed Conflict]]

Camp, and L. Jean and Lewis, Stephen (2004) [[Economics of Information Security]]

Camp, L. Jean and Lewis, Stephen (2004) [[Economics of Information Security]]

Camp, L. Jean and Wolfram, Catherine (2004) [[Pricing Security]]

Center for Strategic and International Studies (2008) [[Securing Cyberspace for the 44th Presidency]]

Clarke, Richard A. and Knake, Robert (2010) [[Cyber War]]

Clinton, Larry (Undated) [[Cyber-Insurance Metrics and Impact on Cyber-Security]]

Computing Research Association (2003) [[Four Grand Challenges in Trustworthy Computing]]

Department of Commerce (2010) [[Defense Industrial Base Assessment]]

Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]

Department of Defense Office of General Counsel (1999) [[An Assessment of International Legal Issues in Information Operations]]

Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]

Deputy Chief of Staff for Intelligence ''(2006)'' [[Critical Infrastructure Threats and Terrorism]]

Dörmann, Knut (2004) [[Applicability of the Additional Protocols to Computer Network Attacks]]

Dunlap, Charles J. Jr. ''(2009)'' [[Towards a Cyberspace Legal Regime in the Twenty-First Century]]

Epstein, Richard A. and Brown, Thomas P. (2008) [[Cybersecurity in the Payment Card Industry]]

Energetics Inc. (2006) [[Roadmap to Secure Control Systems in the Energy Sector]]

Financial Services Sector Coordinating Council for Critical Infrastructure Protection (2008) [[Research Agenda for the Banking and Finance Sector]]

Franklin, Jason, et. al (2007) [[An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants]]

Gandal, Neil (2008) [[An Introduction to Key Themes in the Economics of Cyber Security]]

Grady, Mark F. and Parisi, Francesco (2006) [[The Law and Economics of Cybersecurity]]

Granick, Jennifer Stisa (2005) [[The Price of Restricting Vulnerability Publications]]

Hollis, Duncan B. (2007) [[Why States Need an International Law for Information Operations]]

Institute for Information Infrastructure Protection (2003) [[Cyber Security Research and Development Agenda]]

Johnson, Eric M. (2008) [[Managing Information Risk and the Economics of Security]]

Johnson, Vincent R. (2005) [[Cybersecurity, Identity Theft, and the Limits of Tort Liability]]

Kobayashi, Bruce H. (2006) [[An Economic Analysis of the Private and Social Costs of the Provision of Cybersecurity and Other Public Security Goods]]

Korns, Stephen W. ''(2009)'' [[Cyber Operations]]

Kramer, Franklin D., et. al (2009) [[Cyberpower and National Security]]

Lernard, Thomas M. and Rubin, Paul H. (2005) [[An Economic Analysis of Notification Requirements for Data Security Breaches]]

Lernard, Thomas M. and Rubin, Paul H. (2006) [[Much Ado About Notification]]

McAfee, Inc. (2010) [[McAfee Threats Report]]

Moore, Tyler and Clayton, Richard (2007) [[Examining the Impact of Website Take-down on Phishing]]

Moore, Tyler and Clayton, Richard (2008) [[The Consequence of Non-Cooperation in the Fight Against Phishing]]

Moore, Tyler and Clayton, Richard (2009) [[The Impact of Incentives on Notice and Take-down]]

Moore, Tyler, et. al (2009) [[The Economics of Online Crime]]

National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]

National Cyber Security Summit Task Force (2004) [[Information Security Governance]]

National Infrastructure Advisory Council (2004) [[Hardening The Internet]]

National Institute of Standards and Technology (2006) [[SP 800-82: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security]]

National Research Council (2007) [[Toward a Safer and More Secure Cyberspace]]

National Research Council (1999) [[Trust in Cyberspace]]

Nye, Joseph (2010) [[Cyber Power]]

Powell, Benjamin (2005) [[Is Cybersecurity a Public Good]]

Romanosky et al. (2008) [[Do Data Breach Disclosure Laws Reduce Identity Theft]]

Rotenberg et. al ''(2010)'' [[The Cyber War Threat Has Been Grossly Exaggerated]]

Schmit, Michael N., et. al ''(2004)'' [[Computers and War]]

Schmitt, Michael N. (1999) [[Computer Network Attack and the Use of Force in International Law]]

Schmitt, Michael N. (2002) [[Wired Warfare]]

Schneier, Bruce (2003) [[Beyond Fear]]

Schneier, Bruce (2008) [[Schneier on Security]]

Schwartz, Paul and Janger, Edward (2007) [[Notification of Data Security Breaches]]

Sklerov, Matthew J. ''(2009)'' [[Solving the Dilemma of State Responses to Cyberattacks]]

Swire, Peter P (2004) [[A Model for When Disclosure Helps Security]]

Swire, Peter P (2006) [[A Theory of Disclosure for Security and Competitive Reasons]]

Symantec Corporation (2010) [[Symantec Global Internet Security Threat Report]]

Telang, Rahul and Wattal, Sunil (2007) [[Impact of Software Vulnerability Announcements on the Market Value of Software Vendors]]

Thomas, Rob and Martin, Jerry (2006) [[The Underground Economy]]

Todd, Graham H. ''(2009)'' [[Armed Attack in Cyberspace]]

Trend Micro Incorporated (2010) [[Trend Micro Annual Report]]

van Eeten, Michel J. G. and Bauer, Johannes M. (2008) [[Economics of Malware]]

Varian, Hal (2004) [[System Reliability and Free Riding]]

Watts, Sean (2010) [[Combatant Status and Computer Network Attack]]

Zittrain, Jonathan L. (2008) [[The Future of the Internet and How To Stop It]]

'''''Subcategories:'''''
*''[[Issues | Issues->]][[Metrics]]''
*''[[Issues | Issues->]][[Economics of Cybersecurity | Economics of Cybersecurity->]][[Risk Management and Investment]]''
*''[[Issues | Issues->]][[Economics of Cybersecurity | Economics of Cybersecurity->]][[Incentives]]''
*''[[Issues | Issues->]][[Economics of Cybersecurity | Economics of Cybersecurity->]][[Insurance]]''
*''[[Issues | Issues->]][[Economics of Cybersecurity | Economics of Cybersecurity->]][[Behavioral Economics]]''
*''[[Issues | Issues->]][[Economics of Cybersecurity | Economics of Cybersecurity->]][[Market Failure]]''
*''[[Issues | Issues->]][[Supply Chain Issues]]''
*''[[Issues | Issues->]][[Usability/Human Factors]]''
*''[[Issues | Issues->]][[Psychology and Politics]]''
*''[[Issues | Issues->]][[Information Sharing/Disclosure]]''
*''[[Issues | Issues->]][[Public-Private Cooperation]]''
*''[[Issues | Issues->]][[Attribution]]''
*''[[Issues | Issues->]][[Identity Management]]''
*''[[Issues | Issues->]][[Privacy]]''
*''[[Issues | Issues->]][[Cybercrime]]''
*''[[Issues | Issues->]][[Cyberwar]]''
*''[[Issues | Issues->]][[Espionage | Espionage->]][[Government to Government]]''
*''[[Issues | Issues->]][[Espionage | Espionage->]][[Industrial]]''
*''[[Issues | Issues->]][[Espionage | Espionage->]][[Media Perceptions]]''

''[[Table of Contents| Jump to Table of Contents]]''

Economics of Cybersecurity

2010-08-02T22:12:22Z

Felix:

''[[Table of Contents | TOC->]][[Issues | Issues->]][[Economics of Cybersecurity]]''

Anderson, Ross (2001) [[Why Information Security is Hard]]

Anderson, Ross and Moore, Tyler (2006) [[The Economics of Information Security]]

Anderson, Ross J. (2008) [[Security Engineering]]

Arora et al. (2006) [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure]]

Aviram, Amitai and Tor, Avishalom (2004) [[Overcoming Impediments to Information Sharing]]

Bohme, Rainer (2005) [[Cyber-Insurance Revisited]]

Bohme, Rainer and Kataria, Gaurav (2006) [[Models and Measures for Correlation in Cyber-Insurance]]

Bohme, Rainer and Schwartz, Galina ''(2010)'' [[Modeling Cyber-Insurance]]

Camp, and L. Jean and Lewis, Stephen (2004) [[Economics of Information Security]]

Camp, L. Jean and Wolfram, Catherine (2004) [[Pricing Security]]

Clinton, Larry (Undated) [[Cyber-Insurance Metrics and Impact on Cyber-Security]]

Computing Research Association (2003) [[Four Grand Challenges in Trustworthy Computing]]

Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]

Financial Services Sector Coordinating Council for Critical Infrastructure Protection (2008) [[Research Agenda for the Banking and Finance Sector]]

Franklin, Jason, et. al (2007) [[An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants]]

Gandal, Neil (2008) [[An Introduction to Key Themes in the Economics of Cyber Security]]

Grady, Mark F. and Parisi, Francesco (2006) [[The Law and Economics of Cybersecurity]]

Institute for Information Infrastructure Protection (2003) [[Cyber Security Research and Development Agenda]]

Johnson, Eric M. (2008) [[Managing Information Risk and the Economics of Security]]

Johnson, Vincent R. (2005) [[Cybersecurity, Identity Theft, and the Limits of Tort Liability]]

Kobayashi, Bruce H. (2006) [[An Economic Analysis of the Private and Social Costs of the Provision of Cybersecurity and Other Public Security Goods]]

Lernard, Thomas M. and Rubin, Paul H. (2005) [[An Economic Analysis of Notification Requirements for Data Security Breaches]]

Moore, Tyler and Clayton, Richard (2009) [[The Impact of Incentives on Notice and Take-down]]

Moore, Tyler, et. al (2009) [[The Economics of Online Crime]]

National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]

National Institute of Standards and Technology (2006) [[SP 800-82: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security]]

National Research Council (2007) [[Toward a Safer and More Secure Cyberspace]]

National Research Council (1999) [[Trust in Cyberspace]]

Powell, Benjamin (2005) [[Is Cybersecurity a Public Good]]

Romanosky et al. (2008) [[Do Data Breach Disclosure Laws Reduce Identity Theft]]

Schwartz, Paul and Janger, Edward (2007) [[Notification of Data Security Breaches]]

Swire, Peter P (2004) [[A Model for When Disclosure Helps Security]]

Swire, Peter P (2006) [[A Theory of Disclosure for Security and Competitive Reasons]]

Symantec Corporation (2010) [[Symantec Global Internet Security Threat Report]]

Telang, Rahul and Wattal, Sunil (2007) [[Impact of Software Vulnerability Announcements on the Market Value of Software Vendors]]

van Eeten, Michel J. G. and Bauer, Johannes M. (2008) [[Economics of Malware]]

Varian, Hal (2000) [[Managing Online Security Risks]]

Varian, Hal (2004) [[System Reliability and Free Riding]]

'''''Subcategories:'''''
*''[[Economics of Cybersecurity | Economics of Cybersecurity->]][[Risk Management and Investment]]''
*''[[Economics of Cybersecurity | Economics of Cybersecurity->]][[Incentives]]''
*''[[Economics of Cybersecurity | Economics of Cybersecurity->]][[Insurance]]''
*''[[Economics of Cybersecurity | Economics of Cybersecurity->]][[Behavioral Economics]]''
*''[[Economics of Cybersecurity | Economics of Cybersecurity->]][[Market Failure]]''

''[[Table of Contents| Jump to Table of Contents]]''

Insurance

2010-08-02T22:12:09Z

Felix:

''[[Table of Contents | TOC->]][[Issues | Issues->]][[Economics of Cybersecurity | Economics of Cybersecurity->]][[Insurance]]''

Anderson, Ross and Moore, Tyler (2006) [[The Economics of Information Security]]

Clinton, Larry (Undated) [[Cyber-Insurance Metrics and Impact on Cyber-Security]]

Bohme, Rainer (2005) [[Cyber-Insurance Revisited]]

Bohme, Rainer and Kataria, Gaurav (2006) [[Models and Measures for Correlation in Cyber-Insurance]]

Bohme, Rainer and Schwartz, Galina ''(2010)'' [[Modeling Cyber-Insurance]]

Johnson, Eric M. (2008) [[Managing Information Risk and the Economics of Security]]

*'''''Subcategories:''''' ''None''

''[[Table of Contents| Jump to Table of Contents]]''

Cyber-Insurance Metrics and Impact on Cyber-Security

2010-08-02T22:11:41Z

Felix: /* Key Words */

==Full Title of Reference==
Cyber-Insurance Metrics and Impact on Cyber-Security

==Full Citation==

Larry Clinton, ''Cyber-Insurance Metrics and Impact on Cyber-Security'', Internet Security Alliance (undated). [http://www.whitehouse.gov/files/documents/cyber/ISA%20-%20Cyber-Insurance%20Metrics%20and%20Impact%20on%20Cyber-Security.pdf ''Web'']

[http://cyber.law.harvard.edu/cybersecurity/Special:Bibliography?f=wikibiblio.bib&title=Special:Bibliography&view=detailed&action=&keyword=Clinton_L ''BibTeX'']

==Categorization==

* Issues: [[Insurance]]
* Approaches: [[Private Efforts/Organizations]]

==Key Words==
[[Keyword_Index_and_Glossary_of_Core_Ideas#Disclosure_Policy | Disclosure Policy]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Information_Asymmetries | Information Asymmetries]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Interdependencies | Interdependencies]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Risk_Modeling | Risk Modeling]]

==Synopsis==
This article analyzes the benefits of cyberinsurance over government regulation and discusses problems in the current cyberinsurance market, and suggests a role for government in encouraging data sharing of risk information and providing safe harbors.

===Overview to Cyber-Insurance===
Cyber-insurance is defined as an insurance product used to protect businesses from Internet-based risks, and more generally from risks relating to information technology infrastructure and activities.
The paper goes on to describe the benefits of cyber-insurance. Basically, Cyber-insurance increases cyber-security by encouraging the adoption of best practices. Insurers will require a level of security as a precondition of coverage, and companies adopting better security practices often receive lower insurance rates. This helps companies to internalize both the benefits of good security and the costs of poor security, which in turn leads to greater investment and improvements in cyber-security.
The author then argues that cyber-insurance has a number of advantages over governmental regulation as a means for improving cyber-security, but also outlines that the market for cyber-insurance is adversely affected by a number of problems that he identifies, such as a cyber-hurricane‟ – a major disaster
resulting in great number of claims.

===Legislative Solutions===
According to the author, given the public policy benefits that come with widespread adoption of cyber-insurance and the current obstacles to the widespread creation and adoption of cyber-insurance, the federal government should act in order to help counteract the current market failure in the cyber-insurance market. The federal government has a number of measures at its disposal that it may use to improve the market for cyber-insurance, and by doing so help shore up domestic and international cyber-security:

* '''Federal Purchasing Power''': The federal government can promote the use of cyber-insurance with its strong position in the marketplace, by requiring government contractors and sub-contractors to carry cyber-insurance.

* '''Cyber Safety Act''': The federal government can promote cyber-security efforts by creating a Cyber
Safety Act that provides safe harbors or other limitations on cyber-security liability, contingent on reasonable efforts to conform to best practices.

* '''Encourage Information-Sharing''': The federal government can promote the sharing of cyber-security information by establishing an antitrust exemption to allow insurers to pool data on vulnerabilities and attacks.

* '''Federal Government as a Reinsurer''': The federal government can increase the supply of cyber-insurance by providing reinsurance to cyber-insurance companies for a limited time.

===Standards of Due Care for Network Security Risk===
Clinton says that the insurance industry is in a uniquely motivated to understand and communicate to its insureds what are the standards of due care appropriate for the management of network security. The reason for this is simple. Only the insurance industry has "skin in the game". That is to say, in the event of a loss it is the insurance company that will pay, excess of any self-insured retention, any damages to third parties as well as reimburse the policyholder for any loss of business and additional expense associated with the event.

===Recommendations===

* Require government contractors to carry cyber-insurance. Doing this would improve cyber-security among government contractors, with a chance that private industry would adopt a similar requirement, resulting in high cyber-insurance coverage rates and a corresponding increase in cyber-security generally. The regulatory burden of added by such a requirement would be minimal, and the cost to the taxpayer would most likely be low.
* Create a Cyber Safety Act that provides safe harbors or other limitations on cyber-security liability, contingent on reasonable efforts to conform to best practices.
* Establish an antitrust exemption to promote the sharing of information and data relating to cyber-security. This actuarial data would allow the risks and benefits of a particular cyber-insurance policy to be calculated more accurately, allowing insurers to charge lower premiums and allowing and making cyber-insurance more attractive to risk managers. There would be no associated cost to the taxpayer.
* Consider a measure aimed at reducing the fear of a "cyber-hurricane‟ among insurers. The two best options for doing so are providing backstop reinsurance for cyber-insurers, and offering a tax deduction encouraging insurers to increase the capital reserves used to pay out cyber-insurance claims.

==Additional Notes and Highlights==
Expertise Required: Economics - Low; Law - Low

Outline:
Overview to Cyber-Insurance
What is Cyber-Insurance?
The Benefits of Cyber-Insurance
Advantages over Governmental Regulation
Problems with the Market for Cyber-Insurance
Legislative Solutions
Federal Purchasing Power
Cyber Safety Act
Encourage Information-Sharing
Federal Government as a Reinsurer
Insurance Underwriting
Standards of Due Care for Network Security Risk
General risk of exposure based on company industry and size and business activities
Loss History, Years in Business and Financial Condition
Third Party Exposure and Outsourcing
Network security quality
Recommendations

Keyword Index and Glossary of Core Ideas

2010-08-02T22:10:41Z

Felix: /* Risk Modeling */

==Keyword Index and Glossary of Core Ideas==

===Air-Gapped Network===
Air gapping is a security measure that isolates a secure network from unsecure networks physically, electrically and electromagnetically.

See also: [[Keyword_Index_and_Glossary_of_Core_Ideas#Sneakernet | Sneakernet]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Antivirus===
Software which attempts to identify and delete or isolate [[#Malware |malware]]. Antivirus software may use both a database containing signatures of known threats and heuristics to identify malware. Usually run as a background service to scan files and email copied to the protected system.

References:
* [[Security_Engineering | Anderson]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Best Practices===

The processes, practices, and systems identified in public and private organizations that performed exceptionally well and are widely recognized as improving an organization's performance and efficiency in specific areas. Successfully identifying and applying best practices can reduce business expenses and improve organizational efficiency. [http://www.gao.gov/special.pubs/bprag/bprgloss.htm GAO Glossary]

* [[Hardening_The_Internet | National Infrastructure Advisory Council]]

===Black Hat===
A black hat is a computer [[#Hacker | hacker]] who works to harm others (e.g., steal identities, spread computer viruses, install bot software).

See also: [[#White_Hat | White Hat]]

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Blacklist===
A list of computers, IP addresses, user names or other identifiers to block from access to a computing resource.

See also: [[#Whitelist | Whitelist]]

References:
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Botnet===
A portmanteau of "robot" and "network." Refers to networks of sometimes millions of infected machines that are remotely controlled by malicious actors. A single infected computer may be referred to as a zombie computer. The owners of the computer remotely controlled is often unaware of the infection. The owners of a botnet may use the combined network processing power and bandwidth to send [[#SPAM | SPAM]], install [[#Malware | malware]] and mount [[#DDoS_Attack | DDoS attacks]] or may rent out the botnet to other malicious actors.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Power | Nye]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Schneier_on_Security | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===''Casus Belli''===
The justification for going to war. From the Latin "''casus''" meaning "incident" or "event" and "''belli''" meaning "of war."

References:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Wired_Warfare | Schmitt]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Civilian Participation===
The involvement of non-military persons in warfare. While civilians have often provided support to the military in kinetic wars, in [[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Warfare | cyber warfare]] civilians are able to remotely participate in direct attacks against opponents. This raises complicated questions of law when the combatants are not uniformed military personnel.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Combatant Status===
The legal status of combatants in warfare. Existing law distinguishes between uniformed military and civilian status.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Emergency Response Team===
A group of experts brought together to deal with computer security issues. The Computer Emergency Response Team (CERT) mandate is to develop and promote best management practices and technology applications to “resist attacks on networked systems, to limit damage, and to ensure continuity of critical services.” (Software Engineering Institute 2008). CERT may be formed by governments to handle security at the national level or by academic institutions or individual corporations.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Network Attack===
Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves. [http://www.fas.org/irp/doddir/dod/jp3_13.pdf Joint Doctrine for Information Operations JP 3-13 at I-9 (1998)]

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Information_Security | GAO]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Computers_and_War | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Communications Privacy Law===
Laws which regulate access to electronic communications. In the United States, the [http://www.usiia.org/legis/ecpa.html Electronic Communications Privacy Act (ECPA]) protects electronic communications while in transit and prohibits the unlawful access and disclosure of communication contents.

References:
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[Cybersecurity:_Preventing_Terrorist_Attacks_and_Protecting_Privacy_in_Cyberspace | Nojeim]]
* [[Cyber_Power | Nye]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===COTS Software===
Commercial Off The Shelf Software. Software that is prepackaged and sold as a commodity rather than custom written for a specific user/organization or purpose. Examples include operating systems, database management programs, email servers, application servers and office product suites. [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD at 18.]]

References:
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Trust in Cyberspace | National Research Council]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Credit Card Fraud===
Theft of goods or services using false or stolen credit card information.

See Also: [[#Shoulder_Surfing | Shoulder Surfing]]

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Crimeware===
Software tools designed to aid criminals in perpetrating online crime. Refers only to programs not generally considered desirable or usable for ordinary tasks. Thus, while a criminal may use Internet Explorer in the commission of a [[#Cyber_Crime | cybercrime]], the Internet Explorer application itself would not be considered crimeware.

References:
* [[2007_Malware_Report |Computer Economics]]
* [[Cybersecurity | Bauer and van Eeten]], [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Crime===
In its broadest definition, cybercrime includes all crime perpetrated with or involving a computer. Symantec defines it as any crime that is committed using a computer or network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime. The crime may take place on the computer alone or in addition to other locations. [http://www.symantec.com/norton/cybercrime/definition.jsp Symantec]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as an Externality===
Economists define externalities as instances where an individual or firm’s actions have
economic consequences for others for which there is no compensation. One important
distinction is between positive and negative externalities. Instances of the latter are most
commonly discussed, such as the environmental pollution caused by a plant, which may
have impacts on the value of neighboring homes. Important examples of positive
externalities are so common in communications networks that there is a class of "network
externalities. For instance, the simple act of installing telephone service to one additional
customer creates positive externalities on everyone on the telephone network because
they can now each reach one additional person.
Several attributes of computer security suggest that it is an externality. Most importantly,
the lack of security on one machine can cause adverse effects on another. The most
obvious example of this is from electronic commerce, where credit card numbers stolen
from machines lacking security are used to commit fraud at other sites.

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Pricing_Security | Camp and Wolfram]], [[Economics_of_Information_Security | 2]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as a Public Good===
In economics, a public good is a good that is non-rivalrous and non-excludable. Non-rivalry means that consumption of the good by one individual does not reduce availability of the good for consumption by others; and non-excludability that no one can be effectively excluded from using the good.

References:
* [[Security_Engineering | Anderson]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Terrorism===
A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. [http://judiciary.senate.gov/hearings/testimony.cfm?id=1054&wit_id=2995 FBI]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Beyond_Fear | Schneier]]
* [[The_Evolving_Landscape_of_Maritime_Cybersecurity | Shah]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Warfare===
Actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption. [[Cyber_War | Clarke]]

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_War | Clarke]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks#Full_Citation | Cornish]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Global_Cyber_Deterrence | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Data Mining===
The process of extracting hidden information and correlations from one or more databases or collections of data that would not normally be revealed by a simple database query.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy#Synopsis | Besunder]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Schneier on Security | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Department of Homeland Security===
Cabinet level department of the United States assigned, ''inter alia'', the task of protecting against terrorist threats and helping state and local authorities prepare for, respond to and recover from domestic disasters.

References:
* [[Cyber_War | Clarke]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Information_Security | GAO]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]], [[Schneier on Security | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===DDoS Attack===
The disabling of a targeted website or Internet connection by flooding it with such high levels of Internet traffic that it can no longer respond to normal connection requests. Often mounted by directing an army of zombie computers (see [[#Botnet | botnet]]) to connect to the targeted site simultaneously. The targeted site may crash while trying to respond to an overwhelming number of connections requests or it may be disabled because all available bandwidth and/or computing resources are tied up responding to the attack requests.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin. et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Digital Pearl Harbor===
A cyberwarfare attack similar in scale and surprise to the 1941 attack on Pearl Harbor. The expression is often invoked by those who argue that a cyber-based attack is either imminent or inevitable and that by not being properly prepared, the United States will suffer significant and unnecessary losses.

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Disclosure Policy===
A policy that governs the disclosure to clients and other stakeholder by a provider of a computer program or system of defects discovered in those products.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Schneier on Security | Schneier]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Distributed Denial of Service (DDoS)===
See: [[#DDoS_Attack | DDoS Attack]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Dumpster Diving===
A method of obtaining proprietary, confidential or useful information by searching through trash discarded by a target.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Einstein===
The operational name of the National Cybersecurity Protection System (NCPS). Was created in 2003 by the United States Computer Emergency Readiness Team (US-CERT)14 in order to aid in its ability to help reduce and prevent computer network vulnerabilities across the federal government. The initial version of Einstein provided an automated process for collecting, correlating, and analyzing agencies’ computer network traffic information from sensors installed at their Internet connections. The Einstein sensors collected
network flow records at participating agencies, which were then analyzed by US-CERT to detect certain types of malicious activity.

References:
* [[Information_Security | GAO]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===E.U. Cybersecurity===
Discussions relating to cybersecurity of the European Union and of European Union states.

References:
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Introduction_to_Country_Reports | ENISA]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Generativity===
Generativity is a system’s capacity to produce unanticipated change through unﬁltered contributions from broad and varied audiences.

References:

*[[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Geneva Conventions===
Four treaties and three additional protocols that regulates the conduct of hostilities between states and set the standards for humanitarian treatment of the victims of war.

See also: [[#Laws_of_War | Laws of War]]

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacker===
Advanced computer users who spend a lot of time on or with computers and work hard to find vulnerabilities in IT systems. [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]

References:
* [[Security_Engineering | Anderson]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[McAfee Threats Report | McAfee]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivism===
The nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development. [http://www.alexandrasamuel.com/dissertation/index.html Samuel, A.]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivist===
A portmanteau of [[#Hacker | "hacker"]] and "activist." Individuals that have a political motive for their activities, and identify that motivation by their actions, such as defacing opponents’ websites with counter-information or disinformation.

See also: [[#Hacktivism | Hacktivism]]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[McAfee Threats Report | McAfee]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Honeypot===
A computer, network or other information technology resource set as a trap to attract attacks. Honeypots may be used to collect metrics (how long does it take for an unprotected system to be breached), to test defenses, to examine methods of attack or to catch attackers. A honeypot system may also be used to collect [[#SPAM | SPAM]] so it can be added to a [[#Blacklist | blacklist]].

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Identity Fraud/Theft===
The exploitation by malevolent third parties of unwarranted access to clients' or consumers' identities. Often the result of lax data security or privacy measures.

References:
* [[Security_Engineering | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[2007_Malware_Report | Computer Economics]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Asymmetries===
Information asymmetry deals with the study of decisions in transactions where one party has more or better information than the other. This creates an imbalance of power in transactions which can sometimes cause the transactions to go awry.

The software market suffers from the same information asymmetry. Vendors may make claims about the security of their products, but buyers have no reason to trust them. In many cases, even the vendor does not know how secure its software is. So buyers have no reason to pay more for protection, and vendors are disinclined to invest in it.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Cyber_War | Clarke]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Wired_Warfare | Schmitt]]
* [[Schneier on Security | Schneier]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Intelligence Infrastructure/Information Infrastructure===
The network of computers and communication lines underlying critical services that American society has come to depend on: financial systems, the power grid, transportation, emergency services, and government programs. Information infrastructure includes the Internet, telecommunications networks, “embedded” systems (the built-in microprocessors that control machines from microwaves to missiles), and “dedicated” devices like individual personal computers. [http://www.cfr.org/publication/10212/targets_for_terrorism.html Council on Foreign Relations]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Cyber_Power | Nye]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Operations===
Actions taken to affect adversary information and information systems while defending one’s own information and information systems.” Information Operations (IO) can occur during peacetime and at every level of warfare.
Information warfare (IW), by contrast, is IO “conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries” [Joint Chiefs of Staff, Department of Defense, Dictionary of Military and Associated Terms, Joint Publication]

References:
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Interdependencies===
The inter-connections between supposedly independent but often interdependent systems.

See also: [[#SCADA_Systems | SCADA Systems]]

References:
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Cyber-Insurance_Revisited | Bohme]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Trust in Cyberspace | National Research Council]]
* [[Cybersecurity_and_Economic_Incentives | OECD]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | Schmitt]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===International Humanitarian Law===
That part of international law which seek, for humanitarian reasons, to limit the effects of armed conflict. It protects persons who are not or are no longer participating in the hostilities and restricts the means and methods of warfare. International humanitarian law is also known as the law of war or the law of armed conflict. International law is the body of rules governing relations between States. It is contained in agreements between States (treaties or conventions), in customary rules, which consist of State practise considered by them as as legally binding, and in general principles. [http://www.icrc.org/web/eng/siteeng0.nsf/html/humanitarian-law-factsheet ICRC]

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Relay Chat (IRC)===
A method of real-time Internet communication often used by criminals to buy and sell purloined information such as credit card numbers and personal identity information. IRC chatrooms may be open or private.

References:
* [[Security_Engineering | Anderson]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Service Providers===
A company that offers access to the Internet. Internet Service Providers may also provide add-on services such as web hosting, electronic mail, virus scanning, SPAM filtering, etc.

References:
* [[Security_Engineering | Anderson]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[The_Market_Consequences_of_Cybersecurity | OECD]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Keylogger===
Software or hardware that monitors and logs the keystrokes a user types into a computer. The keylogger may store the key sequences locally for later retrieval or send them to a remote location. A hardware keylogger can only be detected by physically inspecting the computer for unusual hardware.

References:
* [[Security_Engineering | Anderson]]
* [[2007_Malware_Report | Computer Economics]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

=== Kinetic Attack===
Traditional mode of warfare in which arms are used to kill opponents and/or destroy an opponent's infrastructure. Usually used to distinguish a cyber attack in which destruction of the opponent's resources is accomplished through targeted information system attacks without resorting to bullets, bombs or explosives.

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Computers_and_War | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Lawfare===
The use of international law to damage an opponent in a war without use of arms.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Laws of War===
The body of law that define the legality of using armed force to resolve a conflict (''jus ad bellum'') and the laws that define the legality of the actual hostilities and related activities (''jus in bello'').

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Cyber-Apocalypse_Now | Gable]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Power | Nye]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Malware===
A variety of computer software designed to infiltrate a user's computer specifically for malicious purposes. Includes, ''inter alia'', computer virus software, botnet software, computer worms, spyware, trojan horses, crimeware and rootkits.

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[2007_Malware_Report | Computer Economics]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Cybersecurity Strategy (U.S.)===
A comprehensive policy to secure America’s digital infrastructure as part of the Administrative Branch's [http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative Comprehensive National Cybersecurity Initiative]. The goals of the policy are: to establish a front line of defense against current immediate threats; to defend against threats by enhancing U.S. counterintelligence capabilities and; to strengthen the future cybersecurity environment by expanding cyber education and redirecting research and development efforts to define and develop strategies to deter hostile or malicious activity in cyberspace.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Security_and_Regulation_in_the_United_States | Lewis]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Security===
Broadly refers to the requirement to maintain the survival of the nation-state through the use of economic, military and political power and the exercise of diplomacy. [http://en.wikipedia.org/wiki/National_security Wikipedia]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===New Normalcy===
New normalcy has become an episodic polict construct in U.S. strategic ideation. National leadership has relied on the new normalcy clarion call to illuminate moments in time when it is understood that the Nation faces not only a severe threat, but also a transcending reorientation. Often invoked in times of national crisis, new normalcy in the American experience signals a cardinal shift in the nature of U.S. security. ["Cyber Operations - The New Balance," Stephen W. Korns]

===Notice and Take-down===
Most commonly used to remove infringing web material under copyright law, a notice and take-down regime is a procedure by which an infringing web site is removed from a service provider's (ISP) network, or access to an allegedly infringing website, disabled. Websites violating copyright are subject to notice and take-down, as are phishing websites.

References:
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Organized Crime===
Groups having some manner of a formalized structure and whose primary objective is to obtain money through illegal activities. Such groups maintain their position through the use of actual or threatened violence, corrupt public officials, graft, or extortion, and generally have a significant impact on the people in their locales, region, or the country as a whole. [http://www.fbi.gov/hq/cid/orgcrime/glossary.htm FBI]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Outreach and Collaboration===
Working across government and with the private sector to share information on threats and other data, and to develop shared approaches to securing cyberspace. [http://www.fas.org/sgp/crs/natsec/R40836.pdf CRS Report for Congress, at 6 (2009).]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Pricing_Security | Camp and Wolfram]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Introduction_to_Country_Reports | ENISA]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
*[[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | Moore and Clayton]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Password Weakness===
Security threats caused by the use of easily guessable passwords which protect vital stores of confidential information stored online.

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Patching===
Patching refers to the installation of a piece of software designed to fix problems with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability or performance. Though meant to fix problems, poorly designed patches can sometimes introduce new problems. [http://en.wikipedia.org/wiki/Patch_%28computing%29 Wikipedia]

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Phishing===
The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[2007_Malware_Report | Computer Economics]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Privacy Law===
Laws which regulate the protection of confidential personal information stored in private records or disclosed to a professional. Also includes laws which regulate the gathering of electronic data in which personal information is accumulated or misappropriated.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy | Besunder]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Red Team===
A structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners’ and adversaries’ perspectives. See [http://www.tradoc.army.mil/pao/tnsarchives/July05/070205.htm U.S. Army]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | Deputy Chief of Staff for Intelligence]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Research & Development===
Research and development (R&D) addressing cyber security and information infrastructure protection.

References:
* [[Pricing_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Research_Agenda_for_the_Banking_and_Finance_Sector | Financial Services Sector Coordinating Council for Critical Infrastructure Protection]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[Cyber_Security_Research_and_Development_Agenda | Institute for Information Infrastructure Protection]]
* [[The_Need_for_a_National_Cybersecurity_Research_and_Development_Agenda | Maughan]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Risk Modeling===
The creation of a model to estimate risk exposure, policy option efficacy and cost-benefit analysis of a particular threat and solution. See [http://cisac.stanford.edu/publications/how_much_is_enough__a_riskmanagement_approach_to_computer_security/ Soo Hoo, Kevin J.]

References:
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Making_the_Best_Use_of_Cybersecurity_Economic_Models | Rue and Pfleeger]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]
* [[Beyond_Fear | Schneier]]
* [[Managing_Online_Security_Risks | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SCADA Systems===
SCADA stands for "supervisory control and data acquisition" and in the cybersecurity context usually refers to industrial control systems that control infrastructure such as electrical power transmission and distribution, water treatment and distribution, wastewater collection and treatment, oil and gas pipelines and large communication systems. The focus is on whether as these systems are connected to the public Internet they become vulnerable to a remote attack.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[Cyber_Power | Nye]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Scareware===
Software or web site that purports to be security software reporting a threat against a user's computer to convince the user to purchase unneeded software or install malware.

* [[2007_Malware_Report | Computer Economics]]
* [[McAfee Threats Report | McAfee]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Script Kiddie===
A derogatory term for a [[#Black_Hat | Black Hat]] who uses canned tools and programs written by more skillful [[#Hacker | hackers]] to commit cyber crime without understanding how they work.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Security Trade-Offs===
There is no single correct level of security; how much security you have depends on what you’re willing to give up in order to get it. This trade-off is, by its very nature, subjective—secu- rity decisions are based on personal judgments. Different people have different senses of what constitutes a threat, or what level of risk is acceptable. What’s more, between different commu- nities, or organizations, or even entire societies, there is no agreed-upon way in which to define threats or evaluate risks, and the modern technological and media-filled world makes these evaluations even harder. [http://www.scribd.com/doc/12185921/beyond-fear-thinking-sensibly-about-security-in-an-uncertain-world-bruce-schneier-copernicus-books-2003 Bruce Schneier]

References:

*[[Cyber-Insurance_Revisited | Bohme]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Shoulder Surfing===
The process of obtaining passwords or other sensitive information by covertly watching an authorized user enter information into a computer system.

References:
* [[Security_Engineering | Anderson]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sneakernet===
Describes the transfer of data between computers or networks that are not physically, electrically or electromagnetically connected requiring information to be shared by physically transporting media contain the shared information from one computer to another. Initially described systems lacking the technology to network together, now usually refers to systems deliberately isolated for security reasons.

See also: [[#Air-Gapped_Network | Air-Gapped Network]]

===Social Engineering===
Conning a human into supplying passwords, computer access or other sensitive information by pretending to be a person with rights to the information or who the target believes they must surrender the information to.

References:
* [[Security_Engineering | Anderson]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Cyber_Power | Nye]]
* [[The_Market_Consequences_of_Cybersecurity:_Defining_Externalities_and_Ways_to_Address_Them | OECD]], [[Cybersecurity_and_Economic_Incentives | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Social Network===
A software application or website that allows a large group of users to interact with each other, often allowing the creation of online portals or identities to share with specific people or the online world at large.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Software Vulnerability===

A software vulnerablilty refers to the existence of a flaw -- or "bug" -- in software that may allow a third party or program to obtain unauthorized access to the flaw and exploit it. [http://www.spi.dod.mil/tenets.htm U.S. Air Force Software Protection Initiative]

References:
* [[Security_Engineering | Anderson]]
* [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission Impact of Foreign Influence on DoD Software | DoD]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The Price of Restricting Vulnerability Publications | Granick]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SPAM===
Unwanted or junk email usually sent indiscriminately in bulk selling illegal or near illegal goods or services. Even with low response rates and heavy filtering, SPAM can stil be economically viable because of the extremely low costs in sending even huge quantities of electronic messages. Commonly believed to be named after the [http://www.youtube.com/watch?v=anwy2MPT5RE Monty Python skit] where the breakfast meat Spam overwhelms all other food choices.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sponsored Attacks===
[[#Computer_Network_Attack | Computer network attacks]] commissioned by, supported by or carried out by a state or government.

Reverences:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===State Affiliation===
Under the control or command of a recognized state or government.

References:
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Tragedy of Commons===
A situation, first described in an influential article written by ecologist Garrett Hardin for the journal Science, in 1968, in which multiple individuals, acting independently, and solely and rationally consulting their own self-interest, will ultimately deplete a shared limited resource even when it is clear that it is not in anyone's long-term interest for this to happen. The term can be applied to any issue related to the management of a shared resource, from energy to the public domain, to cybersecurity.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Transparency===
A set of policies, practices and procedures that allow citizens to have accessibility, usability, informativeness, understandability and auditability of information and process held by centers of authority. [http://en.wikipedia.org/wiki/Transparency_(social) Wikipedia]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Trojan===
[[#Malware | Malware]] which masquerades as some other type of program such as a link to a web site, a desirable image, etc. to trick a user into installing it. Named for the Ancient Greek legend of the [http://www.mlahanas.de/Greeks/Mythology/TrojanHorse.html Trojan Horse].

References:
* [[Security_Engineering | Anderson]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
*[[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Military Technologies===
Warfare made possible by advances in remotely controlled or semiautomated military technologies which remove the operator from risk of harm while attacking an opponent.

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Global_Cyber_Deterrence_Views_from_China | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Warfare===

See: [[#Virtual_Military_Technologies | Virtual Military Technologies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===White Hat===
A white hat is a computer [[#Hacker | hacker]] who works to find and fix computer security risks. White hat consultants are often hired to attempt to break into their client's network to see if all security holes have been addressed.

See also: [[#Black_Hat | Black Hat]]

References:
* [[Security_Engineering | Anderson]], [[Why_Information_Security_is_Hard | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Whitelist===
A list of computers, IP (Internet Protocol) addresses, user names or other identifiers to specifically allow access to a computing resource. Normally combined with a default "no-access" policy.

See also: [[#Blacklist | Blacklist]]

References:
* [[Security_Engineering | Anderson]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Worm===
A type of malware that replicates itself and spreads to other computers through network connections.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Zero-Day Exploit===
[[#Malware | Malware]] designed to exploit a newly discovered security hole unknown to the software developer. "Zero-day" refers to the amount of time a developer has between learning of a security hole and the time it becomes public or when [[#Black_Hat | black hat]] [[#Hacker | hackers]] find out about it and try to use the security hole for nefarious purposes.

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[McAfee Threats Report | McAfee]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

Keyword Index and Glossary of Core Ideas

2010-08-02T22:10:12Z

Felix: /* Interdependencies */

==Keyword Index and Glossary of Core Ideas==

===Air-Gapped Network===
Air gapping is a security measure that isolates a secure network from unsecure networks physically, electrically and electromagnetically.

See also: [[Keyword_Index_and_Glossary_of_Core_Ideas#Sneakernet | Sneakernet]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Antivirus===
Software which attempts to identify and delete or isolate [[#Malware |malware]]. Antivirus software may use both a database containing signatures of known threats and heuristics to identify malware. Usually run as a background service to scan files and email copied to the protected system.

References:
* [[Security_Engineering | Anderson]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Best Practices===

The processes, practices, and systems identified in public and private organizations that performed exceptionally well and are widely recognized as improving an organization's performance and efficiency in specific areas. Successfully identifying and applying best practices can reduce business expenses and improve organizational efficiency. [http://www.gao.gov/special.pubs/bprag/bprgloss.htm GAO Glossary]

* [[Hardening_The_Internet | National Infrastructure Advisory Council]]

===Black Hat===
A black hat is a computer [[#Hacker | hacker]] who works to harm others (e.g., steal identities, spread computer viruses, install bot software).

See also: [[#White_Hat | White Hat]]

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Blacklist===
A list of computers, IP addresses, user names or other identifiers to block from access to a computing resource.

See also: [[#Whitelist | Whitelist]]

References:
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Botnet===
A portmanteau of "robot" and "network." Refers to networks of sometimes millions of infected machines that are remotely controlled by malicious actors. A single infected computer may be referred to as a zombie computer. The owners of the computer remotely controlled is often unaware of the infection. The owners of a botnet may use the combined network processing power and bandwidth to send [[#SPAM | SPAM]], install [[#Malware | malware]] and mount [[#DDoS_Attack | DDoS attacks]] or may rent out the botnet to other malicious actors.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Power | Nye]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Schneier_on_Security | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===''Casus Belli''===
The justification for going to war. From the Latin "''casus''" meaning "incident" or "event" and "''belli''" meaning "of war."

References:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Wired_Warfare | Schmitt]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Civilian Participation===
The involvement of non-military persons in warfare. While civilians have often provided support to the military in kinetic wars, in [[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Warfare | cyber warfare]] civilians are able to remotely participate in direct attacks against opponents. This raises complicated questions of law when the combatants are not uniformed military personnel.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Combatant Status===
The legal status of combatants in warfare. Existing law distinguishes between uniformed military and civilian status.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Emergency Response Team===
A group of experts brought together to deal with computer security issues. The Computer Emergency Response Team (CERT) mandate is to develop and promote best management practices and technology applications to “resist attacks on networked systems, to limit damage, and to ensure continuity of critical services.” (Software Engineering Institute 2008). CERT may be formed by governments to handle security at the national level or by academic institutions or individual corporations.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Computer Network Attack===
Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves. [http://www.fas.org/irp/doddir/dod/jp3_13.pdf Joint Doctrine for Information Operations JP 3-13 at I-9 (1998)]

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Information_Security | GAO]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Computers_and_War | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Communications Privacy Law===
Laws which regulate access to electronic communications. In the United States, the [http://www.usiia.org/legis/ecpa.html Electronic Communications Privacy Act (ECPA]) protects electronic communications while in transit and prohibits the unlawful access and disclosure of communication contents.

References:
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[Cybersecurity:_Preventing_Terrorist_Attacks_and_Protecting_Privacy_in_Cyberspace | Nojeim]]
* [[Cyber_Power | Nye]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===COTS Software===
Commercial Off The Shelf Software. Software that is prepackaged and sold as a commodity rather than custom written for a specific user/organization or purpose. Examples include operating systems, database management programs, email servers, application servers and office product suites. [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD at 18.]]

References:
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Trust in Cyberspace | National Research Council]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Credit Card Fraud===
Theft of goods or services using false or stolen credit card information.

See Also: [[#Shoulder_Surfing | Shoulder Surfing]]

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Crimeware===
Software tools designed to aid criminals in perpetrating online crime. Refers only to programs not generally considered desirable or usable for ordinary tasks. Thus, while a criminal may use Internet Explorer in the commission of a [[#Cyber_Crime | cybercrime]], the Internet Explorer application itself would not be considered crimeware.

References:
* [[2007_Malware_Report |Computer Economics]]
* [[Cybersecurity | Bauer and van Eeten]], [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Crime===
In its broadest definition, cybercrime includes all crime perpetrated with or involving a computer. Symantec defines it as any crime that is committed using a computer or network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime. The crime may take place on the computer alone or in addition to other locations. [http://www.symantec.com/norton/cybercrime/definition.jsp Symantec]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as an Externality===
Economists define externalities as instances where an individual or firm’s actions have
economic consequences for others for which there is no compensation. One important
distinction is between positive and negative externalities. Instances of the latter are most
commonly discussed, such as the environmental pollution caused by a plant, which may
have impacts on the value of neighboring homes. Important examples of positive
externalities are so common in communications networks that there is a class of "network
externalities. For instance, the simple act of installing telephone service to one additional
customer creates positive externalities on everyone on the telephone network because
they can now each reach one additional person.
Several attributes of computer security suggest that it is an externality. Most importantly,
the lack of security on one machine can cause adverse effects on another. The most
obvious example of this is from electronic commerce, where credit card numbers stolen
from machines lacking security are used to commit fraud at other sites.

References:
* [[Security_Engineering | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Pricing_Security | Camp and Wolfram]], [[Economics_of_Information_Security | 2]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]]
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Security as a Public Good===
In economics, a public good is a good that is non-rivalrous and non-excludable. Non-rivalry means that consumption of the good by one individual does not reduce availability of the good for consumption by others; and non-excludability that no one can be effectively excluded from using the good.

References:
* [[Security_Engineering | Anderson]]
*[[Cyber-Insurance_Revisited | Bohme]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Trust in Cyberspace | National Research Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Beyond_Fear | Schneier]]
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Terrorism===
A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. [http://judiciary.senate.gov/hearings/testimony.cfm?id=1054&wit_id=2995 FBI]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyber_War | Clarke]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Beyond_Fear | Schneier]]
* [[The_Evolving_Landscape_of_Maritime_Cybersecurity | Shah]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Cyber Warfare===
Actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption. [[Cyber_War | Clarke]]

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Cyber_War | Clarke]]
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks#Full_Citation | Cornish]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Global_Cyber_Deterrence | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Data Mining===
The process of extracting hidden information and correlations from one or more databases or collections of data that would not normally be revealed by a simple database query.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy#Synopsis | Besunder]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Schneier on Security | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Department of Homeland Security===
Cabinet level department of the United States assigned, ''inter alia'', the task of protecting against terrorist threats and helping state and local authorities prepare for, respond to and recover from domestic disasters.

References:
* [[Cyber_War | Clarke]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Information_Security | GAO]]
* [[Cyber_Operations | Korns]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]], [[Schneier on Security | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===DDoS Attack===
The disabling of a targeted website or Internet connection by flooding it with such high levels of Internet traffic that it can no longer respond to normal connection requests. Often mounted by directing an army of zombie computers (see [[#Botnet | botnet]]) to connect to the targeted site simultaneously. The targeted site may crash while trying to respond to an overwhelming number of connections requests or it may be disabled because all available bandwidth and/or computing resources are tied up responding to the attack requests.

References:
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin. et. al]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Digital Pearl Harbor===
A cyberwarfare attack similar in scale and surprise to the 1941 attack on Pearl Harbor. The expression is often invoked by those who argue that a cyber-based attack is either imminent or inevitable and that by not being properly prepared, the United States will suffer significant and unnecessary losses.

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Disclosure Policy===
A policy that governs the disclosure to clients and other stakeholder by a provider of a computer program or system of defects discovered in those products.

References:
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Schneier on Security | Schneier]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Distributed Denial of Service (DDoS)===
See: [[#DDoS_Attack | DDoS Attack]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Dumpster Diving===
A method of obtaining proprietary, confidential or useful information by searching through trash discarded by a target.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Einstein===
The operational name of the National Cybersecurity Protection System (NCPS). Was created in 2003 by the United States Computer Emergency Readiness Team (US-CERT)14 in order to aid in its ability to help reduce and prevent computer network vulnerabilities across the federal government. The initial version of Einstein provided an automated process for collecting, correlating, and analyzing agencies’ computer network traffic information from sensors installed at their Internet connections. The Einstein sensors collected
network flow records at participating agencies, which were then analyzed by US-CERT to detect certain types of malicious activity.

References:
* [[Information_Security | GAO]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===E.U. Cybersecurity===
Discussions relating to cybersecurity of the European Union and of European Union states.

References:
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Introduction_to_Country_Reports | ENISA]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Generativity===
Generativity is a system’s capacity to produce unanticipated change through unﬁltered contributions from broad and varied audiences.

References:

*[[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Geneva Conventions===
Four treaties and three additional protocols that regulates the conduct of hostilities between states and set the standards for humanitarian treatment of the victims of war.

See also: [[#Laws_of_War | Laws of War]]

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacker===
Advanced computer users who spend a lot of time on or with computers and work hard to find vulnerabilities in IT systems. [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]

References:
* [[Security_Engineering | Anderson]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[McAfee Threats Report | McAfee]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivism===
The nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development. [http://www.alexandrasamuel.com/dissertation/index.html Samuel, A.]

References:
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Terrorism | Stohl]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Hacktivist===
A portmanteau of [[#Hacker | "hacker"]] and "activist." Individuals that have a political motive for their activities, and identify that motivation by their actions, such as defacing opponents’ websites with counter-information or disinformation.

See also: [[#Hacktivism | Hacktivism]]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[McAfee Threats Report | McAfee]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Honeypot===
A computer, network or other information technology resource set as a trap to attract attacks. Honeypots may be used to collect metrics (how long does it take for an unprotected system to be breached), to test defenses, to examine methods of attack or to catch attackers. A honeypot system may also be used to collect [[#SPAM | SPAM]] so it can be added to a [[#Blacklist | blacklist]].

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Identity Fraud/Theft===
The exploitation by malevolent third parties of unwarranted access to clients' or consumers' identities. Often the result of lax data security or privacy measures.

References:
* [[Security_Engineering | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[2007_Malware_Report | Computer Economics]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Asymmetries===
Information asymmetry deals with the study of decisions in transactions where one party has more or better information than the other. This creates an imbalance of power in transactions which can sometimes cause the transactions to go awry.

The software market suffers from the same information asymmetry. Vendors may make claims about the security of their products, but buyers have no reason to trust them. In many cases, even the vendor does not know how secure its software is. So buyers have no reason to pay more for protection, and vendors are disinclined to invest in it.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Cyber_War | Clarke]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]
* [[Wired_Warfare | Schmitt]]
* [[Schneier on Security | Schneier]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Intelligence Infrastructure/Information Infrastructure===
The network of computers and communication lines underlying critical services that American society has come to depend on: financial systems, the power grid, transportation, emergency services, and government programs. Information infrastructure includes the Internet, telecommunications networks, “embedded” systems (the built-in microprocessors that control machines from microwaves to missiles), and “dedicated” devices like individual personal computers. [http://www.cfr.org/publication/10212/targets_for_terrorism.html Council on Foreign Relations]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Cyber_Power | Nye]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Information Operations===
Actions taken to affect adversary information and information systems while defending one’s own information and information systems.” Information Operations (IO) can occur during peacetime and at every level of warfare.
Information warfare (IW), by contrast, is IO “conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries” [Joint Chiefs of Staff, Department of Defense, Dictionary of Military and Associated Terms, Joint Publication]

References:
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Interdependencies===
The inter-connections between supposedly independent but often interdependent systems.

See also: [[#SCADA_Systems | SCADA Systems]]

References:
* [[The_Economics_of_Information_Security | Anderson and Moore]]
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Cyber-Insurance_Revisited | Bohme]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Trust in Cyberspace | National Research Council]]
* [[Cybersecurity_and_Economic_Incentives | OECD]]
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | Schmitt]]
* [[Beyond_Fear | Schneier]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===International Humanitarian Law===
That part of international law which seek, for humanitarian reasons, to limit the effects of armed conflict. It protects persons who are not or are no longer participating in the hostilities and restricts the means and methods of warfare. International humanitarian law is also known as the law of war or the law of armed conflict. International law is the body of rules governing relations between States. It is contained in agreements between States (treaties or conventions), in customary rules, which consist of State practise considered by them as as legally binding, and in general principles. [http://www.icrc.org/web/eng/siteeng0.nsf/html/humanitarian-law-factsheet ICRC]

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Relay Chat (IRC)===
A method of real-time Internet communication often used by criminals to buy and sell purloined information such as credit card numbers and personal identity information. IRC chatrooms may be open or private.

References:
* [[Security_Engineering | Anderson]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Internet Service Providers===
A company that offers access to the Internet. Internet Service Providers may also provide add-on services such as web hosting, electronic mail, virus scanning, SPAM filtering, etc.

References:
* [[Security_Engineering | Anderson]]
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[The_Market_Consequences_of_Cybersecurity | OECD]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Keylogger===
Software or hardware that monitors and logs the keystrokes a user types into a computer. The keylogger may store the key sequences locally for later retrieval or send them to a remote location. A hardware keylogger can only be detected by physically inspecting the computer for unusual hardware.

References:
* [[Security_Engineering | Anderson]]
* [[2007_Malware_Report | Computer Economics]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[The_Underground_Economy | Thomas and Martin]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

=== Kinetic Attack===
Traditional mode of warfare in which arms are used to kill opponents and/or destroy an opponent's infrastructure. Usually used to distinguish a cyber attack in which destruction of the opponent's resources is accomplished through targeted information system attacks without resorting to bullets, bombs or explosives.

References:
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Computers_and_War | Schmitt]], [[Computers_and_War | 2]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Lawfare===
The use of international law to damage an opponent in a war without use of arms.

References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Laws of War===
The body of law that define the legality of using armed force to resolve a conflict (''jus ad bellum'') and the laws that define the legality of the actual hostilities and related activities (''jus in bello'').

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
* [[Cyber-Apocalypse_Now | Gable]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Power | Nye]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Malware===
A variety of computer software designed to infiltrate a user's computer specifically for malicious purposes. Includes, ''inter alia'', computer virus software, botnet software, computer worms, spyware, trojan horses, crimeware and rootkits.

References:
* [[Security_Engineering | Anderson]]
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
* [[2007_Malware_Report | Computer Economics]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Cybersecurity Strategy (U.S.)===
A comprehensive policy to secure America’s digital infrastructure as part of the Administrative Branch's [http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative Comprehensive National Cybersecurity Initiative]. The goals of the policy are: to establish a front line of defense against current immediate threats; to defend against threats by enhancing U.S. counterintelligence capabilities and; to strengthen the future cybersecurity environment by expanding cyber education and redirecting research and development efforts to define and develop strategies to deter hostile or malicious activity in cyberspace.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Cyber_Security_and_Regulation_in_the_United_States | Lewis]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===National Security===
Broadly refers to the requirement to maintain the survival of the nation-state through the use of economic, military and political power and the exercise of diplomacy. [http://en.wikipedia.org/wiki/National_security Wikipedia]

References:
* [[Nuclear_Security | Aloise]]
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===New Normalcy===
New normalcy has become an episodic polict construct in U.S. strategic ideation. National leadership has relied on the new normalcy clarion call to illuminate moments in time when it is understood that the Nation faces not only a severe threat, but also a transcending reorientation. Often invoked in times of national crisis, new normalcy in the American experience signals a cardinal shift in the nature of U.S. security. ["Cyber Operations - The New Balance," Stephen W. Korns]

===Notice and Take-down===
Most commonly used to remove infringing web material under copyright law, a notice and take-down regime is a procedure by which an infringing web site is removed from a service provider's (ISP) network, or access to an allegedly infringing website, disabled. Websites violating copyright are subject to notice and take-down, as are phishing websites.

References:
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Organized Crime===
Groups having some manner of a formalized structure and whose primary objective is to obtain money through illegal activities. Such groups maintain their position through the use of actual or threatened violence, corrupt public officials, graft, or extortion, and generally have a significant impact on the people in their locales, region, or the country as a whole. [http://www.fbi.gov/hq/cid/orgcrime/glossary.htm FBI]

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
* [[Cyberpower and National Security | Kramer et. al]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Outreach and Collaboration===
Working across government and with the private sector to share information on threats and other data, and to develop shared approaches to securing cyberspace. [http://www.fas.org/sgp/crs/natsec/R40836.pdf CRS Report for Congress, at 6 (2009).]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Pricing_Security | Camp and Wolfram]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
* [[Introduction_to_Country_Reports | ENISA]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
*[[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
* [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | Moore and Clayton]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Password Weakness===
Security threats caused by the use of easily guessable passwords which protect vital stores of confidential information stored online.

References:
* [[Security_Engineering | Anderson]]
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Patching===
Patching refers to the installation of a piece of software designed to fix problems with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability or performance. Though meant to fix problems, poorly designed patches can sometimes introduce new problems. [http://en.wikipedia.org/wiki/Patch_%28computing%29 Wikipedia]

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Phishing===
The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

References:
* [[Security_Engineering | Anderson]]
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[2007_Malware_Report | Computer Economics]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Privacy Law===
Laws which regulate the protection of confidential personal information stored in private records or disclosed to a professional. Also includes laws which regulate the gathering of electronic data in which personal information is accumulated or misappropriated.

References:
* [[Best_Practices_for_Data_Protection_and_Privacy | Besunder]]
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
* [[A Roadmap for Cybersecurity Research | DHS]]
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Red Team===
A structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners’ and adversaries’ perspectives. See [http://www.tradoc.army.mil/pao/tnsarchives/July05/070205.htm U.S. Army]

References:
* [[Critical_Infrastructure_Threats_and_Terrorism | Deputy Chief of Staff for Intelligence]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Research & Development===
Research and development (R&D) addressing cyber security and information infrastructure protection.

References:
* [[Pricing_Security | Camp and Wolfram]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Research_Agenda_for_the_Banking_and_Finance_Sector | Financial Services Sector Coordinating Council for Critical Infrastructure Protection]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[Cyber_Security_Research_and_Development_Agenda | Institute for Information Infrastructure Protection]]
* [[The_Need_for_a_National_Cybersecurity_Research_and_Development_Agenda | Maughan]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Risk Modeling===
The creation of a model to estimate risk exposure, policy option efficacy and cost-benefit analysis of a particular threat and solution. See [http://cisac.stanford.edu/publications/how_much_is_enough__a_riskmanagement_approach_to_computer_security/ Soo Hoo, Kevin J.]

References:
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Making_the_Best_Use_of_Cybersecurity_Economic_Models | Rue and Pfleeger]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]
* [[Beyond_Fear | Schneier]]
* [[Managing_Online_Security_Risks | Varian]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SCADA Systems===
SCADA stands for "supervisory control and data acquisition" and in the cybersecurity context usually refers to industrial control systems that control infrastructure such as electrical power transmission and distribution, water treatment and distribution, wastewater collection and treatment, oil and gas pipelines and large communication systems. The focus is on whether as these systems are connected to the public Internet they become vulnerable to a remote attack.

References:
* [[Cyberpower and National Security | Kramer et. al]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[Cyber_Power | Nye]]
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Scareware===
Software or web site that purports to be security software reporting a threat against a user's computer to convince the user to purchase unneeded software or install malware.

* [[2007_Malware_Report | Computer Economics]]
* [[McAfee Threats Report | McAfee]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Script Kiddie===
A derogatory term for a [[#Black_Hat | Black Hat]] who uses canned tools and programs written by more skillful [[#Hacker | hackers]] to commit cyber crime without understanding how they work.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Security Trade-Offs===
There is no single correct level of security; how much security you have depends on what you’re willing to give up in order to get it. This trade-off is, by its very nature, subjective—secu- rity decisions are based on personal judgments. Different people have different senses of what constitutes a threat, or what level of risk is acceptable. What’s more, between different commu- nities, or organizations, or even entire societies, there is no agreed-upon way in which to define threats or evaluate risks, and the modern technological and media-filled world makes these evaluations even harder. [http://www.scribd.com/doc/12185921/beyond-fear-thinking-sensibly-about-security-in-an-uncertain-world-bruce-schneier-copernicus-books-2003 Bruce Schneier]

References:

*[[Cyber-Insurance_Revisited | Bohme]]
* [[Cyber_Operations | Korns]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Shoulder Surfing===
The process of obtaining passwords or other sensitive information by covertly watching an authorized user enter information into a computer system.

References:
* [[Security_Engineering | Anderson]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sneakernet===
Describes the transfer of data between computers or networks that are not physically, electrically or electromagnetically connected requiring information to be shared by physically transporting media contain the shared information from one computer to another. Initially described systems lacking the technology to network together, now usually refers to systems deliberately isolated for security reasons.

See also: [[#Air-Gapped_Network | Air-Gapped Network]]

===Social Engineering===
Conning a human into supplying passwords, computer access or other sensitive information by pretending to be a person with rights to the information or who the target believes they must surrender the information to.

References:
* [[Security_Engineering | Anderson]]
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
* [[Cyber_Power | Nye]]
* [[The_Market_Consequences_of_Cybersecurity:_Defining_Externalities_and_Ways_to_Address_Them | OECD]], [[Cybersecurity_and_Economic_Incentives | [2]]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Social Network===
A software application or website that allows a large group of users to interact with each other, often allowing the creation of online portals or identities to share with specific people or the online world at large.

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Software Vulnerability===

A software vulnerablilty refers to the existence of a flaw -- or "bug" -- in software that may allow a third party or program to obtain unauthorized access to the flaw and exploit it. [http://www.spi.dod.mil/tenets.htm U.S. Air Force Software Protection Initiative]

References:
* [[Security_Engineering | Anderson]]
* [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure | Arora et. al.]]
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
* [[Mission Impact of Foreign Influence on DoD Software | DoD]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[The Price of Restricting Vulnerability Publications | Granick]]
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[Insider_Threat_Study | U.S. Secret Service]]
* [[Economics_of_Malware | van Eeten and Bauer]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===SPAM===
Unwanted or junk email usually sent indiscriminately in bulk selling illegal or near illegal goods or services. Even with low response rates and heavy filtering, SPAM can stil be economically viable because of the extremely low costs in sending even huge quantities of electronic messages. Commonly believed to be named after the [http://www.youtube.com/watch?v=anwy2MPT5RE Monty Python skit] where the breakfast meat Spam overwhelms all other food choices.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[McAfee Threats Report | McAfee]]
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Schneier on Security | Schneier]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[The_Underground_Economy | Thomas and Martin]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Sponsored Attacks===
[[#Computer_Network_Attack | Computer network attacks]] commissioned by, supported by or carried out by a state or government.

Reverences:
* [[The_Government_and_Cybersecurity | Bellovin]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Beyond_Fear | Schneier]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===State Affiliation===
Under the control or command of a recognized state or government.

References:
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
* [[Armed_Attack_in_Cyberspace | Todd]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Tragedy of Commons===
A situation, first described in an influential article written by ecologist Garrett Hardin for the journal Science, in 1968, in which multiple individuals, acting independently, and solely and rationally consulting their own self-interest, will ultimately deplete a shared limited resource even when it is clear that it is not in anyone's long-term interest for this to happen. The term can be applied to any issue related to the management of a shared resource, from energy to the public domain, to cybersecurity.

References:
* [[Why_Information_Security_is_Hard | Anderson]]
* [[Economics_of_Information_Security | Camp and Wolfram]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Is_Cybersecurity_a_Public_Good | Powell]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Transparency===
A set of policies, practices and procedures that allow citizens to have accessibility, usability, informativeness, understandability and auditability of information and process held by centers of authority. [http://en.wikipedia.org/wiki/Transparency_(social) Wikipedia]

References:
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
* [[Cyber_Operations | Korns]]
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
* [[Beyond_Fear | Schneier]]
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Trojan===
[[#Malware | Malware]] which masquerades as some other type of program such as a link to a web site, a desirable image, etc. to trick a user into installing it. Named for the Ancient Greek legend of the [http://www.mlahanas.de/Greeks/Mythology/TrojanHorse.html Trojan Horse].

References:
* [[Security_Engineering | Anderson]]
* [[Cyber_Operations | Korns]]
* [[McAfee Threats Report | McAfee]]
*[[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Military Technologies===
Warfare made possible by advances in remotely controlled or semiautomated military technologies which remove the operator from risk of harm while attacking an opponent.

References:
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
* [[Law_and_War_in_the_Virtual_Era | Beard]]
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
* [[Global_Cyber_Deterrence_Views_from_China | Lan]]
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
* [[Armed_Attack_in_Cyberspace | Todd]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Virtual Warfare===

See: [[#Virtual_Military_Technologies | Virtual Military Technologies]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===White Hat===
A white hat is a computer [[#Hacker | hacker]] who works to find and fix computer security risks. White hat consultants are often hired to attempt to break into their client's network to see if all security holes have been addressed.

See also: [[#Black_Hat | Black Hat]]

References:
* [[Security_Engineering | Anderson]], [[Why_Information_Security_is_Hard | [2]]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Whitelist===
A list of computers, IP (Internet Protocol) addresses, user names or other identifiers to specifically allow access to a computing resource. Normally combined with a default "no-access" policy.

See also: [[#Blacklist | Blacklist]]

References:
* [[Security_Engineering | Anderson]]
* [[Symantec Global Internet Security Threat Report | Symantec]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Worm===
A type of malware that replicates itself and spreads to other computers through network connections.

References:
* [[Security_Engineering | Anderson]]
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[Cyber_Operations | Korns]]
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

===Zero-Day Exploit===
[[#Malware | Malware]] designed to exploit a newly discovered security hole unknown to the software developer. "Zero-day" refers to the amount of time a developer has between learning of a security hole and the time it becomes public or when [[#Black_Hat | black hat]] [[#Hacker | hackers]] find out about it and try to use the security hole for nefarious purposes.

References:
* [[Security_Engineering | Anderson]]
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
* [[McAfee Threats Report | McAfee]]
* [[Symantec Global Internet Security Threat Report | Symantec]]
* [[Trend Micro Annual Report | Trend Micro]]

''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''