Skip to ContentGo to accessibility pageKeyboard shortcuts menu
OpenStax Logo

advanced encryption standard (AES)
symmetric encryption algorithm used globally to secure data, known for its speed and security
artificial intelligence (AI)
branch of computer science focused on creating intelligent machines capable of performing tasks that typically require human intelligence, such as visual perception, speech recognition, decision-making, and language translation
asymmetric encryption
(also, public-key cryptography) type of encryption that uses a public and private key
authentication
process of verifying the identity of a user or device, often through credentials such as passwords or digital certificates
brute-force attack
attack method where an attacker systematically checks all password or encryption key possibilities until the correct one is found
buffer overflow
condition where an application writes more data to a buffer than it can hold
Certified Ethical Hacker (CEH)
certification that signifies proficiency in ethical hacking techniques and tools, and the ability to assess the security of computer systems by looking for vulnerabilities in a lawful and legitimate manner
Certified Information Security Manager (CISM)
certification that focuses on management and governance of information security
Certified Information Systems Security Professional (CISSP)
advanced certification that focuses on the knowledge and skills required to design, implement, and manage a comprehensive information security program
classless inter-domain routing (CIDR)
method for allocating IP addresses and routing IP packets more efficiently than traditional classful IP addressing
confidentiality, integrity, availability (CIA) triad
foundational model in cybersecurity that ensures information is protected, accurate and trustworthy, and readily available to authorized users
continuous monitoring
ongoing process of assessing the security posture and compliance of an IT infrastructure by automatically collecting, analyzing, and reporting data on various security controls
Control Objectives for Information and Related Technologies (COBIT5) framework
comprehensive framework developed by ISACA for IT governance and management that helps organizations meet business challenges in the areas of regulatory compliance, risk management, and aligning IT strategy with organizational goals
cryptographic key
string of data used by encryption algorithms to transform data into a secure format and its subsequent decryption
cybersecurity
practice of protecting systems, networks, devices, and data from online threats
data packet
small unit of data transmitted over a network
dictionary attack
attack method where an attacker uses a precompiled list of likely passwords
digital signature
electronic signature that uses cryptographic techniques to provide authentication and ensure the integrity of the signed digital document or message
distributed denial-of-service (DDoS)
attack that uses multiple computers or servers to overwhelm a network resulting in loss of usability
Domain Name System (DNS)
system that translates human-readable domain names to IP addresses, allowing users to access websites using familiar names
dynamic IP address
address that is assigned each time a device connects to the internet; changes periodically, although not necessarily every time the device connects
encryption
process of transforming legible data into a coded format, making it unreadable to unauthorized entities
environmental threat
uncontrollable external factor such as a natural disaster or hardware failure that can damage data centers and disrupt business operations
ethical hacking
process of attempting to break into an organization’s computer systems, network, or applications with permission to identify vulnerabilities
external threat
threat that originates from outside an organization, typically posed by cybercriminals or state-sponsored attackers who aim to exploit vulnerabilities for financial or strategic gain
fileless malware
type of malware that exploits in-memory processes to conduct its nefarious activities
firewall
network security system that uses security rules to monitor and control incoming and outgoing traffic
hashing
process of converting data into a fixed-size string of characters, typically used for security purposes to ensure data integrity
HTTP Secure (HTTPS)
protocol that adds a secure, encrypted layer to HTTP via SSL/TLS protocols
Hypertext Transfer Protocol (HTTP)
protocol that is proficient at transmitting hypertext over the internet
incident response
predetermined set of procedures and steps taken to identify, investigate, and respond to potential security incidents
information privacy
right and measure of control individuals have over the collection, storage, management, and dissemination of their personal information
information security
practice of protecting information by mitigating information risks and vulnerabilities, which encompasses data privacy, data confidentiality, data integrity, and data availability; employs methods such as encryption, firewalls, and secure network design
information security management system (ISMS)
framework that helps organizations manage their information security by defining policies, procedures, and controls
information security risk management (ISRM)
field that involves identifying, assessing, and mitigating risks to the confidentiality, integrity, and availability of information and information systems
Information Systems Audit and Control Association (ISACA)
international association that provides IT professionals with knowledge, credentials, education, and community in IT governance, control, risk, security, audit, and assurance
intellectual property (IP)
creations of the mind that are protected by law from unauthorized use or replication
internal threat
one that originates from within an organization, such as disgruntled employees or poor security training for employees resulting in social engineering attacks
internet protocol (IP) address
unique identifier that allows a computer to be addressed in order to communicate on the internet
Internet Protocol Security (IPsec)
suite of protocols that provides end-to-end encryption and secure data exchange
intrusion detection and prevention system (IDPS)
tool that monitors networks for malicious activity or policy violations
IT governance
process of managing and controlling an organization’s IT capabilities to improve IT management, ensure compliance, and increase the value of IT investments
keylogger
tool or technology often used maliciously to capture keystrokes on a computer to obtain sensitive information such as passwords
log file
file generated by security applications that contains event information that aids in determining the status and health of a network
malware
malicious software designed to damage, exploit, infect systems, or otherwise compromise data, devices, users, or networks, using viruses, worms, and spyware that is installed into the basic input-output system (BIOS) of a computer
media access control (MAC) address
unique identifier that allows a computer to be addressed in order to communicate within a local area network
multi factor authentication (MFA)
security measure that requires users to verify their identity using multiple forms of credentials, such as a password, a security token, or biometric data, to access a system
network security
process of guarding network infrastructure and IT systems from unauthorized access, misuse, malfunction, or improper disclosure to unintended parties
packet sniffer
(also, network analyzer or protocol analyzer) tool that captures and analyzes network traffic
phishing
type of social engineering attack that appears as a trustworthy entity in digital communication but steals user data, such as login credentials and financial information
pretexting
social engineering attack that involves creating a fabricated scenario to obtain private data
protocol
fundamental rule or procedure that governs communication between devices in a network
protocol analyzer
tool that examines network communication protocols to understand how data are exchanged between devices and applications on a network
ransomware
type of malicious software that encrypts users’ files such as photos, documents, or other sensitive information and demands a ransom for their release
risk appetite
level of risk an organization is willing to accept in pursuit of its ambitions or goals
risk management plan (RMP)
strategic document that outlines how risk is assessed, monitored, and mitigated within an organization
risk tolerance
number of unfavorable outcomes an organization is willing to accept while pursuing goals and other objectives
role-based access control (RBAC)
method of access control that bases data access on a person’s role in the organization, giving each employee the minimum level of access they need to perform their job functions
rootkit
software that enables attackers to have access to a system masquerading as operating system processes
router
device that forwards data packets to the appropriate parts of a computer network
RSA encryption
asymmetric cryptographic algorithm used for secure data transmission; particularly useful in public-key cryptography
Secure Sockets Layer (SSL)
communication protocol that establishes a secure connection between devices or applications on a network by encrypting data sent between a browser and a website or between two servers
security information and event management (SIEM)
security solution that collects, analyzes, and correlates security data from different sources to detect and respond to security threats in real time
Security+
entry-level certification that covers foundational skills and knowledge in network security, compliance, operational security, threats and vulnerabilities, data and host security, access control, and identity management
server
powerful computer or computer program that provides data to other computers (clients) over a network
social engineering
manipulation of employees into revealing sensitive information, often leading to unauthorized system access
static IP address
permanent address assigned by an administrator that remains the same over time and is essential for services such as hosting servers, email servers, and network devices, or when remote access is required
strengths, weaknesses, opportunities, and threats (SWOT) analysis
commonly used method that helps in understanding both internal and external factors that could pose risks
subnet
logically visible subdivision of an IP network, increasing its efficiency and security
subnet mask
address used in routing and network organization that divides the IP address into network and host addresses
switch
device that connects and segments various components within a local network
symmetric encryption
type of encryption in which one key both encrypts and decrypts the data
Transport Layer Security (TLS)
updated version of SSL that uses an encrypted tunnel to protect data sent between a browser, a website, and the website’s server
Trojan
program that conceals itself as a safe program but often carries many other different types of malicious payloads
virtual private network (VPN)
service that creates a secure, encrypted connection over a less secure network, typically the internet, ensuring private data remains protected
virus
malware that attaches itself to clean files and propagate to other files and programs
worm
stand-alone software program that spreads without requiring a host program
Citation/Attribution

This book may not be used in the training of large language models or otherwise be ingested into large language models or generative AI offerings without OpenStax's permission.

Want to cite, share, or modify this book? This book uses the Creative Commons Attribution-NonCommercial-ShareAlike License and you must attribute OpenStax.

Attribution information
  • If you are redistributing all or part of this book in a print format, then you must include on every physical page the following attribution:
    Access for free at https://openstax.org/books/foundations-information-systems/pages/1-introduction
  • If you are redistributing all or part of this book in a digital format, then you must include on every digital page view the following attribution:
    Access for free at https://openstax.org/books/foundations-information-systems/pages/1-introduction
Citation information

© Feb 17, 2025 OpenStax. Textbook content produced by OpenStax is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike License . The OpenStax name, OpenStax logo, OpenStax book covers, OpenStax CNX name, and OpenStax CNX logo are not subject to the Creative Commons license and may not be reproduced without the prior and express written consent of Rice University.