° Brute force – Automated method of cracking a password by trying every possible combination until the correct one is discovered.

° Buffer overflow – Classic attack requiring intimate knowledge of the targeted application, exploiting a common programming error. By sending more data to a field than the programmer has allowed for, and including malicious code in that data, it ‘overflows' into related program areas, and the malicious code executes.

° Data driven attack – Bypasses standard security measures by inserting data in web forms that can form the basis of a malicious attack on the back-end system or database.

° Deperimeterisation – Security philosophy advocating removal of firewalls, replacing them with data-level security to enable closer, secure collaboration of separate organisations.

° Distributed denial of service – A simple attack that floods a router, network or web server with more traffic than it can handle, often leveraging a ‘zombie army' of broadband-connected PCs infected with Trojan horses.

° DMZ – Demilitarised zone: a buffer zone between a company network and the Internet.

° DRM – Digital rights management: software controlling where, when and by whom files can be opened or used.

° Email hygiene – Service protecting against messaging threats such as spam and viruses.

° Exploit – A tool that automates a hack, typically taking advantage of a vulnerability in the targeted system.

° False positive – Alert from an intrusion detection or email hygiene system when it mistakenly identifies a legitimate event as malicious.

° Keystroke logger – An application that, on entering a host, unobtrusively logs all the user's keyboard presses. See spyware and trojan.

° Logic bomb – Malicious code left behind in an application that ‘goes off' at a set time, for example, by deleting valuable files.

° Malware – Generic term for malicious software, such as viruses, worms and Trojan horses.

° Open relay – Misconfigured mail server that enables anyone, but normally spammers, to anonymously route email.

° Phishing – Fraudulent emails purporting to be from a commerce or banking website seeking to trick users into giving away passwords.

° Port scan – An automated scan to find open ports on a network-connected PC or server.

° PKI – Public key infrastructure: encryption key and digital certificate system to check the validity of online exchanges and transactions.

° Script-kiddie – An unsophisticated hacker who uses others' ready-made attack tools.

° Sniffer – An application running in the background that analyses network traffic.

° Social engineering – Persuading naive users to part with crucial information, such as passwords, by non-technical means. See phishing.

° Spyware – Software installed from a website without the user's knowledge and designed to capture personal details. Also known as adware.

° SPIM/SPIT – Spam (unwanted mail) sent via instant messaging (IM) and IP telephony.

° SQL injection attack – Attack that involves inputting SQL code into website log in and password fields, tricking it into granting access.

° SSL – Secure sockets layer: a cryptographic protocol for providing clientless security for Internet communications.

° Trojan horse – An application nefariously loaded on a target system with the intent of executing malicious code or to gain access.

° Virus – A malicious program that attaches itself to legitimate applications, normally with harmful side effects.

° WEP/WPA – Wireless security standards. ‘Wired equivalent privacy' provides only basic security, so ‘WiFi protected access', which uses 128-bit encryption, has mostly replaced it.

° Worm – A self-replicating virus that automatically duplicates and sends copies of itself either to email addresses or IP addresses.

° Zero-day attack – Exploits a newly discovered flaw before vendors are able to patch it.