Virtual (pure-play) organizations
Organizations that conduct their business activities solely online through the Internet.
Virtualization
The simulation of the software and/or hardware upon which other software runs using virtual machine. It allows organizations to reduce costs by running multiple Web servers on a single host computer and by providing a mechanism for quickly responding to attacks against a Web server. There are several concepts in virtualization such as application virtualization, bare metal (native) virtualization, full virtualization, hosted virtualization, operating system virtualization, para-virtualization, and tape virtualization.
Virus
(1) It is a self-replicating computer program that runs and spreads by modifying other programs or files. (2) It is a malware computer program form that can copy itself and infect a computer without permission or knowledge of the user. A virus might corrupt or delete data on a computer, use e-mail programs to spread itself to other computers, or even erase everything on a hard disk. It is similar to a Trojan horse insofar as it is a program that hides within a program or data file and performs some unwanted function when activated. The main difference is that a virus can replicate by attaching a copy of itself to other programs or files, and may trigger an additional “payload” when specific conditions are met.
Virus hoax
An urgent warning message about a nonexistent virus.
Virus signature
Alternations to files or applications indicating the presence of a virus, detectable by virus scanning software.
Virus trigger
A condition that causes a virus payload to be executed, usually occurring through user interaction (e.g., opening a file, running a program, and clicking on an e-mail file attachment).
Voice over Internet Protocol (VoIP)
It is the transmission of voice over packet-switched IP networks used in traditional telephone handsets, conferencing units, and mobile units.
Volatile memory
Memory that loses its content when power is turned off or lost.
Volatile security controls
Measure how frequently a control is likely to change over time subsequent to its implementation. These controls should be assessed and monitored more frequently, and examples include configuration management family (for example, configuration settings, software patches, and system component inventory). This is because system configurations experience high rates of change, and unauthorized or unanalyzed changes in the system configuration often render the system vulnerable to exploits.
Volume encryption
The process of encrypting an entire volume, which is a logical unit of storage composing a file system, and permitting access to the data on the volume only after proper authentication is provided.
Vulnerability
Flaws or weaknesses in an information system; system security policies and procedures; hardware, system design, and system implementation procedures; internal controls; technical controls; operational controls; and management controls that could be accidentally triggered or intentionally exploited by a threat-source and result in a violation of the system’s security policy. Note that vulnerabilities lead to threats that, in turn, lead to risks. Vulnerabilities ⇒Threats ⇒Risks.
Vulnerability analysis
The systematic examination of systems in order to determine the adequacy of security measures, to identify security deficiencies, and to provide data from which to predict the effectiveness of proposed security measures. Vulnerability analysis should be performed first followed by threat analysis because vulnerabilities ⇒threats ⇒risks.
Vulnerability assessment
(1) A formal description and evaluation of the vulnerabilities in an information system. (2) It is a systematic examination of the ability of a system or application, including current security procedures and controls to withstand assault. (3) A vulnerability assessment may be used to (i) identify weaknesses that would be exploited, (ii) predict the effectiveness of proposed security measures in protecting information resources from attack, and (iii) confirm the adequacy of such measures after implementation.
Vulnerability audit
The process of identifying and documenting specific vulnerabilities in critical information systems.
Vulnerability database
A security exposure in an operating system or other system software or application software component. A variety of organizations maintain publicly accessible databases of vulnerabilities based on the version number of the software. Each vulnerability can potentially compromise the system or network if exploited.
Vulnerability scanning tool
A technique used to identify hosts and host attributes, and then to identify the associated vulnerabilities.
W
Walk throughs
A project management technique or procedure where the programmer, project team leader, functional users, system analyst, or manager reviews system requirements, design, and programming and test plans and design specifications and program code. The objectives are to (1) prevent errors in logic and misinterpretation of user requirements, design and program specifications and (2) prevent omissions. It is a management and detective control. In a system walkthrough, for example, functional users and IS staff together can review the design or program specifications, program code, test plans, and test cases to detect omissions or errors and to eliminate misinterpretation of system or user requirements. System walkthroughs can also occur within and among colleagues in the IS and system user departments. It costs less to correct omissions and errors in the early stages of system development than it does later. This technique can be applied to both system development and system maintenance.
War dialing
It involves calling a large group of phone numbers to detect active modems or PBXs.
War driving
When attackers and other malicious parties drive around office parks and neighborhoods with laptop computers equipped with wireless network cards in an attempt to connect to open network points is called war driving.
Warez