– The name given to any software application in which advertising banners are displayed on the web page. The advertisements can generally be viewed through pop-up windows or through a bar that appears on a computer screen^[68].

– (Asynchronous JavaScript and Extensible Markup Language or XML) is a set of technologies which enable greater processing to be carried out on the client computer, rather than the server. In the traditional Web application, the user clicked and then waited some number of seconds for the server to respond and refresh the page. In contrast, Ajax-enabled web pages are far more reactive, giving the user the appearance that pages are updating instantly. This is illustrated by the application Google Maps, where the page and map are refreshed instantly as the cursor is moved. Ajax is not a new technology, but rather a combination of existing technologies being used in a new way.

– In contrast to typical Web 1.0 applications, Ajax applications send a greater number of smaller requests to the server which create many more points of input.

The inputs are also referred to as Ajax endpoints which provide a greater number of opportunities for that traffic to be attacked.

– Blog is an abbreviation of Weblog, which is a term originally used to describe a web page where the blogger (author or writer of the page) logs all other web pages they find interesting. Readers can subscribe to a blog, post comments to a blog, and select links on a blog.

– A collaboration tool uses a variety of Web 2.0 technologies with the purpose of aiding internal collaboration and communication within the workplace.

– Generally speaking, a copyright owner is in the first instance the creator of a literary, dramatic, musical or artistic work. Copyrights in works made during the course of employment are owned by the employer and not the employee^[69].

– A W3C (World Wide Web Consortium) recommended language for defining style (look and feel such as font, size, color, spacing, etc.) for web documents^[70]. It is a technology which enables content (written in HTML or a similar mark-up language) to be separated from its presentation (written in CSS). Because they cascade, some elements take precedence over others.

– A collection of facts from which conclusions may be drawn^[71].

– In the context of the UK Data Protection Act, the data controller is the person who determines the purposes for which, and the manner in which, personal information is to be processed. This may be an individual or an organisation and the processing may be carried out jointly or in common with other persons^[72].

– The living individual who is the subject of the personal information (data)66.

– The process of sorting through data to identify patterns and establish relationships^[73]. On the web, data can be mined using search engines or Spiders.

– An act of communication that causes someone to be shamed, ridiculed, held in contempt, lowered in the estimation of the community, or to lose employment status or earnings or otherwise suffer a damaged reputation.^[74]

– A systematic approach to copyright protection for digital media. The Digital Millennium Copyright Act (DMCA) was enacted on 28 October 1998 in the United States in order to protect the digital rights of copyright owners and consumers^[75].

– Web 2.0 tools enable users to connect with a very large number of people in a short period of time at low cost. This is referred to as the ‘viral’ nature of Web 2.0: the virus metaphor describes the ability of a virus to reproduce itself very rapidly in a short space of time. The speed with which this can happen, and the number of people who can be involved is also described with more positive connotations, as ‘exponential’.

– File Transfer Protocol is a method of transferring files over the Internet.

– Google Mail, or Gmail is a free, search–based webmail service available from Google, which also enables e–mails to be picked up on mobiles. Security vulnerabilities in Gmail have caused e–mails to be transferred and stolen with consequent potential data disclosure^[76]. Although Google patched the vulnerability, users of Gmail were not necessarily made aware of the need to repair the derived vulnerability in their own systems. The fact that Web 2.0 companies apparently prefer to downplay such issues might lead to them becoming a preferred attack vector for hackers and malware jockeys.

– A collection of tags used to organise and easily find content on the web. A folksonomy is created collaboratively and is also contributed to by users.

– The New Shorter Oxford English Dictionary provides these helpful definitions: ‘knowledge or facts communicated about a particular subject, events, etc; intelligence, news’ and ‘without necessary relation to a recipient: that which inheres in or is represented by a particular arrangements, sequence or set, that may be stored in, transferred by, and responded to by inanimate things’. Clearly information, or data, exists in many forms but, for the purposes of its security, we are concerned with data that has a digital, paper, or voice format. Information is defined by Coleman and Levine as ‘Data put into context by a human to give it meaning’.

– (IM) is a communication methodology that is analogous to a private chat room; it enables you to communicate over the Internet in real time with another person, using text.

– The massive, global network of networks, connecting millions of computers, allowing any computer to communicate with any other by any one of a number of protocols. The Internet is not the (World Wide) Web.

– Intellectual property (IP) can allow you to own things you create in a similar way to owning physical property^[77]. Intellectual property implies ownership of content which is created intellectually, through thinking, or the creation of ideas. Intellectual property acts define this ownership in law.

There are four main types of intellectual property:

Intellectual property rights are a complex area of law; an appreciation of the complexities of the subject can be gained from referring to the FAQs available from the United States Copyright Office and the US Patent and Trademark Office.

– A type of programming language used for Web applications whereby the commands are interpreted and run one at a time. Javascript is on the client computer for Web 2.0 applications to initiate calls to the server and then to programmatically access and update the client’s browser^[78].

– Denotes software designed for some malicious purpose. Common forms of malware include viruses, worms and Trojans.

A virus is able to produce copies of itself but depends on a host file to carry each copy. A worm can also replicate itself but does not rely on a host file to carry it. A worm can replicate itself by means of a transmission medium such as e-mail, instant messaging, Internet Relay Chat or network connections.

Trojan malware is an analogy derived from the legend of the wooden horse built by the ancient Greeks built to enable them to enter the walled city of Troy by stealth – by concealing themselves inside the wooden horse. In computer terms a Trojan is hostile code concealed within and purporting to be bona fide code, often with the intention of achieving control over another system or collecting information from within it.

– In the context of Web 2.0, the mechanism by which multiple sources of information can be combined to create a single application.

– Web 2.0 online collaboration tools provide users with the ability not only to upload content to the web, but also to upload content to a single, shared space which can be accessed by many users.

Web 2.0 online collaboration tools incorporate Web 2.0 technologies such as social networking and wikis within a single application or workspace which is visible to the entire team. They enable users to:

– The concept of Openness within the context of Web 2.0 relates more to making intellectual ideas, developments or creations available so that they can be developed exponentially by a wider, external community. The antonyms of openness and open source are closed and closed source.

– In the context of Web filtering, the damaging material contained in a packet of data.

– That information about a living person (i.e. not an organisation) that is protected by legislation and regulation.

– (PII) any information relating to an identified or identifiable individual who is the subject of the information such as a Social Security number, date of birth, mother’s maiden name, address, etc.^[79]

– Sending e–mails that falsely claim to come from a legitimate company in an attempt to scam users into surrendering information that can be used for identity theft.

– Really Simple Syndication (RSS) is the most well-known type of Web feed. A Web feed is an automatic notification of an update to a website. Notification of new content requires a subscription to that ‘feed’ as well as an RSS reader and/or Atom reader software which enables new content to be viewed. The readers are either downloadable programs or available as online services.

– Includes confidential medical information or information relating to racial or ethnic origins, political or religious beliefs or sexuality that is tied to personal information.

– An electronic signature which is used by banks to prove themselves as the originators of e-mails combat phishing attacks.

– A virtual community, usually via the Internet but also increasingly available via mobile devices such as the iPhone. Social networking websites enable users to create their own online page or profile and to construct and display an online network of contacts, often called ‘friends’. Users create their own pages, link to other members and communicate by voice, chat, instant message, videoconference and blog. They can communicate via their profile both with their ‘friends’ and with people outside their list of contacts. This can be on a one-to-one basis or in a more public way such as a comment, typically posted on a message board for all to see.

– (SaaS) describes the delivery of a software application as a service via the web.

– Whatis define a spider as follows:

A spider is a program that visits websites and reads their pages and other information in order to create entries for a search engine index. The major search engines on the Web all have such a program, which is also known as a crawler or a bot. Spiders are typically programmed to visit sites that have been submitted by their owners as new or updated. Entire sites or specific pages can be selectively visited and indexed. Spiders are called spiders because they usually visit many sites in parallel at the same time, their ‘legs’ spanning a large area of the ‘web’. Spiders can crawl through a site’s pages in several ways. One way is to follow all the hypertext links in each page until all the pages have been read^[80].

– Technology that gathers information about a person or organisation from the Web without their permission^[81].

– In contrast to Asynchronous communication, Synchronous communication is that which occurs between 2 or more people within 5 seconds.

– The term ‘Trojan’ is derived from the story of the Trojan horse in the greek story. Within the context of IT security a Trojan is hostile code concealed within, and purporting to be, bona fide code. It is designed to reach a target stealthily and to be executed inadvertently. It may have been installed at the time the software was developed. They can be programs that, while perhaps appearing to be a useful utility, are designed to secretly damage the host system. Some will also try to open up host systems to outside attack.

– Central to Web 2.0 is the idea that content should be created by users, that users can interact with the Web and that users have moved from passive absorbers of Web content to being active interactors with the web. Users not only download content but also upload it. Technologies such as wikis, blogs, video sharing and photo sharing all consist of user-created content. Web 2.0 technologies enable Web content to be created easily by anybody, rather than being solely the output of ‘experts’. Web 2.0 technologies support the rapid creation of new content at speeds much faster than is possible in a Web 1.0 environment. Tapscott and Williams ^[82] describe the creation of a Wikipedia account of the London bombings which occurred in 2005:

The established media are therefore increasingly using user-generated reports and video clips which provide valuable, comprehensive, up-to-the-minute, eyewitness accounts of events.

– Web 2.0 tools enable users to connect with a very large number of people in a short period of time at low cost. This is referred to as the ‘viral’ nature of Web 2.0: the virus metaphor describes the ability of a virus to reproduce itself very rapidly in a short space of time. The speed with which this can happen, and the number of people who can be involved is also described with more positive connotations, as ‘exponential’.

– Voice over IP/Voice over Broadband is a technology that enables voice-to-voice communication across the Internet.

– A weakness of an asset or group of assets that can be exploited by a threat. There are regularly updated central stores of known vulnerabilities.

– The (usually automated) evaluation (or vulnerability scanning) of operating systems and applications to identify missing fixes for known problems so that the necessary fixes can be installed and the systems made safe.

– An automated process of scanning a network or a series of information assets to establish if they display any of the characteristics of known vulnerabilities.

– Wikipedia describes a wiki as ‘software that allows registered users or anyone to collaboratively create, edit, link, and organize the content of a website, usually for reference material’.^[83]

– An information-sharing construct that sits on top of the Internet, and uses HTTP to transmit data. It is not synonymous with the Internet. A browser is required for accessing Web content.

– A ‘zero-day’ vulnerability is one where hackers take advantage of vulnerability on the same day as it is announced. For further details, see the IT Governance Best Practice Report: Data breaches: Trends, costs and best practices.