Business
A company, service or membership organization consisting of one or more establishments
under common ownership or control. For this survey, major subsidiaries were treated as
separate businesses.
CERT C.C.
An organization that works with the U.S. Computer Emergency Readiness Team (CERT) and
the private sector. CERT C.C. studies computer and network security in order to provide
incident response services to victims of attacks, publish alerts concerning
vulnerabilities and threats, and offer information to help improve computer and network
security.
Computer virus
A hidden fragment of computer code which propagates by inserting itself into or
modifying other programs. Includes viruses, worms, and Trojan horses. Excludes
spyware, adware, and other malware.
Denial of service
The disruption, degradation, or exhaustion of an Internet connection or e-mail service
that results in an interruption of the normal flow of information. Denial of service is
usually caused by ping attacks, port scanning probes, or excessive amounts of incoming
data.
Electronic vandalism or sabotage
The deliberate or malicious damage, defacement, destruction or other alteration of
electronic files, data, web pages, or programs.
Embezzlement
The unlawful misappropriation of money or other things of value, by the person to whom
the property was entrusted (typically an employee), for his or her own purpose.
Includes instances in which a computer was used to wrongfully transfer, counterfeit,
forge or gain access to money, property, financial documents, insurance policies,
deeds, use of rental cars, or various services by the person to whom they were
entrusted.
Fraud
The intentional misrepresentation of information or identity to deceive others, the
unlawful use of a credit or debit card or ATM, or the use of electronic means to
transmit deceptive information, in order to obtain money or other things of value.
Fraud may be committed by someone inside or outside the business. Includes instances in
which a computer was used to defraud the business of money, property, financial
documents, insurance policies, deeds, use of rental cars, or various services by
forgery, misrepresented identity, credit card or wire fraud. Excludes incidents of
embezzlement.
Information Sharing and Analysis Centers (ISACs)
Organizations that work with the U.S. Government, law enforcement agencies, technology
providers, and security associations such as U.S. CERT. ISACs maintain secure
databases, analytic tools and information gathering and distribution facilities
designed to allow authorized individuals to submit reports about information security
threats, vulnerabilities, incidents and solutions.
InfraGard
An information sharing and analysis effort serving the interests and combining the
knowledge base of a wide range of members. At its most basic level, InfraGard is a
partnership between the Federal Bureau of Investigation and the private sector.
Other computer security incidents
Incidents that do not fit within the definitions of the specific types of cyber attacks
and cyber theft. Encompasses spyware, adware, hacking, phishing, spoofing, pinging,
port scanning, sniffing, and theft of other information, regardless of whether damage
or losses were sustained as a result.
Subsidiary
A company in which another business has more than 50% ownership or the power to direct
or cause the direction of management and policies.
Theft of intellectual property
The illegal obtaining of copyrighted or patented material, trade secrets, or trademarks
(including designs, plans, blueprints, codes, computer programs, software, formulas,
recipes, graphics) usually by electronic copying. Excludes theft of personal or
financial data such as credit card or social security numbers, names and dates of
birth, financial account information, or any other type of information.
Theft of personal or financial data
The illegal obtaining of information that potentially allows someone to use or create
accounts under another name (individual, business, or some other entity). Personal
information includes names, dates of birth, social security numbers, or other personal
information. Financial information includes credit, debit, or ATM card account or PIN
numbers. Excludes theft of intellectual property such as copyrights, patents, trade
secrets, and trademarks. Excludes theft of any other type of information.
U.S. CERT
The United States Computer Emergency Readiness Team is a partnership between the
Department of Homeland Security and the public and private sectors. Established in 2003
to protect the nation's Internet infrastructure, U.S. CERT coordinates defense against
and responses to cyber attacks across the nation.