Attack: In computer and computer networks an attack is any attempt to destroy, expose, alter, disable, steal or gain unauthorized

access to or make unauthorized use of an asset. An attack can be active or passive. An "active attack" attempts to alter system resources or affect their operation. A "passive attack" attempts to learn or make use of information from the system but does not affect system resources. (E.g., wiretapping.) An attack can be perpetrated by an insider or from outside the organization. An "inside attack" is an attack initiated by an entity inside the security perimeter (an "insider"), i.e., an entity that is authorized to access system resources but uses them in a way not approved by those who granted the authorization. An "outside attack" is initiated from outside the perimeter, by an unauthorized or illegitimate user of the system (an "outsider"). In the Internet, potential outside attackers range from amateur pranksters to organized criminals, international terrorists, and hostile governments.

Trojan: The Trojan horse, also known as trojan, in the context of computing and software, describes a class of computer threats (malware) that appears to perform a desirable function but in fact performs undisclosed malicious functions that allow unauthorized access to the host machine, giving them the ability to save their files on the user's computer or even watch the user's screen and control the computer. Trojan Horses (not technically a virus) can be easily and unwittingly downloaded. For example, if a computer game is designed such that, when executed by the user, it opens a back door that allows a hacker to control the computer of the user, then the computer game is said to be a Trojan horse. However, if the computer game is legitimate, but was infected by a virus, then it is not a Trojan horse, regardless of what the virus may do when the game is executed. The term is derived from the classical story of the Trojan Horse. Virus: A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the owner. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. A true virus can only spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it

over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer. The term "computer virus" is sometimes used as a catch-all phrase to include all types of malware. Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware, and other malicious and unwanted software), including true viruses. Viruses are sometimes confused with computer worms and Trojan horses, which are technically different. A worm can exploit security vulnerabilities to spread itself to other computers without needing to be transferred as part of a host, and a Trojan horse is a program that appears harmless but has a hidden agenda. Worms and Trojans, like viruses, may cause harm to either a computer system's hosted data, functional performance, or networking throughput, when they are executed. Some viruses and other malware have symptoms noticeable to the computer user, but many are surreptitious. Most personal computers are now connected to the Internet and to local area networks, facilitating the spread of malicious code. Today's viruses may also take advantage of network services such as the World Wide Web, e-mail, Instant Messaging, and file sharing systems to spread. Threat: A potential cause of an incident, that may result in harm of systems and organization. vulnerability - weakness of an asset or control that can be exploited by a threat (or) A threat is a person or group of people as well as an act of nature (e.g. earthquake, tornado or flood) that is the potential cause of an unwanted incident. A threat is not a malicious computer programme (e.g. virus, worm or trojan) or a specific type of attack (e.g. denial of service attack or man-in-the-middle). These are tools or methods used by threats (people) to reach their objectives.