• Attack: An intentional or unintentional act that can cause damage to or otherwise com¬promise information and/or the systems that support it. Attacks can be active or passive, intentional or unintentional, and direct or indirect. Someone casually reading sensitive information not intended for his or her use is a passive attack. A hacker attempting to break into an information system is an intentional attack. A lightning strike that causes a fire in a building is an unintentional attack. A direct attack is a hacker using a personal computer to break into a system. An indirect attack is a hacker compromising a system and using it to attack other systems, for example, as part of a botnet (slang for robot net¬work). This group of compromised computers, running software of the attacker's choos¬ing, can operate autonomously or under the attacker's direct control to attack systems and steal user information or conduct distributed denial-of-service attacks. Direct attacks orig¬inate from the threat itself. Indirect attacks originate from a compromised system or resource that is malfunctioning or working under the control of a threat.