The field of information security is extremely complex. It ranges from highly technical and specialized fields of study and application such as cryptography and data encryption, to hardware and software technologies such as firewalls and spam filters to protect information systems from malicious software attacks, to managerial policies about who has authorized access to data or information. Furthermore, the IT industry uses a variety of terms such as data security, information security, information systems security, network security, cybersecurity, computer security, and computer insecurity to refer to the general concept of security. Some of the knowledge about security captured under each of these terms is the same and some of the knowledge is different. To further illustrate the complexity of the security issue consider that the federal government's National Security Telecommunications and Information Systems Security Committee has recently published the National Information Systems Security Glossary (Infosec), an eighty-page document consisting of hundreds of technical terms related to security issues in information technology.l Despite this effort to standardize the use of the terms, many IT security professionals often use their own unique terminology, leading to some confusion in the field.