Cyber Security - A Glossary of Terms

New to cyber security? Let’s get to work on decrypting some of the jargon

A

Access

To gain knowledge or information within a system. The aim may be to gain control of certain system functions.

Adversary

A group or individual who has criminal intent or carry out activities that will result in disruption.

Antivirus

A piece of software that’s installed on a computer to protect it from malicious attack.

Asset

A resource or piece of information that an organisation or individual owns that is valuable to them.

B

Backdoor

A backdoor is sometimes built into a system to allow the developers instant access without needing to log in. If found by an unscrupulous person, a backdoor can be a serious security issue.

Botnet

Infected or compromised devices formed in a network that’s connected via the internet.

Business continuity management

The plans that an organisation puts in place to manage risk and ensure that the business continues in the event of a breach or attack.

Bring your own device (BYOD)

Staff using their own devices such as mobile phones and laptops that have been authorised by the employer. BYOD is considered a potential risk to information security. Managing this correctly, as well as remote working is a requirement of ISO 27001.

 

C

Cloud computing

The act of delivering a service remotely using online servers – just like the ISMS.online software service!

Ciphertext

An encrypted form of data or information.

Confidentiality

Information or data that is only disclosed to authorised persons.

Cyber Essentials

A self-assessment certification that allows you to demonstrate your organisation’s practices against cyber crime.

D

Data Breach

When information or assets have been accessed, moved or changed without permission. Also referred to as a data spill or data leak.

Decode

To convert encoded information into plain text using code.

Denial of Service (DoS)

A type of cyber attack that involves sending large amounts of fake traffic to a website in order to impair the system or service.

 

E

Exfiltration

When information is transferred from an information system without consent.

Ethernet

The architecture of communications using wired local area networks.

End-user device (EUD)

The term used to describe devices like mobile phones and laptops that connect to an organisation’s network.

Exploit

To breach a secure network in order to gain data or other assets.

 

F

Forensics

In the world of cyber security, digital forensics involves retrieving information from a mobile phone, computer or server. This could be to look for evidence of a data breach or find deleted messages detailing criminal activity.

Firewall

Software that is used to limit the traffic flow between networks and to protect a system from attack.

 

G

GCHQ

The Government Communications Headquarters works to combat terrorism, cyber crime and child pornography using foreign intelligence.

GDPR

The General Data Protection Regulation which replaces the current Data Protection Act in May 2018. Focusses on the rights of the consumer and contains strict guidelines on reporting cyber attacks and data breaches.

Gap Analysis

To compare actual performance against what is expected, leaving a gap.

H

Hacker

The name given to a person who accesses computer networks by the backdoor (see B above). This can be for malicious intent but is just as likely to be performed by someone that is testing a system and looking for vulnerabilities to be fixed.

Hashing

Applying a mathematical algorithm to a piece of data in order to disguise it.

I

ISO 27001

The gold standard in information security management systems (ISMS). Achieving this accreditation demonstrates that an organisation’s ISMS meets the standards of the International Organisation for Standardisation.

Information and Communications Technology (ICT)

A threat made to exploit the ICT supply chain.

Indicator

A sign that a security incident may be in progress.

Integrity

The term used to describe information or data that has not been modified or tampered with.

J

Jailbreak

This process involves removing the security restrictions of a device, often a mobile phone. This then allows the owner to install unofficial apps and make modifications to the system.

K

Keyboard Logger

A virus that records the keystrokes performed by the user in order to obtain bank card details.

Key

The numerical value used to control cryptographic operations.

L

Logic Bomb

A logic bomb is a piece of code that gets inserted into a system and contains a set of secret instructions. When a particular action is carried out, this triggers the code to perform a malicious action, like the deletion of files.

Leased Circuit

The links between locations within an organisation.

M

Macro Virus

A program stored on a computer that can automate tasks and can be easily accessed by a hacker.

Malware

A piece of software that can compromise operating systems and leave them vulnerable to attack.

N

Network

A connected group of computers linked via the web.

Non-repudiation

The term used to prevent a person or persons from denying that they accessed or altered data.

NIS Directive

Network Information Systems Directive is a regulation designed to improve cyber resilience.

NIST Cyber Security Standard

The National Institute of Standards and Technology is a framework used in the US to ensure businesses are equipt to defend themselves from cybercrime.

O

Outsider Threat

An individual or group that access or have the ability to access assets of an organisation.

Outsourcing

Using the services of another organisation to complete tasks within your own.

P

Penetration testing

Also known as a pen test, this is a method of assessing vulnerabilities in a network

Phishing

The act of attempting to deceive an individual into revealing personal information that they wouldn’t ordinarily divulge.

Q

Quadrant

This is the name of the technology that makes cryptographic equipment tamper-proof.

R

Ransomware

software that prevents a user from accessing their own files or network, only releasing the information after receiving payment.

S

Software as a Service (SaaS)

Delivering services using the cloud network.

Security perimeter

A boundary where security controls are enforced.

Spear Phishing

A more targetted version of phishing where the email is designed to look exactly as expected.

Steganography

A way of encrypting data, hiding it within text or images, often for malicious intent.

T

Two-Factor Authentication (2FA)

The act of using two separate components to verify a person’s identity.

Traffic Light Protocol

The use of the red, amber, green and white to classify who sensitive information should be shared with.

U

Unsigned Data

Data that is included in an authentication token.

V

Virus

Malicious computer programs that are able to replicate themselves once a computer is infected.

W

Worm

A self-replicating program that uses computer networks to spread.

X

Y

Z

Zero Day

Vulnerabilities or bugs that have only just been discovered, but are not yet known to anti-virus companies.

Want to learn more about how ISMS.online can help you manage information security?

ISMS Online Rating: 5 out of 5
Share This