Cyber Security - A Glossary of Terms
New to cyber security? Let’s get to work on decrypting some of the jargon
To gain knowledge or information within a system. The aim may be to gain control of certain system functions.
A group or individual who has criminal intent or carry out activities that will result in disruption.
A piece of software that’s installed on a computer to protect it from malicious attack.
A resource or piece of information that an organisation or individual owns that is valuable to them.
A backdoor is sometimes built into a system to allow the developers instant access without needing to log in. If found by an unscrupulous person, a backdoor can be a serious security issue.
Infected or compromised devices formed in a network that’s connected via the internet.
Business continuity management
The plans that an organisation puts in place to manage risk and ensure that the business continues in the event of a breach or attack.
Bring your own device (BYOD)
Staff using their own devices such as mobile phones and laptops that have been authorised by the employer. BYOD is considered a potential risk to information security. Managing this correctly, as well as remote working is a requirement of ISO 27001.
The act of delivering a service remotely using online servers – just like the ISMS.online software service!
An encrypted form of data or information.
Information or data that is only disclosed to authorised persons.
A self-assessment certification that allows you to demonstrate your organisation’s practices against cyber crime.
When information or assets have been accessed, moved or changed without permission. Also referred to as a data spill or data leak.
To convert encoded information into plain text using code.
Denial of Service (DoS)
A type of cyber attack that involves sending large amounts of fake traffic to a website in order to impair the system or service.
When information is transferred from an information system without consent.
The architecture of communications using wired local area networks.
End-user device (EUD)
The term used to describe devices like mobile phones and laptops that connect to an organisation’s network.
To breach a secure network in order to gain data or other assets.
In the world of cyber security, digital forensics involves retrieving information from a mobile phone, computer or server. This could be to look for evidence of a data breach or find deleted messages detailing criminal activity.
Software that is used to limit the traffic flow between networks and to protect a system from attack.
The Government Communications Headquarters works to combat terrorism, cyber crime and child pornography using foreign intelligence.
The General Data Protection Regulation which replaces the current Data Protection Act in May 2018. Focusses on the rights of the consumer and contains strict guidelines on reporting cyber attacks and data breaches.
To compare actual performance against what is expected, leaving a gap.
The name given to a person who accesses computer networks by the backdoor (see B above). This can be for malicious intent but is just as likely to be performed by someone that is testing a system and looking for vulnerabilities to be fixed.
Applying a mathematical algorithm to a piece of data in order to disguise it.
The gold standard in information security management systems (ISMS). Achieving this accreditation demonstrates that an organisation’s ISMS meets the standards of the International Organisation for Standardisation.
Information and Communications Technology (ICT)
A threat made to exploit the ICT supply chain.
A sign that a security incident may be in progress.
The term used to describe information or data that has not been modified or tampered with.
This process involves removing the security restrictions of a device, often a mobile phone. This then allows the owner to install unofficial apps and make modifications to the system.
A virus that records the keystrokes performed by the user in order to obtain bank card details.
The numerical value used to control cryptographic operations.
A logic bomb is a piece of code that gets inserted into a system and contains a set of secret instructions. When a particular action is carried out, this triggers the code to perform a malicious action, like the deletion of files.
The links between locations within an organisation.
A program stored on a computer that can automate tasks and can be easily accessed by a hacker.
A piece of software that can compromise operating systems and leave them vulnerable to attack.
A connected group of computers linked via the web.
The term used to prevent a person or persons from denying that they accessed or altered data.
Network Information Systems Directive is a regulation designed to improve cyber resilience.
NIST Cyber Security Standard
The National Institute of Standards and Technology is a framework used in the US to ensure businesses are equipt to defend themselves from cybercrime.
An individual or group that access or have the ability to access assets of an organisation.
Using the services of another organisation to complete tasks within your own.
Also known as a pen test, this is a method of assessing vulnerabilities in a network
The act of attempting to deceive an individual into revealing personal information that they wouldn’t ordinarily divulge.
This is the name of the technology that makes cryptographic equipment tamper-proof.
software that prevents a user from accessing their own files or network, only releasing the information after receiving payment.
Software as a Service (SaaS)
Delivering services using the cloud network.
A boundary where security controls are enforced.
A more targetted version of phishing where the email is designed to look exactly as expected.
A way of encrypting data, hiding it within text or images, often for malicious intent.
Two-Factor Authentication (2FA)
The act of using two separate components to verify a person’s identity.
Traffic Light Protocol
The use of the red, amber, green and white to classify who sensitive information should be shared with.
Data that is included in an authentication token.
Malicious computer programs that are able to replicate themselves once a computer is infected.
A self-replicating program that uses computer networks to spread.
Vulnerabilities or bugs that have only just been discovered, but are not yet known to anti-virus companies.