Information Security Glossary - A - C
Glossary – A
Acceptable Use Policy – A policy document providing a list of statements of how an organisation’s information systems & assets may and may not be used.
Access – To gain knowledge or information within a system. The aim may be to gain control of certain system functions.
Access Control Policy – A policy document providing a list of statements for the security requirements for access to facilities and systems.
Accreditation (ISO 27001) – Refers specifically to the accreditation of ISO 27001 certification auditing bodies (regulated by the UK Accreditation Service (UKAS)).
ACP – Access Control Policy.
Adversary – A group or individual who has criminal intent or carry out activities that will result in disruption.
Antivirus – A piece of software that’s installed on a computer to protect it from a malicious attack.
Asset – Anything that has value to the organisation, its operations and its continuity.
Audit – The formal review of actions, processes, policies and procedures to determine effectiveness and appropriateness.
AUP – Acceptable Use Policy.
Authentication – The process ensuring that the identity of the entity is the one claimed.
Authorisation – The process of associating rights and permissions to an authenticated entity.
Availability – The property of being accessible and usable upon demand by an authorised entity.
Glossary – B
Backdoor – A backdoor is sometimes built into a system to allow the developers instant access without needing to log in. If found by an unscrupulous person, a backdoor can be a serious security issue.
BSI – British Standards Insititute
Business Continuity Management – A compilation of processes that identifies and evaluates potential risks to an organisation & develops the organisation’s resilience by ensuring critical objectives are met and the resources necessary to achieve those objectives are available.
Business Continuity Plan – The plan laying out the business continuity measures for an asset, system, process or organisation.
Bring Your Own Device (BYOD) – Staff using their own devices such as mobile phones and laptops that have been authorised by the employer. BYOD is considered a potential risk to information security. Managing this correctly, as well as remote working is a requirement of ISO 27001.
Glossary – C
CIA – Confidentiality, Integrity, Availability.
CISSP – Certified Information Systems Security Professional
Ciphertext – An encrypted form of data and information.
Cloud Computing – The use of computing resources (hardware & software) that are delivered as a service over a network (typically the internet).
Compliance – Adhering to the requirements of legislation, regulation, standards or contractual requirements.
Confidentiality – The property that information is not made available or disclosed to unauthorised individuals, entities or processes.
Cryptography – The practise and study of techniques for secure communication in the presence of third parties.
Cyber Essentials – A self-assessment certification that allows you to demonstrate your organisation’s practises against cyber crime.
Cybersecurity – The protection of devices, services and networks – and the information on them – from theft or damage.