Information Security Glossary - A - C

Glossary – A

Acceptable Use Policy – A policy document providing a list of statements of how an organisation’s information systems & assets may and may not be used. 

Access – To gain knowledge or information within a system. The aim may be to gain control of certain system functions. 

Access Control Policy – A policy document providing a list of statements for the security requirements for access to facilities and systems. 

Accreditation (ISO 27001) – Refers specifically to the accreditation of ISO 27001 certification auditing bodies (regulated by the UK Accreditation Service (UKAS)). 

ACP – Access Control Policy.

Adversary – A group or individual who has criminal intent or carry out activities that will result in disruption. 

Antivirus – A piece of software that’s installed on a computer to protect it from a malicious attack. 

Asset – Anything that has value to the organisation, its operations and its continuity. 

Audit – The formal review of actions, processes, policies and procedures to determine effectiveness and appropriateness. 

AUP – Acceptable Use Policy. 

Authentication – The process ensuring that the identity of the entity is the one claimed. 

Authorisation – The process of associating rights and permissions to an authenticated entity. 

Availability – The property of being accessible and usable upon demand by an authorised entity.

Glossary – B

Backdoor – A backdoor is sometimes built into a system to allow the developers instant access without needing to log in. If found by an unscrupulous person, a backdoor can be a serious security issue. 

BSI – British Standards Insititute

Business Continuity Management – A compilation of processes that identifies and evaluates potential risks to an organisation & develops the organisation’s resilience by ensuring critical objectives are met and the resources necessary to achieve those objectives are available. 

Business Continuity Plan – The plan laying out the business continuity measures for an asset, system, process or organisation.

Bring Your Own Device (BYOD) – Staff using their own devices such as mobile phones and laptops that have been authorised by the employer. BYOD is considered a potential risk to information security. Managing this correctly, as well as remote working is a requirement of ISO 27001. 

Glossary – C

CIA – Confidentiality, Integrity, Availability. 

CISSP – Certified Information Systems Security Professional

Ciphertext – An encrypted form of data and information. 

Cloud Computing – The use of computing resources (hardware & software) that are delivered as a service over a network (typically the internet). 

Compliance – Adhering to the requirements of legislation, regulation, standards or contractual requirements.

Confidentiality – The property that information is not made available or disclosed to unauthorised individuals, entities or processes. 

Cryptography – The practise and study of techniques for secure communication in the presence of third parties.  

Cyber Essentials – A self-assessment certification that allows you to demonstrate your organisation’s practises against cyber crime. 

Cybersecurity – The protection of devices, services and networks – and the information on them – from theft or damage. 

Glossary Index:

 A - C,    D - G,    H - L,    M - P,    Q - R,    S - Z.

ISMS.online is the fast and simple way to ISO 27001 certification

ISMS Online Rating: 5 out of 5
Share This