Jump to topic
New to cyber security? Let’s get to work on decrypting some of the jargon
A
Access
To gain knowledge or information within a system. The aim may be to gain control of certain system functions.
Adversary
A group or individual who has criminal intent or carry out activities that will result in disruption.
Antivirus
A piece of software that’s installed on a computer to protect it from malicious attack.
Asset
A resource or piece of information that an organisation or individual owns that is valuable to them.
B
Backdoor
A backdoor is sometimes built into a system to allow the developers instant access without needing to log in. If found by an unscrupulous person, a backdoor can be a serious security issue.
Botnet
Infected or compromised devices formed in a network that’s connected via the internet.
Business continuity management
The plans that an organisation puts in place to manage risk and ensure that the business continues in the event of a breach or attack.
Bring your own device (BYOD)
Staff using their own devices such as mobile phones and laptops that have been authorised by the employer. BYOD is considered a potential risk to information security. Managing this correctly, as well as remote working is a requirement of ISO 27001.
C
Cloud computing
The act of delivering a service remotely using online servers – just like the ISMS.online software service!
Ciphertext
An encrypted form of data or information.
Confidentiality
Information or data that is only disclosed to authorised persons.
Cyber Essentials
A self-assessment certification that allows you to demonstrate your organisation’s practices against cyber crime.
D
Data Breach
When information or assets have been accessed, moved or changed without permission. Also referred to as a data spill or data leak.
Decode
To convert encoded information into plain text using code.
Denial of Service (DoS)
A type of cyber attack that involves sending large amounts of fake traffic to a website in order to impair the system or service.
E
Exfiltration
When information is transferred from an information system without consent.
Ethernet
The architecture of communications using wired local area networks.
End-user device (EUD)
The term used to describe devices like mobile phones and laptops that connect to an organisation’s network.
Exploit
To breach a secure network in order to gain data or other assets.
F
Forensics
In the world of cyber security, digital forensics involves retrieving information from a mobile phone, computer or server. This could be to look for evidence of a data breach or find deleted messages detailing criminal activity.
Firewall
Software that is used to limit the traffic flow between networks and to protect a system from attack.
G
GCHQ
The Government Communications Headquarters works to combat terrorism, cyber crime and child pornography using foreign intelligence.
GDPR
The General Data Protection Regulation which replaces the current Data Protection Act in May 2018. Focusses on the rights of the consumer and contains strict guidelines on reporting cyber attacks and data breaches.
Gap Analysis
To compare actual performance against what is expected, leaving a gap.
H
Hacker
The name given to a person who accesses computer networks by the backdoor (see B above). This can be for malicious intent but is just as likely to be performed by someone that is testing a system and looking for vulnerabilities to be fixed.
Hashing
Applying a mathematical algorithm to a piece of data in order to disguise it.
I
ISO 27001
The gold standard in information security management systems (ISMS). Achieving this accreditation demonstrates that an organisation’s ISMS meets the standards of the International Organisation for Standardisation.
Information and Communications Technology (ICT)
A threat made to exploit the ICT supply chain.
Indicator
A sign that a security incident may be in progress.
Integrity
The term used to describe information or data that has not been modified or tampered with.
J
Jailbreak
This process involves removing the security restrictions of a device, often a mobile phone. This then allows the owner to install unofficial apps and make modifications to the system.
K
Keyboard Logger
A virus that records the keystrokes performed by the user in order to obtain bank card details.
Key
The numerical value used to control cryptographic operations.
L
Logic Bomb
A logic bomb is a piece of code that gets inserted into a system and contains a set of secret instructions. When a particular action is carried out, this triggers the code to perform a malicious action, like the deletion of files.
Leased Circuit
The links between locations within an organisation.
M
Macro Virus
A program stored on a computer that can automate tasks and can be easily accessed by a hacker.
Malware
A piece of software that can compromise operating systems and leave them vulnerable to attack.
N
Network
A connected group of computers linked via the web.
Non-repudiation
The term used to prevent a person or persons from denying that they accessed or altered data.
NIS Directive
Network Information Systems Directive is a regulation designed to improve cyber resilience.
NIST Cyber Security Standard
The National Institute of Standards and Technology is a framework used in the US to ensure businesses are equipt to defend themselves from cybercrime.
O
Outsider Threat
An individual or group that access or have the ability to access assets of an organisation.
Outsourcing
Using the services of another organisation to complete tasks within your own.
P
Penetration testing
Also known as a pen test, this is a method of assessing vulnerabilities in a network
Phishing
The act of attempting to deceive an individual into revealing personal information that they wouldn’t ordinarily divulge.
Q
Quadrant
This is the name of the technology that makes cryptographic equipment tamper-proof.
R
Ransomware
software that prevents a user from accessing their own files or network, only releasing the information after receiving payment.
S
Software as a Service (SaaS)
Delivering services using the cloud network.
Security perimeter
A boundary where security controls are enforced.
Spear Phishing
A more targetted version of phishing where the email is designed to look exactly as expected.
Steganography
A way of encrypting data, hiding it within text or images, often for malicious intent.
T
Two-Factor Authentication (2FA)
The act of using two separate components to verify a person’s identity.
Traffic Light Protocol
The use of the red, amber, green and white to classify who sensitive information should be shared with.
U
Unsigned Data
Data that is included in an authentication token.
V
Virus
Malicious computer programs that are able to replicate themselves once a computer is infected.
W
Worm
A self-replicating program that uses computer networks to spread.
Z
Zero Day
Vulnerabilities or bugs that have only just been discovered, but are not yet known to anti-virus companies.
