A to E
Security software designed to monitor computers. When malicious activity is detected, the software will attempt to identify and remove the offending item from the system or may isolate the file for further analysis.
A record showing who has accessed a system and the activity they undertook.
Verifying that someone is who they claim to be when they access a computer or online service.
Making a duplicate copy of data onto a separate device or online/cloud storage solution which allows for damaged or lost data to be restored from the back-up.
Programs which perform automated tasks, this could include repeated activity as part of a cyberattack.
An error or mistake in software or hardware which causes things to perform in an unexpected way. A bug represents a flaw or weakness which is discoverable by attackers and can be used as point of attack.
Chief Information Security Officer (CISO)
A senior person in an organisation responsible for maintaining adequate information security protection.
An attack initiated using software or hardware weaknesses such as bugs. Cyberattacks are focused on gathering information, damaging business processes, exploiting flaws, discreetly monitoring targets, or interrupting business tasks.
Organised criminal activity which has the intent to conduct illegal activity to cause disruption, harm, or exploitation.
A distributed denial of service attack is an attempt to disrupt normal IT operations by using bots or infected computers to flood a system with so much traffic it fails e.g. multiple website visits beyond normal tolerances which case the website supporting systems to crash.
Disaster recovery plan
A plan of policies, actions, and responsibilities to be followed which will allow an organisation to resume normal operations following a disaster or occurrence which has impacted operations.
Searching through rubbish and discarded information or media in an attempt to find information.
F to M
A system that monitors network traffic and blocks undesirable network traffic based on a set of defined rules.
Someone who can analyse weaknesses in systems or controls to gain access to virtual or physical information, to cause damage, or to disrupt services generally for personal gain or as part of criminal activity.
A threat arising from an individual within an organisation undertaking unauthorised activity.
The shortened version of ‘malicious software’ which is written for the specific purpose of causing harm, disclosing information or causing disruption. Malware includes a wide range of types of malicious programs including virus, worm, Trojan horse, logic bomb, backdoor, rootkit, ransomware and spyware/adware.
N to S
Interconnected IT systems of more than two computers that can share resources and applications.
A software update released by a software company which repairs bugs and vulnerabilities discovered after the product has been released. Ensuring patches are applied to repair the vulnerabilities is one of the strongest ways of reducing the threat or impact of a cyberattack.
An attack that attempts to collect information from victims often by mimicking communications from legitimate parties. Phishing attacks can take place over email, text messages, through social networks or via smart phone apps. The goal of a phishing attack may be to learn logon credentials, credit card information, system configuration details or network, computer or personal identity information.
A form of malware that holds a victim’s data hostage on their computer, typically by locking the system or files using encryption. This is followed by a demand for payment in order to release control of the captured data back to the user.
Role based access controls, a set of authorisations and access permissions based on a specific role and the work needed to be undertaken.
An attack focusing on people rather than technology. This type of attack aims to manipulate people to either gain access to information or to a location. Examples of social engineering attacks are by tricking a worker into assisting with building access by holding open a door to a restricted area, or by gaining access to information or a computer network by tricking a user into revealing their account details or passwords.
Emails sent to a large number of individuals typically for the purposes of advertising, phishing, or spreading malware and other viruses.
T to Z
Named after the Greek Trojan Horse legend, a Trojan is a type of virus or malware that is disguised as a legitimate file to trick users into opening it at which point it installs malicious code intended to cause damage.
Any access or use of a computer system, network, or resource which is against company security policy or when the person was not explicitly granted access authorisation.
Malicious software designed to cause damage or disruption which is installed on a computer without the user’s knowledge. Viruses can be installed in many ways, the most common are through accessing or downloading infected files. Once installed the virus can spread to other computers in a network.
Similar to phishing but specifically uses voice systems such as telephone scams to trick users into revealing key sensitive or personal information.
Any weakness which would allow for a threat to cause harm. It may be a flaw in coding, a mistake in configuration, or a clever abuse of valid systems and their functions.
Generally defined as attacks that target known bugs or system vulnerabilities that have yet to have fixes made available.