A to Z of cyber glossary terms

An A to Z list of cyber security and information technology terms to help keep you safe online.

Access control

Access control refers to measures which are taken to make sure that only certain people have access to something. This something could be to an IT system, programs or information. For example, if your organisation has a shared hard drive, you could change the ‘permissions settings’ so that only certain user accounts are able to access files on that hard drives. 

Access control can also refer to physical access. For example, if your organisation uses fobs or passes to unlock doors in your organisation you can usually set this so that fobs belonging to specific employees can only open certain doors.

Administrator

An administrator is a person who is responsible for managing a computer system or network in an organisation.

Administrator account

Unlike regular user accounts, administrator accounts have full privileges and can perform tasks such as modifying computer hardware and software settings and managing user accounts. Some systems may refer to administrators as having “root” or “elevated” access.

This has security implications, because if an attacker takes control of an administrator account they have far more access that if they’d taken control of a regular user account. For this reason it’s advisable to take extra security measures for administrator accounts.

Asset management

In cyber and information security, an asset is any data, device, or other component of the environment that supports information-related activities. Assets generally include hardware (e.g. servers and switches), software (e.g. mission critical applications and support systems) and confidential information

Asset management is the process of developing, operating, maintaining, upgrading, and disposing of these assets throughout their lifetime. It can be used to keep track of assets to see how much of that asset you have, if any individuals in the business are in possession of it or other details about the asset. It allows you much better visibility of your assets and can help you plan accordingly. 

For example, part of an asset management process for laptops may record the number of laptops owned by an organisation, who is in possession of each laptop and the serial numbers of the laptop. It may also include instructions for storage of the laptops, if specific security measures need to be put in place and so forth.

Authentication

Verifying the identity of a user, process, or system (e.g. through use of a password and/or code), often as a prerequisite to allowing access to resources in an information system.

Business continuity plan

A business continuity plan enables an organisation to continue business during and after an incident has occurred by setting out contingency measures and putting these measures in place before an incident.

For example, it might be that your organisation relies on a service offered by one of your suppliers. If this is the case your business continuity plan may specify an alternate supplier of this service who you would be able to engage at short notice if your usual supplier was attacked and could not provide this service. Or if the service you provide relied heavily on your IT systems you could enable access to alternative systems to be used only in the event that your primary systems were compromised by an incident.

Confidentiality agreements

Confidentiality agreements, also known as non-disclosure agreements, are legal contracts between two parties. They outline information that is to be kept confidential by the signing parties and how it should be handled. This can be for a specified time period or in perpetuity.

In an information security context this has a number of uses. For example, you may want to use one to make sure employees do not give out sensitive information such as customer information or business secrets. Or you may use it to make sure that third-parties you work with do not pass on details of your security measures.

Contingency plans

A contingency plan is a plan that to allow continuation of business that is put in place in case normal operations fail.

For example, it might be that your organisation relies on a service offered by one of your suppliers. If this is the case, your business continuity plan may specify an alternate supplier of this service who you would be able to engage with at short notice if your usual supplier was attacked and could not provide this service. Alternatively, if the service you provide relies heavily on your IT systems, you could enable access to alternative systems to be used only in the event that your primary systems were compromised by an incident.

Critical security updates

These are particularly important updates/patches to software (see glossary entry ‘Patches/Patching’). These are almost always security related and are released to eliminate particularly serious vulnerabilities or if there is widespread malware taking advantage of the vulnerability. Applying these updates as quickly as possible after they’re released is important as it helps prevent the high risk or high impact attacks on your IT systems.

For example, in 2017 a flaw in the Windows operating system lead to the malware known as WannaCry spreading quickly and locking over 200,000 computers including many of the computers used by the UK’s National Health Service. In response Microsoft released critical security updates to protect computers against this malware.

Cyber Essentials

Cyber Essentials is a certification that identifies important technical security measures. It confirms that the certified organisations carry out key measures for a basic level of cyber security.

There are two levels to the certification. Cyber Essentials is completed by self-assessment. Cyber Essentials Plus, the next level up, includes an element of external testing.

Cyber incident

A cyber incident is an event that takes place which in some way has an adverse effect on computer networks or computer systems. It can lead to effects on the information on your system or the service that you provide. 

It is a very general term and can range from anything from a virus infecting a system or a hacker taking down a website to a data leak initiated by an employee.

Cyber security

This is a general term which refers to the protection of computers, networks, programs and data. The terms computer security, IT security and information security are also sometimes used.

Cyber supply chain

The cyber supply chain refers to the supply of information services. For example, you would be part of the cyber supply chain if you pay for any kind of IT systems services (such as a subscription to software of system support) or supply IT services.

Denial of Service (including DDoS)

Denial of service is a general term for attacks that prevent access to, or the running of, a service. For example, a hacker may compromise a web service in such a way that customers cannot log into it.

A distributed denial of service (DDoS) attack is a specific type of denial of service attack which uses multiple computers (usually hundreds or thousands) infected with malware to attack a website to force it offline. For this reason, there are vendors that offer DDoS protection services to prevent this from happening.

Digital Footprint

Attackers may use publicly available information about your organisation and staff in order to launch attacks. For example, they can use such information to make their phishing messages more convincing. This is often gleaned from your website and social media accounts. This information is known as a 'digital footprint'.

This information could also be gathered from the social media accounts of employees or websites of third party partners.

Disaster recovery plan

A disaster recovery plan is similar to an incident recovery plan (see glossary entry for ‘Incident Recovery plan’) but is designed to help the organisation to recover from larger disaster level incidents. These can include floods, fires or other types of destruction. Whilst these plans are not exclusively focused on cyber security, these events can have an impact on cyber security (for example they could disable security measures and affect your IT systems in other ways). 

For example, a disaster recovery plan could include backing up information to the cloud so that even if back-ups stored physically at your organisation are destroyed you can still access your organisation’s data.

Encryption

Encryption is a method of protecting information or data by encoding it. If data is encrypted it can only be read if you have the correct key or password. It is often recommended for sensitive data. For example, this means if you encrypted a USB stick and it was stolen, the data would be safe unless the person who stole it could crack the encryption (which is designed to be extremely hard to do) or also had the password to decrypt it. There are different method of encrypting data and different programs which can do this for you, but the most common program used is Microsoft’s BitLocker, which is built in to some version of Windows.

Firewall

A firewall is something that checks and filters information that travels over a computer network. This means that they can (among other things) block unauthorised or malicious connections to your network from the internet. They can either be software based (a program like Windows Defender Firewall) or hardware based (a physical device connected to your network).

They are an important basic defence against attacks over the internet and can be configured to make their filtering options more or less strict. The stricter the settings are, the less likely it is that you can suffer an attack but restricts what users can do on your network.

Firewalls can be installed both on networks (either using physical devices or installing them as software on a server) and on individual computers as software.

Forensic activities

Forensic activities refer to measures taken to collect or preserve evidence. In the context of cyber security this means making sure that information that may be needed for an investigation is preserved, and tampering or accidental modification of the evidence is prevented. 

Incident Recovery plan

An incident recovery plan allows you to recover from an incident. It’s different from an Incident Response plan in that it is focused on reversing the effects of an incident after it has happened. Such a plan may repairing, or limiting, reputational damage depending on whether the incident affected other parties (such as customers of business partners).

For example, if your organisation had an incident where malware locked the organisations computer systems, the incident response plan may outline steps to restore the system from a back-up and updating your system to make sure it can’t happen again. Depending on the situation further steps may be making a public statement to let customers or partners know that you had an incident but no data was lost (or if it was lost, how much and steps you’ll take to rectify the situation). 

Incident Response plan

An incident response plan is a set of instructions to follow in the event of a security incident to help contain or prevent adverse impacts to your IT systems or the data that it holds as the event is happening. These plans can address different scenarios such as (but not limited to) the loss of data, service outages or compromise of IT systems. 

For example, if a computer in an office had malware, a response plan may be disconnect it from the network to stop it infecting other computers, determine how the computer had been affected (if files had been deleted for example) and then use anti-malware software to remove the infection.

Information protection processes and procedures

An information protection process or procedure is a repeatable set of instructions or requirements put in place to protect information. 

This can refer to any process or procedure aimed to protect information. For example, you may have a process in place to securely destroy data. The process or procedure would set out how and when this should be done.

Inventory

An inventory is a list of assets with details about those assets. Assets can include (but are not limited to) devices or data held by the organisation. 

From a security point of view these inventories can help you manage your assets and give you visibility of what you possess when you are planning security measures. 

For example, for an inventory of devices you could use an inventory to keep track of what operating system is installed on each computer or laptop. If there was a security problem with for example, Windows 8.1 you could use your inventory to identify all devices with this operating system installed and decide to place extra security measures on these machines or update them to Windows 10 (if the particular problem did not affect this version of Windows).

ISO27001

ISO27001 is a security standard for information/cyber security. Following this standard helps you set out a way to manage your security needs. It is possible to get a certification to show that your organisation is compliant with this standard.

Logging

Logging on a computer system means keeping a record of actions performed by a computer or computer user. 

This can include such things as what web-sites a user visited, which files they have accessed or modified or when software was installed on a computer. Keeping these kind of logs can be helpful during or following a security event to find out what happened. For example is data is compromised, you might be able to use logs to identify if a particular user was responsible.

Malware

A computer program that is covertly placed onto a computer or electronic device with the intent to compromise the confidentiality, integrity, or availability of data, applications, or operating systems. Common types of malware include viruses, worms, malicious mobile code, Trojan horses, rootkits, spyware, and some forms of adware.

Network

An information system implemented with a collection of interconnected components such as computers, routers, hubs, cabling, and telecommunications controllers.

Network Segmentation

Splitting a network into sub-networks, for example, by creating separate areas on the network which are protected by firewalls configured to reject unnecessary traffic. Network segmentation minimises the harm of malware and other threats by isolating it to a limited part of the network.

Network Segregation

Network segregation separates critical networks from the internet and other less sensitive networks. This can be used in combination with network segmentation. 

Operating System

An operating system is the software “master control application” that runs a computer or electronic device.

It’s the platform on which other applications run like web-browsers, word processors etc. 

On computers and laptops the most commonly used operating system is Microsoft’s Windows operating system. Apple’s OS X and Linux are also common operating systems.

On smartphones and tablets, the most common operating systems are Apple’s iOS and Google’s Android.

Patches / patching

Patches are also known as updates. Developers (creators / manufacturers) of programs and apps will often make updates available to either add new features or fix problems / bugs. These bugs may make the software insecure as they can be used to attack or compromise the software. These kind of bugs are known as vulnerabilities.

The developer releases patches/updates to fix these bugs and vulnerabilities. Applying these is known as updating or patching software. This is important as it eliminates these vulnerabilities from the software which stops them from being used to attack your IT system or data through the software.

Phishing

In a typical phishing attack, scammers send fake emails to thousands of people, asking for sensitive information (such as bank details), or containing links to bad websites. They often try to trick individuals into sending money, or stealing information.

For example, an attacker may send an email that looks like it could be from a bank, with a link to a site the attacker has set up to look like the bank’s website, with the hope that the individual will input their log in details. Because the attacker controls the site they can retrieve these log in details to log into the real bank account.

Protective measures

Protective measures in the context of cyber security are activities that you take to protect your IT systems from cyber threats (such as hackers, data leaks, malware etc.). This is a very general term that covers a range of measures, including changing settings on systems, using password protection and/or implementing anti-virus software. 

Risk Assessment

A risk assessment is a process where you identify risks to your organisation, or a part of your organisation, and what kind of impact they may have on your organisation if they were to happen. Once the risks have identified and assessed you can then put measures in place to address them (also known as 'treating risks'). In the context of cyber security these are risks that are related to your IT systems and the information that they contain.

Risk Management

Risk management is the program and supporting processes to manage information security risk to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation. 

Risk management includes: (i) establishing the context for risk-related activities; (ii) assessing risk; (iii) responding to risk once determined; and (iv) monitoring risk over time.

Risk management strategy

A risk management strategy is a method of managing risks identified in a risk assessment. It outlines the way that an organisation intends to respond to the risks. For example, if the risk assessment identified that a risk was losing sensitive data, the risk management strategy might include classifying data held depending on its sensitivity and encrypting or otherwise restricting access to more sensitive information. 

Router

A router is a device that allows communication between different networks. Routers determine the best path for forwarding data to its destination.

Secure configuration

A secure configuration means changing the settings on a device (such computers, laptops, tablets, mobile phones, servers, firewalls etc.) to make them more secure, usually during set up or installation. There’s no single right way to do this, and how your organisation configures it devices securely will depend its needs from a security point of view but there are some common way measures include disabling auto-run/auto-play and changing default passwords on devices.

Software support lifecycle

Software support means that programs or applications are still being maintained by its developers (creators/manufacturers). This means that they will still release updates to fix security issues. However, over time developers may choose to stop support for software which means they will no longer release updates/patches for it. This means that security problems will not be fixed and may lead to attacks.

For example, Microsoft currently only supports its Windows 8, Windows 8.1 and Windows 10 operating systems. Older versions of Windows (like Windows 7 and Windows XP) are not supported meaning that they will not receive security fixes and will become more insecure over time.

System development 

A system development lifecycle is a process to create and implement a hardware or software system. This process involves planning, designing, implementing and maintaining the system. 

Two-factor authentication

Two-factor authentication means using two methods to access an account or information. For example, when you log into an account you’re usually asked for a password. This is one method of authentication.

With two-factor authentication you are asked to also use another method. This second method is most commonly a code that is delivered to a phone, a physical device that gives you a code to enter or an app which gives you a code to enter. 

Other methods include using a badge/pass which needs to be inserted into the computer, connecting a special USB key or using finger print scanners in addition to using your password, but these methods are less common.

Virtual Private Network (VPN)

A VPN is a virtual network built on top of existing networks that can provide a secure communications mechanism for data and Internet Protocol (IP) information transmitted via the virtual network.

This makes it more secure as when using a VPN the data you send across the internet is usually encrypted (see glossary entry for encryption) whilst it’s being sent which means that if you’ve connected to a public or untrusted network away from work (such as a Wi-Fi network at a coffee shop) other users or the owners of the network cannot steal or compromise the data that you are sending and receiving over the internet.

Vulnerability

A vulnerability is a flaw that can be exploited during an attack. The term is most commonly used when talking about flaws in software but can refer to flaws in many other aspects of business, such as processes, policies or physical defences. 

A vulnerability in software is unintended. For example, a hacker may be able to use a vulnerability in software to take over a computer, view or change confidential information or compromise the machine in other ways. For this reason, when vulnerabilities are discovered the developer should issue patches/updates to fix these vulnerabilities and to stop their adverse effects (if they are still supporting the software). For more information about this see the glossary entry ‘Patches/Patching’.