Cyber Security

Definitions

Biometrics – the measurement and statistical analysis of people’s physical and behavioural characteristics, such as fingerprints, gait or voice recognition.

CISSP – A Certified Information Security Systems Professional (CISSP) certification is an internationally recognised qualification in information security, available to those who have at least four years of experience in the field. The curriculum covers a variety of topics including identity and access management and security engineering.

Cloud Computing – a convenient, on-demand network access to a personal or shared pool of resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.

Cyber Attack – An attempt of a hacker or hackers to destroy a computer network or system, or destroy, change, or steal the information contained in it.

Cyber Security – security as applied to computing devices such as computers and smartphones, as well as private and public computer networks. The field covers all the processes and mechanisms by which computer-based equipment, information and services are protected from unintended or unauthorised access, change or destruction, and is of growing importance in line with the increasing reliance on computer systems worldwide.

Encryption – the process of taking an unencrypted message (plaintext), applying a mathematical function to it (encryption algorithm with a key) and producing an encrypted message (ciphertext).

Firewall – hardware or software designed to prevent unauthorised access to a computer or network from another computer or network.

GDPR – EU General Data Protection Regulations (GDPR) replaced the Data Protection Act (DPA) in May 2018. It was designed to protect and empower all EU citizens’ data privacy and applies to all businesses that process the data of subjects of the European Union, regardless of where the business is based.

Hacker – an individual who attempts to gain unauthorised access to a computer system by exploiting its weaknesses and/or design flaws.

ICO – The Information Commissioner’s Office (ICO) is the office responsible for uploading the DPA and Freedom of Information Act, promoting public bodies’ openness and the right to privacy by individuals.

Internet of Things (IoT) – The interconnection via the Internet of computing devices embedded in everyday objects, enabling them to send and receive data.

ISMS – An ‘information security management system’, i.e. the set of policies and procedures for systematically managing an organisation’s sensitive data. The goal of an ISMS is to minimise risk and ensure business continuity by limiting the impact of a security breach.

ISO/IEC 27001:2013 – specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organisation. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organisation.

Malware – short for malicious software, is designed to infiltrate, damage or obtain information from a computer system without the owner’s consent. Malware is commonly taken to include computer viruses, worms, Trojan horses, spyware and adware.

Patching – A ‘patch’ is a software update consisting of code inserted (or patched) into the code of an executable program. Typically, a patch is installed into an existing software program. Patches are often temporary fixes between full releases of a software package.

Patches may do any of the following:

• Fix a software bug
• Install new drivers
• Address new security vulnerabilities
• Address software stability issues
• Upgrade the software.

Phishing – a method used by criminals to try to obtain financial or other confidential information (including usernames and passwords) from internet users, usually by sending an email that looks as though it has been sent by a legitimate organisation (often a bank). The email usually contains a link to a fake website that looks authentic.

Privacy by Design – an approach to systems engineering which takes privacy into account throughout the whole engineering process.

Ransomware – a type of malicious software designed to block access to a computer system until a sum of money is paid.

Sensitive Information – data that must be protected from unauthorised access to safeguard the privacy or security of an individual or organisation. There are three types: personal information, business information, and classified information.

Spear Phishing – An email designed to obtain financial or other confidential information, however, differs from a simple phishing email in that it is more targeted at an individual or organisation. Some basic information has already been obtained and used to make this email appear more genuine and therefore trustworthy. The email will appear to come from either a specific person, sometimes from within the same company as the target, or from an organisation the person has a relationship with.

Spyware – malware that passes information about a computer user’s activities to an external party.

Two-factor identification – The use of security steps additional to username and password. This step requires something that only the user would have, such as a piece of information or physical objects, such as a PIN or card reader.

Virus – The most common form of malware is the ‘virus’, which is loaded onto a computer and then runs without the user’s knowledge or knowledge of its full effects.