Cyber Security A to Z
Are you confused with cyber security terminology? Do you feel like you need a translator? Do you feel like your head is going to explode? Are you lost in a sea of cyber security experts that appear to be talking gibberish?
At Romano Security Consulting we speak human as well as cyber and we have put together a handy reference guide of the most common industry terminology.
Over the coming weeks and months, we’ll be adding to this cyber security A-Z but here we go as a starter for ten!
Acceptable Use Policy
This is a policy that sets guidelines as to how a corporate network or system may be used. It states what a user can and cannot do when using computers and resources. For example, whether employees should use social media sites and what cannot be discussed about the company and its business.
Access Controls
These are the ways and means that control employees’ access to information systems, resources, and physical access to premises. For example, login credentials and security passes.
Business Continuity
Business continuity involves establishing a plan to ensure your business can continue to operate in the event of any disruption, such as a cyber-attack or a fire, to critical business functions.
BYOD (Bring Your Own Device)
Many organisations allow employees to use personal devices for business purposes.
Confidentiality
The protection of private or sensitive information from unauthorised disclosure.
Cyber Security
Cyber security, also known as information security, is all about protecting the information assets of your business.
Data Breach
Any event where confidential data is viewed, transmitted, stolen, or used by an unauthorised individual. Negligent employees are cited as the biggest source of data breaches, so training is a vital tool to reduce this risk.
Disaster Recovery Plan
In simple terms this is a plan that is put in place to help a business recover an activity that is interrupted by an emergency or disaster.
Encryption
Encryption is the scrambling of data so that it can only be accessed by someone with a decryption key. All devices that contain confidential or sensitive information should be encrypted.
External Audit
External audits or third-party audits are conducted by an independent assessor from outside an organisation.
Firewall
A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.
Functional Testing
Testing a system under real-world operational conditions with a focus on security.
General Data Protection Regulation (GDPR)
This data protection regulation allows individuals to have greater control over how their data is collected and controlled. Data subjects’ privacy rights include the right to be informed, the right of access and the right to be forgotten (erasure).
Hacking
Hacking refers to an unauthorised intrusion into a computer or a network.
Host Intrusion Prevention System (HIPS)
This is a system that identifies and blocks intrusion attempts. It performs a similar role to anti-virus software.
Incident Management
This is about having a plan in place to manage and respond to disruptive events as and when they occur.
Intrusion Detection System (IDS)
An IDS inspects network and host security activity to identify suspicious patterns that may indicate a network or system attack.
Key Risk Indicator (KRI)
A subset of risk indicators that are highly relevant and possess a high probability of predicting or indicating important risk.
Least Access Privilege
The basic principle of IT security, which dictates that people should only have access to data or systems that are strictly required for the performance of their duties.
Malware
Malware is shorthand for malicious software and is designed to cause damage to a computer, server, or computer network.
Nonintrusive Monitoring
The use of transported probes or traces to assemble information, track traffic and identify vulnerabilities.
Open-Source Intelligence Techniques (OSINT)
This is when publicly available information is found in sources, such as LinkedIn, Twitter, and Facebook, to assemble intelligence on an individual. This information is then used in highly targeted attacks.
Penetration Testing
Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit.
Quality Management System (QMS)
A quality management system (QMS) is defined as a formalized system that documents processes, procedures, and responsibilities for achieving quality policies and objectives. ISO 9001, the international standard specifying requirements for quality management systems, is the most prominent approach to quality management systems.
Risk Assessment
A process used to identify risk and potential effects.
Sandbox
This is an isolated environment within a computer’s operating system that is used for the opening of suspicious or untested executable files.
Social Engineering
An attack based on deceiving users or administrators into revealing confidential or sensitive information.
Two-Factor Authentication (2FA)
The use of two independent mechanisms for authentication, for example, requiring a password and a security code to access your online banking or applications.
Uninterruptible Power Supply (UPS)
Uninterruptible power supply is an electrical apparatus such as a diesel generator that provides emergency power when the input power source or mains power fails.
Virtual Private Network (VPN)
A secure private network that uses a public internet connection to transmit data. VPNs mask your Internet protocol (IP) address, so your online actions are virtually untraceable.
Worm
Often found in your garden but this is a different type of worm! It is a malware computer program that self-replicates in order to spread to other computers, systems and networks.
Zero-Day
Zero-Day refers to a recently discovered vulnerability that hackers can use to attack systems, that there is no known or manufacturers patch for.
We hope that our reference guide helps to de-mystify the murky world of cyber security and we would love to speak human with you about your information security requirements.
Contact Romano Security Consulting today and let us help to put you on the right track to secure your organisation.
T: 01625 315 021
E: enquiries@romanosecurityconsulting.com