Below is a non-comprehensive list of technology and security terms. If your favourite is missing then please email us.
| Terms | Definition |
| Access | To gain knowledge or information within a system. The aim may be to gain control of certain system functions. |
| Adversary | A group or individual who has criminal intent or carry out activities that will result in disruption. |
| Allowed List | Authorising approved applications for use within organisations in order to protect systems from potentially harmful applications. Can also be known as 'whitelisting' across the industry. |
| Antivirus | Software that is designed to detect, stop and remove viruses and other kinds of malicious software. |
| App | Short for Application, typically refers to a software program for a smartphone or tablet. |
| Asset | A resource or piece of information that an organisation or individual owns that is valuable to them. |
| Asymmetric Digital Subscriber Line (ADSL) | The official designation of Broadband, ADSL is a form of Digital Subscriber Line (DSL) technology allowing faster connectivity to the Internet utilising copper telephone lines. Connection speed is dependant on a number of factors including distance from the telephone exchange and number of users on the line. Local Loop unbundling, allocating more copper wires results in the fastest ADSL2+ offering speeds of up to 15-20MB per second downloads. Greater speeds than this require access to fibre-optic cables. |
| Attacker | Malicious actor who seeks to exploit computer systems with the intent to change, destroy, steal or disable their information, and then exploit the outcome. |
| Authenticator | Authenticators are physical devices (dongles) or smartphone apps that allows the user to generate unique verification codes to improve security through Two Factor authentication (2FA) or Multi-Factor Authentication (MFA). |
| Backdoor | A backdoor is sometimes built into a system to allow the developers instant access without needing to log in. If found by an unscrupulous person, a backdoor can be a serious security issue. |
| Botnet | A network of infected devices, connected to the Internet, used to commit coordinated cyber attacks without their owner's knowledge. |
| Breach | An incident in which data, computer systems or networks are accessed or affected in a non-authorised way. |
| Bring Your Own Device (BYOD) | Staff using their own devices such as mobile phones and laptops that have been authorised by the employer. BYOD is considered a potential risk to information security. Managing this correctly, as well as remote working is a requirement of ISO 27001. |
| Browser | A software application which presents information and services from the web in an accessible format. Common browsers include Chrome (Google), Safari (Apple), Edge (Microsoft), Firefox (Mozilla) and Opera |
| Brute Force Attack | Using a computational power to automatically enter a huge number of combination of values, usually in order to discover passwords and gain access. Also known as a Dictionary Attack |
| Business Continuity Management | Plans that an organisation puts in place to manage risk and ensure that the business continues in the event of a cyberbreach or attack, or physical interruption including fire, theft, flood etc. |
| Certificate | A form of digital identity for a computer, user or organisation to allow the authentication and secure exchange of information. |
| Ciphertext | Ciphertext is the name for the result of a piece of plain text information that has been encrypted. The encryption is done automatically using an algorithm. Using ciphertext can reduce the risk of a data breach and sensitive information getting into the wrong hands. |
| Cloud | Where shared computer and storage resources are accessed as a service (usually online), instead of hosted locally on physical services. Resources can include infrastructure, platform or software services. |
| Cloud Computing | Cloud computing refers to data that is held digitally (in the cloud). An Internet hosted network of remote servers is used to manage and process data. This means that a local server is not required for storage or operations; Endpoint computers access 'the cloud' directly requiring less power and storage, simply an Internet connection. |
| Cloud Computing Security | Cloud computing security, also known as cloud security, is a term used to describe the processes that are followed to protect data that is stored in the cloud. This security practice is used to minimise the potential for cyber attacks and data breaches. |
| Computer Crime | Computer crime, more commonly referred to as cybercrime is the use of a computer network or device in order to commit fraud, identity theft, or similar. This is likely to be carried out by infecting a network or specific computer with a virus. |
| Confidentiality | The process of securing information or data so that it is only disclosed to authorised persons. |
| Credentials | A user's authentication information used to verify identity - typically one, or more, of password, token, certificate. |
| Cryptography | Cryptography is the skill of writing and cracking codes. Cryptography is used in encryption to protect classified or otherwise private information from being seen by unauthorised persons, as well as the prevention of a cyber attack. |
| Cyber Attack | A computer or cyber attack is when an unauthorised party attempts to take control or compromise a computer system. Often a hacker or malware any compromised system is vulnerable to the information be stolen, destroyed or altered. |
| Cyber Essentials | A self-assessment certification that allows you to demonstrate your organisation’s best practices against cyber crime. |
| Cyber Incident | A breach of the security rules for a system or service - most commonly; Attempts to gain unauthorised access to a system and/or to data. Unauthorised use of systems for the processing or storing of data. Changes to a systems firmware, software or hardware without the system owners consent. Malicious disruption and/or denial of service. Unauthorised access to Personally Identifiable Information (PII) within the UK or EU must be reported to the authorities as part of GDPR |
| Cyber Security | The protection of devices, services and networks — and the information on them — from theft or damage. Includes Antivirus, Antispam, Authentication, Content filters, Firewalls and much more. |
| Data at Rest | Describes data in persistent storage such as hard disks, removable media or backups. |
| Data Breach | When information or assets have been accessed, moved or changed without permission. Also referred to as a data spill or data leak. |
| Data in Transit | Data in transit, or data in motion, is data actively moving from one location to another such as across the internet or through a private network. Suitable protections should be applied to sensitive data as it travels across networks of differing trust. |
| Data Sanitisation | Using electronic or physical destruction methods to securely erase or remove data from memory. |
| Decode | To convert encoded information into plain text using code. |
| Denial of Service (DoS) | A type of cyber attack that involves sending large amounts of fake traffic to a website in order to impair the system or service denying legitimate access. Often used for activist, blackmail or distraction purposes. |
| Deny List | An access control mechanism that blocks named entities from communicating with a computer, site or network. Can also be known as 'blacklisting' across the industry. |
| Dictionary Attack | A type of brute force attack in which the attacker uses known dictionary words, phrases or common passwords as their guesses. |
| Digital Footprint | A 'footprint' of digital information that a user's online activity leaves behind, such as information that can be gleaned from Social Media accounts or purchase histories. |
| Disaster Recovery (DR) | That part of Business Continuity Management (BCM) concerned with the recovery of IT systems & networks. |
| Encryption | Encryption is a term used in the world of cryptography to describe the process of turning a plain text information into Ciphertext to prevent any unauthorised persons from reading that information. Encryption is common practice with email clients and most websites and software platforms. |
| End User device (EUD) | Collective term to describe modern smartphones, laptops and tablets that connect to an organisation's network. |
| End User License Agreement (EULA) | In the proprietary software industry, an End User License Agreement or software license agreement is the contract between the licensor and purchaser. establishing the purchaser’s right to use the software. |
| Ethernet | The architecture of communications using wired Local Area Networks (LAN) |
| Exfiltration | When information is transferred from an information system without consent. |
| Exploit | May refer to software or data that takes advantage of a vulnerability in a system to cause unintended consequences. |
| Fibre Optic Cables | Fibre optic cables are steadily replacing sections of the historic copper wire telephone network to provide improved signal transmission. An optical fibre is a flexible and transparent fibre of glass or plastic where the signal is sent as light rather than electricity along the cable. Starting with the central parts of the network, fibre optic cables were first used to connect the telephone exchanges, then to a series of BT's green street cabinets, and certain businesses and residences have fibre optic cables to their building. A copper wire connection to the exchange is known as Exchange-Only-Line (EOL), if your connection is to a closer cabinet this is known as Fibre-To-The-Cabinet (FTTC), and those lucky enough to have a Fibre Optic cable to their building is Fibre-To-The-Premises (FTTP). |
| Fibre-To-The-Cabinet (FTTC), Fibre-To-The-Premises (FTTP) | See Fibre Optic Cables |
| Firewall | Hardware or software which uses a defined rule set to constrain network traffic to prevent unauthorised access to or from a network. |
| Forensics | In the world of cyber security, digital forensics involves retrieving information from a mobile phone, computer or server. This could be to look for evidence of a data breach or find deleted messages detailing criminal activity. |
| General Data Protection Regulation (GDPR) | The General Data Protection Regulation which replaces the current Data Protection Act in May 2018. Focusses on the rights of the consumer and contains strict guidelines on reporting cyber attacks and data breaches. |
| Government Communications Headquarters (GCHQ) | The UK Government Communications Headquarters works to combat terrorism, cyber crime and child pornography using foreign intelligence. |
| Hacker | A person accessing computers, systems and networks without authorisation. |
| Hashing | Applying a mathematical algorithm to a piece of data in order to disguise it. Primarily used for authentication without having access to the factor being authenticated. |
| Honeypot (honeynet) | Decoy system or network to attract potential attackers that helps limit access to actual systems by detecting and deflecting or learning from an attack. Multiple honeypots form a honeynet. |
| Incident | A breach of the security rules for a system or service, such as: Attempts to gain unauthorised access to a system and/or data; Unauthorised use of systems for the processing or storing of data; Changes to a systems firmware, software or hardware without the system owners consent; Malicious disruption and/or denial of service |
| Indicator | A sign that a security incident may be in progress and should be investigated |
| Information Security Policy | An information security policy (ISP) is a set of rules, policies and procedures designed to ensure all end users and networks within an organization meet minimum IT security and data protection security requirements. For IT Genie this is based on the ISO 27001 standard to which we are accredited, see https://itgenie.com/when-quality-service-matters/ |
| Insider Risks | The potential for damage to be done maliciously or inadvertently by a legitimate user with privileged access to systems, networks or data. |
| Integrity | The term used to describe information or data that has not been modified or tampered with. |
| International Organisation for Standardisation | Widely known as ISO, is an international standard-setting body composed of representatives from various national standards organisations. IT Genie are currently accredited to ISO 9001 Quality, ISO 14001 Environmental & ISO 27001 Information Security Management standards, see https://itgenie.com/when-quality-service-matters/ |
| Internet of Things (IoT) | Refers to the ability of everyday objects (rather than computers and devices) to connect to the Internet. Examples include kettles, fridges and televisions. |
| Jailbreak | This process involves removing the security restrictions of a device, often a mobile phone. This then allows the owner to install unofficial apps and make modifications to the system. |
| Key Cryptography | A Cryptographic Key is a term used to describe the process of transforming plain text information into ciphertext. When sending sensitive information, plain text can be turned into unreadable text while being sent to the recipient. The recipient then uses their cryptographic key to turn that text back into a readable version. |
| Keyboard Logger | A piece of software that records the keystrokes performed by the user, often used maliciously to obtain credentials. |
| Logging | The process of recording events, with a computer program usually an application software in a certain scope in order to provide an audit trail that can be used to understand the activity of the system and to diagnose problems. |
| Logic Bomb | A logic bomb is a piece of code that gets inserted into a system and contains a set of secret instructions. When a particular action is carried out, this triggers the code to perform a malicious action, like the deletion of files. |
| Macro | A small program that can automate tasks in applications (such as Microsoft Office), often targeted by attackers to gain access to a system. |
| Malvertising | Using online advertising as a delivery method for malware. |
| Malware | Malicious software - a term that includes viruses, trojans, worms or any code or content that can compromise operating systems and programs and leave them vulnerable to attack. |
| Mitigation | Steps that organisations and individuals can take to minimise and address risks. |
| Multi-factor Authentication (MFA) includes Two-factor Authentication (2FA) | Multi-factor authentication creates several layers of additional security to reinforce your password access to a website, app or piece of software. Authentication can include a physical key that generates unique passwords, it might be an app on your phone (such as Google Authenticator), or it could be biometric data like your fingerprint or retinal scan. |
| National Cyber Security Centre (NCSC) | The UK Government National Cyber Security Centre provides advice and support for the public and private sector in how to avoid computer security threats. |
| National Institute of Standards & Technology (NIST) Cyber Security Standard | The National Institute of Standards and Technology Cyber Security Standard is a framework used in the US to ensure businesses are equipped to defend themselves from cybercrime. Similar to Cyber Essentials in the UK |
| Need To Know Principle | The Need To Know Principle can be enforced with user access controls and authorisation procedures and its objective is to ensure that only authorised individuals gain access to information or systems necessary to undertake their duties. |
| Network | Two or more computers linked in order to share resources. |
| Network Information Systems (NIS) Directive | Network Information Systems Directive is a regulation designed to improve cyber resilience. |
| Non-repudiation | The term used to prevent a person or persons from denying that they received, accessed or altered data. |
| Outsider Threat | An individual or group that access or have the ability to access assets of an organisation from an external location. |
| Outsourcing | Using the services of an external organisation to complete tasks for your organisation (eg. Accounting, Call Centres, HR) |
| Patching | Applying updates to firmware or software to improve security and/or enhance functionality. |
| Penetration Testing (PenTest) | A method of evaluating the computer security of a computer system or network by simulating an attack by cyber, physical or psychological means. |
| Personally Identifiable Information (PII) | Personally Identifiable Information (PII) is any information directly relating to a legal persons identity, including: name, address, physical and biometric characters, beliefs and within the UK or EU must be reported to the authorities as part of GDPR. PII may contain direct identifiers (eg. National Insurance number) that can identify a person uniquely, or quasi-identifiers (eg. ethnicity, date of birth, hometown) that can be combined with other information identify an individual. |
| Pharming | An attack on network infrastructure that results in a user being redirected to an illegitimate website despite the user having entered the correct address. |
| Phishing | The act of attempting to deceive an individual into revealing personal information that they wouldn’t ordinarily divulge. Often mass emails sent directing recipients to a fake or compromised website to enter their credentials. |
| Principle of Least Privilege (PoLP) | The Principle of Least Privilege (PoLP) refers to an information security concept in which a user is given the minimum levels of access permissions needed to perform his/her job functions. Anything outside their role or conducted irregularly require additional separately authorised privileges. |
| Ransomware | Malicious software that prevents a user from accessing their own files or network, only releasing the information after receiving the demand. |
| Risk Identification | Understanding what threats and vulnerabilities might have an impact on the assets or organisation. |
| Risk Reduction | Taking action (e.g. implementing controls) to reduce either the likelihood or impact or both, of a risk. |
| Router | A network device which sends data packets from one network to another based on the destination address. May also be called a gateway. |
| Security Control | Means of managing risk, including policies, procedures, guidelines, practises or organisational structures, which can be of administrative, technical, management, or legal nature. |
| Security Perimeter | The edge boundary of a network where additional security controls are enforced between two networks of differing levels of trust (ie a trusted business network and the untrusted Internet) |
| Smishing | Phishing via SMS: mass text messages sent to users asking for sensitive information (eg. bank details) or encouraging them to visit a fake website. |
| Social Engineering | Manipulating people into carrying out specific actions, or divulging information, that's of use to an attacker. |
| Software as a Service | Software as a service, or SaaS, is a term used to describe a service delivery method that is sold on a subscription term. Sometimes referred to as ‘on-demand’, Software as a Service products can be accessed in the cloud at any time of day or night, and from any location. |
| Spear Phishing | A more targeted version of phishing where the email is designed for the specific recipent, often disguised to appear from somebody they know |
| Statement of Applicability (SoA) | A documented statement describing the control objectives and controls that are relevant and applicable to the organisation’s Information Security Management System (ISMS). A key component of an ISMS defined in ISO/IEC 27001:2005. |
| Steganography | A way of encrypting data, hiding it within text or images, often for malicious intent. |
| Traffic Light Protocol | The use of the red, amber, green and white to classify who sensitive information should be shared with. |
| Trojan | A type of malware or virus disguised as legitimate software, that is used to hack into the victim's computer. |
| Two-Factor Authentication (2FA) | Two-factor authentication is an additional layer of security in the protection of important information, information security, and password security. Also see Multi-Factor Authentication. |
| Virtual Private Network (VPN) | An encrypted network often created to allow secure connections for remote users, for example in an organisation with offices in multiple locations or remote workers. |
| Virus | Programs which can self-replicate and are designed to infect legitimate software programs or systems. A form of malware. |
| Virus (Malware) | A computer virus is a piece of software that has been created for malicious purpose to cause harm to the contents or users of a computer. A virus can be instigated by clicking on a link in an email or on a website that makes the user inadvertently download the malicious software or transferred from another computer or external device. A virus can allow unauthorised access to a system to cause disruption or to steal sensitive business or personal information. |
| Vulnerability | A weakness, or flaw, in software, a system or process. An attacker may seek to exploit a vulnerability to gain unauthorised access to a system. |
| Watering Hole Attack | Setting up a fake website (or compromising a real one) in order to exploit visiting users. |
| Whaling | Highly targeted phishing attacks (masquerading as a legitimate emails) that are aimed at senior executives or those in-charge of important resources. |
| Worm | A self-replicating malicous program that uses computer networks to spread. |
| Zero Day | Recently discovered vulnerabilities (or bugs), not yet known to vendors or antivirus companies, that hackers can exploit. |
This list is designed to provide assistance, and not comprehensive. If you have further suggestions to improve this list of the website then please email us
