Glossary Flashcards
Assurance
A positive acknowledgement designed to provide confidence.
Asymmetric cryptography
A cryptographic system requiring two separate keys, one of which is private and one of which is public.
Acceptable Use Policy (AUP)
A policy used to identify what personal use of company resources is acceptable.
Accountability
The principle of holding individuals and entities responsible for their actions and decisions related to information security.
Accredited
Accredited refers to the official recognition or certification given to an individual, organization, or program that meets specific standards or criteria set by a reputable accrediting body.
Active Content
Content on a website that is either interactive, such as internet polls, or dynamic, such as animated pictures, JavaScript applications or ActiveX applications.
Analysis
The detailed examination of the elements or structure of an entity.
Anti-Virus
Software designed to negate or destroy a computer virus
Assessment
An estimation of the nature or quality of an entity.
Asset
Something that has a value to an organisation
Audit
A formal inspection of an organisation’s processes or procedures.
Authentication
The assurance that a person or entity is who they claim to be.
Authorisation
the process of granting or restricting access to resources, systems, or information based on the permissions and privileges assigned to individuals or entities, ensuring that only authorised users can perform certain actions or access specific data.
Availability
The property of being accessible where and when required by an authorised person, entity, or process.
Avoidance
Avoidance refers to the deliberate action of eliminating or staying away from a particular risk or situation to prevent its occurrence or potential negative impact.
Backdoor
A method of bypassing normal authentication methods, securing illegal remote access to a computer.
Baseline controls
Standards that are used to define how systems should be configured, and managed securely.
Biometric
Biometric identifiers are the distinctive, measurable characteristics used to label, describe and identify individuals.
E.G. Face recognition, finger print, voice recognition.
Bring your own device (BYOD)
A scheme adopted by some organisations that permits staff to use their own desktop and laptop, computers, tablets and smartphones.
Business continuity (BC)
The ability of an organisation to continue to function in order to deliver its products or services at an acceptable level following a business disruption.
Business Continuity and Disaster Recovery (BCDR)
BCDR focuses on maintaining critical business functions, processes, and infrastructure during and after disruptive events, such as natural disasters, cyber attacks, or system failures, to ensure the organization can continue operating and recover swiftly.
Business impact analysis (BIA)
The process of analysing the consequences a business disruption might have upon the organisation’s assets.
Certification
A process confirming that a person has reached a predefined level of Achievement.
Classification
The arrangement of items into taxonomic groups in the information security context, it labels information to identify any defined processing, handling, storage or transmission measures required to ensure appropriate security.
Code of conduct
A policy that may apply to individuals to ensure that they behave in a certain way.
Compliance
Acting in accordance with a set of rules or a policy.
Confidentiality
The principle of ensuring that sensitive information is only accessed or disclosed by authorized individuals and protected from unauthorized access or disclosure.
Corrective controls
Security measures and actions taken in response to identified security incidents, vulnerabilities, or non-compliance issues to mitigate risks, rectify the situation, and prevent future occurrences. (A form of Risk treatment)
Countermeasure
An action taken to counteract a threat.
Cover time
The minimum time for which information must remain secret.
Cross site request forgery (CSRF)
Cross-Site Request Forgery (CSRF) is an attack where an attacker tricks a user’s browser into performing unwanted actions on a trusted website without the user’s knowledge or consent.
Cross-Site Scripting (XXS)
A type of web vulnerability that allows attackers to inject malicious scripts or code into web pages viewed by other users. Occurs when a website or web application does not properly validate or sanitize user input, such as input entered into input fields or parameters in URLs.
Cryptanalysis
The practice of analysing and deciphering encrypted data or cryptographic systems with the goal of uncovering the original information, discovering weaknesses in the encryption algorithms, or finding methods to bypass or break the encryption.
Cryptography
The art and science of encoding information to secure it from unauthorized access or modification during transmission or storage.
Data leakage (also known as data loss prevention)
Measures taken to prevent the unauthorised extraction of data from an organisation.
Decryption
The process of taking encrypted information and returning it to a state of Plaintext.
Defence in depth
A security strategy that involves implementing multiple layers of defence mechanisms and controls to protect against various types of threats and attacks. Rather than relying on a single security measure, defence in depth seeks to create overlapping layers of security that complement and reinforce one another.
Deming Cycle
The Deming Cycle, also known as the Plan-Do-Check-Act (PDCA) cycle, is a continuous improvement model used to achieve quality control and process improvement. It involves four iterative steps: planning (identifying objectives and processes), doing (implementing the plan), checking (monitoring and evaluating the results), and acting (making necessary adjustments and standardizing improvements) in order to continually enhance performance and efficiency.
Denial of service (DoS)
A malicious attack or deliberate action that disrupts or overwhelms a computer system, network, or service, rendering it inaccessible or unusable for legitimate users.
Directive controls
Security measures that use policies, procedures, and guidelines to provide explicit instructions and guidance to individuals or entities, ensuring compliance with security requirements and mitigating risks.
Disaster recovery (DR)
The process and strategies put in place to restore and recover critical systems, data, and infrastructure after a disruptive event or disaster, aiming to minimize downtime and resume normal operations as efficiently and effectively as possible.
Distributed Denial of Service (DDoS)
A cyber attack where multiple compromised devices or systems flood a target network or server with a massive volume of traffic, rendering it inaccessible to legitimate users.
Detective controls
A form of risk treatment, these are tactical controls that identify events while they are taking place.
Digital certificate
An electronic document that uses a digital signature to bind a public key with an identity -information such as the name of a person or an organisation, their address and so forth.
Digital signature
A mathematical scheme for demonstrating the authenticity of a digital message or document.
DOM-based XSS (Document Object Model Cross site scripting)
The malicious script or code manipulates the Document Object Model (DOM) of a web page, affecting its behaviour and potentially compromising the security of the user’s session.
Domain
A domain is a unique and recognizable name associated with a website or network that allows users to access resources on the internet.
Encryption
The process of encoding messages (or information) in such a way that eavesdroppers or hackers cannot read it but authorised parties can.
Evaluation
the systematic assessment and analysis of something to determine its effectiveness, quality, and value, providing insights for decision-making and improvement.
False positive
An indication that something has been detected or has happened when in fact, it has not happened.