A set of routines, protocols, and tools for building software applications. Put simply, an API specifies how software components should interact.¹

Tools that identify aberrant behavior by an individual or a computer that may suggest there is a risk that needs to be addressed (e.g. that a user has become an insider threat or a computer may have been compromised).

Utilization of remote servers in the data-center of a cloud provider to store, manage, and process data instead of using local computer systems.

The process of integrating multiple data sources to produce more consistent, accurate, and useful information than that provided by any individual data source. ²

An attack that stops authorized access to systems or data, or delays technology operations. If more than one source is used to mount the attack, it becomes a distributed denial of service (DDoS) attack.

The concept that an individual or organizations should have sovereignty over their own digital data ³

The way that internet domain names are located and translated into internet protocol addresses. A domain name is a meaningful and easy-to-remember ‘handle’ for an internet address.

Edge computing describes compute resources beyond the boundaries of data centres. Swarms are formed when these edge devices are able to interact and co-operate as self-organizing intelligent groups.

An endpoint is a remote computing device that communicates back and forth with a network to which it is connected.⁴

A security system that prevents unauthorized access to systems or data on a private network.

The current and developing environment in which disruptive technologies and trends such as the Internet of Things, robotics, virtual reality and artificial intelligence are changing the way we live and work.

An EU regulation that places obligations on organizations in relation to the protection of personal data and requirements to report data breaches.

A framework of policies and technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources.⁵

The process that manages the lifecycle of all incidents (unplanned interruptions or reductions in quality of IT services). The primary objective of this Information Technology Infrastructure Library (ITIL) process is to return access to the IT service to users as quickly as possible. ⁶

A single common functionality combining many different individual clouds into one seamless mass in terms of on-demand operations.⁷

Infrastructure as Code (IaC) uses a high-level descriptive coding language to automate the provisioning of IT infrastructure. This automation eliminates the need for developers to manually provision and manage servers, operating systems, database connections, storage, and other infrastructure elements every time they want to develop, test, or deploy a software application. ⁸

A generic term for malicious software that is developed with a hostile intent, for example to damage or gain unauthorized access to a device or network (e.g. worms, viruses, Trojan horses).

When a conventional password is used for authentication, there will always be a chance that users and administrators will choose machine-guessable passwords and be susceptible to seeing their security compromised. MFA introduces a second factor, either through phone, a card reader or passcode, to authenticate a user. ⁹

The UK’s independent authority on cybersecurity.

A discrete update released by a software vendor to fix vulnerabilities and bugs in existing programmes.

A cyber crime in which individuals or companies are contacted by email, text or phone by someone posing as a trust-worthy source in order to trick the recipient to disclose personal or financial details. This can also be an automated process. It is called Spear Phishing if specifically targeted or Whale Phishing if targeted at senior people.¹⁰

A self-contained set of processes on how to deal with the most common incident types; they include procedures, advice, further enrichment tools and rapid access to the relevant toolsets for remediation.

A class of solutions that help secure, control, manage and monitor users’ privileged access to critical assets.¹⁰

An encryption technology that allows cryptographic (encryption) keys to be exchanged between two parties with guaranteed privacy — typically using photons transmitted through fibre-optic cable. Data transferred in this manner can’t be intercepted or manipulated without leaving clear evidence.

A type of malware that is a form of extortion. It works by encrypting a victim’s hard drive, denying them access to key files. The victim must then pay a ransom to decrypt the files and gain access to them again.

A tool that collates and analyzes log data coming from a variety of sources to help manage security threats.

A facility where analysts work with security tools and threat intelligence to monitor what is happening in the network and take remedial action if issues arise.

Software as a service (SaaS) is a software distribution model in which a cloud provider hosts applications and makes them available to end users over the cloud. ¹¹

A sovereign cloud is a cloud computing architecture that’s designed and built to provide data access in compliance with local laws and regulations. A sovereign cloud service provider will ensure that each subscriber’s data — including their metadata — is protected from foreign access and stored in compliance with the originating country’s privacy mandates. ¹²

A unit of information where a single terabyte is equal to one thousand gigabytes.

A type of cybersecurity process that takes note of the normal conduct of users. In turn, they detect any anomalous behavior or instances when there are deviations from these “normal” patterns. ¹³

A type of hidden malware that self-replicates (by copying its own source code) and infects other computer programs by modifying them. A virus cannot run by itself; it requires a host in order to spread. Once infected, computer programs and machines are compromised.

A ‘zero-day’ (or zero-hour or 0-day) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others or undisclosed to the software developer. Zero-day exploits (actual code that can use a security hole to carry out an attack) are used or shared by attackers before the software developer knows about the vulnerability.

A zero trust approach is a cybersecurity paradigm focused on resource protection (e.g. services and data) and the premise that trust is never granted implicitly but must be continually evaluated. ¹⁴