A set of rules or instructions for solving a problem or carrying out a calculation, especially using computer.
Lexicon of Cyber Security terms and phrases
A suite of business-driven data, analytics and Internet of Things (IoT) solutions and services.
Looking for aberrant behaviour by an individual or a computer that may suggest there is a risk that needs to be addressed (eg that a user may have become an ‘insider threat’ or a computer may have been compromised).
A large number of computers compromised in a concerted way in order to spread a virus, send spam or flood a network with messages to carry out a denial of service attack (eg the Mirai Virus used for major attacks).
A sustained attack that tries all possibilities, one by one, until it is successful.
Computer Emergency Response Team (CERT)
An organisation that studies computer and network information security in order to provide incident response services to victims of attacks, publish alerts concerning vulnerabilities and threats, and offer other information to help improve computer and network security.
Day Zero (or Zero Day)
The day that a new vulnerability appears which systems are not protected against using existing anti-virus software. A ‘zero day exploit’ is an exploit for which no patch is yet available.
Denial of Service attack (DoS/DDoS)
An attack that stops authorised access to systems or data, or delays technology operations. If more than one source is used to mount the attack, it becomes a distributed denial of service (DDos) attack.
A process to convert data into code that conceals the data’s original meaning to prevent it from being accessed, understood or used.
A code that finds a vulnerability in a machine or network and exploits it
A security system that prevents unauthorised access to systems or data on a private network.
GDPR (General Data Protection Regulation)
The EU’s data protection regulation that comes into effect in May 2018 and places obligations on organisations in relation to the protection of personal data and requirements to report data breaches.
IP (Internet Protocol) Address
A unique numerical identifier for every device connected to the internet which serves both to identify and locate the device.
A generic term for software that is developed with a hostile intent, for example to damage or gain unauthorised access to a device or network (eg worms, viruses, Trojan horses).
The UK’s National Cyber Security Centre, part of GCHQ, established to enable the UK to manage the cyber threat.
Open source (ie publicly available) intelligence that can be added to other intelligence feeds to enrich understanding of the threat.
A discrete update released by a software vendor to fix vulnerabilities and bugs in existing programs.
Circumventing a system or network’s security controls in order to gain unauthorised access.
A cyber crime in which individuals or companies are contacted by email, text or phone by someone posing as a trustworthy source in order to trick the recipient to disclose personal or financial details. This can also be an automated process. It is called Spear Phishing if specifically targeted or Whale Phishing if targeted at senior people.
Capability that analyses network traffic to identify potential threats.
Capability that uses machine learning and artificial intelligence to identify a potential issue, and then takes action to prevent the threat developing.
Raw text before it has been encrypted or after it has been decrypted.
SIEM (Security Incident Event Management)
Tool that collates and analyses log data coming from a variety of sources to help manage security threats.
SOC (Security Operations Centre)
Facility where analysts work with security tools and threat intelligence to monitor what is happening in the network and take remedial action if issues arise.
A type of hidden malware that is designed to look useful or benign, but is developed and used with malicious intent.
A type of hidden malware that self-replicates (by copying its own source code) and infects other computer programs by modifying them. A virus cannot run by itself; it requires a host in order to spread. Once infected, computer programs and machines are compromised.
A computer program that can run independently, can propagate a complete working version of itself onto other hosts on a network, and may consume computer resources destructively.