A set of routines, protocols, and tools for building software applications. Basically, an API specifies how software components should interact.¹

Looking for aberrant behaviour by an individual or a computer that may suggest there is a risk that needs to be addressed (e.g. that a user has become an insider threat or a computer may have been compromised).

Designed with payloads capable of running on multiple platforms e.g. Windows, Linux MacOS X. The implication is that the potential reach and impact of a single piece of such malware is significantly larger than for OS specific variants.

A malicious use of a person or persons’ computing power to mine cryptocurrencies without consent. Often the victim has no idea their device is being used.²

The unauthorised copying, transfer or retrieval of data from a computer or server.

The process of integrating multiple data sources to produce more consistent, accurate, and useful information than that provided by any individual data source.³

An attack that stops authorised access to systems or data, or delays technology operations. If more than one source is used to mount the attack, it becomes a distributed denial of service (DDoS) attack.

An area of forensic science that deals with the analysis of data retrieved from digital devices connected with investigations into computer crime.

The way that internet domain names are located and translated into internet protocol addresses. A domain name is a meaningful and easy-to-remember ‘handle’ for an internet address.

Edge computing describes compute resources beyond the boundaries of data centres. Swarms are formed when these edge devices are able to interact and co-operate as self-organising intelligent groups.

An endpoint is a remote computing device that communicates back and forth with a network to which is it connected.⁴

In the context of cyber security, a code that finds a vulnerability in a machine or network and exploits it.

A security system that prevents unauthorised access to systems or data on a private network.

The current and developing environment in which disruptive technologies and trends such as the Internet of Things, robotics, virtual reality and artificial intelligence are changing the way we live and work.⁵

Regulation that places obligations on organisations in relation to the protection of personal data and requirements to report data breaches.

A framework of policies and technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources.⁶

Manages the lifecycle of all incidents (unplanned interruptions or reductions in quality of IT services). The primary objective of this Information Technology Infrastructure Library (ITIL) process is to return the IT service to users as quickly as possible.⁷

A single common functionality combining many different individual clouds into one seamless mass in terms of on-demand operations.⁸

A generic term for malicious software that is developed with a hostile intent, for example to damage or gain unauthorised access to a device or network (e.g. worms, viruses, Trojan horses).

The UK’s independent authority on cyber security.

A discrete update released by a software vendor to fix vulnerabilities and bugs in existing programmes.

In computer security, the payload is the part of the private user text which could also contain malware such as worms or viruses which performs the malicious action; deleting data, sending spam or encrypting data.⁹

A cyber crime in which individuals or companies are contacted by email, text or phone by someone posing as a trustworthy source in order to trick the recipient to disclose personal or financial details. This can also be an automated process. It is called Spear Phishing if specifically targeted or Whale Phishing if targeted at senior people.

A self-contained set of processes on how to deal with the most common incident types; they include procedures, advice, further enrichment tools and rapid access to the relevant toolsets for remediation.

A complicated computer virus that affects data types and functions. It is a self-encrypted virus designed to avoid detection by a scanner. Upon infection, the polymorphic virus duplicates itself by creating usable, albeit slightly modified, copies of itself.¹⁰

A class of solutions that help secure, control, manage and monitor users’ privileged access to critical assets.¹¹

Quantum key distribution allows cryptographic (encryption) keys to be exchanged between two parties with guaranteed privacy – typically using photons transmitted through fibre-optic cable. Data transferred in this manner can’t be intercepted or manipulated without leaving clear evidence.

A type of malware that is a form of extortion. It works by encrypting a victim’s hard drive, denying them access to key files. The victim must then pay a ransom to decrypt the files and gain access to them again.

Tool that collates and analyses log data coming from a variety of sources to help manage security threats.

Facility where analysts work with security tools and threat intelligence to monitor what is happening in the network and take remedial action if issues arise.

Information technology (IT) applications and infrastructure that are managed and utilised without the knowledge of the enterprise’s IT department.¹²

A unit of information where a single terabyte is equal to one thousand gigabytes.¹³

A type of cyber security process that takes note of the normal conduct of users. In turn, they detect any anomalous behaviour or instances when there are deviations from these “normal” patterns.¹⁴

A type of hidden malware that self-replicates (by copying its own source code) and infects other computer programs by modifying them. A virus cannot run by itself; it requires a host in order to spread. Once infected, computer programmes and machines are compromised.

A ‘0 day’ (or zero-hour or zero-day) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others or undisclosed to the software developer. Zero-day exploits (actual code that can use a security hole to carry out an attack) are used or shared by attackers before the software developer knows about the vulnerability.