NCSC Glossary

www.ncsc.gov.uk @ncscFor more information go to

AntivirusSoftware that is designedto detect, stop and removeviruses and other kinds ofmalicious software.

+

Cyber securityThe protection of devices,services and networks - andthe information on them- from theft or damage.

FirewallHardware or softwarewhich uses a defined ruleset to constrain networktraffic to preventunauthorised access to(or from) a network.

RansomwareMalicious software thatmakes data or systemsunusable until the victimmakes a payment.

Two-factor authentication(2FA)

The use of two differentcomponents to verify auser's claimed identity.Also known as multi-factorauthentication.

BotnetA network of infecteddevices, connectedto the Internet, usedto commit co-ordinatedcyber attacks withouttheir owners' knowledge.

Bring your own device(BYOD)

An organisation's strategyor policy that allowsemployees to use theirown personal devicesfor work purposes.

CloudWhere shared computeand storage resources areaccessed as a service (usuallyonline), instead of hostedlocally on physical services.

Cyber attackMalicious attempts todamage, disrupt or gainunauthorised access tocomputer systems, networksor devices, via cyber means.

Denial of Service (DoS)When legitimate users are denied access to computerservices (or resources),usually by overloadingthe service with requests.

Digital footprintA 'footprint' of digitalinformation that a user'sonline activity leavesbehind.

EncryptionA mathematical functionthat protects informationby making it unreadable byeveryone except those withthe key to decode it.

End user deviceCollective term todescribe modernsmartphones, laptopsand tablets that connectto an organisation'snetwork.

Internet of Things (IoT)Refers to the ability ofeveryday objects (ratherthan computers anddevices) to connect tothe Internet. Examplesinclude kettles, fridgesand televisions.

MacroA small program that canautomate tasks inapplications (such asMicrosoft Office) whichattackers can use to gainaccess to (or harm) a system.

MACRO

Patching

PhishingUntargeted, mass emailssent to many people askingfor sensitive information(such as bank details) orencouraging them to visita fake website.

Software as a Service(SaaS)

Describes a businessmodel where consumersaccess centrally-hostedsoftware applicationsover the Internet.

Social engineeringManipulating peopleinto carrying out specificactions, or divulging information, that's ofuse to an attacker.

Spear-phishingA more targeted formof phishing, where theemail is designed to looklike it's from a person therecipient knows and/ortrusts.

TrojanA type of malware orvirus disguised aslegitimate software,that is used to hack intothe victim's computer.

Water-holing(watering hole attack)

Setting up a fakewebsite (orcompromising areal one) in orderto exploit visiting users.

WhalingHighly targeted phishingattacks (masqueradingas legitimate emails)that are aimed at seniorexecutives.

WhitelistingAuthorising approvedapplications for usewithin organisations inorder to protect systemsfrom potentially harmfulapplications.

Zero-dayRecently discoveredvulnerabilities (or bugs),not yet known to vendorsor antivirus companies,that hackers can exploit.

0

Applying updates tofirmware or software toimprove security and/orenhance functionality.

DoS

This glossary explains some common words and phrases relating to cybersecurity, originally published via the @NCSC Twitter channel throughoutDecember. The NCSC is working to demystify the jargon used within thecyber industry. For an up-to-date list, please visit www.ncsc.gov.uk/glossary.

© Crown Copyright 2016