Cyber Security – Glossary of Terms
Advanced Persistent Threat (APT)
A cyber attack that uses sophisticated techniques to conduct cyber espionage or other malicious activity on an ongoing basis against targets such as governments and companies. Typically conducted by an adversary with sophisticated levels of expertise and significant resources – frequently associated with nation-state players.
These attacks tend to come from multiple entry points and may use several attack vectors (e.g. cyber, physical, deception). Once a system has been breached, it can be very difficult to end the attack.
A notification that a cyber security threat to your information system has been detected or is underway.
Antivirus software is used to monitor a computer or network, to detect cyber security threats ranging from malicious code to malware. As well as alerting you to the presence of a threat, antivirus programs may also remove or neutralise malicious code.
A characteristic or distinctive pattern that can help link one attack to another, identifying possible actors and solutions.
The agent behind the threat: a malicious actor who seeks to change, destroy, steal or disable the information held on computer systems and then exploit the outcome.
The process of verifying the identity or other attributes of a user, process or device.
Observing the activities of users, information systems, and processes. Can be used to measure these activities against organisational policies and rule, baselines of normal activity, thresholds, and trends.
A list of entities (users, devices) that are either blocked, denied privileges or access.
The defence group in a mock cyber security attack. The Blue Team defends the enterprise’s information systems while the Red Team attacks. These mock attacks typically take place as part of an operational exercise established and monitored by a neutral group, the White Team.
A computer connected to the Internet that has been compromised with malicious logic to undertake activities under the command and control of a remote administrator.
A network of infected devices, connected to the Internet, used to commit coordinated cyber attacks without their owner’s knowledge.
The unauthorised access of data, computer systems or networks.
Bring your own device (BYOD)
A strategy or policy whereby an organisation permits employees to use their personal devices for work purposes.
Brute force attack
An attack in which computational power is used to automatically enter a vast quantity of number combinations in order to discover passwords and gain access.
A relatively minor defect or flaw in an information syst1em or device.