Cyber Security Key Words: Module 1

CIA

Confidence, Integrity and Availability

Cloud

a network made up of a collection of servers or computers that store resources and data in remote physical locations known as data centres that can be accessed via the internet.

Cloud security

The process of ensuring that assets stored in the cloud are properly configured, or set up correctly, and access to those assets is limited to authorised users.

Compliance

The process of adhering to internal standards and external regulations and enables organisations to avoid fines and security breaches.

Cybersecurity (or security)

The practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorised access or criminal exploitation

External threats

someone outside of the organisation trying to gain access to private information, networks or devices

Incident response

Established policies and procedures for responding to incidents. Could include conducting an investigation to identify the root issue and remediation.

Identity Theft

The act of stealing personal information to commit fraud while impersonating a victim. The primary objective is financial gain.

Internal Threats

Current or former employees, external vendors, or trusted partners.

Intrusion Detection Systems (IDSs)

Used to monitor system activity and alert at possible intrusions, helping to keep data and assets safe.

Network Security

The practice of keeping an organisation’s network infrastructure secure from unauthorised access. This includes data, services and devices that are stored in an organisation’s network.

NIST

National Institute of Standards and Technology

PII

Personally Identifying Information

Personally Identifying Information (PII)

(key asset) Any information used to infer an individual’s identity. This information includes full name, DOB, address, phone number or email address, internet protocol (IP)

Programming

a process that can be used to create a specific set of instructions for a computer to execute tasks.

Programming tasks

Automation of repetitive tasks, Reviewing web traffic, Alerting suspicious activity

Security Controls

Safeguards designed to reduce specific security risks. They are used with security frameworks to establish a strong security posture

Security Information and Event Management (SIEM)

Tools that collect and analyse log data or record events e.g. suspicious login behaviour.

Security Frameworks

Guidelines used for building plans to help mitigate risks and threats to data and privacy

Security Posture

An organisation’s ability to manage its defence of critical assets and data and react to change. A strong posture leads to a lower risk for the organisation.

SPII

Sensitive Personally Identifiable Information

Sensitive Personally Identifiable Information (SPII)

(key asset) This information includes Social Security No.s, Medical and Financial information and biometric data such as facial recognition. This is a specific type of PII that falls under stricter handling guidelines.

Technical skills

Skills that require knowledge of specific tools, procedures, and policies

Threat

Any circumstance or event that can negatively impact assets

Threat Actor

Any person or group who presents a security risk. This risk can relate to computers, applications, networks, and data.

Threat Landscape Knowledge

Awareness of current trends relating to threat actors, malware or threat methodologies. This awareness and knowledge helps to recognise new threats e.g. ransomware variants.

Transferable skills: Skills from other areas that can apply to different careers