Glossary of IT and cybersecurity terms

Unauthorized access

Access to a physical or logical network, system or data without authorization.

Wi-Fi Protected Access

A security protocol and security certification program designed by the Wi-Fi Alliance to protect wireless computer networks.

[SOURCE: ISO 20415:2019]

Patching

Updating software or firmware.

Invasion of privacy

Incident involving actual or suspected loss of personal information.

Data breach

Cybersecurity incident where a person seizes sensitive information without the authorization of the owner.

Multi-factor authentication

Authentication method that requires, to verify the user’s identity, a combination of factors (two or more): something that the user knows (e.g. password) or possesses (e.g. physical token ), or a physical attribute (e.g.: biometrics).

Encryption

Changing the form of information to hide its content and prevent unauthorized access.

[SOURCE: Canadian Center for Cyber Security]

Malicious code

Program or code written to gather information about a system or user, destroy system data, facilitate deeper intrusion into a system, falsify system data or reports, or create nuisances that slow down system operations. system and the activities of maintenance personnel.

NOTE 1: A malicious code attack takes various forms: virus, worm, Trojan horse or other automated exploit.

NOTE 2: Malicious code is also often called “malware”.

[SOURCE: IEC/TS 62443-1-1:2009]

Confidentiality

Ability to protect sensitive information from unauthorized access.

Confirmation of biological or behavioral characteristics

Identity verification method that is based on biological characteristics (anatomy and physiology; e.g. face, fingerprints, retinas) or behavioral characteristics (e.g. keyboard typing rhythm, gait) to prove that the person presenting information about an identity is the person who possesses that identity.

NOTE: Confirmation of biological or behavioral characteristics is done through a summons and response protocol: the characteristics recorded in a file or database are compared to those of the person presenting the identity information.

[SOURCE: CAN/CIOSC 103-1:2020]

Network failure (widespread)

Incident affecting the confidentiality, integrity or availability of a network.

Application system failure

Incident affecting the confidentiality, integrity or availability of an application.

Denied service

See “service interruption”.

Should/should

Indication of a possibility of choice with a marked preference; equivalent to “it is strongly recommended”.

Unauthorized disclosure

Incident affecting the confidentiality, integrity or availability of data.

DMARC

Email authentication protocol, short for domain-based message authentication, reporting & conformance. It allows the owner of a given email domain to protect their domain against unauthorized use, commonly called “email spoofing”.

Must/must

Indication of a requirement for the design or application of a test method.

Minimum access right

Principle according to which the user is granted only the access permissions he needs to carry out the authorized tasks. This principle limits the damage that may result from unauthorized, incorrect or accidental use of an information system.

[SOURCE: Canadian Center for Cyber Security]

Enterprise mobility management

A set of systems managing mobile computing services or devices for an organization.

Password manager

A computer program that allows the user to store, generate and manage passwords for local applications and online services. It helps produce and recover complex passwords by storing them in an encrypted database or calculating them on demand.

Cybersecurity incident

An unauthorized attempt, whether successful or unsuccessful, to access, modify, destroy, delete or render inoperable a system resource or computer network.

Sensitive information

Information that must be protected against unauthorized disclosure.

Integrity

Ability to protect information from unauthorized modification and deletion.

Service interruption

Incident preventing access to a service or otherwise disrupting normal operation.

Malware

Malware designed to infiltrate or damage a computer system. Some common forms include viruses, worms, Trojan horses, spyware and adware.

[SOURCE: Canadian Center for Cyber Security, Glossary]

OWASP

Open Web Application Security Project.

Firewall

Security barrier between two perimeters controlling the volume and types of traffic allowed to pass from one to the other.

Loss of information

See “unauthorized disclosure”.

May/can

Indication of a possibility of choice with an implicit preference.

Incident Response Plan

A document establishing the processes, procedures, and documentation for how the organization detects, responds to, and recovers from incidents. Cyber threats, natural disasters and unplanned outages are examples of incidents that impact organizations’ networks, systems and devices.

[SOURCE: Canadian Center for Cyber Security]

Prejudice

Damage suffered by an organization when its IT systems and assets are compromised.

Ransomware

A type of malware that prevents a user from accessing a system or data until they have paid funds or handed over a physical or virtual asset.

Wireless Local Area Network (WLAN)/(Wi-Fi)

Wireless local area networking technology that allows the connection of electronic devices to the network, primarily using the 2.5 GHz and 5 GHz radio bands.

NOTE 1: “Wi-Fi” is a trademark of the Wi-Fi Alliance.

NOTE 2: “Wi-Fi” is commonly used as a synonym for “WLAN”, since most modern WLAN networks rely on Wi-Fi standards.

[SOURCE: ISO/IEC 27033-6:2016]

Virtual Private Network (VPN)

A restricted-use logical computer network constructed from the resources of a physical network by using encryption or by tunneling links from the virtual network through the real network.

[SOURCE: ISO/IEC 18028-3:2005]

Service with impact

Service causing human impact, e.g. ex. finances, support (or assistance), housing, education, recruitment and benefits.

Secure mobile service

Security of a mobile device (e.g. cell phone, tablet).

Secure removable media

Security of removable media (e.g. USB key).

Domain Name System (DNS)

A global distributed and hierarchical nomenclature used to identify entities connected to the Internet.

NOTE: Top-level domains are at the top of the hierarchy.

[SOURCE: ISO/TR 14873:2013]

IT

Information technology.

Unauthorized use

If you cannot find a term in this glossary and you still have questions about the vocabulary used in our conditions, policies and notices, please write to us at info@graphixdesign.ca and we will be happy to help you explain the term!

Obtenez cette formation en vous abonnant à la Compta Box.