A - B

Access controls

A range of measures and processes that ensure entry to a computer system, network or premises is restricted to particular…

A range of measures and processes that ensure entry to a computer system, network or premises is restricted to particular and authorised users only.

Allowlist(ing)

Authorising or allowing connections or applications in order to protect systems from potential harm. The opposite of deny list or…

Authorising or allowing connections or applications in order to protect systems from potential harm.

The opposite of deny list or denylisting q.v.

Note: This is a replacement for whitelist and whitelisting.  Using 'black' and 'white' to show approval status is now regarded as pejorative.  The NCSC has stopped using terms based on colour and other organisations should also deprecate avoid them.

Alphanumeric

Usually a combination of letters and numbers. The term is often used in relation to passwords. See also Special characters

Usually a combination of letters and numbers. The term is often used in relation to passwords.

See also Special characters

Anonymisation

The process for converting personal data into data that does not directly identify an individual and cannot reasonably be used…

The process for converting personal data into data that does not directly identify an individual and cannot reasonably be used to determine identity. The processs typically requires the removal of identifiers such as name, address, National Insurance Number, NHS Number and any other detail or combination of details that might support identification.

Aggregate or statistical information is a form of anonymised data.

Antivirus

Software that is designed to detect, stop and remove viruses and other kinds of malicious software.

Software that is designed to detect, stop and remove viruses and other kinds of malicious software.

App

Short for 'application'. Typically refers to a software program for a smartphone or tablet although programs on personal computers are…

Short for 'application'. Typically refers to a software program for a smartphone or tablet although programs on personal computers are sometimes also referred to as apps.

Asset

Anything that has value to an organisation, its business operations or its ability to continue supplying a service.

Anything that has value to an organisation, its business operations or its ability to continue supplying a service.

Attacker

Malicious actor who seeks to exploit computer and communications systems with the intent to access, change, destroy, steal or disable…

Malicious actor who seeks to exploit computer and communications systems with the intent to access, change, destroy, steal or disable their information, and then exploit the outcome.

Audit

A planned and documented activity to determine by investigation, examination, or evaluation of objective evidence, the adequacy and compliance with…

A planned and documented activity to determine by investigation, examination, or evaluation of objective evidence, the adequacy and compliance with established procedures, or applicable documents, and the effectiveness of implementation. Audit can be an 'internal' process or an 'external' one and in some cases audit is required by law.

Authentication

The process of determining if someone (or something) is who (or what) he/she/it claims to be. This is used to…

The process of determining if someone (or something) is who (or what) he/she/it claims to be. This is used to ensure that only the right people or systems have access to the (digital) assets they are entitled to have access to.

Blacklist(ing)

Prohibiting the use of applications or connections in order to protect systems from potential harm. The opposite of whitelist(ing) q.v.…

Prohibiting the use of applications or connections in order to protect systems from potential harm.

The opposite of whitelist(ing) q.v.

Note: Using 'black' and 'white' to show approval status is now regarded as pejorative.  The NCSC has stopped using terms based on colour and other organisations should also deprecate avoid them.

See also: Allowlisting and Denylisting

Botnet

A network of infected devices, connected to the Internet, used to commit coordinated cyber attacks without their owner's knowledge.

A network of infected devices, connected to the Internet, used to commit coordinated cyber attacks without their owner's knowledge.

Breach

Although the term can be applied to any type of data, it is typically used in relatioin to Personal Data,…

Although the term can be applied to any type of data, it is typically used in relatioin to Personal Data, where a Personal Data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed (GDPR Article 4).

Browser

A software application which presents information and services from the web on a device such as a personal computer, tablet…

A software application which presents information and services from the web on a device such as a personal computer, tablet or mobile phone. Examples include Chrome, Safari, Firefox, Edge, Internet Explorer, Opera, Konqueror,Brave etc.

Brute force attack

Using computational power to automatically enter a huge number of combinations of values, usually in order to discover passwords and…

Using computational power to automatically enter a huge number of combinations of values, usually in order to discover passwords and gain access.

BYOD - Bring Your Own Device

An organisation's strategy or policy that allows employees to use their own personal devices for work purposes.

An organisation's strategy or policy that allows employees to use their own personal devices for work purposes.