A range of measures and processes that ensure entry to a computer system, network or premises is restricted to particular and authorised users only.
Authorising or allowing connections or applications in order to protect systems from potential harm.
The opposite of deny list or denylisting q.v.
Note: This is a replacement for whitelist and whitelisting. Using 'black' and 'white' to show approval status is now regarded as pejorative. The NCSC has stopped using terms based on colour and other organisations should also deprecate avoid them.
Usually a combination of letters and numbers. The term is often used in relation to passwords.
See also Special characters
The process for converting personal data into data that does not directly identify an individual and cannot reasonably be used to determine identity. The processs typically requires the removal of identifiers such as name, address, National Insurance Number, NHS Number and any other detail or combination of details that might support identification.
Aggregate or statistical information is a form of anonymised data.
Software that is designed to detect, stop and remove viruses and other kinds of malicious software.
Short for 'application'. Typically refers to a software program for a smartphone or tablet although programs on personal computers are sometimes also referred to as apps.
Anything that has value to an organisation, its business operations or its ability to continue supplying a service.
Malicious actor who seeks to exploit computer and communications systems with the intent to access, change, destroy, steal or disable their information, and then exploit the outcome.
A planned and documented activity to determine by investigation, examination, or evaluation of objective evidence, the adequacy and compliance with established procedures, or applicable documents, and the effectiveness of implementation. Audit can be an 'internal' process or an 'external' one and in some cases audit is required by law.
The process of determining if someone (or something) is who (or what) he/she/it claims to be. This is used to ensure that only the right people or systems have access to the (digital) assets they are entitled to have access to.
Prohibiting the use of applications or connections in order to protect systems from potential harm.
The opposite of whitelist(ing) q.v.
Note: Using 'black' and 'white' to show approval status is now regarded as pejorative. The NCSC has stopped using terms based on colour and other organisations should also deprecate avoid them.
See also: Allowlisting and Denylisting
A network of infected devices, connected to the Internet, used to commit coordinated cyber attacks without their owner's knowledge.
Although the term can be applied to any type of data, it is typically used in relatioin to Personal Data, where a Personal Data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed (GDPR Article 4).
A software application which presents information and services from the web on a device such as a personal computer, tablet or mobile phone. Examples include Chrome, Safari, Firefox, Edge, Internet Explorer, Opera, Konqueror,Brave etc.
Using computational power to automatically enter a huge number of combinations of values, usually in order to discover passwords and gain access.
An organisation's strategy or policy that allows employees to use their own personal devices for work purposes.