Someone with some computer skills who uses them to break into computers, systems and networks.
Decoy systems or networks set up to attract potential cyber attackers. They help by limiting malicious access to actual systems by detecting and deflecting attempts and learning from attacks. Multiple honeypots form a honeynet.
See Information Commissioner's Office.
In the UK, an agreement between the NHS and approved organisations that sets out the Information Governance policy and terms and conditions for the use of various NHS IT services.
A breach of the security rules for a system or service, such as:
- attempts to gain unauthorised access to a system
- unauthorised use of systems for the processing or storing of attachments,
- changes to a systems firmware, software or hardware without the system owner's consent,
- malicious disruption and/or denial of service
A process followed in the event of a cyber or data security incident that aims to reduce or eliminate adverse effects and return services to a normal operational condition. Incident management processes can stand alone, but would normally also be included in disaster recovery and business continuity planning.
Information or data; the systems and locations in which they are stored and the means by which they are accessed.
The person responsible for a particular asset or set of information assets.
A list of the assets a organisation uses to carry out its business. See also information asset. Assets usually have asset owners, responsible for their maintenance, who assist the Senior Information Risk Owner (SIRO) in asessing risks and reducing them where possible.
The set of multi-disciplinary structures, policies, procedures, processes and controls required to manage information in support of an organisation's regulatory, legal, risk, environmental and operational requirements. It allows organisations and individuals to ensure information is processed legally, securely,efficiently and effectively.
A document that details the standards, guidance and codes of practice which an organisation must compy with.
Activities involved in managing information throughout its life e.g. when information is obtained, created, retained, stored, retrieved, communicated, used and destroyed. See also Records management.
The collection and management of information from one or more sources, its processing and distribution to one or more audiences.
Holding, obtaining, recording, using and sharing of information. The acronym HORUS (the ancient Egyption sky god) is sometimes used in this connection.
Measures put in place to prevent inappropriate access, modification, manipulation or destruction of information.
The potential for damage to be done maliciously or inadvertently by a legitimate user with privilleged access to systems, networks or data.
Refers to the ability of everyday objects (rather than computers and devices) to connect to the Internet. Examples include kettles, fridges and televisions.