IT Security Glossary – a guide to understanding security jargon
Posted on July 23, 2020
Protecting your business’ data and your customers’ information is vital, but it can also be overwhelming. Many of these concepts are relatively new and the terms we use to explain them are often used interchangeably. Here is a guide to understanding the most commonly used technical terms around cyber security.
Business Continuity Plan (BCP)
This is the strategy an organisation takes to continue their critical business operations after a crisis. The core is a priority list where critical business functions are the focus and tertiary operations are temporarily suspended. Many businesses also include disaster prevention in their plan and implement safeguards to mitigate risk.
A deliberate attempt to gain unauthorised access to a computer system. Generally launched from one computer against another computer or network. The goal could be to steal information, to hold a business to ransom, to disable a network or to simply uncover a weakness in an organisation’s system.
The practice of preventing unauthorised access to computers, networks or electronic systems. It is generally used interchangeably with ‘IT Security’.
A data breach occurs when protected information, often customers’ data, is accessed by an unauthorised party. This could include full names, tax information and credit card details. Data breaches can happen internally where unauthorised staff access and leak information or externally where outside threats break into the system to steal information.
A specific area of IT security planning covering emergency procedures for recovering critical IT systems in case of an emergency. It includes key recovery team personnel, up to date information on all software and third-party vendors and the steps for restoring information systems following an outage. Disaster Recovery is a subset of a Business Continuity Plan.
A network security service that monitors and blocks unauthorised access. It acts as a defence system for a computer or network and makes sure to block any ‘blacklisted’ data.
This is the process of taking data or a message and encoding it so that only certain people can read it. It keeps data safe and confidential as it’s sent over the internet. The message contained in an encrypted message is referred to as plaintext. In its encrypted, unreadable form it is referred to as ciphertext.
Malicious Software, or ‘Malware’ is the term given to any program that is designed to cause damage or disruption to a computer, server or network. Common types of Malware are viruses, ransomware and spyware.
Notifiable Data Breach (NDB) scheme
The NDB scheme, managed by the Office of the Australian Information Commissioner (OAIC), says that in the case of a data breach that is likely to result in harm, organisations must notify affected individuals and the OAIC. The mandate applies to any organisation or agency the Privacy Act 1988 covers (which includes any Government agencies and organisations with an annual turnover of more than $3 million). For more information on the NDB visit the OAIC website.
Two Factor Authentication (2FA)
Also referred to as ‘Two Step Authentication’, 2FA is method of confirming a user’s authorisation when they login to a secure account. It requires users to give not only a password, but another piece of information. Often it will be a code that is sent in real time to the user’s registered phone or email. This acts an extra layer of security to help prevent unauthorised access.
While this list isn’t exhaustive, we hope that it helps you to get your head around some of the terms commonly used. At efex we have IT Security specialists who can work with you to make sure your systems are adequately protected. They can evaluate your technology questions concerning security breach prevention and recovery. For more information, contact us