IT and cybersecurity terms glossary

Application system failure

Incident affecting the confidentiality, integrity or availability of an application.

Company mobility management

A set of systems managing mobile computing services or devices for an organization.

Confidentiality

Ability to protect sensitive information from unauthorized access.

Confirmation of biological or behavioral characteristics

Identity verification method that is based on biological characteristics (anatomy and physiology; e.g. face, fingerprints, retinas) or behavioral characteristics (e.g. keyboard typing rhythm, gait) to prove that the person presenting information about an identity is the person who possesses that identity.

NOTE: Confirmation of biological or behavioral characteristics is done through a summons and response protocol: the characteristics recorded in a file or database are compared to those of the person presenting the identity information.

[SOURCE: CAN/CIOSC 103-1:2020]

Cybersecurity incident

An unauthorized attempt, whether successful or unsuccessful, to access, modify, destroy, delete or render inoperable a system resource or computer network.

Data breach

Cybersecurity incident where a person seizes sensitive information without the authorization of the owner.

Denied service

See “service interruption”.

DMARC

Email authentication protocol, short for domain-based message authentication, reporting & conformance. It allows the owner of a given email domain to protect their domain against unauthorized use, commonly called “email spoofing”.

Domain Name System (DNS)

A global distributed and hierarchical nomenclature used to identify entities connected to the Internet.

NOTE: Top-level domains are at the top of the hierarchy.

[SOURCE: ISO/TR 14873:2013]

Encryption

Changing the form of information to hide its content and prevent unauthorized access.

[SOURCE: Canadian Center for Cyber Security]

Firewall

Security barrier between two perimeters controlling the volume and types of traffic allowed to pass from one to the other.

Incident Response Plan

A document establishing the processes, procedures, and documentation for how the organization detects, responds to, and recovers from incidents. Cyber threats, natural disasters and unplanned outages are examples of incidents that impact organizations’ networks, systems and devices.

[SOURCE: Canadian Center for Cyber Security]

Information loss

See “unauthorized disclosure”.

Integrity

Ability to protect information from unauthorized modification and deletion.

Invasion of privacy

Incident involving actual or suspected loss of personal information.

IT

Information technology.

Malicious code

Program or code written to gather information about a system or user, destroy system data, facilitate deeper intrusion into a system, falsify system data or reports, or create nuisances that slow down system operations. system and the activities of maintenance personnel.

NOTE 1: A malicious code attack takes various forms: virus, worm, Trojan horse or other automated exploits.

NOTE 2: Malicious codes are also often called “malware”.

[SOURCE: IEC/TS 62443-1-1:2009]

Malware

Malware designed to infiltrate or damage a computer system. Some common forms include viruses, worms, Trojan horses, spyware and adware.

[SOURCE: Canadian Center for Cyber Security, Glossary]

May/Can

Indication of a possibility of choice with an implicit preference.

Minimal access right

Principle according to which the user is granted only the access permissions he needs to carry out the authorized tasks. This principle limits the damage that may result from unauthorized, incorrect or accidental use of an information system.

[SOURCE: Canadian Center for Cyber Security]

Multi-factor authentication

Authentication method that requires, to verify the user’s identity, a combination of factors (two or more): something that the user knows (e.g. password) or possesses (e.g. physical token ), or a physical attribute (e.g.: biometrics).

Must/Has to/Have to

Indication of a requirement for the design or application of a test method.

Network failure (widespread)

Incident affecting the confidentiality, integrity or availability of a network.

OWASP

Open Web Application Security Project.

Password manager

A computer program that allows the user to store, generate and manage passwords for local applications and online services. It helps produce and recover complex passwords by storing them in an encrypted database or calculating them on demand.

Patching

Updating software or firmware.

Prejudice

Damage suffered by an organization when its IT systems and assets are compromised.

Ransomware

A type of malware that prevents a user from accessing a system or data until they have paid funds or handed over a physical or virtual asset.

Secure mobile service

Security of a mobile device (e.g. cell phone, tablet).

Secure removable media

Security of removable media (e.g. USB key).

Sensitive information

Information that must be protected against unauthorized disclosure.

Service interruption

Incident preventing access to a service or otherwise disrupting normal operation.

Service with impact

Service causing human impact, e.g. ex. finances, support (or assistance), housing, education, recruitment and benefits.

Should

Indication of a possibility of choice with a marked preference; equivalent to “it is strongly recommended”.

Unauthorized access

Access to a physical or logical network, system or data without authorization.

Unauthorized disclosure

Incident affecting the confidentiality, integrity or availability of data.

Unauthorized use

Use of a physical or logical network, system, or data without authorization.

Virtual Private Network (VPN)

A restricted-use logical computer network constructed from the resources of a physical network by using encryption or by tunneling links from the virtual network through the real network.

[SOURCE: ISO/IEC 18028-3:2005]

Wi-Fi Protected Access

A security protocol and security certification program designed by the Wi-Fi Alliance to protect wireless computer networks.

[SOURCE: ISO 20415:2019]

Wireless Local Area Network (WLAN)/(Wi-Fi)

Wireless local area networking technology that allows the connection of electronic devices to the network, primarily using the 2.5 GHz and 5 GHz radio bands.

NOTE 1: “Wi-Fi” is a trademark of the Wi-Fi Alliance.

NOTE 2: “Wi-Fi” is commonly used as a synonym for “WLAN”, since most modern WLAN networks rely on Wi-Fi standards.

[SOURCE: ISO/IEC 27033-6:2016]

 

If you cannot find a term in this glossary and you still have questions about the vocabulary used in our conditions, policies and notices, please send us an email at info@graphixdesign.ca and we will be happy to help you explain the term!