Application system failure
Incident affecting the confidentiality, integrity or availability of an application.
Company mobility management
A set of systems managing mobile computing services or devices for an organization.
Confidentiality
Ability to protect sensitive information from unauthorized access.
Confirmation of biological or behavioral characteristics
Identity verification method that is based on biological characteristics (anatomy and physiology; e.g. face, fingerprints, retinas) or behavioral characteristics (e.g. keyboard typing rhythm, gait) to prove that the person presenting information about an identity is the person who possesses that identity.
NOTE: Confirmation of biological or behavioral characteristics is done through a summons and response protocol: the characteristics recorded in a file or database are compared to those of the person presenting the identity information.
[SOURCE: CAN/CIOSC 103-1:2020]
Cybersecurity incident
An unauthorized attempt, whether successful or unsuccessful, to access, modify, destroy, delete or render inoperable a system resource or computer network.
Data breach
Cybersecurity incident where a person seizes sensitive information without the authorization of the owner.
Denied service
See “service interruption”.
DMARC
Email authentication protocol, short for domain-based message authentication, reporting & conformance. It allows the owner of a given email domain to protect their domain against unauthorized use, commonly called “email spoofing”.
Domain Name System (DNS)
A global distributed and hierarchical nomenclature used to identify entities connected to the Internet.
NOTE: Top-level domains are at the top of the hierarchy.
[SOURCE: ISO/TR 14873:2013]
Encryption
Changing the form of information to hide its content and prevent unauthorized access.
[SOURCE: Canadian Center for Cyber Security]
Firewall
Security barrier between two perimeters controlling the volume and types of traffic allowed to pass from one to the other.
Incident Response Plan
A document establishing the processes, procedures, and documentation for how the organization detects, responds to, and recovers from incidents. Cyber threats, natural disasters and unplanned outages are examples of incidents that impact organizations’ networks, systems and devices.
[SOURCE: Canadian Center for Cyber Security]
Information loss
See “unauthorized disclosure”.
Integrity
Ability to protect information from unauthorized modification and deletion.
Invasion of privacy
Incident involving actual or suspected loss of personal information.
IT
Information technology.
Malicious code
Program or code written to gather information about a system or user, destroy system data, facilitate deeper intrusion into a system, falsify system data or reports, or create nuisances that slow down system operations. system and the activities of maintenance personnel.
NOTE 1: A malicious code attack takes various forms: virus, worm, Trojan horse or other automated exploits.
NOTE 2: Malicious codes are also often called “malware”.
[SOURCE: IEC/TS 62443-1-1:2009]
Malware
Malware designed to infiltrate or damage a computer system. Some common forms include viruses, worms, Trojan horses, spyware and adware.
[SOURCE: Canadian Center for Cyber Security, Glossary]
May/Can
Indication of a possibility of choice with an implicit preference.
Minimal access right
Principle according to which the user is granted only the access permissions he needs to carry out the authorized tasks. This principle limits the damage that may result from unauthorized, incorrect or accidental use of an information system.
[SOURCE: Canadian Center for Cyber Security]
Multi-factor authentication
Authentication method that requires, to verify the user’s identity, a combination of factors (two or more): something that the user knows (e.g. password) or possesses (e.g. physical token ), or a physical attribute (e.g.: biometrics).
Must/Has to/Have to
Indication of a requirement for the design or application of a test method.
Network failure (widespread)
Incident affecting the confidentiality, integrity or availability of a network.
OWASP
Open Web Application Security Project.
Password manager
A computer program that allows the user to store, generate and manage passwords for local applications and online services. It helps produce and recover complex passwords by storing them in an encrypted database or calculating them on demand.
Patching
Updating software or firmware.
Prejudice
Damage suffered by an organization when its IT systems and assets are compromised.
Ransomware
A type of malware that prevents a user from accessing a system or data until they have paid funds or handed over a physical or virtual asset.
Secure mobile service
Security of a mobile device (e.g. cell phone, tablet).
Secure removable media
Security of removable media (e.g. USB key).
Sensitive information
Information that must be protected against unauthorized disclosure.
Service interruption
Incident preventing access to a service or otherwise disrupting normal operation.
Service with impact
Service causing human impact, e.g. ex. finances, support (or assistance), housing, education, recruitment and benefits.
Should
Indication of a possibility of choice with a marked preference; equivalent to “it is strongly recommended”.
Unauthorized access
Access to a physical or logical network, system or data without authorization.
Unauthorized disclosure
Incident affecting the confidentiality, integrity or availability of data.
Unauthorized use
Use of a physical or logical network, system, or data without authorization.
Virtual Private Network (VPN)
A restricted-use logical computer network constructed from the resources of a physical network by using encryption or by tunneling links from the virtual network through the real network.
[SOURCE: ISO/IEC 18028-3:2005]
Wi-Fi Protected Access
A security protocol and security certification program designed by the Wi-Fi Alliance to protect wireless computer networks.
[SOURCE: ISO 20415:2019]
Wireless Local Area Network (WLAN)/(Wi-Fi)
Wireless local area networking technology that allows the connection of electronic devices to the network, primarily using the 2.5 GHz and 5 GHz radio bands.
NOTE 1: “Wi-Fi” is a trademark of the Wi-Fi Alliance.
NOTE 2: “Wi-Fi” is commonly used as a synonym for “WLAN”, since most modern WLAN networks rely on Wi-Fi standards.
[SOURCE: ISO/IEC 27033-6:2016]
If you cannot find a term in this glossary and you still have questions about the vocabulary used in our conditions, policies and notices, please send us an email at info@graphixdesign.ca and we will be happy to help you explain the term!