HomeFAQsTerminology

Terminology

What is social engineering?
Social engineering involves an individual manipulating another person into performing actions or revealing confidential information which can be used to perform further malicious activity. This can be done either in person through conversation, or online via emails for example.

What is a virus?
A computer virus is a malicious software program loaded onto a user’s computer without the user’s knowledge and performs malicious actions.

What is a trojan virus?
A Trojan is also known as Trojan horse. It is a type of malicious software developed by hackers to disguise as legitimate software to gain access to target users’ systems.

What is a backdoor?
A backdoor is used to describe a hidden method of bypassing security to gain access to a restricted part of a computer system.

What is a worm?
A computer worm is a malware computer program that replicates itself in order to spread to other computers.

What is a key logger?
A keystroke logger is software that tracks or logs the keys struck on your keyboard, typically in a covert manner so that you are unaware actions are being monitored.

What are the 10 steps to cyber security?
The 10 Steps to Cyber Security are guidelines from the Government on the step’s businesses should take to protect themselves against cyber threats.

Home and Mobile Working
Develop a mobile working policy and train staff to adhere to it. Apply a secure baseline build to all devices. Protect data both in transit & at rest.

User Education & Awareness
Produce user security policies covering acceptable & secure use of the organisation’s systems. Establish a staff training programme. Maintain user awareness of cyber risks.

Incident Management
Establish an incident response & disaster recovery capability. Produce & test incident management plans. Provide specialist training to the incident management team. Report criminal incidents to law enforcement.

Information Risk Management Regime
Establish an effective governance structure and determine your risk appetite- just like you would for any other risk. Maintain the Board’s/ Senior management’s engagement with the cyber risk.  Produce supporting information risk management policies.

Managing User Privileges 
Establish account management processes & limit the number of privileged accounts. Limit user privileges & monitor user activity. Control access to activity & audit logs.

Removable Media Controls
Produce a policy to control all access to removable media. Limit media types & use. Scan all media for malware before importing on to corporate system.

Monitoring
Establish a monitoring strategy & produce supporting policies. Continuously monitor all ICT systems & networks. Analyse logs for unusual activity that  could indicate an attack.

Secure Configuration
Apply security patches & ensure that the secure configuration of all ICT systems is maintained. Create a system inventory & define a baseline build for all ICT devices.

Malware Protection
Produce relevant policy & establish anti-malware defences that are applicable & relevant to all business areas. Scan for malware across the organisation.

Network Security
Protect your networks against external and internal attack. Manage the network perimeter. Filter out unauthorised access & malicious content. Monitor & test security controls.