The terms we use when we talk about technology can be confusing. As with any other specialized field such as sports medicine or electrical engineering, technology comes with its own jargon. Working knowledge of basic I.T. terminology can go a long way in helping you communicate with your I.T. provider. Understanding basic I.T. terms also enables you to comprehend your company’s security risks and the measures you need to take to protect yourself.
Below are a few basic terms:
Access control allows you to set restrictions that will keep important information and applications from being accessed by unauthorized users.
Authentication refers to any process that confirms the identity of a user.
Biometrics are physical characteristics used in the authentication process, such as fingerprints or facial recognition.
A botnet is a large number of compromised computers that are used by cybercriminals to send spam, deliver malware, or flood a network with unsolicited traffic as part of a distributed denial of service attack.
Brute-forcing is a password attack methodology which involves trying multiple possibilities until a system or network is eventually breached.
Business Continuity Plan
A plan which outlines the emergency response, backup operations, and post-disaster recovery steps that will keep critical resources available and facilitate the continuity of operations in an emergency situation.
Decryption is the process of decoding an encrypted message back into its original plaintext.
Denial of Service
Often called a DoS attack, denial of service is when access to a system is denied, or system operations and functions are slowed down significantly due to a sudden and massive overload of the system resources. This tactic is commonly used to take websites offline.
Disaster Recovery Plan
A disaster recovery plan is a process put in place to recover and restore I.T. systems in the event of a disruption or disaster.
The cryptographic transformation of data – or plaintext – into ciphertext, which makes data unreadable to anyone who accesses it without authorization.
A logical or physical service on a network which prevents unauthorized access to data or resources.
A hyperlink is typically a line of text, but can also be an image. It is a clickable shortcut to a specific web address. In some instances, text hyperlinks are typically shortened or converted to a word or sentence for readability. Hovering your mouse over the hyperlink will reveal the actual website address.
Software that presents as something innocuous, but in reality is software which grants a hacker unauthorized access to system resources or tricks a user into executing other malicious functions on the hacker’s behalf.
A generic term for a wide range of different types of malicious code which includes viruses, trojans, and worms.
The structured testing of the external perimeter security of a network or facility to determine the effectiveness of an organization’s security measures.
The use of emails or other message formats which appear to come from a trusted source and deceive a user into entering valid credentials into a fake website, sharing confidential information, or downloading malware.
A process that identifies potential security risks and the impact of those risks could have on a business.
Refers to any non-technical or low-technology methods used to carry out a cyber-attack such as lies, impersonation, tricks, bribes, blackmail, and threats.
Electronic junk mail that can often contain malicious content.
A tactic used to gain access to a system by posing as an authorized user. It is frequently a component of phishing and social engineering attacks.
A computer program that seems legitimate on the surface but contains a hidden and potentially malicious function that evades security measures, often by exploiting legitimate program or system functions.
A generic term for a person, entity, or automated process that accesses a system.
A hidden, self-replicating section of computer software that spreads by infecting another program. A virus requires the execution of its “host” program which activates it.
A computer program that can run independently and embed a complete working version of itself onto other hosts on a network. Worms often consume and destroy data and resources in their path, and unlike viruses, can infect systems without being executed by a user.
An exploit for which no patch is available yet. Zero day exploits are new or unknown vulnerabilities in a program that can be used to gain access to systems, networks, and devices.