| Term | Definition |
|---|---|
| antivirus | software that is designed to detect, stop and remove viruses and other kinds of malicious software. |
| app | Short for Application, typically refers to a software programme for a smartphone or tablet |
| attacker | Malicious actor who seeks to exploit computer systems with the intent to change, destroy, steal or disable their information, and then exploit the outcome |
| botnet | A network of infected devices, connected to the Internet, used to commit coordinated cyber attacks without their owners knowledge |
| breach | An incident in which data, computer systems or networks are accessed or affected in a non-authorised way. |
| browser | A software application which presents information and services from the web |
| brute force attack | Using a computational power to automatically enter a huge number of combination of values, usually in order to discover passwords and gain access |
| bring your own device (BYOD) | An organisation's strategy or policy that allows employees to use their own personal devices for work purposes |
| certificate | A form of digital identity for a computer, user or organisation to allow the authentication and secure exchange of information |
| cloud | Where shared computer and storage resources are accessed as a service (usually online) instead of hosted locally on physical services. Resources can include infrastructure, platform or software services |
| credentials | A user's authentication information used to verify identity - typically one, or more, of password, token, certificate |
| cyber attack | Malicious attempts to damage, disrupt or gain unauthorised access to computer systems, networks or devices, via cyber means |
| cyber incident | A breach of the security rules for a system or service |
| cyber security | The protection of devices, services and networks and the information on them from theft or damage |
| digital footprint | A 'footprint' of digital information that a user's online activity leaves behind |
| denial of service (DoS) | When legitimate users are denied access to computer services |
| download attack | The unintentional installation of malicious software or virus onto a device without the users knowledge or consent. May also known as a drive-by download |
| encryption | A function that protects information by making it unreadable by everyone except those with the key to decode it |
| end user device | Collective term to describe modern smartphones, laptops and tablets that connect to an organisation' s network |
| firewall | Hardware or software which uses a defined ruleset to constrain network traffic to prevent unauthorised access to or from a network |
| hacker | someone with some computer skills who uses them to break into computers, systems and networks |
| insider risks | The potential for damage to be done maliciously or inadvertently by a legitimate user with priviliged access to systems, networks or data |
| Internet of things (IoT) | Refers to the ability of everyday objects (rather than computers and devices) to connect to the Internet. Examples include kettles, fridges and televisions. |
| macro | A small program that can automate tasks in applications (such as Microsoft Office) which attackers can use to gain access to (or harm) a system. |
| malvertising | Using online advertising as a delivery method for malware |
| malware | Malicious software- a term that includes viruses, trojans, worms or any code or content that could have an adverse impact on organisations or individuals |
| mitigation | Steps that organisations and individuals can take to minimise and address risks |
| network | Two or more computers linked in order to share resources |
| patching | Applying updates to firmware or software to improve security and/or enhance functionality |
| pentest | Short for penetration test. An authorised test of a computer network or system designed to look for security weaknesses so that they can be fixed. |
| pharming | An attack on network infrastructure that results in a user being redirected to an illegitimate website despite the user having entered the correct address. |
| phishing | Untargeted, mass emails sent to many people asking for sensitive information (such as bank details) or encouraging them to visit a fake website. |
| platform | The basic hardware (device) and software (operating system) on which applications can be run. |
| ransomware | Malicious software that makes data or systems unusable until the victim makes a payment |
| router | A network device which sends data packets from one network to another based on the destination address. May also be called a gateway |
| smishing | Phishing via SMS: mass text messages sent to users asking for sensitive information (eg bank details) or encouraging them to visit a fake website |
| social engineering | Manipulating people into carrying out specific actions, or divulging information, that's of use to an attacker |
| spear - phishing | A more targeted form of phishing, where the email is designed to look like it's from a person the recipient knows and/or trusts |
| trojan | A type of malware or virus disguised as legitimate software, that is used to hack into the victim's computer |
| two-factor authentification (2FA) | The use of two different components to verify a user's claimed identity. Also known as multi-factor authentication |
| virus | Programs which can self-replicate and are designed to infect legitimate software programs or systems. A form of malware |
| Virtual Private Network (VPN) | An encrypted network often created to allow secure connections for remote users, for example in an organisation with offices in multiple locations |
| vulnerability | A weakness, or flow, in software, a system or process. An attacker may seek to exploit a vulnerability to gain unauthorised access to a system |
| water-holing | Setting up a fake website (or comprimising a real one) in order to exploit visiting users |
| whaling | Highly targeted phishing attacks (masquerading as a legitimate emails) that are amied at senior executives |
| zero-day | Recently discovered vulnerabilities (or bugs), not yet known to vendors or antivirus companies, that hackers can exploit |
Was this page helpful?
Help us improve cfa.nhs.uk
Tell us what's happened so we can fix the problem. Please do not provide any personal, identifiable or sensitive information.