Cybersecurity Glossary

Identity and access management (IAM) encompasses the policies, processes, and technologies used to manage and control digital identities and their access to resources within an organisation's IT environment. IAM systems include user provisioning, authentication, Authorisation, role-based access control (RBAC), password management, and user lifecycle management. IAM ensures that only authorized individuals can access the appropriate resources and helps protect against unauthorised access and data breaches.

Identity theft is a crime in which an individual's personal information, such as their name, Social Security number, credit card details, or other identifying data, is stolen or impersonated for fraudulent purposes. Identity theft can lead to financial loss, credit damage, reputational harm, and various forms of fraudulent activity, including unauthorised transactions, account takeovers, or the creation of fake identities. Protecting personal information and practicing secure online behaviours are crucial in mitigating the risks of identity theft.

The process of identifying and classifying objects or patterns within digital images. Image recognition techniques utilize computer vision and machine learning algorithms to analyze visual content and extract meaningful information.

Incident containment is the process of taking immediate actions to prevent an ongoing security incident from spreading, causing further damage, or compromising additional systems or data. It involves isolating affected systems or networks, disconnecting compromised devices from the network, suspending malicious processes or activities, and implementing containment measures, such as firewall rules or access restrictions. Incident containment aims to minimize the impact and scope of a security incident while allowing for effective incident response and investigation.

Incident handling refers to the organized and systematic approach taken by organisations to address and respond to security incidents effectively. Incident handling involves identifying and classifying incidents, containing and mitigating the impact, investigating the root causes, eradicating the threats, and restoring normal operations. It also includes documenting the incident, preserving evidence for forensic analysis, and implementing measures to prevent future incidents.

Incident management is a structured process for managing and resolving security incidents in a coordinated and efficient manner. It encompasses the activities of identifying, analysing , prioritizing, and responding to incidents, as well as communicating with stakeholders, coordinating resources, and tracking incident progress. The goal of incident management is to minimize the impact of incidents, restore services, and ensure a timely and effective response to security events or breaches.

Incident response is an organized approach to addressing and managing the aftermath of a security incident or data breach. It involves a coordinated effort by incident response teams to contain and mitigate the incident, investigate the cause, gather evidence, communicate with stakeholders, and implement remediation measures. Incident response aims to minimize the impact of incidents, restore operations, preserve data integrity, and prevent future incidents through lessons learned and security improvements.

Indicators of Compromise (IOCs) are artifacts, patterns, or evidence that indicate the presence or occurrence of a security incident or compromise. IOCs can include IP addresses, domain names, file hashes, registry entries, network traffic patterns, or other characteristics associated with malicious activity or known attack methods. IOCs are used to detect and identify threats, facilitate incident response, and enhance threat intelligence by correlating and analysing various security events and data sources.

An information security management system (ISMS) is a framework of policies, procedures, guidelines, and controls designed to manage and protect an organisation's information assets and ensure the confidentiality, integrity, and availability of information. An ISMS encompasses the processes of risk assessment, risk treatment, security controls implementation, incident response, and continuous improvement. It provides a systematic and structured approach to managing information security in line with organisational objectives and regulatory requirements.

Infrastructure as code (IaC) security focuses on ensuring the security and integrity of infrastructure components, such as virtual machines, containers, networks, or cloud resources, that are provisioned and managed through code and automation. IaC security involves implementing security controls, vulnerability management, secure configurations, access controls, and code review practices to minimize the risks associated with misconfigurations, vulnerabilities, or unauthorised access in the infrastructure-as-code environment.

Infrastructure security refers to the protection of an organisation's underlying IT infrastructure, including physical and virtual components, networks, servers, storage systems, and associated devices. It encompasses measures and controls implemented to prevent unauthorised access, data breaches, disruptions, or compromises to critical infrastructure components. Infrastructure security includes network security, server hardening, access controls, intrusion detection, logging and monitoring, and vulnerability management to ensure the confidentiality, integrity, and availability of infrastructure resources.

An insider threat refers to the risk posed by individuals within an organisation who have authorized access to systems, networks, or data and may intentionally or unintentionally misuse that access to cause harm, compromise security, or disclose sensitive information. Insider threats can include employees, contractors, or business partners. Mitigating insider threats involves implementing security controls, monitoring user activities, enforcing least privilege, conducting user awareness training, and creating a culture of security and trust.

Insider threat detection involves the use of technology, processes, and monitoring techniques to identify and detect potential insider threats within an organisation's systems and networks. It includes analysing user behaviour, network traffic, access logs, and other indicators to identify anomalies, suspicious activities, or deviations from normal behaviour that may indicate insider threats. Insider threat detection helps organisations proactively identify and respond to potential risks and insider-based attacks.

Insider threat prevention involves implementing security measures, policies, and controls to mitigate the risks posed by insiders with authorized access to systems, networks, or data. Prevention strategies include enforcing least privilege, implementing strong access controls, conducting background checks, implementing separation of duties, monitoring and auditing user activities, providing user awareness training, and creating a culture of security and accountability. Insider threat prevention aims to reduce the likelihood of insider incidents and minimize their impact on an organisation.

Integrity is one of the fundamental principles of information security and refers to the accuracy, consistency, and trustworthiness of data or information throughout its lifecycle. Data integrity ensures that information is complete, unaltered, and free from unauthorised modification or tampering. Maintaining data integrity involves implementing safeguards, such as access controls, encryption, backups, and audit trails, to prevent unauthorised changes, detect data tampering, and ensure the reliability and authenticity of information.

Intelligent security analytics combines advanced analytics techniques, machine learning algorithms, and threat intelligence to analyse vast amounts of security data and identify patterns, anomalies, or indicators of potential security threats or incidents. It helps security teams detect and respond to emerging threats, automate security event analysis, prioritize alerts, and provide actionable insights for incident response and decision-making. Intelligent security analytics enhances the effectiveness and efficiency of security operations and helps organisations stay ahead of evolving threats.

The network of interconnected physical devices embedded with sensors, software, and connectivity, enabling them to collect and exchange data.

Internet of Things (IoT) security focuses on protecting the security and privacy of IoT devices, networks, and data. IoT security addresses the unique challenges posed by interconnected devices, such as sensors, wearables, industrial equipment, or smart home devices, which can be vulnerable to attacks and pose risks to both individuals and organisations. It includes securing IoT devices, network communications, data encryption, access controls, firmware updates, and managing the lifecycle security of IoT deployments.

Intrusion detection is the process of monitoring and analysing network traffic, system events, or user activities to detect signs of unauthorised access, malicious activities, or security breaches. Intrusion detection systems (IDS) are deployed to identify known attack patterns, anomalies, or indicators of compromise that may indicate an ongoing or attempted intrusion. Intrusion detection helps organisations detect and respond to security incidents in a timely manner and mitigate the impact of attacks.

An intrusion detection system (IDS) is a security solution or software that monitors network traffic, system events, or user activities to detect signs of unauthorised access, malicious activities, or security breaches. IDS solutions analyse patterns, signatures, or anomalies in network packets, logs, or behaviour to identify potential threats or indicators of compromise. IDS can operate in real-time or offline and provide alerts or trigger automated responses to mitigate security incidents.

Intrusion prevention refers to the techniques, technologies, and controls used to proactively detect and block or prevent unauthorised access, malicious activities, or security breaches. Intrusion prevention systems (IPS) are deployed to analyse network traffic, detect known attack patterns or signatures, and block or mitigate threats in real-time. IPS solutions often combine intrusion detection capabilities with automated response mechanisms to actively protect networks and systems from attacks and unauthorised activities.

An intrusion prevention system (IPS) is a security solution or software that monitors network traffic, detects potential threats or anomalies, and actively blocks or mitigates security breaches in real-time. IPS combines the functions of an intrusion detection system (IDS) with automated response mechanisms to prevent unauthorised access, malicious activities, or exploits. IPS solutions analyse network packets, behaviour, or signatures to identify and proactively block potential threats, enhancing the security posture of organisations.

IP address filtering is a network security technique that involves selectively allowing or blocking network traffic based on the source or destination IP addresses. IP address filtering can be implemented using firewall rules, routers, or other network devices to restrict access to specific IP addresses or ranges. It helps organisations control network communications, prevent unauthorised access, or block traffic from known malicious IP addresses.

IP filtering, also known as packet filtering, is a network security technique that involves selectively allowing or blocking network traffic based on specific IP addresses, protocols, ports, or other criteria. IP filtering can be implemented using firewalls, routers, or other network devices to control network communications and enforce security policies. By filtering network traffic, organisations can protect against unauthorised access, block malicious traffic, or restrict network communication to authorized sources.

IPsec (Internet Protocol Security) is a suite of protocols and cryptographic techniques used to secure IP communications by providing authentication, integrity, and confidentiality. IPsec can be used to establish secure virtual private networks (VPNs) or secure communication channels between network devices. It encrypts and authenticates IP packets, preventing eavesdropping, tampering, or unauthorised access to network traffic. IPsec is widely used to enhance the security of internet-based communications and protect sensitive data.

An IPsec tunnel is a secure, encrypted communication channel established between two endpoints over an IP network. The IPsec tunnel encapsulates and encrypts network packets, protecting them from unauthorised access or tampering while traversing untrusted networks, such as the internet. IPsec tunnels are commonly used for secure remote access, site-to-site VPN connections, or securing communication between network devices across public or private networks.

IT governance refers to the processes, policies, and frameworks that organisations establish to ensure that IT activities align with business objectives, comply with regulations, and effectively manage IT risks. IT governance encompasses decision-making, resource allocation, performance measurement, and accountability for IT investments, projects, and operations. It provides a structured approach to aligning IT strategies with business goals, optimizing IT investments, and ensuring the effective and efficient use of IT resources.