Here you can find definitions for the key cyber security terminology used across the hub.
The National Cyber Security Centre has an extended list of around 200 cyber security terms if you'd like to learn more.
A warning that someone may be trying to access your systems or data without permission. This may come from IT monitoring systems or from users who see something suspicious and report it. Software which scans the files going in and out of your computer systems and tries to spot hidden software that is designed to cause damage or theft of data.
- Backup
A copy of important data or systems that can be restored if the originals are lost, corrupted, or compromised.
- Business Continuity Plan (BCP)
A set of procedures to help the school continue operating after any kind of disruptive incident. This can be a cyber attack, power outage, network failure, fire or pandemic. This is an umbrella document - Disaster Recovery Plans and Cyber Response Plans can form part of it.
- Cloud Computing
Using IT services (like storage or software) provided over the internet by a third-party supplier instead of hosting them on your own devices.
- Compromise
When a threat actor or malware successfully breaches a system’s security.
- Cyber Recovery Team
A group of key personnel, coordinated by the SLT Digital Lead with responsibility for carrying out technical or non-technical incident response activities.
- Cyber Response Plan (CRP)
Instructions covering actions to be taken in the event of a suspected incident to limit damage and restore systems safely. The CRP should cover all response activities and provide details of the process to follow in your organisation in the event of a suspected cyber security incident
- Cyber Security
The practice of protecting networks, systems, devices, and the data they hold from unauthorised access, damage, or disruption.
- Cyber/Security Resilience
The ability to prevent, respond to, and recover from cyberattacks or IT problems so the school can keep operating.
- Disaster Recovery Plan (DRP)
A detailed guide for restoring IT systems and data after a serious incident or attack. This is narrower than a Business Continuity Plan as it only relates to IT systems.
There are currently no terms for this letter.
- Firewall
Hardware or software used to define a set of rule to constrain network traffic, preventing unauthorised access and traversal of a system/network.
There are currently no terms for this letter.
- Hacker
Someone who attempts to access computer systems without permission.
- Impact
The harm or loss caused by a cyberattack or security incident.
- Incident (cyber)
Any event that disrupts the normal operation of digital systems or threatens the confidentiality, integrity, or availability of data or services.
- Indicators of Compromise (IoC)
Signs that a system may have been attacked or compromised by a specific type of attack method.
- Intrusion
When someone accesses your systems or data without permission.
There are currently no terms for this letter.
There are currently no terms for this letter.
There are currently no terms for this letter.
- Malicious Code
Software designed to cause harm or unwanted behaviour on computers.
- Multi-Factor Authentication (MFA)
A login process that requires two or more ways to confirm identity, such as a password plus a code sent to a phone.
There are currently no terms for this letter.
There are currently no terms for this letter.
- Personal Data
Information that identifies a person and must be protected under UK law.
- Personally Identifiable Information (PII)
Same as Personal Data: information that could be used to identify an individual.
- Phishing
Fraudulent attempts to trick people into revealing information or installing malware. Smishing relates to SMS/text-based attacks (e.g spam texts). Vishing relates to voice call-based attacks. Quishing relates to QR code-based attacks.
- Privacy
Ensuring that only authorised people can see personal or sensitive information.
There are currently no terms for this letter.
- Ransomware
Malware that locks access to files or systems and demands payment for release. UK guidance: never pay.
- Remediation/Mitigation
Steps taken to stop or reduce the effects of a cyberattack or vulnerability.
- Resilience
Designing systems so they can continue working even when problems occur.
- Risk
The chance that a cyber event might happen and the harm it could cause.
- Security Breach
A security incident that results in unauthorised access to data or systems.
- Spam
Unwanted bulk messages, usually by email, which can carry scams or malware.
- Spoofing
Pretending to be a trusted source to trick users or systems.
- System Administrator
An IT professional responsible for managing and securing the computer systems.
- Threat
A potential event that could exploit a vulnerability which might have an adverse impact.
- Two-Factor Authentication (2FA)
There are currently no terms for this letter.
- Vulnerability
A weakness in a system that could be exploited by a threat, potentially resulting in an adverse impact.
- Whaling
A targeted phishing attack aimed at senior staff.
There are currently no terms for this letter.
There are currently no terms for this letter.
There are currently no terms for this letter.