Cybersecurity and IT Terms Everyone Should Know, A to D
It’s the responsibility of every nonprofit or association employee to have at least a basic understanding of cybersecurity terms and best practices. Your IT lead cannot be the ONLY one protecting your organization’s network and data. Having strong and secure technology, in addition to educated staff members, are the only path to sound security. One without the other simply will not work.
If you log onto a computer and use the Internet, you are your organization’s front-line against cybersecurity threats. The more informed you are, the more secure your network will be to external threats. In hopes of keeping you up to speed, and/or refresh your understanding of cybersecurity terms, we gathered key terms that every employee should be familiar with:
Accountability: Accountability is the ability to trace an action performed on the system to a user, a process or an application.
Access Control: Processes and procedures that ensure access to sensitive resources is only granted to users who are entitled to them. These controls are in place to reduce the risk of any single account being compromised as well as to limit the likelihood of insider threats.
Advanced Encryption Standard: or AES, is a symmetric block cipher chosen by the U.S. government to protect classified information and is implemented in software and hardware throughout the world to encrypt sensitive data.
Adware: Software that automatically renders advertisements to generate revenue. Often loosely applied to any software that generates malicious or unwanted advertising.
Algorithm: A finite set of step-by-step instructions for a problem-solving or computation procedure, especially one that can be implemented by a computer.
Authentication: The process of confirming the correctness of the claimed identity.
Availability: Part of the “CIA triad” for information security, availability is ensuring the right people have access to the data they need to do their jobs when they need it. Common attacks against availability include ransomware and DDoS attacks.
Backdoor: An unauthorized way of accessing a computer, service, system, or data. Backdoors can be as simple as unauthorized remote access software in use by an employee or custom code, designed by a hacker to remain undetected by users and administrators.
Big data: A collection of data too large to be readily processed by traditional database management or data processing tools. Also used to refer to the technological sector that has emerged to handle such data sets.
Baseline Security: The minimum set of security controls required for safeguarding an IT system. Baseline security is based upon a system’s identified needs for confidentiality, integrity and availability protection.
Bug: An unexpected and relatively small defect, fault, flaw, or imperfection in an information system or device.
Cybersecurity: The process of protecting information by preventing, detecting, and responding to attacks.
Cookie: A cookie is a small text file which is placed on your computer when you visit a website. This cookie allows the website to keep track of your visit details and store your preferences. These cookies were designed to be helpful and increase the website speed the next time you access that location. At the same time, they are very useful for advertisers who can match the ads to your interests after they see your browsing history. Usually, cookies and temporary files may affect your privacy since they disclose your online habits, but it is possible to modify your web browser preferences and set a limit.
Dark Web: The dark web is made up of sites that are not indexed by Google and are only accessible through specialty networks such as Tor (see below). Often, the dark web is used by website operators who want to remain anonymous. Everything on the dark web is on the deep web, but not everything on the deep web is on the dark web.
DDoS: DDoS stands for Distributed Denial of Service Attack, which means an attacker is using a number of computers to flood the target with data or requests for data. This causes the target—usually a website—to slow down or become unavailable.
DeepFakes: Deepfakes refer to synthetic media in which a person in an existing image or video is replaced with someone else’s likeness, typically using artificial intelligence (AI) and machine learning techniques such as deep learning. These techniques enable the manipulation of videos or audio recordings to create convincingly realistic but entirely fabricated content.
Digital Certificate: A digital passport or stamp of approval that proves the identity of a person, website or service on the internet. In more technical terms, a digital certificate proves that someone is in possession of a certain cryptographic key that, traditionally, can’t be forged. Some of the most common digital certificates are those of websites, which ensure your connection to them is properly encrypted. These get displayed on your browser as a green padlock.
DLP (Data Loss Prevention): A collection of security mechanisms which aim at preventing the occurrence of data loss and/or data leakage. Data loss occurs when a storage device is lost or stolen while data leakage occurs when copies of data is possessed by unauthorized entities. In both cases, data is accessible to those who should not have access. DLP aims at preventing such occurrences through various techniques such as strict access controls on resources, blocking the use of email attachments, preventing network file exchange to external systems, blocking cut-and-paste, disabling use of social networks and encrypting stored data.
You should familiarize yourself with the above terms and add in your effort to support your IT lead and make your contribution in preserving the integrity of your network and the data contained within. This is not to say that you have to become a cybersecurity expert; rather, you need to remain informed and maintain a basic understanding, thereby giving yourself situational awareness to avoid becoming an unknowing security threat yourself.