Glossary of Terms

Access management refers to the process of controlling and monitoring who can view, use, or modify resources within an organisation. It ensures that users have appropriate access to systems, applications, and data based on their roles and responsibilities.

> Read more

Access patterns describe how users or systems typically interact with resources in an organisation. Knowing these patterns is key for boosting performance and spotting potential security threats.

Action Fraud is the UK’s national reporting centre for fraud and cyber crime. It serves as a centralised hub for reporting cyber attacks and fraudulent activities, providing valuable resources and news to help individuals and businesses stay informed about the latest threats.

> Read more

AI privacy involves protecting personal and sensitive data used or produced by artificial intelligence (AI) systems. As AI becomes more embedded in business and daily life, keeping data private is key to maintaining trust and meeting regulations.

Automated Interventions swiftly identify, respond to, and mitigate security threats and incidents without human intervention. In the context of human risk management and CultureAI, these Interventions are workflows designed to automatically detect and fix human-related risks, such as automatically removing sensitive data mistakenly shared on a public channel.

Automated phishing simulations refers to the systematic and pre-scheduled deployment of realistic, simulated phishing attacks within an organisation to test and boost employees' awareness and response. The goal is to spot vulnerabilities, educate employees on identifying phishing threats, and assess the effectiveness of current security training programmes.

A Business Continuity Plan (BCP) is a proactive strategy designed to help organisations prepare for, respond to, and recover from unexpected disruptions, such as natural disasters, cyber attacks, or other emergencies.

> Read more

Business Email Compromise (BEC) is a type of cyber crime where attackers use email fraud to trick organisations into making unauthorised transfers of funds or revealing sensitive information. This often involves impersonating a trusted individual or entity, such as a CEO, vendor, or business partner.

> Read more

The California Consumer Privacy Act (CCPA) is a data privacy law enacted to enhance privacy rights and consumer protection for residents of California. It grants individuals more control over how their personal information is collected, stored, and shared by businesses.

> Read more

Cloud storage is a technology that allows users to store data on remote servers, which can be accessed over the internet. These servers are managed and maintained by third-party providers, offering scalable and flexible storage solutions.

> Read more

Completion rates show the percentage of users who finish a training programme or security task within a set time. This metric is used for evaluating the success of security awareness efforts like online training, phishing tests, or compliance tasks.

Corporate Networks refer to the interconnected system of hardware, software, and communication protocols that organisations use to manage and facilitate their internal and external information flow. These networks are designed to support various business functions, including data exchange, communication, and access to resources, while ensuring security and efficiency.

Crisis Management in cyber security refers to the structured approach taken by an organisation to prepare for, respond to, and recover from unexpected and potentially disruptive events, such as cyber attacks, data breaches, or other emergencies that threaten its operations and reputation. This process involves the development and implementation of strategies, policies, and procedures designed to address the immediate impacts of a crisis, coordinate responses among key stakeholders, and restore normal operations as swiftly as possible.

A Crisis Management Plan (CMP) is a comprehensive framework developed by an organisation to effectively address and manage the impact of significant disruptive events, such as cyber incidents, natural disasters, or other emergencies. The CMP outlines detailed procedures and responsibilities for responding to crises, ensuring minimal disruption to operations and facilitating a swift recovery.

A Crisis Management Team (CMT) is a designated group within an organisation responsible for overseeing and coordinating the response to significant disruptive events, such as cyber incidents, natural disasters, or other emergencies. The primary objective of the CMT is to manage the crisis effectively, minimise operational impact, and ensure a swift recovery.

Cyber Essentials certification is a recognised standard in the UK that demonstrates an organisation has taken steps to secure its data and networks from common cyber threats. It assures clients, partners, and stakeholders that the organisation meets a baseline level of cyber security.

> Read more

Cyber Essentials Plus is an advanced level of the UK government-backed Cyber Essentials certification scheme. It includes all the requirements of Cyber Essentials but requires an independent assessment to verify that the necessary security measures are correctly implemented and functioning effectively.

> Read more

Cyber hygiene refers to the routine practices and steps individuals or organisations take to maintain the health and security of their digital systems and devices. It involves a proactive approach to safeguarding data and systems from cyber threats.

> Read more

Cyber security refers to the practices, technologies, and measures to protect computer systems, networks, and data from cyber threats and unauthorised access. The main goal is to keep information and technology assets confidential, intact, and available.

> Read more

A cyber security breach occurs when an unauthorised individual gains access to sensitive, protected, or confidential information. This breach can happen through hacking, malware, phishing attacks, or other vulnerabilities within an organisation’s systems.

> Read more

A data breach occurs when unauthorised individuals gain access to confidential, sensitive, or protected data. This could involve the theft, exposure, or loss of personal information, such as passwords, financial details, or health records.

> Read more

Data leakage occurs when sensitive, confidential, or private information is unintentionally exposed to unauthorised individuals or systems. Unlike data breaches caused by malicious attacks, data leakage often results from unintentional errors, misconfigurations, or negligence, making it a critical concern in the cybersecurity landscape.

> Read more

Data loss refers to the unintentional or intentional destruction, deletion, or corruption of digital information, rendering it unavailable or unusable. It affects businesses, individuals, and organisations, potentially leading to severe financial, operational, and reputational consequences.

> Read more

Data Loss Prevention (DLP) refers to a set of strategies, tools, and processes designed to prevent sensitive information from being lost, misused, or accessed by unauthorised individuals. This involves identifying, monitoring, and protecting critical data across an organisation's network, endpoints, and storage systems. In cybersecurity, DLP serves as a safeguard to ensure that confidential information, such as financial records, intellectual property, or customer data, remains secure.

> Read more

A deepfake is a type of synthetic media created using artificial intelligence (AI) and machine learning (ML) algorithms. The term "deepfake" combines "deep learning" (a subset of AI) and "fake." It involves generating or altering video, audio, or images to create highly realistic yet entirely fabricated content. This technology can make it appear as though someone is saying or doing something they never actually did, raising concerns about authenticity and trust.

> Read more

Deep learning is a subset of artificial intelligence (AI) and machine learning that focuses on algorithms inspired by the structure and function of the human brain. These algorithms, known as artificial neural networks, are designed to automatically identify patterns and features from vast amounts of data without human intervention.

> Read More

Employee Risk Scoring refers to the process of evaluating and quantifying the potential risk that employees pose to an organisation’s security and operations. This assessment is based on various factors such as their access to sensitive information, their role within the organisation, behavioural patterns, and historical data related to security incidents.

Employee Security Behaviour refers to the actions, habits, and practices of employees that impact an organisation's security posture. This includes how employees handle sensitive information, adhere to security policies, and respond to potential threats.

Employee-Powered Security refers to the approach of leveraging the vigilance, awareness, and proactive involvement of employees to enhance an organisation's overall security posture. This concept emphasises the role that employees can play in identifying, preventing, and responding to security threats and vulnerabilities.