The Cyber Training Centre

Welcome to our Documentation and Help

Table of Contents
You are here:



Access ControlInfosecConfiguring systems in order that individuals and other systems accessing them are able to carry out only the functions they should be allowed to, and no more
AuthenticationInfosecAuthentication is the about confirming that someone is who they actually claim to be
AuthorisationInfosecAuthorization is the process of determining which level of access each user is granted
Automated decision makingData protectionThe process of making a decision by automated means without any human involvement.
Blue TeamInfosecA security testing team that focuses on analysing systems and designing new or improved security mechanisms to defend the systems from attack. See also Red Team.
Brute Force AttackInfosecA means of trying to figure out the password of a particular login account for a system. It’s the simplest cracking program which loops through every possible password or through every entry in an extensive list of potential passwords.
Business Continuity Plan (BCP) A framework and procedure set that you build in order to maximise your chances of recovering from a business-impacting incident
BYODInfosecThe term BYOD refers to bring your own device, meaning the device which belongs to the person and not the company
CIAInfosecConfidentiality – or ensuring that no unauthorised access occurs Integrity – meaning the data is accurate and complete Availability – making sure that the data is accessible when required
Configuration ManagementInfosecA regime of recording, monitoring and regularly verifying the configuration of systems and applications to verify that changes that are made do not have unexpected security consequences
Conflict of InterestInfosecA set of circumstances that create a risk that professional judgement or actions regarding a primary interest will or could be unduly influenced by a secondary interest
CookieInfosecHTTP cookies (also called web cookies, Internet cookies, browser cookies, or simply cookies) are small blocks of data created by a web server while a user is browsing a website and placed on the user’s computer or other device by the user’s web browser.
Credential stuffingInfosecCredential stuffing is the automated injection stolen username and password pairs into multiple systems to fraudulently gain access to user accounts
Cyber EssentialsInfosecCyber Essentials is a simple but effective, Government backed certification scheme that will help you to protect your organisation,
Data controllerData protectionAn organisation or body which, alone or jointly with others, determines the purposes and means of the processing of personal data
Data Loss preventionInfosecData loss prevention” is a term used to describe a general strategy for preventing disclosure of confidential information external to an organisation
Data processingData protectionAny operation performed on personal data  (whether or not by automated means, such as collection, recording, organisation, structuring, storage, alteration, retrieval, consultation, use, disclosure, dissemination, restriction, erasure or destruction.
Data ProcessorData protectionAn organisation or body which processes personal data on behalf of the controller
Data Protection OfficerData protectionUnder the GDPR, some organisations need to appoint a Data Protection Officer (DPO) who is responsible for informing them of and advising them about their data protection obligations and monitoring their compliance with them
Data Protection Impact Assessments (DPIAs)Data protectionA DPIA is a process designed to help you systematically analyse, identify and minimise the data protection risks of a project or plan. Previously known as a PIA
Data subjectData protectionThe identified or identifiable living individual to whom personal data relates
Digital footprintInfosecA digital footprint is the data that’s left behind whenever a person uses a digital service, or someone posts information about that person onto a digital forum, such as a social network
DPAData ProtectionData protection assessment
DPIAData ProtectionData Protection Impact assessment
DSAR / SARData ProtectionData subject access request / subject access request
ICOData protectionThe UK Information Commissioners Office (The UK data protection regulating body)
Incident managementInfosecincident management is about Detecting, reporting, assessing and responding to information security incident
ISO27001InfosecThe ISO Standard for Information Security Management System Requirements
Mobile Device management (MDM)InfosecA software system for the administration of mobile devices, such as smartphones, tablet computers and laptops.
Multiple Factor AuthenticationInfosecAn authentication system that requires more than one distinct factor for successful authentication
Password SprayingInfosecPassword spraying describes a technique where lists of a small number of common passwords are used to attack large numbers of user accounts.
Personal dataData protectionAny information relating to a ‘data subject ’ who can be identified, directly or indirectly by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person
Personal Data sharingData protectionThe sharing of personal data between organisations, which may also include but not necessarily include international data transfer.
Personal Data transferData protectionUsually refers to the international transfer of personal data between different countries and legal jurisdictions relating to Data protection. This would involve processing activities and not just transit.
PhishingInfosecUntargeted, mass emails sent to people in order to defraud them, asking them to disclose sensitive information or encouraging them to visit a fake website.
ProfilingData protectionAny form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements
RansomwareInfosecMalicious software that makes data or systems unusable, typically by encrypting data, until the victim makes a payment
Risk managementInfosecA set of coordinated activities that direct and control an organisation with regard to risk
Shadow ITInfosecShadow IT is the use of information technology systems, devices, software, applications, and services without explicit IT department approval.
Shoulder surfingInfosecShoulder surfing is a term to describe someone who is watching you type or reading your screen
Spear PhishingInfosecA targeted form of phishing, where the email is designed to look like it’s from a person the recipient knows and trusts.  
Special category data / Sensitive personal dataData protectionSpecial category data is defined in law as data revealing race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health, sex life and sex orientation. (Special category data is more “sensitive”)
Tailgating (or piggy backing)InfosecTailgating is often described as the passage of unauthorised personnel, either intentional or accidental, behind that of an authorised person
ThreatInfosecThe potential cause of an unwanted incident, which may result in harm to a system or organisation
Virtual private network (VPN)InfosecAn encrypted communication network service to allow secure connections between users, company networks and internet services
Zero Trust Security modelInfosecThe main concept behind the zero trust security model is “never trust, always verify,” which means that devices should not be trusted by default, even if they are connected to a permissioned network such as a corporate LAN