data protection regulations
Expert-defined terms from the Professional Certificate in Cyber Security for Sales Professionals course at London School of Business and Administration. Free to read, free to share, paired with a globally recognised certification pathway.
A #
A
Access Control #
Access control is a security measure that regulates who or what can view or use… #
It involves restricting access to certain areas or information to authorized users only. Access control mechanisms can include passwords, biometric authentication, and role-based access control.
Advanced Persistent Threat (APT) #
An Advanced Persistent Threat (APT) is a type of cyberattack where an unauthoriz… #
APT attacks are typically carried out by highly skilled hackers with specific objectives, such as stealing sensitive data or conducting espionage.
Antivirus Software #
Antivirus software is a program designed to detect, prevent, and remove maliciou… #
It works by scanning files and monitoring system activity for suspicious behavior. Examples of popular antivirus software include Norton, McAfee, and Avast.
Authentication #
Authentication is the process of verifying the identity of a user or system #
It ensures that the entity trying to access a resource is who they claim to be. Authentication methods can include passwords, biometric data, security tokens, and multi-factor authentication.
B #
B
Backup #
A backup is a copy of data created for the purpose of restoring the original in… #
Backups are essential for data protection and disaster recovery. They can be stored on external hard drives, cloud servers, or tape drives.
Botnet #
A botnet is a network of infected computers or devices controlled by a single at… #
Botnets are often used to carry out distributed denial-of-service (DDoS) attacks, send spam emails, or mine cryptocurrencies. Botnet infections are usually spread through malware.
BYOD (Bring Your Own Device) #
BYOD refers to the practice of allowing employees to use their personal devices,… #
While BYOD policies can increase productivity and flexibility, they also pose security risks if not properly managed.
C #
C
Cloud Computing #
Cloud computing is the delivery of computing services (such as servers, storage,… #
Examples of cloud providers include Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform.
Compliance #
Compliance refers to adhering to laws, regulations, guidelines, and specificatio… #
In the context of data protection regulations, compliance involves following rules and standards to protect sensitive information and maintain user privacy.
Confidentiality #
Confidentiality is one of the three pillars of information security, along with… #
It ensures that data is only accessed by authorized individuals and remains private and protected from unauthorized access. Encryption and access controls are common measures to maintain confidentiality.
Cookie #
A cookie is a small piece of data stored on a user's computer by a website to tr… #
While cookies can enhance user experience, they also raise privacy concerns as they can be used for tracking and profiling users.
Cryptography #
Cryptography is the practice of secure communication in the presence of third pa… #
It involves techniques such as encryption, decryption, and hashing to protect data from unauthorized access or alteration. Cryptography plays a crucial role in securing sensitive information and ensuring confidentiality.
Cybersecurity #
Cybersecurity is the practice of protecting computer systems, networks, and data… #
It encompasses technologies, processes, and practices designed to safeguard digital information and ensure the integrity and availability of systems.
D #
D
Data Breach #
A data breach is a security incident where sensitive, protected, or confidential… #
Data breaches can occur due to hacking, malware, human error, or insider threats and can have severe consequences for individuals and organizations.
Data Encryption #
Data encryption is the process of converting plaintext data into ciphertext usin… #
Encrypted data can only be decrypted by authorized users with the correct encryption key. Encryption is essential for securing sensitive information in transit and at rest.
Data Loss Prevention (DLP) #
Data Loss Prevention (DLP) is a strategy for preventing the unauthorized use, tr… #
DLP solutions monitor, detect, and control data in motion, at rest, and in use to prevent data breaches and ensure compliance with data protection regulations.
Data Protection Officer (DPO) #
A Data Protection Officer (DPO) is a designated individual responsible for overs… #
The DPO acts as a point of contact for data subjects and supervisory authorities.
Data Retention #
Data retention refers to the policies and practices governing the storage and pr… #
Organizations must establish data retention policies to comply with legal and regulatory requirements, manage storage costs, and ensure data security and privacy.
Data Security #
Data security is the practice of protecting digital data from unauthorized acces… #
It involves implementing security measures, such as encryption, access controls, and authentication, to safeguard sensitive information and ensure data integrity and confidentiality.
Denial of Service (DoS) Attack #
A Denial of Service (DoS) attack is a cyberattack that disrupts or disables a ne… #
DoS attacks can render services unavailable to legitimate users and cause financial losses and reputational damage to organizations.
E #
E
Encryption #
Encryption is the process of converting plaintext data into ciphertext using alg… #
Encrypted data can only be decrypted by authorized users with the correct encryption key. Encryption is essential for securing sensitive information in transit and at rest.
Endpoint Security #
Endpoint security refers to the protection of endpoints, such as laptops, deskto… #
Endpoint security solutions include antivirus software, firewalls, intrusion detection systems, and mobile device management to secure devices and data from malware and unauthorized access.
F #
F
Firewall #
A firewall is a network security device that monitors and controls incoming and… #
Firewalls act as barriers between trusted internal networks and untrusted external networks to prevent unauthorized access and protect against cyber threats.
G #
G
General Data Protection Regulation (GDPR) #
The General Data Protection Regulation (GDPR) is a comprehensive data protection… #
The GDPR sets strict rules for data processing, storage, and transfer and imposes significant fines for non-compliance.
H #
H
Hacker #
A hacker is an individual with advanced computer skills who uses their expertise… #
Hackers can be classified as ethical hackers (white hat), malicious hackers (black hat), or hacktivists (gray hat) based on their intentions and activities.
I #
I
Incident Response #
Incident response is a structured approach to addressing and managing the afterm… #
Incident response procedures involve detecting, containing, eradicating, and recovering from security incidents to minimize damage, restore operations, and prevent future incidents.
Information Security #
Information security is the practice of protecting the confidentiality, integrit… #
It involves implementing security controls, policies, and procedures to safeguard sensitive data from unauthorized access, disclosure, alteration, or destruction.
Internet of Things (IoT) #
The Internet of Things (IoT) refers to the network of interconnected devices, se… #
IoT devices include smart home appliances, wearables, industrial sensors, and connected vehicles, posing security challenges due to their vulnerabilities and data collection capabilities.
Integrity #
Integrity is one of the three pillars of information security, along with confid… #
It ensures that data remains accurate, consistent, and trustworthy throughout its lifecycle. Data integrity measures protect information from unauthorized modification, corruption, or tampering.
ISO/IEC 27001 #
ISO/IEC 27001 is an international standard for information security management s… #
Compliance with ISO/IEC 27001 demonstrates a commitment to protecting sensitive information and managing risks effectively.
J #
J
JSON Web Token (JWT) #
JSON Web Token (JWT) is an open standard for securely transmitting information b… #
JWTs are commonly used for authentication and authorization in web applications to securely exchange claims or identity information between the client and the server.
K #
K
Keylogger #
A keylogger is a type of malware that records keystrokes on a computer or mobile… #
Keyloggers can be used by cybercriminals to steal confidential data and compromise user privacy.
L #
L
Least Privilege #
Least privilege is a security principle that restricts users' access rights to t… #
By granting users only the necessary privileges and permissions, organizations can reduce the risk of data breaches, insider threats, and unauthorized access.
M #
M
Malware #
Malware, short for malicious software, is a type of software designed to disrupt… #
Common types of malware include viruses, worms, trojans, ransomware, spyware, and adware. Malware infections can lead to data loss, financial losses, and reputational damage.
Multi #
Factor Authentication (MFA):
Multi #
Factor Authentication (MFA) is a security mechanism that requires users to provide two or more forms of verification before granting access to a system or application. MFA combines something the user knows (e.g., password), has (e.g., security token), or is (e.g., biometric data) to enhance security and prevent unauthorized access.
N #
N
Network Security #
Network security is the practice of securing networks, devices, and data from cy… #
Network security measures include firewalls, intrusion detection systems, virtual private networks (VPNs), and secure configurations to prevent unauthorized access and data breaches.
O #
O
Open Web Application Security Project (OWASP) #
The Open Web Application Security Project (OWASP) is a non #
profit organization dedicated to improving software security by providing resources, tools, and guidance to developers, security professionals, and organizations. The OWASP Top Ten is a list of the most critical web application security risks.
P #
P
Phishing #
Phishing is a type of cyber attack where attackers impersonate legitimate entiti… #
Phishing attacks are commonly delivered via email, text messages, or malicious websites and can lead to identity theft and financial fraud.
Privacy Policy #
A privacy policy is a statement or legal document that outlines how an organizat… #
Privacy policies are required by data protection regulations, such as the GDPR, to inform users about data practices and their rights regarding their personal data.
R #
R
Ransomware #
Ransomware is a type of malware that encrypts files on a victim's computer or ne… #
Ransomware attacks can disrupt operations, cause financial losses, and compromise sensitive information if not mitigated promptly. Examples of ransomware include WannaCry and CryptoLocker.
Remote Access #
Remote access enables users to connect to a computer or network from a different… #
Remote access solutions allow employees to work remotely, access resources securely, and collaborate with colleagues without physical presence in the office.
S #
S
Security Awareness Training #
Security awareness training is education provided to employees to raise awarenes… #
Security awareness programs help employees recognize and mitigate security risks, such as phishing, social engineering, and password security, to protect sensitive information and prevent data breaches.
Security Incident #
A security incident is an event or occurrence that poses a threat to the confide… #
Security incidents can include data breaches, malware infections, unauthorized access attempts, and denial of service attacks. Incident response procedures are implemented to detect, contain, and mitigate security incidents.
Security Policy #
A security policy is a set of rules, guidelines, and procedures established to p… #
Security policies define roles and responsibilities, access controls, acceptable use of resources, incident response procedures, and compliance requirements to ensure a secure and compliant environment.
Security Risk Assessment #
A security risk assessment is a systematic process to identify, evaluate, and mi… #
Risk assessments help organizations understand their security posture, prioritize security measures, and implement controls to reduce vulnerabilities and protect against threats.
Security Token #
A security token is a physical device or software application used to generate o… #
Security tokens provide an additional layer of security in multi-factor authentication by requiring something the user has (e.g., token) in addition to something they know (e.g., password).
Social Engineering #
Social engineering is a psychological manipulation technique used by cybercrimin… #
Social engineering tactics include phishing emails, pretexting, baiting, and tailgating to exploit human vulnerabilities and bypass technical controls.
Spam #
Spam refers to unsolicited, irrelevant, or malicious emails sent in bulk to mult… #
Spam messages often contain advertisements, scams, phishing links, or malware attachments that can compromise user security and privacy. Anti-spam filters and email security solutions help organizations combat spam and protect users from unwanted content.
SQL Injection #
SQL Injection is a type of cyber attack where malicious SQL code is inserted int… #
SQL Injection attacks can lead to data breaches, data loss, and unauthorized access to databases if not mitigated through secure coding practices and input validation.
T #
T
Threat Intelligence #
Threat intelligence is information about potential or current cyber threats gath… #
Threat intelligence helps organizations identify and respond to security threats proactively, enhance threat detection capabilities, and strengthen their security posture.
Two #
Factor Authentication (2FA):
Two #
Factor Authentication (2FA) is a security mechanism that requires users to provide two forms of verification before granting access to a system or application. 2FA typically combines something the user knows (e.g., password) with something the user has (e.g., security token) to enhance security and prevent unauthorized access.
U #
U
Unified Threat Management (UTM) #
Unified Threat Management (UTM) is a comprehensive security solution that combin… #
UTM appliances provide integrated security to protect networks from various cyber threats.
V #
V
Vulnerability #
A vulnerability is a weakness or flaw in a system, application, or network that… #
Vulnerabilities can result from software bugs, misconfigurations, outdated systems, or insecure practices and must be identified and remediated to prevent security breaches.
W #
W
White Hat Hacker #
A white hat hacker is an ethical hacker who uses their cybersecurity skills to i… #
White hat hackers conduct penetration testing, security assessments, and security research to improve overall security posture.
Wi #
Fi Security:
Wi #
Fi security refers to the measures taken to secure wireless networks from unauthorized access, eavesdropping, and data interception. Wi-Fi security protocols, such as WPA2 (Wi-Fi Protected Access 2) and WPA3, encrypt data transmissions, authenticate users, and protect networks from security threats to ensure confidentiality and integrity.
X #
X
XSS (Cross #
Site Scripting):
Cross #
Site Scripting (XSS) is a type of web application vulnerability where attackers inject malicious scripts into web pages viewed by other users. XSS attacks can steal sensitive information, hijack user sessions, deface websites, and execute arbitrary code in the browser. Secure coding practices and input validation are essential to prevent XSS vulnerabilities.
Y #
Y
Zero #
Day Exploit:
A zero #
day exploit is a cyber attack that targets vulnerabilities in software, hardware, or networks that are previously unknown to the vendor or developer. Zero-day exploits are used by attackers to infiltrate systems, steal data, or disrupt operations before a patch or security update is available to address the vulnerability.
Z #
Z
Zero Trust Security Model #
Zero Trust is a security model that assumes all users, devices, and network traf… #
Zero Trust principles include least privilege access, micro-segmentation, continuous authentication, and strict access controls to protect systems from insider threats and external attacks.
This glossary provides a comprehensive overview of key terms and concepts relate… #
By familiarizing yourself with these terms, you can enhance your understanding of cybersecurity principles, practices, and challenges in the sales industry.