Do you know this terms associated to cybersecurity?

Cybersecurity is an continually evolving area because of the ability of criminals to develop new threats. These threats are multiplying in number, variety and attack strategies, but also in its virulence and destructive capacity.

Companies face everyday all kind of cyberthreats and do that assuming that among their lines of defence is the weakest link in the chain: employees. Here we offer a brief glossary to know the most used terms in this field.

Information asset. Any information susceptible to attack in order to obtain something in return and whose compromise puts the organisation in risk.
Security update or patch. Software or operational system modifications, manual or authomatic, to fix know bugs or to provide new security or performance features.
Security hole or vulnerability. It is a failure or error that can be exploited to the benefict of the offender for malicious purposes. It can be solved with security patches.
Encryption algorithms. These are mathematical functions combined with keys to protect information, guaranteeing confidenciality and its integrity.
Antispyware and antivirus. Software designed to dectect and erase malware and avoid their implementation in equipment.
Auntentication. Action by which we prove the identity of a person or device to any system.
Backup. Back-up copy of sensitive data of the organization, to inimising the of a possible attack or natural disaster involving the loss of such data.
Security breach. Security breach resulting in the alteration of personal data in any state (transit, storage or processing).
Bug. Software error that triggers unexpected results.
Digital certificate. It is a file generated by an Certification Autority which confirms digital identity of a person or website.
Cyberattack. Deliberate attempt to gain access to a system for malicious purposes using all kind of techniques, skills and tools.
Cybercriminal. A person who engages in criminal activity online for the purpose, in most cases, of financial gain.
Firewall. Software or hardware which is placed at the borders of the corporate network to control and filter traffic so to comply with established security policies.
Credentials. Group of data which allows identify and individual as user of a network or service and authenticate his/her identity, for access to shared resources.
Denial of service. Attack based on saturation of access requests to a service or system, which renders it useless.
Two-factor authentication. Autentication scheme that adds to the basic factor (e.g. password) an extra factor (e.g. fingerprint or a code generated by a third party application).
Data leakage. This is the loss of confidenciality of the private information of a person or company, either deliberately or by mistake.
Hacker. IT specialist who researches systems and software to detect security flaws and develop (orcontribute to) solutions to eliminate them. Not a cybercriminal.
Hoax. Hoax or false information disseminated with the purpose of inciting an user to visit a malicious website, for example.
Sensitive information. The private information that has to be protected of any access or attack attempt, on whatever medium or through whatever means it is transmitted.
Social engineering. Advanced deception techniques that aim to convince users to reveal sensitive information as passwords, for example, in order to inflitrate networks or systems.
Malware. Software that has as objective to damage systems, infiltrate systems or generally do anything malicious.
Minimal privilege. Security strategy based on giving the users only privileges and permits strictly necessary, withdrawing them when they are no longer needed.
Phishing. Identity theft (person, system or website) which has as object obtain sensitive information from the user.
Ransomware. Malicious software which renders a device or system unusable until the victim pays a ransom, usually demanded in virtual currency.
Scam. Electronic scams (mail campaigns, websites selling supposedly non-existente products or services…)It uses social engineering to achieve its objectives.