Glossary

CPNI

The Centre for the Protection of National Infrastructure is the UK government body that is responsible for protecting national security by reducing risk to infrastructure from terrorism and other threats.

The CPNI works with government, police, academia and industry to identify and reduce risks to critical national infrastructure.

Back to top
Cyber Attack

A cyberattack is deliberate exploitation of computer systems, technology-dependent enterprises and networks. Cyberattacks use malicious code to alter computer code, logic or data, resulting in disruptive consequences that can compromise data and lead to cybercrimes, such as information and identity theft.

Back to top
Cyber Skills Gap

The cyber skills gap is a relevant topic globally; and is particularly noticeable in the UK. The demand for skilled cyber security staff far outweighs the amount of skilled professionals currently available in the market. With cyber crime on the increase it has never been more important to focus efforts on improving the skill levels of the workforce to combat rising threat both in the public and private spheres.

The government and companies have responded with initiatives to get more people into the security industry but the skills gap is unlikely to see closure for many years to come.

Back to top
Data Breach

The Information Commissioners Officer defines a personal data breach is a breach of security standards that result in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provision of a public electronic communications service.

Data breaches can be devastating to a business and go against the data protection act depending on what data is leaked.

Back to top
Data Security Policy

The data security policy of an organisation relates to a set of policies that ensure all users within the domain of the organisation or its networks comply with the necessary security measures. The information security policy protects all of the information stored digitally at any one point in the organisation’s network boundaries.

Popular methods of securing data are encryption, 2- step verification for access and authoritative status controls.

Back to top
DDoS

DDoS stands for Distributed Denial of Service and is a commonly known form of cyber attack. DDoS are activated when large swarms of compromised computer systems are directed to attack a target that results in a denial of services for legitimate users of that resource. DDoS attacks are usually focussed toward a server, website or network resource.

The cost of a DDoS attack on the victim business are the cost of recovery from the attack. Indirect costs also occur such as lost productivity and brand damage. Opportunity costs form through lost business opportunities.

Back to top
Digital Forensics

Digital forensics is both a process and a set of skills that are focussed on the preservation of any evidence in the case of any wrong doing where a device was involved.

It is in simple terms, a set of detective skills that uncover and interpret information left in electronic data where there was a crime.

Digital forensics is incredibly powerful to investigation and involves information collection, identification techniques and validating digital information for the purpose of reconstructing past events and finding evidence to support a case.

Digital forensics is especially important to the police and also for organisations themselves when they have a data breach.

Back to top
GCHQ

The Government communications headquarters is responsible for intelligence and information assurance to the British government and armed forces.

The GCHQ’s objective is to keep the country safe and working in conjunction with the Secret Intelligence service and MI5.

Back to top
Malware

Malware stands for “malicious software” and is an umbrella term for any type of software program that is designed to damage or cause unwanted actions on a computer system.

There are many different types of malware including viruses, worms, Trojan horses, spyware and ransomware.

Modern strains of malware are designed to fool even security administrators through evasion and obfuscation techniques – making their eradication harder to implement.

Back to top
National Cyber Security Centre

The National Cyber Security Centre is the UK’s authority on cyber security and operates as part of the GCHQ. The NCSC’s objective is to improve the UK’s cyber security standards and resilience against attacks.

The NCSC’s works with organisations to both advise and assist with incident response.

The NCSC works with government agencies, departments, law enforcement, defence and UK intelligence and security agencies to combine intelligence and experience in the effort to fortify the country against cyber crime.

Back to top
Network Security

Network security is an umbrella term for the policies and activities that defend and record evidence of unauthorised access, exploitation, modification or denial of the network and network resources.

Effective network security is something that all organisations are striving towards and should not be confused with information security, which includes the security of all forms of information including physical and electronic.

Network security starts with access boundaries for authenticated users and firewalls to enforce network policies. Network security also includes any anti-virus or intrusion prevention strategies and software.

Back to top
Penetration Testing

Penetration testing can be an automated process or a manual one, and there is a big increase in demand for human penetration testers in the UK in both the public and private spheres.

Penetration testing refers to a set of activities that are designed to test for vulnerabilities in a organisations cyber security defences.

The process of penetration testing includes information gathering, identifying possible entry points and then attempting to break in and reporting back the findings.

A penetration tester has many techniques in his arsenal, including targeted testing, external testing, internal testing, blind testing and double blind testing.

Back to top
Phishing

Phishing is one of the most popular cyber crime activities used by fraudsters. Phishing is a type of fraud whereby the attacker tries to gain log in or account information by pretending to be a legitimate information source from a reputable entity or individual. The most common phishing activities come in the form of emails, IM or other well used communication channels.

Phishing is dangerous if the cover-up is hard to spot – it is down to the end user to be able to identify a legitimate email from a fraudulent one. Phishing is a relatively easy form of fraud to orchestrate and the tactic shows no sign of relenting any time soon.

Back to top
Security Architecture

Security architecture is the design of a networks security and addresses the potential entry points and risks the network may experience.

Designing a security architecture is important because it identifies where resources should be focussed and gives insight in the connection between the different components within the structure.

The design of the security controls within the total architecture largely depend on the organisations approach to risk management, benchmarking and good practice, finances and legal and regulatory considerations.

Back to top
Spyware

Spyware can be both malicious and non-malicious such as for tracking purposes. Spyware are pieces of software that are installed or downloaded onto a computer that record activities without the end users knowledge.

Spyware is commonly used in organisations to track employees activities, by marketing teams to track customer engagement with campaigns and for parental controls on children’s screen activities.

When tracking software is abused or for the purpose of trying to grab data that can later be sold on for fraud purposes, the impact can be catastrophic.

Back to top

Job Search

Our accreditations & Partners

  • REC Member
  • VTC - Virtual Technology Cluster
  • RANT Events
  • Bloom Nepro

Send CV

Send us your CV and have our recruiters match you to the ideal opporunities

Do you already have an account with us?

Log in

Want to have an account with us?

Register

Want to just send us your CV?

Upload only doc, docx, odt, pdf format file.

By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.

Password reset

If you need a reminder for your password, fill out the field below

Log in

Access your account to edit your contact details, job alerts or to upload a new CV

Thank you

Success

Thank you for successfully uploading your CV.

Acumin Alerts

Success

Thanks for registering for Acumin alerts.

Acumin Alerts

Unfortunately your CV could not be uploaded

Please make sure your CV is one of the following file types: doc, docx, odt, pdf, rtf

Register

Create an account to register your contact details, sign up for job alerts and upload your CV

Success

Thanks for registering for Acumin alerts. To get the most out of Acumin's service why not register with us?

Upload only doc, docx, odt, pdf format file.

I agree to the terms and conditions and to be contacted by recruiters:

I agree to receive marketing communications relevant to my job search:

I agree to receive Jobs By Email for the following professions:
- Business Continuity Management
- Counter Fraud
- Cyber Security
- Executive Management
- Governance & Compliance
- Information Security & Risk Management
- Penetration Testing & Digital Forensics
- Sales and Marketing
- Sales Engineering
- Security Management
- Technical Security
- Information/Risk Assurance
- Identity Management
- Application Security
- Security Architecture
- Dev/Sec Ops
- DV & SC Cleared Jobs
- Programme & Project Management
- CISO/CSO