Definition: official recognition that an organisation has the competence and impartiality to perform certification, testing, audits and inspections.
Within cyber and information security standards this usually refers to the accreditation a certifying body receives in order to be able to audit and certify that other organisations adhere to specific standards. For example an organisation needs to be IASME accredited in order to audit your organisation to award a Cyber Essentials certificate.
Definition: penetration testing where an ethical hacker has no knowledge of the system they are attacking. This simulates an attempted hack that comes from outside of an organisation.
Definition: a certification that demonstrates an individual’s ability to apply best practices to cloud security architecture, design and more.
Definition: an area of the internet that is only accessible through software such as Tor, typically using onion or I2P domains.
Definition: a certification designed for professionals who respond to and manage cybersecurity incidents.
Definition: a regulatory body in the United Kingdom responsible for overseeing financial markets, firms, and ensuring the protection of consumers.
Definition: a certification that validates a practitioner’s ability to find and mitigate significant security flaws in systems and networks. Individuals with this certification can conduct advanced penetration tests and simulate behaviour of real attackers.
Definition: someone who uses their computer skills to gain unauthorised access to computer systems, networks, or data.
Definition: a cyber security standard designed to help small and medium enterprises become cyber safe.
Definition: a popular programming language used in website development.
Definition: a type of malware that unknowingly records keystrokes made by the victim, often leading to theft of personal information or login credentials.
Definition: malicious software. Software that is designed to disrupt, damage or be gain unauthorised access to a computer system.
Definition: part of the U.S. Department of Commerce, NIST is a United States government agency that develops and promotes standards, guidelines and best practices for cyber security.
Definition: a cyber security certification that demonstrates capability in ethical hacking and penetration testing. It is sought after by many professionals and is known for its challenging assessment.
Definition: the process of identifying, acquiring, testing and applying software updates (patches) to fix security weaknesses. This is essential to remaining secure and requires daily scanning to ensure it remains up to date.
Definition: a type of malware which demands a ransom payment from the infected victim. Typically, the victim’s files are forcibly encrypted, and a payment is required to decrypt them.
Definition: a digital certificate that encrypts data between a web browser and a server. The certificate authenticates the identity of a website owner and establishes a secure connection. Without an SSL certificate, browsers will show warnings to users who enter your website with messages such as “your connection is not secure” or “your connection is not private”.
Definition: a certification that demonstrates an individual’s expertise in identifying and addressing security vulnerabilities in web applications. These individuals have demonstrated knowledge of web application exploits and penetration testing methodology.
Definition: the government-backed national accreditation body for the United Kingdom. They assess and accredits organisations providing certification, testing, inspection and calibration services against internationally agreed standards.
Definition: malware that can self-replicate and spread from one computer to another by attaching themselves to host files.
Definition: high-profile individuals who are valuable targets for cyber-attacks. These individuals often have access to sensitive data, large amounts of money, or have decision-making authority.
Definition: a vulnerability that has not yet been disclosed to the programmer or vendor responsible for the application.