Jargon Busting in a Cyber World

Lets face it, we have all been in a meeting where someone drops an acronym, or 20, that leaves you feeling that things may be OOC!

We live in a tech heavy world and there is nothing a techie loves more than a good old abbreviation… WTAF (where’s the active firewall).

How about some jargon busting that will make sure you leave your next meeting without having to google most of the conversation?

1. CISO (Chief Information Security Officer)

The CISO is the executive responsible for an organisation’s information and data security, also known as the person not sleeping at night. He/she is normally asked questions like "what keeps you up at night” or "can you tell me you pain points” by everyone trying to sell them something, or “Can you promise me we are protected from ransomware by the CEO and or CFO. The CISO's role includes developing and implementing security policies, managing security operations, and ensuring compliance with regulatory requirements. No joke here, it's a pretty tough job!

2. MFA (Multi-Factor Authentication)

Multi-Factor Authentication (MFA) is a security system that demands more than one method of authentication from different categories of credentials to verify the user's identity. This often involves knowledge of something the user knows (like a password), possession of something the user has (such as a security token), and proof of something the user is (through biometric verification). MFA is considered a fundamental requirement in cybersecurity and is generally straightforward and cost-effective to implement.

3. IDS/IPS (Intrusion Detection System/Intrusion Prevention System)

An Intrusion Detection System (IDS) scans network traffic for any suspicious activities and sends out alerts upon detection. Conversely, an Intrusion Prevention System (IPS) goes a step further by actively blocking or preventing any identified malicious activities. Combined, they play a crucial role in detecting and countering threats, with one relying on human intervention and the other operating autonomously.

5. DLP (Data Loss Prevention)

DLP technologies are designed to detect and prevent data breaches by monitoring, detecting, and blocking sensitive data while in use, in motion, and at rest. This helps in protecting confidential information from unauthorised access or transfer. DLP is an underrated technology in a world where your data is your gold.

6. VPN (Virtual Private Network)

A VPN extends a private network across a public network, enabling users to send and receive data as if their devices were directly connected to the private network. VPNs are used to protect internet traffic from eavesdropping, tampering, and censorship. With a remotely working world VPN's have gained massive popularity. The next evolution of this is ZTNA, another acronym for Zero Trust Network Access, which feeds into a SASE architecture... I'll pause there.

8. TLS (Transport Layer Security)

TLS stands as the backbone of secure online communication, serving as a robust cryptographic protocol. It's the go-to choice for safeguarding web interactions, emails, and various internet-based data exchanges.

9. FIM (File Integrity Monitoring)

FIM is a technology that monitors and detects changes in files that may indicate a cyber attack or unauthorised access. It is an essential tool for maintaining the integrity and security of critical system files and configurations.

10. IAM (Identity and Access Management)

IAM is a framework of policies and technologies ensuring that the right individuals have the appropriate access to technology resources. IAM systems manage the identification, authentication, and authorisation of users and devices. It gives the low down on who is who, and what they are allowed to do.

11. UEBA (User and Entity Behaviour Analytics)

UEBA leverages machine learning and advanced analytics to monitor user and entity behaviour to detect anomalies that could indicate a security threat. It focuses on identifying unusual patterns that may signify compromised credentials or insider threats.

12. APT (Advanced Persistent Threat)

APT stands for Advanced Persistent Threat, which is a prolonged and targeted cyberattack where an intruder gains access to a network and remains undetected for a significant amount of time. The primary objective of an APT attack is often to steal data or monitor systems.

13. GDPR (General Data Protection Regulation)

The GDPR is a regulation under EU law concerning data protection and privacy for individuals within the European Union, as well as the transfer of personal data outside the EU and EEA zones. Compliance with GDPR is essential for businesses that handle personal data, similar to the requirements of our own POPIA (Protection of Personal Information Act).

14. NIST (National Institute of Standards and Technology)

NIST formulates cybersecurity standards, guidelines, best practices, and resources. The NIST Cybersecurity Framework, which is extensively utilised to enhance critical infrastructure cybersecurity, is regularly updated to reflect the latest advancements and challenges in the field.

Understanding these acronyms and their underlying principles is essential for navigating the complex world of cybersecurity. This is particularly important for non-technical members of an organisation, such as CFOs, HR executives, and even CEOs. No one should be caught off guard in discussions about cybersecurity. The excuse "I'm not technical" is no longer an excuse!

Stay informed, stay secure!

For more insights into cybersecurity best practices and trends, follow our posts or reach out to anyone in the team.... BRB...