the risk of bad things happening (e.g. fines) as a result of a failure to comply with regulations
An attack where there are no known patches and no knowledge of that attack type prior to the attack occurring – there are zero-days in which to prepare for it.
capture knowledge of known attack techniques and existing weaknesses in a domain.
Aof all the relevant knowledge, all the relevant types of assets, all the possible relationships between them, and all the security which can be applied to them within a specific context.
A detailed understanding of all the possible threats, attacks or vulnerabilities which could affect a system and the securityand mitigation strategies available to counter them.
The set of pre-determined rules defining the nature of the relationships between assets and their associated threats.
The potential for a misbehavingto increase the of in another connected .
The sending of malicious emails appearing to be from a known or trusted sender in order to induce targeted individuals to reveal confidential information.
Broadly means gaining and exploiting the trust of people by a misuse of authority or power.
In cybersecurity, understood as attempts to manipulate users into taking harmful action or disclosing private information – usually for fraudulent or damaging purposes.
The General Data Protection Regulation (2016), introduced into UK law under the Data Protection Act 2018 (DPA). Provides legal requirements for data protection and citizen privacy within the European Union (EU) and for data transferred outside the EU.
The magnitude of the importance of aor misbehaving (very low risk to very high risk). It is a calculation based on , and .
A set of(security measures) which address one or more threats.
An individual security measure to protect or modify anso that it can resist a .
The propensity of an to avoid or resist threats (there are multiple types of ). It is the inverse of .
The costs if something goes wrong. Includes:
- damage to organisations, networks, assets, reputation, image, and goodwill;
- the financial costs for investigation and repair, lost working time, lost opportunity, and health and safety changes.