Digital Information Security Glossary

The term authentication refers to the active validation of a person’s identity. This can be achieved by entering a password, using a chip card or biometric data, or through data such as a cryptographic signature. The term verification refers to the actions taken by the other side to check and legitimize the person or data.

Business continuity management (BCM) comprises all organizational, technical and personnel-related measures taken after an emergency or security incident, in order to maintain the core operations of a business or public authority. In the event of longer-lasting downtimes or interruptions, BCM can help continue business processes.

The term cage refers to a grille-like partition for secured and fully-managed spaces used by customers to store IT equipment in housing and colocation environments.

The term cloud refers to cloud computing. In cloud computing, applications, services and data are stored on an Internet server instead of a company server. Several free services are available, such as Dropbox or Google Drive, along with fee-based services. Fee-based services generally offer a greater level of data security. An increasing number of businesses are using special software to create their own cloud environment.

Colocation refers to a rented space or room in a processing center in which a company installs its IT equipment. This space can range from a single room to part of an IT rack or a complete rack, and is generally located in an environment that is rented simultaneously by multiple users. The space in which the equipment is installed is specially designed for this purpose, complete with air conditioning, security alarms, and video surveillance. The rooms are usually fitted with gas extinguishing systems, and have a secure, independent electricity supply that cannot be interrupted. In the event of any complications, skilled staff on site can act quickly in an emergency to ensure constant server availability. Large processing centers often offer these aspects as standard.

Cybersecurity refers to the security of all IT systems which play a role in our daily lives and concerns all of cyberspace. Cyberspace comprises all IT systems which are connected to the Internet, as well as applications, processes and communication based on this. In Germany, cybersecurity is the total of all appropriate and suitable measures and processes.

If company data is connected at the right time and the right place, data-centric services offer real added value and innovation in modern IT.

Exploit is an umbrella term that refers to programs that can be used to take advantage of security gaps or malfunctions in systems and applications. Unlike malware, an exploit does not execute any damaging functions, but is simply the key to the system on which malicious code is to be unleashed.

An incident is a fault or security breach that leads to an IT system failing, malfunctioning, or endangering its own security or the security of data. Incident response is part of IT forensics and IT security. It focuses on the specific conditions in the reaction to such incidents, investigates them and attempts to explain them.

The term malware, also referred to as malicious programs or malicious software, covers all forms of malicious code. The term is a combination of the words malicious and software. Malware includes viruses, worms, trojans, adware, spyware and ransomware.

A penetration test is a simulated attempt to attack an IT system. It is used to test the effectiveness of security measures.

The term ransomware is a combination of the words ransom and software. It refers to a type of malware that extorts the victim. Once activated, ransomware restricts or prevents access to a device or the use of the data on it. The victim’s data or system is only unlocked or released after they pay a ransom.

The term redundancy defines the additional availability of functionally identical or comparable resources that are not required during normal operation. In the event of a defect, the redundant systems assume the functions of the damaged components in order to maintain operation. Redundancy is therefore an important factor in protecting operations against failure.

Resilience is the ability of a system to react to changes or interruptions. Resilient IT systems can withstand interruptions, adjust to new conditions and react flexibly to changes. The aim is to maintain operations, processes, or parts of processes.

A risk analysis examines which harmful incidents could occur, their probability, and the negative consequences that could be expected. A risk assessment determines how the defined protection aim can be achieved in the event of a certain incident, whether measures to minimize the risk are necessary, and the acceptable level of residual risk.

The term shared resources, also referred to as network resources, refers to the computer resources that can be accessed remotely via a network. Examples of this include a LAN or the Internet.

Trojans are programs with a concealed, undocumented function or effect. Instead of spreading itself, a Trojan spreads after the user has installed a seemingly beneficial host program. Recent examples include WannaCry and Petya.

The term vulnerability refers to how vulnerable a protected system or object is to damage in the event of a specific incident.