This information is a reference list of Ministry of Justice (MoJ) terms and abbreviations.
A more extensive list of acronyms is available here.
The NCSC has a comprehensive cybersecurity glossary available on its website.
Refer to Multi-factor authentication.
Any user of services covered as authorised by the MoJ.
The internal security defence team in an organisation. Within the MoJ, this work is performed by the Security Team.
Brute Force Attack
The application of lots of computer power, to try and perform a task using a huge number of values. Typically used to try out many passwords, to gain access to systems.
Business Continuity Plan (BCP)
A document that outlines the procedures in place for a business to continue to operate, despite an unexpected disruption to services. These disruptions might be things such as cyber attacks, pandemics, or natural disasters.
Information used to prove someone’s identity, to confirm that they really are who they say they are. Typically includes passwords, tokens, and certificates.
Critical infrastructure attack
Critical infrastructure refers to the physical and cyber structures, facilities, and systems that are essential for a country to function. Attacks on these resources would harm the physical security, economic security, or public health of the country.
Someone who buys goods or services. The customer of an IT service provider is the person or group who defines and agrees the service level targets. The term customers is also sometimes informally used to mean users, for example “this is a customer focused organisation”.
Generic name for encrypted online content that is not indexed by search engines. The information is only accessible with special software or tools.
An incident where data is accessed in a non-authorised way.
The reverse of an encryption process.
Distributed Denial of Service (DDoS) attack
Legitimate users cannot access computer services, because threat actors are overloading the service with requests. Also referred to as a Denial of Service (DoS) attack.
A collection of data and information traces left behind by a user, as they do activities online. For example, all the things you’ve ever searched for on Google.
Double encryption ransomware
Refer to ransomware.
The process of converting human-readable text into unreadable ‘disguised’ information, or ‘ciphertext’. You can see it, but you can’t understand it. Only someone with a decryption key can convert (‘decrypt’) the unreadable information back into human-readable form again.
A program or process that takes advantage of a vulnerability in a system to cause system problems, or to access or modify information without authorisation.
Any event which is not part of the standard operation of a service, and which causes, or might cause, an interruption to, or a reduction in, the quality of that service. A breach of the security rules for a system or service.
The process responsible for managing the lifecycle of all incidents. The primary objective of incident management is to return the IT service to users as quickly as possible.
Any threat from current or former employees of an organisation who have inside information or authorised credentials that might be used to cause harm to the organisation, accidentally or maliciously.
A small program or script that automates tasks in an application, such as Microsoft Office. Might be used by attackers can use to gain access to, or harm, a system.
Malicious software. This includes things like viruses, trojans, worms, or any code that can have a negative impact on an a system.
Multi-factor authentication (MFA)
Use of two or more different components to verify a user’s claimed identity. Typically an extra component, in addition to a password. MFA often uses an authenticator app or SMS text to deliver a single use code. Also Two-factor authentication (2FA).
Open Source Intelligence (OSINT)
Information gathered from public information. This includes data from social network accounts, company websites, and other openly available information sources.
Operational Security Team (OST)
Deprecated name for the Security Team within the MoJ. The Security Team help protect against cyber attacks, and help manage incidents. Sometimes referred to as the Blue Team. They can be contacted through email: email@example.com.
Out of band check
An additional check performed using a different communication channel, to verify identity or intent. The check helps prevent phishing or social engineering attacks. For example, if you receive an email from a senior manager, asking you to perform an unusual task, you should want to check that the request is genuine. If you reply by email to the original request, that’s an ‘in band’ check, and can’t be trusted, because it’s possible the manager’s email has been compromised. But if you called the manager by mobile phone to check the request, that’s using a different communication technology, so it’s an out of band check. A threat actor would have to compromise both the manager’s email and their mobile phone account to succeed in tricking you. For more detail on out of band checks, refer to this additional information.
A secret string of characters, numbers, and often symbols. When used with a valid user ID, a password enables access to an account.
Applying updates to software or firmware to improve security and enhance functionality.
Untargeted mass emails sent to many individuals. The email typically asks for sensitive information, or encourages you to visit fake websites, or to send money. For more information, refer to the phishing guide.
The process responsible for managing the lifecycle of all problems. The primary objectives of Problem Management are to prevent incidents from happening, and to minimise the impact of incidents which cannot be prevented.
A structured set of activities designed to accomplish a specific objective. A process takes one or more defined inputs and turns them into defined outputs. A process might include any of the roles, responsibilities, tools, and management controls required to deliver the outputs reliably. A process might define policies, standards, guidelines, activities, and work instructions if they are needed.
Malicious software that makes data or systems unusable by encrypting it and then demanding a payment from the victim to decrypt it. Double Extortion Ransomware exfiltrates the data before encryption and demands a ransom payment to stop the threat actor releasing the data to the public, as well as for decrypting the system.
This is an internal or external team that tests organisational security by simulating cyber attacks as realistically as possible. Together with the Blue Team, the team helps to improve the cyber defences of the organisation.
May include a wide range of IT teams, including support and development personnel, other Service Management Functions (SMFs), other units within the organisation, outsourcing providers, partners, and other third parties.
The single point of contact between the service provider and the users. A typical Service Desk manages incidents and service requests, and handles communication with the users.
Manipulating people into doing things or divulging information that is of use to a threat actor.
An exercise created to try out Business Continuity Plans (BCPs). These exercises create realistic scenarios, and play through a number of obstacles, to ensure organisations have robust BCPs.
An unauthorised individual forcefully or stealthily gaining access to a building, typically by entering immediately behind an authorised user.
A general term that encompasses all types of individuals and groups that use cyber methods to cause harm. This includes competitors seeking to steal information, cyber criminals attacking for political or monetary gain, accidental or malicious insider threats, spies, social and political activists, and assorted hackers.
Analysis of data to identify time related patterns. Trend analysis is used in Problem Management to identify common failures or fragile configuration items, and in Capacity Management as a modelling tool to predict future behaviour. It is also used as a management tool for identifying deficiencies in IT Service Management Processes.
Virtual Private Network (VPN)
An encrypted network created to allow secure connections for remote users.
A weakness in software, a system, or process. A threat actor might seek to exploit a vulnerability to gain unauthorised access to a system.
Zero day (0day)
A vulnerability in a system that few people know about. threat actors can exploit an 0day to attack or affect data and systems.
The assumption that all requests and connections are potential breaches, and so must be verified and authenticated before being allowed.
Out of band checks
An out of band check is when an individual uses a different method of communication than the one the message came from. This method means that if one communication method is compromised, you quickly find out by using a different communication method to confirm validity. The likelihood of multiple communication methods for the same person or team being compromised is low.
Out of band checks are an easy method to confirm the legitimacy of communications and requests. They can confirm the identity behind a message or request, and they can confirm the validity of the message or request itself. Social engineering techniques and phishing tactics take advantage of people who do not use out of band checks. By doing an out of band check, these sorts of attacks can be stopped very easily.
Example 1: You receive an email request for an urgent review of an invoice, and immediate payment. The email comes from someone unexpected. You should find the official contact details of that person, and contact them using a phone call - but not email - to confirm that they did indeed send the original email. If they did send the email, you can proceed with the request. If they did not send the email, you can report the email as a phish, and also alert the owner of the email address that their email address might have been compromised.
Example 2: You receive a phone call from someone claiming to be your bank, or HMRC, or HMCTS. You hang up the call, and locate the official website for the company. You should be able to find multiple official contact details there. Use one of these to contact the place the caller claimed to be from. If, for example, the claim was that your bank was calling, you can call the direct number and speak to the switchboard about the reason for the initial call. They will forward you to the correct department. You can then confirm the validity of the original call, and so confirm whether the original caller was actually from your bank or not.
Example 3: Someone enters your place of work, and claims to have a meeting with a specific person. Unfortunately, there is no record of this on the expected visitor list. You can call or email the person within your place of work to confirm the visitor is legitimate. This check also works if tradespeople arrive unexpectedly, because you can contact both the relevant person within your place of work and also contact the company they claim to be from, using the company’s official website contact details.
Example 4: You receive an email requesting that you reset your password immediately. The email contains a link to perform the password reset. You have not attempted to login to that account recently. You should use an internet search for the website or type the URL directly if you know exactly what it should be. When you attempt to login, the website will let you know if you need to reset your password. If not, you know someone else has attempted to gain access to your account. That would mean the password reset request was not legitimate, and most likely a phishing attempt hoping to get your username and password through the reset link in the original email. Similarly, if you get an MFA request unexpectedly, do not confirm it unless you were indeed attempting to access that account immediately before the request came through. If you get an MFA request, but had not been trying to connect using the account, you should change the account password as soon as possible, because it might have been compromised.
When doing an out of band check, be sure to pick a different method of communication to the one used to contact you originally. If someone emails you unexpectedly, perform an out of band check by making a phone call. If someone calls you, perform an out of band check by using the Internet. It is very unlikely that multiple communication channels have been compromised.
Be sure to get official contact details for companies only from their official websites. Never be afraid to hang up on someone and check their identity through another method, especially if they are asking for sensitive or personal information or credentials. Never be afraid to check the legitimacy of unusual email requests. by contacting the sender through a different communication channel.
Doing an out of band check lets you confirm that the messages come from the person they claim to be, and that the requests are valid. This helps prevent you or your company from losing money to fake invoices, from accidentally giving up sensitive information or credentials, and from having unauthorised individuals in your place of work. Doing an out of band check is fast and easy.
All members of your workplace should be happy to receive such a check. It shows that you take security seriously, and that you are helping to protect them as well as yourself.
For any further questions or advice relating to security, contact: firstname.lastname@example.org.
If you have any questions or comments about this guidance, such as suggestions for improvements, please contact: email@example.com.