Any items belonging to or held by the business, with some value (including information, in all forms and computer systems).


An attempt to gain unauthorized access to business or personal information, computer systems or networks for (usually) criminal purposes. A successful attack may result in a security breach, or it may be generically classified as an “incident.”


A security practice implemented (usually through software controls) to confirm the identity of an individual before granting them access to business services, computers or information.


The process of copying files to a secondary storage solution, so that those copies will be available if needed for a later restoration (e.g., following a computer crash).


A security breach is a gap in security that arises through negligence or deliberate attack. It may be counter to policy or the law, and it is often exploited to foster further harmful or criminal action.


Relating to computers, software, communications systems and services used to access and interact with the Internet.


Converting information into a code that can only be read by authorized persons who have been provided with the necessary (and usually unique) “key” and special software so that they can reverse the process (e.g., decryption) and use the information.


A firewall is a type of security barrier placed between network environments. It may be a dedicated device or a composite of several components and techniques. Only authorized traffic, as defined by the local security policy, is allowed to pass.


Hypertext Transfer Protocol Secure.

Identity Theft

Copying another person’s personal identifying information (such as their name and Social Insurance Number) and then impersonating that person to perpetrate fraud or other criminal activity.


Malicious software created and distributed to cause harm. The most common instance of malware is a “virus.”


An update to or repair for any form of software that is applied without replacing the entire original program. Many pieces are provided by software developers to address identified security vulnerabilities.


Operating System.


One-Time Password.


A secret word or combination of characters that is used for authentication of the person that holds it.


A specific kind of spam targeting one or more particular people while pretending to be a legitimate message, with the intent of defrauding the recipient(s).


Point of Sale.


Exposure to an adverse outcome if a threat is realized.


A security process, physical mechanism or technical tool intended to counter specific threats. Sometimes also referred to as a control.


A computer on a network that acts as a shared resource for other network-attached processors (storing and “serving” data and applications).


Email that has been sent without the permission or request of you or the employee it has been sent to.


Any potential event or action (deliberate or accidental) that represents a danger to the security of the business.


Uniform Resource Locator.


A weakness in software, hardware, physical security or human practices that can be exploited to further a security attack.


Virtual Private Network.


A local area network (LAN) that uses radio signals to transmit and receive data over distances of a few hundred feet.