Glossary

A private communications network usually used within a company, or by several different companies or organisations to communicate over a wider network. VPN communications are typically encrypted or encoded to protect the traffic from other users on the public network carrying the VPN.

A computer program that can spread by making copies of itself. Computer viruses spread from one computer to another, usually without the knowledge of the user. Viruses can have harmful effects, ranging from displaying irritating messages to stealing data or giving other users control over the infected computer.

See virtual private network.

A flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization’s assets or operations.

A process to determine existing weaknesses or gaps in an information system’s protection efforts.

A malicious program that executes independently and self-replicates, usually through network connections, to cause damage (e.g. deleting files, sending documents via email, or taking up bandwidth).

A zero-day vulnerability is a software vulnerability that is not yet known by the vendor, and therefore has not been mitigated. A zero-day exploit is an attack directed at a zero-day vulnerability.