Access refers to the entry points to documents, communications, or information. The access to computers, files, or online accounts is often protected by authentication methods (such as passwords). This term can also be used to indicate the type of authorization (view, comment, edit) granted to certain people.
Archives are information, data, or documents that are backed up over the long term for different purposes. The purpose can be legal in nature—to protect the organization in case of loss or theft of computer equipment—or be simply for storage—to maintain a record of the organization’s activities.
The process a system uses to verify your identity. A password is a way of authenticating yourself. Multi-factor authentication combines two (or more) authentication factors. For example, a factor can be something you know (password), something you have (a bank card or cellphone for authenticating via SMS), or something you are (biometrics such as a fingerprint).
Availability of information
The availability of information is one of the three pillars of information security. The availability of certain data or systems ensures that a project runs smoothly and that an organization functions effectively. The unavailability of certain information or systems (consider a Wi-Fi signal interruption or Internet or power outages) can lead to losses or damages for the interested parties.
A backup is a document or data file saved for a short term onto a separate storage in order to ensure the resilience and availability of up-to-date information in case of loss or incident.
This acronym for “Bring Your Own Device” refers to a policy of permitting employees to use their personal devices at the office, at home, or in a “roaming” mode.
Cleartext is a text that is readable to everyone, as opposed to an encrypted text (or ciphertext), which is a cleartext that has been transformed—using an encryption algorithm—into a series of unintelligible characters. For example, this definition is a cleartext. When we say that information being transmitted on a network or stored on a server is in “cleartext,” it means that it is easily accessible to third parties.
You already know several cloud computing services: Google Drive, Dropbox, iCloud, etc. These services are basically remote servers on which you can store your data and documents. Cloud computing allows users to access a shared pool of computing resources (networks, servers, applications, services) on demand, anytime they have Internet access. In short, cloud computing services allow you to store information elsewhere besides on your computer. They also ensure better availability of the information. When the information is on the cloud, it is available to multiple devices and can be recovered more easily in case of a breach or loss of material. However, there are also some drawbacks to using the cloud in terms of confidentiality. For example, not all companies have the same standards and practices for securing their servers. In addition, the access to your cloud service (protected by a password) can also represent an interesting entry point for adversaries.
CMS (Content Management System)
A CMS is an interface you can use to organize the content of your website without writing any code. These programs are very useful for creating websites. Note: they also present some risk because the plug-ins and links to other resources can introduce computing vulnerabilities without your knowledge.
An action that leads to a data or information breach. Data is compromised when a cyberattack is successful. The impact of the compromise is that the data is damaged or corrupted as a result of the attack.
Confidentiality of information
Confidentiality is one of the three pillars of information security. Confidential information is information that is only accessible to a limited group of individuals. Compromising confidential information can cause damage. For example, if a project is revealed to a competitor, the competitor could harm the stakeholders.
The use of electronic means to interrupt, manipulate, destroy, or gain unauthorized access to a computer system, network, device, or information.
All the standards and values of living together in digital media. Technological devices offer promising possibilities in terms of creative renewal and citizen action. Using digital technologies for political means also raises ethical and social issues. The Internet is seen both as a space of freedom and expression that offers the opportunity for collaboration and collective action and as a commercial and sometimes addictive space that can create a sense of distance and lead to withdrawal into oneself. The identities performed in the physical, social, and digital worlds are complexly intertwined without completely overlapping. These identities ask one to reconsider questions of anonymity and respect for privacy (such as the right to be forgotten, the action masked by an avatar, the collection of personal data, cybersurveillance, etc.).
Cybersecurity encompasses the means for ensuring the security of networks and computer systems. This discipline is interested in the ways by which the confidentiality, integrity, and availability of these systems and the data they store is protected. Cybersecurity is therefore complementary to information security, which aims to ensure the confidentiality, integrity, and availability of all information—whether or not that information is on a digital platform.
The Domain Name System is a database (like a phone book) that allows computers to connect to websites via a textual address. Every computer and server connected to the Internet has a unique number (similar to a phone number but very complex). This number is called an IP address. The DNS translates this address into a more easily comprehensible series of letters, which is called the domain name. Instead of writing 188.8.131.52, the DNS allows us to write www.mywebsite.ca.
DNSSEC (Domain Name System Security Extensions)
Security extensions can be added to the DNS (Domain Name System) to authenticate the servers with which your computer communicates. These extensions also protect the integrity of the information passing through the network. In other words, they make sure that the data you send from your computer is not intercepted or modified as it passes through the network.
The mathematical process used to ensure the confidentiality and integrity of communications. Encryption uses an algorithm (cipher) to transform a plaintext or information into a series of unintelligible characters (ciphertext). This process requires that a key (e.g. a password) is applied to the algorithm in order to render it unique. Decryption is the inverse process: the key is used so that the algorithm converts the ciphertext back into plaintext.
HTTPS (Hypertext Transfer Protocol Secure)
This protocol provides secure communication between a personal computer and a server (such as your website). HTTP is a protocol used just for transferring connection information on a network. With this protocol, the requests (personal computer X would like to connect to website Y) and the responses (website Y sends its content to computer X) are transmitted in cleartext (which is readable to whoever is listening to the network). With HTTPS (as you will have guessed, the “S” stands for secure), we simply add a protocol of encryption. This protocol therefore encrypts the information being transferred so that the data (passwords, names of websites you’re browsing, etc.) remains confidential and integral. Among other aspects, this prevents users from being redirected without their knowledge to a malicious website and data from being collected by an adversary.
Integrity of information
This is the ability to keep information intact and protect it from being modified. For example, a contract must remain identical for the entire duration of the mandate. Its non-integrity can cause the organization financial losses.
Latency refers to how much time it takes for a data packet to travel from a sender to a receiver. The greater the latency, the greater the delay is between the actions being carried out and their appearance on the screen. For example, if during a videoconference there is a delay between the moment when you speak and the moment when your interlocutor hears you, there is a latency issue.
OSINT (Open Source Intelligence)
Open Source Intelligence is a method of collecting all the information on a person or organization that is publicly available (for example, on social media, in databases, blogs, etc.). Journalists and investigators often use this method. It can also be used to identify any potential security vulnerabilities in your organization. If you manage to find data that should not be public using OSINT methods and tools, you definitely have a vulnerability somewhere. This method can therefore be used to identify clear weaknesses in cybersecurity.
A sequence of words and/or symbols that ensures a more secure authentication than a password.
This software stores all your passwords and passphrases in a secure place. Password managers allow you to have longer, more secure passphrases without running the risk of forgetting them. Note: if you put all your eggs (i.e. your passwords) in one basket (i.e. one password manager), make sure that the passphrase enabling access to the manager is extremely strong!
Personal data is any information that makes you personally identifiable. Personal data can be generated during an administrative process, while making a purchase or using an app, through email or social media. For example, data that leads directly to your identification can be your first name or family name. Data that leads indirectly to your identification includes your phone number, social insurance number (SIN), email address, or an image.
Phishing is a fraudulent operation by which an adversary mimics the identity of an institution, well-known brand, or trusted person in order to collect personal information. These adversaries usually send a large number of emails to more or less random addresses in an attempt to get some people to “take the bait” by clicking on the fraudulent link and providing personal information. This type of attack is usually carried out for financial gain. For example, if you receive an email from Amazon or your bank asking you to provide banking information in order to validate a command, this is a phishing email. You should never send personal information by email.
A type of malware that denies a user’s access to data (or a system) until a ransom is paid. For example, the content of a computer hard drive infected by such malware can be made inaccessible (both to visitors and to the organization) until the payment is made. We recommend to never pay such a ransom.
Restricted (in a VPN)
Limiting the data so that it cannot be used all at once. For example, you can only use 1 GB of incoming data per day.
The set of tasks and responsibilities associated with a function in an organization. A person can have several roles. A role can also be assumed by several people. A role is different from a title (position) or mandate. For example, a person can be responsible for the social media communication, project management and planning, and administrative tasks. Therefore, this person’s roles would be those of communication, production, and administration. In access management, each of these roles must be accompanied by specific access. In this respect, defining the roles aims to effectively identify what access should be granted and to restrict those who are not integral to the tasks and can pose a cybersecurity risk as a result.
Spam is an unsolicited email automatically sent in bulk, often for commercial purposes. Spam can be a threat to cybersecurity (it can contain malware) or simply an unsolicited commercial email that seeks to make you purchase a good or service. The addresses that make up these mailing lists are usually bought or collected in various ways (through data breaches or when you participate in a contest, for example).
Spear phishing involves using spoof emails to persuade a person (typically in a position of power) in an organization to disclose sensitive information (such as user names and passwords). Spear phishing is different from phishing in that the victims are targeted and the attack is extremely well adapted to the organization’s context.
A suspicious email seems to come from a malicious sender. The email can also contain an attachment or link that appears fraudulent.
System privileges groups
This is a directory service that allows you to manage the access associated with the different roles in your organization more effectively. It provides simplified access management and software installation and updates across the entire network. Windows has the Active Directory, and Mac has the Open Directory. These systems facilitate position and personnel changes without risking any data loss during the transitions.
TLS (Transport Layer Security)
TLS is a cryptographic protocol that secures the Internet connection and protects the sensitive data being communicated between two systems (such as the user and server). SSL (Secure Sockets Layer) is a standard protocol, and TLS is the more secure version. The data is encrypted and therefore protected from an intruder trying to collect or corrupt it.
An email that appears legitimate but which seeks to make you download an attachment or click on a link, which then begins downloading malware on your device.
TWO FACTOR AUTHENTICATION
This is a method of authentication that uses more than one factor. Two factor authentication can have different names in different services (two-factor authentication, 2FA, multi-factor authentication, two-step authentication, etc.). Regardless of the terminology used, this type of authentication requires the use of a second (sometimes, a third) method in addition to the password.
For example, one can use a password (memory-based authentication) and send a code by SMS (physical authentication—the person is carrying a cellphone) or use a fingerprint (biometric authentication).
The use of multiple authentication factors is an excellent practice in cybersecurity. If you use several authentication factors, a compromised password will no longer be sufficient for an adversary to access your accounts. For this reason, it is best to opt for online services that support double authentication and to activate this feature whenever possible.
A Virtual Private Network is programming that creates a secure connection between a device (such as your cellphone) and a server (such as a website). It is as though an encrypted, opaque tunnel is created between these two entities, which prevents the intruders observing a network from intercepting the data being transmitted.
Wi-Fi (Wireless Fidelity)
Wi-Fi is a wireless networking technology that allows several devices to communicate with one another and to connect to the Internet without using cables. Given that the data is being transmitted via Wi-Fi waves, it is more susceptible to being intercepted. It is therefore important to secure the connection through a passphrase and/or a VPN.