Security and IT, in plain English

Around thirty of the terms that come up most often when businesses talk to us about security, compliance, and IT. Use the letters to jump down, or search the page.

• A
• B
• C
• D
• E
• H
• I
• M
• N
• P
• R
• S
• T
• V
• Z

Anti-virus

Software that detects and removes malicious programs, such as viruses, worms, and trojans, usually by matching files against a list of known threats. Traditional anti-virus is reactive: it recognises malware it has seen before. Modern protection has largely moved on to behaviour based tools that also catch new and unknown threats, which is why most business security now uses endpoint detection and response rather than signature matching alone. See endpoint detection and response.

Backup as a serviceBaaS

A managed service where a provider takes, stores, and looks after your data backups for you, usually to the cloud, rather than you running backup hardware and software yourself. The value is not in taking copies but in testing that they restore, so recovery is a routine and not a panic. Good backup is the difference between a bad day and a closed business when ransomware or hardware failure hits. See our backup and disaster recovery service.

Cyber Essentials

A UK government backed certification scheme that checks five basic technical controls: firewalls, secure configuration, security update management, user access control, and malware protection. Getting these right closes off the most common, opportunistic attacks that hit UK businesses every day. The base level is a self assessment verified by a certification body, and many UK public sector contracts require it as a minimum. See our Cyber Essentials service.

Cyber Essentials Plus

The higher tier of Cyber Essentials, which adds an independent technical audit on top of the self assessment. Instead of taking your word for it, a qualified assessor checks your systems hands on to confirm the five controls are genuinely in place. It carries more weight with buyers and insurers because it has been verified, not just declared. See our Cyber Essentials service.

Data loss preventionDLP

A set of tools and rules that stop sensitive information leaving your organisation by accident or design. DLP can detect content such as card numbers or personal data and then warn the user or block the action when someone tries to email, copy, or paste it somewhere it should not go. In Microsoft 365 it is part of Purview, and it is increasingly used to catch sensitive data being typed into public AI tools. See DLP in practice through our email and endpoint security.

Def Stan 05-138

A UK Ministry of Defence standard that sets out the cyber security controls a supplier must meet, scaled to the risk level of the contract. It is how the MOD assures the security of its supply chain, and the required level is determined by a risk assessment of the work. The current issue maps to recognised standards including ISO 27001, the NCSC Cyber Assessment Framework, and Cyber Essentials. Most IT providers have never heard of it. See our CAF alignment work.

DEFCON 658

A standard contract condition used by the UK Ministry of Defence that requires a supplier to protect MOD identifiable information against cyber risk, in line with the relevant Def Stan. In short, if a contract carries DEFCON 658, you must have the agreed cyber security controls in place and flow them down to your own subcontractors. It is a common trigger for defence suppliers needing to prove their security. See our CAF alignment work.

DKIMDomainKeys Identified Mail

An email authentication method that adds a digital signature to your outgoing messages, so a receiving mail server can confirm the message really came from your domain and was not altered in transit. It works alongside SPF and DMARC to make your email harder to forge. Without it, criminals find it easier to impersonate your organisation in phishing emails. See also SPF and DMARC.

DMARCDomain-based Message Authentication, Reporting and Conformance

An email security policy that tells receiving servers what to do with messages claiming to be from your domain that fail the SPF and DKIM checks, for example quarantine or reject them. It also sends you reports on who is sending mail in your name. Set up properly, DMARC is one of the strongest defences against criminals spoofing your domain to defraud your clients. See also SPF and DKIM.

DORADigital Operational Resilience Act

European Union regulation that sets requirements for how financial firms manage their information and communications technology risk, including third party providers, incident reporting, and resilience testing. It applies to a wide range of financial entities operating in the EU. UK firms with EU operations or EU clients may fall within its scope, so it is worth checking whether it reaches your business. See our policy frameworks.

Endpoint detection and responseEDR

Security software on your laptops, servers, and other devices (the endpoints) that watches for suspicious behaviour, alerts on it, and can respond automatically, for example by isolating an infected machine. Unlike traditional anti-virus, which matches known threats, EDR looks at how programs behave and so catches new attacks. It also records activity, which helps an analyst investigate what happened. See our email and endpoint security service.

Host-based intrusion prevention systemHIPS

Security software that runs on an individual device and watches the activity on that host (the operating system, applications, and network traffic to and from it) to detect and block attacks in real time. Where a network firewall guards the perimeter, a HIPS protects the single machine it sits on, stopping malicious behaviour even once something is already inside. It is often built into modern endpoint protection. See our email and endpoint security service.

Incident response

The organised way you handle a security incident, such as a breach or ransomware attack, from the moment it is spotted through containing it, removing the threat, recovering, and learning from it. A good incident response plan means people know their roles and act fast, rather than improvising under pressure. The team that already knows your systems will always respond faster than one meeting them for the first time. See our incident response service.

ISO 27001

The international standard for an information security management system, the set of policies, risk decisions, and routines that govern how an organisation protects its information. Rather than checking a fixed list of controls, it certifies that you run a working system for managing security over time. Certification is awarded after a two stage external audit and carries real weight with enterprise and public sector buyers. Note that being aligned to ISO 27001 and being certified to it are different claims. See our ISO 27001 service.

Managed detection and responseMDR

A service where a specialist team monitors your systems around the clock, investigates alerts, and responds to threats on your behalf. It combines the tooling of endpoint detection and response with human analysts, so you get expert eyes on your security without building a 24 hour team yourself. For most businesses this is the practical way to get serious threat coverage. See our threat detection and response service.

Managed security service providerMSSP

A company that manages an organisation's security operations as an outsourced service, which can include monitoring, threat detection, incident response, and the day to day running of security tools. It lets a business get specialist security cover without recruiting and retaining a full in house team. The value is in the depth of expertise and the round the clock coverage. See our threat detection and response service.

Microsoft Defender for Endpoint

Microsoft's endpoint detection and response platform, built into Windows and managed centrally, which protects devices against threats and provides investigation and response tools. It goes well beyond the basic Defender anti-virus, adding behaviour based detection, threat analytics, and the ability to isolate a compromised device. It is a common choice for organisations already invested in Microsoft 365. See our email and endpoint security service.

Multi-factor authenticationMFA

A login method that requires more than one piece of proof of who you are, typically your password plus a code from an app or a tap on your phone. Because an attacker would need both factors, MFA blocks the vast majority of attacks that rely on a stolen password alone. It is one of the single most effective security controls a business can turn on, and it is usually free to enable.

NCSC Cyber Assessment FrameworkCAF

A framework from the UK National Cyber Security Centre for assessing how well an organisation manages cyber security risk, especially for operators of essential services and the public sector. It is outcome based: rather than a tick list, it sets out objectives and principles you must show you are meeting. It is increasingly used across regulated and government linked sectors. See our CAF alignment service.

Patch management

The routine of keeping software, operating systems, and devices updated with the fixes that vendors release, many of which close security holes. Attackers move quickly to exploit known weaknesses, so timely patching is one of the most basic and important defences there is. Done well it is quiet and automatic, which is why it is one of the five Cyber Essentials controls. See also vulnerability scanning.

Penetration testing

A controlled exercise where a skilled tester, with permission, tries to break into your systems the way a real attacker would, then reports what they found and how to fix it. Unlike an automated scan, a penetration test uses human skill to chain weaknesses together and reach things a scanner would miss. It gives you an honest, hands on picture of where you actually stand. See also vulnerability scanning.

Phishing

A fraud where criminals send messages, usually email, that pretend to be from someone you trust, to trick you into handing over passwords, money, or sensitive data, or into clicking a malicious link. It is the most common way attacks begin, because it targets people rather than technology. Training, email filtering, and multi-factor authentication together cut the risk sharply. See also spear phishing and our email and endpoint security service.

Ransomware

Malicious software that encrypts your files, and increasingly steals a copy first, then demands a payment to restore access or to stop the data being published. It can halt a business completely and is one of the most damaging threats facing UK organisations. Tested backups, endpoint protection, and a rehearsed incident response plan are the core defences. See our backup and disaster recovery service.

Security operations centreSOC

A team, and the tools they use, dedicated to monitoring an organisation's security, detecting threats, and responding to incidents, often around the clock. A SOC brings together alerts from across your systems so analysts can spot and act on the ones that matter. Most small and mid sized businesses access this through a service rather than building one in house. See our threat detection and response service.

SIEMSecurity Information and Event Management

A system that collects logs and events from across your IT (servers, devices, applications, and network) into one place, then analyses them to spot signs of an attack. It is the engine a security team relies on to see what is happening and to investigate after the fact. On its own it is just tooling, so it is most useful paired with analysts who act on what it surfaces. See also security operations centre.

SPFSender Policy Framework

An email authentication method that lists, in your domain's DNS records, which mail servers are allowed to send email on your behalf. A receiving server can then check whether a message claiming to be from you came from an approved source. It is a first line of defence against criminals forging your domain, and it works best alongside DKIM and DMARC. See also DKIM and DMARC.

Spear phishing

A targeted form of phishing aimed at a specific person or organisation, using details about them to make the message far more convincing than a generic scam. An attacker might pose as your finance director and reference a real project to trick a colleague into paying a fake invoice. Because it is tailored, it slips past people more easily, so awareness and strong checks on payments matter. See also phishing.

Tailgating

A physical security breach where someone without authorisation follows an authorised person through a secure door, for example by slipping in behind them before it closes. It exploits politeness rather than technology, which is what makes it effective. Defences are practical: access controls, awareness, and a culture where challenging an unknown face is normal and expected. It is a reminder that security is physical as well as digital.

Vulnerability scanning

An automated check of your systems against a database of known weaknesses, which produces a list of issues to fix, ranked by severity. Run regularly, it gives you an ongoing view of where you are exposed so you can patch the important things first. It is broad but shallow, so it complements, rather than replaces, a hands on penetration test. See also penetration testing and patch management.

Zero trust

A security approach that assumes no user or device is trusted by default, even inside your own network, so every request to reach a resource has to be verified. The principle is never trust, always verify, which limits how far an attacker can move if they do get in. In practice it relies on strong identity checks, multi-factor authentication, and least privilege access. See also multi-factor authentication.