This refers to someone gaining entry without permission to an
organisation’s system, software or data. This achieved by exploiting a
refers to the range of measures that can be taken to
protect computer systems, networks and data from
unauthorised access or cyberattack.
An Attack is a deliberate action, targeting an
organisation's digital system of data
caused by an incident inside
caused outside the
Hacker is someone who seeks out
and exploits these vulnerabilities.
Black Hat Hacker is someone who tries to inflict damage by
compromising security systems
Grey Hat Hacker is someone who does it
for fun and not with malicious intent
White Hat Hacker is someone who works with organizations to
strengthen the security of a system
Types of Threats
Malicious Software This is an umbrella term given to
software that is designed to harm a digital system, damage
data or harvest sensitive information.
A piece of malicious code that attaches to a legitimate program. It is capable of
reproducing itself and usually capable of causing great harm to files or other
programs on the same computer
Worms get around by exploiting vulnerabilities in
operating systems and attaching themselves to emails.
They self replicate at a tremendous rate, using up hard
drive space and bandwidth, overloading servers.
Users are tricked into downloading it to their computer.
Once installed the Trojan works undercover to carry out a
Designed to remotely access and control a computer
system without being detected by security software
or the user.
Encrypts files stored on a computer to extort/demand
or steal money from organisations.
Is secretly installed to collect information
from someone else's computer
spyware that records every keystroke made on a
computer to steal personal information
Automatically shows adverts such as popups. Most
adware is harmless but some contain spyware such as
Bots take control of a computer system, without the user’s
knowledge. A botnet is a large collection of malware-infected
devices (zombies). An attacker (‘bot herder’) chooses when to
‘wake’ the zombies to perform an attack.
flooding a website with useless traffic to inundate
and overwhelm the network
is a set of methods used by cybercriminals to
deceive individuals into handing over information
that they can use for fraudulent purposes
It involves the attacker watching the victim while they
provide sensitive information
is an attack in which the victim receives an email disguised to look
as if it has come from a reputable source, in order to trick them
into giving up valuable data. The email usually provides a link to
another website where the information can be inputted.
is when a victim redirects the user
from a genuine website to a fake one
Is when a victim redirects the user from a
genuine website to a fake one
Trying to gain access to a secure room or
Trying to gain access to a secure
room or building.
Quid Pro Quo
Cyber criminals make a promise of a service to get
the information that they need.