Глоссарий

Application programming interface or application interface that enables systems to be linked to programs at source level.

Application software. A term often used in connection with applications for mobile devices such as laptops, tablets or smartphones.

Advanced persistent threats (APT) aim at large-scale infection of computers, spread of malware, theft of login credentials or the formation of a botnet (see 3. Botnet).

The proof of authenticity. You can authenticate an identity by entering a password, using a smart card or biometric data, and data by cryptographic signatures.

Backdoors are access points included by software developers to circumvent security features, in case system access is required.

A botnet is a remotely controlled network of several thousand computers, tablets or mobile devices that are misused to shut down websites by way of distributed denial-of-service (see 12. DDoS) attacks. Botnets are also used to send spam emails or steal data and are sometimes rented out to third parties.

This machine, program-driven type of attack occurs using mass, systematic trial and error ("brute force") of countless combinations of usernames, passwords, and passphrases.

Targeted social engineering attacks on employees of public authorities and companies. Attackers use previously captured identity data, such as phone numbers, passwords or e-mail addresses, to impersonate CEOs, etc., and induce employees to pay out large sums of money.

The provision, use and billing of IT services over a network, dynamically adapted to requirements. These services are offered and used exclusively via defined API and protocols. The services offered in cloud computing reflect the spectrum of cybersecurity and include complete infrastructures such as computing power and storage space, but also platforms and software.

Includes protection of personal information that either directly identifies or allows for identification of a person. Since May 2018, it is governed by the European General Data Protection Regulation in order to improve consumer protection.

Encompasses all information protected by data protection laws, plus sensitive data such as corporate secrets and information related to development and research.

Data set that includes information such as names, additional records and a signature of a person, group or system.

Also called the hash value of a cryptographic hash function, it describes a checksum that allows the immediate validation of a data set.

Checksum proving the identity of a person and the integrity of information, created through a private key.

Digitization of work processes and the required strategic preparation and planning.

Conversion of analog to computerized processing and the increased usage of computers in general.

Programmed and scheduled attacks on internet services, intended to overload the server and cause a downtime. Most commonly executed by botnets massively targeting net components or servers.

The automated exploitation of security vulnerabilities on computers. Calling up a website without further interaction already leads to the exploitation of weak points in the browser, plug-ins or operating system in order to install malware unnoticed.

Malware that extracts email contacts and content to further spread itself. If a computer is infected with Emotet, it will continue downloading other malware. It is paramount to warn against carelessly opening email attachments or links. “The safest browser in the world” offers protection against Emotet.

At the end of January 2021, investigators took over and smashed the infrastructure of the "Emotet" malware, which is considered the most dangerous in the world.

The exploitation of security vulnerabilities in the code of software or hardware is called an exploit. See also drive-by exploits and zero-day exploits.

Regulation of the European Union for the unification of the rules for the processing of personal data, valid since May 25th 2018

If user input is not adequately filtered, applications can be vulnerable to injection attacks. An SQL injection vulnerability allows attackers to manipulate database queries so that desired database content is returned instead of what was originally intended. SQL injection can also be used to make changes to database content or execute program code.

"Considers the three core values of information security: Confidentiality, Availability, and Integrity. Other information security terms include authenticity, bindingness, reliability, and non-repudiation. It refers to a methodology for establishing a security management system as well as the state in which the standard security measures recommended by the BSI are implemented."

Critical infrastructure (or critical national infrastructure (CNI) in the UK) which can be a plant, a system or a component and are essential for the maintenance of social functioning

Malicious software that is designed to prevent and disrupt the use of computers and data (see Ransomware).

Law to implement the European directive to ensure high network and information security; in force since 06/29/2017. Defines measures within the European Union to ensure a high level of security for information and network systems

Payment Card Industry Data Security Standard. A set of rules in payment transactions that is supported and used by leading credit card organizations to process secure transactions

The compound term from "password" and "fishing" describes so-called social engineering, which is intended to persuade victims to unwittingly hand over access data. Successful phishing methods include manipulated e-mails and websites that look and sound deceptively real.

The second payment service directive paves the way for open banking. Customers should be given more freedom in choosing online financial services

Public clouds allow you to work independently from software and hardware by provisioning applications, infrastructure, computing power and storage space.

Malware that encrypts data or denies access to computers with the intention of extorting a ransom. A distinction is made between two different kinds of ransomware: file-encrypting ransomware that encrypts data on a computer, and screen-locking ransomware that locks the screen and prevents access to data and the system. Ransomware can target any operating system, but Windows-based systems are currently the most common target.

Input, transfer and output of data between devices without delay of transmission.

Cybersecurity requirements already implemented during the development of solutions and products.

Social engineering is a method of attack that uses human "weaknesses" such as curiosity or naivety, and sometimes even fear, to obtain data and access. Security precautions are circumvented in this way and people are induced to disclose sometimes very sensitive information. The "human vulnerability" is also known as the Layer 8 problem.

In SQL injections, database commands are injected into an SQL database via input fields on websites in order to spy out data or gain control of the system.

A process that protects websites and web applications. This application firewall analyzes traffic between clients and servers at the application level, monitors, filters and blocks HTTP traffic and is either installed as a standalone firewall or installed on the server.

Security loopholes in a software that are taken advantage of on the same day they occur. Thus, “zero days” pass between the loophole becoming public and the attack.