A Sandbox is a concept generally used for software development. Its aim is to isolate an application or a piece of code which has not been tested or isn’t recognised by the system in a closed and independent environment whilst replicating the characteristics of the operating system. A behavioural analysis of the code is carried out within the sandbox environment where it can be handled, studied or altered with no impact to the operating system.

A firewall filters data flows from one network to another. It protects network traffic and is capable of identifying and blocking unwanted traffic or traffic which does not comply with the user’s predefined rules.

A WAF (Web Application Firewall) or application firewall protects web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others. A WAF is a protocol layer 7 defence in the OSI model.

A distributed denial-of-service (DDoS) attack is a malicious attempt by hackers to overwhelm a host, server or web application by sending a flood of Internet traffic to saturate the system and create total service disruption.

The PCI DSS (Payment Card Industry Data Security Standard) is an information security standard which applies to the credit card industry. Created and administered by the Payment Card Industry Security Standards Council, the aim of the PCI DSS is to reduce credit card fraud. It is applicable to all organisations which handle credit card data. Validation of compliance is performed either by an external Qualified Security Assessor or by Self-Assessment Questionnaire for companies handling smaller volumes of credit card data.

A Virtual Private Network is an encrypted link between a user and a remote server, or between different private network facilities anywhere in the world using a WAN/Internet link to send and receive data.
Multiple tunnelling protocols can be used including SSL/TLs and IPSec.

IPSec (Internet Protocol Security) is a secure network protocol suite which safely authenticates and encrypts packets of data sent over an Internet Protocol network . It was designed as the Internet security protocol for both IPv4 and IPv6 and enables security features related to user authentication and data confidentiality.
IPSec is also used to establish VPN links as it can securely connect 2 IT systems using an existing network.

SSL (Secure Socket Layer) is the standard communications protocol for establishing an encrypted link between a web server and the customer (PC, tablet, laptop etc). Created by the American company Netscape in the mid 90’s, it is based on an encryption procedure using
a Private Key and a Public Key. These keys work together to create a secure channel of communication between a customer and a server downstream of an authentication step. The SSL encryption ensures that important data like user names, passwords etc sent by the user to the server remain private and integral.

TLS (Transport Secure Layer) is a successor to the secure socket layer which uses the features of SSL 3.0 whilst improving certain functions and algorithms. It is more efficient than SSL because unlike SSL it supports pre-shared keys, secure remote passwords, elliptic curve cryptography and Kerberos.

TLS and SSL are not interoperable but TLS offers upward compatibility for older machines which are still using SSL.

The TLS protocol specifications take place on 2 levels:

• The TLS Record Protocol which ensures that the connection is private
• The TLS Handshake Protocol which allows authentication between the server and customer and the negotiation of cryptographic keys before the application protocol transmits any data.

Strong authentication is any method of allowing a user to access resources (systems, networks, applications) by combining at least two factors of authentication. The aim is to address the weaknesses of single sign-on systems which rely on only one factor of authentication (usually a memory factor such as a password) in order to make authentication more difficult to withstand an attack.

Strong authentication therefore combines several authentication strategies including:

• Something You Know – includes passwords and phrases
• Something You Have – includes smart cards and token devices
• Something You Are – includes fingerprints and retina scans

This information is then linked to an identity and access management solution which is in turn linked to the company’s directory or a metadirectory which references all the base users and their rights.

Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials to access multiple applications. The user creates a password at the beginning of the session and can then access several IT applications without having to renter their login credentials for each application.

SSO eliminates the need for users to remember and manage several different sets of login credentials or passwords.

However, by grouping a user’s authentication credentials, SSO increases the value and amount of data which may be breached in the event of the password being stolen.

Penetration testing is carried out by a tester and is a way of evaluating the security of an IT system or network.

It involves evaluating the security of an IT facility or network by carrying out a simulated cyber-attack using malware. The tester plays the role of a hacker and carries out a risk assessment test based on an IT system’s incorrect configuration, a configuration fault or weaknesses in the system. The aim of this test is to identify weaknesses and potential vulnerabilities and to draw up a plan of action to improve security for the IT system.

A SOC (Security Operations Centre) is a service with dedicated staff, facilities, systems and software dedicated to monitoring and handling all or part of the company’s IT security operations. As a centralised unit, the SOC is designed to offer a broader global view of system-wide activities and to prevent, detect and handle security incidents efficiently.

Ransomware is a type of malicious software, or malware received by email or contracted by visiting an infected website which is designed to deny access to a computer system or data by encrypting information such as customer files, accounting, invoices, quotes, designs, photographs, emails etc) until a ransom is paid by the victim. The victim then receives instructions about how to pay the ransom.

Otherwise known as a network of robots or of zombie computers, a Botnet is a network of devices whose security has been breached and which are controlled by a hacker. The network is designed to allow the controller to send instructions to all or some of the Botnet machines and to operate them for his own purposes.

Phishing is a fraudulent attempt to steal a user’s identity or to obtain information such as usernames, passwords and banking details. The hacker poses as a legitimate institution to lure users into enter sensitive data on a fake website. Typically the user receives an email asking them to visit the fake website.

Spam is the use of email to send unsolicited messages to users. It is often sent to a huge number of email addresses at the same time.

Vulnerability refers to a flaw or weakness in the design, development, installation or configuration of a system or the specifications in the way it is used, which leaves it open to attack either through malicious intent or through error. A vulnerability may be exploited by code and lead to an intrusion in the system.

Digital identity is information used by the Internet to represent an individual. This identity is generated by the individual’s online activity as they surf the web and communicate with companies and individuals leaving an active or passive permanent trail of data.

The Chief Information Security Officer or CISO of an organisation (business, association or institution) is the executive responsible for ensuring the security, availability and integrity of the IT system and data.

The CISO is usually responsible for handling IT risk management for the company. They draw up action plans and recommendations for network and system security, physical security, informing users about security risks and establishing an action plan for business continuity in the event of an incident. The CISO must also help establish and implement a security policy with a focus on continuous improvement and performance assessment. Accordingly, they also oversee the creation of an ISP within the company.

An ISP or Information security policy is a set of policies issued by an organisation to ensure a certain level of security. The ISP reflects the strategic approach of the organisation’s management team (SME, IMP, industry, administration, State, Union of States etc) with regards to the information security policy. It is a fundamental component when defining the goals to be achieved and the means to achieve them.

The process for defining this policy is based on a risk analysis of the IT system security.

Once it has been validated by the organisation’s IT security team, the ISP must be given to all those concerned by the IT system (users, operators, sub-contractors, providers etc.) It acts as a communication tool for the organisation and its ISP responsibilities, plus the resources available to prevent against risks.

ISO/IEC 27001 is an information security standard for ISO and CEI systems. Part of the ISO/IEC 27000 family of standards, it is intended to certify organisations by specifying specific requirements for establishing an ISMS (information security management system), to minimise the risks of loss, theft or alteration and protect IT systems from intrusion and disaster.