The protection of information for the purposes of preventing loss, unauthorized access and/or misuse. It is also the process of assessing threats and risks to information and the procedures and controls to preserve confidentiality, integrity and availability of information.

When an employee, partner or contractor of an organisation maliciously (both intentionally and not intentionally) causes damage to an organisation's cyber security infrastructure.

A company that provides Internet access to homes and businesses through modem dial-up, DSL, cable modem broadband, dedicated T1/T3 lines or wireless connections.

A unique string of character that identifies each computer using the Internet Protocol to communication over a network

Data subjects must be aware of the fact that their personal data will be processed, including how the data will be collected, kept and used, to allow them to make an informed decision about whether they agree with such processing and to enable them to exercise their data protection rights. The GDPR outlines six bases for the lawful processing of personal data.

The General Data Protection Regulation requires data controllers to demonstrate one of these six legal bases for processing: consent, necessity, contract requirement, legal obligation, protection of data subject, public interest, or legitimate interest of the controller. The controller is required to provide a privacy notice, specify in the privacy notice the legal basis for the processing personal data in each instance of processing, and when relying on the legitimate interest ground must describe the legitimate interests pursued.

The lawful processing of a Data Subject's personal data, the fact that the processing is necessary for the purposes of legitimate interests pursued by the University, or by a third party or parties to whom the data are disclosed.

Data indicating the geographical position of a device, including data relating to the latitude, longitude, or altitude of the device, the direction of travel of the user, or the time the location information was recorded.

Malware, short for malicious software, is any software designed with malicious intent to harm a computer system, device, network, or user. Malware can take many forms, including viruses, worms, Trojan horses, ransomware, adware, spyware, and more.

Multi-State Information Sharing and Analysis Center

encompassing two-factor authentication, or 2FA, along with similar terms is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something only the user knows), possession (something only the user has), and inherence (something only the user is).

Multi-factor authentication is a layered approach to securing data and applications where a system requires a user to present a combination of two or more credentials to verify a user's identity for login

National Cyber Security Centre

Necessity along with proportionality, is one of two factors data controllers should consider as they apply the principle of data minimization, as required by the General Data Protection Regulation. Necessity considers the amount of data to be collected and whether it is necessary in relation to the stated purposes for which it is being processed.

A fair information practices principle. There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available to establish the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller. Closely linked with transparency.

One of two central concepts of choice. It means an individual makes an active affirmative indication of choice; i.e., checking a box signalling a desire to share his or her information with third parties. The General Data Protection Regulation's definition of consent as requiring a "clear affirmative act" makes opt-in the default standard for consent acquisition.

One of two central concepts of choice. It means an individual

One time password. Used in multi factor authentication as a cyber security protection method

Any information relating to a person (a ‘ data subject ’) who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

Untargeted, mass emails sent to many people asking for sensitive information (such as bank details) or encouraging them to visit a fake website.