Glossary of Central Cyber Security Terms

A programme in which actors outside an organisation are invited to find vulnerabilities in its services and systems. Those who report such vulnerabilities receive financial compensation.

Computer Emergency Response Team. Tasked with preventing, detecting and investigating information security breaches and disseminating information on related threats. The purpose of the CERT activities carried out by the National Cyber Security Centre Finland is to prevent information security incidents and disseminate information on information security matters.

ComSec refers to practices designed to protect communications, including those related to cryptographic methods, the appropriate processing of cryptographic material, and physical security.

General Data Protection Regulation. The European Union’s General Data Protection Regulation sets common standards for organisations and individuals regarding the collection, storage, and management of personal data.

Activities designed to breach or influence a computer network, information system or the data they contain in order to gain access to a programme, service or other resource.

A website that collects confidential data from its users, such as usernames and passwords, or distributes malicious software. The content of such fraudulent websites may have been copied from their legitimate counterparts, which can make detecting them difficult.

Policies and technologies designed to manage the user data, roles and groups of users or devices.

Criminal activities involving the unauthorised use of another person’s identity in order to deceive a third party.

The public authority tasked with fulfilling international information security obligations and overseeing the appropriate protection and processing of classified international information. The Ministry for Foreign Affairs serves as Finland’s National Security Authority.

KATAKRI is an auditing tool used by public authorities to assess the ability of organisations to protect classified information.

A form of malicious software that encrypts or manipulates the data on a device and typically demands a ransom in order to restore access to the data.

The public authority tasked with developing and monitoring the operational reliability and security of communications networks and services, and maintaining situational awareness of national cyber security matters.

An authentication method requiring the use of two or more devices.

National Cyber Security Centre. The National Cyber Security Centre Finland at the Finnish Transport and Communications Agency (Traficom) serves as Finland’s NCSC. The public authority tasked with developing and monitoring the operational reliability and security of communications networks and services, and maintaining situational awareness of national cyber security matters.

The EU Directive on the security of networks and information systems, also known as the NIS Directive, provides legal measures regarding security and notification requirements across a range of sectors. In Finland, these requirements are laid down in sector-specific legislation and overseen by the appropriate supervisory authorities.

A password for a device or service that has been preset by the manufacturer or developer. In order to improve information security, it is advisable to change any default passwords when starting to use a device or service.

Devices and/or software used to establish a barrier between a computer and unauthorised contact from the internet. Firewalls only allow trusted and safe traffic between the computer and the internet.

An attack designed to disrupt a service or information system by overloading it.

A set of criteria used to assess the information security of cloud services (abbreviated from its Finnish name, Pilvipalveluiden turvallisuuden arviointikriteeristö.) Public authorities utilise the criteria to assess the security of confidential information processed with the help of cloud-based services.

Scams in which hackers claim to have infiltrated a computer and stolen information related to its user’s consumption of adult material. The hackers typically extort their victims for money, threatening to distribute the sensitive information. The threats are intended to scare the victim into paying as quickly as possible, and it is rare that the scammer actually has the material they claim to possess.

Applications that allow users to store the passwords for their user accounts. They enable users to manage their passwords in a centralised manner, which means that they only need to remember a single strong password used to access the manager.

Phishing refers to attempts to criminally obtain usernames, passwords or other valuable information, such as payment card details.

Unauthorised infiltration of an information system, service, device or application, such as stealing a username and password in order to gain control of an email account. Carrying out a computer break-in is an offence punishable under the Criminal Code. Attempted computer break-ins are also punishable.

Fraudulent use of another person’s, organisation’s or company's identity, typically on social media. Fake profiles may also be created in the name of non-existent persons, organisations or companies.

White hats are ethical computer hackers who assist organisations in improving their information security by penetrating or influencing their information networks, systems or data in order to identify weaknesses and vulnerabilities.

A backup copy is a duplicate instance of data stored separately from the original. If the original file is destroyed, the backup copy can be used to recover the data.

Virtual Private Network. Used to create an encrypted, private and information secure internet connection.