Glossary
This is the Glossary for Totem's Threat Modelling course
Anti-malware: Also known as antivirus software, this is a computer programme used to prevent, detect and remove malicious software.
Assets: Any data, device, or other component of the environment that enables information-related activities is considered an asset. Hardware, software, and confidential information are examples of assets. Assets also include sources.
Backup: A copy of computer data stored elsewhere so that it can be used to restore original data after this has been lost.
Burner phone: A prepaid cell phone that is not bound to a contract with a carrier, and is usually intended to be disposed of after use.
Compartmentalisation: An action, process or policy that limits information access to the greatest extent operationally practical. This could also be reducing the number of people who have access to information.
Device: Also referred to in this course as network-connected device or electronic device, is a machine used to connect to the Internet or a mobile phone network. A device can be a desktop computer, a laptop, a mobile phone or smartphone, a tablet, a smart watch, a smart TV or any other Internet-connected machine.
Encryption: Encryption is the method by which information is converted into secret code that hides the information's true meaning.
File-based encryption (FBE): A cryptographic method that allows different files to be encrypted with different keys that can be unlocked independently.
Full disk encryption (FDE): A cryptographic method that applies encryption to the entire hard drive of a device, scrambling data, files, the entire operating system and software programmes using a single encryption key.
Internet Service Provider (ISP): A company that provides Internet access.
Malware: Malicious computer software that runs on your computer with unintended and usually harmful consequences.
Operating system (OS): Software that acts as an interface between computer hardware components and the user.
Password Manager: A password manager is a software application that is used to store and manage the passwords that a user has for various online accounts and security features.
Phishing: The act of trying to get someone to reveal data about themselves by sending them a message that seems to come from someone they trust.
Probability: The likelihood of a threat happening.
Ransomware: Malware that requires the victim to pay a ransom to retrieve access to files encrypted by the malware.
Removable (storage) device: A device for storing and transporting data from one electronic device to another. For example, a USB flash drive, external hard disk drive, optical disk, etc.
Risk: A risk is what happens when a threat exploits a vulnerability.
Scam: A fraudulent business scheme or swindle.
Severity: How risky or dangerous something is.
Shoulder surfing: A visual hacking practice where thieves steal personal data such as your screen lock passcode or PIN number by spying over your shoulder as you use a laptop, ATM machine or other electronic device in public.
Spyware: A form of malware that secretly gathers information about a person or organisation and is designed to take partial or full control of a computer's operation without the knowledge of the user.
Threat actor: A person, organisation or government who wants to have what you have (assets).
Threat: Something that puts people in danger, gets in the way of our work or causes other kinds of damage.
Threat modelling: Mapping out various risks and developing risk-reduction measures.
Virus: A type of malware programme that replicates itself by modifying other computer programmes and inserting its own code. When this replication succeeds, the affected areas are then said to be "infected" with a computer virus.
Vulnerability: Any weakness in a system, a process or the way an organisation or individual works