Skip to main content

Glossary

A B C
D
E
F
G
H
I J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z

A

Anonymised Information

For these purposes anonymised information is information which cannot identify an individual either in isolation or when combined with other information (Section 1 (1) of the DPA 1998). Anonymised data may also carry other handling requirements.

B

Business Continuity

Business Continuity is the process of assessing potential risks and developing strategies and procedures for dealing with them, so that the University’s core activities and functions can recover as soon as an incident is under control.

C

Corporate Information Assets

Corporate information assets are those which are managed centrally and used institutionally for the delivery of core teaching, research, administration and commercial functions (student administrative data, staff data for example)

See also Information Asset

Cross-site Scripting

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec as of 2007.

I

Information Asset

Defined within the Information Security Framework as a useful or valuable store of information or information processing system of any type or format

See also Corporate Information Asset

J

JANET

JANET is the University's internet service provider. The Janet network connects UK universities, FE Colleges, Research Councils, Specialist Colleges and Adult and Community Learning providers. It also provides connections between the Regional Broadband Consortia to facilitate the DfE initiative for a national schools’ network. Over 18 million end-users are currently served by the Janet network.

P

Penetration Testing

A test of systems to highlight weaknesses and potential security risks. A penetration test is designed to exploit weaknesses in the system architecture or computing environment.

S

SQL Injection

SQL injection is a code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection is mostly known as an attack method for websites but can be used to attack any type of SQL database.

Session Hijacking

Session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer session to gain unauthorised access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server.

V

Vulnerability Scanning

A periodic test of systems to highlight weaknesses and potential security risks. A vulnerability scan looks for known vulnerabilities in a system (e.g. SQL injection attacks, session hijacking, cross-site scripting) and reports potential exposures.