Access Control is all about making sure that users only have access to the systems or files that they legitimately need access to. For example, someone in accounts is unlikely to need access to the HR system, so you wouldn’t give them that access. This is also known as the Principle of Least Privilege, or in spy films it would be called “need-to-know”. Access control also means revoking access eg if a person leaves your company or where their job role means they no longer need access.
The intention is to reduce the risk of data loss, manipulation or deletion by unauthorised personnel, so it’s a risk mitigation strategy and is very much a core part of Information Security.
Antimalware / Antivirus
These terms are often used interchangeably, and refer to the function of a particular software package. It’s intended to be able to protect systems against viruses (antivirus) or malicious code (antimalware). In practice, many viruses are used to carry a payload which may include malicious code (malicious software, which is often referred to as malware).
Often talked about in the same breath as antimalware or antivirus, this software is specifically written to reduce the amount of spam email messages you receive. It is estimated that almost 60% of email globally today (at the end of 2017) is spam. When you think that there are around 205 billion emails sent a day, 74 trillion emails a year, 60% is a staggering number, so it makes sense to use software to stop you from receiving spam if possible.
An application (often referred to, particularly on mobile devices, as an app) is a software programme written to perform a specific function, or set of functions. For example, Word is a well known Word Processing application, and Facebook is a Social Media application.
This is the term used to describe the process by which you verify yourself as a user to the computer or mobile device. Typically this is done by having a username with a password, but it could easily just be the pin number you use to unlock your phone. Authentication also makes use of things like biometrics and / or other devices as part of a process called Two Factor Authentication or 2FA.
In information security, we often refer to the three pillars that security is built on, known as CIA. These are Confidentiality, Integrity and Availabilty, and are the three main factors we look at when protecting data.
Availability is all about making sure that data is available whenever it is needed, and is therefore a key part of your business continuity and disaster recovery planning.