A is for …

Access Control

Access Control is all about making sure that users only have access to the systems or files that they legitimately need access to. For example, someone in accounts is unlikely to need access to the HR system, so you wouldn’t give them that access. This is also known as the Principle of Least Privilege, or in spy films it would be called “need-to-know”. Access control also means revoking access eg if a person leaves your company or where their job role means they no longer need access.

The intention is to reduce the risk of data loss, manipulation or deletion by unauthorised personnel, so it’s a risk mitigation strategy and is very much a core part of Information Security.

Antimalware / Antivirus

These terms are often used interchangeably, and refer to the function of a particular software package. It’s intended to be able to protect systems against viruses (antivirus) or malicious code (antimalware). In practice, many viruses are used to carry a payload which may include malicious code (malicious software, which is often referred to as malware).


Often talked about in the same breath as antimalware or antivirus, this software is specifically written to reduce the amount of spam email messages you receive. It is estimated that almost 60% of email globally today (at the end of 2017) is spam. When you think that there are around 205 billion emails sent a day, 74 trillion emails a year, 60% is a staggering number, so it makes sense to use software to stop you from receiving spam if possible.


An application (often referred to, particularly on mobile devices, as an app) is a software programme written to perform a specific function, or set of functions. For example, Word is a well known Word Processing application, and Facebook is a Social Media application.


This is the term used to describe the process by which you verify yourself as a user to the computer or mobile device. Typically this is done by having a username with a password, but it could easily just be the pin number you use to unlock your phone. Authentication also makes use of things like biometrics and / or other devices as part of a process called Two Factor Authentication or 2FA.


In information security, we often refer to the three pillars that security is built on, known as CIA. These are Confidentiality, Integrity and Availabilty, and are the three main factors we look at when protecting data.

Availability is all about making sure that data is available whenever it is needed, and is therefore a key part of your business continuity and disaster recovery planning.

6 thoughts on “A is for …

  1. […] are used as a form of authentication. They sound really technical, but all they really mean is a physical part of your body which is […]


  2. […] with confidentiality and availability, integrity makes up what is known as the CIA triad, the three main pillars that Information […]


  3. […] used to refer to the three main pillars of information security, Confidentiality, Integrity and Availability. Information Security is all about addressing these three topics when applied to […]


  4. […] allow you to add parental controls, which prevent access to sites showing adult material. Some antimalware providers also have add-ons for web browsers which can alert on or block access to potentially […]


  5. […] sure that all devices have been patched and have antivirus software installed and active. This is often achieved by using Network Access Control to carry out a health […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: