What actually means...?

Sometimes it is difficult to find your way among the many abbreviations, technical terms and new content. Therefore, we provide an overview of the most common terms in the field of information security with their corresponding meanings.

  • A-C

    • Admin/Administrator*in: User and supervisor of IT systems with extended access rights
    • Add-on: An external program that extends an existing program with additional functions (e.g. browser add-ons in web browsers)
    • Browser/Webbrowser: Computer programs for displaying web pages on the Internet or files, e.g. documents
    • Backup: Copy of data on a separate storage medium to ensure that data is not irretrievably lost in the event of an emergency
    • BSI: Federal Office for Information Security, the federal cyber security authority

  • D-F

    • Data Protection: Data protection describes the protection against the improper processing of personal data and of the right to informational self-determination

  • G-I

    • Hacker: Individuals or groups of individuals who infiltrate third-party IT systems and endanger at least one of the three protection goals (confidentiality, availability, integrity) of the contained data
    • Handouts: Handouts in the context of information security documents describe actions to fulfill policies at the operational level. They contain instructions that regulate specific issues that recur in everyday work. The described behaviors are binding for the respective scope and circumstances.
    • Information: Data that becomes knowledge through a specific context ( immaterial good, easily copied) and represents values for an organization. Information is to be understood as a subset of knowledge that is needed by a person or a group of individuals in a specific situation and is often not explicitly available. However, the concept of information not only includes the change in knowledge, but also the transfer of knowledge and also includes the carrier or medium. In the context of information and communication technology, information must be understood holistically, regardless of its origin and type, i.e., storage and transmission in digital form, on paper, or as the spoken word.
    • Information Network: The scope of a security concept that has a reasonable minimal size within an institution and can be clearly distinguished from other information networks
    • Information Owner: For each process, the information owner takes responsibility for all information processing issues within the scope of the respective process. The individuals responsible for the processes of the University of Münster (including management, core and supporting processes) are the owners of the processed information.
    • Information Officer: The information processor acts on behalf of the information owner in order to process information in daily operations or to pass it on as necessary. As the first information processor, he/she determines the classification of incoming information according to the defined instructions of the information owner or marks the information accordingly. Deviations from the applicable instructions must be coordinated with the information owner.
    • Information Security Framework: The entirety of the regulations governing the information security management system is referred to as a framework. It consists of regulations (specification documents such as policies, concepts or handouts) and recordings (documents that serve as proof, such as completed templates, reports or logs). The information security policy (ISL) plays an essential role. It contains principles regarding the goals of the University of Münster and defines the strategy for information security. It does not contain concrete, action-directing instructions. The ISL shows what information security is and what significance it has for the University of Münster. It is based on the university's IT strategy.
    • IT-System: Any form of networked information technology equipment
    • IVV (IT Support Units): Decentralized IT service providers at the University of Münster responsible for on-site IT support, see IVVs

  • J-L

    • LAN (Local Area Network): A network with limited physical extent, to which devices are connected; usually a stationary workstation is connected to the LAN of the University of Münster with a LAN cable.

  • M-O

    • Malware: A software designed to perform undesirable and possibly harmful functions on an IT system from the perspective of the potential victim. These programs often run unnoticed in the background, and the scope of their functions can range from manipulating, deleting or exfiltrating data, to taking over the IT system and using its resources. Malware also includes any type of code that can be used to penetrate an IT system.
    • Network Connection: The connection to, among other things, the Internet or the telephone network; Inside buildings of the University of Münster, devices used for work-related purposes are connected to the university's network. Outside buildings of the University of Münster, a foreign or private network connection is usually used to access services, applications and data of the university (e.g. the private internet connection or WLAN in a hotel).
    • OTP (One-Time Password): A password generated for authorization and authentication purposes (e.g., two-factor authentication); it serves as an additional security factor to the regular password and increases protection against cyber attacks. Each OTP is only valid for use within a short period of time and is automatically regenerated afterwards. To generate such one-time passwords, an OTP generator is required, which can be installed as an app on the smartphone.

  • P-R

    • Penetration-Tests (Pentests): Security tests in which methods and procedures of attackers are used to simulate and test attacks on a controllable scale (this may include technical methods or social engineering)
    • Personal Data: Any information relating to an identified or identifiable natural person (data subject) (see DSGVO); a person is identifiable if he or she can be identified with the help of reference data. Important: It is sufficient if there is a theoretical possibility to identify the person by combining several data.
    • Policies: Policies describe concrete measures for achieving the targeted level of security. They specify the information security policy and are part of the strategy defined therein. The implementation of and compliance with policies is binding for the respective area of application. Area-specific or target group-specific policies may also be established. Policies can be concretized by instructions and security concepts.
    • Private Devices: PCs, laptops, smartphones and tablets owned by a person employed at the University of Münster and used for work-related purposes
    • RDP (Remote Desktop Protocol): RDP can be used to access service devices within the university from private devices after establishing a VPN connection. Remote desktop allows access to workstations, use of applications, access to printers, personal storage space (drive U:), etc..

    • Remote Maintenance: The administration or maintenance of IT systems from remote locations.

    • Remote Workplace (Mobile Working, Home Office): The completion of work-related tasks by employees within the scope of their employment relationship with the university outside the university's premises, for example in their own home, another household or during a business trip.

  • S-U

    • Security Concepts: Security concepts describe how the objectives defined in the information security policy are to be achieved within a specific scope (information network). They serve to implement the defined information security strategy and describe measures that serve information security. Based on the IT-Grundschutz ("IT baseline protection") methodology, the individual organizational units at the University of Münster are required to create their own security concepts.
    • Server: An instance (usually physical or virtual) that provides functionality, utilities, data, or other resources so that other devices or applications ("clients") can access them.
    • Unauthorised Individuals: All individuals or legal entities, authorities, institutions or other bodies who are not authorized to know or process the respective information; this may also include employees of the University of Münster if they are not authorized to have knowledge of the respective information. Unauthorized individuals are also family members and people who live in a household with a person employed at the University of Münster.
    • UPS (Uninterruptible Power Supply): A UPS ensures the supply of critical electrical loads in case of disturbances in the power grid.
    • User: Individuals who use devices and networks, but who do not necessarily have rights to set up the IT systems

  • V-Z

    • VDI (Virtual Desktop Infrastructure): VDI can be used to access virtual computers from private devices. This means that users can work with their own virtual desktop from anywhere.
    • VPN (Virtual Private Network): Enables the integration of a device via a network connection (e.g., the private Internet connection) into another network (e.g., the network of the University of Münster); the VPN of the University of Münster provides additional protection through encryption of the transfer and enables users to access certain internal services, such as the network drives.

    • Vulnerability/Security Gap: A vulnerability or security gap is usually an error or weakness, e.g. in an application or system, that can be misused for unintended or damaging actions.

    • Vulnerability Scans: Automated scans of information systems for the exploitability of known vulnerabilities or gaps

    • WLAN (Wireless Local Area Network): A wireless, local network; with WLAN, devices can be connected to a network via a wireless connection - in contrast to LAN.
    • Work Devices: PCs, laptops, smartphones and tablets provided to employees by the University of Münster for the performance of their work-related duties. The relevant factor is that these IT devices are owned by the university.
    • Work-related Data: All types of information, on paper or digital, which are legally the property of the university. Employees of the University of Münster usually have access to this data in order to perform their work duties. There is a legitimate need to ensure that this data does not leave the sovereign domain of the university and that unauthorized individuals are not given the opportunity to take note of or change it.