Grade 11 ITC · Term 4 · Digital Security Textbook
Reference

Glossary

Every key term used in this textbook, in one alphabetical list. Terms link back to the chapters where they appear.

2

20-20-20 rule

Every 20 minutes look 20 feet away for 20 seconds.

Appears in: Common ICT Health Issues

3

3-2-1 Rule

Three copies, two media types, one offsite.

Appears in: Backups — The 3-2-1 Rule

A

Active recall

Testing yourself instead of re-reading notes.

Appears in: Quiz Competition and Personal Revision Plan

Ad blocker

Browser tool that hides adverts and often blocks malicious trackers.

Appears in: Safe-Browsing 10 Rules and VPN Debate

Ad personalisation

Using your data to target adverts.

Appears in: Privacy Settings — Hands-on

Aggregation

Combining data points to identify or profile a person.

Appears in: Personal Data, PII and Digital Footprint

Asset

Anything of value we want to protect — data, hardware, or reputation.

Appears in: The CIA Triad — Confidentiality, Integrity, Availability

Attack

A realised threat — the harmful event actually occurring.

Appears in: Threat, Vulnerability, Risk and Attack

Authentication

Proving an identity to a system.

Appears in: Authentication Factors

Authorisation

Deciding what an authenticated user is allowed to do.

Appears in: Authentication Factors

Auto-update

Automatic download and install of patches.

Appears in: OS Updates and Patching (Practical)

Availability

The system is up and reachable when needed.

Appears in: The CIA Triad — Confidentiality, Integrity, Availability

B

Biometric

A physical or behavioural trait used to identify a person.

Appears in: Authentication Factors

Blue light

High-energy visible light from screens that affects sleep.

Appears in: Common ICT Health Issues

Breach

An incident where confidential data was accessed by an unauthorised party.

Appears in: Case Study — Analysing a Real Cyber Incident

Brute force

Trying every possible combination until the password is found.

Appears in: Strong Passwords and Passphrases

Bystander effect

The tendency for people to do nothing when others are present.

Appears in: Class Digital Code of Conduct and Cyberbullying Response

C

CA

Certificate Authority — a trusted issuer of certificates.

Appears in: HTTPS, TLS and Certificates

Call to action

The specific step you want your audience to take.

Appears in: Security Awareness Campaign Showcase

Certificate

Digital proof of a website's identity.

Appears in: HTTPS, TLS and Certificates

CO2 extinguisher

Fire extinguisher safe for electrical fires.

Appears in: Lab Hazards, Electrical and Fire Safety

Command word

The instruction word (Define, Explain, Compare, Justify) that tells you how to answer.

Appears in: End-of-Term Written Examination

Concept map

A diagram showing ideas and the links between them.

Appears in: Concept Map — Topics 1 to 4

Confidentiality

Only authorised people can read the information.

Appears in: The CIA Triad — Confidentiality, Integrity, Availability

Consent

Explicit permission to share information or images about someone.

Appears in: Future-Self and Personal Online Rules

Cookie

A small file stored by a browser to remember state or track users.

Appears in: Personal Data, PII and Digital Footprint

Copyright

Legal right of a creator to control copying of their work.

Appears in: Scenario Analysis and Copyright

Creative Commons

Standard licences that let creators share on chosen terms.

Appears in: Scenario Analysis and Copyright

Cyberbullying

Using digital tools to harass, humiliate or threaten someone.

Appears in: Class Digital Code of Conduct and Cyberbullying Response

Cybercrime

A criminal offence involving a computer or network.

Appears in: Why Laws for Cyberspace — Skim the Act

D

Defence-in-depth

Stacking multiple security controls so that failure of one is not fatal.

Appears in: Defence-in-Depth — Firewalls and Antivirus

Diagnostic

A task designed to identify weaknesses.

Appears in: Station Rotation — Mixed Practice

Dictionary attack

Guessing from lists of common words and leaked passwords.

Appears in: Strong Passwords and Passphrases

Digital code of conduct

Shared rules a group agrees to follow online.

Appears in: Class Digital Code of Conduct and Cyberbullying Response

Digital footprint

The trail of data you leave online.

Appears in: Personal Data, PII and Digital Footprint

E

Ergonomics

Designing tools and workspaces to fit the human body.

Appears in: Workstation Ergonomics — Hands-on

Evacuation route

The planned path out of a building in an emergency.

Appears in: Lab Hazards, Electrical and Fire Safety

Evil twin

A rogue Wi-Fi access point mimicking a legitimate network.

Appears in: Wi-Fi Security — WEP, WPA2, WPA3 and Public Wi-Fi

F

Fair use / fair dealing

Limited use of copyrighted work allowed by law for study, review, etc.

Appears in: Scenario Analysis and Copyright

Firewall

A filter that controls incoming and outgoing network traffic.

Appears in: Defence-in-Depth — Firewalls and Antivirus

Full backup

A complete copy of all selected data.

Appears in: Backups — The 3-2-1 Rule

H

Hazard

A source of potential harm.

Appears in: Lab Hazards, Electrical and Fire Safety

Heuristic

Behaviour-based detection that catches new, unknown threats.

Appears in: Spot-the-Phish Poster and Antivirus Demo

HTTPS

HTTP over TLS — encrypted web traffic.

Appears in: HTTPS, TLS and Certificates

I

Incident

A confirmed security event that harms an asset.

Appears in: Case Study — Analysing a Real Cyber Incident

Incognito mode

A browsing mode that does not save history locally — but still visible to sites and networks.

Appears in: Safe-Browsing 10 Rules and VPN Debate

Incremental backup

Copies only files changed since the last backup.

Appears in: Backups — The 3-2-1 Rule

Integrity

Information is accurate and has not been changed without permission.

Appears in: The CIA Triad — Confidentiality, Integrity, Availability

J

Jurisdiction

The legal authority of a court or country over a case.

Appears in: Why Laws for Cyberspace — Skim the Act

M

Malware

Malicious software written to harm or exploit a system.

Appears in: Malware Taxonomy

MFA

Multi-factor authentication — using two or more different factors.

Appears in: Multi-Factor Authentication (MFA)

Micro-break

A short pause every 30 minutes to reset posture.

Appears in: Workstation Ergonomics — Hands-on

N

Neutral posture

Body position with minimum strain on joints and muscles.

Appears in: Workstation Ergonomics — Hands-on

P

Passphrase

A long password made of multiple words.

Appears in: Strong Passwords and Passphrases

Password manager

Software that stores and generates unique passwords.

Appears in: Strong Passwords and Passphrases

Patch

A software fix that closes a known vulnerability.

Appears in: OS Updates and Patching (Practical)

Payload

The harmful part of malware — what it actually does after infection.

Appears in: Malware Taxonomy

Permanence

The lasting nature of online content.

Appears in: Future-Self and Personal Online Rules

Phishing

Fraudulent email that tries to trick the reader into revealing information or running malware.

Appears in: Phishing, Smishing and Vishing

PII

Personally Identifiable Information — data that identifies an individual.

Appears in: Personal Data, PII and Digital Footprint

Plagiarism

Presenting someone else's work as your own.

Appears in: Scenario Analysis and Copyright

Port

A numbered network endpoint used by services (e.g. 443 for HTTPS).

Appears in: Defence-in-Depth — Firewalls and Antivirus

Privacy setting

A control that decides who can see or use your data on a platform.

Appears in: Privacy Settings — Hands-on

Q

Quarantine

A safe folder where suspicious files are isolated.

Appears in: Spot-the-Phish Poster and Antivirus Demo

R

Ransomware

Malware that encrypts files and demands payment.

Appears in: Malware Taxonomy

Recovery code

One-time backup code used when the second factor is unavailable.

Appears in: Multi-Factor Authentication (MFA)

Reflection

Looking back on learning to identify progress and next steps.

Appears in: Feedback, Reflection and Bridge to Grade 12

Restore

Recovering data from a backup.

Appears in: Backups — The 3-2-1 Rule

Revision plan

A written schedule of what to study and when.

Appears in: Quiz Competition and Personal Revision Plan

Risk

Likelihood of a threat exploiting a vulnerability × impact.

Appears in: Threat, Vulnerability, Risk and Attack

Root cause

The underlying vulnerability that made the incident possible.

Appears in: Case Study — Analysing a Real Cyber Incident

Rotation

Moving through fixed stations at timed intervals.

Appears in: Station Rotation — Mixed Practice

RSI

Repetitive Strain Injury — pain from repeated small movements.

Appears in: Common ICT Health Issues

S

Screenshot

A saved image of a screen that survives 'delete'.

Appears in: Future-Self and Personal Online Rules

Signature

A unique fingerprint of a known piece of malware.

Appears in: Spot-the-Phish Poster and Antivirus Demo

SIM swap

Attack where a criminal transfers your phone number to their SIM.

Appears in: Multi-Factor Authentication (MFA)

SMART goal

Specific, Measurable, Achievable, Relevant, Time-bound goal.

Appears in: Feedback, Reflection and Bridge to Grade 12

Smishing

Phishing carried out over SMS.

Appears in: Phishing, Smishing and Vishing

Spear phishing

A targeted phishing attack aimed at a specific person or organisation.

Appears in: Phishing, Smishing and Vishing

Structured question

Multi-part question with related sub-questions.

Appears in: End-of-Term Written Examination

T

Third-party app

An external app connected to your account via OAuth.

Appears in: Privacy Settings — Hands-on

Threat

A potential cause of harm to an asset.

Appears in: Threat, Vulnerability, Risk and Attack

Threat actor

The person or group carrying out an attack.

Appears in: Threat, Vulnerability, Risk and Attack

TLS

Transport Layer Security — the encryption protocol used by HTTPS.

Appears in: HTTPS, TLS and Certificates

TOTP

Time-based one-time password, generated by an authenticator app.

Appears in: Multi-Factor Authentication (MFA)

Two stars and a wish

Feedback format: two positives and one improvement.

Appears in: Security Awareness Campaign Showcase

U

Unauthorised access

Entering a system you have no right to use.

Appears in: Why Laws for Cyberspace — Skim the Act

V

Vector

The route malware uses to reach a device (email, USB, download).

Appears in: Malware Taxonomy

Vishing

Phishing carried out over a voice call.

Appears in: Phishing, Smishing and Vishing

VPN

Virtual Private Network — encrypts your traffic to a trusted server.

Appears in: Wi-Fi Security — WEP, WPA2, WPA3 and Public Wi-Fi

VPN provider

The company running the VPN server; they can see your traffic.

Appears in: Safe-Browsing 10 Rules and VPN Debate

Vulnerability

A weakness that a threat can exploit.

Appears in: Threat, Vulnerability, Risk and Attack

W

WPA3

The current strongest Wi-Fi encryption standard.

Appears in: Wi-Fi Security — WEP, WPA2, WPA3 and Public Wi-Fi

Z

Zero-day

A vulnerability unknown to or unpatched by the vendor.

Appears in: OS Updates and Patching (Practical)