IT Dictionary


Here’s a dictionary with some of the words and expressions used in the IT world. Remember that technology is always evolving, and new terms may emerge over time. It is essential to keep up to date with trends and changes in technology.


  • Access: the act of entering, transiting, knowing or consulting information, as well as the possibility of using the information assets of a body or entity, subject to any applicable restrictions.
  • AD (Active Directory): is a directory service implementation of the LDAP protocol that stores information about objects on a computer network and makes this information available to users and administrators of this network. It is Microsoft software used in Windows environments, present in the active directory.
  • Network administrator: public agent who manages the network segment corresponding to the area covered by the respective unit.
  • Adware: from the English Advertising Software, is a specific type of spyware designed specifically to display advertisements. It can be used legitimately, when incorporated into programs and services, as a form of sponsorship or financial return for those who develop free programs or provide free services. It can also be used for malicious purposes when the advertisements displayed are targeted according to the user’s browsing and without the user knowing that such monitoring is taking place.
  • Threat: any event that exploits vulnerabilities or potentially causes an unwanted incident that could result in damage to a system or organization.
  • Antimalware/Antivirus: protection software used to prevent, detect and remove malicious programs.
  • API: acronym for Application Programming Interface.
  • Applications: software developed or acquired to meet a specific need.
  • Cyber Weapon: software, hardware and firmware designed or applied specifically to cause damage through the cyber domain. This category includes tools for unauthorized access, viruses, worms, trojans, DoS, DDoS, botnets and rootkits. In addition, activities such as social engineering are also considered cyberweapons. Cyberweapons can be used individually or together to enhance the desired effects.
  • Attack: action that constitutes a deliberate and unauthorized attempt to access/manipulate information, or to render a system inaccessible, non-integral, or unavailable.
  • Automatic Update: updates that are made to the device or system without the user’s interference, including, in some cases, without notifying the user.
  • Authentication: a process that seeks to verify the digital identity of an entity in a system when it requests access to that system. The process is carried out using pre-established rules, usually by comparing the credentials presented by the entity with others already pre-defined in the system, recognizing the parties involved in a process as genuine or legitimate.
  • Two-Factor Authentication (2FA): a security process that requires users to provide two means of identification before accessing their accounts.


  • Backdoor: a device in a malicious program that allows access to a compromised computer. This program is usually placed on the target computer in such a way as not to be noticed.
  • Backup: a set of procedures that make it possible to safeguard the data in a computer system, guaranteeing safekeeping, protection and recovery in the event of the loss of the originals. Fidelity to the original is guaranteed. This term is also used to identify the media on which the copy is made.
  • Database: database or collection of interrelated data, storing information about a specific domain. They are organized sets of records that are related in such a way as to create some meaning (information) and make it more efficient to consult or generate information or knowledge.
  • Big Data: extremely large data sets that, for this reason, require tools specially prepared to deal with large volumes, so that any and all information in these media can be found, analyzed and used in a timely manner.
  • Blacklist: a list of items that are denied access to certain resources, systems or protocols. Using a blacklist for access control means guaranteeing access to all entities except those included on the blacklist.
  • Blockchain: a database that maintains a continuously growing set of records – new records are only added to the existing chain and no records are deleted.
  • Botnet: a network made up of several zombie computers (infected with bots). It allows the harmful actions carried out by bots to be enhanced and used in denial-of-service attacks, fraud schemes, spamming, etc.
  • Build: software development, build is the term used to identify a compiled version of a program, i.e. when the lines of code written in high-level language are translated into machine language, which a computer is able to understand. The build can be complete (entire software) or partial (parts of it).
  • Business Intelligence (BI): a set of methodologies implemented through software that will ultimately collect information and organize it into useful knowledge to help with decision-making.


  • Trojan horse: a program that, in addition to performing functions for which it was apparently designed, also performs other, usually malicious functions without the user’s knowledge.
  • Certification: attests to the validity of a document or entity.
  • Certificate: a cryptographically signed document designed to ensure the identity of the terminal using the certificate to others. A certificate is trusted if it is signed by another trusted certificate, such as a certification authority, or if it is itself a trusted certificate.
  • Cryptographic Key: value that works with a cryptographic algorithm for encryption or decryption.
  • Source code: is the set of words or symbols written in an orderly manner, containing instructions in one of the existing programming languages, in a logical way.
  • Malicious code: a program, or part of a computer program, designed specifically to attack the security of a computer system and/or networks, usually by exploiting some system vulnerability.
  • Cloud computing: a computing model that allows on-demand, location-independent access to a shared set of configurable computing resources (computer network, servers, storage, applications and services), provisioned with minimal management efforts or interaction with the service provider.
  • Compromise: loss of security resulting from unauthorized access.
  • Confidentiality: property that guarantees access to information only to authorized persons, ensuring that unauthorized individuals, systems, bodies or entities do not become aware of the information, whether on purpose or accidentally.
  • Conformity: to be in conformity, analogous or similar; to be in accordance with certain norms, rules or precepts.
  • Access control: set of procedures, resources and means used for the purpose of granting or blocking access to the use of physical or computer resources. As a rule, it requires authentication procedures.
  • Credentials or Access Accounts: permission, granted by a competent authority after the accreditation process, which enables a particular person, system or organization to access resources. The credential can be physical (like a badge) or logical (like a user ID and password).
  • Cybercrime: a criminal or abusive act against networks or information systems, either by using one or more computers as tools to commit the offense or by targeting a network or information system in order to cause a cyber incident or disaster or to make a financial profit.
  • Cryptography: The art of protecting information by transforming it into a cipher text (encrypted), using an encryption key and previously established computer procedures, so that only the holder(s) of the decryption key can revert the encrypted text back to the original (full text). The decryption key can be the same (symmetric encryption) or different (asymmetric encryption) from the encryption key.


  • Data: information prepared to be processed, operated and transmitted by a computer system or program.
  • Deepfake: a form of manipulated video, using human image synthesis techniques, which create hyper-realistic artificial renderings of a human being. These videos are usually created by mixing an existing video with new images, audio and video to create the illusion of speech. This process is carried out through generative adversarial networks (GAN). The most dangerous consequence of the popularity of deepfakes is that they can easily convince people to believe a certain story or theory, which can result in behavior that has a major impact on political, social or financial life.
  • Cyber Defense: actions carried out in cyberspace, in the context of national planning at a strategic level, coordinated and integrated by the Ministry of Defense, with the aim of protecting information assets of interest to national defense, obtaining data for the production of intelligence knowledge and seeking superiority over the opponent’s information systems.
  • Development: includes development and evolution activities (evolutionary, perfective, adaptive and integrative maintenance) of software applications on web, desktop and mobile platforms, which include analyzing and gathering requirements, building and updating documentation artifacts and the application’s source code, as well as performing functional tests.
  • Right of Access: privilege associated with a position, person or process to have access to an asset.
  • Availability: guarantee that the data is accessible and usable on demand by a duly authorized person or entity.
  • Mobile Communication Devices: mobile computing equipment, such as notebooks, netbooks, smartphones, tablets, or any other data and voice transmission equipment that is easily mobile.
  • Document: a unit for recording information, whatever the medium or format.
  • Domain: a name used to locate and identify sets of computer networks.
  • Download: the action of copying a file or document from another computer via the Internet to your local computer.


  • E-mail: acronym for electronic mail.
  • Cyber Ecosystem: interconnected information infrastructure of interactions between people, processes, data and information and communications technologies, together with the environment and conditions that influence these interactions. It encompasses different participants – government, private firms, non-governmental organizations, individuals, processes and cyber devices – that interact for different purposes.
  • IP address (Internet Protocol): a set of numeric or alphanumeric elements that identifies an electronic device on a computer network. Sequence of numbers associated with each computer connected to the Internet. In the case of IPv4, the IP address is divided into four groups, separated by “.” and made up of numbers between 0 and 255. In the case of IPv6, the IP address is divided into up to eight groups, separated by “:” and made up of hexadecimal numbers (numbers and letters from “A” to “F”) between 0 and FFFF.
  • Cyberspace: virtual space made up of a set of Internet communication channels and other communication networks that ensure the interconnection of ICT devices and that encompasses all forms of digital network activities, including the storage, processing and sharing of content as well as all actions, human or automated, conducted through this environment.
  • Information Space: any means by which information is created, transmitted, received, stored, processed or disposed of.
  • Spreading: a spreading function (hash) transforms a key k into an address. This address is used as the basis for storing and retrieving records, and is very similar to indexing, in that it associates the key with the relative address of a record. In scattering, the addresses appear random, with no obvious connection between the key and the address.
  • Cyber espionage: an activity that consists of cyber-attacks directed against the confidentiality of ICT systems with the aim of obtaining sensitive data and information about the plans and activities of a government, institution, company or individual, usually launched and managed by foreign intelligence services or competing companies.
  • Risk estimation: the process used to assign values to the probability and consequences of a given risk.
  • Event: an identified occurrence of a system, service or network that indicates a possible violation of information security policy or lack of controls, or a previously unknown situation that may be relevant to information security.
  • Digital Evidence: information or data, stored or transmitted electronically, in binary mode, that can be recognized as part of an event.


  • Firewall: a resource designed to prevent unauthorized access to or from a given network or set of networks. They can be implemented in hardware or software, or both. Every message that enters or leaves the network passes through the firewall, which examines it to determine whether or not it meets the specified security criteria.
  • Framework: This is a basic structure that acts as a kind of development platform, with tools, guides, systems and components that can streamline the entire process of developing solutions, helping specialists to carry out their work.
  • Front-end: Developer who works on the part of the application where the user interacts directly, related to the visual part of a website or application.
  • Full Stack: Developer with back-end and front-end knowledge. In other words, he masters various technologies and tools and develops systems, websites and applications.


  • Git: File version control system. It allows different people to contribute simultaneously to editing and creating new files, without running the risk of changes being overwritten.
  • GitHub: This is a platform for hosting source code and files with version control using Git. It allows programmers, utilities or any user registered on the platform to contribute to private and/or Open Source projects from anywhere in the world.
  • Cyber warfare: acts of war using predominantly ICT elements on a sufficient scale for a specific period of time and at high speed in support of military operations through actions taken exclusively in cyberspace in order to disrupt or incapacitate the activities of an enemy nation, especially by attacking communication systems, with the aim of gaining significant military operational advantage. Such actions are considered a threat to the state’s national security.


  • Hacking: The act of programming or using any other resource to try to break into or modify a system.
  • Hardware: this is the physical part of the computer, i.e. the set of electronic components, integrated circuits and boards, which communicate via buses.
  • Hash: unique, fixed-size result generated by a summary function. The hash can be used, among other things, to verify the integrity of files and generate digital signatures. It is generated in such a way that reverse processing to retrieve the original information is not possible. In addition, any change to the original information will produce a different hash. Although it is theoretically possible for different information to generate identical hashes, the probability of this happening is quite low.
  • Hypertext Transfer Protocol (HTTP): communication protocol between information systems, which allows data to be transferred between computer networks, mainly on the World Wide Web (Internet). For this data transfer to take place, the HTTP protocol needs to be combined with two other network protocols, TCP and IP, which enable communication between the URL and the web server that will store the data, so that the HTML page requested by the user can be sent.
  • Hypertext Transfer Protocol Secure (HTTPS): HTTP extension used for secure communication over the computer network. In HTTPS, the communication protocol is encrypted using TLS or its predecessor, SSL. The main reason for using HTTPS is to authenticate the website being accessed and to protect the privacy and integrity of the data exchanged during information traffic.


  • IaaS: acronym for infrastructure as a service.
  • IaC: acronym for infrastructure as code.
  • Digital Identity: univocal representation of an individual within cyberspace.
  • Image: identical copy of the operating system or applications used for restoration and/or optimized installation of a standard environment on a computer resource.
  • Backup Image: file generated by the backup solution/tool, not necessarily in the same format as the files containing the backed-up data.
  • Virtual Machine Image: covers the complete definition of a virtual machine’s storage, containing the operating system disk and all data disks, capturing the disk properties (such as host cache) needed to deploy a Virtual Machine on a reusable drive.
  • Implementation: includes the activities of preparing software application environments, as well as the activities of inserting this system into the list of application solutions, such as planning, parameterization, configurations, technical, functional and operational training, as well as support in the intermediation of evolutions, support in endomarketing and in the preparation of materials to support the use of the system (manuals, videos, guidelines, etc.).
  • Incident: an event, action or omission that has permitted, or is likely to permit, unauthorized access, interruption or change in operations (including by taking control), destruction, damage, deletion or change of protected information, removal or limitation of use of protected information, or the misappropriation, dissemination and publication of protected information from a critical information asset or critical activity for a period of time less than the target recovery time.
  • Cyberinfrastructure: information and communications systems and services made up of all the hardware and software needed to process, store and transmit information, or any combination of these elements. Processing includes the creation, access, modification and destruction of information. Storage encompasses any type of media on which information is stored. Transmission is made up of both the distribution and sharing of information, by any means.
  • Infrastructure as Code (IaC): the process of managing and provisioning computer data centers through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools.
  • Infrastructure as a Service (IaaS): type of cloud computing service where the cloud service provider offers the customer the ability to create virtual networks in their computing environment. An IaaS solution allows the customer to select which operating systems to install on virtual machines, as well as the network structure, including the use of virtual switches, routers and firewalls. IaaS also provides complete freedom as to the software or custom code that runs on the virtual machines. An IaaS solution is the most flexible of all cloud computing services; it allows a significant reduction in hardware by the customer on their own local installation. It is generally the most expensive form of cloud computing service.
  • Integrity: the property by which it is ensured that information has not been modified or destroyed in an unauthorized or accidental manner.
  • Artificial Intelligence (AI): artificial intelligence is a branch of computer science research that seeks, through computer symbols, to build mechanisms and/or devices that simulate the ability of human beings to think, solve problems, in other words, to be intelligent.
  • Application Programming Interface (API): Application Programming Interface, better known as API, has the main objective of making an application’s resources available for use by another application, abstracting the implementation details and often restricting access to these resources with specific rules.
  • Internet: worldwide association of interconnected computer networks using data communication protocols. The Internet provides a comprehensive means of communication through: file transfer, remote connections, e-mail services, etc.
  • Internet of Things (IOT): Internet of Things. Interrelated system of computing devices, digital and mechanical equipment, and objects to which UIDs are linked and which have the ability to transfer data over the network without the need for person-to-person or person-to-computer interaction.
  • Internet Protocol (IP): IP address, in general terms, is the identification of a device (computer, printer, etc.) on a local or public network. Each computer on the Internet has a unique IP (Internet Protocol), which is the means by which machines communicate on the Internet.
  • Intranet: private network, accessible only to members of the organization it serves. It uses the same resources and protocols as the Internet, but is commonly separated from it by firewalls.
  • Intrusion: a security incident in which the attack was successful, resulting in the access, manipulation or destruction of information on a computer or an organization’s system.


  • Jailbreak: a process that modifies a device’s original operating system, allowing it to run applications not authorized by the manufacturer. A device with jailbreak software is able to install applications that were previously unavailable on the manufacturer’s official websites, through unofficial installers, as well as illegally acquired applications. The use of jailbreak techniques is not recommended by manufacturers, as they allow uncertified applications to run, which can even contain embedded malware.


  • Keylogger: a specific type of spyware. Program capable of capturing and storing the keystrokes made by the user on the computer keyboard. Usually the activation of the keylogger is conditional on a previous action by the user, such as accessing a specific e-commerce or Internet banking site.
  • Software Development Kit (SDK): is a set of development tools and pre-written code that can be used by developers to create applications. They generally help to reduce the amount of effort and time it would take for professionals to write their own code.


  • LAN (Local Area Network): This is a local network that aims to exchange data within the same physical space. In other words, it’s a connection of devices within a specific area.
  • LDAP (Lightweight Directory Access Protocol): is an open, vendor-free, industry-standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.
  • LGPD: acronym for General Personal Data Protection Law.
  • Lib: This is short for library, which means library in English. It’s a set of functionalities or programs that you can use to develop larger projects.
  • Log or Audit Record: a record of relevant events on a device or computer system, for later analysis, which can be generated by operating systems, applications, among others.
  • Loop: Repetition of a piece of code, often associated with a particular error in program execution.


  • Malware: computer programs or pieces of executable code with self-replicating capabilities. Like biological viruses, malicious computer code can spread quickly and is usually difficult to eradicate. They can be attached to almost any type of file and spread as files that are copied and sent from one person to another. This type of malicious software usually enters a network through various company-approved activities, such as e-mail or websites. Examples of malware include viruses, worms, Trojans, spyware, adware and rootkits.
  • Virtual Machine (VM): virtual machines are software computers with the same functionality as physical computers. Just like physical computers, they run applications and an operating system. However, virtual machines are computer files that run on a physical computer and behave like a physical computer. They are usually created for specific tasks that are risky to perform in a host environment, such as accessing virus-infected data and testing operating systems. As the virtual machine is sandboxed off from the rest of the system, the software inside it cannot tamper with the host computer. Virtual machines can also be used for other purposes, such as server virtualization.
  • Digital medium: information available in a digitally coded format intelligible to humans and created, processed, stored and made available by electronic means.
  • Metadata: represents “data about data” providing the resources needed to understand data over time, i.e. it is structured data that provides a concise description of the data stored and makes it possible to find, manage, understand or preserve information about the data over time. They play an important role in data management, as they are the basis for processing, updating and consulting information. Information on how the data was created/derived, the environment in which it resides or has resided, changes made, among others, is obtained from metadata.
  • Media: mechanisms in which data can be stored, in addition to the form and technology used for communication – includes optical disks, magnetic disks, CDs, tapes and paper, among others. A multimedia resource combines sounds, images and videos, which are different types of media.
  • Data Mining: Data mining is the process of finding anomalies, patterns and correlations in large data sets in order to predict results. Through a variety of techniques, you can use this information to increase income, cut costs, improve customer relations, reduce risks and more.
  • Multi-cloud: strategy of using cloud computing services through two or more cloud service providers.


  • Internet browser: software used for browsing the Internet. Example: Google Chrome, Internet Explorer, Mozilla Firefox.
  • Denial of Service (DoS): better known as DoS (Denial of Service) is the blocking of duly authorized access to a resource or the generation of delays in the normal operations and functions of a system, with the resulting loss of availability to authorized users. The aim of a DoS attack is to disrupt the legitimate activities of a computer or system. One way to provoke an attack is to take advantage of flaws or vulnerabilities in the victim machine, or to send a large number of messages that use up some of the victim’s resources, such as CPU, memory, bandwidth, etc. This requires a single powerful machine with good processing power and plenty of available bandwidth, capable of generating enough messages to cause service interruption.
  • Distributed Denial of Service (DDoS): better known as DDoS (Distributed Denial of Service), it is a malicious, coordinated and distributed activity in which a group of computers or mobile devices are used to take a service, a computer or a network connected to the Internet out of operation. Although DoS attacks are generally dangerous for Internet services, the distributed form is even more dangerous, precisely because it is an attack carried out by several machines, which can be spread out geographically and have no relation to each other – except for the fact that they are partially or totally under the attacker’s control. In addition, DDoS messages can be difficult to identify because they can easily pass themselves off as legitimate traffic messages. While it is unnatural for the same machine to send several similar messages to a server in very short periods of time (as in the case of a DoS attack), it is perfectly natural for several machines to send similar service request messages regularly to the same server, which disguises the DDoS attack.
  • Cloud: a vast network of remote servers around the globe that are connected and operate as a single ecosystem. These servers are responsible for storing and managing data, running applications or providing services or content, which can be accessed from any device with Internet access.
  • Community Cloud: dedicated cloud infrastructure for the exclusive use of a community, or a group of users from unaffiliated bodies or entities, who share the same nature of work and obligations, and its ownership and management may be by community organizations, third parties or both.
  • Hybrid Cloud: cloud infrastructure made up of two or more distinct infrastructures (private, community or public), which remain with their own characteristics but are grouped together by standard technology that allows interoperability and portability of data, services and applications.
  • Private (or internal) Cloud: dedicated cloud infrastructure for the exclusive use of the body and its related units, or of an entity made up of multiple users, and its ownership and management can be by the organization itself, by third parties or by both.
  • Public (or external) cloud: dedicated cloud infrastructure for open use by any organization, and it can be owned and managed by public or private organizations, or both.


  • Technological obsolescence: the life cycle of software or equipment defined by the manufacturer or caused by the development of new technologies.
  • Opt-In: process by which the user authorizes a certain action by a company, usually the collection of data and its sharing with partner companies or the receipt of messages sent by companies.
  • Opt-Out: process by which the user disallows a company to continue with a certain previously permitted action.


  • Patch: system updates.
  • Access Profile: set of attributes for each user, previously defined as necessary for access credentials.
  • Service Provider: a person involved in the development of activities, on a temporary or occasional basis, exclusively for the interest of the service, who may receive special access credentials.
  • Data Loss Prevention: also known as DLP (Data Loss Prevention), is the practice of detecting and preventing data leaks, data exfiltration or the destruction of an organization’s sensitive data. The term DLP refers to both actions against data loss (an event in which data is permanently lost by the organization) and actions against data leaks (improper transfer of data outside the organization’s boundaries).
  • Primariness: the quality of the information collected at source, in as much detail as possible, without modification.
  • Process: a continuous sequence of facts or operations that present a certain unity or are reproduced with a certain regularity: continuous action, continuous and prolonged realization of some activity.
  • Protocol: set of parameters that define how information should be transferred.


  • Quarantine: a period in which computer files or programs are monitored when there is no certainty about their origin or the type of activities they carry out.
  • Security breach: an action or omission, whether intentional or accidental, that results in the compromise of information and communications security.
  • Query: Process in which data is extracted from a database. In other words, it involves requesting information or data from a database and presenting it in a way that is suitable for use. Generally, the standard language for managing databases is SQL (Structured Query Language).


  • Computer resources: equipment used for storing, processing and transmitting data.
  • Computer Network: interconnection of two or more computers and other devices connected to each other in such a way as to allow the sharing of physical and logical resources.
  • Internal Network: a collection of all local networks.
  • Virtual Private Network (VPN): better known as VPN (Virtual Private Network), this refers to the construction of a private network using public networks (e.g. the Internet) as infrastructure. These systems use encryption and other security mechanisms to ensure that only authorized users can access the private network and that no data is intercepted while it is passing through the public network.
  • Archive repository: a collection of documents or a place where documents are stored.
  • Recovery: the process of recovering data and making the data saved in a given backup image available.
  • Router and Switch: computer resources that make it possible to interconnect two or more physical or virtual information assets.


  • Digital Health: Digital Health comprises the use of Information and Communication Technology (ICT) resources to produce and make available reliable information on the state of health to those who need it, at the time they need it.
  • Screenlogger: a specific type of spyware. A program similar to a keylogger, capable of storing the position of the cursor and the screen displayed on the monitor when the mouse is clicked, or the region surrounding the position where the mouse is clicked. It is widely used by attackers to capture keystrokes made by users on virtual keyboards, available mainly on Internet banking sites;
  • Cybersecurity: actions aimed at the security of operations, in order to ensure that information systems are capable of resisting events in cyberspace that could compromise the availability, integrity, confidentiality and authenticity of the data stored, processed or transmitted and of the services that these systems offer or make accessible.
  • Information security (IS): preserving the confidentiality, integrity and availability of information. In addition, other properties such as authenticity, responsibility, non-repudiation and reliability may also be involved.
  • Service Desk: the area responsible for responding to requests, registering, escalating and resolving incidents reported by users, as long as they are included in the organization’s Service Desk Catalogue.
  • IT service: any provision of services for the development, implementation, maintenance, storage and retrieval of data and operation of information systems, design of data communication network infrastructure, process modeling and technical advice necessary for information management, which support an essential business process.
  • Network servers: computer resources that store and make information available on a data network.
  • Information System: a set of material or intellectual elements, made available to users in the form of services or goods, which enable the aggregation of technology, information and communications resources in an integrated manner.
  • Operating systems: software whose function is to act as an interface between computer resources and the user.
  • Website: pages containing information, images, photos, videos, sounds, etc., which are stored on access providers (computers called servers) on the Internet, to be accessed by anyone who connects to the network.
  • Software: a computer program designed to perform a set of previously defined actions.
  • Spam: this is the term used to refer to unsolicited emails, which are usually sent to a large number of people.
  • Spyware: a specific type of malicious code. Program designed to monitor the activities of a system and send the information collected to third parties. Keylogger, screenlogger and adware are some specific types of spyware;
  • SSL: acronym for Secure Sockets Layer.


  • UI: stands for User Interface, which can be translated as User Interface. This is an area focused on creating easier and more user-friendly interfaces.
  • Storage Unit: device for storing data on digital media.
  • Shared Use of Data: communication, dissemination, international transfer, interconnection of personal data or shared processing of personal databases by public bodies and entities in compliance with their legal powers, or between these and private entities, reciprocally, with specific authorization, for one or more processing modalities permitted by these public entities, or between private entities.
  • User: an individual, whether a civil servant or equivalent, employee or service provider, authorized by the body to access its information assets.
  • URL: acronym for Uniform Resource Locator.
  • UX: This is short for User Experience. This is a strategy that aims to deliver better experiences to users of digital or physical services and products.


  • Information Security Compliance Verification: procedures that form part of the compliance assessment aimed at identifying compliance with the organization’s IS-related legislation, standards and procedures.
  • Virus: a hidden, self-replicating section of computer software, usually using malicious logic, which spreads by infecting (i.e. inserting a copy of itself and becoming part of) another program. It cannot run itself, i.e. it needs its host program to be executed in order to become active.
  • Vishing: a form of phishing attack that takes place over VoIP, and the victims do not need to be using VoIP. The attacker uses VoIP systems to make calls to any telephone number, free of charge, and usually spoofs their caller ID in order to make the victim believe that they are receiving a call from a legitimate or reliable source (such as a bank, retail store, etc.).
  • VPN: Translated into Portuguese, it stands for Virtual Private Network. This makes it possible to connect two computers via a public network, such as the Internet.
  • Vulnerability: set of internal factors or potential cause of an unwanted incident, which may result in a risk to a system or organization, which can be prevented by internal information security action.


  • Web: A system of information connected to each other through text, video, sound and other digital animations that allow users to access content via the Internet.
  • Whitelist: a list of items that are granted access to certain resources, systems or protocols. Using a whitelist for access control means denying access to all entities except those included in the whitelist.
  • Worm: a program capable of automatically spreading across networks, sending copies of itself from computer to computer. Unlike a virus, a worm does not embed copies of itself in other programs or files and does not need to be explicitly executed in order to spread. It spreads by exploiting existing vulnerabilities or flaws in the configuration of programs installed on computers.


  • XML (extensible markup language): a markup language capable of describing different types of data. It is one of the subtypes of SGML (standard generalized markup language) and its main purpose is to facilitate the sharing of information over the Internet. One of the fundamental characteristics of XML is that it makes it possible to create a single infrastructure for different languages, making it easier to define unknown languages.


  • Demilitarized Zone (DMZ): also known as a perimeter network, is a subnet (physical or logical) that lies between a trusted private network and an untrusted network, and where computer resources are hosted to be accessed from the untrusted network (usually the Internet), avoiding access to the organization’s internal network. The DMZ ensures isolation between the trusted and untrusted network by a series of connectivity rules maintained in a firewall;
  • Zombie: name given to a computer infected by a bot, as it can be controlled remotely, without the owner’s knowledge.

We hope we’ve helped you.

Master da Web, your Cloud solution! ☁️

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest news

Latest news directly from our blog.