When an employee, partner or contractor of an organisation maliciously (both intentionally and not intentionally) causes damage to an organisation's cyber security infrastructure.

A company that provides Internet access to homes and businesses through modem dial-up, DSL, cable modem broadband, dedicated T1/T3 lines or wireless connections.

Invoice fraud is a deceptive scheme where criminals trick businesses into paying money into a fraudulent bank account, often by impersonating a legitimate supplier or business partner. This is commonly achieved by sending fake invoices, altering payment details on real invoices, or even sending invoices for services never rendered. The goal is to divert funds intended for genuine transactions into the fraudster's control.

A unique string of character that identifies each computer using the Internet Protocol to communication over a network

A form of  AI  that utilizes  deep learning  algorithms to create models (see  machine learning model ) pre-trained on massive text datasets for the general purpose of language learning to analyze and learn patterns and relationships among characters, words and phrases. There are generally two types of LLMs: generative models that make text predictions based on the probabilities of word sequences learned from its training data (see  generative AI ) and discriminative models that make classification predictions based on probabilities of data features and weights learned from its training data (see  discriminative model ). The term "large" generally refers to the model's capacity measured by the number of  parameters  and to the enormous datasets that it is trained on.

Data subjects must be aware of the fact that their personal data will be processed, including how the data will be collected, kept and used, to allow them to make an informed decision about whether they agree with such processing and to enable them to exercise their data protection rights. The GDPR outlines six bases for the lawful processing of personal data.

The General Data Protection Regulation requires data controllers to demonstrate one of these six legal bases for processing: consent, necessity, contract requirement, legal obligation, protection of data subject, public interest, or legitimate interest of the controller. The controller is required to provide a privacy notice, specify in the privacy notice the legal basis for the processing personal data in each instance of processing, and when relying on the legitimate interest ground must describe the legitimate interests pursued.

The lawful processing of a Data Subject's personal data, the fact that the processing is necessary for the purposes of legitimate interests pursued by the University, or by a third party or parties to whom the data are disclosed.

Data indicating the geographical position of a device, including data relating to the latitude, longitude, or altitude of the device, the direction of travel of the user, or the time the location information was recorded.

The capability of a machine to learn without being explicitly programmed.

Malware, short for malicious software, is any software designed with malicious intent to harm a computer system, device, network, or user. Malware can take many forms, including viruses, worms, Trojan horses, ransomware, adware, spyware, and more.

Multi-State Information Sharing and Analysis Center

encompassing two-factor authentication, or 2FA, along with similar terms is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something only the user knows), possession (something only the user has), and inherence (something only the user is).

Multi-factor authentication is a layered approach to securing data and applications where a system requires a user to present a combination of two or more credentials to verify a user's identity for login

National Cyber Security Centre

Necessity along with proportionality, is one of two factors data controllers should consider as they apply the principle of data minimization, as required by the General Data Protection Regulation. Necessity considers the amount of data to be collected and whether it is necessary in relation to the stated purposes for which it is being processed.

A fair information practices principle. There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available to establish the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller. Closely linked with transparency.

One of two central concepts of choice. It means an individual makes an active affirmative indication of choice; i.e., checking a box signalling a desire to share his or her information with third parties. The General Data Protection Regulation's definition of consent as requiring a "clear affirmative act" makes opt-in the default standard for consent acquisition.

One of two central concepts of choice. It means an individual