Glossary - P

Passive Attack

A network attack in which a system is monitored and sometimes scanned for open ports and vulnerabilities. The purpose is solely to gain information about the target and no data is changed on the target. Passive attacks include active reconnaissance and passive reconnaissance.


A secret series of characters used to authenticate a person’s identity.

Penetration Test

An authorized simulated cyber attack on a computer system, performed to evaluate the security of the system. The test is performed to identify both weaknesses (also referred to as vulnerabilities), including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed.

Personal Information

Personal data relating to an identifiable living individual.


Method used by criminals to try to obtain financial or other confidential information (including usernames and passwords) from internet users, usually by sending an email that looks as though it has been sent by a legitimate organization. The email usually contains a link to a fake website that looks authentic.


A person's right to control access to his or her personal information. The right to be free from intrusion or interference is a key element of privacy.

Public Data

Information that can be freely used, reused and redistributed by anyone with no existing local, national or international legal restrictions on access or usage.