GLOSSARY
[Glossary Partly Recreated from Totems online glossary]
Anti-malware Also known as antivirus software, this is a computer programme used to prevent, detect and remove malicious software.
Assets Any data, device, or other component of the environment that enables information-related activities is considered an asset. Hardware, software, and confidential information are examples of assets. Assets also include sources.
Backup A copy of computer data stored elsewhere so that it can be used to restore original data after this has been lost.
Burner phone A prepaid cell phone that is not bound to a contract with a carrier, and is usually intended to be disposed of after use.
Compartmentalisation An action, process, or policy that limits information access to the greatest extent operationally practical. This could also be reducing the number of people who have access to information.
Device Also referred to in this course as a network-connected device or electronic device is a machine used to connect to the Internet or a mobile phone network. A device can be a desktop computer, a
laptop, a mobile phone or smartphone, a tablet, a smartwatch, a smart TV, or any other Internet- connected machine.
Encryption Encryption is the method by which information is converted into secret code that hides the information's true meaning.
File-based encryption (FBE) A cryptographic method that allows different files to be encrypted with different keys that can be unlocked independently.
Full disk encryption (FDE) A cryptographic method that applies encryption to the entire hard drive of a device, scrambling data, files, the entire operating system and software programmes using a single
encryption key.
Internet Service Provider (ISP) A company that provides Internet access.
Malware Malicious computer software that runs on your computer with unintended and usually harmful consequences.
Operating system (OS) Software that acts as an interface between computer hardware components and the user.
Password Manager A password manager is a software application that is used to store and manage the passwords that a user has for various online accounts and security features.
Phishing The act of trying to get someone to reveal data about themselves by sending them a message that seems to come from someone they trust.
Probability The likelihood of a threat happening.
Ransomware Malware requires the victim to pay a ransom to retrieve access to files encrypted by the malware.
Removable (storage) device A device for storing and transporting data from one electronic device to another. For example, a USB flash drive, external hard disk drive, optical disk, etc.
Risk A risk is what happens when a threat exploits a vulnerability.
Scam A fraudulent business scheme or swindle.
Severity How risky or dangerous something is.
Shoulder surfing A visual hacking practice where thieves steal personal data such as your screen lock passcode or PIN number by spying over your shoulder as you use a laptop, ATM machine, or other
electronic devices in public.
Spyware is A form of malware that secretly gathers information about a person or organisation and is designed to take partial or full control of a computer's operation without the knowledge of the user.
Threat actor A person, organisation, or government who wants to have what you have (assets).
Threat Something that puts people in danger, gets in the way of our work or causes other kinds of damage.
Threat modelling Mapping out various risks and developing risk-reduction measures.
Virus A type of malware programme that replicates itself by modifying other computer programmes and inserting its own code. When this replication succeeds, the affected areas are then said to be
"infected" with a computer virus.
Vulnerability Any weakness in a system, a process, or the way an organisation or individual works
Account hacking Refers to activities that comprise information stored on digital devices (computers, smartphones, tablets, and even entire networks) accessed in a non-consensual manner with the
intention of obtaining private information, intercepting communications or modifying existing information.
Communications protocol Risk communication is the process of exchanging information and opinion on risk with concerned parties. Risk management is the proactive control and evaluation of threats and risks to prevent accidents, uncertainties, and errors. Together with risk assessment, these are all vital
elements that help make informed decisions such as mitigating risks. Forming part of a security plan, it determines with whom communication will be established, how often and how the journalist or the team of journalists on the ground will report back to the newsroom. It is important to define when a media outlet should become concerned after communication is lost with the journalist or team of
journalists and what to do in the event that contact cannot be re-established.
Context analysis This is an exercise that helps identify threats and risks in one’s surroundings. It can be based on a series of questions aiming to define a specific context.
Mapping risk perpetrators An exercise that helps to identify the main actors in a given story and
context. It entails analysis of the interests, capacity, and influence of the people affected by the news story.
Organised crime Organised crime refers to the criminal activity of a structured group of three or more people who act in concert with the purpose of committing one or more serious crimes, always with a view to economic or material profit.
The terms ‘organised crime’ and ‘criminal organisation’ are often erroneously used interchangeably. Organized crime refers to groups of people who engage in drug trafficking, trafficking in human beings, kidnapping, murder, and other serious crimes. Whereas, a criminal organisation is a hierarchical
enterprise engaged in significant criminal activity.
Protocol Precise planning scheme and measures one should strictly follow in response to a series of assumptions likely to occur. It basically entails putting in writing the indications, records, options, and contacts to be used to achieve an objective. Normally, protocols are established as a part of a security policy and can refer to standardised measures such as a communications protocol, for example.
Risk Event that, should it occur, poses some degree of non-material or physical damage, economic loss, or is an affront to one’s personal honour. The person causing the feeling of ‘risk’ is the aggressor and the person perceiving or actually suffering it is the victim.
Risk Analysis Risk analysis is an evaluation tool that enables us to recognize, plan for, and mitigate potential threats, risks, and their possible consequences. It can be as simple as a document with
questions.
Risk analysis should always be the first, and fundamental, step to creating security plans and protocols to help you safely carry out your work. It is important to note that your risk analysis is a dynamic
process in which variables may change based on various factors.
| Physical Risks |
Digital Risks |
Psycho-emotional Risks |
Legal Risks |
Those that can physically injure or even result in the death of journalists. Examples of physical risks include theft, mugging, extortion, and kidnapping. |
Those that block, harm, or damage digital information. This includes storage, communications, accounts, and access to information. Examples of digital risks include online harassment through social media, censorship, removal of content, loss of information, and hacking of accounts. In some cases, digital risks can become physical risks; for example when threats on social media result in a physical attack. |
These are risks that can destabilise a person. These can be both internal and environmental risks, which can jeopardise not only the individual but also their team. Examples of psycho- emotional risk include traumatic experiences and personal/professional stress. Natural disasters, work-related pressures, and grieving the loss of a loved one are some occurrences that may impact someone’s psycho-emotional state. | Journalists are sometimes subjected to the legal regulatory framework (or lack thereof) to which they are subject due to some countries upholding draconian laws. Similarly, Activists are subjected to the same. It is important to know what are the media laws that you are subjected to based on your location. |
A psychological crisis is the result of not having the necessary tools to address specific circumstances for which we were not prepared.
Overcoming a psychological crisis depends on the tools you have at your disposal. Breathing exercises could help alleviate the situation or you may need to turn to professional experts.
Risk perpetrators These are the institutions and people who, directly or indirectly, may be or perceive themselves to be harmed because of who you are or because of your journalistic work.
Risk perpetrators are institutions, people, or social groups that may be a potential threat to the integrity of journalists based on the latter’s activity or that pose an "endemic" risk in the region. An example would be a politician involved in corruption.
Security Plan Based on the risk analysis, the security plan defines specific prevention measures to avoid or mitigate physical and material, digital, psychological, and legal risks when covering a story.
Surroundings One’s surroundings are the physical, social, and political place where a person or object of interest is located.
| Physical Surroundings |
Social Surroundings |
Political Surroundings |
| street, neighbourhood, city. | (more abstract) socio-economic perception, normalization of rights such as same-sex marriage. | Who do people support? Who is the opposition? |
Threat Thing or person constituting a possible cause of risk or harm to someone or something. The
purpose of a threat is to show that real damage could result from either taking or omitting an action or position.
Risk vs. Benefit So then where does the opportunity sit? What are the main benefits of undertaking this task? What are the positive effects on the NRO?
Will the impact be worth the risk, will this action bring the desired results, and again, is this worth the risk - personnel, operational including finance, organisational, digital, or site?
يشرح المقال المفاهيم الأساسية للأمان الرقمي والإعلامي، مثل الحماية من البرمجيات الخبيثة، التشفير، والتهديدات الرقمية. يوضح أنواع المخاطر القانونية، النفسية، الرقمية والجسدية التي تواجه الإعلاميين، ويبرز أهمية تحليل المخاطر ووضع خطط أمان متكاملة لحماية الأفراد والمؤسسات وتعزيز جاهزيتهم لمواجهة التحديات الرقمية.