Glossary

Icelandic cybersecurity terms, explained

Short definitions of the terms that appear in training, regulation, and day-to-day cybersecurity at Icelandic workplaces.

A

Afritun Backup: A copy of your data stored separately so you can restore after loss, ransomware, or mistakes. The 3-2-1 rule: three copies, two media, one offsite.
Auðkenni: Iceland's electronic ID provider. Manages keys and can revoke them within minutes if compromised. See audkenni.is.

CERT-IS: Iceland's national computer emergency response team. Takes incident reports at cert.is. Worth bookmarking before you need it.
CVE: A globally recognised identifier for a specific software vulnerability. Format: CVE-YYYY-NNNN. Used to track and discuss the same flaw across vendors.

Djúpfölsun Deepfake: AI-generated audio or video that convincingly imitates a real person. Three seconds of voice is enough to clone. Common in family-emergency scams targeting older relatives.
Dulkóðun Encryption: The process of scrambling data so only someone with the right key can read it. HTTPS, end-to-end messaging, and disk encryption all rely on it.

Endurskoðunarskýrsla Audit report: A document showing who in your organisation completed what training and when. Required under NIS2 as proof that staff training actually happened.

Falsskipanir í texta Prompt injection: A modern AI attack where hidden instructions in a webpage, PDF, or email are followed by an AI assistant reading the content. The AI can't reliably tell user requests from injected commands.

GDPR: EU General Data Protection Regulation, implemented in Iceland through privacy law no. 90/2018. Requires data-breach notification within 72 hours, among other things.

Hugbúnaðarárás Malware: Software designed to harm or steal from a computer or network. Includes ransomware, spyware, keyloggers, and trojans.

Ísland.is: The Icelandic government's digital services portal. Handles tax filings, social services, vehicle registration, and many other official functions. Authenticated via electronic ID.

Kennitala Icelandic national ID: Iceland's 10-digit national ID number, used by individuals and companies. Format: DDMMYY-NNNN. Treated as personal data under GDPR.

Lausnarhugbúnaður Ransomware: Malware that encrypts your files and demands payment to unlock them. Recovery without backups is often impossible. Has hit Icelandic municipalities and small businesses.
Lykilorðsleki Credential leak: When passwords leak from one service and attackers try them on others (credential stuffing). The reason password reuse is dangerous: one leak compromises every reuse.
Lykilorðstjóri Password manager: Software that generates, stores, and auto-fills unique passwords for every site. Examples: 1Password, Bitwarden, iCloud Keychain. The single most impactful security tool for individuals.

MFA-þreyta MFA fatigue: An attack where someone with your password spam-pushes 2FA approval prompts, hoping you'll tap accept by accident. Defence: number-matching prompts or a hardware key.

NIS2: EU directive on network and information security (EU 2022/2555). Mandates documented staff cybersecurity training at most medium and large companies. Implemented in Iceland through national legislation.

Ofskynjun gervigreindar AI hallucination: When AI produces content that sounds credible but is wrong or fabricated. Reads exactly like a correct answer. Common in citations, statistics, and anything outside the model's training cutoff.

Passkeys: Passwordless sign-in based on a cryptographic key on your device. Phishing-resistant by design — passkeys only authenticate to legitimate domains. Supported by Apple, Google, and Microsoft.
Persónugagnaöryggisbrot Personal-data breach: Unauthorised access to or loss of personal data. Under GDPR, must be reported to Persónuvernd within 72 hours of discovery.
Persónuvernd Icelandic Data Protection Authority: Iceland's data protection authority. Enforces national privacy law and GDPR, accepts complaints and breach notifications. See personuvernd.is.

Rafræn skilríki Electronic ID: Cryptographically signed digital identity issued by Auðkenni. Used to sign in to bank apps, Ísland.is, and Skatturinn. Effectively your identity online in Iceland.
Reikningasvindl Invoice fraud / BEC: Attackers impersonate suppliers or executives to redirect payments. Often starts with email account compromise — the scam email comes from a legitimate-looking address.

Skjalfest þjálfun Documented training: Training that produces verifiable records (date, content, completion). Documented, not self-attested. NIS2 explicitly requires this for staff.
SMS-svindl Smishing: Phishing delivered by SMS. Most common Icelandic example: fake "Pósturinn" delivery-fee texts. Banks and government agencies never request payment via SMS link.

Tveggja þátta auðkenning Two-factor authentication / 2FA: Sign-in that requires both a password and a second factor (code, app prompt, hardware key). Stops most credential-stuffing attacks.

Veiðipóstur Phishing: A fake email pretending to be from a trusted entity, asking you to click a link or share credentials. Today's phishing emails are written by AI and contain no spelling errors.
Veikleiki Vulnerability: A flaw in software that can be exploited. Patched via updates. Tracked using CVE identifiers.
Vélbúnaðarlykill Hardware security key: A small USB or NFC device used as a 2FA factor. Examples: YubiKey, Titan. The strongest individual phishing defence available today.
Vísveiðipóstur Spear phishing: Targeted phishing aimed at a specific person, using personal details from LinkedIn, company sites, or stolen mailboxes. More convincing than generic phishing.

Þjálfunargagn Training data: Data that AI models learn from. Anything you send to consumer AI may end up here unless you opt out. For sensitive data, use enterprise editions with clear data-handling agreements.

Missing a term you searched for? Send us a suggestion.