A B C D E F G H I J K L M N O P Q R S T U V W X Z
*

A

AACA

ASD-Approved Cryptographic Algorithm

AACP

ASD-Approved Cryptographic Protocol

ACA

Australasian Certification Authority

Access control

The process of granting or denying requests for access to systems, applications and data. Can also refer to the process of granting or denying requests for access to facilities.

Access Cross Domain Solution

A system permitting access to multiple security domains from a single client device.

Account harvesting

The illegal practice of collecting email accounts from information in the public domain or by using software to search for email addresses stored locally on a computer. Account harvesting may be used for spamming.

Accountable material

Accountable material requires the strictest control over its access and movement. Accountable material includes TOP SECRET data, some types of caveated data and any data designated as accountable material by its originator.

ACSI

Australian Communications Security Instruction

Active defence

The principle of proactively implementing a spectrum of security measures to strengthen a network or system to make it more robust against attack. Active defence is separate from offensive cyber operations, as well as passive defence or network hardening.

Note that some references to active defence focus on the employment of limited offensive action and counterattacks – commonly referred to as ‘hacking back’. The term active defence is not synonymous with ‘hacking back’, so these terms should not be used interchangeably.

Ad blockers

Software that prevents advertisements from appearing with the content the user is intentionally viewing. People block ads for a variety of reasons. For example, many of them find marketing ads annoying and even stressful.

Advanced Persistent Threat (APT)

A set of malicious cyber activity with common characteristics, often orchestrated by a person or group targeting specific entities over an extended period. An APT usually targets either private organisations, states or both for business or political motives.

Advisory

A type of ACSC publication that provides timely information and advice about current security issues, vulnerabilities, and exploits.

Adware

A program that displays advertisements that can be installed legitimately as a part of another application or service, or illegitimately without the consent of the system user.

AES

Advanced Encryption Standard

After market devices

A secondary market of an industry, concerned with the manufacturing, remanufacturing, distribution, retailing, and installation of all parts, equipment, and accessories, after the sale of the device by the original equipment manufacturer to the consumer.

Air gap

A network security measure designed to ensure that a network is physically isolated from other networks. This intends to make the isolated network secure by ensuring it does not connect to other less secure networks, such as the internet.

Alert

An ACSC publication intended to provide timely notification concerning threats or activity with the potential to impact individuals, businesses, organisations, government, devices, peripherals, networks or infrastructure.

Antivirus

Software that is designed to detect, stop and remove viruses and other kinds of malicious software.

App

Application

Application

A software program or group of software programs designed for end users. Examples of an application include a word processor, a spreadsheet, an accounting application, a web browser, an email client, a media player, a file viewer, an aeronautical flight simulator, a console game or a photo editor. The collective noun application software refers to all applications collectively. This contrasts with system software, which is mainly involved with running the computer.

Application control

An approach in which only an explicitly defined set of trusted applications are allowed to execute on systems.

Archive

A place where an accumulation of computer files is stored. It could be disk storage, a flash drive, a backup disk drive, an online backup service, an indexing internet page, etc.

Artificial Intelligence (AI)

The simulation of intelligence processes by machines, especially computer systems. These processes include learning (the acquisition of information and rules for using the information), reasoning (using the rules to reach approximate or definite conclusions), and self-correction. Particular applications of AI include threat identification, expert systems, speech recognition and machine vision.

Assets

In the context of technology, an overarching term used to refer to applications, IT equipment, OT equipment, services and data. Such assets may also be referred to as technology assets.

ATA

Advanced Technology Attachment

Attack surface

The applications, IT equipment, OT equipment and services used by a system. The greater the attack surface the greater the chances of malicious actors finding an exploitable vulnerability.

Attribution

The process of assessing the source, perpetrator or sponsor of malicious activity. Statements of attribution often use probabilistic language and indicate the level of confidence in the assessment.

Audit log

A chronological record of system activities including records of system access and operations performed.

Audit trail

A chronological record that reconstructs the sequence of activities surrounding, or leading to, a specific operation, procedure or event.

Australian Eyes Only (AUSTEO) data

Data not to be passed to, or accessed by, foreign nationals.

Australian Government Access Only (AGAO) data

Data not to be passed to, or accessed by, foreign nationals, with the exception of seconded foreign nationals.

Australian Information Security Evaluation Facility (AISEF)

A program that evaluates products in order to protect systems and data against cyber threats. These evaluation activities are certified by the Australian Certification Authority.

Australian Information Security Evaluation Program (AISEP)

A program under which evaluations are performed by impartial bodies against the Common Criteria. The results of these evaluations are then certified by the Australian Certification Authority within the Australian Signals Directorate (ASD).

Australian Signals Directorate (ASD)

An Australian Government statutory agency responsible for foreign signals intelligence, cyber warfare and information security.

Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)

The Australian Government's lead for cyber security. The ASD's ACSC is part of the Australian Signals Directorate.

Authentication

Verifying the identity of a user, process or device as a prerequisite to allowing access to resources in a system.

Authentication Header (AH)

A protocol used in Internet Protocol Security (IPsec) that provides data integrity and data origin authenticity but not confidentiality.

Authorising officer

An executive with the authority to formally accept the security risks associated with the operation of a system and to authorise it to operate.

Availability

The assurance that systems, applications and data are accessible and useable by authorised entities when required.

B

Backdoor

A feature or defect of a system, application or service that allows attackers to bypass security measures.

Backup

In information technology, a copy of computer data taken and stored elsewhere so that it may be used to restore the original after data loss.

Big data

Large amounts of structured and unstructured data that exceeds the ability of commonly used software tools to capture, manage and process. Big data requires techniques and technologies with new forms of integration to reveal insights from datasets that are diverse, complex, and of a massive scale.

Biometrics

Measurable physical characteristics used to identify an individual, such as fingerprints, iris patterns or facial features.

Bitcoin

A digital currency and payment system underpinned by blockchain technology. Bitcoins can be used for online purchases, or converted into traditional currency.

Black hat

A person that hacks for personal gain and/or who engages in illicit and unsanctioned hacking activities. See also 'grey hat' and 'white hat'.

Blackmail

An act of coercion using the threat of revealing or publicising either substantially true or false information about a person or group unless certain demands are met. It is often damaging information and may be revealed to family members or associates rather than to the general public.

Blockchain

A distributed database that maintains a continuously growing list of records, called blocks, secured from tampering and revision. Each block contains a timestamp and a link to a previous block. By design, blockchains are inherently resistant to modification of the data—once recorded, the data in a block cannot be altered retrospectively.

Blocklist

A list of entities that are not considered trustworthy and are blocked or denied access.

Bluetooth

A wireless technology standard used for exchanging data between fixed and mobile devices over short distances using short-wavelength UHF radio waves.

Bogus request

A fake request

Bot

A program that performs automated tasks. In a cyber security context, a malware-infected computer that carries out tasks set by someone other than the device's legitimate user.

Botnet

A collection of computers infected by bots and remotely controlled by an actor to conduct malicious activities without the user's knowledge, such as to send spam, spread malware, conduct denial of service activities or steal data.

Breach (data)

When data is lost or subjected to unauthorised access, modification, disclosure, or other misuse or interference. Also referred to as a ‘data spill’.

Breach (security)

A cyber security incident that results in unauthorised access to data, applications, services, networks and/or devices by bypassing their underlying security mechanisms.

Bring Your Own Device (BYOD)

An organisational policy that allows employees to use their own personal devices for work purposes. These devices connect to and utilise the organisation's network, data and resources.

Broadband

Wide bandwidth data transmission which transports multiple signals and traffic types. In the context of internet access, broadband is used to mean any high speed internet access that is always on.

Broadcasting

The distribution of audio or video content to a dispersed audience via any electronic mass communications medium, but typically one using the electromagnetic spectrum.

Browser

Software used primarily to access websites and web content.

Browser hijacking

Occurs when browser settings are changed without the user's knowledge or consent. The browser may persistently redirect to malicious or other unwanted websites.

Browsing history

The list of web pages a user has visited recently — and associated data such as page title and time of visit — which is recorded by web browser software by default.

Brute force

An exhaustive process to try and determine a cryptographic key, password or other secret credential by systematically trying all candidates or combinations until the correct one is discovered.

Bug

A flaw or error in a software program.

Business continuity

A loosely-defined set of planning, preparatory and related activities which are intended to ensure that an organisation's critical business functions will either continue to operate despite serious incidents or disasters that might otherwise have interrupted them, or will be recovered to an operational state within a reasonably short period.

Business Email Compromise (BEC)

Attacks that are a form of cybercrime which use email fraud to target business, government and non-profit organisations to achieve a specific outcome which negatively impacts the target organisation.

Business scams

A dishonest scheme that aims to get money or something else of value from businesses.

C

Catfish

Internet predators who create fake online identities to lure people into emotional or romantic relationships for personal or financial gain.

Caveat

A marking that indicates that the data has special requirements in addition to those indicated by its classification. This term covers codewords, source codewords, releasability indicators and special-handling caveats.

CDN

Content delivery network

Certificates

Certificates (digital certificates) are electronic documents used in public key cryptography to establish the validity of a public key and establish trust in its owner. Certificates may be self-signed, however, this offers limited trust and should not be used for public services. Trusted Certificate Authorities (CAs) should issue and digitally sign certificates. Protocols use and verify these certificates to secure communications including web browsing, e-commerce, government services, secure messaging and email.

Certification report

An artefact of Common Criteria evaluations that outlines the outcomes of a product’s evaluation.

Chief Executive Officer (CEO)

The highest-ranking executive in a company, whose primary responsibilities include making major corporate decisions, managing the overall operations and resources of a company, acting as the main point of communication between the board of directors and corporate operations, and being the public face of the company.

Chief Information Security Officer (CISO)

A senior executive who is responsible for coordinating communication between security and business functions as well as overseeing the application of controls and associated security risk management processes.

CHIPs

Cyber Hygiene Improvement Program

Classification

The categorisation of systems, applications and data according to the expected impact if it was to be compromised.

Classified data

Data that would cause limited through to exceptionally grave damage to Australia’s national interests, the Australian Government generally or to an individual Commonwealth entity if compromised (i.e. data assessed as OFFICIAL: Sensitive, PROTECTED, SECRET or TOP SECRET).

Click farm

Groups of low-paid workers whose job is to click on links, surf around targeted websites, perhaps sign up for newsletters in order to exaggerate the popularity of the website. It is very hard for an automated filter to analyse this simulated traffic and detect that is it invalid as it has exactly the same profile as a legitimate visitor.

Click fraud

Using a compromised computer to click ads on a website without the user’s awareness, with the intention of generating revenue for the website or draining resources from the advertiser.

Clickbait

A form of false advertisement which uses links that are designed to attract attention and entice users to follow that link and read, view or listen to the linked content, with a defining characteristic of being deceptive, typically sensationalised or misleading.

Cloud

A network of remote servers hosted on the internet and used to store, manage, and process data in place of local servers or personal computers.

Cloud computing

A service model that enables network access to a shared pool of computing resources such as data storage, servers, software applications and services.

Cloud Service Provider (CSP)

A company that offers some component of cloud computing to other businesses or individuals, typically infrastructure-as-a-service (laaS), platform-as-a-service (PasS) or software-as-a-service (SaaS).

CMS

Content Management System

CNSA

Commercial National Security Algorithm

Code

Program instructions

Cold-call

Making an unsolicited visit or phone call to someone, often in an attempt to sell goods or services.

Command and Control (C2)

A set of organisational and technical attributes and processes that employs human, physical and information resources to solve problems and accomplish missions.

Commercial cryptographic equipment

A subset of IT equipment which contains cryptographic components.

Common Criteria (CC)

An international standard for product evaluations.

Common Criteria Recognition Arrangement (CCRA)

An international agreement which facilitates the mutual recognition of Common Criteria evaluations by certificate-producing schemes.

Communications

The transfer of data and information from one location to another.

Communications security (COMSEC)

The controls applied to protect telecommunications from unauthorised interception and exploitation, as well as ensure the authenticity of such telecommunications.

Compromise

The disclosure of information to unauthorised persons, or a violation of the security policy of a system in which unauthorised intentional or unintentional disclosure, modification, destruction or loss of an object may have occurred.

Computer

A programmable electronic device designed to accept data, perform prescribed mathematical and logical operations at high speed, and display the results of these operations.

Computer network

Two or more interconnected devices that can exchange data.

Conduit

A tube, duct or pipe used to protect cables.

Confidentiality

The assurance that data is disclosed only to authorised entities.

Connection forwarding

The use of network address translation to allow a port on a node inside a network to be accessed from outside the network. Alternatively, using a Secure Shell server to forward a Transmission Control Protocol connection to an arbitrary port on the local host.

Consumer guide

Specific configuration and usage guidance for products evaluated through the ASD Cryptographic Evaluation Program or the High Assurance Evaluation Program.

Content filter

A filter that examines content to assess conformance against a security policy.

Content Security Policy (CSP)

A computer security standard introduced to prevent cross-site scripting, clickjacking and other code injection attacks resulting from the execution of malicious content in a trusted web page.

Continuous monitoring plan (CONMON)

A document that describes the plan for the continuous monitoring and assurance in the effectiveness of controls for a system.

Control plane

The administrative interface that allows for the management and orchestration of a system’s infrastructure and applications.

Cookie

A small text file that is transmitted by a website and stored in a user's web browser that is then used to identify the user and prepare customised web pages. A cookie can also be used to track a user’s activity while browsing the internet.

Corporate espionage

The improper or unlawful theft of trade secrets or other knowledge proprietary to a competitor for the purpose of achieving a competitive advantage in the marketplace.

Credential theft

A type of cybercrime that involves stealing a victim's proof of identity. Once credential theft has been successful, the attacker will have the same account privileges as the victim. Stealing credentials is the first stage in a credential-based attack.

Critical infrastructure

Physical facilities, supply chains, information technologies and communication networks which if destroyed, degraded or rendered unavailable for an extended period would significantly impact on the social or economic wellbeing of the nation, or affect a nation’s ability to conduct national defence and ensure national security.

Critical server

A server that provides critical network or security services. For example, a Microsoft Active Directory Domain Services domain controller or an authentication server.

Cross Domain Solution (CDS)

A system comprising security-enforcing functions tailored to mitigate the specific security risks of accessing or transferring information between security domains. 

Cryptocurrency

A type of digital currency which uses encryption techniques to regulate the generation of units of currency and verify the transfer of funds, operating independently of a central bank. The cryptography is designed for security and anti-counterfeiting measures.

Cryptographic algorithm

An algorithm used to perform cryptographic functions such as encryption, integrity, authentication, digital signatures or key establishment.

Cryptographic equipment

A generic term for Commercial Grade Cryptographic Equipment and High Assurance Cryptographic Equipment.

Cryptographic hash

An algorithm (the hash function) which takes as input a string of any length (the message) and generates a fixed length string (the message digest or fingerprint) as output. The algorithm is designed to make it computationally infeasible to find any input which maps to a given digest, or to find two different messages that map to the same digest.

Cryptographic module

The set of hardware, software and firmware that implements approved cryptographic functions (including key generation) that are contained within the cryptographic boundary of the module.

Cryptographic protocol

An agreed standard for secure communication between two or more entities to provide confidentiality, integrity, authentication and non-repudiation of data.

Cryptographic software

Software designed to perform cryptographic functions.

Cryptographic system

A related set of hardware, software and supporting infrastructure used for cryptographic communication, processing or storage and the administrative framework in which it operates.

Cryptography

The practice and study of techniques for securing communications in which plaintext data is converted through a cipher into ciphertext, from which the original data cannot be recovered without the cryptographic key.

Cryptomining

A process in which transactions for various forms of cryptocurrency are verified and added to the blockchain digital ledger.

Customer

A person that an organisation has dealings with, typically via the consumption of goods or services. A customer does not necessarily need to purchase goods or services from the organisation.

Cyber attack

A deliberate act through cyberspace to manipulate, disrupt, deny, degrade or destroy computers or networks, or the information resident on them, with the effect of seriously compromising national security, stability or economic prosperity.

Note: there are multiple global definitions of what constitutes a cyber attack.

Cyber bullying

A form of bullying or harassment using electronic means. It is when someone bullies or harasses others on the internet and in other digital spaces, particularly on social media sites.

Cyber defence

Defensive activity designed to protect information and systems against offensive cyber operations.

Cyber espionage

Malicious activity designed to covertly collect information from a target's computer systems for intelligence purposes without causing damage to those systems. It can be conducted by state or non-state entities, and can also include theft for commercial advantage.

Cyber Incident Management Arrangements (CIMA)

The CIMA provides Australian governments with guidance on how they will collaborate in response to, and reduce the harm associated with, national cyber incidents.

Cyber operations

Offensive and defensive activities designed to achieve effects in or through cyberspace.

Cyber resilience

The ability to adapt to disruptions caused by cyber security incidents while maintaining continuous business operations. This includes the ability to detect, manage and recover from cyber security incidents.

Cyber safety

The safe and responsible use of information and communication technologies.

Cyber security

Measures used to protect the confidentiality, integrity and availability of information technology (IT) and operational technology (OT) systems, applications and data.

Cyber security event

An occurrence of a system, service or network state indicating a possible breach of security policy, failure of safeguards or a previously unknown situation that may be relevant to security.

Cyber security incident

An unwanted or unexpected cyber security event, or a series of such events, that has either compromised business operations or has a significant probability of compromising business operations.

Cyber Security Incident Responder

A cyber security expert with the skills to rapidly address cyber security incidents within an organisation. In the role of a first responder, they use a host of tools to find the root cause of a cyber security incident, limit the damage and significantly reduce the likelihood of it occurring again.

Cyber security incident response plan (CSIRP)

A document that describes the plan for responding to cyber security incidents.

Cyber stalking

The use of the internet or other electronic means to stalk or harass an individual, group or organisation.

Cyber supply chain

The design, manufacture, delivery, deployment, support and decommissioning of applications, equipment and services that are utilised within an organisation's ICT environment.

Cyber threat

Any circumstance or event with the potential to harm systems, applications or data.

Cyber warfare

The use of computer technology to disrupt the activities of a state or organisation, especially the deliberate disruption, manipulation or destruction of information systems for strategic, political or military purposes.

Cyber weapon

A computer code that is used, or designed to be used, with the aim of causing physical, functional or mental harm to structures, systems or people.

Cyber weapon is a contentious term among the international policy and legal communities, and there is an absence of agreement surrounding its connotations and implications. Avoid using ‘cyber weapon’ and use more generic terms such as 'destructive tools' or 'exploits' when describing the capabilities used by cyber actors.

Cybercrime

Crimes directed at computers, such as illegally modifying electronic data or seeking a ransom to unlock a computer affected by malicious software. It also includes crimes where computers facilitate an existing offence, such as online fraud or online child sex offences.

Cyberspace

The environment formed by physical and non-physical components to store, modify, and exchange data using computer networks.

D

Dark web

Web sites that are not indexed by search engines and are only accessible through special networks such as The Onion Router (ToR). Often, the dark web is used by website operators who want to remain anonymous. The ‘dark web’ is a subset of the ‘deep web’.

Data

The basic element that can be processed or produced by a computer to convey information.

Data at rest

Data that resides on media or a system.

Data breach

The unauthorised movement or disclosure of sensitive private or business information.

Data dump

A large amount of data transferred from one system or location to another.

Data in transit

Data that is being communicated across a communication medium.

Data protection

Data protection is the process of safeguarding important information from corruption, compromise or loss.

Data repository

A location in which data is stored, managed and made available to users.

Data security

Measures used to protect the confidentiality, integrity and availability of data.

Data spill

The accidental or deliberate exposure of data into an uncontrolled or unauthorised environment, or to people without a need-to-know.

DBMS

Database management system

DCS

Distributed control system

Declassification

A process whereby requirements for the protection of data are removed and an administrative decision is made to formally authorise its release into the public domain.

Decryption

The decoding of encrypted messages.

Deep web

The part of the internet that is not indexed by search engines. Includes websites that are password-protected and paywalled, as well as encrypted networks, and databases.

Default passwords

Where a device needs a username and/or password to log in, a default password is usually provided that allows the device to be accessed during its initial setup, or after resetting it to factory defaults.

Defence in depth

The implementation of multiple layers of controls in a system to provide redundancy in the event a control fails or a vulnerability is exploited.

Degausser

An electrical device or permanent magnet assembly which generates a magnetic force for the purpose of degaussing magnetic storage devices.

Degaussing

A process for reducing the magnetisation of a magnetic storage device to zero by applying a reverse magnetic force, rendering any previously stored data unreadable.

Demilitarised zone (DMZ)

A small network with one or more servers that is kept separate from the core network, typically on the outside of the firewall or as a separate network protected by the firewall. Demilitarised zones usually provide data to less trusted networks, such as the internet.

Denial of service (DoS)

When legitimate users are denied access to computer services (or resources), usually by overloading the service with requests.

Denial-of-service (DoS) attack

An attempt by malicious actors to prevent legitimate access to online services (typically a website), for example, by consuming the amount of available bandwidth or the processing capacity of the server hosting the online service.

Device access control software

Software that can be used on a system to restrict access to communications ports. Device access control software can block all access to a communications port or allow access based on device types, manufacturer’s identification or even unique device identifiers.

DH

Diffie-Hellman

Dictionary attack

Where attackers use ‘password dictionaries’ or long lists of the most commonly-used passwords and character combinations against a password in order to guess it and break into a system.

Digital certificate

An electronic document used to identify an individual, a system, a server, a company, or some other entity, and to associate a public key with the entity. A digital certificate is issued by a certification authority and is digitally signed by that authority.

Digital footprint

The unique set of traceable activities, actions, contributions and communications that are manifested on the internet or on digital devices.

Digital preservation

The coordinated and ongoing set of processes and activities that ensure long-term, error-free storage of digital information, with means for retrieval and interpretation, for the entire time span the information is required.

Digital signature

A cryptographic process that allows the proof of the source (with non-repudiation) and the verification of the integrity of that data.

Diode

A device that allows data to flow in only one direction.

Disaster recovery

A set of policies, tools and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster. Disaster recovery focuses on the IT or technology systems supporting critical business functions, as opposed to business continuity.

Distributed-denial-of-service (DDoS) attack

A distributed form of denial-of-service attack.

DMA

Direct Memory Access

Domain

In the internet, a part of a naming hierarchy which consists of a sequence of names (labels) separated by periods (dots).

Note: There are multiple other technical and communications-related definitions for ‘domain’.

Domain Name System (DNS)

The naming system that translates domain names into IP addresses.

Domain-based Message Authentication, Reporting and Conformance (DMARC)

An email authentication protocol designed to give email domain owners the ability to protect their domain from unauthorised use, commonly known as email spoofing.

DomainKeys Identified Mail (DKIM)

A system for authenticating emails that works with modern Message Transfer Agent systems. This resource was created to help fight spam, and uses a digital signature to help email recipients determine whether an email is legitimate.

Downloader

A type of Trojan that downloads other malware onto a computer. The downloader needs to connect to the internet to download the files.

Doxing

Obtaining and publishing private or personally identifiable information about an individual over the internet. Information can be obtained through a range of methods including network compromise, social engineering, data breaches, or research.

Drive-by download attacks

The unintentional download of malicious code to a computer or mobile device that leaves the user open to an attack. The user does not have to click on anything, download or open a malicious email attachment to have their computer or device infected.

Driver

Software that interfaces a hardware device with an operating system.

Dropper

A type of Trojan that installs other malware files onto a computer or device. The other malware is included within the Trojan file, and does not require connection to the internet.

DSA

Digital Signature Algorithm

Dual-stack network device

IT equipment that implements Internet Protocol version 4 and Internet Protocol version 6 protocol stacks.

E

EAP

Extensible Authentication Protocol

EAP-TLS

Extensible Authentication Protocol-Transport Layer Security

Easter egg

Hidden functionality within an application that is activated when an undocumented set of commands and keystrokes are entered. Easter eggs are typically used to display the credits for the development team or a humorous message and are intended to be non-threatening.

ECDH

Elliptic Curve Diffie-Hellman

ECDSA

Elliptic Curve Digital Signature Algorithm

EEPROM

Electrically erasable programmable read-only memory

Electronic funds transfer at point of sale (EFTPOS)

An electronic payment system involving electronic funds transfers based on the use of payment cards, such as debit or credit cards, at payment terminals located at the place the sale took place.

Email

Standing for 'electronic mail', a method of exchanging messages between people using electronic devices.

Emanation security (EMSEC)

The countermeasures employed to reduce sensitive or classified emanations from a facility and its systems to an acceptable level. Emanations can be in the form of Radio Frequency energy, sound waves or optical signals.

Emanation Security Program

An ACSC program that sets out the requirements for government and organisations to be formally recognised to conduct emanation security practices to national standards.

Encapsulating Security Payload (ESP)

A protocol used for encryption and authentication in IPsec.

Encryption

The conversion of plaintext into unreadable ciphertext (typically using cryptographic algorithms and keys) to protect the confidentially of data at rest or in transit.  Ciphertext is returned to plaintext by performing decryption.

End of support

When a company ceases support for a product or service. This is typically applied to hardware and software products when a company releases a new version and ends support for certain previous versions.

End user device

A personal computer, personal digital assistant, smart phone or removable storage media (e.g. USB flash drive, memory card, external hard drive, writeable CD or DVD) that can store information.

End-to-end encryption

A method of secure communication where only the communicating users can read data transferred from one end-system or device to the other.

Endpoint security

A methodology of protecting a network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connection to the network creates a potential entry point for security threats.

Enterprise mobility

An approach to work in which employees can do their jobs from anywhere using a variety of devices and applications.

EPROM

Erasable programmable read-only memory

Escort

A person who ensures that when maintenance or repairs are undertaken to ICT equipment, uncleared people are not exposed to information they are not authorised to access.

Essential services

Those services that are vital to the health and welfare of a population and therefore are essential to maintain even in a disaster.

Evaluation Assurance Level (EAL)

Evaluation Assurance Level (EAL1 through EAL7)

Event

In the context of system logs, an event constitutes an evident change to the normal behaviour of a network, system or user.

Event forwarding

The transmission of information to a centralised computer concerning events that take place on remote computers or servers. In this context, an event is any occurrence that affects a file, program or task. Events are commonly used for troubleshooting applications and drivers.

Event logging

Used by a security information and event management tool. This tool provides a level of analysis of the contents of an event log to help network administrators determine what is going on within a network.

Executable

A file that causes a computer to perform indicated tasks according to encoded instructions.

Exploit

A piece of code that exploits bugs or vulnerabilities in software or hardware to gain access a system or network.

e

eXtensible Markup Language (XML)

A markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable.

F

Facility

A physical space where business is performed. For example, a facility can be a building, a floor of a building or a designated space on the floor of a building.

Fake email

Sending counterfeit email by using a legitimate sender's address without their knowledge.

Fake trader

A trader that is in not legitimate.

Fake website

Websites that are not legitimate.

Fax machine

A device that allows copies of documents to be sent over a telephone network.

Fibre

A particularly lightweight thread of execution. Like threads, fibres share address space. However, fibres use cooperative multitasking while threads use pre-emptive multitasking.

FIPS

Federal Information Processing Standard

Firewall

A network device that filters incoming and outgoing network data based on a series of rules.

Firmware

Software embedded in IT equipment or OT equipment.

Five-Eyes (FVEY)

An intelligence sharing partnership between Australia, Canada, New Zealand, the United Kingdom and the United States of America.

Flash memory media

A specific type of electrically erasable programmable read-only memory.

Flash Player

Computer software for using content created with Adobe Flash, including viewing multimedia content, executing rich internet applications, and streaming audio and video.

Flaw

A defect, fault or imperfection, especially one that is hidden or unknown.

Fly lead

A lead that connects IT equipment to the fixed infrastructure of a facility. For example, the lead that connects a workstation to a network wall socket.

Foreign national

A person who is not an Australian citizen.

Foreign system

A system that is not managed by, or on behalf of, the Australian Government.

Fraud

Intentional deception to secure unfair or unlawful gain, or to deprive a victim of a legal right.

Fuzzing

Fuzzing (or fuzz testing) is a method used to discover errors or potential vulnerabilities in software.

G

Gateway

Gateways securely manage data flows between connected networks from different security domains.

General Data Protection Regulation (GDPR)

A regulation in European Union (EU) law on data protection and privacy in the EU and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA.

Global Positioning System (GPS)

A system of satellites combined with receivers on Earth that determines the latitude and longitude of any particular receiver through triangulation.

Greenfield

A software project that is developed from scratch rather than built from an existing program.

Grey hat

A hacker or computer security expert who may sometimes violate laws or typical ethical standards, but may not have the malicious intent typical of a black hat hacker. See also ‘white hat’ and ‘black hat’.

Guidance

An impartial publication by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) which will help you to identify your options, provide direction and narrow down your choices, and may include instructions relating to specific products. The ASD's ACSC makes every undertaking to ensure the accuracy and quality of the information it provides but is not accountable for any decision made based on it.

H

Hack

The unauthorised exploitation of weaknesses in a computer system or network.

Hacker

A computer expert that can gain unauthorised access to computer systems. Hacker is an agnostic term and a hacker does not necessarily have malicious intent. See also ‘black hat’, ‘grey hat’, and ‘white hat’.

Hacktivist

A hacker whose motivation is political, religious or ideological, as opposed to criminal.

Hardware

A generic term for IT equipment and OT equipment.

Hardware Security Module (HSM)

A physical computing device that safeguards cryptographic keys and provides cryptographic processing. A hardware security module is or contains a cryptographic module. Hardware security modules are commonly deployed in public key infrastructure, digital identity solutions and payment systems.

Hardware vulnerabilities

An exploitable weakness in a computer system that enables attacks through remote or physical access to system hardware.

Hash-based Message Authentication Code Algorithm (HMAC)

A cryptographic function that can be used to compute Message Authentication Codes using a hash function and a secret key.

High Assurance Cryptographic Equipment (HACE)

Cryptographic equipment that has been authorised by ASD for the protection of SECRET and TOP SECRET data.

High Assurance evaluation

The rigorous investigation, analysis, verification and validation of ICT equipment by the Australian Signals Directorate (ASD) against a stringent security standard.

High Assurance Evaluation Program

The rigorous investigation, analysis, verification and validation of products by ASD to protect SECRET and TOP SECRET data.

High assurance IT equipment

IT equipment that has been designed and authorised for the protection of SECRET and TOP SECRET data.

High-value server

A server that provides important network services or contains data repositories. For example, a Domain Name System server, database server, email server, file server or web server.

HIPS

Host-based Intrusion Prevention System

Hoax

A falsehood deliberately fabricated to masquerade as the truth.

Hoax emails

A scam that is distributed in email form that is designed to deceive and defraud email recipients, often for monetary gain.

Honeypot

A computer system designed specifically to attract potential malicious actors in order to inform the development of defensive measures and responses.

Hotspot

An area where wireless internet access is available to the general public.

HTML

Hypertext Markup Language

HTTP Strict Transport Security (HSTS)

A web security policy mechanism that helps to protect websites against person-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking.

Hybrid hard drive (HHD)

Non-volatile magnetic media that uses a cache to increase read/write speeds and reduce boot times. The cache is normally non-volatile flash memory media.

Hypertext Transfer Protocol (HTTP)

Hypertext Transfer Protocol is the fundamental protocol used for transferring files on the internet.

Hypertext Transfer Protocol Secure (HTTPS)

While Hypertext Transfer Protocol (HTTP) is the basic framework for transferring data across the web, HTTPS adds a layer of encryption for additional security; with 'S' standing for secure.

I

Identity analytics

The process of analysing the access of individuals or systems to an organisation's IT resources.

Identity and Access Management (IAM)

The process used in businesses and organisations to grant or deny employees and others authorisation to secure systems.

Identity theft

When a victim’s personal details are stolen and used to perpetrate crime, commonly fraud. Identity theft is a serious crime and can result in long-term and far-reaching negative consequences for victims.

IETF

Internet Engineering Task Force

IKE

Internet Key Exchange

Impersonation attack

Emails that attempt to impersonate a trusted individual or company in an attempt to gain access to corporate finances or data.

Impersonation scam

A scam where a dishonest individual will try to convince you to make a payment or give personal or financial details by claiming to be from a trusted organisation.

Industrial Control System (ICS)

Control systems and associated instrumentation used to efficiently operate and/or automate industrial processes. Industrial Control Systems include supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other smaller control system configurations such as programmable logic controllers (PLC).

Information security (INFOSEC)

The protection of information from unauthorised access, use, disclosure, disruption, modification or destruction in order to provide confidentiality, integrity and availability.

Information Security Manual (ISM)

An ASD publication outlining a cyber security framework that organisations can apply, using their risk management framework, to protect their systems and data from cyber threats.

Information Technology (IT)

Hardware, software and supporting infrastructure used for the processing, storage or communication of data.

Infosec Registered Assessors Program (IRAP)

An initiative of ASD designed to register suitably qualified individuals to carry out security assessments for systems.

Infrared device

Devices such as mice, keyboards and pointing devices that have an infrared communications capability.

Insider

Any person that has, or had, authorised logical or physical access to a system and its resources.

Insider threat

An insider that performs, or attempts to perform, damaging activities (either intentionally or unintentionally) to a system or its resources. Some organisations may choose to exclude unintentional damage to systems and their resources (often referred to as negligent or accidental damage) from their definition of insider threat in order to focus on insiders with malicious intent (often referred to as malicious insiders).

Integrity

The assurance that data has been created, amended or deleted only by authorised individuals.

Intellectual property (IP)

The property of your mind or proprietary knowledge. It can be an invention, trade mark, design, brand or the application of your idea.

Interactive

The back and forth dialog between the user and the computer.

Interactive authentication

Authentication that involves the interaction of a person with a system.

International Telecommunication Union (ITU)

A specialised agency of the United Nations that is responsible for issues that concern information and communication technologies. It is the oldest global international organisation. Originally called the International Telegraph Union.

Internet

The global system of interconnected computer networks that use standardised communication protocols to link devices and provide a variety of information and communication facilities.

Internet of Things (IoT)

The network of physical objects, devices, vehicles, buildings and other items which are embedded with electronics, software, sensors and network connectivity, which enables these objects to connect to the internet and collect and exchange data.

Internet Protocol (IP) address

A numerical representation of an address for a particular computer or device on a network or the internet. 

Internet Protocol Security (IPsec)

A suite of protocols for secure communications through authentication or encryption of Internet Protocol (IP) packets as well as including protocols for cryptographic key establishment.

Internet Protocol telephony (IPT)

The transport of telephone calls over IP networks.

Internet Protocol version 6 (IPv6)

A protocol used for communicating over packet switched networks. Version 6 is the successor to version 4 which is widely used on the internet.

Internet Service Provider (ISP)

A company that provides subscribers with access to the internet.

Intrusion Detection System (IDS)

An automated system used to identify malicious or unwanted activities. An Intrusion Detection System can be host-based or network-based.

Intrusion Prevention System (IPS)

An automated system used to identify malicious or unwanted activities and react in real-time to block or prevent such activities. An Intrusion Prevention System can be host-based or network-based.

ISAKMP

Internet Security Association Key Management Protocol

ISO

International Organisation for Standardisation

IT equipment

Any device that can process, store or communicate data within IT environments, such as computers, multifunction devices, network devices, smartphones, electronic storage media and smart devices.

J

Java

A general purpose programming language that is a class-based and object-oriented, and designed to have as few implementation dependencies as possible.

JSON

JavaScript Object Notation

Jump server

A computer which is used to manage important or critical resources in a separate security domain. Also known as a jump host or jump box.

K

Key

In database management systems, a key is a field that you use to sort data. For example, if you sort records by age, then the age field is a key.

Key management

The use and management of cryptographic keys and associated hardware and software. It includes their generation, registration, distribution, installation, usage, protection, storage, access, recovery and destruction.

Keying material

Cryptographic keys generated or used by cryptographic equipment or software.

Keylogger

Malicious software that records which keys you press. These programs may be used to capture confidential information (such as login or financial details) and send to an attacker. Also known as keystroke logging.

L

Laptop

A small portable personal computer, suitable for use while travelling.

Legitimate email

An email from a trusted organisation or individual.

Libraries

In computer science, a library is a collection of non-volatile resources used by computer programs, often for software development.

Licence

A software license is a legal instrument governing the use or redistribution of software.

Like farming

Use of social engineering, such as compelling stories or photos, to persuade large numbers of users to 'like' a social networking page. Many of the stories are fake, and are part of a scam which makes money from the exposure generated by people liking and hence sharing the page.

Limited use obligation

In 2024, the Intelligence Services Act 2001 was amended to legislate a limited use obligation for the Australian Signals Directorate (ASD). Under the limited use obligation, information an industry organisation voluntarily provides ASD about cyber security incidents, potential incidents or vulnerabilities impacting them cannot be used for regulatory purposes.

Links

An HTML object that allows you to jump to a new location when you select it. Links provide a simple means of navigating between pages on the web.

Local Area Network (LAN)

A computer network that interconnects devices within a limited area such as a home, school, laboratory or office building.

Lockable commercial cabinet

A cabinet that is commercially available, of robust construction and is fitted with a commercial lock.

Logging

The automatically produced and time-stamped documentation of events relevant to a particular system.

Logging facility

A facility that includes software which generates events and their associated details, the transmission (if necessary) of event logs, and how they are stored.

Logical access controls

Measures used to control access to systems and their information.

Login

The act of logging in to a database, mobile device, or computer, especially a multiuser computer or a remote or networked computer system, usually by using a username and password.

M

MAC

Media Access Control

Machine learning

A type of artificial intelligence (AI) that allows software applications to become more accurate in predicting outcomes without being explicitly programmed. The basic premise of machine learning is to build algorithms that can receive input data and use statistical analysis to predict an output value within an acceptable range.

Machine-in-the-middle (MITM)

A form of malicious activity where the attacker secretly accesses, relays and possibly alters the communication between two parties who believe they are communicating directly with each other.

Macro

An instruction that causes the execution of a predefined sequence of instructions.

Malicious

Intending or intended to do harm.

Malicious actors

Individual or organisations that conduct malicious activities, such as cyber espionage, cyber attacks or cyber-enabled crime.

Malicious advertising

The use of online advertising to spread malware. It typically involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and web pages.

Malicious code

Any software that attempts to subvert the confidentiality, integrity or availability of a system.

Malicious code infection

The occurrence of malicious code infecting a system.

Malicious email

An email which has been deliberately crafted to cause problems on the server or on the client. This could be by making the message contain a virus, or crafting the message in such a way as to take advantage of a weakness in the receiving mail client.

Malicious links

A malicious link is created with the purpose of promoting scams, attacks and frauds. By clicking on an infected URL, you can download malware such as a Trojan or virus that can take control of your devices, or you can be persuaded to provide sensitive information on a fake website.

Malicious software (malware)

Any software that brings harm to a computer system. Malware can be in the form of worms, viruses, Trojans, spyware, adware and rootkits etc which steal protected data, delete documents or add software not approved by a user.

Malvertising

The use of online advertising to spread malware. Malvertising involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and webpages.

Malware

Malicious software used to gain unauthorised access to computers, steal information and disrupt or disable networks. Types of malware include Trojans, viruses and worms.

Managed Service Provider (MSP)

A company that remotely manages a customer's IT infrastructure and/or end-user systems, typically on a proactive basis and under a subscription model.

Management traffic

Traffic generated by system administrators over a network in order to control workstations and servers. This includes standard management protocols and traffic that contains information relating to the management of the network.

Media

A generic term for hardware, often portable in nature, which is used to store data.

Media destruction

The process of physically damaging media with the intent of making data stored on it inaccessible. To destroy media effectively, only the actual material in which data is stored needs to be destroyed.

Media disposal

The process of relinquishing control of media when it is no longer required.

Media sanitisation

The process of erasing or overwriting data stored on media so that it cannot be retrieved or reconstructed.

Memory-safe programming languages

Programming languages that prevent the introduction of vulnerabilities related to memory use. Examples of memory-safe programming languages include C#, Go, Java, Ruby, Rust and Swift. Examples of non-memory-safe programming languages include Assembly and C/C++.

Metadata

Descriptive data about the content and context used to identify data.

MIMO

Multiple-input and multiple-output

Mobile base station

A transmission and reception station in a fixed location, consisting of one or more receive/transmit antenna, microwave dish and electronic circuitry, used to handle cellular traffic.

Mobile device

A portable computing or communications device. For example, smartphones, tablets and laptop computers.

Mobile phones

A wireless handheld device that allows users to make and receive phone calls and to send text messages, among other features.

Multi-factor authentication (MFA)

Authentication using two or more different authentication factors. This may include something users know, something users have or something users are.

Multifunction device (MFD)

IT equipment that combines printing, scanning, copying, faxing or voice messaging functionality in the one device. These devices are often designed to connect to computer and telephone networks simultaneously.

m

mSATA

Mini-Serial Advanced Technology Attachment

N

National Exercise Program

A program that uses exercises and other readiness activities that target strategic decision-making, operational and technical capabilities, strategic engagement and communications. Through these exercises the program can help broaden your understanding of the roles and responsibilities of key government entities and private sector organisations when responding to a cyber security incident.

Need-to-know

The principle of restricting an individual’s access to only the data they require to fulfil the duties of their role.

Network

Two or more computer systems linked together

Network access control

Security policies used to control access to a network and actions on a network. This can include authentication checks and authorisation controls.

Network device

IT equipment designed to facilitate the communication of data. For example, routers, switches and wireless access points.

Network infrastructure

The infrastructure used to carry data between workstations and servers or other network devices.

Network management traffic

Network traffic generated by system administrators over a network in order to control workstations and servers. This includes standard management protocols and other network traffic that contains data relating to the management of the network.

Network segmentation

Partitioning a network into smaller networks; compare with network segregation.

Network segregation

Developing and enforcing a rule set for controlling the communications between specific hosts and services; compare with network segmentation.

Networking

The linking of computers to allow them to operate interactively.

NIDS

Network-based Intrusion Detection System

NIPS

Network-based Intrusion Prevention System

NIST

National Institute of Standards and Technology

Non-disclosure agreement (NDA)

A contract by which one or more parties agree not to disclose confidential information that they have shared with each other as a necessary part of doing business together.

Non-interactive authentication

Authentication between systems or services that does not involve the interaction of a person.

Non-repudiation

Providing proof that a user performed an action, and in doing so preventing a user from denying that they did so.

Non-volatile flash memory media

A specific type of electrically erasable programmable read-only memory.

Non-volatile media

A type of media which retains its data when power is removed.

O

Off-hook audio protection

A method of mitigating the possibility of an active handset inadvertently allowing background discussions to be heard by a remote party. This can be achieved through the use of a hold feature, mute feature, push-to-talk handset or equivalent.

Offensive cyber operations

Activities in cyberspace that manipulate, deny, disrupt, degrade or destroy targeted computers, information systems, or networks.

Official information

Non-classified information identified as requiring basic protection (i.e. information marked as OFFICIAL or OFFICIAL: Sensitive).

One Time Pad (OTP)

An encryption method relying on a pre-shared key which is larger than or equal to the size of the plaintext to create ciphertext. While the OTP is the only scheme to hold certain theoretical security properties, key management renders it impractical for modern use-cases.

Online services

Services accessed by users over the internet (also known as internet-facing services).

Open data

Data that can be freely used, reused and redistributed by anyone.

OpenPGP Message Format

An open-source implementation of Pretty Good Privacy, a widely available cryptographic toolkit.

Operating system (OS)

System software that manages hardware and software resources and provides common services for executing various applications on a computer.

Operational Technology (OT)

Systems that detect or cause a direct change to the physical environment through the monitoring or control of devices, processes and events. Operational technology is predominantly used to describe industrial control systems which include supervisory control and data acquisition systems and distributed control systems.

OSI

Open System Interconnect

OT equipment

Any device that can process, store or communicate data or signals within OT environments, such as programmable logic controllers and remote terminal units.

Outsourcing

An agreement in which one company hires another company to be responsible for a planned or existing activity that is or could be done internally, and sometimes involves transferring employees and assets from one firm to another.

OWASP

Open Web Application Security Project

P

P2P

Peer-to-peer

Pacific Cyber Security Operational Network (PaCSON)

A multinational Pacific cyber security network which the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is a member of. PaCSON promotes closer sharing of cyber security threat information, tools, techniques and ideas between Pacific nations.

Passive defence

Security measures that are applied within a network and require limited human interaction. Passive defence includes logging and monitoring mechanisms, and implementation of tools and processes to harden networks including firewalls, application hardening, patching procedures and antivirus software.

Passphrase

A sequence of words used for authentication.

Password

A sequence of characters used for authentication.

Password complexity

The use of different character sets, such as lower-case alphabetical characters (a-z), upper-case alphabetical characters (A-Z), numeric characters (0-9) and special characters.

Password manager

A type of software that offers greater security through the capability to generate unique, strong, easily-changed passwords for all online accounts and the secure encrypted storage of those passwords either through a local or cloud-based vault.

Password spray attack

An attack that attempts to access a large number of accounts with some commonly-used passwords.

Passwordless authentication

Authentication that does not involve the use of something users know. Passwordless authentication may be single-factor or multi-factor, with the later often referred to as passwordless multi-factor authentication.

Passwordless multi-factor authentication

Multi-factor authentication using something users have that is unlocked by something users know or are. Note, while a memorised secret may be used as part of passwordless multi-factor authentication (e.g. to unlock access to a cryptographic private key stored on a device) it is not the primary authentication factor, hence the use of the passwordless terminology.

Patch

A piece of software designed to remedy vulnerabilities or improve the usability or performance of software, IT equipment or OT equipment.

Patch cable

A metallic (copper) or fibre-optic cable used for routing signals between two components in an enclosed container or rack.

Patch panel

A group of sockets or connectors that allow manual configuration changes, generally by means of connecting patch cables.

Patching

The action of updating, fixing, or improving a computer program.

Payload

Part of digitally transmitted data that is the fundamental purpose of the transmission. In the cyber-security context, normally the part of a malware program that performs a malicious action.

Peer-to-peer (P2P) file sharing network

A decentralised file sharing system. Files are stored on and served by the personal computers of the users.

Penetration test

A penetration test is designed to exercise real-world scenarios in an attempt to achieve a specific goal, such as compromising critical systems, applications or data.

Perfect Forward Secrecy (PFS)

Additional security for security associations ensuring that if one security association is compromised subsequent security associations will not be compromised.

Peripheral switch

A device used to share a set of peripherals between multiple computers. For example, a keyboard, video monitor and mouse.

Personal data

Any information relating to an identified or identifiable natural person.

Personal identification number (PIN)

A number allocated to an individual and used to validate electronic transactions.

Personal information

Information or an opinion about an identified individual, or an individual who is reasonably identifiable: whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not.

Personally Identifiable Information (PII)

Information that can be used on its own or with other information to identify, contact or locate a single person, or to identify an individual in context.

Pharming

A way of harvesting personal information, where a hacker puts a malicious code on your computer that redirects you to a fake site.

Phishing

Untargeted, mass emails sent to many people asking for sensitive information (such as bank details), encouraging them to open a malicious attachment, or visit a fake website that will ask the user to provide sensitive information or download malicious content.

See also 'spear phishing' and 'whaling'.

Plan of action and milestones (POAM)

A document that describes vulnerabilities in a system and the plans for their rectification.

PLC

Programmable logic controllers

PMK

Pairwise Master Key

Polymorphic

Malware that can change parts of its code in order to avoid detection by security software.

Pop-up

A small window which suddenly appears (pops-up) in the foreground of the normal screen.

Portable devices

Any device that can easily be carried. It is a small form factor computing device that is designed to be held and used in the hand.

Portable Document Format (PDF)

A file format that has captured all the elements as of a printed document as an electronic image that you can view, navigate, print or forward to someone else.

Position of trust

A position that involves duties that require a higher level of assurance than that provided by normal employment screening. In some cases, additional screening may be required. Positions of trust can include, but are not limited to, Chief Information Security Officers and their delegates, system administrators and privileged users.

Potentially unwanted software (PUS)

Applications that may appear to serve a useful purpose but often perform actions that may adversely affect a computer’s performance. Also known as potentially unwanted applications.

PowerShell

The shell framework developed by Microsoft for administrative tasks such as configuration management and automation of repetitive jobs.

Privacy

The ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively.

Privacy settings

Settings which control how a user's data is shared with other people or systems. Privacy settings apply to web browsers and social networking services.

Privileged Access Workstation (PAW)

Provides a dedicated operating system for sensitive tasks and is protected from internet attacks and threat vectors.

Privileged accounts

Privileged accounts include privileged user accounts and privileged service accounts.

Privileged operating environments

Privileged operating environments are those used for activities that require a degree of privileged access, such as system administration activities.

Privileged user

A user who can alter or circumvent a system’s security measures. This can also apply to users who could have only limited privileges, such as software developers, who can still bypass security measures.

A privileged user can have the capability to modify system configurations, account privileges, audit logs, data files or applications.

Privileged user accounts

A user account that has the capability to modify system configurations, account privileges, event logs and security configurations for applications. This also applies to users who may only have limited privileges but still have the ability to bypass some of a system’s controls.

Product

A generic term used to describe software or hardware.

Protection Profile (PP)

A document that stipulates the security functionality that must be included in a Common Criteria evaluation to meet a range of defined threats.

Protection Profiles also define the activities to be taken to assess the security function of an evaluated product.

Protective marking

An administrative label assigned to data that not only shows the value of the data but also defines the level of protection to be provided.

PSC

Protective Security Circular

PSPF

The Australian Government's Protective Security Policy Framework

Public computers

A computer available in public areas. Some places where public computers may be available are libraries, schools or government facilities.

Public data

Data that has been formally authorised for release into the public domain.

Public information

Information that has been formally authorised for release into the public domain.

Public Key Infrastructure (PKI)

A set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption.

Public network infrastructure

Network infrastructure that an organisation has no control over, such as the internet.

Public Switched Telephone Network (PSTN)

Public network infrastructure used for voice communications.

Public Wi-Fi

Any Wi-Fi service established and owned by a contributing group that is provided for use by its customers on a wireless device.

Public Wi-Fi may be unsecured, password protected or have other secure authentication protocols established and managed by such contributing group.

See also unsecured networks.

Push-to-talk handsets

Handsets that have a button which is pressed by the user before audio can be communicated, thus providing off-hook audio protection.

Q

Quality of service

The ability to provide different priorities to different applications, users or data flows, or to guarantee a certain level of performance to a data flow.

R

Radio communications

The transmission of signals by modulation of electromagnetic waves with frequencies below those of visible light.

Radio Frequency transmitter

A device designed to transmit electromagnetic radiation as part of a radio communication system.

RADIUS

Remote Access Dial-In User Service

RAM

Random-access memory

Ransomware

Malicious software that makes data or systems unusable until the victim makes a payment.

Reclassification

An administrative decision to change the controls used to protect data based on a reassessment of the potential impact of its unauthorised disclosure. The lowering of the controls for media containing sensitive or classified data often requires sanitisation or destruction processes to be undertaken prior to a formal decision to lower the controls protecting the data.

Recovery plan

A plan that outlines an organisation's recovery strategy for how they are going to respond to a cyber security incident.

Redaction

Most commonly refers to the removal of information from a document to ensure that information remains private or secret from a wide audience. It can also refer to a form of editing in which multiple sources of texts are combined and altered slightly to make a single document.

Releasable To (REL) data

Data not to be passed to, or accessed by, foreign nationals beyond those belonging to specific nations which the data has been authorised for release to.

Remote access

Access to a system that originates from outside an organisation’s network and enters the network through a gateway, including over the internet.

Remote access scam

When a scammer pretends to be affiliated with a tech or computer company, such as Apple, Telstra or their technical support division. The scammer usually tries to convince you that you have a computer or internet problem and you need to buy or install new software to fix the problem.

Remote Access Tool (RAT)

A software administration tool or program that can be used by a hacker to remotely gain access and control of an infected machine.

Remote Desktop Protocol (RDP)

A proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection.

Removable media

Storage media that can be easily removed from a system and is designed for removal, such as Universal Serial Bus flash drives and optical media.

Resilience

The capacity to recover quickly from difficulties.

RF

Radio frequency

RFC

Request for Comments

Rivest-Sharmir-Adleman (RSA)

A public key cryptosystem based on the practical difficulty of factoring the product of two large prime numbers.

Romance scams

A type of scam involving feigning romantic intentions towards a victim, gaining their affection, and then using that goodwill to commit fraud. This may involve access to the victim's money, bank accounts, credit cards, passports, email accounts, or national identification numbers or forcing the victims to commit financial fraud on their behalf. Often called dating and romance scams.

Rootkit

A tool or set of tools used by an attacker in order to compromise a system, gain the highest level of privilege, and then hide their activity.

Router

A networking device that forwards data packets between computer networks.

RSS

Originally RDF Site Summary; later, two competing approaches emerged, which used the backronyms Rich Site Summary and Really Simple Syndication respectively.

RTP

Real-time Traffic Protocol

S

Sandbox

A virtual space in which new, untrusted or untested software or coding can be run safely without risking harm to the hosting computer.

Scam

A fraudulent scheme performed by a dishonest or deceitful individual, group or company in an attempt to obtain money or something else of value.

Scam emails

An email that intentionally deceives for personal gain or to damage another individual.

Scammer

A person who commits fraud or participates in a dishonest scheme.

Script (malware)

A type of malware written using a scripting language. Common forms of scripting language include JavaScript, HTML, Visual Basic Script, PowerShell, Perl, Python and Shell Scripting.

Search engine optimisation (SEO)

The process of increasing website traffic by increasing the visibility or ranking of a website or a web page to users of a search engine.

Secondary targeting

The people who are the second most likely to purchase products and services, and are thus targeted for marketing purposes.

Seconded foreign national

A representative of a foreign government on exchange or long-term posting.

Secure Admin Workstation (SAW)

A hardened workstation, or virtualised privileged operating environment, used specifically in the performance of administrative activities.

Secure Shell (SSH)

A network protocol that can be used to securely log into, execute commands on, and transfer files between remote workstations and servers.

Secure Sockets Layer (SSL)

A networking protocol designed for securing connections between web clients and web servers over an insecure network, such as the internet.

Secure-by-default

A software development principle whereby products and services are configured for maximum security by default.

Secure-by-design

A software development principle whereby security is designed into every stage of a product or service’s development.

Secure/Multipurpose Internet Mail Extension (S/MIME)

A protocol which allows the encryption and signing of email messages.

Secured space

An area certified to the physical security requirements for a Security Zone Two to Security Zone Five area, as defined in the Department of Home Affairs’ Protective Security Policy Framework, Entity facilities policy, to allow for the processing or storage of classified data.

Security assessment

An activity undertaken to assess controls for a system and its environment to determine if they have been implemented correctly and are operating as intended.

Security assessment report (SAR)

A document that describes the outcomes of a security assessment and contributes to the development of a plan of action and milestones.

Security association (SA)

A collection of connection-specific parameters used for IPsec connections.

Security association (SA) lifetime

The duration a security association is valid for.

Security breach

An act that leads to damage of a system or unauthorised access to the system.

Security Construction and Equipment Committee (SCEC)

An Australian Government interdepartmental committee responsible for the evaluation and endorsement of security equipment and services. The committee is chaired by the Australian Security Intelligence Organisation.

Security documentation

An organisation’s cyber security strategy; system-specific security documentation; and any supporting diagrams, plans, policies, processes, procedures and registers.

Security domain

A system or collection of systems operating under a consistent security policy that defines the classification, releasability and special handling caveats for data processed within the domain.

Security flaws

A weakness in a system that gives a threat agent the opportunity to mount an attack.

Security posture

The level of security risk to which a system is exposed. A system with a strong security posture is exposed to a low level of security risk while a system with a weak security posture is exposed to a high level of security risk.

Security risk

Any event that could result in the compromise, loss of integrity or unavailability of data or resources, or deliberate harm to people measured in terms of its likelihood and consequences.

Security risk appetite

Statements that communicate the expectations of an organisation’s senior management about their security risk tolerance. These criteria help an organisation identify security risks, prepare appropriate treatments and provide a benchmark against which the success of mitigations can be measured.

Security risk management

The process of identifying, assessing and taking steps to reduce security risks to an acceptable level.

Security Target (ST)

An artefact of Common Criteria evaluations that specifies conformance claims, threats and assumptions, security objectives, and security requirements for an evaluated product.

Security updates

Updates to the security on your system.

SEG

Security Equipment Guide

Self-healing

Any device or system that has the ability to perceive that it is not operating correctly and to make the necessary adjustments to restore itself to normal operation.

Sender Policy Framework (SPF)

An email authentication method designed to detect forged sender addresses during the delivery of email.

Sensitive data

Data that would cause damage to an organisation or an individual if compromised.

Server

A computer that provides services to users or other systems. For example, a file server, email server or database server.

Service accounts

User accounts that are used to perform automated tasks without manual intervention, such as machine to machine communications. Service accounts will typically be configured to disallow interactive logins.

Service providers

A company which allows its subscribers access to the internet.

Service Set Identifier (SSID)

The name given to identify a particular Wi-Fi network. The SSID is broadcast by the wireless access point (wireless router) and can be detected by other wireless-enabled devices in range of the wireless access point (WAP). In some cases, SSIDs are hidden, making them invisible to Wi-Fi clients.

Sextortion

A form of blackmail in which sexual information or images are used to extort money or sexual favours from the victim in return for not releasing the information or images publicly.

SHA-1

Secure Hashing Algorithm 1

SHA-2

Secure Hashing Algorithm 2

Shared responsibility model

A framework that describes the management and operational responsibilities between different parties for a system. Where responsibilities relating to specific controls are shared between multiple parties, enough detail is documented to provide clear demarcation between the parties.

Shell

The program that gives your commands to your computer's operating system.

Short Message Service (SMS)

A text messaging service component of most telephone, internet and mobile device systems. It uses standardised communication protocols to enable mobile devices to exchange short text messages.

Signature

A distinct pattern in network traffic that can be identified to a specific tool or exploit. Signatures are used by security software to determine if a file has been previously determined to be malicious or not.

SIP

Session Initiation Protocol

Skimming

The theft of credit card information using card readers, or skimmers, to record and store victims' data.

SLAAC

Stateless Address Autoconfiguration

Small and Medium Enterprises (SMEs)

A legally independent company with less than a certain number of employees or financial turnover. The Australian Taxation Office defines Australian SMEs as having less than $250 million turnover.

Smart appliances

Appliances that are able to connect to the internet via Wi-Fi or another protocol such as the Zigbee specification and can be accessed and controlled remotely from any internet-connected computer or mobile device.

Smart devices

An electronic device, generally connected to other devices or networks via different wireless protocols such as Bluetooth, Zigbee, NFC, Wi-Fi, LiFi, 3G, etc, that can operate to some extent interactively and autonomously.

Smart vehicles

Vehicles equipped with system driven forms of artificial intelligence.

Smartphone

A handheld electronic device that provides connection to a cellular network. Smartphones allow people to make phone calls, send text messages and access the internet.

SMS scam

A fraudulent text message sent by a deceitful or dishonest person in order to obtain money or something else of value.

SNMP

Simple Network Management Protocol

Social engineering

The methods used to manipulate people into carrying out specific actions, or divulging information.

Social media

Websites and applications that enable users to create and share content or to participate in social networking.

Social media scams

An act of deception and fraud committed through social media websites or applications.

Softphone

An application that allows a workstation to act as a phone using a built-in or externally-connected microphone and speaker.

Software

An element of a system including, but not limited to, an application or operating system.

Software update

A download for an application, operating system or software suite that provides fixes for features that aren't working as intended or adds minor software enhancements and compatibility.

Solid-state drive (SSD)

Non-volatile media that uses non-volatile flash memory media to retain its data when power is removed and, unlike non-volatile magnetic media, contains no moving parts.

SP

Special Publication

Spam

Unsolicited electronic messages, especially containing advertising, indiscriminately transmitted to a large number of people.

Spear phishing

A form of phishing that targets a specific person or group.

Split tunnelling

Functionality that allows personnel to access public network infrastructure and a Virtual Private Network connection at the same time, such as an organisation’s system and the internet.

Spoof

A type of attack where a message is made to look like it comes from a trusted source. For example, an email that looks like it comes from a legitimate business, but is actually trying to spread malware.

Spyware

A program that collects information on the user’s activities without their consent. Spyware may be installed on a system illegitimately, or as a part of other software without the user’s knowledge.

SQL injection

Exploitation of a vulnerability in a database application that does not properly validate or encode user input, allowing the manipulation, exfiltration or deletion of data.

Standard Operating Environment (SOE)

A standardised build of an operating system and associated software that can be used for servers, workstations and mobile devices.

Standard user

A user who can, with their normal privileges, make only limited changes to a system and generally cannot bypass security measures.

State-sponsored actor

A private actor that conducts activity on behalf of a state, for example, a contracted hacker or company.

Structured Query Language (SQL)

A special-purpose programming language designed for managing data held in a relational database management system.

Sub-contractors

An individual or a business that signs a contract to perform part or all of the obligations of another's contract.

Subject matter expert (SME)

A person who is an authority in a particular area or topic. In computer science, also called a domain expert.

Submarine cables

A cable laid on the sea bed between land-based stations to carry telecommunication signals across stretches of sea and ocean.

Supervisory Control and Data Acquisition (SCADA)

A control system architecture comprising computers, networked data communications and graphical user interfaces for high-level process supervisory management. It also comprises other peripheral devices like programmable logic controllers and discrete proportional-integral-derivative controllers used to interface with process plant or machinery.

Supplier

Organisations, such as application developers, IT equipment manufacturers, OT equipment manufacturers, service providers and data brokers, that provide products and services. Suppliers can also include other organisations involved in distribution channels.

Surfing

The act of browsing the internet by going from one web page to another web page using hyperlinks in a web browser.

Suspicious email

An email that is potentially malicious.

Suspicious message

A message that is potentially malicious.

Suspicious video

A video that is potentially malicious.

Symmetric encryption algorithms

Symmetric encryption algorithms are algorithms for cryptography that use the same cryptographic keys for both the encryption of plaintext and the decryption of ciphertext data. Symmetric encryption algorithms may operate in various modes which apply either stream or block ciphers.

System

A related set of hardware, software and supporting infrastructure used for the processing, storage or communication of data and the governance framework in which it operates.

System administration

System administration refers to the management of one or more hardware and software systems. Also referred to as 'sys admin'.

System administrator

A system (or application) administration role performed by a privileged user that hold a position of trust.

System classification

The classification of a system is the highest classification of data which the system is authorised to store, process or communicate.

System of National Significance

Critical infrastructure or essential service

System owner

The executive responsible for a system.

System security plan (SSP)

A document that describes a system and its associated controls.

System-specific security documentation

A system’s system security plan, cyber security incident response plan, continuous monitoring plan, security assessment report, and plan of action and milestones.

T

Tablet

A portable computer that uses a touch screen as its primary input device. Most tablets are slightly smaller and lighter than the average laptop.

Tax scam

When an individual or business willfully and intentionally falsifies information on a tax return to limit their tax liability.

Telecommunications

The transfer of signals over distances.

Telemetry

The automatic measurement and transmission of data collected from remote sources. Such data is often used within systems to measure the use, performance and health of one or more functions or devices that make up the system.

Telephone

A device that is used for point-to-point communication over a distance. This includes digital and IP telephony.

Telephone system

A system designed primarily for the transmission of voice communications.

TEMPEST

A short name referring to investigations and studies of compromising emanations.

TEMPEST-rated IT equipment

IT equipment that has been specifically designed to minimise TEMPEST emanations.

Threat actor

An individual or organisation that conducts malicious activity, such as cyber espionage, cyber attacks or cyber-enabled crime.

TLP

Traffic Light Protocol

TLP:CLEAR

Recipients can spread this to the world, there is no limit on disclosure. Sources may use TLP:CLEAR when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:CLEAR information may be shared without restriction.

Traffic flow filter

A device that has been configured to automatically filter and control the flow of data.

Traffic Light Protocol (TLP)

The Traffic Light Protocol is a set of Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) designations used to ensure that information is shared with the correct audience.

Transfer Cross Domain Solution

A system that facilitates the transfer of data, in one or multiple directions (low to high or high to low), between different security domains.

Transport Layer Security (TLS)

Transport layer security is a widely adopted security protocol designed to facilitate privacy and data security for communications over the internet.

Transport mode

An IPsec mode that provides a secure connection between two endpoints by encapsulating an IP payload.

Trojan

A type of malware or virus disguised as legitimate software, which is used to hack into the victim's computer.

Trusted source

A person or system formally identified as being capable of reliably producing data meeting certain defined parameters, such as a maximum data classification and reliably reviewing data produced by others to confirm compliance with certain defined parameters.

Tunnel mode

An IPsec mode that provides a secure connection between two endpoints by encapsulating an entire IP packet.

Two-Factor Authentication (2FA)

A form of multi-factor authentication (see definition) to confirm a user's claimed identity by combining two different pieces of evidence.

U

Uniform Resource Locator (URL)

The technical term for the web address (location) of an internet resource such as a website or an image within a website.

Unpatched software

Computer code with known security weaknesses.

Unprivileged accounts

Unprivileged accounts include unprivileged user accounts and unprivileged service accounts.

Unprivileged operating environments

Unprivileged operating environments are those used for activities that do not require privileged access, such as reading emails and browsing the web.

Unsecured network

Most often refers to a free Wi-Fi network, like at a café or shop.

Unsecured space

An area not certified to the physical security requirements for a Security Zone Two to Security Zone Five area, as defined in the Department of Home Affairs’ Protective Security Policy Framework, Entity facilities policy, to allow for the processing or storage of classified data.

Untrusted device

Any IT equipment that an organisation does not trust. For example, unknown IT equipment (which might belong to malicious actors), or an uncontrolled personal mobile device of an employee.

Updates

An act of updating something or someone or an updated version of something.

USB

Universal Serial Bus

USB stick

A small piece of hardware that stores data, sometimes called a jump drive, thumb drive or flash drive.

User

An individual that works for an organisation and is authorised to access a system.

User accounts

User accounts include privileged user accounts and unprivileged user accounts.

User experience (UX)

The overall experience of a person using a product such as a website or computer application, especially in terms of how easy or pleasing it is to use.

User interface (UI)

The means by which the user and a computer system interact, in particular the use of input devices and software.

V

Validation

Confirmation (through the provision of strong, sound, objective evidence) that requirements for a specific intended use or application have been fulfilled.

Vector

An access method for cyber operations.

Verification

Confirmation, through the provision of objective evidence, that specified requirements have been fulfilled.

Virtual Local Area Network (VLAN)

Network devices and other IT equipment grouped logically based on resources, security or business requirements instead of their physical location.

Virtual Private Network (VPN)

A network that maintains privacy through a tunnelling protocol and security procedures. Virtual Private Networks may use encryption to protect network traffic.

Virtualisation

Simulation of a hardware platform, operating system, application, storage device or network resource.

Virus

A type of malware. Viruses spread on their own by attaching code to other programs, or copying themselves across systems and networks.

Volatile media

A type of media, such as random-access memory, which gradually loses its data when power is removed.

Vulnerability

A weakness in a system’s security requirements, design, implementation or operation that could be accidentally triggered or intentionally exploited and result in a violation of the system’s security policy.

Vulnerability assessment

A vulnerability assessment can consist of a documentation-based review of a system’s design, an in-depth hands-on assessment or automated scanning with software tools. In each case, the goal is to identify as many vulnerabilities as possible.

Vulnerability management

The process of identifying, prioritising and responding to vulnerabilities.

W

WAN

Wide Area Network

Watering hole

Setting up a fake website (or compromising a real one) in order to infect and exploit visiting users.

WCM

Web Content Management

Wear levelling

A technique used in non-volatile flash memory media to prolong the life of the media. As data can be written to and erased from memory blocks a finite number of times, wear-levelling helps to distribute writes evenly across each memory block, thereby decreasing wear and increasing its lifetime.

Wearable smart devices

AKA wearables

Web address

A reference to a web resource that specifies its location on a computer network and a mechanism for retrieving it. Formally a Uniform Resource Locator (URL).

Web applications

In computing, a client-server computer program that the client runs in a web browser.

Webcams

A video camera connected to a computer, allowing its images to be seen by internet users.

Website defacement

Illegitimate changes made to the appearance and content of a website. Often likened to graffiti or online vandalism.

WEP

Wired Equivalent Privacy

Whaling

A highly-targeted form of spearphishing that is aimed at senior executives within an organisation.

White hat

An ethical computer hacker, or a computer security expert, who specialises in penetration testing and in other testing methodologies to legally and legitimately ensure the security of an organisation's information systems. See also ‘black hat’ and ‘grey hat’.

Wi-Fi

A set of wireless communication protocols that can transmit traffic to Wi-Fi enabled devices within a local area. A Wi-Fi enabled device such as a laptop or mobile device can connect to the internet when within range of a wireless network connected to the internet. An area covered by one or more Wi-Fi access points is commonly called a hotspot.

Wi-Fi Protected Access (WPA)

A protocol designed for communicating data over wireless networks.

Wi-Fi Protected Access 2 (WPA2)

A protocol designed to replace the Wi-Fi Protected Access protocol for communicating data over wireless networks.

Wi-Fi Protected Access 3 (WPA3)

A protocol designed to replace the WPA2 protocol for communicating data over wireless networks.

Wide Area Network (WAN)

A telecommunications network or computer network that extends over a large geographical distance.

Wire fraud

A crime in which a person concocts a scheme to defraud or obtain money based on false representation or promises.

Wireless

Telecommunication involving signals transmitted by radio waves rather than over wires, also: the technology used in radio telecommunication.

Wireless Access Point (WAP)

A device which enables communications between wireless clients. It is typically also the device which connects wired and wireless networks.

Wireless communications

The transmission of data over a communications path using electromagnetic waves rather than a wired medium.

Wireless local area network (WLAN)

A wireless distribution method for two or more devices that use radio communications and often includes an access point to the internet.

Wireless network

A network based on the 802.11 standards.

Women in Technology

An organisation that supports women in their science, technology, engineering or maths (STEM) careers. They help women by educating high school girls about the opportunities in STEM, as well as providing networking and education for professionals.

Workstation

A stand-alone or networked single-user computer.

Worm

Self-replicating malware that uses a network to distribute copies of itself to other computer devices, often without user intervention. Worms need not attach themselves to existing programs.

X

X11 forwarding

X11, also known as the X Window System, is a basic method of video display used in a variety of operating systems. X11 forwarding allows the video display from one device to be shown on another device.

Z

Zero day exploit

An exploitable software vulnerability that hasn’t been disclosed or patched by the software vendor yet.