Glossary

ASD-Approved Cryptographic Algorithm

ASD-Approved Cryptographic Protocol

Australasian Certification Authority

The process of granting or denying requests for access to systems, applications and data. Can also refer to the process of granting or denying requests for access to facilities.

A system permitting access to multiple security domains from a single client device.

The illegal practice of collecting email accounts from information in the public domain or by using software to search for email addresses stored locally on a computer. Account harvesting may be used for spamming.

Accountable material requires the strictest control over its access and movement. Accountable material includes TOP SECRET data, some types of caveated data and any data designated as accountable material by its originator.

Australian Communications Security Instruction

The principle of proactively implementing a spectrum of security measures to strengthen a network or system to make it more robust against attack. Active defence is separate from offensive cyber operations, as well as passive defence or network hardening.

Note that some references to active defence focus on the employment of limited offensive action and counterattacks – commonly referred to as ‘hacking back’. The term active defence is not synonymous with ‘hacking back’, so these terms should not be used interchangeably.

Software that prevents advertisements from appearing with the content the user is intentionally viewing. People block ads for a variety of reasons. For example, many of them find marketing ads annoying and even stressful.

A set of malicious cyber activity with common characteristics, often orchestrated by a person or group targeting specific entities over an extended period. An APT usually targets either private organisations, states or both for business or political motives.

A type of ACSC publication that provides timely information and advice about current security issues, vulnerabilities, and exploits.

A program that displays advertisements that can be installed legitimately as a part of another application or service, or illegitimately without the consent of the system user.

Advanced Encryption Standard

A secondary market of an industry, concerned with the manufacturing, remanufacturing, distribution, retailing, and installation of all parts, equipment, and accessories, after the sale of the device by the original equipment manufacturer to the consumer.

A network security measure designed to ensure that a network is physically isolated from other networks. This intends to make the isolated network secure by ensuring it does not connect to other less secure networks, such as the internet.

An ACSC publication intended to provide timely notification concerning threats or activity with the potential to impact individuals, businesses, organisations, government, devices, peripherals, networks or infrastructure.

Software that is designed to detect, stop and remove viruses and other kinds of malicious software.

Application

A software program or group of software programs designed for end users. Examples of an application include a word processor, a spreadsheet, an accounting application, a web browser, an email client, a media player, a file viewer, an aeronautical flight simulator, a console game or a photo editor. The collective noun application software refers to all applications collectively. This contrasts with system software, which is mainly involved with running the computer.

An approach in which only an explicitly defined set of trusted applications are allowed to execute on systems.

A place where an accumulation of computer files is stored. It could be disk storage, a flash drive, a backup disk drive, an online backup service, an indexing internet page, etc.

The simulation of intelligence processes by machines, especially computer systems. These processes include learning (the acquisition of information and rules for using the information), reasoning (using the rules to reach approximate or definite conclusions), and self-correction. Particular applications of AI include threat identification, expert systems, speech recognition and machine vision.

In the context of technology, an overarching term used to refer to applications, IT equipment, OT equipment, services and data. Such assets may also be referred to as technology assets.

Advanced Technology Attachment

The applications, IT equipment, OT equipment and services used by a system. The greater the attack surface the greater the chances of malicious actors finding an exploitable vulnerability.

The process of assessing the source, perpetrator or sponsor of malicious activity. Statements of attribution often use probabilistic language and indicate the level of confidence in the assessment.

A chronological record of system activities including records of system access and operations performed.

A chronological record that reconstructs the sequence of activities surrounding, or leading to, a specific operation, procedure or event.

Data not to be passed to, or accessed by, foreign nationals.

Data not to be passed to, or accessed by, foreign nationals, with the exception of seconded foreign nationals.

A program that evaluates products in order to protect systems and data against cyber threats. These evaluation activities are certified by the Australian Certification Authority.

A program under which evaluations are performed by impartial bodies against the Common Criteria. The results of these evaluations are then certified by the Australian Certification Authority within the Australian Signals Directorate (ASD).

An Australian Government statutory agency responsible for foreign signals intelligence, cyber warfare and information security.

The Australian Government's lead for cyber security. The ASD's ACSC is part of the Australian Signals Directorate.

Verifying the identity of a user, process or device as a prerequisite to allowing access to resources in a system.

A protocol used in Internet Protocol Security (IPsec) that provides data integrity and data origin authenticity but not confidentiality.

An executive with the authority to formally accept the security risks associated with the operation of a system and to authorise it to operate.

The assurance that systems, applications and data are accessible and useable by authorised entities when required.