Glossary

The process of analysing the access of individuals or systems to an organisation's IT resources.

The process used in businesses and organisations to grant or deny employees and others authorisation to secure systems.

When a victim’s personal details are stolen and used to perpetrate crime, commonly fraud. Identity theft is a serious crime and can result in long-term and far-reaching negative consequences for victims.

Internet Engineering Task Force

Internet Key Exchange

Emails that attempt to impersonate a trusted individual or company in an attempt to gain access to corporate finances or data.

A scam where a dishonest individual will try to convince you to make a payment or give personal or financial details by claiming to be from a trusted organisation.

Control systems and associated instrumentation used to efficiently operate and/or automate industrial processes. Industrial Control Systems include supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other smaller control system configurations such as programmable logic controllers (PLC).

The protection of information from unauthorised access, use, disclosure, disruption, modification or destruction in order to provide confidentiality, integrity and availability.

An ASD publication outlining a cyber security framework that organisations can apply, using their risk management framework, to protect their systems and data from cyber threats.

Hardware, software and supporting infrastructure used for the processing, storage or communication of data.

An initiative of ASD designed to register suitably qualified individuals to carry out security assessments for systems.

Devices such as mice, keyboards and pointing devices that have an infrared communications capability.

Any person that has, or had, authorised logical or physical access to a system and its resources.

An insider that performs, or attempts to perform, damaging activities (either intentionally or unintentionally) to a system or its resources. Some organisations may choose to exclude unintentional damage to systems and their resources (often referred to as negligent or accidental damage) from their definition of insider threat in order to focus on insiders with malicious intent (often referred to as malicious insiders).

The assurance that data has been created, amended or deleted only by authorised individuals.

The property of your mind or proprietary knowledge. It can be an invention, trade mark, design, brand or the application of your idea.

The back and forth dialog between the user and the computer.

Authentication that involves the interaction of a person with a system.

A specialised agency of the United Nations that is responsible for issues that concern information and communication technologies. It is the oldest global international organisation. Originally called the International Telegraph Union.

The global system of interconnected computer networks that use standardised communication protocols to link devices and provide a variety of information and communication facilities.

The network of physical objects, devices, vehicles, buildings and other items which are embedded with electronics, software, sensors and network connectivity, which enables these objects to connect to the internet and collect and exchange data.

A numerical representation of an address for a particular computer or device on a network or the internet. 

A suite of protocols for secure communications through authentication or encryption of Internet Protocol (IP) packets as well as including protocols for cryptographic key establishment.

The transport of telephone calls over IP networks.

A protocol used for communicating over packet switched networks. Version 6 is the successor to version 4 which is widely used on the internet.

A company that provides subscribers with access to the internet.

An automated system used to identify malicious or unwanted activities. An Intrusion Detection System can be host-based or network-based.

An automated system used to identify malicious or unwanted activities and react in real-time to block or prevent such activities. An Intrusion Prevention System can be host-based or network-based.

Internet Security Association Key Management Protocol

International Organisation for Standardisation

Any device that can process, store or communicate data within IT environments, such as computers, multifunction devices, network devices, smartphones, electronic storage media and smart devices.