Terminology

A

Access control - The process of granting or denying requests for access to systems, applications and information. It can also refer to the process of granting or denying requests for access to facilities.

Adware - A program that displays advertisements that can be installed legitimately as a part of another application or service, or illegitimately without the consent of the system user.

Anti-virus - Software that is designed to detect, stop and remove viruses and other kinds of malicious software.

Application - A software program or group of software programs designed for end users.

Application control - An approach in which only an explicitly defined set of trusted applications are allowed to run on systems.

IT Asset - Anything of value, such as ICT equipment, software or information.

Audit log - A chronological record of system activities including records of system access and operations performed.

Authentication - Verifying the identity of a user, process or device as a prerequisite to allowing access to resources in a system.

B

Back door - A feature or defect of a computer system that allows access to data by bypassing normal security measures

Backup - In information technology, a copy of computer data taken and stored elsewhere so that it may be used to restore the original after data loss.

Biometrics - Measurable physical characteristics used to identify or verify an individual.

Data Breach - When data is lost or subjected to unauthorised access, modification, disclosure, or other misuse or interference. Also referred to as a ‘data spill’.

Security Breach - An incident that results in unauthorised access to data, applications, services, networks and/or devices by bypassing their underlying security mechanisms.

Bring Your Own Device (BYOD) - An organisational policy that allows employees to use their own personal devices for work purposes. These devices connect to and utilise the organisation's network, data and resources.

Browser - A software application for retrieving, presenting and traversing information resources on the World Wide Web.

Browser hijacking - Occurs when browser settings are changed without the user's knowledge or consent. The browser may persistently redirect to malicious or other unwanted websites.

Brute force - An unsophisticated and exhaustive process to try and determine a cryptographic key or password without the user's knowledge by systematically trying all alternatives or combinations until the correct one is discovered.

Business continuity plan (BCP) - A loosely-defined set of planning, preparatory and related activities which are intended to ensure that an organisation's critical business functions will either continue to operate despite serious incidents or disasters that might otherwise have interrupted them, or will be recovered to an operational state within a reasonably short period.

C

Cloud - A network of remote servers hosted on the internet and used to store, manage, and process data in place of local servers or personal computers

Cryptography - The practice and study of techniques for securing communications in which plaintext data is converted through a cipher into ciphertext, from which the original data cannot be recovered without the cryptographic key.

Cyber attack - A deliberate act through cyberspace to manipulate, disrupt, deny, degrade or destroy computers or networks, or the information resident on them, with the effect of seriously compromising national security, stability or economic prosperity.

Cyber security - Measures used to protect the confidentiality, integrity and availability of systems, devices and the information residing on them

Cyber threat - Any circumstance or event with the potential to harm systems or information.

Cybercrime - Crimes directed at computers, such as illegally modifying electronic data or seeking a ransom to unlock a computer affected by malicious software. It also includes crimes where computers facilitate an existing offence, such as online fraud or online child sex offences.

D

Data - The basic element that can be processed or produced by a computer to convey information.

Data protection - Data protection is the process of safeguarding important information from corruption, compromise or loss.

Defence in depth - The implementation of multiple layers of security controls in a system to provide redundancy in the event a security control fails or a vulnerability is exploited.

Demilitarised zone (DMZ) - A small network with one or more servers that is kept separate from the core network, typically on the outside of the firewall or as a separate network protected by the firewall. Demilitarised zones usually provide information to less trusted networks, such as the internet.

Denial of Service (DOS) attack - An attempt by an adversary to prevent legitimate access to online services (typically a website), for example, by consuming the amount of available bandwidth or the processing capacity of the server hosting the online service

E

Encryption - The conversion of electronic plaintext data into unreadable ciphertext using algorithms. Encryption protects the confidentially of data at rest and in transit. Both encryption and decryption are functions of cryptography.

F

Firewall - A network device that filters incoming and outgoing network data based on a series of rules.

G

Gateway - A way to securely manage data flows between connected networks from different security domains.

H

Hacker - A computer expert that can gain unauthorised access to computer systems. Hacker is an agnostic term and a hacker does not necessarily have malicious intent.

Hardware vulnerabilities - An exploitable weakness in a computer system that enables attacks through remote or physical access to system hardware

Hotspot - An area where wireless internet access is available to the general public.

I

Identity Management (IdM) - The process used in businesses and organisations to grant or deny employees and others authorisation to secure systems. Also known as Identity and Access Management (IAM).

Identity theft - When a victim’s personal details are stolen and used to perpetrate crime, commonly fraud. Identity theft is a serious crime and can result in long-term and far-reaching negative consequences for victims.

Information and communications technology (ICT) - An extensible term for information technology that stresses the role of unified communications and the integration of telecommunications and computers, as well as related enterprise software, middleware, storage and audio-visual systems, that enable users to access, store, transmit and manipulate information.

Integrity - The assurance that information has been created, amended or deleted only by authorised individuals.

Internet of Things (IoT) - The network of physical objects, devices, vehicles, buildings and other items which are embedded with electronics, software, sensors and network connectivity, which enables these objects to connect to the internet and collect and exchange data.

M

Malicious software (malware) - Any software that brings harm to a computer system. Malware can be in the form of worms, viruses, Trojans, spyware, adware and rootkits etc. which steal protected data, delete documents or add software not approved by a user

Multi-factor authentication (MFA) - A method of computer access control in which a user is granted access only after successfully presenting several separate pieces of evidence to an authentication mechanism – typically at least two of the following categories: knowledge (something they know), possession (something they have), and inherence (something they are).

O

Operating system - System software that manages hardware and software resources and provides common services for executing various applications on a computer.

P

Password - A sequence of characters used for authentication.

Patching - The action of updating, fixing, or improving a computer program.

Phishing - Untargeted, mass emails sent to many people asking for sensitive information (such as bank details), encouraging them to open a malicious attachment, or visit a fake website that will ask the user to provide sensitive information or download malicious content.

Privacy - The ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively.

R

Ransomware - Malicious software that makes data or systems unusable until the victim makes a payment.

S

Social engineering - The methods used to manipulate people into carrying out specific actions, or divulging information.

Security risk - Any event that could result in the compromise, loss of integrity or unavailability of information or resources, or deliberate harm to people measured in terms of its likelihood and consequences.

Standard operating procedure (SOP) - Instructions for following a defined set of activities in a specific manner. For example, an approved data transfer process.

Terminology has been obtained from the Australian Cyber Security Centre (ACSC).²