Skip to main content
. 2 3 A B C D E F G H I J K L M N O P Q R S T U V W X Z

.

.NET Framework

.NET Framework is a software framework developed by Microsoft that runs primarily on Microsoft Windows. It includes a large class library named as Framework Class Library and provides language interoperability across several programming languages.

2

2FA

Two-factor authentication

3

3DES

Triple Data Encryption Standard

A

AACA

ASD Approved Cryptographic Algorithm

AACP

ASD Approved Cryptographic Protocol

ABS

Australian Bureau of Statistics

ACA

Australasian Certification Authority

Academic Centres of Cyber Security Excellence

The Academic Centres of Cyber Security Excellence (ACCSE) program is part of Australia's $230 million Cyber Security Strategy launched by the Prime Minister on 21 April 2016.

ACCC

Australian Competition and Consumer Commission

Access control

The process of granting or denying requests for access to systems, applications and information. Can also refer to the process of granting or denying requests for access to facilities.

Access Cross Domain Solution

A system permitting access to multiple security domains from a single client device.

Account harvesting

The illegal practice of collecting email accounts from information in the public domain or by using software to search for email addresses stored locally on a computer. Account harvesting may be used for spamming.

ACCSE

Academic Centres of Cyber Security Excellence

ACE

ASD Cryptographic Evaluation

ACEL

Australian Communication Exchange Limited

ACIC

Australian Criminal Intelligence Commission

ACMA

Australian Communications and Media Authority

ACORN

Australian Cybercrime Online Reporting Network (replaced by ReportCyber)

Acrobat

Adobe Acrobat is software to view, create, edit and manage PDF files

ACSC

Australian Cyber Security Centre

ACSI

Australian Communications Security Instruction

Active defence

The principle of proactively implementing a spectrum of security measures to strengthen a network or system to make it more robust against attack. Active defence is separate from offensive cyber operations, as well as passive defence or network hardening.

Note: some references to active defence focus on the employment of limited offensive action and counterattacks – commonly referred to as ‘hacking back’. The term active defence is not synonymous with ‘hacking back’, and should not be used interchangeably.

Ad blockers

An ad blocker is software that prevents advertisements from appearing with the content the user is intentionally viewing. People block ads for a variety of reasons. For example, many of them find marketing ads annoying and even stressful.

ADDC

Australian Data and Digital Council

Adobe

Adobe Inc, known until 3 October 2018 as Adobe Systems Incorporated, is an American multinational computer software company headquartered in San Jose, California.

Adobe Flash Player

Adobe Flash Player is computer software for using content created on the Adobe Flash platform, including viewing multimedia contents, executing rich Internet applications, and streaming audio and video

Adobe Reader

Adobe Reader is a free program created and distributed by Adobe Systems. It is used to open PDF documents. PDFs can be a wide variety of files, such as images, text documents, forms, books, or any combination of these. They are cross-platform, meaning each PDF will look the same on a Windows computer as it will on a Mac.

Advanced Persistent Threat

A label given to a set of malicious cyber activity with common characteristics, often orchestrated by a person or persons targeting specific entities over an extended period. An APT usually targets either private organisations, states or both for business or political motives.

Advice

An opinion recommending a course of action to be taken given the circumstances relating to a single moment or decision.

Advisory

Advisories provide timely information and advice about current security issues, vulnerabilities, and exploits.

Adware

A program that displays advertisements that can be installed legitimately as a part of another application or service, or illegitimately without the consent of the system user.

AES

Advanced Encryption Standard

AFP

Australian Federal Police

After market devices

A secondary market of an industry, concerned with the manufacturing, remanufacturing, distribution, retailing, and installation of all parts, equipment, and accessories, after the sale of the device by the original equipment manufacturer to the consumer.

AGAO

Australian Government Access Only

AGD

Attorney-General's Department

Aggregation (of data)

A term used to describe compilations of information that may require a higher level of protection than their component parts.

AH

Authentication Header

Air Gap

A network security measure employed on one or more computers to ensure that a secure computer network is physically isolated from unsecured networks, such as the public Internet or an unsecured local area network.

AirPort

AirPort Express, AirPort Extreme (Wi-Fi) and AirPort Time Capsule (Wi-Fi HDD).

AISEF

Australasian Information Security Evaluation Facility

AISEP

Australasian Information Security Evaluation Program

AISI

Australian Internet Security Initiative

Alert

An alert is intended to provide timely notification concerning threats or activity with the potential to impact individuals, businesses, organisations, government, devices, peripherals, networks or infrastructure.

Amazon

Amazon.com Inc is an American multinational technology company based in Seattle, focusing on e-commerce, cloud computing, digital streaming and artificial intelligence.

Amazon Web Services

Amazon Web Services is a comprehensive, evolving cloud computing platform provided by Amazon that includes a mixture of infrastructure as a service (IaaS), platform as a service (PaaS) and packaged software as a service (SaaS) offerings.

Android

Android is a mobile operating system developed by Google. It is used by several smartphones and tablets. The Android operating system is based on the Linux kernel.

ANSI

American National Standards Institute

Anti-virus

Software that is designed to detect, stop and remove viruses and other kinds of malicious software.

AP

Access Point

App

Application

Apple

Apple, Inc. is an electronics and software company based in California, USA. Originally known as Apple Computer.

Apple ID

Apple ID is an authentication method used by Apple for iPhone, iPad, Mac and other Apple devices. Apple IDs contain user personal information and settings. When an Apple ID is used to log into an Apple device, the device will automatically use the settings associated with the Apple ID.

Apple support

Help and support service provided by Apple

Application

Application software is a program or group of programs designed for end users. Examples of an application include a word processor, a spreadsheet, an accounting application, a web browser, an email client, a media player, a file viewer, an aeronautical flight simulator, a console game or a photo editor. The collective noun application software refers to all applications collectively. This contrasts with system software, which is mainly involved with running the computer.

Application control

An approach in which only an explicitly defined set of trusted applications are allowed to execute on systems.

APRA

Australian Prudential Regulation Authority

APT

Advanced Persistent Threat

Archive

A place where an accumulation of computer files is stored. It could be disk storage, flash drive, a backup disk drive, an online backup service and indexing internet pages.

Artificial Intelligence

Artificial intelligence is the simulation of intelligence processes by machines, especially computer systems. These processes include learning (the acquisition of information and rules for using the information), reasoning (using the rules to reach approximate or definite conclusions), and self-correction. Particular applications of AI include threat identification, expert systems, speech recognition and machine vision.

ASD

Australian Signals Directorate

ASD Cryptographic Evaluation

A program that analyses products to determine whether their security architecture and cryptographic algorithms have been implemented correctly and are strong enough for the products intended use.

ASIC

Australian Securities and Investments Commission

ASIO

Australian Security Intelligence Organisation

Asset

Anything of value, such as ICT equipment, software or information.

ATA

Advanced Technology Attachment

ATO

Australian Taxation Office

Attack surface

The amount of ICT equipment and software used in a system. The greater the attack surface the greater the chances of an adversary finding an exploitable security vulnerability.

Attribution

The process of assessing the source, perpetrator or sponsor of malicious activity. Statements of attribution often use probabilistic language and indicate the level of confidence in the assessment.

Audit log

A chronological record of system activities including records of system access and operations performed.

Audit trail

A chronological record that reconstructs the sequence of activities surrounding, or leading to, a specific operation, procedure or event.

AUSTEO

Australian Eyes Only

Australasian Information Security Evaluation Facility

A program that evaluates products in order to protect systems and information against cyber threats. These evaluation activities are certified by the Australasian Certification Authority.

Australasian Information Security Evaluation Program

A program under which evaluations are performed by impartial bodies against the Common Criteria. The results of these evaluations are then certified by the Australian Cyber Security Centre (ACSC) which is responsible for the overall operation of the program.

Australasian Information Security Evaluation Program

The Australasian Information Security Evaluation Program (AISEP) evaluates products in order to protect systems and information against cyber threats. These evaluation activities are certified by the Australasian Certification Authority.

Australian Bureau of Statistics

The Australian Bureau of Statistics is the independent statistical agency of the Government of Australia. The Australian Bureau of Statistics provides key statistics on a wide range of economic, population, environmental and social issues, to assist and encourage informed decision making, research and discussion within governments and the community.

Australian Communication Exchange Limited

The charity's purpose is to provide communication assistance for the deaf and hearing-impaired community.

Australian Communications and Media Authority

The Australian Communications and Media Authority is an Australian Government statutory authority within the Communications portfolio.

Australian Competition and Consumer Commission

The Australian Competition and Consumer Commission is an independent authority of the Australian Government. Its mandate is to protect consumer rights, business rights and obligations, perform industry regulation and price monitoring and prevent illegal anti-competitive behaviour.

Australian Criminal Intelligence Commission

The Australian Criminal Intelligence Commission is a law enforcement agency established by the Australian federal government on 1 July 2016. It has specialist investigative capabilities and delivers and maintains national information sharing systems.

Australian Cyber Security Centre

The Australian Cyber Security Centre is the Australian Government lead agency for cyber security. The ACSC is part of the Australian Signals Directorate.

Australian Cybercrime Online Reporting Network

Replaced by ReportCyber

Australian Data and Digital Council

Is a department that provides high quality advice and support to the Prime Minister, the Cabinet, Portfolio Ministers and Assistant Ministers to achieve a coordinated and innovative approach to the development and implementation of Government policies. They coordinate and develop policy across the Government in economic, domestic and international issues, Aboriginal and Torres Strait Islander affairs and public service stewardship.

Australian Eyes Only information

Information not to be passed to, or accessed by, foreign nationals.

Australian Federal Police

The Australian Federal Police's role is to enforce Commonwealth criminal law, contribute to combating complex, transnational, serious and organised crime impacting Australia's national security and to protect Commonwealth interests from criminal activity in Australia and overseas.

Australian Government Access Only information

Information not to be passed to, or accessed by, foreign nationals, with the exception of seconded foreign nationals.

Australian Government Information Security Manual

The information security manual produced by the Australian Cyber Security Centre outlines a cyber security framework that organisations can apply, using their risk management framework, to protect their information and systems from cyber threats.

Australian Internet Security Initiative

The Australian Internet Security Initiative is a program run by Australian Cyber Security Centre that helps to reduce malicious software (malware) infections and service vulnerabilities occurring on Australian internet protocol address ranges. It operates as a public-private partnership where Australian internet providers voluntarily work with ACSC to help protect their customers from cyber security threats.

Australian Prudential Regulation Authority

The Australian Prudential Regulation Authority is a statutory authority of the Australian Government and the prudential regulator of the Australian financial services industry.

Australian Security Intelligence Organisation

The Australian Security Intelligence Organisation is Australia's national security agency responsible for the protection of the country and its citizens from espionage, sabotage, acts of foreign interference, politically motivated violence, attacks on the Australian defence system, and terrorism.

Australian Signals Directorate

Australian Signals Directorate is the Australian government agency responsible for foreign signals intelligence, support to military operations, cyber warfare, and information security.

Australian Signals Directorate Cryptographic Evaluation

The rigorous investigation, analysis, verification and validation of cryptographic software and equipment by ASD against a stringent security standard.

Australian Taxation Office

The Australian Taxation Office is the principal revenue collection agency of the Australian Government. Their role is to effectively manage and shape the tax and superannuation systems that support and fund services for Australians.

Authentication

Verifying the identity of a user, process or device as a prerequisite to allowing access to resources in a system.

Authentication Header

A protocol used in Internet Protocol Security (IPsec) that provides data integrity and data origin authenticity but not confidentiality.

Authorising officer

An executive with the authority to formally accept the security risks associated with the operation of a system and to authorise it to operate.

Availability

The assurance that systems and information are accessible and useable by authorised entities when required.

AWS

Amazon Web Services

B

Back door

A feature or defect of a computer system that allows access to data by bypassing normal security measures.

Backup

In information technology, a backup, or data backup is a copy of computer data taken and stored elsewhere so that it may be used to restore the original after a data loss event.

Bad Rabbit

Bad Rabbit is a type of ransomware attack where the users file tables are encrypted and then a Bitcoin payment is demanded to decrypt them.

Banking

An institution offering certain financial services, such as the safekeeping of money, conversion of domestic into and from foreign currencies, lending of money at interest, and acceptance of bills of exchange.

Big data

Large amounts of structured and unstructured data that exceeds the ability of commonly used software tools to capture, manage and process. Big data requires techniques and technologies with new forms of integration to reveal insights from datasets that are diverse, complex, and of a massive scale.

Biometrics

Measurable physical characteristics used to identify or verify an individual.

Bitcoin

A digital currency and payment system underpinned by blockchain technology. Bitcoins can be used for online purchases, or converted into traditional currency.

Black hat

A person that hacks for personal gain and/or who engages in illicit and unsanctioned hacking activities.

Blackmail

Blackmail is an act of coercion using the threat of revealing or publicising either substantially true or false information about a person or people unless certain demands are met. It is often damaging information and may be revealed to family members or associates rather than to the general public.

Blockchain

A distributed database that maintains a continuously growing list of records, called blocks, secured from tampering and revision. Each block contains a timestamp and a link to a previous block. By design, blockchains are inherently resistant to modification of the data—once recorded, the data in a block cannot be altered retroactively.

Blocklist

A list of entities that are not considered trustworthy and are blocked or denied access.

BlueBorne

BlueBorne is a type of security vulnerability by which hackers can leverage Bluetooth connections to penetrate and take complete control over targeted devices. BlueBorne affects ordinary computers, mobile phones, smart cars and wearable gadgets.

BlueKeep

BlueKeep is a vulnerability in the Remote Desktop Protocol (RDP) that can affect the Windows Vista, Windows 7, Windows XP, Server 2003 and Server 2008 operating systems.

Bluetooth

Bluetooth is a wireless technology standard used for exchanging data between fixed and mobile devices over short distances using short-wavelength UHF radio waves.

Bogus request

Fake request

Bot

A program that performs automated tasks. In a cyber security context, a malware-infected computer that carries out tasks set by someone other than the device's legitimate user.

Botnet

A collection of computers infected by bots, remotely controlled by an actor to conduct malicious activities without the user's knowledge, such as to send spam, spread malware, conduct denial of service activities or steal data.

Breach (data)

When data is lost or subjected to unauthorised access, modification, disclosure, or other misuse or interference. Also referred to as a ‘Data Spill’.

Breach (security)

An incident that results in unauthorised access of data, applications, services, networks and/or devices by bypassing their underlying security mechanisms.

Bring Your Own Device

An organisational policy that allows employees to use their own personal devices for work purposes. These devices connect to and utilise the organisations’ network, data and resources.

Broadband

Broadband is a wide bandwidth data transmission which transports multiple signals and traffic types. In the context of internet access, Broadband is used to mean any high speed internet access that is always on.

Broadcasting

Broadcasting is the distribution of audio or video content to a dispersed audience via any electronic mass communications medium, but typically one using the electromagnetic spectrum.

Browser

A software application for retrieving, presenting and traversing information resources on the world wide web.

Browser hijacking

Occurs when your browser settings are changed without your knowledge or consent. Your browser may persistently redirect to malicious or other unwanted websites.

Browsing history

The list of web pages a user has visited recently - and associated data such as page title and time of visit - which is recorded by web browser software as standard for a certain period of time.

Brute force

A typically unsophisticated and exhaustive process to determine a cryptographic key or password that proceeds by systematically trying all alternatives until it discovers the correct one.

Bug

A flaw or error in a software program.

Business continuity

Business continuity encompasses a loosely defined set of planning, preparatory and related activities which are intended to ensure that an organisation's critical business functions will either continue to operate despite serious incidents or disasters that might otherwise have interrupted them, or will be recovered to an operational state within a reasonably short period.

Business email compromise

Business email compromise attacks are a form of cybercrime which use email fraud to attack business, government and non-profit organisations to achieve a specific outcome which negatively impacts the target organisation.

Business scams

A dishonest scheme that aims to get money, or something else of value from businesses.

Buying online

A form of electronic commerce which allows consumers to directly buy goods or services from a seller over the internet using a web browser.

BYOD

Bring Your Own Device

C

C2 or C&C

Command and control

CAG

Content Advisory Group

Cameras

A device for recording visual images in the form of photographs, film or video signals.

Car hacking

The manipulation of the code in a car's electronic control unit to exploit a vulnerability and gain control of other electronic control unit's in the vehicle.

Cascaded connections

Cascaded connections occur when one network is connected to another, which is then connected to another, and so on.

Case study

a factual representation of what happened along with some analysis that provides insights and learning for the future.

Catfish

Internet predators who create fake online identities to lure people into emotional or romantic relationships for personal or financial gain.

Caveat

A marking that indicates that the information has special requirements in addition to those indicated by its classification. This term covers codewords, source codewords, releasability indicators and special-handling caveats.

CCRA

Common Criteria Recognition Arrangement

CCSL

Certified Cloud Services List

CDN

content delivery network

CDS

Cross Domain Solution

Central Processing Unit

The electronic circuitry within a computer that executes instructions that make up a computer program. The central processing unit performs basic arithmetic, logic, controlling, and input/output operations specified by the instructions in the program.

CEO

Chief Executive Officer

CERT Australia

CERT Australia is the national computer emergency response team. CERT Australia provides advice and support on cyber threats and vulnerabilities to the owners and operators of Australia's critical infrastructure and other systems of national interest.

Certificates

A secure certificate, is a file installed on a secure web server that identifies a website. This digital certificate establishes the identity and authenticity of the company or merchant so that online shoppers can trust that the website is secure and reliable.

Certification report

An artefact of Common Criteria evaluations that outlines the outcomes of a product’s evaluation.

Certified Cloud Services List

Certified Cloud Services List is a list of ASD certified Cloud Services.

CGCE

Commercial Grade Cryptographic Equipment

Checkpoint

Check Point is a multinational provider of software and combined hardware and software products for IT security, including network security, endpoint security, cloud security, mobile security, data security and security management.

Chief Executive Officer

The highest ranking executive in a company, whose primary responsibilities include making major corporate decisions, managing the overall operations and resources of a company, acting as the main point of communication between the board of directors and corporate operations and being the public face of the company.

Chief Information Security Officer

A senior executive who is responsible for coordinating communication between security and business functions as well as overseeing the application of security controls and associated security risk management processes.

Chrome

A very popular web browser from Google that was introduced for Windows in 2008 and for the Mac and Linux in 2009.

ChromeOS

Chrome OS is a Linux kernel-based operating system designed by Google. It is derived from the free software Chromium OS and uses the Google Chrome web browser and Aura Shell as its principal user interface.

CIMA

Cyber Incident Management Arrangements

Cisco

An American multinational technology conglomerate headquartered in San Jose, California, in the centre of Silicon Valley. Cisco develops, manufactures and sells networking hardware, software, telecommunications equipment and other high-technology services and products.

CISO

Chief Information Security Officer

Citrix

An American multinational software company that provides server, application and desktop virtualisation, networking, software as a service, and cloud computing technologies.

Classification

The categorisation of systems and information according to the expected impact if it was to be compromised.

Classified information

Information that requires increased security to protect its confidentiality (i.e. information marked PROTECTED, SECRET or TOP SECRET).

Click farm

The click farm is made up of armies of low paid workers whose job is to click on links, surf around the target website for a period of time, perhaps signing up for newsletters and then to moving on to another link. It is very hard for an automated filter to analyse this simulated traffic and detect that is it invalid as it has exactly the same profile as a real site visitor.

Click fraud

Using a compromised computer to click ads on a website without the user’s awareness, with the intention of generating revenue for the website, or draining resources from the advertiser.

Clickbait

Clickbait is a form of false advertisement which uses hyperlink text or a thumbnail link that is designed to attract attention and entice users to follow that link and read, view, or listen to the linked piece of online content, with a defining characteristic of being deceptive, typically sensationalised or misleading.

Cloud

A network of remote servers hosted on the internet and used to store, manage, and process data in place of local servers or personal computers.

Cloud computing

A service model that enables network access to a shared pool of computing resources such as data storage, servers, software applications and services.

Cloud Service Provider

A company that offers some component of cloud computing - typically infrastructure as a service (laaS), software as a service (SaaS) or platform as a service (PaaS) - to other businesses or individuals.

CMS

Content Management System

CNSA

Commercial National Security Algorithm

Code

Program instructions

Coercivity

A property of magnetic material, used as a measure of the amount of coercive force required to reduce the magnetic induction to zero from its remnant state.

Cold-call

Make an unsolicited visit or telephone call to (someone), in an attempt to sell goods or services.

ColdFusion

A web development suite that used for developing scalable e-business applications. It has the ability to build websites as individual pieces that can be stored in its internal database, then reassembled to form webpages, e-newsletters etc.

Command and control

A set of organisational and technical attributes and processes that employs human, physical, and information resources to solve problems and accomplish missions.

Commercial grade cryptographic equipment

A subset of ICT equipment which contains cryptographic components.

Common Criteria

An international standard for software and ICT equipment evaluations.

Common Criteria Recognition Arrangement

An international agreement which facilitates the mutual recognition of Common Criteria evaluations by certificate producing schemes.

Communications

The transfer of data and information from one location to another.

Communications security

The security measures taken to deny unauthorised personnel information derived from telecommunications and to ensure the authenticity of such telecommunications.

Compromise

The disclosure of information to unauthorised persons, or a violation of the security policy of a system in which unauthorised intentional or unintentional disclosure, modification, destruction or loss of an object may have occurred.

Computer

A programmable electronic device designed to accept data, perform prescribed mathematical and logical operations at high speed, and display the results of these operations.

Computer network

Two or more interconnected devices that can exchange data.

Conduit

A tube, duct or pipe used to protect cables.

Confidentiality

The assurance that information is disclosed only to authorised entities.

Connection forwarding

The use of network address translation to allow a port on a node inside a network to be accessed from outside the network. Alternatively, using a Secure Shell server to forward a Transmission Control Protocol connection to an arbitrary port on the local host.

Consumer Electronics Show

An annual trade show organised by the Consumer Technology Association.

Consumer fraud week

A campaign to raise awareness of the types of scams that target older Australians, educate older Australians on how to identify and avoid scams and provide older Australians with information on what to do if they've been scammed.

Consumer guide

Specific configuration and usage guidance for products evaluated through the ASD Cryptographic Evaluation program or the High Assurance evaluation program.

Content filter

A filter that examines content to assess conformance against a security policy.

Content Security Policy

A computer security standard introduced to prevent cross-site scripting, clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context.

Cookie

A small text file that is transmitted by a website and stored in the user's web browser, used to identify the user and prepare customized webpages. A cookie can be used to track a user’s activity while browsing the internet.

Copyright

The exclusive legal right to reproduce, publish, sell, or distribute the matter and form of something.

Corporate espionage

The improper or unlawful theft of trade secrets or other knowledge proprietary to a competitor for the purpose of achieving a competitive advantage in the marketplace.

Credential theft

A type of cybercrime that involves stealing a victim's proof of identity. Once credential theft has been successful, the attacker will have the same account privileged as the victim. Stealing credentials is the first stage in a credential based attack.

Critical infrastructure

Physical facilities, supply chains, information technologies and communication networks which – if destroyed, degraded or rendered unavailable for an extended period – would significantly impact on the social or economic wellbeing of the nation, or affect a nation’s ability to conduct national defence and ensure national security.

Cross domain solution

A system capable of implementing comprehensive data flow security policies with a high level of trust between two or more differing security domains.

Crypto-currencies

A type of digital currency which uses encryption techniques to regulate the generation of units of currency and verify the transfer of funds, operating independently of a central bank.

Cryptocurrency

A type of digital currency that uses cryptography for security and anti-counterfeiting measures.

Cryptographic algorithm

An algorithm used to perform cryptographic functions such as encryption, integrity, authentication, digital signatures or key establishment.

Cryptographic equipment

A generic term for Commercial Grade Cryptographic Equipment and High Assurance Cryptographic Equipment.

Cryptographic hash

An algorithm (the hash function) which takes as input a string of any length (the message) and generates a fixed length string (the message digest or fingerprint) as output. The algorithm is designed to make it computationally infeasible to find any input which maps to a given digest, or to find two different messages that map to the same digest.

Cryptographic protocol

An agreed standard for secure communication between two or more entities to provide confidentiality, integrity, authentication and non-repudiation of information.

Cryptographic software

Software designed to perform cryptographic functions.

Cryptographic system

A related set of hardware or software used for cryptographic communication, processing or storage, and the administrative framework in which it operates.

Cryptography

The practice and study of techniques for securing communications in which plaintext data is converted through a cipher into ciphertext, from which the original data cannot be recovered without the cryptographic key.

CryptoLocker

A particularly malicious type of ransomware which, once installed on your computer, encrypts and locks all of the files on the infected computer including documents, photos, music and video. A pop up window will then display on the computer screen requesting payment of a ransom in return for a CryptoLocker key to unlock the encrypted files. Paying the ransom does not guarantee removal of the CryptoLocker.

Cryptomining

A process in which transactions for various forms of cryptocurrency are verified and added to the blockchain digital ledger.

CSIR

Cyber Security Incident Responder

Cyber adversary

An individual or organisation (including state-sponsored) that conducts malicious activity including cyber espionage, crime or attack.

Cyber attack

A deliberate act through cyberspace to manipulate, disrupt, deny, degrade or destroy computers or networks, or the information resident on them, with the effect of seriously compromising national security, stability or economic prosperity.

Note: there are multiple global definitions of what constitutes a cyber attack.

Cyber bullying

A form of bullying or harassment using electronic means. It is when someone bullies or harasses others on the internet and in other digital spaces, particularly on social media sites.

Cyber defence

Defensive activity designed to protect information and systems against offensive cyber operations.

Cyber espionage

Malicious activity designed to covertly collect information from an adversary’s computer systems for intelligence purposes without causing damage to those systems. Can be conducted by state or non-state entities, and can also include theft for commercial advantage.

Cyber event

An identified occurrence of a system, service or network state indicating a possible breach of information security policy or failure of safeguards, or a previously unknown situation that may be security relevant.

Cyber Incident Management Arrangements

The CIMA provides Australian governments with guidance on how they will collaborate in response to, and reduce the harm associated with, national cyber incidents.

Cyber operations

Offensive and defensive activities designed to achieve effects in or through cyberspace.

Cyber resilience

The ability to adapt to disruptions caused by cyber security incidents while maintaining continuous business operations. This includes the ability to detect, manage and recover from cyber security incidents.

Cyber safety

The safe and responsible use of Information and Communication Technologies.

Cyber security

Measures used to protect the confidentiality, integrity and availability of systems and information.

Cyber Security Challenge Australia

Cyber Security Challenge Australia is a hacking competition run by an alliance of Australian Government, business and academic professionals who are committed to finding the next generation of Australian cyber security talent.

Cyber security event

An occurrence of a system, service or network state indicating a possible breach of security policy, failure of safeguards or a previously unknown situation that may be relevant to security.

Cyber security incident

An unwanted or unexpected cyber security event, or a series of such events, that have a significant probability of compromising business operations.

Cyber security incident responder

A cyber firefighter, rapidly addressing security incidents and threats within an organisation. In your role as a first responder, you will be using a host of forensics tools to find the root cause of a problem, limit the damage and significantly reduce the likelihood of it occurring again.

Cyber stalking

Is the use of the internet or other electronic means to stalk or harass an individual, group, or organisation.

Cyber supply chain

Cyber supply chain includes the design, manufacture, delivery, deployment, support and decommissioning of equipment or services that are utilised within an organisation's cyber ecosystem.

Cyber threat

Any circumstance or event with the potential to harm systems or information.

Cyber warfare

The use of computer technology to disrupt the activities of a state or organisation, especially the deliberate disruption, manipulation or destruction of information systems for strategic, political or military purposes.

Cyber weapon

A computer code that is used, or designed to be used, with the aim of causing physical, functional, or mental harm to structures, systems, or people.

Cyber weapon is a contentious term among the international policy and legal communities, and there is an absence of agreement surrounding its connotations and implications. Avoid using ‘cyber weapon’ and use more generic terms such as destructive tools or exploits when describing the capabilities used by cyber actors.

Cybercrime

Crimes directed at computers, such as illegally modifying electronic data or seeking a ransom to unlock a computer affected by malicious software. It also includes crimes where computers facilitate an existing offence, such as online fraud or online child sex offences.

Cyberspace

The environment formed by physical and non-physical components to store, modify, and exchange data using computer networks.

CySCA

Cyber Security Challenge Australia

D

Dark web

The dark web is made up of sites that are not indexed by search engines and are only accessible through specialty networks such as The Onion Router (ToR). Often, the dark web is used by website operators who want to remain anonymous. The ‘Dark Web’ is a subset of the ‘Deep Web’.

Data

The basic element that can be processed or produced by a computer to convey information.

Data at rest

Information that resides on media or a system.

Data breach

The unauthorised movement or disclosure of sensitive private or business information.

Data dump

A large amount of data transferred from one system or location to another.

Data Encryption Algorithm

Data encryption algorithms are the algorithms that are used to encrypt and decrypt data. This algorithm type is used for encrypting data to encrypt and decrypt various parts of the message, including the body content and the signature.

Data in transit

Information that is being communicated across a communication medium.

Data protection

Data protection is the process of safeguarding important information from corruption, compromise or loss.

Data spill

The accidental or deliberate exposure of information into an uncontrolled or unauthorised environment, or to people without a need-to-know.

DBMS

Database management system

DCS

Distributed control system

DDoS

Distributed Denial-of-Service

DEA

Data Encryption Algorithm 

Declassification

A process whereby information is reduced to an OFFICIAL level and an administrative decision is made to formally authorise its release into the public domain.

Decrypting RSA With obsolete and weakened encryption

A cross-protocol security bug that attacks servers supporting modern SSLv3/TLS protocol suites by using their support for the obsolete, insecure, SSL v2 protocol to leverage an attack on connections using up-to-date protocols that would otherwise be secure.

Decryption

The decoding of encrypted messages.

Deep web

The part of the internet that is not indexed by search engines. Includes websites that are password-protected and paywalled, as well as encrypted networks, and databases.

Default passwords

where a device needs a username and/or password to log in, a default password is usually provided that allows the device to be accessed during its initial setup, or after resetting to factory defaults.

Defence in depth

The implementation of multiple layers of security controls in a system to provide redundancy in the event a security control fails or a vulnerability is exploited.

Defence Intelligence Organisation

The Defence Intelligence Organisation is an Australian Government intelligence agency responsible for strategic intelligence and technical intelligence assessments, advising defence and government decision-making on national security and international security issues, and the planning and conduct of Australian Defence Force operations. 

Degausser

An electrical device or permanent magnet assembly which generates a coercive magnetic force for the purpose of degaussing magnetic storage devices.

Degaussing

A process for reducing the magnetisation of a magnetic storage device to zero by applying a reverse (coercive) magnetic force, rendering any previously stored information unreadable.

Demilitarised zone

A small network with one or more servers that is kept separate from the core network, typically on the outside of the firewall or as a separate network protected by the firewall. Demilitarised zones usually provide information to less trusted networks, such as the internet.

Denial of Service

When legitimate users are denied access to computer services (or resources), usually by overloading the service with requests.

Denial-of-Service attack

An attempt by an adversary to prevent legitimate access to online services (typically a website), for example, by consuming the amount of available bandwidth or the processing capacity of the server hosting the online service.

Department of Home Affairs

The Department of Home Affairs is the Australian Government interior ministry with responsibilities for national security, law enforcement, emergency management, border control, immigration, refugees, citizenship, and multicultural affairs.

Device access control software

Software that can be used on a system to restrict access to communications ports. Device access control software can block all access to a communications port or allow access based on device types, manufacturer’s identification or even unique device identifiers.

DH

Diffie-Hellman

DHA

Department of Home Affairs

Dictionary attack

Where attackers use ‘password dictionaries’ or long lists of the most commonly-used passwords and character combinations against a password in order to guess it and break into a system.

Digital certificate

An electronic document used to identify an individual, a system, a server, a company, or some other entity, and to associate a public key with the entity. A digital certificate is issued by a certification authority and is digitally signed by that authority.

Digital footprint

The unique set of traceable activities, actions, contributions and communications that are manifested on the Internet or on digital devices.

Digital preservation

The coordinated and ongoing set of processes and activities that ensure long-term, error-free storage of digital information, with means for retrieval and interpretation, for the entire time span the information is required.

Digital signature

A cryptographic process that allows the proof of the source (with non-repudiation) and the verification of the integrity of that data.

Digital Transformation Agency

The Digital Transformation Agency is an Executive Agency within the Social Services Portfolio. The DTA exists to make it easy for people to deal with government, by helping government transform services to be simple, clear and fast.

DIO

Defence Intelligence Organisation

Diode

A device that allows data to flow in only one direction.

Disaster recovery

Disaster recovery involves a set of policies, tools and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster. Disaster recovery focuses on the IT or technology systems supporting critical business functions, as opposed to business continuity.

Distributed Denial of Service

A denial-of-service (DoS) where the source is comprised of multiple unique IP addresses used to flood the bandwidth or resources of a targeted system or network.

Distributed denial-of-service attack

A distributed form of denial-of-service attack.

DKIM

DomainKeys Identified Mail

DMA

Direct Memory Access

DMARC

Domain-based Message Authentication, Reporting and Conformance

DNS

Domain Name System

Domain

In the Internet, a part of a naming hierarchy in which the domain name consists of a sequence of names (labels) separated by periods (dots).

Note: There are multiple other technical and communications-related definitions for ‘domain’.

Domain Name System

The naming system that translates domain names into IP addresses.

Domain verification

When you are checked and verified as a legitimate user so you can see and access a website.

Domain-based Message Authentication, Reporting and Conformance

DMARC is an email authentication protocol. It is designed to give email domain owners the ability to protect their domain from unauthorised use, commonly known as email spoofing. 

DomainKeys Identified Mail

DomainKeys Identified Mail is a system for authenticating email that works with modern Message Transfer Agent systems. This resource was created to help fight spam, and uses a digital signature to help email recipients determine whether an email is legitimate.

DoS

Denial of Service

DoS attacks

Denial of Service attacks

Downloader

A type of trojan that downloads other malware onto your PC. The downloader needs to connect to the Internet to download the files.

Doxing

Obtaining and publishing private or personally identifiable information about an individual over the internet. Information can be obtained through a range of methods including network compromise, social engineering, data breaches, or research.

Drive by download

The unintended – automatic or accidental – download of malware from the Internet.

Drive-by download attacks

Refers to the unintentional download of malicious code to your computer or mobile device that leaves you open to a cyberattack. You don't have to click on anything, press download, or open a malicious email attachment to become infected.

Driver

Software that interfaces a hardware device with an operating system.

Dropper

A type of trojan that installs other malware files onto your PC. The other malware is included within the trojan file, and does not require connection to the internet.

DROWN

Decrypting RSA With Obsolete and Weakened Encryption

Drupal

Drupal is a free and open-source web content management framework written in PHP and distributed under the GNU General Public License.

DSA

Digital Signature Algorithm

DTA

Digital Transformation Agency

Dual-stack network device

ICT equipment that implements both Internet Protocol version 4 and Internet Protocol version 6 protocol stacks.

E

EAL

Evaluation Assurance Level

EAP

Extensible Authentication Protocol

EAP-TLS

Extensible Authentication Protocol-Transport Layer Security

Easter egg

An Easter egg is the hidden functionality within an application program, which becomes activated when an undocumented set of commands and keystrokes are entered. Easter eggs are typically used to display the credits for the development team or a humorous message and are intended to be nonthreatening.

Easy Steps Guide

A guide developed by Australian Cyber Security Centre to help Australians protect themselves from cyber criminals.

ECDH

Elliptic Curve Diffie-Hellman

ECDSA

Elliptic Curve Digital Signature Algorithm

EEPROM

Electrically erasable programmable read-only memory

EFTPOS

Electronic funds transfer at point of sale

Electronic funds transfer at point of sale

Electronic funds transfer at point of sale is an electronic payment system involving electronic funds transfers based on the use of payment cards, such as debit or credit cards, at payment terminals located at points of sale.

Email

Electronic mail is a method of exchanging messages between people using electronic devices.

Emanation security

The counter-measures employed to reduce classified emanations from a facility and its systems to an acceptable level. Emanations can be in the form of Radio Frequency energy, sound waves or optical signals.

Emanation security program

An ACSC program that sets out the requirements for government and organisations to be formally recognised to conduct emanation security practices to national standards.

EMET

Enhanced Mitigation Experience Toolkit

Emotet

Emotet is a malware strain and a cybercrime operation. First versions of the Emotet malware functioned as a banking trojan aimed at stealing banking credentials from infected hosts. Emotet operators then updated the trojan and reconfigured it to work primarily as a "loader", a type of malware that gains access to a system, and then allows its operators to download additional payloads.

EMSEC or ESP

Emanation security program

Encapsulating Security Payload

A protocol used for encryption and authentication in IPsec.

Encrypt

Convert information or data into a code, especially to prevent unauthorized access.

Encrypt files

The process of converting files into a code, to prevent unauthorized access.

Encryption

The conversion of electronic plaintext data into unreadable ciphertext using algorithms. Encryption protects the confidentially of data at rest and in transit. Both encryption and decryption are functions of cryptography.

Encryption software

Software designed to ensure the confidentiality of data by encrypting it when at rest.

End of support

End-of-support refers to a situation in which a company ceases support for a product or service. This is typically applied to hardware and software products when a company releases a new version and ends support for previous versions.

End to end encryption

A method of secure communication where only the communicating users can read data transferred from one end system or device to another.

End User Device

A personal computer, personal digital assistant, smart phone, or removable storage media (e.g. USB flash drive, memory card, external hard drive, writeable CD or DVD) that can store information.

Endpoint security

A methodology of protecting a network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats.

Enterprise mobility

An approach to work in which employees can do their jobs from anywhere using a variety of devices and applications.

EPL

Evaluated Products List

EPROM

Erasable programmable read-only memory

Escort

A person who ensures that when maintenance or repairs are undertaken to ICT equipment that uncleared personnel are not exposed to information they are not authorised to access.

ESP

Encapsulating Security Payload

Essential Eight

The Essential Eight are eight essential mitigation strategies that organisations are recommended to implement as a baseline to make it much harder for adversaries to compromise systems.

Essential services

Essential services refer to those services that are vital to the health and welfare of a population and therefore are essential to maintain even in a disaster.

Evaluated Products List

The Evaluated Products List is the definitive list of certified information and communications technology products for use by Australian and New Zealand government agencies in the protection of government information as required by the Australian Government Information Security Manual.

Evaluation Assurance Level

Evaluation Assurance Level (EAL1 through EAL7)

Event

In the context of system logs, an event constitutes an evident change to the normal behaviour of a network, system or user.

Event forwarding

Event forwarding is the transmission of information to a centralised computer concerning events that take place on remote computers or servers. In this context, an event is any occurrence that affects a file, program, task. Events are commonly used for troubleshooting applications and drivers.

Event logging

An event log is often used by a tool called security information and event management tool. This tool provides a higher level of analysis of the contents of an event log to help network administrators determine what is going on within a network.

Executable

A file that causes a computer to perform indicated tasks according to encoded instructions.

Exploit

A piece of code that exploits bugs or vulnerabilities in software or hardware to gain access a system or network.

e

eSafety Commissioner

eSafety is an independent statutory office supported by the Australian Communications and Media Authority. The eSafety Commissioner has various functions and powers under the Australian Government legislation, to foster online safety.

eXtensible Markup Language

Extensible Markup Language is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable.

F

Facebook

Facebook is a popular free social networking website that allows registered users to create profiles, upload photos and video, send messages and keep in touch with friends, family and colleagues.

FaceTime

Facetime is an Apple video telephony application that allows users to engage in one on one video chatting over the internet.

Facility

A physical space where business is performed. For example, a facility can be a building, a floor of a building or a designated space on the floor of a building.

Fake email

Fake email is sending counterfeit email by using a sender's address without their knowledge.

Fake trader

A trader that is in not legitimate.

Fake Twitter accounts

Twitter accounts that are not legitimate.

Fake website

Websites that are not legitimate.

Fax machine

A device that allows copies of documents to be sent over a telephone network.

Fibre

A fibre is a particularly lightweight thread of execution. Like threads, fibres share address space. However, fibres use cooperative multitasking while threads use pre-emptive multitasking.

FIPS

Federal Information Processing Standard

Firefox

Firefox is a free and open source web browser developed by the Mozilla foundation.

Firewall

A network device that filters incoming and outgoing network data based on a series of rules.

Firmware

Software embedded in ICT equipment.

Five Eyes

The Five Eyes is an Anglophone intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom and the United States of America.

Flash memory media

A specific type of electrically erasable programmable read-only memory.

Flash Player

Adobe Flash Player is computer software for using content created on the Adobe Flash platform, including viewing multimedia contents, executing rich internet applications, and streaming audio and video.

Flaw

A defect, fault, or imperfection, especially one that is hidden.

Fly lead

A lead that connects ICT equipment to the fixed infrastructure of a facility. For example, the lead that connects a workstation to a network wall socket.

Foreign national

A person who is not an Australian citizen.

Foreign system

A system that is not solely owned and managed by the Australian Government.

Fraud

Fraud is intentional deception to secure unfair or unlawful gain, or to deprive a victim of a legal right.

Fraud Week

Fraud week is where multiple organisations promote anti-fraud awareness and education to minimize the impact of fraud.

Fuzzing

Fuzzing (or fuzz testing) is a method used to discover errors or potential security vulnerabilities in software.

G

Gateway

Gateways securely manage data flows between connected networks from different security domains.

GDPR

General Data Protection Regulation

General Data Protection Regulation

The General Data Protection Regulation is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas.

Global Positioning System

A system of satellites combined with receivers on the Earth that determines the latitude and longitude of any particular receiver through triangulation.

Gmail

Gmail is a free web based email service in development at Google that provides users with a gigabyte of storage for messages and includes search functionality for finding specific messages.

Google

Google is a widely popular search engine.

Google Drive

Google Drive is a file storage and synchronisation service developed by Google. Google Drive allows users to store files on their servers, synchronise files across devices, and share files.

Google Play

Google play, formerly Android Market, is an American digital distribution service operated and developed by Google. It serves as the official app store for the Android operating system, allowing users to browse and download applications developed with the Android software development kit and published through Google.

GoToMyPC

GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser.

GovHack

GovHack is an international competition for people of all abilities who seek to make life better through open data. Across one weekend, thousands come together to form teams, agree projects, and participate in what has become one of the world's largest open data competitions.

GPS

Global Positioning System

Greenfield

Greenfield is a software project that is developed from scratch rather than built from an existing program.

Grey hat

A hacker or computer security expert who may sometimes violate laws or typical ethical standards, but may not have the malicious intent typical of a black hat hacker. See also ‘white hat’ and ‘black hat’.

Guidance

Guidance is an impartial service which will help you to identify your options, provide direction and narrow down your choices and may include instructions relating to specific products.

The ACSC makes every undertaking to ensure the accuracy and quality of the information we provide but is not accountable for any decision made based on it.

Gumtree

Gumtree is a British online classified advertisement and community website. Classified ads are either free or paid for depending on the product category and the geographical market.

H

HACE

High Assurance Cryptographic Equipment

Hack

The unauthorised exploitation of weaknesses in a computer system or network.

Hacker

A computer expert that can gain unauthorised access to computer systems. Hacker is an agnostic term and a hacker does not necessarily have malicious intent.

See ‘Black Hat’, ‘Grey Hat’, and ‘White Hat’.

Hacktivist

A hacker whose motivation is political, religious, or ideological, as opposed to criminal.

Handling requirements

An agreed standard for the storage and dissemination of information to ensure its protection. This can include electronic information, paper-based information or media containing information.

Hardware

A generic term for ICT equipment.

Hardware vulnerabilities

A hardware vulnerability is an exploitable weakness in a computer system that enables attack through remote or physical access to system hardware.

Hardware-based security (hardsec)

Hardware-based security is vulnerability protection that comes in the form of a physical device rather than software that is installed on a computer system.

Hash-based Message Authentication Code Algorithms

A cryptographic construction that can be used to compute Message Authentication Codes using a hash function and a secret key.

High Assurance Cryptographic Equipment

High assurance ICT equipment containing cryptographic logic and components that have been designed and authorised for the protection of highly classified information.

High Assurance evaluation

The rigorous investigation, analysis, verification and validation of ICT equipment by ASD against a stringent security standard.

High Assurance evaluation program

The High Assurance Evaluation program involves rigorous analysis and testing to search for any security vulnerabilities in products.

High assurance ICT equipment

ICT equipment that has been designed and authorised for the protection of highly classified information.

High risk vendor

part of supply chain management

Highly classified information

Information that requires the highest level of security to protect its confidentiality (i.e. information marked SECRET or TOP SECRET).

HIPS

Host-based Intrusion Prevention System

HMAC

Hashed Message Authentication Code

Hoax

A hoax is a falsehood deliberately fabricated to masquerade as the truth.

Hoax emails

An email hoax is a scam that is distributed in email form. It is designed to deceive and defraud email recipients, often for monetary gain.

Honeypot

A computer system designed specifically to attract potential malicious actors in order to inform the development of defensive measures and responses.

Host-based Intrusion Detection System

Software, resident on a system, which monitors system activities for malicious or unwanted behaviour.

Host-based Intrusion Prevention System

Software, resident on a system, which monitors system activities for malicious or unwanted behaviour and can react in real-time to block or prevent those activities.

Hotspot

An area where wireless internet access is available to the general public.

HSTS

HTTP Strict Transport Security

HTML

Hypertext Markup Language

HTTP

Hypertext Transfer Protocol

HTTP Strict Transport Security

HTTP Strict Transport Security is a web security policy mechanism that helps to protect websites against man in the middle attacks such as protocol downgrade attacks and cookie hijacking.

HTTPS

Hypertext Transfer Protocol Secure

HummingBad

Hummingbad is Android malware. Researchers say that the malware installs more than 50,000 fraudulent apps each day and displays 20 million malicious advertisements.

Hybrid hard drive

Non-volatile magnetic media that uses a cache to increase read/write speeds and reduce boot times. The cache is normally flash memory media or battery backed random-access memory (RAM).

Hypertext Transfer Protocol

Hypertext Transfer Protocol is the fundamental protocol used for transferring files on the internet.

Hypertext Transfer Protocol Secure

Hypertext Transfer Protocol, with the "S" for "Secure." The Hypertext Transfer Protocol (HTTP) is the basic framework that controls how data is transferred across the web, while HTTPS adds a layer of encryption for additional security.

I

IA

Information architecture

IA

Identity analytics

IAM

Identity Management (IdM), also known as Identity & Access Management

ICS

Industrial Control System

ICS-CERT

Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) which is part of the Cybersecurity and Infrastructure Security Agency (CISA).

ICT

Information and Communications Technology

ICT equipment

Any device that can process, store or communicate electronic information (e.g. computers, multifunction devices, mobile phones, digital cameras, electronic storage media and other radio devices).

ICT system

A related set of hardware and software used for the processing, storage or communication of information and the governance framework in which it operates.

IDCARE

IDCARE is Australia and New Zealand’s national identity & cyber support service. IDCARE offer free phone consultations and advice from specialised identity and cyber security counsellors.

Identity Analytics

The process of analysing the access of individuals or systems to an organisations IT resources.

Identity Management, also known as Identity & Access Management

Identity and access management is the process used in businesses and organisations to grant or deny employees and others authorisation to secure systems.

Identity theft

Where a victim’s personal details are stolen and used to perpetrate crime – commonly fraud. Identity theft is a serious crime and can result in long term and far-reaching negative consequences for victims.

IdM

Identity Management, also known as Identity & Access Management (IAM)

IETF

Internet Engineering Task Force

IKE

Internet Key Exchange

Impersonation Attack

Impersonation attacks are emails that attempt to impersonate a trusted individual or company in an attempt to gain access to corporate finances or data.

Impersonation scam

An impersonation scam is a scam where a dishonest individual will try to convince you to make a payment, give personal or financial details by claiming to be from a trusted organisation.

In the wild

Describes malware found in operation on the internet that infects and affects users' computers. This is opposed to malware seen only in internal test environments or malware collections.

Incident

An incident is an event that is not part of normal operations that disrupts operational processes.

Incident Response Plan

A plan for responding to cyber security incidents.

Industrial Control Systems

A collective term describing control systems and associated instrumentation used to efficiently operate and/or automate industrial processes. ICS include supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other smaller control system configurations such as programmable logic controllers (PLC).

Information and Communication Technology

Information and communications technology is an extensible term for information technology that stresses the role of unified communications and the integration of telecommunications and computers, as well as necessary enterprise software, middleware, storage, and audio-visual systems, that enable users to access, store, transmit, and manipulate information.

Information Communications Technology equipment

Any device that can process, store or communicate electronic information—for example, computers, multifunction devices and copiers, landline and mobile phones, digital cameras, electronic storage media and other radio devices.

Information security

The protection of information and information systems from unauthorised access, use, disclosure, disruption, modification or destruction in order to provide confidentiality, integrity and availability.

Information Security Registered Assessors Program

An initiative of the ACSC designed to register suitably qualified individuals to carry out security assessments for systems.

Infrared device

Devices such as mice, keyboards and pointing devices that have an infrared communications capability.

Instagram

Instagram is an American photo and video sharing social networking service owned by Facebook, Inc.

Install updates

The process of establishing the update into the system.

Integrity

The assurance that information has been created, amended or deleted only by authorised individuals.

Intellectual property

Intellectual property is the property of your mind or proprietary knowledge.

Interactive

The back and forth dialog between the user and the computer.

International SEO

International SEO is the process of optimizing your website so that search engines can easily identify which countries you want to target and which languages you use for business.

International Telecommunication Union

The International Telecommunication Union (ITU), originally the International Telegraph Union, is a specialised agency of the United Nations that is responsible for issues that concern information and communication technologies. It is the oldest global international organisation.

International Travel

Travel outside of Australia.

Internet

The global system of interconnected computer networks that use standardised communication protocols to link devices and provide a variety of information and communication facilities.

Internet Explorer

Internet Explorer is a series of graphical web browsers developed by Microsoft and included in the Microsoft Windows line of operating systems.

Internet of Things

The network of physical objects, devices, vehicles, buildings and other items which are embedded with electronics, software, sensors, and network connectivity, which enables these objects to connect to the internet and collect and exchange data.

Internet Protocol Security

A suite of protocols for secure communications through authentication or encryption of Internet Protocol (IP) packets as well as including protocols for cryptographic key establishment.

Internet Protocol telephony

The transport of telephone calls over IP networks.

Internet Protocol version 6

A protocol used for communicating over packet switched networks. Version 6 is the successor to version 4 which is widely used on the internet.

Internet Security Association Key Management Protocol aggressive mode

A protocol that uses half the exchanges of main mode to establish an IPsec connection.

Internet Security Association Key Management Protocol main mode

A protocol that offers optimal security using six packets to establish an IPsec connection.

Internet Service Provider

A company that provides subscribers with access to the internet.

Intrusion Detection System

An automated system used to identify an infringement of security policy. IDS can be host-based or network-based.

IoT

Internet of Things

IP

Internet Protocol

IP Address

Also known as an “IP number” or simply an “IP”, short for Internet Protocol. A code made up of a string of numbers that identifies a particular computer on the Internet. Every computer requires an IP address to connect to the Internet.

IPsec

Internet Protocol Security

IPv4

Internet Protocol version 4

IPv6

Internet Protocol version 6

IRAP

Information Security Registered Assessors Program

ISAKMP

Internet Security Association Key Management Protocol

ISM

Australian Government Information Security Manual

ISO

International Organisation for Standardisation

ISP

Internet Service Provider

ITU

International Telecommunications Union

i

iMac

iMac is a family of all-in-one Macintosh desktop computers designed and built by Apple Inc.

iOS

iOS (formerly iPhone OS) is a mobile operating system created and developed by Apple Inc. exclusively for its hardware. It is the operating system that presently powers many of the company's mobile devices, including the iPhone, and iPod Touch; it also powered the iPad prior to the introduction of iPadOS in 2019.

iPad

iPad is a line of tablet computers designed, developed and marketed by Apple Inc.

iPadOS

iPadOS is an operating system developed by Apple for the iPad family of devices.

iPhone

iPhone is a smartphone made by Apple that combines a computer, iPod, digital camera and cellular phone into one device with a touchscreen interface.

iPod

The iPod is a line of portable media players and multi-purpose pocket computers designed and marketed by Apple Inc.

iTunes

iTunes, developed by Apple Inc., is a media player, media library, internet radio broadcaster, mobile device management utility, and the client app for the iTunes Store. 

It is used to purchase, play, download, and organise digital multimedia, on personal computers running the macOS and Windows operating systems (in 2019, Apple announced that iTunes in macOS Catalina would be replaced by separate apps, namely Music, Podcasts, and TV. Finder would take over the device management capabilities).

iView

iView is a video on demand and catch up TV service run by the Australian Broadcasting Corporation.

J

Java

Java is a general purpose programming language that is a class based, object oriented, and designed to have as few implementation dependencies as possible.

JCSC

Joint Cyber Security Centre

Joint Cyber Security Centre

Joint Cyber Security Centre program brings together business and the research community along with state, territory and Australian Government agencies in an open and cooperative environment.

JSON

JavaScript Object Notation

Jump server

A computer which is used to manage important or critical resources in a separate security domain. Also known as a jump host or jump box.

Juniper Networks

Juniper Networks is an American multinational corporation. The company develops and markets networking products, including routers, switches, network management software, network security products, and software defined networking technology.

K

Key

In database management systems, a key is a field that you use to sort data. For example, if you sort records by age, then the age field is a key.

Key management

The use and management of cryptographic keys and associated hardware and software. It includes their generation, registration, distribution, installation, usage, protection, storage, access, recovery and destruction.

Keying material

Cryptographic keys generated or used by cryptographic equipment or software.

Keylogger

Software that records which keys you press. Also known as keystroke logging.

Keystroke logger (or keylogger)

Malicious software that records and 'logs' each key you press. These programs may be used to capture confidential information (such as login or financial details) and send to an attacker.

L

LAN

Local Area Network

Laptop

A laptop is a small portable personal computer, suitable for use while travelling.

LastPass

LastPass is a freemium password manager that stores encrypted passwords online.

Legitimate email

An email from a trusted organisation or individual.

Lenovo

Lenovo Group Limited is a Chinese multinational technology company with headquarters in Beijing. The company designs, develops, manufacturers, and sells personal computers, tablet computers, smart phones, workstations, servers, electronic storage devices, IT management software, and smart televisions. 

Libraries

In computer science, a library is a collection of non-volatile resources used by computer programs, often for software development.

Licence

A software license is a legal instrument governing the use or redistribution of software.

Like farming

Use of social engineering, such as compelling stories or photos, to persuade large numbers of users to 'like' a social networking page. Many of the stories are fake, and are part of a scam which makes money from the exposure generated by people liking and hence sharing the page.

LinkedIn

Linkedin is an American business and employment-oriented service that operates via websites and mobile apps. It is mainly used for professional networking, including employers posting jobs and job seekers posting their CVs.

Links

A link is an HTML object that allows you to jump to a new location when you click or tap it. Links provide a simple means of navigating between pages on the web.

Linux

Linux is a family of open source Unix-like operating systems based on the Linux kernel.

Local Area Network

A computer network that interconnects devices within a limited area such as a residence, school, laboratory, or office building.

Lockable commercial cabinet

A cabinet that is commercially available, of robust construction and is fitted with a commercial lock.

Logging

Is the automatically produced and time-stamped documentation of events relevant to a particular system.

Logging facility

A facility that includes software which generates events and their associated details, the transmission (if necessary) of event logs, and how they are stored.

Logical access controls

Measures used to control access to systems and their information.

Login

The act of logging in to a database, mobile device, or computer, especially a multiuser computer or a remote or networked computer system, usually by using a username and password.

Login

The act of logging in to a database, mobile device, or computer, especially a multiuser computer or a remote or networked computer system, usually by using a username and password.

Lucent Technologies

Lucent Technologies was an American multinational telecommunications equipment company.

M

MAC

Media Access Control

MacBook

The MacBook is Apple's third laptop computer family. MacBooks featured Apple's Retina Display and higher resolutions, as well as the Force Touch trackpad that senses different pressure levels.

Machine learning

A type of artificial intelligence (AI) that allows software applications to become more accurate in predicting outcomes without being explicitly programmed. The basic premise of machine learning is to build algorithms that can receive input data and use statistical analysis to predict an output value within an acceptable range.

Macintosh

The Macintosh computer (often referred to as the Mac) is a desktop computer by Apple that comes in a variety of form factors and designs. The Macintosh was the first affordable and successful computer packed with a graphical user interface and mouse, although technically, Apple's Lisa was the first commercial computer that included these components.

Macro

An instruction that causes the execution of a predefined sequence of instructions.

Malicious

Intending or intended to do harm.

Malicious advertising

Malicious advertising is the use of online advertising to spread malware. It typically involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and webpages.

Malicious code

Any software that attempts to subvert the confidentiality, integrity or availability of a system.

Malicious code infection

The occurrence of malicious code infecting a system.

Malicious email

A malicious email is an email which has been deliberately crafted to cause problems on the server or on the client. This could be due to the message containing a virus, or it could be due to the message being crafted in such a way as to take advantage of a weakness in the receiving mail client.

Malicious Insider

Malicious insiders are people who take advantage of their access to inflict harm on an organisation.

Malicious links

A malicious link is created with the purpose of promoting scams, attacks and frauds. By clicking on an infected URL, you can download malware such as a Trojan or virus that can take control of your devices, or you can be persuaded to provide sensitive information on a fake website.

Malicious software

Malicious software is any software that brings harm to a computer system. Malware can be in the form of worms, viruses, trojans, spyware, adware and rootkits etc., which steal protected data, delete documents or add software not approved by a user.

Malvertising

The use of online advertising to spread malware. Malvertising involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and webpages.

Malware

Malicious software used to gain unauthorised access to computers, steal information and disrupt or disable networks. Types of malware include trojans, viruses and worms.

Managed Service Provider

A managed service provider is a company that remotely manages a customer's IT infrastructure and/or end-user systems, typically on a proactive basis and under a subscription model.

Managed Service Provider Partner Program

The Managed Service Provider Program is a program developed by the Australian Cyber Security Centre and is designed to lift the cyber security posture of managed service providers in Australia.

Management traffic

Traffic generated by system administrators over a network in order to control workstations and servers. This includes standard management protocols and traffic that contains information relating to the management of the network.

Maturity model

A maturity model is a conceptual model that consists of a sequence of discrete maturity levels for a class of processes in one or more business domains, and represents an anticipated, desired or typical evolutionary path for these processes.

Media

A generic term for hardware, often portable in nature, which is used to store information.

Media destruction

The process of physically damaging media with the intent of making information stored on it inaccessible. To destroy media effectively, only the actual material in which information is stored needs to be destroyed.

Media disposal

The process of relinquishing control of media when it is no longer required.

Media release

The media release is a document that is sent to news outlets or journalists to inform them about a story that an individual wants media coverage for.

Media sanitisation

The process of erasing or overwriting information stored on media so that it cannot be retrieved or reconstructed.

Messenger

Messenger is an American messaging app and platform developed by Facebook.

Metadata

Descriptive information about the content and context used to identify information.

MFA

Multi-factor authentication

MFD

Multifunction device

Microsoft

Microsoft is an American multinational corporation that develops, manufactures, licenses, supports and sells computer software, consumer electronics and personal computers and services.

Microsoft Office

Microsoft Office is a family of client software, server software, and services developed by Microsoft.

Microsoft support

Microsoft support is a service available to help you with questions about Microsoft products and services.

Microsoft Windows

Microsoft Windows is a series of graphical interface operating systems developed, marketed and sold by Microsoft.

Migration

Is the moving of data and applications between two different computers.

MIMO

Multiple-input and multiple-output

Mobile base stations

A mobile base station is a transmission and reception station in a fixed location, consisting of one or more receive/transmit antenna, microwave dish, and electronic circuitry, used to handle cellular traffic.

Mobile device

A portable computing or communications device. For example, a laptop, mobile phone or tablet.

Mobile phones

A mobile phone is a wireless handheld device that allows users to make and receive calls and to send text messages, among other features.

Mozilla

Mozilla is a software community that uses, develops, spreads and supports Mozilla products, notably the Firefox web browser.

MSP

Managed Service Provider

MSP3

Managed Service Provider Partner Program

Multi-factor authentication

A method of computer access control in which a user is granted access only after successfully presenting several separate pieces of evidence to an authentication mechanism – typically at least two of the following categories: knowledge (something they know), possession (something they have), and inherence (something they are).

Multifunction device

ICT equipment that combines printing, scanning, copying, faxing or voice messaging functionality in the one device. These devices are often designed to connect to computer and telephone networks simultaneously.

My Guide

My Guide is a short guide to help individuals put in place some good online security habits. My Guide helps you stay smart online so you can avoid falling victim to scammers.

m

mCommerce

Mobile commerce

mSATA

Mini-Serial Advanced Technology Attachment

N

National Broadband Network

The National Broadband Network (NBN) is an Australian national wholesale open-access data network project. It includes wired and radio communication components rolled out and operated by NBN Co Limited.

National Exercise Program

The National Exercise Program is a program that uses exercises and other readiness activities that target strategic decision making, operational and technical capabilities, strategic engagement and communications. Through these exercise's the program can help broaden your understanding of the roles and responsibilities of key government agencies and private sector organisations when responding to a cyber security incident.

National Relay Service

The National Relay Service is a government initiative that allows people who are deaf, hard of hearing and/or have a speech impairment to make and receive phone calls.

NBN

National Broadband Network

NCSC

National Cyber Security Centre (UK)

NDA

Non-Disclosure Agreement

Need-to-know

The principle of restricting an individual’s access to only the information they require to fulfil the duties of their role.

Netscreen

Part of Juniper Networks

Network

Two or more computer systems linked together

Network access control

Security policies used to control access to a network and actions on a network. This can include authentication checks and authorisation controls.

Network device

ICT equipment designed to facilitate the communication of information.

Network infrastructure

The infrastructure used to carry information between workstations and servers or other network devices.

Network segmentation

Network segmentation involves partitioning a network into smaller networks; while network segregation involves developing and enforcing a ruleset for controlling the communications between specific hosts and services.

Network segregation

Network segregation involves developing and enforcing a ruleset for controlling the communications between specific hosts and services; while network segmentation involves partitioning a network into smaller networks.

Networking

The linking of computers to allow them to operate interactively.

News

News is newly received or noteworthy information, especially about recent events.

NFP

Not for profit

NIDS

Network-based Intrusion Detection System

NIPS

Network-based Intrusion Prevention System

NIST

National Institute of Standards and Technology

Non-Disclosure Agreement

A contract by which one or more parties agree not to disclose confidential information that they have shared with each other as a necessary part of doing business together.

Non-repudiation

Providing proof that a user performed an action, and in doing so preventing a user from denying that they did so.

Non-shared government facility

A facility where the entire facility and personnel are cleared to the highest level of information processed in the facility.

Non-volatile media

A type of media which retains its information when power is removed.

Not for profit

Not for profit is an organisation that does not operate for the profit, personal gain or other benefit of particular people.

NRS

National Relay Service

O

OCO

Offensive cyber operations

Off-hook audio protection

A method of mitigating the possibility of an active handset inadvertently allowing background discussions to be heard by a remote party. This can be achieved through the use of a hold feature, mute feature, push-to-talk handset or equivalent.

Offensive cyber operations

Activities in cyberspace that manipulate, deny, disrupt, degrade or destroy targeted computers, information systems, or networks.

Official information

Non-classified information identified as requiring basic protection (i.e. information marked as OFFICIAL or OFFICIAL: Sensitive).

Online

Connected to, served by, or available through a system and especially a computer or telecommunications system.

Online banking

A method of banking in which transactions are conducted electronically over the internet.

Online gambling

Online gambling is any kind of gambling conducted on the internet.

Online information

Information that can be accessed over the internet.

Online safety

Online safety is the knowledge of maximising the user's personal safety and security risks on private information and property associated with using the internet, and the self protection from computer crime in general.

Online security

The mix of rules that are followed and actions that are taken to make sure online user data and privacy aren't compromised by cyber criminals.

Online services

Services using the internet such as social media, online collaboration tools, web browsing, instant messaging, IP telephony, video conferencing, file sharing websites and peer-to-peer applications.

Online shopping

The action or activity of buying goods and services over the internet.

OnSecure

OnSecure was the central online community portal for information security professionals working for Australian governments. Superseded by cyber.gov.au.

Open data

Open data is data that can be freely used, reused and redistributed by anyone.

OpenPGP Message Format

An open-source implementation of Pretty Good Privacy, a widely available cryptographic toolkit.

Opera

Opera is a web browser that provides some advantages over other browsers from Mozilla or Microsoft. Much smaller in size, Opera is known for being fast and stable.

Operating system

System software that manages hardware and software resources and provides common services for executing various applications on a computer.

Optus

Optus is a large telecommunications company in Australia.

Oracle

Oracle is an American multinational computer technology corporation. The company sells database software and technology, cloud engineered systems, and enterprise software products.

OS

Operating System

OS X

Version 10 of the Apple Macintosh operating system.

OSI

Open System Interconnect

Outlook.com

Outlook.com is the website version of the email client Microsoft Outlook. It allows users to access email, calendars, tasks etc.

Outsourcing

Outsourcing is an agreement in which one company hires another company to be responsible for a planned or existing activity that is or could be done internally, and sometimes involves transferring employees and assets from one firm to another.

OWASP

Open Web Application Security Project

P

P2P

Peer-to-peer

PaCSON

The ACSC is a member of Pacific Cyber Security Operational Network (PaCSON), which is proving to be a vital vehicle for closer sharing of cyber security threat information, tools, techniques and ideas between Pacific nations.

Padlock (https://)

A padlock display in a browser is intended to indicate a secure connection or website, although it may not always be a reliable indicator. Users should look instead for ‘HTTPS’ at the beginning of the address bar and check the website’s SSL certificate.

Passive defence

Security measures that are applied within a network and require limited human interaction. Passive defence includes logging and monitoring mechanisms, and implementation of tools and processes to harden networks including firewalls, application hardening, patching procedures and antivirus software.

Passphrase

A sequence of words used for authentication.

Passphrase complexity

The use of at least three of the following character sets in passphrases: lower-case alphabetical characters (a-z), upper-case alphabetical characters (A-Z), numeric characters (0-9) or special characters.

Password

A sequence of characters used for authentication.

Password attack

Password attack is an attempt to discover or bypass passwords used for authentication on systems and networks, and for different types of files.

Password manager

Password managers are a type of software that offer greater security through the capability to generate unique, long, complex, easily changed passwords for all online accounts and the secure encrypted storage of those passwords either through a local or cloud based vault.

Password spray

Password spraying is an attack that attempts to access a large number of accounts with a few commonly used passwords.

Patch

A piece of software designed to remedy security vulnerabilities, or improve the usability or performance of software and ICT equipment.

Patch cable

A metallic (copper) or fibre-optic cable used for routing signals between two components in an enclosed container or rack.

Patch panel

A group of sockets or connectors that allow manual configuration changes, generally by means of connecting patch cables.

Patching

The action of updating, fixing, or improving a computer program.

PAW

Privileged Access Workstation

Payload

Part of digitally transmitted data that is the fundamental purpose of the transmission. In the cyber-security context, normally the part of a malware program that performs a malicious action.

PayPal

PayPal is an electronic commerce company that facilitates payments between parties through online funds transfers.

PDF

Portable Document Format

Peer-to-peer file sharing network

A decentralised file sharing system. Files are stored on and served by the personal computers of the users.

Penetration test

A penetration test is designed to exercise real-world targeted cyber intrusion scenarios in an attempt to achieve a specific goal, such as compromising critical systems or information.

Penetration testing

A method of evaluating the security of an ICT system by seeking to identify and exploit vulnerabilities to gain access to systems and data. Also called a ‘pentest’.

Perfect forward secrecy

Additional security for security associations ensuring that if one security association is compromised subsequent security associations will not be compromised.

Peripheral switch

A device used to share a set of peripherals between multiple computers. For example, a keyboard, video monitor and mouse.

Person-in-the-middle

A form of malicious activity where the attacker secretly accesses, relays and possibly alters the communication between two parties who believe they are communicating directly with each other. Formerly known as man-in-the-middle.

Personal computers

A personal computer is a multi-purpose computer whose size, capabilities, and price make it feasible for individual use.

Personal data

Personal data means any information relating to an identified or identifiable natural person.

Personal Identification Number

A number allocated to an individual and used to validate electronic transactions.

Personal information

Information or an opinion about an identified individual, or an individual who is reasonably identifiable: whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not.

Personally identifiable information

Information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.

PFS

Perfect Forward Secrecy

Pharming

A way of harvesting personal information, where a hacker puts a malicious code on your computer that redirects you to a fake site.

Phishing

Untargeted, mass emails sent to many people asking for sensitive information (such as bank details), encouraging them to open a malicious attachment, or visit a fake website that will ask the user to provide sensitive information or download malicious content.

See also 'spear phishing' and 'whaling'.

PII

Personally identifiable information

PIN

Personal Identification Number

PITM

Person-in-the-Middle

Pixel

A minute area of illumination on a display screen, one of many from which an image is composed.

PKI

Public Key Infrastructure

PlayStation

Playstation is a video game console developed by Sony.

PLC

Programmable logic controllers

PMK

Pairwise Master Key

Polymorphic

Describes malware that can change parts of its code in order to avoid detection by security software.

Pop-up

A small window, which suddenly appears (pops-up) in the foreground of the normal screen.

Portable devices

A portable device is any device that can easily be carried. It is a small form factor of a computing device that is designed to be held and used in the hands.

Portable Document Format

Portable document format is a file format that has captured all the elements of a printed document as an electronic image that you can view, navigate, print, or forward to someone else.

Position of trust

A position that involves duties that require a higher level of assurance than that provided by normal employment screening. In some organisations additional screening may be required.

Positions of trust can include, but are not limited to, an organisation’s Chief Information Security Officer and their delegates, administrators or privileged users.

Potentially unwanted software

Also known as potentially unwanted applications. These are applications that may appear to serve a useful purpose, but often perform actions that may adversely affect a computer’s performance.

PowerShell

PowerShell is the shell framework developed by Microsoft for administration tasks such as configuration management and automation of repetitive jobs.

PP

Protection Profile

Privacy

Privacy is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively.

Privacy settings

Settings which control how a user's data is shared with other people or systems. Privacy settings apply to web browsers and social networking services.

Privileged Access Workstation

Privileged Access Workstations provide a dedicated operating system for sensitive tasks that is protected from internet attacks and threat vectors.

Privileged user

A user who can alter or circumvent a system’s security measures. This can also apply to users who could have only limited privileges, such as software developers, who can still bypass security measures.

A privileged user can have the capability to modify system configurations, account privileges, audit logs, data files or applications.

Product

A generic term used to describe software or hardware.

Protect

Restrict access to or use of data.

PROTECTED area

An area that has been authorised to process, store or communicate PROTECTED information. Such areas are not necessarily tied to a specific level of Security Zone.

Protecting identity

The act of putting security measures in place in order to keep your identity safe.

Protecting your computer

Security measures and/or actions put in place in order to prevent a computer from being harmed by malware.

Protection Profile

A document that stipulates the security functionality that must be included in Common Criteria evaluation to meet a range of defined threats.

Protection Profiles also define the activities to be taken to assess the security function of an evaluated product.

Protective marking

An administrative label assigned to information that not only shows the value of the information but also defines the level of protection to be provided.

PSC

Protective Security Circular

PSPF

Protective Security Policy Framework

PSTN

Public Switched Telephone Network

PUA

Potentially Unwanted Applications

Public computers

A public computer is any of various computers available in public areas. Some places where public computers may be available are libraries, schools, or facilities run by government.

Public information

Information that has been formally authorised for release into the public domain.

Public Key Infrastructure

A public key infrastructure is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption.

Public network infrastructure

Network infrastructure that an organisation has no control over (e.g. the internet).

Public Switched Telephone Network

Public network infrastructure used for voice communications.

Public Wi-Fi

Public Wi-Fi means any Wi-Fi service established and owned by a contributing group that is provided for use by its customers on a wireless device. 

Public Wi-Fi may be unsecured, password protected or have other secure authentication protocols established and managed by such contributing group.

See also unsecured networks.

PUS

Potentially unwanted software

Push-to-talk handsets

Handsets that have a button which is pressed by the user before audio can be communicated, thus providing off-hook audio protection.

Q

QuadRooter

QuadRooter is a set of four vulnerabilities affecting Android devices built using Qualcomm chipsets. If any one of the four vulnerabilities are exploited, an attacker can trigger privilege escalations for the purpose of gaining root access to a device.

Qualcomm

Qualcomm is an American telecommunications company. Qualcomm designs and markets wireless telecommunications products and services.

Quality of service

The ability to provide different priorities to different applications, users or data flows, or to guarantee a certain level of performance to a data flow.

QuickTime

QuickTime is an extensible multimedia framework developed by Apple, capable of handling various formats of digital video, picture, sound, panoramic images, and interactivity.

R

Radio communications

Radio communications is the transmission of signals by modulation of electromagnetic waves with frequencies below those of visible light.

Radio Frequency transmitter

A device designed to transmit electromagnetic radiation as part of a radio communication system.

RADIUS

Remote Access Dial-In User Service

RAM

Random-access memory

Random lottery

Unexpected prize and lottery scams work by asking you to pay some sort of fee in order to claim your prize or winnings from a competition or lottery you never entered.

Ransomware

Malicious software that makes data or systems unusable until the victim makes a payment.

RAT

Remote Access Tool

RDP

Remote Desktop Protocol

Reclassification

An administrative decision to change the security measures afforded to information based on a reassessment of the potential impact of its unauthorised disclosure.

The lowering of the security measures for media containing sensitive or classified information often requires sanitisation or destruction processes to be undertaken prior to a formal decision to lower the security measures protecting the information.

Recovery plan

Outlines an organisation's recovery strategy for how they are going to respond to an incident.

Redaction

Redaction is a form of editing in which multiple sources of texts are combined and altered slightly to make a single document.

REL

Releasable To

Releasable To information

Information not to be passed to, or accessed by, foreign nationals beyond those belonging to specific nations which the information has been authorised for release to.

Remote access

Access to a system that originates from outside an organisation’s network and enters the network through a gateway, including over the internet.

Remote access scam

Remote access scams, are when a scammer pretends to be affiliated with a tech or computer company, such as Apple, Microsoft, or with their technical support division. The scammer usually tries to convince you that you have a computer or internet problem and you need to buy new software to fix the problem.

Remote Access Tool

A software administration tool or program that can be used by a hacker to remotely gain access and control of an infected machine.

Remote Desktop Protocol

Remote desktop protocol is a proprietary protocol developed by Microsoft, which provides a user with a graphical interface to connect to another computer over a network connection.

Removable media

Storage media that can be easily removed from a system and is designed for removal, for example USB flash drives or optical media.

Reports and statistics

Various reports and statistics which are available on the cyber.gov.au website.

Resilience

The capacity to recover quickly from difficulties.

Restore

Return to a former condition, place or position.

Reverse the Threat

The theme for Stay Smart Online Week. Reverse the threat means to lower the statistics of the amount of cyber attacks by putting preventative measures in place to stay safe online.

RF

Radio Frequency

RFC

Request for Comments

Romance scams

A type of scam involving feigning romantic intentions towards a victim, gaining their affection, and then using that goodwill to commit fraud. This may involve access to the victim's money, bank accounts, credit cards, passports, email accounts, or national identification numbers or forcing the victims to commit financial fraud on their behalf.  Often called dating and romance scams.

Rootkit

A tool or set of tools used by an attacker in order to compromise a system, gain the highest level of privilege, and then hide their activity.

Router

A networking device that forwards data packets between computer networks.

RSA

Rivest-Sharmir-Adleman

RSS

Originally RDF Site Summary; later, two competing approaches emerged, which used the backronyms Rich Site Summary and Really Simple Syndication respectively.

RTP

Real-time Traffic Protocol

S

S/MIME

Secure/Multipurpose Internet Mail Extension

Safari

Safari is a web browser developed by Apple, and is the default browser of the operating systems used in its product lines such as OS X for the Mac and MacBook computers and IOS for the iPhone and iPad mobiles devices.

Safer Internet Day

Worldwide event led by the Office of the eSafety Commissioner - ACSC is a partner.

Samsung

Samsung Electronics is a South Korean multinational electronics company. Samsung electronics produces LCD and LED panels, mobile phones, memory chips, NAND flash, Solid state drives, televisions, digital cinemas screen, and laptops.

Sandbox

A virtual space in which new, untrusted or untested software or coding can be run safely without risking harm to the hosting computer.

Saxi

A motor vehicle licensed to transport passengers in return for payment of a fare and typically fitted with a taximeter.

SCADA

Supervisory Control and Data Acquisition

Scam

A scam is a fraudulent scheme performed by a dishonest or deceitful individual, group, or company, in an attempt to obtain money or something else of value.

Scam emails

A scam email is the intentional deception made for personal gain or to damage another individual through email.

Scammer

A person who commits fraud or participates in a dishonest scheme.

ScamWatch

ACCC Program

Scareware

Malware that causes frightening messages to appear (for example, that your computer is infected with malware or that you are guilty of a crime), and attempts to extort money from you to resolve the alleged issue. Similar to ransomware.

SCEC

Security Construction and Equipment Committee

Script (malware)

A type of malware written using a scripting language. Common forms of scripting language include JavaScript, HTML, Visual Basic Script, PowerShell, Perl, Python and Shell Scripting.

Script kiddie

A derisive term used to describe an unskilled individual that uses existing computer scripts or programs to hack computers, networks or websites, lacking the expertise to write their own.

Search Engine Optimisation

Search Engine Optimisation is the process of increasing the quality of website traffic by increasing the visibility of a website or a web page to users of a web search engine.

Secondary targeting

A secondary target market is the people who are the second most likely to purchase your products and services.

Seconded foreign national

A representative of a foreign government on exchange or long-term posting.

SECRET area

An area that has been authorised to process, store or communicate SECRET information. Such areas are not necessarily tied to a specific level of Security Zone.

Secure shell

A network protocol that can be used to securely log into, execute commands on, and transfer files between remote workstations and servers.

Secure Sockets Layer

Secure Sockets Layer is a networking protocol designed for securing connections between web clients and web servers over an insecure network, such as the internet.

Secure/Multipurpose Internet Mail Extension

A protocol which allows the encryption and signing of email messages.

Secured space

An area certified to the physical security requirements for a Zone 2 to Zone 5 area, as defined in the Attorney-General’s Department (AGD)’s Protective Security Policy Framework (PSPF), Entity facilities policy, to allow for the processing or storage of sensitive or classified information.

Security assessment

An activity undertaken to assess security controls for a system and its environment to determine if they have been implemented correctly and are operating as intended.

Security association

A collection of connection-specific parameters containing information about a one-way connection in IPsec that is required for each protocol used.

Security association lifetime

The duration security association information is valid for.

Security association lifetime

The duration security association information is valid for.

Security breach

A security breach is an act that leads to damage of a system or unauthorised access to the system.

Security Configuration Guide

Small Business Guide Security Configuration Guide

Security Construction and Equipment Committee

An Australian Government interdepartmental committee responsible for the evaluation and endorsement of security equipment and services. The committee is chaired by the Australian Security Intelligence Organisation.

Security domain

A system or collection of systems operating under a consistent security policy that defines the classification, releasability and special handling caveats for information processed within the domain.

Security flaws

A weakness in a system that gives a threat agent the opportunity to mount an attack.

Security hardening

The process of securing a system by reducing its surface of vulnerability.

Security posture

The level of security risk to which a system is exposed. A system with a strong security posture is exposed to a low level of security risk while a system with a weak security posture is exposed to a high level of security risk.

Security risk

Any event that could result in the compromise, loss of integrity or unavailability of information or resources, or deliberate harm to people measured in terms of its likelihood and consequences.

Security risk appetite

Statements that communicate the expectations of an organisation’s senior management about the organisation’s security risk tolerance. These criteria help an organisation identify security risks and prepare appropriate treatments and provide a benchmark against which the success of mitigations can be measured.

Security risk management

The process of identifying, assessing and taking steps to reduce security risks to an acceptable level.

Security target

An artefact of Common Criteria evaluations that specifies conformance claims, threats and assumptions, security objectives, and security requirements for an evaluated product.

Security tips

Information on how to be secure online.

Security updates

Updates to the security on your system.

Security vulnerability

A weakness in a system’s security requirements, design, implementation or operation that could be accidentally triggered or intentionally exploited and result in a violation of the system’s security policy.

SEG

Security Equipment Guide

Self-healing

Self-healing describes any device or system that has the ability to perceive that it is not operating correctly and to make the necessary adjustments to restore itself to normal operation.

Selling online

The act or process of selling goods, products or services online via an internet or mobile app, auction site, online classified advertisement, online store, social networking, social media or web shop.

Sender Policy Framework

Sender Policy Framework is an email authentication method designed to detect forging sender addresses during the delivery of the email.

SEO

Search Engine Optimisation

Server

A computer that provides services to users or other systems. For example, a file server, email server or database server.

Service providers

A company which allows its subscribers access to the internet.

Service Set Identifier

The Service Set Identifier (SSID) is the name given to identify a particular Wi-Fi network. The SSID is broadcast by the wireless access point (wireless router) and can be detected by other wireless-enabled devices in range of the wireless access point. In some cases, SSIDs are hidden, making them invisible to Wi-Fi clients.

Sextortion

Sextortion refers to a form of blackmail in which sexual information or images are used to extort sexual favours from the victim.

SHA-1

Secure Hashing Algorithm 1

SHA-2

Secure Hashing Algorithm 2

Shared government facility

A facility where the facility and personnel are cleared at different levels.

Shared non-government facility

A facility where the facility is shared by government organisations and non-government organisations.

Shell

The program that gives your commands to your computer's operating system.

Short Message Service

Short message service is a text messaging service component of most telephone, internet, and mobile device systems. It uses standardized communication protocols to enable mobile devices to exchange short text messages.

Signature

A distinct pattern in network traffic that can be identified to a specific tool or exploit. Signatures are used by security software to determine if a file has been previously determined to be malicious or not.

SIP

Session Initiation Protocol

Skimming

The theft of credit card information using card readers, or skimmers, to record and store victims' data.

Skype

Skype is a telecommunications application that specialises in providing video chat and voice calls between computers, tablets, mobile devices, the Xbox One console, and smartwatches over the internet.

SLAAC

Stateless Address Autoconfiguration

Small Business Guide

Is a guide for small businesses on cyber security.

Small Medium Enterprise

A Small to Medium Enterprise is a legally independent company with no more than 500 employees.

Smart appliances

Smart appliances are appliances that are able to stay connected to the internet via Wi-Fi or other protocol such as the Zigbee specification and can be accessed and controlled remotely from any internet accessible computer or mobile device.

Smart devices

A smart device is an electronic device, generally connected to other devices or networks via different wireless protocols such as Bluetooth, Zigbee, NFC, Wi-Fi, LiFi, 3G, etc., that can operate to some extent interactively and autonomously.

Smart vehicles

Vehicles equipped with system driven forms of artificial intelligence.

Smartphone

A smartphone is a handheld electronic device that provides connection to a cellular network. Smartphone allow people to make phone calls, send text messages, and access the internet.

SME

Subject Matter Expert, Small Medium Enterprise

SMS

Short Message Service

SMS Scam

A SMS scam is a fraudulent text message sent by a deceitful or dishonest person in order to obtain money or something else of value.

SNMP

Simple Network Management Protocol

SNORT

Snort is a free open source network intrusion detection system and intrusion prevention system created in 1998 by Martin Roesch, founder and former CTO of Sourcefire. Snort is now developed by Cisco, which purchased Sourcefire in 2013.

Social engineering

The methods used to manipulate people into carrying out specific actions, or divulging information.

Social media

Websites and applications that enable users to create and share content or to participate in social networking.

Social media scams

An act of deception and fraud committed through social media websites or applications.

SOE

Standard Operating Environment

Softphone

An application that allows a workstation to act as a phone using a built-in or externally-connected microphone and speaker.

Software

Software is a collection of data or instructions that tell the computer how to work.

Software component

An element of a system including, but not limited to, a database, operating system, network or web application.

Software update

Software update is a free download for an application, operating system, or software suite that provides fixes for features that aren't working as intended or adds minor software enhancements and compatibility.

Software vulnerabilities

Software vulnerabilities involve bugs in software. Bugs are coding errors that cause the system to make an unwanted action.

Solid state drive

Non-volatile media that uses flash memory media to retain its information when power is removed and, unlike non-volatile magnetic media, contains no moving parts.

SP

Special Publication

Spam

Unsolicited electronic messages, especially containing advertising, indiscriminately transmitted to a large number of people.

Spear phishing

A form of phishing that is targeted at a specific person or group.

SPF

Sender Policy Framework

Split tunnelling

Functionality that allows personnel to access both public network infrastructure and a Virtual Private Network (VPN) connection at the same time, such as an organisation’s system and the internet.

Splunk Inc.

Splunk Inc. is an American public multinational corporation, that produces software for searching, monitoring, and analysing machine generated big data via web-style interface.

Spoof

A type of attack where a message is made to look like it comes from a trusted source. For example, an email that looks like it comes from a legitimate business, but is actually trying to spread malware.

Spot the scam

An event to teach people how to navigate around the internet and be able to differentiate legitimate websites and individuals from scammers.

Spyware

A program that collects information on the user’s activities without their consent. Spyware may be installed on a system illegitimately, or as a part of other software without the user’s knowledge.

SQL

Structured Query Language

SQL injection

Exploitation of a vulnerability in a database application that does not properly validate or encode user input, allowing the manipulation, exfiltration or deletion of data.

SSD

Solid State Drive

SSH

Secure Shell

SSID

Service Set Identifier

SSL

Secure Sockets Layer

SSO

Stay Smart Online

Standard Operating Environment

A standardised build of an operating system and associated software that can be used for servers, workstations, laptops and mobile devices.

Standard Operating Procedure

Instructions for following a defined set of activities in a specific manner. For example, an approved data transfer process.

Standard user

A user who can, with their normal privileges, make only limited changes to a system and generally cannot bypass security measures.

State-sponsored actor

A non-state actor that conducts activity on behalf of a state, for example a contracted hacker or company.

Stay Smart Online

ACSC's Stay Smart Online is a cyber security program for individuals and small businesses run by the Australian Cyber Security Centre. The ACSC's Stay Smart Online website has been migrated into cyber.gov.au.

Stay Smart Online Week

ACSC's Stay Smart Online Week is a focal point in the Australian Government's work with governments, industry, small businesses and community groups to raise awareness about the ways people can protect themselves online.

Staying safe

Protecting yourself from any danger.

Step-by-Step Guide

Guides developed by the Australian Cyber Security Centre to help individuals stay secure online.

Story

A depiction of an event through people, place, and plot and brings emotional context into the portrayal of what happened.

Strong passwords

Term used to describe a password that is an effective password that would be difficult to break.

Structured Query Language

A special-purpose programming language designed for managing data held in a relational database management system.

Sub-contractors

A sub-contractor is an individual or a business that signs a contract to perform part or all of the obligations of another's contract.

Subject Matter Expert

A Subject-matter Expert or domain expert is a person who is an authority in a particular area or topic.

Submarine cables

A submarine cable is a cable laid on the sea bed between land-based stations to carry telecommunication signals across stretches of ocean and sea.

Supervisory Control and Data Acquisition

Supervisory control and data acquisition is a control system architecture comprising computers, networked data communications and graphical user interfaces for high level process supervisory management, whiles also comprising other peripheral devices like programmable logic controllers and discrete proportional-integral-derivative controllers to interface with process plant or machinery.

Supply chain

Supply chain is a system of organisations, people, activities, information, and resources involved in supplying a product or service to a consumer.

Surfing

Describes the act of browsing the internet by going from one web page to another web page using hyperlinks in an internet browser.

Survey

An online survey is a questionnaire that the target audience can complete over the internet. Online surveys are usually created as web forms with a database to store the answers and statistical software to provide analytics.

Suspicious email

An email that is potentially malicious.

Suspicious message

A message that is potentially malicious.

Suspicious video

A video that is potentially malicious.

Symantec

A leading software company in internet security technology.

System

A related set of hardware and software used for the processing, storage or communication of information and the governance framework in which it operates.

System administration

System administration refers to the management of one or more hardware and software systems.

System classification

The classification of a system is the highest classification of information which the system is authorised to store, process or communicate.

System of National Significance

Critical infrastructure / Essential Service

System owner

The executive responsible for a system.

System security plan

A document that describes a system and its associated security controls.

T

Tablets

A tablet is a portable computer that uses a touch screen as its primary input device. Most tablets are slightly smaller and weigh less than the average laptop.

Tax scam

Tax scam occurs when an individual or business entity wilfully and intentionally falsifies information on a tax return to limit the amount of tax liability.

TeamViewer

Team Viewer is a proprietary software application for remote control, desktop sharing, online meetings, web conferencing and file transfer between computers.

Telecommunications

Telecommunications is the transfer of signals over long distances.

Telephone

A device that is used for point-to-point communication over a distance. This includes digital and IP telephony.

Telephone system

A system designed primarily for the transmission of voice communications.

Telerik

Telerik is a company offering software tools for web, mobile, desktop application development, tools and subscription services for cross platform application development.

Telewreck

Telewreck is a burp extension to detect and exploit versions of Telerik web UI vulnerable to CVE-2017-9248.

Telstra

Telstra is an Australian telecommunications company which builds and operates telecommunications networks and markets voice, mobile, internet access, pay television and other products and services.

TEMPEST

A short name referring to investigations and studies of compromising emanations.

TEMPEST-rated ICT equipment

ICT equipment that has been specifically designed to minimise TEMPEST emanations.

Text telephone or Telephone typewriter

A telephone typewriter is a telecommunication device that enables people who are deaf, hard of hearing or speech impaired to use the telephone system.

Threat actor

An entity that is partially or wholly responsible for an incident that impacts – or has the potential to impact - an organisation's security. Also referred to as a malicious actor.

TLP

Traffic Light Protocol

TLP:WHITE

Not restricted. 
 
WHITE publications are not confidential. They contain information that is for public, unrestricted dissemination, publication, web-posting or broadcast. You may publish the information, subject to copyright and any restrictions or rights noted in the information.

TLS

Transport Layer Security

TOP SECRET area

An area that has been authorised to process, store or communicate TOP SECRET information. Such areas are not necessarily tied to a specific level of Security Zone.

Traffic flow filter

A device that has been configured to automatically filter and control the flow of data.

Traffic Light Protocol

The traffic light protocol is a set of designations used to ensure that sensitive information is shared with the correct audience.

Transfer Cross Domain Solution

A system that facilitates the transfer of information, in one or multiple directions (low to high or high to low), between different security domains.

Transport Layer Security

Transport layer security is a widely adopted security protocol designed to facilitate privacy and data security for communications over the internet.

Transport mode

An IPsec mode that provides a secure connection between two endpoints by encapsulating an IP payload.

Trend Micro

Trend Micro is a multinational cyber security and defence company with global headquarters in Tokyo, Japan. The company develops enterprise security software for servers, containers, and cloud computing environments, networks, and end points.

Trojan

A type of malware or virus disguised as legitimate software, which is used to hack into the victim's computer.

Trusted source

A person or system formally identified as being capable of reliably producing information meeting certain defined parameters, such as a maximum data classification and reliably reviewing information produced by others to confirm compliance with certain defined parameters.

TTY

Text telephone or Telephone typewriter

Tumblr

Tumblr is a free social networking website that allows registered users to post multimedia content to their own customizable blogs.

Tunnel mode

An IPsec mode that provides a secure connection between two endpoints by encapsulating an entire IP packet.

Twitter

Twitter is an American microblogging and social networking service on which users post and interact with messages known as "tweets".

Two-factor authentication

A form of multi-factor authentication (see definition) to confirm a user's claimed identity by combining two different pieces of evidence.

U

UI

User Interface

Universal Resource Locator

The technical term for the address (location) of an internet resource on the internet such as a website or image within a website.

Unpatched software

Unpatched software refers to computer code with known security weaknesses.

Unsecured networks

An unsecured network most often refers to a free Wi-Fi network, like at a coffeehouse or retail store.

Unsecured space

An area not been certified to the physical security requirements for a Zone 2 to Zone 5 area, as defined in AGD’s PSPF, Entity facilities policy, to allow for the processing or storage of sensitive or classified information.

Updates

An act of updating something or someone or an updated version of something.

URL

Universal Resource Locator

US-CERT

A team within the Department of Homeland Security charged with protecting the United States Internet infrastructure by coordinating defence against and response from cyberattacks.

USB

Universal Serial Bus

USB (Universal Serial Bus) stick

A small piece of hardware that stores data, sometimes called a jump drive, thumb drive or flash drive.

User

An individual that is authorised to access a system.

User experience (UX)

The overall experience of a person using a product such as a website or computer application, especially in terms of how easy or pleasing it is to use.

User Interface (UI)

The means by which the user and a computer system interact, in particular the use of input devices and software.

UX

User Experience

V

Validation

Confirmation (through the provision of strong, sound, objective evidence) that requirements for a specific intended use or application have been fulfilled.

Vector

An access method for cyber operations.

Verification

Confirmation, through the provision of objective evidence, that specified requirements have been fulfilled.

VHA

Vodafone Hutchison Australia

Virtual Local Area Network

Network devices and ICT equipment grouped logically based on resources, security or business requirements instead of their physical location.

Virtual Private Network

A network that maintains privacy through a tunnelling protocol and security procedures. VPNs may use encryption to protect traffic.

Virtual reality

Virtual reality (VR) is a simulated experience that can be similar to or completely different from the real world.

Virtualisation

Simulation of a hardware platform, operating system, application, storage device or network resource.

Virus

A type of malware. Viruses spread on their own by attaching their code to other programs, or copying themselves across systems and networks. (Micro)

Viruses

A computer virus is a type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code.

VLAN

Virtual Local Area Network

Vodafone

Vodafone is a British multinational telecommunications conglomerate with headquarters in London.

Vodafone Hutchison Australia

Vodafone Hutchison Australia is a mobile telecommunications company and internet service provider that operates the Vodafone brand in Australia.

Volatile media

A type of media, such as RAM, which gradually loses its information when power is removed.

VPN

Virtual Private Network

VR

Virtual reality

Vulnerability

A weakness in system security requirements, design, implementation or operation that could be exploited.

Vulnerability assessment

A vulnerability assessment can consist of a documentation-based review of a system’s design, an in-depth hands-on assessment or automated scanning with software tools. In each case, the goal is to identify as many security vulnerabilities as possible.

Vulnerability management

Vulnerability management assists in identifying, prioritising and responding to security vulnerabilities.

W

WAN

Wide Area Network

WannaCry

WanaCrypt0r, WeCry, Wcry, WanaCrypt, WannaCrypt, Wana Decrypt0r 2.0, WanaCrypt0r 2.0, and Wanna Decryptor.

WAP

Wireless Access Point

Watering hole

Setting up a fake website (or compromising a real one) in order to infect and exploit visiting users.

WCM

Web Content Management

Wear levelling

A technique used in flash memory to prolong the life of the media. As data can be written to and erased from an address on flash memory a finite number of times, wear-levelling helps to distribute writes evenly across each memory block, thereby decreasing the wear on the media and increasing its lifetime.

Wearable smart devices

AKA wearables

Web address

Web address is a reference to a web resource that specifies its location on a computer network and a mechanism for retrieving it.

Web applications

In computing, a web application or web app is a client server computer program that the client runs in a web browser.

Webcams

A video camera connected to a computer, allowing its images to be seen by internet users.

Website defacement

Illegitimate changes made to the appearance and content of a website. Often likened to graffiti or online vandalism.

WEP

Wired Equivalent Privacy

Whaling

A highly-targeted form of spearphishing that is aimed at senior executives within an organisation.

WhatsApp

WhatsApp is an American freeware, cross-platform messaging and voice over IP service owned by Facebook. It allows users to send text messages and voice messages, make voice and video calls, and share images, documents, user locations, and other media.

White hat

An ethical computer hacker, or a computer security expert, who specialises in penetration testing and in other testing methodologies to legally and legitimately ensure the security of an organisation's information systems. See also ‘black hat’ and ‘grey hat’.

Wi-Fi

A set of wireless communication protocols that can transmit traffic to Wi-Fi enabled devices within a local area. A Wi-Fi enabled device such as a laptop or mobile device can connect to the internet when within range of a wireless network connected to the internet. An area covered by one or more Wi-Fi access points is commonly called a hotspot.

Wi-Fi Protected Access 2

A protocol designed to replace the Wi-Fi Protected Access protocol for communicating information over wireless networks.

Wide Area Network

A telecommunications network or computer network that extends over a large geographical distance.

Windows

A graphical interface-based operating system developed by Microsoft.

Windows 10

Windows 10 is Microsoft operating system for personal computers, tablets, embedded devices and internet of things devices.

Windows 7

Windows 7 is an operating system that was produced by Microsoft as part of the Windows NT family of operating systems.

Windows 8.1

Windows 8.1 is an operating system that was produced by Microsoft and released as part of the Windows NT family of operating systems.

Windows Server 2008

Windows Server 2008 is a server operating system produced by Microsoft.

Windows Server 2008 R2

Windows Server 2008 R2 is a server operating system developed by Microsoft, which builds on the enhancements built into Windows Server 2008.

Wire Fraud

Wire fraud is a crime in which a person concocts a scheme to defraud or obtain money based on false representation or promises.

Wireless

Telecommunication involving signals transmitted by radio waves rather than over wires, also: the technology used in radio telecommunication.

Wireless Access Point

A device which enables communications between wireless clients. It is typically also the device which connects wired and wireless networks.

Wireless communications

The transmission of data over a communications path using electromagnetic waves rather than a wired medium.

Wireless local area network

A wireless local area network is a wireless distribution method for two or more devices that use high frequency radio waves and often include an access point to the internet.

Wireless network

A network based on the 802.11 standards.

WLAN

Wireless local area network

Women in Technology

Women in technology is an organisation that supports women in their STEAM careers. They help women by educating high school girls about the opportunities in science, technology, engineering, arts and maths, as well as providing networking and education for professionals.

Wordpress

WordPress is an open-source and free Web publishing application, content management system and blogging tool built by a community of developers and contributors.

Working from home

Work from home is a concept where the employee can do his or her job from home. Work from home gives a flexible working hour to the employee as well as the job for the employer is done with ease.

Workstation

A stand-alone or networked single-user computer.

World Backup Day

World Backup Day is a day for people to remember the importance of data and regular backups.

Worm

Self-replicating malware that uses a network to distribute copies of itself to other computer devices, often without user intervention. Worms need not attach themselves to existing programs.

WPA

Wi-Fi Protected Access

WPA2

Wi-Fi Protected Access 2

X

X11 Forwarding

X11, also known as the X Window System, is a basic method of video display used in a variety of operating systems. X11 Forwarding allows the video display from one device to be shown on another device.

XML

eXtensible Markup Language

Z

Zero Day (also referred to as 0-day)

A software exploit that hasn’t been disclosed or patched by the software vendor.