Glossary

Command and control

Content Advisory Group

A device for recording visual images in the form of photographs, film or video signals.

The manipulation of the code in a car's electronic control unit to exploit a vulnerability and gain control of other electronic control unit's in the vehicle.

Cascaded connections occur when one network is connected to another, which is then connected to another, and so on.

a factual representation of what happened along with some analysis that provides insights and learning for the future.

Internet predators who create fake online identities to lure people into emotional or romantic relationships for personal or financial gain.

A marking that indicates that the information has special requirements in addition to those indicated by its classification. This term covers codewords, source codewords, releasability indicators and special-handling caveats.

Common Criteria Recognition Arrangement

Certified Cloud Services List

content delivery network

Cross Domain Solution

The electronic circuitry within a computer that executes instructions that make up a computer program. The central processing unit performs basic arithmetic, logic, controlling, and input/output operations specified by the instructions in the program.

Chief Executive Officer

CERT Australia is the national computer emergency response team. CERT Australia provides advice and support on cyber threats and vulnerabilities to the owners and operators of Australia's critical infrastructure and other systems of national interest.

A secure certificate, is a file installed on a secure web server that identifies a website. This digital certificate establishes the identity and authenticity of the company or merchant so that online shoppers can trust that the website is secure and reliable.

An artefact of Common Criteria evaluations that outlines the outcomes of a product’s evaluation.

Certified Cloud Services List is a list of ASD certified Cloud Services.

Commercial Grade Cryptographic Equipment

Check Point is a multinational provider of software and combined hardware and software products for IT security, including network security, endpoint security, cloud security, mobile security, data security and security management.

The highest ranking executive in a company, whose primary responsibilities include making major corporate decisions, managing the overall operations and resources of a company, acting as the main point of communication between the board of directors and corporate operations and being the public face of the company.

A senior executive who is responsible for coordinating communication between security and business functions as well as overseeing the application of security controls and associated security risk management processes.

A very popular web browser from Google that was introduced for Windows in 2008 and for the Mac and Linux in 2009.

Chrome OS is a Linux kernel-based operating system designed by Google. It is derived from the free software Chromium OS and uses the Google Chrome web browser and Aura Shell as its principal user interface.

Cyber Incident Management Arrangements

An American multinational technology conglomerate headquartered in San Jose, California, in the centre of Silicon Valley. Cisco develops, manufactures and sells networking hardware, software, telecommunications equipment and other high-technology services and products.

Chief Information Security Officer

An American multinational software company that provides server, application and desktop virtualisation, networking, software as a service, and cloud computing technologies.

The categorisation of systems and information according to the expected impact if it was to be compromised.

Information that requires increased security to protect its confidentiality (i.e. information marked PROTECTED, SECRET or TOP SECRET).

The click farm is made up of armies of low paid workers whose job is to click on links, surf around the target website for a period of time, perhaps signing up for newsletters and then to moving on to another link. It is very hard for an automated filter to analyse this simulated traffic and detect that is it invalid as it has exactly the same profile as a real site visitor.

Using a compromised computer to click ads on a website without the user’s awareness, with the intention of generating revenue for the website, or draining resources from the advertiser.

Clickbait is a form of false advertisement which uses hyperlink text or a thumbnail link that is designed to attract attention and entice users to follow that link and read, view, or listen to the linked piece of online content, with a defining characteristic of being deceptive, typically sensationalised or misleading.

A network of remote servers hosted on the internet and used to store, manage, and process data in place of local servers or personal computers.

A service model that enables network access to a shared pool of computing resources such as data storage, servers, software applications and services.

A company that offers some component of cloud computing - typically infrastructure as a service (laaS), software as a service (SaaS) or platform as a service (PaaS) - to other businesses or individuals.

Content Management System

Commercial National Security Algorithm

Program instructions

A property of magnetic material, used as a measure of the amount of coercive force required to reduce the magnetic induction to zero from its remnant state.

Make an unsolicited visit or telephone call to (someone), in an attempt to sell goods or services.

A web development suite that used for developing scalable e-business applications. It has the ability to build websites as individual pieces that can be stored in its internal database, then reassembled to form webpages, e-newsletters etc.

A set of organisational and technical attributes and processes that employs human, physical, and information resources to solve problems and accomplish missions.

A subset of ICT equipment which contains cryptographic components.

An international standard for software and ICT equipment evaluations.

An international agreement which facilitates the mutual recognition of Common Criteria evaluations by certificate producing schemes.

The transfer of data and information from one location to another.

The security measures taken to deny unauthorised personnel information derived from telecommunications and to ensure the authenticity of such telecommunications.

The disclosure of information to unauthorised persons, or a violation of the security policy of a system in which unauthorised intentional or unintentional disclosure, modification, destruction or loss of an object may have occurred.

A programmable electronic device designed to accept data, perform prescribed mathematical and logical operations at high speed, and display the results of these operations.

Two or more interconnected devices that can exchange data.

A tube, duct or pipe used to protect cables.

The assurance that information is disclosed only to authorised entities.

The use of network address translation to allow a port on a node inside a network to be accessed from outside the network. Alternatively, using a Secure Shell server to forward a Transmission Control Protocol connection to an arbitrary port on the local host.

An annual trade show organised by the Consumer Technology Association.

A campaign to raise awareness of the types of scams that target older Australians, educate older Australians on how to identify and avoid scams and provide older Australians with information on what to do if they've been scammed.

Specific configuration and usage guidance for products evaluated through the ASD Cryptographic Evaluation program or the High Assurance evaluation program.

A filter that examines content to assess conformance against a security policy.

A computer security standard introduced to prevent cross-site scripting, clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context.

A small text file that is transmitted by a website and stored in the user's web browser, used to identify the user and prepare customized webpages. A cookie can be used to track a user’s activity while browsing the internet.

The exclusive legal right to reproduce, publish, sell, or distribute the matter and form of something.

The improper or unlawful theft of trade secrets or other knowledge proprietary to a competitor for the purpose of achieving a competitive advantage in the marketplace.

A type of cybercrime that involves stealing a victim's proof of identity. Once credential theft has been successful, the attacker will have the same account privileged as the victim. Stealing credentials is the first stage in a credential based attack.

Physical facilities, supply chains, information technologies and communication networks which – if destroyed, degraded or rendered unavailable for an extended period – would significantly impact on the social or economic wellbeing of the nation, or affect a nation’s ability to conduct national defence and ensure national security.

A system capable of implementing comprehensive data flow security policies with a high level of trust between two or more differing security domains.

A type of digital currency which uses encryption techniques to regulate the generation of units of currency and verify the transfer of funds, operating independently of a central bank.

A type of digital currency that uses cryptography for security and anti-counterfeiting measures.

An algorithm used to perform cryptographic functions such as encryption, integrity, authentication, digital signatures or key establishment.

A generic term for Commercial Grade Cryptographic Equipment and High Assurance Cryptographic Equipment.

An algorithm (the hash function) which takes as input a string of any length (the message) and generates a fixed length string (the message digest or fingerprint) as output. The algorithm is designed to make it computationally infeasible to find any input which maps to a given digest, or to find two different messages that map to the same digest.

An agreed standard for secure communication between two or more entities to provide confidentiality, integrity, authentication and non-repudiation of information.

Software designed to perform cryptographic functions.

A related set of hardware or software used for cryptographic communication, processing or storage, and the administrative framework in which it operates.

The practice and study of techniques for securing communications in which plaintext data is converted through a cipher into ciphertext, from which the original data cannot be recovered without the cryptographic key.

A particularly malicious type of ransomware which, once installed on your computer, encrypts and locks all of the files on the infected computer including documents, photos, music and video. A pop up window will then display on the computer screen requesting payment of a ransom in return for a CryptoLocker key to unlock the encrypted files. Paying the ransom does not guarantee removal of the CryptoLocker.

A process in which transactions for various forms of cryptocurrency are verified and added to the blockchain digital ledger.

Cyber Security Incident Responder

An individual or organisation (including state-sponsored) that conducts malicious activity including cyber espionage, crime or attack.

A deliberate act through cyberspace to manipulate, disrupt, deny, degrade or destroy computers or networks, or the information resident on them, with the effect of seriously compromising national security, stability or economic prosperity.

Note: there are multiple global definitions of what constitutes a cyber attack.

A form of bullying or harassment using electronic means. It is when someone bullies or harasses others on the internet and in other digital spaces, particularly on social media sites.

Defensive activity designed to protect information and systems against offensive cyber operations.

Malicious activity designed to covertly collect information from an adversary’s computer systems for intelligence purposes without causing damage to those systems. Can be conducted by state or non-state entities, and can also include theft for commercial advantage.

An identified occurrence of a system, service or network state indicating a possible breach of information security policy or failure of safeguards, or a previously unknown situation that may be security relevant.

The CIMA provides Australian governments with guidance on how they will collaborate in response to, and reduce the harm associated with, national cyber incidents.

Offensive and defensive activities designed to achieve effects in or through cyberspace.

The ability to adapt to disruptions caused by cyber security incidents while maintaining continuous business operations. This includes the ability to detect, manage and recover from cyber security incidents.

The safe and responsible use of Information and Communication Technologies.

Measures used to protect the confidentiality, integrity and availability of systems and information.

Cyber Security Challenge Australia is a hacking competition run by an alliance of Australian Government, business and academic professionals who are committed to finding the next generation of Australian cyber security talent.

An occurrence of a system, service or network state indicating a possible breach of security policy, failure of safeguards or a previously unknown situation that may be relevant to security.

An unwanted or unexpected cyber security event, or a series of such events, that have a significant probability of compromising business operations.

A cyber firefighter, rapidly addressing security incidents and threats within an organisation. In your role as a first responder, you will be using a host of forensics tools to find the root cause of a problem, limit the damage and significantly reduce the likelihood of it occurring again.

Is the use of the internet or other electronic means to stalk or harass an individual, group, or organisation.

Cyber supply chain includes the design, manufacture, delivery, deployment, support and decommissioning of equipment or services that are utilised within an organisation's cyber ecosystem.

Any circumstance or event with the potential to harm systems or information.

The use of computer technology to disrupt the activities of a state or organisation, especially the deliberate disruption, manipulation or destruction of information systems for strategic, political or military purposes.

A computer code that is used, or designed to be used, with the aim of causing physical, functional, or mental harm to structures, systems, or people.

Cyber weapon is a contentious term among the international policy and legal communities, and there is an absence of agreement surrounding its connotations and implications. Avoid using ‘cyber weapon’ and use more generic terms such as destructive tools or exploits when describing the capabilities used by cyber actors.

Crimes directed at computers, such as illegally modifying electronic data or seeking a ransom to unlock a computer affected by malicious software. It also includes crimes where computers facilitate an existing offence, such as online fraud or online child sex offences.

The environment formed by physical and non-physical components to store, modify, and exchange data using computer networks.

Cyber Security Challenge Australia