Glossary

Extensible Authentication Protocol

Extensible Authentication Protocol-Transport Layer Security

Hidden functionality within an application that is activated when an undocumented set of commands and keystrokes are entered. Easter eggs are typically used to display the credits for the development team or a humorous message and are intended to be non-threatening.

Elliptic Curve Diffie-Hellman

Elliptic Curve Digital Signature Algorithm

Electrically erasable programmable read-only memory

An electronic payment system involving electronic funds transfers based on the use of payment cards, such as debit or credit cards, at payment terminals located at the place the sale took place.

A group of asymmetric cryptographic algorithms underpinned by the mathematics of elliptic curves.

Standing for 'electronic mail', a method of exchanging messages between people using electronic devices.

The countermeasures employed to reduce sensitive or classified emanations from a facility and its systems to an acceptable level. Emanations can be in the form of Radio Frequency energy, sound waves or optical signals.

An ACSC program that sets out the requirements for government and organisations to be formally recognised to conduct emanation security practices to national standards.

A protocol used for encryption and authentication in IPsec.

The conversion of plaintext into unreadable ciphertext (typically using cryptographic algorithms and keys) to protect the confidentially of data at rest or in transit.  Ciphertext is returned to plaintext by performing decryption.

When a company ceases support for a product or service. This is typically applied to hardware and software products when a company releases a new version and ends support for certain previous versions.

A personal computer, personal digital assistant, smart phone or removable storage media (e.g. USB flash drive, memory card, external hard drive, writeable CD or DVD) that can store information.

A method of secure communication where only the communicating users can read data transferred from one end-system or device to the other.

A methodology of protecting a network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connection to the network creates a potential entry point for security threats.

An approach to work in which employees can do their jobs from anywhere using a variety of devices and applications.

Erasable programmable read-only memory

A person who ensures that when maintenance or repairs are undertaken to ICT equipment, uncleared people are not exposed to information they are not authorised to access.

Those services that are vital to the health and welfare of a population and therefore are essential to maintain even in a disaster.

Evaluation Assurance Level (EAL1 through EAL7)

In the context of system logs, an event constitutes an evident change to the normal behaviour of a network, system or user.

The transmission of information to a centralised computer concerning events that take place on remote computers or servers. In this context, an event is any occurrence that affects a file, program or task. Events are commonly used for troubleshooting applications and drivers.

Used by a security information and event management tool. This tool provides a level of analysis of the contents of an event log to help network administrators determine what is going on within a network.

A file that causes a computer to perform indicated tasks according to encoded instructions.

A piece of code that exploits bugs or vulnerabilities in software or hardware to gain access a system or network.

A function that uses a hash function to output a digest of a user-chosen length. This is different to a hash function which outputs a digest of a fixed length.

A markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable.