Glossary

Evaluation Assurance Level

Extensible Authentication Protocol

Extensible Authentication Protocol-Transport Layer Security

Hidden functionality within an application that is activated when an undocumented set of commands and keystrokes are entered. Easter eggs are typically used to display the credits for the development team or a humorous message and are intended to be non-threatening.

A guide developed by the ACSC to help Australians protect themselves from cyber criminals.

Elliptic Curve Diffie-Hellman

Elliptic Curve Digital Signature Algorithm

Electrically erasable programmable read-only memory

Electronic funds transfer at point of sale

An electronic payment system involving electronic funds transfers based on the use of payment cards, such as debit or credit cards, at payment terminals located at the place the sale took place.

Standing for 'electronic mail', a method of exchanging messages between people using electronic devices.

The counter-measures employed to reduce classified emanations from a facility and its systems to an acceptable level. Emanations can be in the form of radio frequency (RF) energy, sound waves or optical signals.

An ACSC program that sets out the requirements for government and organisations to be formally recognised to conduct emanation security practices to national standards.

Enhanced Mitigation Experience Toolkit

A malware strain and a cybercrime operation. The first versions of the Emotet malware functioned as a banking Trojan aimed at stealing banking credentials from infected hosts. Emotet operators then updated the Trojan and reconfigured it to work primarily as a 'loader' (a type of malware that gains access to a system) that allows its operators to download additional payloads.

A protocol used for encryption and authentication in Internet Protocol security (IPsec).

To convert information or data into a code, especially to prevent unauthorised access.

The process of converting files into a code, to prevent unauthorised access.

The conversion of electronic plaintext data into unreadable ciphertext using algorithms. Encryption protects the confidentially of data at rest and in transit. Both encryption and decryption are functions of cryptography.

Software designed to ensure the confidentiality of data by encrypting it when at rest.

When a company ceases support for a product or service. This is typically applied to hardware and software products when a company releases a new version and ends support for certain previous versions.

A personal computer, personal digital assistant, smart phone or removable storage media (e.g. USB flash drive, memory card, external hard drive, writeable CD or DVD) that can store information.

A method of secure communication where only the communicating users can read data transferred from one end-system or device to the other.

A methodology of protecting a network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connection to the network creates a potential entry point for security threats.

An approach to work in which employees can do their jobs from anywhere using a variety of devices and applications.

Evaluated Products List

Erasable programmable read-only memory

A person who ensures that when maintenance or repairs are undertaken to ICT equipment, uncleared people are not exposed to information they are not authorised to access.

Emanation Security Program

Encapsulating Security Payload

The eight essential mitigation strategies that the Australian Signals Directorate recommends organisations implement as a baseline to make it much harder for malicious actors to compromise their systems and data.

Those services that are vital to the health and welfare of a population and therefore are essential to maintain even in a disaster.

The list of certified information and communications technology (ICT) products for use by Australian and New Zealand government agencies in the protection of government information as required by the Australian Government Information Security Manual (ISM).

Evaluation Assurance Level (EAL1 through EAL7)

In the context of system logs, an event constitutes an evident change to the normal behaviour of a network, system or user.

The transmission of information to a centralised computer concerning events that take place on remote computers or servers. In this context, an event is any occurrence that affects a file, program or task. Events are commonly used for troubleshooting applications and drivers.

Used by a security information and event management tool. This tool provides a level of analysis of the contents of an event log to help network administrators determine what is going on within a network.

A file that causes a computer to perform indicated tasks according to encoded instructions.

A piece of code that exploits bugs or vulnerabilities in software or hardware to gain access a system or network.

An independent statutory office supported by the Australian Communications and Media Authority (ACMA). The eSafety Commissioner has various functions and powers to foster online safety for all Australians.

A markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable.