Glossary

High Assurance Cryptographic Equipment

The unauthorised exploitation of weaknesses in a computer system or network.

A computer expert that can gain unauthorised access to computer systems. Hacker is an agnostic term and a hacker does not necessarily have malicious intent. See also ‘black hat’, ‘grey hat’, and ‘white hat’.

A hacker whose motivation is political, religious or ideological, as opposed to criminal.

An agreed standard for the storage and dissemination of information to ensure its protection. This can include electronic information, paper-based information or media containing information.

A generic term for ICT equipment.

An exploitable weakness in a computer system that enables attacks through remote or physical access to system hardware.

Vulnerability protection in the form of a physical device rather than software that is installed on a computer system.

A cryptographic construction that can be used to compute Message Authentication Codes using a hash function and a secret key.

ICT equipment containing cryptographic logic and components that have been designed and authorised for the protection of highly classified information.

The rigorous investigation, analysis, verification and validation of ICT equipment by the Australian Signals Directorate (ASD) against a stringent security standard.

A program involving rigorous analysis and testing to search for any vulnerabilities in products.

ICT equipment that has been designed and authorised for the protection of highly classified information.

Part of supply chain management.

Information that requires the highest level of security to protect its confidentiality (i.e. information marked SECRET or TOP SECRET).

Host-based Intrusion Prevention System

Hashed Message Authentication Code

A falsehood deliberately fabricated to masquerade as the truth.

A scam that is distributed in email form that is designed to deceive and defraud email recipients, often for monetary gain.

A computer system designed specifically to attract potential malicious actors in order to inform the development of defensive measures and responses.

Software, resident on a system, which monitors system activities for malicious or unwanted behaviour.

Software, resident on a system, which monitors system activities for malicious or unwanted behaviour and can react in real-time to block or prevent those activities.

An area where wireless internet access is available to the general public.

HTTP Strict Transport Security

Hypertext Markup Language

Hypertext Transfer Protocol

A web security policy mechanism that helps to protect websites against person-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking.

Hypertext Transfer Protocol Secure

Malware designed to target Android. According to research, the malware installs more than 50,000 fraudulent apps each day and displays 20 million malicious advertisements.

Non-volatile magnetic media that uses a cache to increase read/write speeds and reduce boot times. The cache is normally flash memory media or battery backed random-access memory (RAM).

Hypertext Transfer Protocol is the fundamental protocol used for transferring files on the internet.

While Hypertext Transfer Protocol (HTTP) is the basic framework for transferring data across the web, HTTPS adds a layer of encryption for additional security; with 'S' standing for secure.