A B C D E F G H I J K L M N O P Q R S T U V W X Z
*

S

Sandbox

A virtual space in which new, untrusted or untested software or coding can be run safely without risking harm to the hosting computer.

Scam

A fraudulent scheme performed by a dishonest or deceitful individual, group or company in an attempt to obtain money or something else of value.

Scam emails

An email that intentionally deceives for personal gain or to damage another individual.

Scammer

A person who commits fraud or participates in a dishonest scheme.

Script (malware)

A type of malware written using a scripting language. Common forms of scripting language include JavaScript, HTML, Visual Basic Script, PowerShell, Perl, Python and Shell Scripting.

Search engine optimisation (SEO)

The process of increasing website traffic by increasing the visibility or ranking of a website or a web page to users of a search engine.

Secondary targeting

The people who are the second most likely to purchase products and services, and are thus targeted for marketing purposes.

Seconded foreign national

A representative of a foreign government on exchange or long-term posting.

Secure Admin Workstation (SAW)

A hardened workstation, or virtualised privileged operating environment, used specifically in the performance of administrative activities.

Secure Shell (SSH)

A network protocol that can be used to securely log into, execute commands on, and transfer files between remote workstations and servers.

Secure Sockets Layer (SSL)

A networking protocol designed for securing connections between web clients and web servers over an insecure network, such as the internet.

Secure-by-default

A software development principle whereby products and services are configured for maximum security by default.

Secure-by-design

A software development principle whereby security is designed into every stage of a product or service’s development.

Secure/Multipurpose Internet Mail Extension (S/MIME)

A protocol which allows the encryption and signing of email messages.

Secured space

An area certified to the physical security requirements for a Security Zone Two to Security Zone Five area, as defined in the Department of Home Affairs’ Protective Security Policy Framework, Entity facilities policy, to allow for the processing or storage of classified data.

Security assessment

An activity undertaken to assess controls for a system and its environment to determine if they have been implemented correctly and are operating as intended.

Security assessment report (SAR)

A document that describes the outcomes of a security assessment and contributes to the development of a plan of action and milestones.

Security association (SA)

A collection of connection-specific parameters used for IPsec connections.

Security association (SA) lifetime

The duration a security association is valid for.

Security breach

An act that leads to damage of a system or unauthorised access to the system.

Security Construction and Equipment Committee (SCEC)

An Australian Government interdepartmental committee responsible for the evaluation and endorsement of security equipment and services. The committee is chaired by the Australian Security Intelligence Organisation.

Security documentation

An organisation’s cyber security strategy; system-specific security documentation; and any supporting diagrams, plans, policies, processes, procedures and registers.

Security domain

A system or collection of systems operating under a consistent security policy that defines the classification, releasability and special handling caveats for data processed within the domain.

Security flaws

A weakness in a system that gives a threat agent the opportunity to mount an attack.

Security posture

The level of security risk to which a system is exposed. A system with a strong security posture is exposed to a low level of security risk while a system with a weak security posture is exposed to a high level of security risk.

Security risk

Any event that could result in the compromise, loss of integrity or unavailability of data or resources, or deliberate harm to people measured in terms of its likelihood and consequences.

Security risk appetite

Statements that communicate the expectations of an organisation’s senior management about their security risk tolerance. These criteria help an organisation identify security risks, prepare appropriate treatments and provide a benchmark against which the success of mitigations can be measured.

Security risk management

The process of identifying, assessing and taking steps to reduce security risks to an acceptable level.

Security Target (ST)

An artefact of Common Criteria evaluations that specifies conformance claims, threats and assumptions, security objectives, and security requirements for an evaluated product.

Security updates

Updates to the security on your system.

SEG

Security Equipment Guide

Self-healing

Any device or system that has the ability to perceive that it is not operating correctly and to make the necessary adjustments to restore itself to normal operation.

Sender Policy Framework (SPF)

An email authentication method designed to detect forged sender addresses during the delivery of email.

Sensitive data

Data that would cause damage to an organisation or an individual if compromised.

Server

A computer that provides services to users or other systems. For example, a file server, email server or database server.

Service accounts

User accounts that are used to perform automated tasks without manual intervention, such as machine to machine communications. Service accounts will typically be configured to disallow interactive logins.

Service providers

A company which allows its subscribers access to the internet.

Service Set Identifier (SSID)

The name given to identify a particular Wi-Fi network. The SSID is broadcast by the wireless access point (wireless router) and can be detected by other wireless-enabled devices in range of the wireless access point (WAP). In some cases, SSIDs are hidden, making them invisible to Wi-Fi clients.

Sextortion

A form of blackmail in which sexual information or images are used to extort money or sexual favours from the victim in return for not releasing the information or images publicly.

SHA-1

Secure Hashing Algorithm 1

SHA-2

Secure Hashing Algorithm 2

Shared responsibility model

A framework that describes the management and operational responsibilities between different parties for a system. Where responsibilities relating to specific controls are shared between multiple parties, enough detail is documented to provide clear demarcation between the parties.

Shell

The program that gives your commands to your computer's operating system.

Short Message Service (SMS)

A text messaging service component of most telephone, internet and mobile device systems. It uses standardised communication protocols to enable mobile devices to exchange short text messages.

Signature

A distinct pattern in network traffic that can be identified to a specific tool or exploit. Signatures are used by security software to determine if a file has been previously determined to be malicious or not.

SIP

Session Initiation Protocol

Skimming

The theft of credit card information using card readers, or skimmers, to record and store victims' data.

SLAAC

Stateless Address Autoconfiguration

Small and Medium Enterprises (SMEs)

A legally independent company with less than a certain number of employees or financial turnover. The Australian Taxation Office defines Australian SMEs as having less than $250 million turnover.

Smart appliances

Appliances that are able to connect to the internet via Wi-Fi or another protocol such as the Zigbee specification and can be accessed and controlled remotely from any internet-connected computer or mobile device.

Smart devices

An electronic device, generally connected to other devices or networks via different wireless protocols such as Bluetooth, Zigbee, NFC, Wi-Fi, LiFi, 3G, etc, that can operate to some extent interactively and autonomously.

Smart vehicles

Vehicles equipped with system driven forms of artificial intelligence.

Smartphone

A handheld electronic device that provides connection to a cellular network. Smartphones allow people to make phone calls, send text messages and access the internet.

SMS scam

A fraudulent text message sent by a deceitful or dishonest person in order to obtain money or something else of value.

SNMP

Simple Network Management Protocol

Social engineering

The methods used to manipulate people into carrying out specific actions, or divulging information.

Social media

Websites and applications that enable users to create and share content or to participate in social networking.

Social media scams

An act of deception and fraud committed through social media websites or applications.

Softphone

An application that allows a workstation to act as a phone using a built-in or externally-connected microphone and speaker.

Software

An element of a system including, but not limited to, an application or operating system.

Software update

A download for an application, operating system or software suite that provides fixes for features that aren't working as intended or adds minor software enhancements and compatibility.

Solid-state drive (SSD)

Non-volatile media that uses non-volatile flash memory media to retain its data when power is removed and, unlike non-volatile magnetic media, contains no moving parts.

SP

Special Publication

Spam

Unsolicited electronic messages, especially containing advertising, indiscriminately transmitted to a large number of people.

Spear phishing

A form of phishing that targets a specific person or group.

Split tunnelling

Functionality that allows personnel to access public network infrastructure and a Virtual Private Network connection at the same time, such as an organisation’s system and the internet.

Spoof

A type of attack where a message is made to look like it comes from a trusted source. For example, an email that looks like it comes from a legitimate business, but is actually trying to spread malware.

Spyware

A program that collects information on the user’s activities without their consent. Spyware may be installed on a system illegitimately, or as a part of other software without the user’s knowledge.

SQL injection

Exploitation of a vulnerability in a database application that does not properly validate or encode user input, allowing the manipulation, exfiltration or deletion of data.

Standard Operating Environment (SOE)

A standardised build of an operating system and associated software that can be used for servers, workstations and mobile devices.

Standard user

A user who can, with their normal privileges, make only limited changes to a system and generally cannot bypass security measures.

State-sponsored actor

A private actor that conducts activity on behalf of a state, for example, a contracted hacker or company.

Structured Query Language (SQL)

A special-purpose programming language designed for managing data held in a relational database management system.

Sub-contractors

An individual or a business that signs a contract to perform part or all of the obligations of another's contract.

Subject matter expert (SME)

A person who is an authority in a particular area or topic. In computer science, also called a domain expert.

Submarine cables

A cable laid on the sea bed between land-based stations to carry telecommunication signals across stretches of sea and ocean.

Supervisory Control and Data Acquisition (SCADA)

A control system architecture comprising computers, networked data communications and graphical user interfaces for high-level process supervisory management. It also comprises other peripheral devices like programmable logic controllers and discrete proportional-integral-derivative controllers used to interface with process plant or machinery.

Supplier

Organisations, such as application developers, IT equipment manufacturers, OT equipment manufacturers, service providers and data brokers, that provide products and services. Suppliers can also include other organisations involved in distribution channels.

Surfing

The act of browsing the internet by going from one web page to another web page using hyperlinks in a web browser.

Suspicious email

An email that is potentially malicious.

Suspicious message

A message that is potentially malicious.

Suspicious video

A video that is potentially malicious.

Symmetric encryption algorithms

Symmetric encryption algorithms are algorithms for cryptography that use the same cryptographic keys for both the encryption of plaintext and the decryption of ciphertext data. Symmetric encryption algorithms may operate in various modes which apply either stream or block ciphers.

System

A related set of hardware, software and supporting infrastructure used for the processing, storage or communication of data and the governance framework in which it operates.

System administration

System administration refers to the management of one or more hardware and software systems. Also referred to as 'sys admin'.

System administrator

A system (or application) administration role performed by a privileged user that hold a position of trust.

System classification

The classification of a system is the highest classification of data which the system is authorised to store, process or communicate.

System of National Significance

Critical infrastructure or essential service

System owner

The executive responsible for a system.

System security plan (SSP)

A document that describes a system and its associated controls.

System-specific security documentation

A system’s system security plan, cyber security incident response plan, continuous monitoring plan, security assessment report, and plan of action and milestones.