First published: 13 Jun 2024
Last updated: 13 Jun 2024

Content written for

Large organisations & infrastructure
Government

Glossary of abbreviations

AbbreviationMeaning
AACAASD-Approved Cryptographic Algorithm
AACPASD-Approved Cryptographic Protocol
AD DSActive Directory Domain Services
AESAdvanced Encryption Standard
AGAOAustralian Government Access Only
AHAuthentication Header
AISEPAustralian Information Security Evaluation Program
APIapplication programming interface
ASDAustralian Signals Directorate
ASIOAustralian Security Intelligence Organisation
ATAAdvanced Technology Attachment
AUSTEOAustralian Eyes Only
CCRACommon Criteria Recognition Arrangement
CDNcontent delivery network
CDSCross Domain Solution
CISOChief Information Security Officer
DHDiffie-Hellman
DKIMDomainKeys Identified Mail
DMADirect Memory Access
DMARCDomain-based Message Authentication, Reporting and Conformance
DNSDomain Name System
EALEvaluation Assurance Level
EAPExtensible Authentication Protocol
EAP-TLSExtensible Authentication Protocol-Transport Layer Security
ECDHElliptic Curve Diffie-Hellman
ECDSAElliptic Curve Digital Signature Algorithm
EEPROMelectrically erasable programmable read-only memory
EPROMerasable programmable read-only memory
ESPEncapsulating Security Payload
FIPSFederal Information Processing Standard
FTFast Basic Service Set Transition
HACEHigh Assurance Cryptographic Equipment
HIPSHost-based Intrusion Prevention System
HMACHashed Message Authentication Code
HSTSHypertext Transfer Protocol Strict Transport Security
HTMLHypertext Markup Language
HTTPHypertext Transfer Protocol
HTTPSHypertext Transfer Protocol Secure
IECInternational Electrotechnical Commission
IKEInternet Key Exchange
IPInternet Protocol
IPsecInternet Protocol Security
IPv4Internet Protocol version 4
IPv6Internet Protocol version 6
IRinfrared
IRAPInfosec Registered Assessors Program
ISMInformation Security Manual
ISOInternational Organization for Standardization
ITinformation technology
LANLocal Area Network
MACMedia Access Control
MFDmultifunction device
MTA-STSMail Transfer Agent Strict Transport Security
NAANational Archives of Australia
NIDSNetwork-based Intrusion Detection System
NIPSNetwork-based Intrusion Prevention System
NISTNational Institute of Standards and Technology
OToperational technology
OWASPOpen Worldwide Application Security Project
PDFPortable Document Format
PFSPerfect Forward Secrecy
PMKPairwise Master Key
PPProtection Profile
PRFpseudorandom function
PSPFProtective Security Policy Framework
PSTNPublic Switched Telephone Network
RADIUSRemote Access Dial-In User Service
RELReleasable To
RFradio frequency
ROARoute Origin Authorization
RPKIResource Public Key Infrastructure
RSARivest-Sharmir-Adleman
SCECSecurity Construction and Equipment Committee
SHA-2Secure Hashing Algorithm 2
S/MIMESecure/Multipurpose Internet Mail Extension
SNMPSimple Network Management Protocol
SOEStandard Operating Environment
SPSpecial Publication
SPFSender Policy Framework
SPNService Principal Name
SQLStructured Query Language
SSHSecure Shell
SSIDService Set Identifier
TLSTransport Layer Security
UEFIUnified Extensible Firmware Interface
USBUniversal Serial Bus
VLANVirtual Local Area Network
VPNVirtual Private Network
WAFweb application firewall
WPA2Wi-Fi Protected Access 2
WPA3Wi-Fi Protected Access 3

Glossary of cyber security terms

TermMeaning
access controlThe process of granting or denying requests for access to systems, applications and data. Can also refer to the process of granting or denying requests for access to facilities.
Access Cross Domain SolutionA system permitting access to multiple security domains from a single client device.
accountable materialAccountable material requires the strictest control over its access and movement. Accountable material includes TOP SECRET data, some types of caveated data and any data designated as accountable material by its originator.
aggregation (of data)A term used to describe compilations of data that may require a higher level of protection than their component parts.
application controlAn approach in which only an explicitly defined set of trusted applications are allowed to execute on systems.
assetsIn the context of technology, an overarching term used to refer to applications, IT equipment, OT equipment, services and data. Such assets may also be referred to as technology assets.
attack surfaceThe applications, IT equipment, OT equipment and services used by a system. The greater the attack surface the greater the chances of malicious actors finding an exploitable vulnerability.
Australian Eyes Only dataData not to be passed to, or accessed by, foreign nationals.
Australian Government Access Only dataData not to be passed to, or accessed by, foreign nationals, with the exception of seconded foreign nationals.
Australian Information Security Evaluation ProgramA program under which evaluations are performed by impartial bodies against the Common Criteria. The results of these evaluations are then certified by the Australian Certification Authority within the Australian Signals Directorate (ASD).
authenticationVerifying the identity of a user, process or device as a prerequisite to allowing access to resources in a system.
Authentication HeaderA protocol used in Internet Protocol Security (IPsec) that provides data integrity and data origin authenticity but not confidentiality.
authorising officerAn executive with the authority to formally accept the security risks associated with the operation of a system and to authorise it to operate.
availabilityThe assurance that systems, applications and data are accessible and useable by authorised entities when required.
biometricsMeasurable physical characteristics used to identify or verify an individual.
cascaded connectionsCascaded connections occur when one network is connected to another, which is then connected to another, and so on.
caveatA marking that indicates that the data has special requirements in addition to those indicated by its classification. This term covers codewords, source codewords, releasability indicators and special-handling caveats.
certification reportAn artefact of Common Criteria evaluations that outlines the outcomes of a product’s evaluation.
Chief Information Security OfficerA senior executive who is responsible for coordinating communication between security and business functions as well as overseeing the application of controls and associated security risk management processes.
classificationThe categorisation of systems, applications and data according to the expected impact if it was to be compromised.
classified dataData that would cause limited through to exceptionally grave damage to Australia’s national interests, the Australian Government generally or to an individual Commonwealth entity if compromised (i.e. data assessed as OFFICIAL: Sensitive, PROTECTED, SECRET or TOP SECRET).
coercivityA property of magnetic material, used as a measure of the amount of coercive force required to reduce the magnetic induction to zero from its remnant state.
Commercial Grade Cryptographic EquipmentA subset of IT equipment which contains cryptographic components.
Common CriteriaAn international standard for product evaluations.
Common Criteria Recognition ArrangementAn international agreement which facilitates the mutual recognition of Common Criteria evaluations by certificate producing schemes.
communications securityThe controls applied to protect telecommunications from unauthorised interception and exploitation, as well as ensure the authenticity of such telecommunications.
conduitA tube, duct or pipe used to protect cables.
confidentialityThe assurance that data is disclosed only to authorised entities.
connection forwardingThe use of network address translation to allow a port on a node inside a network to be accessed from outside the network. Alternatively, using a Secure Shell server to forward a Transmission Control Protocol connection to an arbitrary port on the local host.
content filterA filter that examines content to assess conformance against a security policy.
continuous monitoring planA document that describes the plan for the continuous monitoring and assurance in the effectiveness of controls for a system.
control planeThe administrative interface that allows for the management and orchestration of a system’s infrastructure and applications.
critical serverA server that provides critical network or security services. For example, a Microsoft Active Directory Domain Services domain controller or an authentication server.
Cross Domain SolutionA system capable of implementing comprehensive data flow security policies with a high level of trust between two or more differing security domains.
cryptographic algorithmAn algorithm used to perform cryptographic functions, such as encryption, integrity, authentication, digital signatures or key establishment.
cryptographic equipmentA generic term for commercial cryptographic equipment and High Assurance Cryptographic Equipment.
cryptographic hashAn algorithm (the hash function) which takes as input a string of any length (the message) and generates a fixed length string (the message digest or fingerprint) as output. The algorithm is designed to make it computationally infeasible to find any input which maps to a given digest, or to find two different messages that map to the same digest.
cryptographic moduleThe set of hardware, software and firmware that implements approved cryptographic functions (including key generation) that are contained within the cryptographic boundary of the module.
cryptographic protocolAn agreed standard for secure communication between two or more entities to provide confidentiality, integrity, authentication and non-repudiation of data.
cryptographic softwareSoftware designed to perform cryptographic functions.
cryptographic systemA related set of hardware, software and supporting infrastructure used for cryptographic communication, processing or storage and the administrative framework in which it operates.
cyber resilienceThe ability to adapt to disruptions caused by cyber security incidents while maintaining continuous business operations. This includes the ability to detect, manage and recover from cyber security incidents.
cyber securityMeasures used to protect the confidentiality, integrity and availability of information technology (IT) and operational technology (OT) systems, applications and data.
cyber security eventAn occurrence of a system, service or network state indicating a possible breach of security policy, failure of safeguards or a previously unknown situation that may be relevant to security.
cyber security incidentAn unwanted or unexpected cyber security event, or a series of such events, that either has compromised business operations or has a significant probability of compromising business operations.
cyber security incident response planA document that describes the plan for responding to cyber security incidents.
cyber threatAny circumstance or event with the potential to harm systems or data.
data at restData that resides on media or a system.
data in transitData that is being communicated across a communication medium.
data repositoryA location in which data is stored, managed and made available to users.
data securityMeasures used to protect the confidentiality, integrity and availability of data.
data spillThe accidental or deliberate exposure of data into an uncontrolled or unauthorised environment, or to people without a need-to-know.
declassificationA process whereby requirements for the protection of data are removed and an administrative decision is made to formally authorise its release into the public domain.
degausserAn electrical device or permanent magnet assembly which generates a coercive magnetic force for the purpose of degaussing magnetic storage devices.
degaussingA process for reducing the magnetisation of a magnetic storage device to zero by applying a reverse (coercive) magnetic force, rendering any previously stored data unreadable.
demilitarised zoneA small network with one or more servers that is kept separate from the core network, typically on the outside of the firewall or as a separate network protected by the firewall. Demilitarised zones usually provide data to less trusted networks, such as the internet.
denial-of-service attackAn attempt by malicious actors to prevent legitimate access to online services (typically a website), for example, by consuming the amount of available bandwidth or the processing capacity of the server hosting the online service.
device access control softwareSoftware that can be used on a system to restrict access to communications ports. Device access control software can block all access to a communications port or allow access based on device types, manufacturer’s identification or even unique device identifiers.
digital preservationThe coordinated and ongoing set of processes and activities that ensure long-term, error-free storage of digital information, with means for retrieval and interpretation, for the entire time span the information is required.
digital signatureA cryptographic process that allows the proof of the source (with non-repudiation) and the verification of the integrity of that data.
diodeA device that allows data to flow in only one direction.
distributed-denial-of-service attackA distributed form of denial-of-service attack.
dual-stack network deviceIT equipment that implements Internet Protocol version 4 and Internet Protocol version 6 protocol stacks.
emanation securityThe countermeasures employed to reduce sensitive or classified emanations from a facility and its systems to an acceptable level. Emanations can be in the form of Radio Frequency energy, sound waves or optical signals.
Encapsulating Security PayloadA protocol used for encryption and authentication in IPsec.
eventIn the context of system logs, an event constitutes an evident change to the normal behaviour of a network, system or user.
facilityA physical space where business is performed. For example, a facility can be a building, a floor of a building or a designated space on the floor of a building.
fax machineA device that allows copies of documents to be sent over a telephone network.
firewallA network device that filters incoming and outgoing network data based on a series of rules.
firmwareSoftware embedded in IT equipment or OT equipment.
fly leadA lead that connects IT equipment to the fixed infrastructure of a facility. For example, the lead that connects a workstation to a network wall socket.
foreign nationalA person who is not an Australian citizen.
foreign systemA system that is not managed by, or on behalf of, the Australian Government.
fuzzingFuzzing (or fuzz testing) is a method used to discover errors or potential vulnerabilities in software.
gatewayGateways securely manage data flows between connected networks from different security domains.
hardwareA generic term for IT equipment and OT equipment.
hardware security moduleA physical computing device that safeguards cryptographic keys and provides cryptographic processing. A hardware security module is or contains a cryptographic module. Hardware security modules are commonly deployed in public key infrastructure, digital identity solutions and payment systems.
Hash-based Message Authentication Code AlgorithmsA cryptographic construction that can be used to compute Message Authentication Codes using a hash function and a secret key.
High Assurance Cryptographic EquipmentCryptographic equipment that has been authorised by ASD for the protection of SECRET and TOP SECRET data.
High Assurance Evaluation ProgramThe rigorous investigation, analysis, verification and validation of products by ASD to protect SECRET and TOP SECRET data.
high assurance IT equipmentIT equipment that has been designed and authorised for the protection of SECRET and TOP SECRET data.
high-value serverA server that provides important network services or contains data repositories. For example, a Domain Name System server, database server, email server, file server or web server.
Host-based Intrusion Detection SystemSoftware, resident on a system, which monitors system activities for malicious or unwanted behaviour.
Host-based Intrusion Prevention SystemSoftware, resident on a system, which monitors system activities for malicious or unwanted behaviour and can react in real-time to block or prevent those activities.
hybrid hard driveNon-volatile magnetic media that uses a cache to increase read/write speeds and reduce boot times. The cache is normally non-volatile flash memory media.
information technologyHardware, software and supporting infrastructure used for the processing, storage or communication of data.
Infosec Registered Assessors ProgramAn initiative of ASD designed to register suitably qualified individuals to carry out security assessments for systems.
infrared deviceDevices such as mice, keyboards and pointing devices that have an infrared communications capability.
insiderAny person that has, or had, authorised logical or physical access to a system and its resources.
insider threatAn insider that performs, or attempts to perform, damaging activities (either intentionally or unintentionally) to a system or its resources. Some organisations may choose to exclude unintentional damage to systems and their resources (often referred to as negligent or accidental damage) from their definition of insider threat in order to focus on insiders with malicious intent (often referred to as malicious insiders).
integrityThe assurance that data has been created, amended or deleted only by authorised individuals.
interactive authenticationAuthentication that involves the interaction of a person with a system.
Internet Protocol SecurityA suite of protocols for secure communications through authentication or encryption of Internet Protocol (IP) packets as well as including protocols for cryptographic key establishment.
Internet Protocol telephonyThe transport of telephone calls over IP networks.
Internet Protocol version 6A protocol used for communicating over packet switched networks. Version 6 is the successor to version 4 which is widely used on the internet.
Intrusion Detection SystemAn automated system used to identify an infringement of security policy. IDS can be host-based or network-based.
IT equipmentAny device that can process, store or communicate data within IT environments, such as computers, multifunction devices, network devices, smartphones, electronic storage media and smart devices.
jump serverA computer which is used to manage important or critical resources in a separate security domain. Also known as a jump host or jump box.
key managementThe use and management of cryptographic keys and associated hardware and software. It includes their generation, registration, distribution, installation, usage, protection, storage, access, recovery and destruction.
keying materialCryptographic keys generated or used by cryptographic equipment or software.
lockable commercial cabinetA cabinet that is commercially available, of robust construction and is fitted with a commercial lock.
logging facilityA facility that includes software which generates events and their associated details, the transmission (if necessary) of event logs, and how they are stored.
malicious actorsIndividuals or organisations that conduct malicious activities, such as cyber espionage, cyber attacks or cyber-enabled crime.
malicious codeAny software that attempts to subvert the confidentiality, integrity or availability of a system.
malicious code infectionThe occurrence of malicious code infecting a system.
mediaA generic term for hardware, often portable in nature, which is used to store data.
media destructionThe process of physically damaging media with the intent of making data stored on it inaccessible. To destroy media effectively, only the actual material in which data is stored needs to be destroyed.
media disposalThe process of relinquishing control of media when it is no longer required.
media sanitisationThe process of erasing or overwriting data stored on media so that it cannot be retrieved or reconstructed.
memory-safe programming languagesProgramming languages that prevent the introduction of vulnerabilities related to memory use. Examples of memory-safe programming languages include C#, Go, Java, Ruby, Rust and Swift. Examples of non-memory-safe programming languages include Assembly and C/C++.
metadataDescriptive data about the content and context used to identify data.
mobile deviceA portable computing or communications device. For example, smartphones, tablets and laptop computers.
multi-factor authenticationAuthentication using two or more different authentication factors. This may include something users know, something users have or something users are.
multifunction deviceIT equipment that combines printing, scanning, copying, faxing or voice messaging functionality in the one device. These devices are often designed to connect to computer and telephone networks simultaneously.
need-to-knowThe principle of restricting an individual’s access to only the data they require to fulfil the duties of their role.
network access controlSecurity policies used to control access to a network and actions on a network. This can include authentication checks and authorisation controls.
network deviceIT equipment designed to facilitate the communication of data. For example, routers, switches and wireless access points.
network infrastructureThe infrastructure used to carry data between workstations and servers or other network devices.
network management trafficNetwork traffic generated by system administrators over a network in order to control workstations and servers. This includes standard management protocols and other network traffic that contains data relating to the management of the network.
non-interactive authenticationAuthentication between systems or services that does not involve the interaction of a person.
non-repudiationProviding proof that a user performed an action, and in doing so preventing a user from denying that they did so.
non-volatile flash memory mediaA specific type of electrically erasable programmable read-only memory.
non-volatile mediaA type of media which retains its data when power is removed.
off-hook audio protectionA method of mitigating the possibility of an active handset inadvertently allowing background discussions to be heard by a remote party. This can be achieved through the use of a hold feature, mute feature, push-to-talk handset or equivalent.
online servicesServices accessed by users over the internet (also known as internet-facing services).
OpenPGP Message FormatAn open-source implementation of Pretty Good Privacy, a widely available cryptographic toolkit.
operational technologySystems that detect or cause a direct change to the physical environment through the monitoring or control of devices, processes and events. Operational technology is predominantly used to describe industrial control systems which include supervisory control and data acquisition systems and distributed control systems.
OT equipmentAny device that can process, store or communicate data or signals within OT environments, such as programmable logic controllers and remote terminal units.
passphraseA sequence of words used for authentication.
passwordA sequence of characters used for authentication.
password complexityThe use of different character sets, such as lower-case alphabetical characters (a-z), upper-case alphabetical characters (A-Z), numeric characters (0-9) and special characters.
passwordless authenticationAuthentication that does not involve the use of something users know. Passwordless authentication may be single-factor or multi-factor, with the later often referred to as passwordless multi-factor authentication.
passwordless multi-factor authenticationMulti-factor authentication using something users have that is unlocked by something users know or are. Note, while a memorised secret may be used as part of passwordless multi-factor authentication (e.g. to unlock access to a cryptographic private key stored on a device) it is not the primary authentication factor, hence the use of the passwordless terminology.
patchA piece of software designed to remedy vulnerabilities or improve the usability or performance of software, IT equipment or OT equipment.
patch cableA metallic (copper) or fibre-optic cable used for routing signals between two components in an enclosed container or rack.
patch panelA group of sockets or connectors that allow manual configuration changes, generally by means of connecting patch cables.
penetration testA penetration test is designed to exercise real-world scenarios in an attempt to achieve a specific goal, such as compromising critical systems or data.
Perfect Forward SecrecyAdditional security for security associations ensuring that if one security association is compromised subsequent security associations will not be compromised.
peripheral switchA device used to share a set of peripherals between multiple computers. For example, a keyboard, video monitor and mouse.
plan of action and milestonesA document that describes vulnerabilities in a system and the plans for their rectification.
position of trustA position that involves duties that require a higher level of assurance than that provided by normal employment screening. In some cases, additional screening may be required. Positions of trust can include, but are not limited to, Chief Information Security Officers and their delegates, system administrators and privileged users.
privileged accountsPrivileged accounts include privileged user accounts and privileged service accounts.
privileged operating environmentsPrivileged operating environments are those used for activities that require a degree of privileged access, such as system administration activities.
privileged user accountsA user account that has the capability to modify system configurations, account privileges, event logs and security configurations for applications. This also applies to users who may only have limited privileges but still have the ability to bypass some of a system’s controls.
productA generic term used to describe software or hardware.
PROTECTED areaAn area that has been authorised to process, store or communicate PROTECTED data. Such areas are not necessarily tied to a specific level of security zone.
Protection ProfileA document that stipulates the security functionality that must be included in Common Criteria evaluation to meet a range of defined threats. Protection Profiles also define the activities to be taken to assess the security function of an evaluated product.
protective markingAn administrative label assigned to data that not only shows the value of the data but also defines the level of protection to be provided.
public dataData that has been formally authorised for release into the public domain.
public network infrastructureNetwork infrastructure that an organisation has no control over, such as the internet.
Public Switched Telephone NetworkPublic network infrastructure used for voice communications.
push-to-talk handsetsHandsets that have a button which is pressed by the user before audio can be communicated, thus providing off-hook audio protection.
quality of serviceThe ability to provide different priorities to different applications, users or data flows, or to guarantee a certain level of performance to a data flow.
Radio Frequency transmitterA device designed to transmit electromagnetic radiation as part of a radio communication system.
reclassificationAn administrative decision to change the controls used to protect data based on a reassessment of the potential impact of its unauthorised disclosure. The lowering of the controls for media containing sensitive or classified data often requires sanitisation or destruction processes to be undertaken prior to a formal decision to lower the controls protecting the data.
Releasable To dataData not to be passed to, or accessed by, foreign nationals beyond those belonging to specific nations which the data has been authorised for release to.
remote accessAccess to a system that originates from outside an organisation’s network and enters the network through a gateway, including over the internet.
removable mediaStorage media that can be easily removed from a system and is designed for removal, such as Universal Serial Bus flash drives and optical media.
seconded foreign nationalA representative of a foreign government on exchange or long-term posting.
SECRET areaAn area that has been authorised to process, store or communicate SECRET data. Such areas are not necessarily tied to a specific level of security zone.
Secure Admin WorkstationA hardened workstation, or virtualised privileged operating environment, used specifically in the performance of administrative activities.
Secure ShellA network protocol that can be used to securely log into, execute commands on, and transfer files between remote workstations and servers.
secure-by-defaultA software development principle whereby products and services are configured for maximum security by default.
secure-by-designA software development principle whereby security is designed into every stage of a product or service’s development.
Secure/Multipurpose Internet Mail ExtensionA protocol which allows the encryption and signing of email messages.
secured spaceAn area certified to the physical security requirements for a Security Zone Two to Security Zone Five area, as defined in the Department of Home Affairs’ Protective Security Policy Framework, Entity facilities policy, to allow for the processing or storage of classified data.
security assessmentAn activity undertaken to assess controls for a system and its environment to determine if they have been implemented correctly and are operating as intended.
security assessment reportA document that describes the outcomes of a security assessment and contributes to the development of a plan of action and milestones.
security associationA collection of connection-specific parameters used for IPsec connections.
security association lifetimeThe duration a security association is valid for.
Security Construction and Equipment CommitteeAn Australian Government interdepartmental committee responsible for the evaluation and endorsement of security equipment and services. The committee is chaired by the Australian Security Intelligence Organisation.
security documentationAn organisation’s cyber security strategy; system-specific security documentation; and any supporting diagrams, plans, policies, processes, procedures and registers.
security domainA system or collection of systems operating under a consistent security policy that defines the classification, releasability and special handling caveats for data processed within the domain.
security postureThe level of security risk to which a system is exposed. A system with a strong security posture is exposed to a low level of security risk while a system with a weak security posture is exposed to a high level of security risk.
security riskAny event that could result in the compromise, loss of integrity or unavailability of data or resources, or deliberate harm to people measured in terms of its likelihood and consequences.
security risk appetiteStatements that communicate the expectations of an organisation’s senior management about their security risk tolerance. These criteria help an organisation identify security risks, prepare appropriate treatments and provide a benchmark against which the success of mitigations can be measured.
security risk managementThe process of identifying, assessing and taking steps to reduce security risks to an acceptable level.
security targetAn artefact of Common Criteria evaluations that specifies conformance claims, threats and assumptions, security objectives, and security requirements for an evaluated product.
sensitive dataData that would cause damage to an organisation or an individual if compromised.
serverA computer that provides services to users or other systems. For example, a file server, email server or database server.
service accountsUser accounts that are used to perform automated tasks without manual intervention, such as machine to machine communications. Service accounts will typically be configured to disallow interactive logins.
shared facilityWhere an organisation’s facility resides within a larger facility that is shared with one or more different organisations.
shared responsibility modelA framework that describes the management and operational responsibilities between different parties for a system. Where responsibilities relating to specific controls are shared between multiple parties, enough detail is documented to provide clear demarcation between the parties.
softphoneAn application that allows a workstation to act as a phone using a built-in or externally-connected microphone and speaker.
softwareAn element of a system including, but not limited to, an application or operating system.
solid-state driveNon-volatile media that uses non-volatile flash memory media to retain its data when power is removed and, unlike non-volatile magnetic media, contains no moving parts.
split tunnellingFunctionality that allows personnel to access public network infrastructure and a Virtual Private Network connection at the same time, such as an organisation’s system and the internet.
Standard Operating EnvironmentA standardised build of an operating system and associated software that can be used for servers, workstations and mobile devices.
Standard Operating ProcedureInstructions for following a defined set of activities in a specific manner. For example, an approved data transfer process.
supplierOrganisations, such as application developers, IT equipment manufacturers, OT equipment manufacturers, service providers and data brokers, that provide products and services. Suppliers can also include other organisations involved in distribution channels.
systemA related set of hardware, software and supporting infrastructure used for the processing, storage or communication of data and the governance framework in which it operates.
system classificationThe classification of a system is the highest classification of data which the system is authorised to store, process or communicate.
system ownerThe executive responsible for a system.
system security planA document that describes a system and its associated controls.
system-specific security documentationA system’s system security plan, cyber security incident response plan, continuous monitoring plan, security assessment report, and plan of action and milestones.
telemetryThe automatic measurement and transmission of data collected from remote sources. Such data is often used within systems to measure the use, performance and health of one or more functions or devices that make up the system.
telephoneA device that is used for point-to-point communication over a distance. This includes digital and IP telephony.
telephone systemA system designed primarily for the transmission of voice communications.
TOP SECRET areaAn area that has been authorised to process, store or communicate TOP SECRET data. Such areas are not necessarily tied to a specific level of security zone.
Transfer Cross Domain SolutionA system that facilitates the transfer of data, in one or multiple directions (low to high or high to low), between different security domains.
transport modeAn IPsec mode that provides a secure connection between two endpoints by encapsulating an IP payload.
trusted sourceA person or system formally identified as being capable of reliably producing data meeting certain defined parameters, such as a maximum data classification and reliably reviewing data produced by others to confirm compliance with certain defined parameters.
tunnel modeAn IPsec mode that provides a secure connection between two endpoints by encapsulating an entire IP packet.
unprivileged accountsUnprivileged accounts include unprivileged user accounts and unprivileged service accounts.
unprivileged operating environmentsUnprivileged operating environments are those used for activities that do not require privileged access, such as reading emails and browsing the web.
unsecured spaceAn area not certified to the physical security requirements for a Security Zone Two to Security Zone Five area, as defined in the Department of Home Affairs’ Protective Security Policy Framework, Entity facilities policy, to allow for the processing or storage of classified data.
userAn individual that works for an organisation and is authorised to access a system.
user accountsUser accounts include privileged user accounts and unprivileged user accounts.
validationConfirmation (through the provision of strong, sound, objective evidence) that requirements for a specific intended use or application have been fulfilled.
verificationConfirmation, through the provision of objective evidence, that specified requirements have been fulfilled.
Virtual Local Area NetworkNetwork devices and other IT equipment grouped logically based on resources, security or business requirements instead of their physical location.
Virtual Private NetworkA network that maintains privacy through a tunnelling protocol and security procedures. Virtual Private Networks may use encryption to protect network traffic.
virtualisationSimulation of a hardware platform, operating system, application, storage device or network resource.
volatile mediaA type of media, such as random-access memory, which gradually loses its data when power is removed.
vulnerabilityA weakness in a system’s security requirements, design, implementation or operation that could be accidentally triggered or intentionally exploited and result in a violation of the system’s security policy.
vulnerability assessmentA vulnerability assessment can consist of a documentation-based review of a system’s design, an in-depth hands-on assessment or automated scanning with software tools. In each case, the goal is to identify as many vulnerabilities as possible.
wear levellingA technique used in non-volatile flash memory media to prolong the life of the media. As data can be written to and erased from memory blocks a finite number of times, wear-levelling helps to distribute writes evenly across each memory block, thereby decreasing wear and increasing its lifetime.
Wi-Fi Protected AccessA protocol designed for communicating data over wireless networks.
Wi-Fi Protected Access 2A protocol designed to replace the Wi-Fi Protected Access protocol for communicating data over wireless networks.
Wi-Fi Protected Access 3A protocol designed to replace the WPA2 protocol for communicating data over wireless networks.
wireless access pointA device which enables communications between wireless clients. It is typically also the device which connects wired and wireless networks.
wireless communicationsThe transmission of data over a communications path using electromagnetic waves rather than a wired medium.
wireless networkA network based on the 802.11 standards.
workstationA stand-alone or networked single-user computer.
X11 ForwardingX11, also known as the X Window System, is a basic method of video display used in a variety of operating systems. X11 Forwarding allows the video display from one device to be shown on another device.
Was this information helpful?

Thanks for your feedback!

Optional

Tell us why this information was helpful and we’ll work on making more pages like it