ICT Sector Acronyms

​

. A B C D E F G H I J K L M N O P Q R S T U V W X Z 

​

.NET Framework
.NET Framework is a software framework developed by Microsoft that runs primarily on Microsoft Windows. It includes a large class library named as Framework Class Library and provides language interoperability across several programming languages.
 

2FA
Two-factor authentication
 

3DES
Triple Data Encryption Standard

​

A
AACA
ASD Approved Cryptographic Algorithm
AACP
ASD Approved Cryptographic Protocol
ABS
Australian Bureau of Statistics
ACA
Australasian Certification Authority
Academic Centres of Cyber Security Excellence
The Academic Centres of Cyber Security Excellence (ACCSE) program is part of Australia's $230 million Cyber Security Strategy launched by the Prime Minister on 21 April 2016.
ACCC
Australian Competition and Consumer Commission
Access control
The process of granting or denying requests for access to systems, applications and information. Can also refer to the process of granting or denying requests for access to facilities.
Access Cross Domain Solution
A system permitting access to multiple security domains from a single client device.
Account harvesting
The illegal practice of collecting email accounts from information in the public domain or by using software to search for email addresses stored locally on a computer. Account harvesting may be used for spamming.
ACCSE
Academic Centres of Cyber Security Excellence
ACE
ASD Cryptographic Evaluation
ACEL
Australian Communication Exchange Limited
ACIC
Australian Criminal Intelligence Commission
ACMA
Australian Communications and Media Authority
ACORN
Australian Cybercrime Online Reporting Network (replaced by ReportCyber)
Acrobat
Adobe Acrobat is software to view, create, edit and manage PDF files
ACSC
Australian Cyber Security Centre
ACSI
Australian Communications Security Instruction
Active defence
The principle of proactively implementing a spectrum of security measures to strengthen a network or system to make it more robust against attack. Active defence is separate from offensive cyber operations, as well as passive defence or network hardening.
Note: some references to active defence focus on the employment of limited offensive action and counterattacks – commonly referred to as ‘hacking back’. The term active defence is not synonymous with ‘hacking back’, and should not be used interchangeably.
Ad blockers
An ad blocker is software that prevents advertisements from appearing with the content the user is intentionally viewing. People block ads for a variety of reasons. For example, many of them find marketing ads annoying and even stressful.
ADDC
Australian Data and Digital Council
Adobe
Adobe Inc, known until 3 October 2018 as Adobe Systems Incorporated, is an American multinational computer software company headquartered in San Jose, California.
Adobe Flash Player
Adobe Flash Player is computer software for using content created on the Adobe Flash platform, including viewing multimedia contents, executing rich Internet applications, and streaming audio and video
Adobe Reader
Adobe Reader is a free program created and distributed by Adobe Systems. It is used to open PDF documents. PDFs can be a wide variety of files, such as images, text documents, forms, books, or any combination of these. They are cross-platform, meaning each PDF will look the same on a Windows computer as it will on a Mac.
Advanced Persistent Threat
A label given to a set of malicious cyber activity with common characteristics, often orchestrated by a person or persons targeting specific entities over an extended period. An APT usually targets either private organisations, states or both for business or political motives.
Advice
An opinion recommending a course of action to be taken given the circumstances relating to a single moment or decision.
Advisory
Advisories provide timely information and advice about current security issues, vulnerabilities, and exploits.
Adware
A program that displays advertisements that can be installed legitimately as a part of another application or service, or illegitimately without the consent of the system user.
AES
Advanced Encryption Standard
AFP
Australian Federal Police
After market devices
A secondary market of an industry, concerned with the manufacturing, remanufacturing, distribution, retailing, and installation of all parts, equipment, and accessories, after the sale of the device by the original equipment manufacturer to the consumer.
AGAO
Australian Government Access Only
AGD
Attorney-General's Department
Aggregation (of data)
A term used to describe compilations of information that may require a higher level of protection than their component parts.
AH
Authentication Header
Air Gap
A network security measure employed on one or more computers to ensure that a secure computer network is physically isolated from unsecured networks, such as the public Internet or an unsecured local area network.
AirPort
AirPort Express, AirPort Extreme (Wi-Fi) and AirPort Time Capsule (Wi-Fi HDD).
AISEF
Australasian Information Security Evaluation Facility
AISEP
Australasian Information Security Evaluation Program
AISI
Australian Internet Security Initiative
Alert
An alert is intended to provide timely notification concerning threats or activity with the potential to impact individuals, businesses, organisations, government, devices, peripherals, networks or infrastructure.
Amazon
Amazon.com Inc is an American multinational technology company based in Seattle, focusing on e-commerce, cloud computing, digital streaming and artificial intelligence.
Amazon Web Services
Amazon Web Services is a comprehensive, evolving cloud computing platform provided by Amazon that includes a mixture of infrastructure as a service (IaaS), platform as a service (PaaS) and packaged software as a service (SaaS) offerings.
Android
Android is a mobile operating system developed by Google. It is used by several smartphones and tablets. The Android operating system is based on the Linux kernel.
ANSI
American National Standards Institute
Anti-virus
Software that is designed to detect, stop and remove viruses and other kinds of malicious software.
AP
Access Point
App
Application
Apple
Apple, Inc. is an electronics and software company based in California, USA. Originally known as Apple Computer.
Apple ID
Apple ID is an authentication method used by Apple for iPhone, iPad, Mac and other Apple devices. Apple IDs contain user personal information and settings. When an Apple ID is used to log into an Apple device, the device will automatically use the settings associated with the Apple ID.
Apple support
Help and support service provided by Apple
Application
Application software is a program or group of programs designed for end users. Examples of an application include a word processor, a spreadsheet, an accounting application, a web browser, an email client, a media player, a file viewer, an aeronautical flight simulator, a console game or a photo editor. The collective noun application software refers to all applications collectively. This contrasts with system software, which is mainly involved with running the computer.
Application control
An approach in which only an explicitly defined set of trusted applications are allowed to execute on systems.
APRA
Australian Prudential Regulation Authority
APT
Advanced Persistent Threat
Archive
A place where an accumulation of computer files is stored. It could be disk storage, flash drive, a backup disk drive, an online backup service and indexing internet pages.
Artificial Intelligence
Artificial intelligence is the simulation of intelligence processes by machines, especially computer systems. These processes include learning (the acquisition of information and rules for using the information), reasoning (using the rules to reach approximate or definite conclusions), and self-correction. Particular applications of AI include threat identification, expert systems, speech recognition and machine vision.
ASD
Australian Signals Directorate
ASD Cryptographic Evaluation
A program that analyses products to determine whether their security architecture and cryptographic algorithms have been implemented correctly and are strong enough for the products intended use.
ASIC
Australian Securities and Investments Commission
ASIO
Australian Security Intelligence Organisation
Asset
Anything of value, such as ICT equipment, software or information.
ATA
Advanced Technology Attachment
ATO
Australian Taxation Office
Attack surface
The amount of ICT equipment and software used in a system. The greater the attack surface the greater the chances of an adversary finding an exploitable security vulnerability.
Attribution
The process of assessing the source, perpetrator or sponsor of malicious activity. Statements of attribution often use probabilistic language and indicate the level of confidence in the assessment.
Audit log
A chronological record of system activities including records of system access and operations performed.
Audit trail
A chronological record that reconstructs the sequence of activities surrounding, or leading to, a specific operation, procedure or event.
AUSTEO
Australian Eyes Only
Australasian Information Security Evaluation Facility
A program that evaluates products in order to protect systems and information against cyber threats. These evaluation activities are certified by the Australasian Certification Authority.
Australasian Information Security Evaluation Program
A program under which evaluations are performed by impartial bodies against the Common Criteria. The results of these evaluations are then certified by the Australian Cyber Security Centre (ACSC) which is responsible for the overall operation of the program.
Australasian Information Security Evaluation Program
The Australasian Information Security Evaluation Program (AISEP) evaluates products in order to protect systems and information against cyber threats. These evaluation activities are certified by the Australasian Certification Authority.
Australian Bureau of Statistics
The Australian Bureau of Statistics is the independent statistical agency of the Government of Australia. The Australian Bureau of Statistics provides key statistics on a wide range of economic, population, environmental and social issues, to assist and encourage informed decision making, research and discussion within governments and the community.
Australian Communication Exchange Limited
The charity's purpose is to provide communication assistance for the deaf and hearing-impaired community.
Australian Communications and Media Authority
The Australian Communications and Media Authority is an Australian Government statutory authority within the Communications portfolio.
Australian Competition and Consumer Commission
The Australian Competition and Consumer Commission is an independent authority of the Australian Government. Its mandate is to protect consumer rights, business rights and obligations, perform industry regulation and price monitoring and prevent illegal anti-competitive behaviour.
Australian Criminal Intelligence Commission
The Australian Criminal Intelligence Commission is a law enforcement agency established by the Australian federal government on 1 July 2016. It has specialist investigative capabilities and delivers and maintains national information sharing systems.
Australian Cyber Security Centre
The Australian Cyber Security Centre is the Australian Government lead agency for cyber security. The ACSC is part of the Australian Signals Directorate.
Australian Cybercrime Online Reporting Network
Replaced by ReportCyber
Australian Data and Digital Council
Is a department that provides high quality advice and support to the Prime Minister, the Cabinet, Portfolio Ministers and Assistant Ministers to achieve a coordinated and innovative approach to the development and implementation of Government policies. They coordinate and develop policy across the Government in economic, domestic and international issues, Aboriginal and Torres Strait Islander affairs and public service stewardship.
Australian Eyes Only information
Information not to be passed to, or accessed by, foreign nationals.
Australian Federal Police
The Australian Federal Police's role is to enforce Commonwealth criminal law, contribute to combating complex, transnational, serious and organised crime impacting Australia's national security and to protect Commonwealth interests from criminal activity in Australia and overseas.
Australian Government Access Only information
Information not to be passed to, or accessed by, foreign nationals, with the exception of seconded foreign nationals.
Australian Government Information Security Manual
The information security manual produced by the Australian Cyber Security Centre outlines a cyber security framework that organisations can apply, using their risk management framework, to protect their information and systems from cyber threats.
Australian Internet Security Initiative
The Australian Internet Security Initiative is a program run by Australian Cyber Security Centre that helps to reduce malicious software (malware) infections and service vulnerabilities occurring on Australian internet protocol address ranges. It operates as a public-private partnership where Australian internet providers voluntarily work with ACSC to help protect their customers from cyber security threats.
Australian Prudential Regulation Authority
The Australian Prudential Regulation Authority is a statutory authority of the Australian Government and the prudential regulator of the Australian financial services industry.
Australian Security Intelligence Organisation
The Australian Security Intelligence Organisation is Australia's national security agency responsible for the protection of the country and its citizens from espionage, sabotage, acts of foreign interference, politically motivated violence, attacks on the Australian defence system, and terrorism.
Australian Signals Directorate
Australian Signals Directorate is the Australian government agency responsible for foreign signals intelligence, support to military operations, cyber warfare, and information security.
Australian Signals Directorate Cryptographic Evaluation
The rigorous investigation, analysis, verification and validation of cryptographic software and equipment by ASD against a stringent security standard.
Australian Taxation Office
The Australian Taxation Office is the principal revenue collection agency of the Australian Government. Their role is to effectively manage and shape the tax and superannuation systems that support and fund services for Australians.
Authentication
Verifying the identity of a user, process or device as a prerequisite to allowing access to resources in a system.
Authentication Header
A protocol used in Internet Protocol Security (IPsec) that provides data integrity and data origin authenticity but not confidentiality.
Authorising officer
An executive with the authority to formally accept the security risks associated with the operation of a system and to authorise it to operate.
Availability
The assurance that systems and information are accessible and useable by authorised entities when required.
AWS
Amazon Web Services

​

​

B
Back door
A feature or defect of a computer system that allows access to data by bypassing normal security measures.
Backup
In information technology, a backup, or data backup is a copy of computer data taken and stored elsewhere so that it may be used to restore the original after a data loss event.
Banking
An institution offering certain financial services, such as the safekeeping of money, conversion of domestic into and from foreign currencies, lending of money at interest, and acceptance of bills of exchange.
Big data
Large amounts of structured and unstructured data that exceeds the ability of commonly used software tools to capture, manage and process. Big data requires techniques and technologies with new forms of integration to reveal insights from datasets that are diverse, complex, and of a massive scale.
Biometrics
Measurable physical characteristics used to identify or verify an individual.
Bitcoin
A digital currency and payment system underpinned by blockchain technology. Bitcoins can be used for online purchases, or converted into traditional currency.
Black hat
A person that hacks for personal gain and/or who engages in illicit and unsanctioned hacking activities.
Blackmail
Blackmail is an act of coercion using the threat of revealing or publicising either substantially true or false information about a person or people unless certain demands are met. It is often damaging information and may be revealed to family members or associates rather than to the general public.
Blockchain
A distributed database that maintains a continuously growing list of records, called blocks, secured from tampering and revision. Each block contains a timestamp and a link to a previous block. By design, blockchains are inherently resistant to modification of the data—once recorded, the data in a block cannot be altered retroactively.
Blocklist
A list of entities that are not considered trustworthy and are blocked or denied access.
BlueBorne
BlueBorne is a type of security vulnerability by which hackers can leverage Bluetooth connections to penetrate and take complete control over targeted devices. BlueBorne affects ordinary computers, mobile phones, smart cars and wearable gadgets.
BlueKeep
BlueKeep is a vulnerability in the Remote Desktop Protocol (RDP) that can affect the Windows Vista, Windows 7, Windows XP, Server 2003 and Server 2008 operating systems.
Bluetooth
Bluetooth is a wireless technology standard used for exchanging data between fixed and mobile devices over short distances using short-wavelength UHF radio waves.
Bogus request
Fake request
Bot
A program that performs automated tasks. In a cyber security context, a malware-infected computer that carries out tasks set by someone other than the device's legitimate user.
Botnet
A collection of computers infected by bots, remotely controlled by an actor to conduct malicious activities without the user's knowledge, such as to send spam, spread malware, conduct denial of service activities or steal data.
Breach (data)
When data is lost or subjected to unauthorised access, modification, disclosure, or other misuse or interference. Also referred to as a ‘Data Spill’.
Breach (security)
An incident that results in unauthorised access of data, applications, services, networks and/or devices by bypassing their underlying security mechanisms.
Bring Your Own Device
An organisational policy that allows employees to use their own personal devices for work purposes. These devices connect to and utilise the organisations’ network, data and resources.
Broadband
Broadband is a wide bandwidth data transmission which transports multiple signals and traffic types. In the context of internet access, Broadband is used to mean any high speed internet access that is always on.
Broadcasting
Broadcasting is the distribution of audio or video content to a dispersed audience via any electronic mass communications medium, but typically one using the electromagnetic spectrum.
Browser
A software application for retrieving, presenting and traversing information resources on the world wide web.
Browser hijacking
Occurs when your browser settings are changed without your knowledge or consent. Your browser may persistently redirect to malicious or other unwanted websites.
Browsing history
The list of web pages a user has visited recently - and associated data such as page title and time of visit - which is recorded by web browser software as standard for a certain period of time.
Brute force
A typically unsophisticated and exhaustive process to determine a cryptographic key or password that proceeds by systematically trying all alternatives until it discovers the correct one.
Bug
A flaw or error in a software program.
Business continuity
Business continuity encompasses a loosely defined set of planning, preparatory and related activities which are intended to ensure that an organisation's critical business functions will either continue to operate despite serious incidents or disasters that might otherwise have interrupted them, or will be recovered to an operational state within a reasonably short period.
Business email compromise
Business email compromise attacks are a form of cybercrime which use email fraud to attack business, government and non-profit organisations to achieve a specific outcome which negatively impacts the target organisation.
Business scams
A dishonest scheme that aims to get money, or something else of value from businesses.
Buying online
A form of electronic commerce which allows consumers to directly buy goods or services from a seller over the internet using a web browser.
BYOD
Bring Your Own Device

​

​

​

C
C2 or C&C
Command and control
CAG
Content Advisory Group
Cameras
A device for recording visual images in the form of photographs, film or video signals.
Car hacking
The manipulation of the code in a car's electronic control unit to exploit a vulnerability and gain control of other electronic control unit's in the vehicle.
Cascaded connections
Cascaded connections occur when one network is connected to another, which is then connected to another, and so on.
Case study
a factual representation of what happened along with some analysis that provides insights and learning for the future.
Catfish
Internet predators who create fake online identities to lure people into emotional or romantic relationships for personal or financial gain.
Caveat
A marking that indicates that the information has special requirements in addition to those indicated by its classification. This term covers codewords, source codewords, releasability indicators and special-handling caveats.
CCRA
Common Criteria Recognition Arrangement
CCSL
Certified Cloud Services List
CDN
content delivery network
CDS
Cross Domain Solution
Central Processing Unit
The electronic circuitry within a computer that executes instructions that make up a computer program. The central processing unit performs basic arithmetic, logic, controlling, and input/output operations specified by the instructions in the program.
CEO
Chief Executive Officer
CERT Australia
CERT Australia is the national computer emergency response team. CERT Australia provides advice and support on cyber threats and vulnerabilities to the owners and operators of Australia's critical infrastructure and other systems of national interest.
Certificates
A secure certificate, is a file installed on a secure web server that identifies a website. This digital certificate establishes the identity and authenticity of the company or merchant so that online shoppers can trust that the website is secure and reliable.
Certification report
An artefact of Common Criteria evaluations that outlines the outcomes of a product’s evaluation.
Certified Cloud Services List
Certified Cloud Services List is a list of ASD certified Cloud Services.
CGCE
Commercial Grade Cryptographic Equipment
Checkpoint
Check Point is a multinational provider of software and combined hardware and software products for IT security, including network security, endpoint security, cloud security, mobile security, data security and security management.
Chief Executive Officer
The highest ranking executive in a company, whose primary responsibilities include making major corporate decisions, managing the overall operations and resources of a company, acting as the main point of communication between the board of directors and corporate operations and being the public face of the company.
Chief Information Security Officer
A senior executive who is responsible for coordinating communication between security and business functions as well as overseeing the application of security controls and associated security risk management processes.
Chrome
A very popular web browser from Google that was introduced for Windows in 2008 and for the Mac and Linux in 2009.
ChromeOS
Chrome OS is a Linux kernel-based operating system designed by Google. It is derived from the free software Chromium OS and uses the Google Chrome web browser and Aura Shell as its principal user interface.
CIMA
Cyber Incident Management Arrangements
Cisco
An American multinational technology conglomerate headquartered in San Jose, California, in the centre of Silicon Valley. Cisco develops, manufactures and sells networking hardware, software, telecommunications equipment and other high-technology services and products.
CISO
Chief Information Security Officer
Citrix
An American multinational software company that provides server, application and desktop virtualisation, networking, software as a service, and cloud computing technologies.
Classification
The categorisation of systems and information according to the expected impact if it was to be compromised.
Classified information
Information that requires increased security to protect its confidentiality (i.e. information marked PROTECTED, SECRET or TOP SECRET).
Click farm
The click farm is made up of armies of low paid workers whose job is to click on links, surf around the target website for a period of time, perhaps signing up for newsletters and then to moving on to another link. It is very hard for an automated filter to analyse this simulated traffic and detect that is it invalid as it has exactly the same profile as a real site visitor.
Click fraud
Using a compromised computer to click ads on a website without the user’s awareness, with the intention of generating revenue for the website, or draining resources from the advertiser.
Clickbait
Clickbait is a form of false advertisement which uses hyperlink text or a thumbnail link that is designed to attract attention and entice users to follow that link and read, view, or listen to the linked piece of online content, with a defining characteristic of being deceptive, typically sensationalised or misleading.
Cloud
A network of remote servers hosted on the internet and used to store, manage, and process data in place of local servers or personal computers.
Cloud computing
A service model that enables network access to a shared pool of computing resources such as data storage, servers, software applications and services.
Cloud Service Provider
A company that offers some component of cloud computing - typically infrastructure as a service (laaS), software as a service (SaaS) or platform as a service (PaaS) - to other businesses or individuals.
CMS
Content Management System
CNSA
Commercial National Security Algorithm
Code
Program instructions
Coercivity
A property of magnetic material, used as a measure of the amount of coercive force required to reduce the magnetic induction to zero from its remnant state.
Cold-call
Make an unsolicited visit or telephone call to (someone), in an attempt to sell goods or services.
ColdFusion
A web development suite that used for developing scalable e-business applications. It has the ability to build websites as individual pieces that can be stored in its internal database, then reassembled to form webpages, e-newsletters etc.
Command and control
A set of organisational and technical attributes and processes that employs human, physical, and information resources to solve problems and accomplish missions.
Commercial grade cryptographic equipment
A subset of ICT equipment which contains cryptographic components.
Common Criteria
An international standard for software and ICT equipment evaluations.
Common Criteria Recognition Arrangement
An international agreement which facilitates the mutual recognition of Common Criteria evaluations by certificate producing schemes.
Communications
The transfer of data and information from one location to another.
Communications security
The security measures taken to deny unauthorised personnel information derived from telecommunications and to ensure the authenticity of such telecommunications.
Compromise
The disclosure of information to unauthorised persons, or a violation of the security policy of a system in which unauthorised intentional or unintentional disclosure, modification, destruction or loss of an object may have occurred.
Computer
A programmable electronic device designed to accept data, perform prescribed mathematical and logical operations at high speed, and display the results of these operations.
Computer network
Two or more interconnected devices that can exchange data.
Conduit
A tube, duct or pipe used to protect cables.
Confidentiality
The assurance that information is disclosed only to authorised entities.
Connection forwarding
The use of network address translation to allow a port on a node inside a network to be accessed from outside the network. Alternatively, using a Secure Shell server to forward a Transmission Control Protocol connection to an arbitrary port on the local host.
Consumer Electronics Show
An annual trade show organised by the Consumer Technology Association.
Consumer fraud week
A campaign to raise awareness of the types of scams that target older Australians, educate older Australians on how to identify and avoid scams and provide older Australians with information on what to do if they've been scammed.
Consumer guide
Specific configuration and usage guidance for products evaluated through the ASD Cryptographic Evaluation program or the High Assurance evaluation program.
Content filter
A filter that examines content to assess conformance against a security policy.
Content Security Policy
A computer security standard introduced to prevent cross-site scripting, clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context.
Cookie
A small text file that is transmitted by a website and stored in the user's web browser, used to identify the user and prepare customized webpages. A cookie can be used to track a user’s activity while browsing the internet.
Copyright
The exclusive legal right to reproduce, publish, sell, or distribute the matter and form of something.
Corporate espionage
The improper or unlawful theft of trade secrets or other knowledge proprietary to a competitor for the purpose of achieving a competitive advantage in the marketplace.
Credential theft
A type of cybercrime that involves stealing a victim's proof of identity. Once credential theft has been successful, the attacker will have the same account privileged as the victim. Stealing credentials is the first stage in a credential based attack.
Critical infrastructure
Physical facilities, supply chains, information technologies and communication networks which – if destroyed, degraded or rendered unavailable for an extended period – would significantly impact on the social or economic wellbeing of the nation, or affect a nation’s ability to conduct national defence and ensure national security.
Cross domain solution
A system capable of implementing comprehensive data flow security policies with a high level of trust between two or more differing security domains.
Crypto-currencies
A type of digital currency which uses encryption techniques to regulate the generation of units of currency and verify the transfer of funds, operating independently of a central bank.
Cryptocurrency
A type of digital currency that uses cryptography for security and anti-counterfeiting measures.
Cryptographic algorithm
An algorithm used to perform cryptographic functions such as encryption, integrity, authentication, digital signatures or key establishment.
Cryptographic equipment
A generic term for Commercial Grade Cryptographic Equipment and High Assurance Cryptographic Equipment.
Cryptographic hash
An algorithm (the hash function) which takes as input a string of any length (the message) and generates a fixed length string (the message digest or fingerprint) as output. The algorithm is designed to make it computationally infeasible to find any input which maps to a given digest, or to find two different messages that map to the same digest.
Cryptographic protocol
An agreed standard for secure communication between two or more entities to provide confidentiality, integrity, authentication and non-repudiation of information.
Cryptographic software
Software designed to perform cryptographic functions.
Cryptographic system
A related set of hardware or software used for cryptographic communication, processing or storage, and the administrative framework in which it operates.
Cryptography
The practice and study of techniques for securing communications in which plaintext data is converted through a cipher into ciphertext, from which the original data cannot be recovered without the cryptographic key.
Cryptomining
A process in which transactions for various forms of cryptocurrency are verified and added to the blockchain digital ledger.
CSIR
Cyber Security Incident Responder
Cyber adversary
An individual or organisation (including state-sponsored) that conducts malicious activity including cyber espionage, crime or attack.
Cyber attack
A deliberate act through cyberspace to manipulate, disrupt, deny, degrade or destroy computers or networks, or the information resident on them, with the effect of seriously compromising national security, stability or economic prosperity.
Note: there are multiple global definitions of what constitutes a cyber attack.
Cyber bullying
A form of bullying or harassment using electronic means. It is when someone bullies or harasses others on the internet and in other digital spaces, particularly on social media sites.
Cyber defence
Defensive activity designed to protect information and systems against offensive cyber operations.
Cyber espionage
Malicious activity designed to covertly collect information from an adversary’s computer systems for intelligence purposes without causing damage to those systems. Can be conducted by state or non-state entities, and can also include theft for commercial advantage.
Cyber event
An identified occurrence of a system, service or network state indicating a possible breach of information security policy or failure of safeguards, or a previously unknown situation that may be security relevant.
Cyber Incident Management Arrangements
The CIMA provides Australian governments with guidance on how they will collaborate in response to, and reduce the harm associated with, national cyber incidents.
Cyber operations
Offensive and defensive activities designed to achieve effects in or through cyberspace.
Cyber resilience
The ability to adapt to disruptions caused by cyber security incidents while maintaining continuous business operations. This includes the ability to detect, manage and recover from cyber security incidents.
Cyber safety
The safe and responsible use of Information and Communication Technologies.
Cyber security
Measures used to protect the confidentiality, integrity and availability of systems and information.
Cyber Security Challenge Australia
Cyber Security Challenge Australia is a hacking competition run by an alliance of Australian Government, business and academic professionals who are committed to finding the next generation of Australian cyber security talent.
Cyber security event
An occurrence of a system, service or network state indicating a possible breach of security policy, failure of safeguards or a previously unknown situation that may be relevant to security.
Cyber security incident
An unwanted or unexpected cyber security event, or a series of such events, that have a significant probability of compromising business operations.
Cyber security incident responder
A cyber firefighter, rapidly addressing security incidents and threats within an organisation. In your role as a first responder, you will be using a host of forensics tools to find the root cause of a problem, limit the damage and significantly reduce the likelihood of it occurring again.
Cyber stalking
Is the use of the internet or other electronic means to stalk or harass an individual, group, or organisation.
Cyber supply chain
Cyber supply chain includes the design, manufacture, delivery, deployment, support and decommissioning of equipment or services that are utilised within an organisation's cyber ecosystem.
Cyber threat
Any circumstance or event with the potential to harm systems or information.
Cyber warfare
The use of computer technology to disrupt the activities of a state or organisation, especially the deliberate disruption, manipulation or destruction of information systems for strategic, political or military purposes.
Cyber weapon
A computer code that is used, or designed to be used, with the aim of causing physical, functional, or mental harm to structures, systems, or people.
Cyber weapon is a contentious term among the international policy and legal communities, and there is an absence of agreement surrounding its connotations and implications. Avoid using ‘cyber weapon’ and use more generic terms such as destructive tools or exploits when describing the capabilities used by cyber actors.
Cybercrime
Crimes directed at computers, such as illegally modifying electronic data or seeking a ransom to unlock a computer affected by malicious software. It also includes crimes where computers facilitate an existing offence, such as online fraud or online child sex offences.
Cyberspace
The environment formed by physical and non-physical components to store, modify, and exchange data using computer networks.
CySCA
Cyber Security Challenge Australia

​

D
Dark web
The dark web is made up of sites that are not indexed by search engines and are only accessible through specialty networks such as The Onion Router (ToR). Often, the dark web is used by website operators who want to remain anonymous. The ‘Dark Web’ is a subset of the ‘Deep Web’.
Data
The basic element that can be processed or produced by a computer to convey information.
Data at rest
Information that resides on media or a system.
Data breach
The unauthorised movement or disclosure of sensitive private or business information.
Data dump
A large amount of data transferred from one system or location to another.
Data Encryption Algorithm
Data encryption algorithms are the algorithms that are used to encrypt and decrypt data. This algorithm type is used for encrypting data to encrypt and decrypt various parts of the message, including the body content and the signature.
Data in transit
Information that is being communicated across a communication medium.
Data protection
Data protection is the process of safeguarding important information from corruption, compromise or loss.
Data spill
The accidental or deliberate exposure of information into an uncontrolled or unauthorised environment, or to people without a need-to-know.
DBMS
Database management system
DCS
Distributed control system
DDoS
Distributed Denial-of-Service
DEA
Data Encryption Algorithm 
Declassification
A process whereby information is reduced to an OFFICIAL level and an administrative decision is made to formally authorise its release into the public domain.
Decrypting RSA With obsolete and weakened encryption
A cross-protocol security bug that attacks servers supporting modern SSLv3/TLS protocol suites by using their support for the obsolete, insecure, SSL v2 protocol to leverage an attack on connections using up-to-date protocols that would otherwise be secure.
Decryption
The decoding of encrypted messages.
Deep web
The part of the internet that is not indexed by search engines. Includes websites that are password-protected and paywalled, as well as encrypted networks, and databases.
Default passwords
where a device needs a username and/or password to log in, a default password is usually provided that allows the device to be accessed during its initial setup, or after resetting to factory defaults.
Defence in depth
The implementation of multiple layers of security controls in a system to provide redundancy in the event a security control fails or a vulnerability is exploited.
Defence Intelligence Organisation
The Defence Intelligence Organisation is an Australian Government intelligence agency responsible for strategic intelligence and technical intelligence assessments, advising defence and government decision-making on national security and international security issues, and the planning and conduct of Australian Defence Force operations. 
Degausser
An electrical device or permanent magnet assembly which generates a coercive magnetic force for the purpose of degaussing magnetic storage devices.
Degaussing
A process for reducing the magnetisation of a magnetic storage device to zero by applying a reverse (coercive) magnetic force, rendering any previously stored information unreadable.
Demilitarised zone
A small network with one or more servers that is kept separate from the core network, typically on the outside of the firewall or as a separate network protected by the firewall. Demilitarised zones usually provide information to less trusted networks, such as the internet.
Denial of Service
When legitimate users are denied access to computer services (or resources), usually by overloading the service with requests.
Denial-of-Service attack
An attempt by an adversary to prevent legitimate access to online services (typically a website), for example, by consuming the amount of available bandwidth or the processing capacity of the server hosting the online service.
Department of Home Affairs
The Department of Home Affairs is the Australian Government interior ministry with responsibilities for national security, law enforcement, emergency management, border control, immigration, refugees, citizenship, and multicultural affairs.
Device access control software
Software that can be used on a system to restrict access to communications ports. Device access control software can block all access to a communications port or allow access based on device types, manufacturer’s identification or even unique device identifiers.
DH
Diffie-Hellman
DHA
Department of Home Affairs
Dictionary attack
Where attackers use ‘password dictionaries’ or long lists of the most commonly-used passwords and character combinations against a password in order to guess it and break into a system.
Digital certificate
An electronic document used to identify an individual, a system, a server, a company, or some other entity, and to associate a public key with the entity. A digital certificate is issued by a certification authority and is digitally signed by that authority.
Digital footprint
The unique set of traceable activities, actions, contributions and communications that are manifested on the Internet or on digital devices.
Digital preservation
The coordinated and ongoing set of processes and activities that ensure long-term, error-free storage of digital information, with means for retrieval and interpretation, for the entire time span the information is required.
Digital signature
A cryptographic process that allows the proof of the source (with non-repudiation) and the verification of the integrity of that data.
Digital Transformation Agency
The Digital Transformation Agency is an Executive Agency within the Social Services Portfolio. The DTA exists to make it easy for people to deal with government, by helping government transform services to be simple, clear and fast.
DIO
Defence Intelligence Organisation
Diode
A device that allows data to flow in only one direction.
Disaster recovery
Disaster recovery involves a set of policies, tools and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster. Disaster recovery focuses on the IT or technology systems supporting critical business functions, as opposed to business continuity.
Distributed Denial of Service
A denial-of-service (DoS) where the source is comprised of multiple unique IP addresses used to flood the bandwidth or resources of a targeted system or network.
Distributed denial-of-service attack
A distributed form of denial-of-service attack.
DKIM
DomainKeys Identified Mail
DMA
Direct Memory Access
DMARC
Domain-based Message Authentication, Reporting and Conformance
DNS
Domain Name System
Domain
In the Internet, a part of a naming hierarchy in which the domain name consists of a sequence of names (labels) separated by periods (dots).
Note: There are multiple other technical and communications-related definitions for ‘domain’.
Domain Name System
The naming system that translates domain names into IP addresses.
Domain verification
When you are checked and verified as a legitimate user so you can see and access a website.
Domain-based Message Authentication, Reporting and Conformance
DMARC is an email authentication protocol. It is designed to give email domain owners the ability to protect their domain from unauthorised use, commonly known as email spoofing. 
DomainKeys Identified Mail
DomainKeys Identified Mail is a system for authenticating email that works with modern Message Transfer Agent systems. This resource was created to help fight spam, and uses a digital signature to help email recipients determine whether an email is legitimate.
DoS
Denial of Service
DoS attacks
Denial of Service attacks
Downloader
A type of trojan that downloads other malware onto your PC. The downloader needs to connect to the Internet to download the files.
Doxing
Obtaining and publishing private or personally identifiable information about an individual over the internet. Information can be obtained through a range of methods including network compromise, social engineering, data breaches, or research.
Drive-by download
The unintended – automatic or accidental – download of malware from the internet.
Drive-by download attacks
Refers to the unintentional download of malicious code to your computer or mobile device that leaves you open to a cyberattack. You don't have to click on anything, press download, or open a malicious email attachment to become infected.
Driver
Software that interfaces a hardware device with an operating system.
Dropper
A type of trojan that installs other malware files onto your PC. The other malware is included within the trojan file, and does not require connection to the internet.
DROWN
Decrypting RSA With Obsolete and Weakened Encryption
Drupal
Drupal is a free and open-source web content management framework written in PHP and distributed under the GNU General Public License.
DSA
Digital Signature Algorithm
DTA
Digital Transformation Agency
Dual-stack network device
ICT equipment that implements both Internet Protocol version 4 and Internet Protocol version 6 protocol stacks.

​

​

E
EAL
Evaluation Assurance Level
EAP
Extensible Authentication Protocol
EAP-TLS
Extensible Authentication Protocol-Transport Layer Security
Easter egg
An Easter egg is the hidden functionality within an application program, which becomes activated when an undocumented set of commands and keystrokes are entered. Easter eggs are typically used to display the credits for the development team or a humorous message and are intended to be nonthreatening.
Easy Steps Guide
A guide developed by Australian Cyber Security Centre to help Australians protect themselves from cyber criminals.
ECDH
Elliptic Curve Diffie-Hellman
ECDSA
Elliptic Curve Digital Signature Algorithm
EEPROM
Electrically erasable programmable read-only memory
EFTPOS
Electronic funds transfer at point of sale
Electronic funds transfer at point of sale
Electronic funds transfer at point of sale is an electronic payment system involving electronic funds transfers based on the use of payment cards, such as debit or credit cards, at payment terminals located at points of sale.
Email
Electronic mail is a method of exchanging messages between people using electronic devices.
Emanation security
The counter-measures employed to reduce classified emanations from a facility and its systems to an acceptable level. Emanations can be in the form of Radio Frequency energy, sound waves or optical signals.
Emanation security program
An ACSC program that sets out the requirements for government and organisations to be formally recognised to conduct emanation security practices to national standards.
EMET
Enhanced Mitigation Experience Toolkit
Emotet
Emotet is a malware strain and a cybercrime operation. First versions of the Emotet malware functioned as a banking trojan aimed at stealing banking credentials from infected hosts. Emotet operators then updated the trojan and reconfigured it to work primarily as a "loader", a type of malware that gains access to a system, and then allows its operators to download additional payloads.
EMSEC or ESP
Emanation security program
Encapsulating Security Payload
A protocol used for encryption and authentication in IPsec.
Encrypt
Convert information or data into a code, especially to prevent unauthorized access.
Encrypt files
The process of converting files into a code, to prevent unauthorized access.
Encryption
The conversion of electronic plaintext data into unreadable ciphertext using algorithms. Encryption protects the confidentially of data at rest and in transit. Both encryption and decryption are functions of cryptography.
Encryption software
Software designed to ensure the confidentiality of data by encrypting it when at rest.
End of support
End-of-support refers to a situation in which a company ceases support for a product or service. This is typically applied to hardware and software products when a company releases a new version and ends support for previous versions.
End to end encryption
A method of secure communication where only the communicating users can read data transferred from one end system or device to another.
End User Device
A personal computer, personal digital assistant, smart phone, or removable storage media (e.g. USB flash drive, memory card, external hard drive, writeable CD or DVD) that can store information.
Endpoint security
A methodology of protecting a network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats.
Enterprise mobility
An approach to work in which employees can do their jobs from anywhere using a variety of devices and applications.
EPL
Evaluated Products List
EPROM
Erasable programmable read-only memory
Escort
A person who ensures that when maintenance or repairs are undertaken to ICT equipment that uncleared personnel are not exposed to information they are not authorised to access.
ESP
Encapsulating Security Payload
Essential Eight
The Essential Eight are eight essential mitigation strategies that organisations are recommended to implement as a baseline to make it much harder for adversaries to compromise systems.
Essential services
Essential services refer to those services that are vital to the health and welfare of a population and therefore are essential to maintain even in a disaster.
Evaluated Products List
The Evaluated Products List is the definitive list of certified information and communications technology products for use by Australian and New Zealand government agencies in the protection of government information as required by the Australian Government Information Security Manual.
Evaluation Assurance Level
Evaluation Assurance Level (EAL1 through EAL7)
Event
In the context of system logs, an event constitutes an evident change to the normal behaviour of a network, system or user.
Event forwarding
Event forwarding is the transmission of information to a centralised computer concerning events that take place on remote computers or servers. In this context, an event is any occurrence that affects a file, program, task. Events are commonly used for troubleshooting applications and drivers.
Event logging
An event log is often used by a tool called security information and event management tool. This tool provides a higher level of analysis of the contents of an event log to help network administrators determine what is going on within a network.
Executable
A file that causes a computer to perform indicated tasks according to encoded instructions.
Exploit
A piece of code that exploits bugs or vulnerabilities in software or hardware to gain access a system or network.
e
eSafety Commissioner
eSafety is an independent statutory office supported by the Australian Communications and Media Authority. The eSafety Commissioner has various functions and powers under the Australian Government legislation, to foster online safety.
eXtensible Markup Language
Extensible Markup Language is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable.

​

​

​

F
Facebook
Facebook is a popular free social networking website that allows registered users to create profiles, upload photos and video, send messages and keep in touch with friends, family and colleagues.
FaceTime
Facetime is an Apple video telephony application that allows users to engage in one on one video chatting over the internet.
Facility
A physical space where business is performed. For example, a facility can be a building, a floor of a building or a designated space on the floor of a building.
Fake email
Fake email is sending counterfeit email by using a sender's address without their knowledge.
Fake trader
A trader that is in not legitimate.
Fake Twitter accounts
Twitter accounts that are not legitimate.
Fake website
Websites that are not legitimate.
Fax machine
A device that allows copies of documents to be sent over a telephone network.
Fibre
A fibre is a particularly lightweight thread of execution. Like threads, fibres share address space. However, fibres use cooperative multitasking while threads use pre-emptive multitasking.
FIPS
Federal Information Processing Standard
Firefox
Firefox is a free and open source web browser developed by the Mozilla foundation.
Firewall
A network device that filters incoming and outgoing network data based on a series of rules.
Firmware
Software embedded in ICT equipment.
Five Eyes
The Five Eyes is an Anglophone intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom and the United States of America.
Flash memory media
A specific type of electrically erasable programmable read-only memory.
Flash Player
Adobe Flash Player is computer software for using content created on the Adobe Flash platform, including viewing multimedia contents, executing rich internet applications, and streaming audio and video.
Flaw
A defect, fault, or imperfection, especially one that is hidden.
Fly lead
A lead that connects ICT equipment to the fixed infrastructure of a facility. For example, the lead that connects a workstation to a network wall socket.
Foreign national
A person who is not an Australian citizen.
Foreign system
A system that is not solely owned and managed by the Australian Government.
Fraud
Fraud is intentional deception to secure unfair or unlawful gain, or to deprive a victim of a legal right.
Fraud Week
Fraud week is where multiple organisations promote anti-fraud awareness and education to minimize the impact of fraud.
Fuzzing
Fuzzing (or fuzz testing) is a method used to discover errors or potential security vulnerabilities in software.

​

​

​

G
Gateway
Gateways securely manage data flows between connected networks from different security domains.
GDPR
General Data Protection Regulation
General Data Protection Regulation
The General Data Protection Regulation is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas.
Global Positioning System
A system of satellites combined with receivers on the Earth that determines the latitude and longitude of any particular receiver through triangulation.
Gmail
Gmail is a free web based email service in development at Google that provides users with a gigabyte of storage for messages and includes search functionality for finding specific messages.
Google
Google is a widely popular search engine.
Google Drive
Google Drive is a file storage and synchronisation service developed by Google. Google Drive allows users to store files on their servers, synchronise files across devices, and share files.
Google Play
Google play, formerly Android Market, is an American digital distribution service operated and developed by Google. It serves as the official app store for the Android operating system, allowing users to browse and download applications developed with the Android software development kit and published through Google.
GoToMyPC
GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser.
GovHack
GovHack is an international competition for people of all abilities who seek to make life better through open data. Across one weekend, thousands come together to form teams, agree projects, and participate in what has become one of the world's largest open data competitions.
GPS
Global Positioning System
Greenfield
Greenfield is a software project that is developed from scratch rather than built from an existing program.
Grey hat
A hacker or computer security expert who may sometimes violate laws or typical ethical standards, but may not have the malicious intent typical of a black hat hacker. See also ‘white hat’ and ‘black hat’.
Guidance
Guidance is an impartial service which will help you to identify your options, provide direction and narrow down your choices and may include instructions relating to specific products.
The ACSC makes every undertaking to ensure the accuracy and quality of the information we provide but is not accountable for any decision made based on it.
Gumtree
Gumtree is a British online classified advertisement and community website. Classified ads are either free or paid for depending on the product category and the geographical market.

​

​

​