Acceptable Use Policy
Acceptable use policy is a policy that defines the level of access and degree of use of the organisation’s network or internet by the members of an organisation.
Acceptable use policy is a policy that defines the level of access and degree of use of the organisation’s network or internet by the members of an organisation.
The process of granting or denying requests for access to systems, applications and information. It can also refer to the process of granting or denying requests for access to facilities. An access control list is a set of rules or instructions to inform the operating system about the access constraints for users or user groups, so that the operating system knows whether or not a user id has permission to access a file or a directory.
An access path is a logical order that directs to the location on the computer where an object such as webpage, file etc., is stored.
An access point is a computer networking device which allows a wi-fi compliant device to connect to a wired network and usually connects via a router.
An access profile is information about a user that is stored on a computer, including their password and name as well as what they are allowed access to.
Access rights are the privileges or permissions awarded to a user or a program to access or alter, edit, delete the files stored on a network.
Access type is applied to an entity class, mapped superclass or embeddable class and is used to specify attributes.
The illegal practice of collecting email accounts from information in the public domain or by using software to search for email addresses stored locally on a computer. Account harvesting may be used for spamming.
User account management is the methods which are used to create, manage and authenticate users.
Accountability is the ability to trace an action performed on the system to a user, a process or an application.
Australian Cybercrime Online Reporting Network. An Australian government initiative where members of the public can report cybercrime.
The principle of proactively implementing a spectrum of security measures to strengthen a network or system to make it more robust against attack. Active defence is separate from offensive cyber operations, as well as passive defence or network hardening.
Note-some references to active defence focus on the employment of limited offensive action and counterattacks – commonly referred to as ‘hacking back’. The term active defence is not synonymous with ‘hacking back’, so these terms should not be used interchangeably.
Active security testing is security testing which involves directly interacting with a target, such as sending packets
Software that prevents advertisements from appearing with the content the user is intentionally viewing. People block ads for a variety of reasons. For example, many of them find marketing ads annoying and even stressful.
Administrative safeguards are a special set of the hipaa security rules. Administrative safeguards focus on internal organisation, policies and procedures and the maintenance of security managers which are in place to protect sensitive patient information.
An advanced data encryption algorithm that employs key sizes of variable length in the range of 128 – 256 bits. Advanced encryption standards help protect highly sensitive data such as financial information, and classified government records.
Advanced penetration testing is the process of testing a network to discover vulnerabilities which make it open to harmful intruders; then addressing and remedying the issues.
A set of malicious cyber activity with common characteristics, often orchestrated by a person or group targeting specific entities over an extended period. An APT usually targets either private organisations, states or both for business or political motives.
Advanced persistent threat is a user or a program that has highly sophisticated techniques and intends to pursue them with a malicious intent.
An adversary is a process, user or device that possesses a threat to the network.
A program that displays advertisements that can be installed legitimately as a part of another application or service, or illegitimately without the consent of the system user. Adware is software distributed to the user free of cost with advertisements embedded into them. As such, it displays advertisements, and redirects your queries to sponsor’s websites. Adware helps advertisers collect data for marketing purposes, without your permissions to do so. A user can disable ad pop-ups by purchasing a registration key.
A network security measure employed on one or more computers to ensure that the network is physically isolated from any other network. This makes the isolated network secure, as it does not connect to unsecured networks such as the public internet or an unsecured local area network.
Anti-malware is a program designed to protect computers and networks against any threats or attacks from viruses such as adware, spyware, and any such other malicious programs.
Antivirus software is a program or a set of programs that help prevent any malicious object, code, program from entering your computer or network. If any such malicious programs enter your computer, antivirus software helps detect, quarantine, or remove such programs from the computer or networks.
A software program or group of software programs designed for end users. Examples of an application include a word processor, a spreadsheet, an accounting application, a web browser, an email client, a media player, a file viewer, an aeronautical flight simulator, a console game or a photo editor. The collective noun application software refers to all applications collectively. This contrasts with system software, which is mainly involved with running the computer.
An approach in which only an explicitly defined set of trusted applications are allowed to run on systems.
The simulation of intelligence processes by machines, especially computer systems. These processes include learning (the acquisition of information and rules for using the information), reasoning (using the rules to reach approximate or definite conclusions), and self-correction. Particular applications of AI include threat identification, expert systems, speech recognition and machine vision.
Address Space Layout Randomisation. A feature that makes exploiting buffer overflow attacks more difficult by randomising where program code, variables, and linked libraries are located in memory
The Australian Government’s lead for cyber security. The ACSC is part of the Australian Signals Directorate.
Australia’s national security agency responsible for the protection of the country and its citizens from espionage, sabotage, acts of foreign interference, politically-motivated violence, attacks on the Australian defence system, and terrorism.
Validation that an identity belongs to that person, for example, with a password or ID card. Authentication is the process of identifying a piece of information, the veracity of information provided. In computers, it is the process of identifying a person or system with the username; password, etc. Authentication helps individuals; systems gain authorization based on their identity.
The process of asserting an identity is allowed to perform an action on a resource
A purpose-built, secret way to bypass normal access methods.
A backdoor or trapdoor is a process to gain unauthorised access to a computer or a network. A programmer may bypass security steps and gain access to a computer by trapdoor programs, in the event of an attack on the computer system or networks. Attackers may also use such mechanisms to enter computers or networks without proper permission.
Baseline security is the minimum set of security controls required for safeguarding an IT system. Baseline security is based upon a system’s identified needs for confidentiality, integrity and availability protection.
Large amounts of structured and unstructured data that exceeds the ability of commonly used software tools to capture, manage and process. Big data requires techniques and technologies with new forms of integration to reveal insights from datasets that are diverse, complex, and of a massive scale.
A person that hacks for personal gain and/or who engages in illicit and unsanctioned hacking activities. See also ‘grey hat’ and ‘white hat’.
A list of entities that are denied access
A group that defends an enterprise’s information systems when mock attackers (i.e., the Red Team) attack, typically as part of an operational exercise conducted according to rules established and monitored by a neutral group (i.e., the White Team).
A program that performs automated tasks. In a cyber security context, a malware-infected computer that carries out tasks set by someone other than the device’s legitimate user.
A botnet is a remote controlled robotic network or a network of computers set up to further attacks such as spam, virus, etc., to the target computers or networks. Attackers use various malicious programs, viruses to take control of computers and form a botnet or robotic network; the owners of such member computers may be unaware that their computer carries and forwards such a threat.
Bring your own device (byod) is a policy of the organisation allowing its employees to use their personal devices such as smartphones, tablet PCs, laptops for business purposes.
Brute force is a computing method that relies on strong algorithms and computing techniques to find the ultimate solution to a given issue.
A brute force attack is the process of finding the solution by constantly trying many probable variants of information such as passwords, deciphered keys, etc., in a random fashion.
A type of attack where false data is introduced into cache. The cache can be for a database, http, or any other service that implements caching.
A challenge designed to prove the user is human, and not a machine.
A category is a restrictive label applied to classified or unclassified information to limit access.
A central services node is the key management infrastructure core node that provides central security management and data management services.
A third party that issues digital certificates which indicate that the entity on the certificate owns their public/private key pair and the related domain name or business entity.
A secure certificate is a file installed on a secure web server that identifies a website. This digital certificate establishes the identity and authenticity of the company or merchant so that online shoppers can trust that the website is secure and reliable.
Challenge response protocol is a kind of authentication protocol in which the verifier sends the claimant a challenge. Then, via hashing the challenge or applying a private key operation, a response is generated and sent to the verifier. This information is then verified to establish the claimant’s control of the secret.
Cloud computing is a platform that utilises shared resources to access information, data, etc., rather than local servers. Information is stored on, and retrieved from the cloud or internet. Cloud computing allows remote sharing of files, data and facilitates remote working, as long as users are connected to the internet.
A cold site is a backup site that can become operational fairly quickly, usually in one or two days. A cold site might have all the standard office things such as furniture and telephones, however there is unlikely to be any computer equipment in a cold site. Basically, a cold site is a backup facility ready to receive computer equipment should it need to move to an alternate location.
A public list of security vulnerabilities in software or products, each with a unique identifying number. See https://cve.mitre.org/
An open standard to give a numerical score to a vulnerability to quantify its severity.
A list of software weaknesses that can lead to a vulnerability. This list isn’t product-specific. See https://cwe.mitre.org/index.html
Compartmentalisation is a technique of protecting confidential information by revealing it only to a few people, to those who actually need to know the details to perform their job. Thus, by restricting access to information, data the risk to business objectives is limited.
Cross site scripting is an attack on trusted and otherwise secure websites, by injecting malicious scripting. Attackers target websites that do not filter user inputs for strings or common characters in a script.
Cryptography is the science and art of protecting the privacy of information by encrypting it into a secret code, so no one but the authorised person with an encryption key can read or view the information.
A deliberate act through cyberspace to manipulate, disrupt, deny, degrade or destroy computers or networks, or the information resident on them, with the effect of seriously compromising national security, stability or economic prosperity. Note: there are multiple global definitions of what constitutes a cyber attack.
A form of bullying or harassment using electronic means. It is when someone bullies or harasses others on the internet and in other digital spaces, particularly on social media sites.
Defensive activity designed to protect information and systems against offensive cyber operations.
Malicious activity designed to covertly collect information from a target’s computer systems for intelligence purposes without causing damage to those systems. It can be conducted by state or non-state entities, and can also include theft for commercial advantage.
An identified occurrence of a system, service or network state indicating a possible breach of information security policy, failure of safeguards, or a previously unknown situation that may be security relevant.
The ability to adapt to disruptions caused by cyber security incidents while maintaining continuous business operations. This includes the ability to detect, manage and recover from cyber security incidents.
The safe and responsible use of information and communication technologies.
Measures used to protect the confidentiality, integrity and availability of systems, devices and the information residing on them.
An occurrence of a system, service or network state indicating a possible breach of security policy, failure of safeguards or a previously unknown situation that may be relevant to security.
An unwanted or unexpected cyber security event, or a series of such events, that have a significant probability of compromising business operations.
A cyber security expert with the skills to rapidly address security incidents and threats within an organisation. In the role of a first responder, a CSIR uses a host of forensics tools to find the root cause of a problem, limit the damage and significantly reduce the likelihood of it occurring again.
Any circumstance or event with the potential to harm systems or information.
The use of computer technology to disrupt the activities of a state or organisation, especially the deliberate disruption, manipulation or destruction of information systems for strategic, political or military purposes.
A computer code that is used, or designed to be used, with the aim of causing physical, functional or mental harm to structures, systems or people. Cyber weapon is a contentious term among the international policy and legal communities, and there is an absence of agreement surrounding its connotations and implications. Avoid using ‘cyber weapon’ and use more generic terms such as ‘destructive tools’ or ‘exploits’ when describing the capabilities used by cyber actors.
Crimes directed at computers, such as illegally modifying electronic data or seeking a ransom to unlock a computer affected by malicious software. It also includes crimes where computers facilitate an existing offence, such as online fraud or online child sex offences.
The environment formed by physical and non-physical components to store, modify, and exchange data using computer networks.
System processes that run in the background, as opposed to interactive user sessions
The basic element that can be processed or produced by a computer to convey information.
The basic element that can be processed or produced by a computer to convey information.
A data asset is any entity that is composed of data; for example, a database is an example of a data asset. A system or application output file, database, document, or web page are also considered data assets. Data assets can also be a service that may be provided to access data from an application.
The unauthorised movement or disclosure of sensitive private or business information.
Data classification is a data management process that involves categorising and organising data into different classes based on their forms, types, importance, sensitivity, and usage in an organisation.
Algorithms that are used to encrypt and decrypt data. This algorithm type is used for encrypting data to encrypt and decrypt various parts of the message, including the body content and the signature.
A data encryption standard is a form of algorithm to convert plain text to a cipher text. Data encryption standard uses the same key to encrypt and decrypt the data, and hence it is a symmetric key algorithm.
Data leakage is the accidental or intentional transfer and distribution of private and confidential information of an organisation without its knowledge or the permission.
Data Modelling is a process used to define and analyse data requirements needed to support the business processes within the scope of corresponding information systems in organisations. Therefore, the process of data modelling involves professional data modellers working closely with business stakeholders, as well as potential users of the information system.
Data protection is the process of safeguarding important information from corruption, compromise or loss.
The accidental or deliberate exposure of information into an uncontrolled or unauthorised environment, or to people without a need to know that information.
A database is a systematic collection and organisation of data by individuals or organisations so that it can be easily stored, retrieved, and edited for future use.
Defence in depth is the process of creating multiple layers of security to protect electronics and information resources against attackers. Also called the castle approach, it is based on the principle that in the event of an attack, even if one layer fails to protect the information resource other layers can offer defence against the attack.
A demilitarised zone is a firewall setting that separates the LAN of an organisation from the outside world or the internet. Demilitarised zone (dmz) makes certain resources servers, etc., available to everyone, yet keeping the internal lan access private, safe and secure offers access only to authorised personnel.
A denial of service attack is an attack on a network or a machine to make it unavailable to other or important users. Single users flood the network or server with the same requests keeping it busy, occupied, and unavailable for other users.
The coordinated and ongoing set of processes and activities that ensure long-term, error-free storage of digital information, with means for retrieval and interpretation, for the entire time the information is required.
A set of policies, tools and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster. Disaster recovery focuses on the IT or technology systems supporting critical business functions, as opposed to business continuity.
A disaster recovery plan (DRP) or a business continuity plan (bcp) prescribes steps required to carry on the business as usual in the event of a disaster. Disaster recovery plans aim to bring business activities back to normalcy in the shortest possible time; such efforts require an in-depth study and analysis of business critical processes and their continuity needs. Business continuity plans also prescribe preventive measures to avoid disasters in the first place.
Discretionary access control is a security measure, by which the owner can restrict the access of the resources such as files, devices, directories to specific subjects or users or user groups based on their identity. It is the discretion of the owner to grant permission or restrict users from accessing the resources completely or partially.
A domain name system is a distributed system that internet servers follow to convert alphabetical domain names into numerical ip addresses. Internet servers follow a numerical ip addresses system, and to remember the numerical values of many domains is a difficult task, so domains use alphabetical addresses. Every time a user types in an alphabetical domain name, the dns helps the internet by converting the alphabetical domain name into a numerical IP address.
The process of conducting any kind of business transaction or a commercial transaction electronically with the help of the internet is termed as e-commerce. The internet enables sellers to accept orders and payments online. As the most popular mode of business today, e-commerce is widely used for completing business-to-business; business-to-consumer; consumer-to-consumer; or consumer-to-business transactions.
Hidden functionality within an application that is activated when an undocumented set of commands and keystrokes are entered. Easter eggs are typically used to display the credits for the development team or a humorous message and are intended to be non-threatening.
To convert information or data into a code, especially to prevent unauthorised access.
A personal computer, personal digital assistant, smartphone or removable storage media (e.g. USB flash drive, memory card, external hard drive, writeable CD or DVD) that can store information.
A method of secure communication where only the communicating users can read data transferred from one end-system or device to the other.
A device such as a laptop, tablet, or phone at the edge of the network
Endpoint Detection and Response (EDR), referred to as endpoint detection and threat response (EDTR), is an endpoint security solution that continuously monitors end-user devices to detect and respond to cyber threats like ransomware and malware.
A methodology of protecting a network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connection to the network creates a potential entry point for security threats.
The eight essential mitigation strategies that the ACSC recommends organisations implement as a baseline to make it much harder for adversaries to compromise their systems.
Used by a security information and event management tool. This tool provides a level of analysis of the contents of an event log to help network administrators determine what is going on within a network.
Extended detection and response or XDR is a new approach to threat detection and response that provides holistic protection against cyberattacks, unauthorised access and misuse. XDR breaks down traditional security silos to deliver detection and response across all data sources.
According to Gartner, XDR is “a SaaS-based, vendor-specific, security threat detection and incident response tool that natively integrates multiple security products into a cohesive security operations system.”
A markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable.
A fail safe is the automatic protection of programs and/or processing systems when hardware or software failure is detected.
File name anomaly is a mismatch between the internal file header and its external extension. A file name anomaly is also a file name inconsistent with the content of the file (e.g., renaming a graphics file with a non-graphical extension).
A firewall is a security system tool that includes any software or hardware aimed at preventing viruses, worms, and hackers from intruding into a system or network.
A firewall control proxy is the component that controls a firewall’s handling of a call. The firewall control proxy can instruct the firewall to open specific ports that are needed by a call, and direct the firewall to close these ports at call termination.
A method used to discover errors or potential security vulnerabilities in software. Also called ‘fuzz testing’
A way to securely manage data flows between connected networks from different security domains.Gateways are network points that act as an entrance to another network. A node or stopping point can be either a gateway node or a host (end-point) node. Get nearest server Get nearest server is a request packet sent by a client on an ipx network to locate the nearest active server of a particular type. An ipx network client issues a gns request to solicit either a direct response from a connected server or a response from a router that tells it where on the inter-network the service can be located. Gns is part of the ipx sap.
A way to securely manage data flows between connected networks from different security domains.Gateways are network points that act as an entrance to another network. A node or stopping point can be either a gateway node or a host (end-point) node.
A software project that is developed from scratch rather than built from an existing program.
A hacker or computer security expert who may sometimes violate laws or typical ethical standards, but may not have the malicious intent typical of a black hat hacker. See also ‘white hat’ and ‘black hat’.
A hacker is a term used for an expert computer programmer who tries to gain unauthorised access into a network or computer systems with intent.
A hacker is a term used for an expert computer programmer who tries to gain unauthorised access into a network or computer systems with intent.
A hacker whose motivation is political, religious or ideological, as opposed to criminal.
Handshaking procedures are the dialogue between two information systems for synchronising, identifying, and authenticating themselves to one another.
Hardening is also known as system hardening and refers to providing protection to a computer system at various layers such as host, application, os, user, physical levels, and all the other sublevels in between. A hardened computer system is a more secure computer system. Hardening eliminates as many risks and threats to a computer system as necessary.
A generic term for ICT equipment.
An exploitable weakness in a computer system that enables attacks through remote or physical access to system hardware.
Vulnerability protection in the form of a physical device rather than software that is installed on a computer system.
A one way function that takes data of any size, then returns a fixed-size hash value, often shortened to hash. From the output, it is not possible to derive the input. Examples are MD5 or SHA1.
A computer system designed specifically to attract potential malicious actors in order to inform the development of defensive measures and responses.
A hybrid attack is a blend of both a dictionary attack method as well as brute force attack. This means that while a dictionary attack method would include a wordlist of passwords, the brute-force attack would be applied to each possible password in that list.
When a victim’s personal details are stolen and used to perpetrate crime, commonly fraud. Identity theft is a serious crime and can result in long-term and far-reaching negative consequences for victims.
An incident is an unplanned disruption or degradation of a network or system service and needs to be resolved immediately. An example of an incident is a server crash that causes a disruption in the business process. However, if the disruption is planned, say, a scheduled maintenance, it is not an incident.
Incident handling is an action plan developed (by an organisation or individual) to counteract intrusions, cyber-theft, denial of service, fire, flood, and any other security-related events. It comprises six process steps: preparation, identification of attack, containment of attack, eradication, recovery, and analysis (lessons learned documentation).
An incremental backup provides a backup of only those files that have changed, modified, or are new since the last backup. Incremental backups are often desirable as they consume minimum storage and are quicker to perform than differential backups.
An inference attack is a data mining technique used to illegally access information about a subject or database by analysing data. This is an example of breached information security. Such an attack occurs when a user is able to deduce key or critical information of a database from trivial information without directly accessing it.
An extensible term for information technology that stresses the role of unified communications and the integration of telecommunications and computers, as well as related enterprise software, middleware, storage and audio-visual systems, that enable users to access, store, transmit and manipulate information.
Input validations attacks are when an attacker purposefully sends strange inputs to confuse a web application. Input validation routines serve as the first line of defence for such attacks. Examples of input validation attacks include buffer overflow, directory traversal, cross-site scripting and sql injection.
Internet identity (iid) or internet persona is a social identity that an internet user creates on online communities and websites. While some users prefer using their real names online, others prefer to be anonymous and identify themselves by means of pseudonyms.
The network of physical objects, devices, vehicles, buildings and other items which are embedded with electronics, software, sensors and network connectivity, which enables these objects to connect to the internet and collect and exchange data.
Internet of Things (IoT) security is the safeguards and protections for cloud-connected devices such as home automation, SCADA machines, security cameras, and any other technology that connects directly to the cloud. IoT technology is distinguished from mobile devices (e.g., smartphones and tablets) technology based on its automatic cloud connectivity in gadgets. IoT security involves securing traditionally poorly designed devices for data protection and cybersecurity. Recent data breaches have shown that IoT security should be a priority for most manufacturers and developers.
A general purpose programming language that is a class-based and object-oriented, and designed to have as few implementation dependencies as possible.
A computer which is used to manage important or critical resources in a separate security domain. Also known as a jump host or jump box.
Malicious software that records which keys you press. These programs may be used to capture confidential information (such as login or financial details) and send to an attacker. Also known as keystroke logging.
KSQL is a SQL engine that allows you to process and analyse the Real-Time Streaming Data present in the Apache Kafka platform. In other words, KSQL provides an Interactive Framework for performing Stream Processing activities such as Data Aggregation, Filtering, Joining, Sessionization, Windowing, and more.
Platform as a service software for schedules, monitors, load balances, and automates containerised deployments
Lattice techniques use security designations to determine access to information.
Least privilege is the principle of allowing users or applications the least amount of permissions necessary to perform their intended function.
A computer network that interconnects devices within a limited area such as a home, school, laboratory or office building.
The automatically produced and time-stamped documentation of events relevant to a particular system.
A logic bomb is a piece of code that is deliberately inserted into a system to trigger a malicious program. Viruses and worms often contain logic bombs that execute a certain payload at a pre-defined time or when some other condition is met. Some viruses attack their host systems on specific dates, such as friday the 13th or april fools’ day. Trojans that activate on certain dates are often called time bombs
A media access control address (mac address) is also known as the physical address and is a unique identifier assigned to the network interface for communication. Mac addresses are generally used as a network address for most ieee 802 network technologies (including ethernet and wifi). Mac addresses are used in the media access control protocol sub-layer of the osi reference model.
A type of artificial intelligence (AI) that allows software applications to become more accurate in predicting outcomes without being explicitly programmed. The basic premise of machine learning is to build algorithms that can receive input data and use statistical analysis to predict an output value within an acceptable range.
A party attempting to gain unauthorised access or negatively impact a computer system
Malicious code is any code in any part of a software system or script that is intended to cause undesired effects, security breaches, or damage to a system. Such codes actually gain unauthorised access to system resources or trick a user into executing other malicious logic. Malicious code describes a broad category of system security terms that includes attack scripts, viruses, worms, trojan horses, backdoors, and malicious active content.
People who take advantage of their access to inflict harm on an organisation.
Malware is a short term used for malicious software. Malware is defined as any software that is used to interrupt or disrupt computer operations, gather sensitive information, or gain access to certain files or programs.
Spam email used as a delivery method for malware, either as an attachment, or through a link contained in the email
Managed detection and response (MDR) is a cybersecurity service that combines technology and human expertise to perform threat hunting, monitoring, and response. The main benefit of MDR is that it helps rapidly identify and limit the impact of threats without the need for additional staffing.
Descriptive information about the content and context used to identify information.
A method of computer access control in which a user is granted access only after successfully presenting several separate pieces of evidence to an authentication mechanism – typically at least two of the following categories: knowledge (something they know), possession (something they have), and inherence (something they are).
Network access control. A policy where only trusted endpoint devices are allowed to access network resources
Two or more computer systems linked together
A network host is a computer or other device connected to a computer network. A network host is a network node that is assigned a network layer host address. A network host may offer information resources, services, and applications to users or other nodes on the network.
NIDS are placed at a strategic point (or points) to monitor the traffic on the network. It analyses the passing traffic on the entire subnet, and matches the traffic that is passed on the subnets to the library of known attacks. When an attack is identified, or abnormal behaviour is detected, an alert is sent to the administrator.
A null session is also known as anonymous logon. It is a method that allows an anonymous user to retrieve information such as user names and share this over the network, or connect without authentication. Null sessions are one of the most commonly used methods for network exploration employed by “hackers.” A null session connection allows you to connect to a remote machine without using a username or password. Instead, you are given anonymous or guest access.
Activities in cyberspace that manipulate, deny, disrupt, degrade or destroy targeted computers, information systems, or networks.
Office of the Australian Information Commissioner is an Australian government agency responsible for privacy, freedom of information, and government information policy
A password that is only valid for one login session.
System software that manages hardware and software resources and provides common services for executing various applications on a computer.
Privilege Account Certificate. Part of a client’s Kerberos ticket which conveys authorisation data such as group membership and password credentials
Untargeted, mass emails sent to many people asking for sensitive information (such as bank details), encouraging them to open a malicious attachment, or visit a fake website that will ask the user to provide sensitive information or download malicious content.
A position that involves duties that require a higher level of assurance than that provided by normal employment screening. In some organisations additional screening may be required.
Positions of trust can include, but are not limited to, an organisation’s Chief Information Security Officer and their delegates, administrators or privileged users.
Applications that may appear to serve a useful purpose but often perform actions that may adversely affect a computer’s performance. Also known as potentially unwanted applications.
Applications that may appear to serve a useful purpose but often perform actions that may adversely affect a computer’s performance. Also known as potentially unwanted applications.
Provides a dedicated operating system for sensitive tasks and is protected from internet attacks and threat vectors.
A set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption.
A set of four vulnerabilities affecting Android devices built using Qualcomm chipsets. If any one of the four vulnerabilities are exploited, an attacker can trigger privilege escalations for the purpose of gaining root access to a device.
A large table of pre-computed hashes with their corresponding inputs, stored in a compressed format for fast lookup and compact storage
Unexpected prize and lottery scams that work by asking you to pay some sort of fee in order to claim your prize or winnings from a competition or lottery you never entered.
Malicious software which encrypts your files and holds the decryption key for a ransom.
A plan that outlines an organisation’s recovery strategy for how they are going to respond to an incident.
A red team is a group that plays the role of an enemy or competitor to provide security feedback from that perspective (also see blue team)
Access to a system that originates from outside an organisation’s network and enters the network through a gateway, including over the internet.
When a scammer pretends to be affiliated with a well known tech or computer company. The scammer usually tries to convince you that you have a computer or internet problem and you need to buy or install new software to fix the problem.
A software administration tool or program that can be used by a hacker to remotely gain access and control of an infected machine.
A type of malware where the attacker can then contact the trojan over the network to obtain keystrokes, credentials, logs, or take control of the infected system.
Where an attacker is able to run arbitrary code on the compromised system over a network connection.
A tool or set of tools used by an attacker in order to compromise a system, gain the highest level of privilege, and then hide their activity.
A networking device that forwards data packets between computer networks
Stealing money or data in very small quantities, so that the activity is less likely to be detected than exfiltrating the total amount at once
A fraudulent scheme performed by a dishonest or deceitful individual, group or company in an attempt to obtain money or something else of value.
A networking protocol designed for securing connections between web clients and web servers over an insecure network, such as the internet.
Security Information and Event Management (SIEM) is a software tool for real time monitoring, alerting, logging, and analysing events on a network. SIEM provides the ability to gather security data from information system components and present that data as actionable information via a single interface.
SOAR (security orchestration, automation and response) is a stack of compatible software programs that enables an organisation to collect data about security threats and respond to security events without human assistance. The goal of using a SOAR platform is to improve the efficiency of physical and digital security operations.
SOAR platforms have three main components: security orchestration, security automation and security response
Statements that communicate the expectations of an organisation’s senior management about the organisation’s security risk tolerance. These criteria help an organisation identify security risks and prepare appropriate treatments and provide a benchmark against which the success of mitigations can be measured.
A weakness in a system’s security requirements, design, implementation or operation that could be accidentally triggered or intentionally exploited and result in a violation of the system’s security policy.
A computer that provides services to users or other systems. For example, a file server, email server or database server.
An access control process which allows an user to authenticate to multiple applications through only one authentication service.
Social engineering is a non-technical technique that intrusion hackers commonly use. This approach relies on human interaction and often involves tricking people into breaking normal security procedures.
Software is any computer instructions, data, or programs that can be stored electronically and executed by computer hardware. While running any software, associated data that is stored in the hardware may be dynamically written or modified.
Spam is the term used for flooding the internet with many copies of the same message, in an attempt to force the message on individuals who would not otherwise choose to receive it. Most spam mails or messages are commercial advertising, often for dubious products, get-rich-quick schemes, or quasi-legal services.
A phishing attempt that is specifically targeted to an individual or company.
To deceptively imitate a legitimate service.
Star networks are one of the most common computer network topologies. A star network consists of one central switch, hub or computer, which acts as a conduit to transmit messages. This consists of a central node, to which all other nodes are connected. The central node provides a common connection point for all nodes through a hub.
Stealthing is a term that refers to approaches used by malicious code to conceal its presence on the infected system.
Tamper is defined as deliberately trying to change or alter a system’s logic, data, or control information to cause the system to perform unauthorized functions or services.
A threat is a possible danger that might exploit a vulnerability to violate security protocols and thus, cause possible harm. A threat can be either deliberate (example, an individual cracker or a criminal organisation) or accidental (example, the possibility of a computer malfunctioning, or the possibility of a natural disaster such as an earthquake, a fire, or a tornado) or otherwise a circumstance, capability, action, or event.
An entity that is partially or wholly responsible for an incident that impacts – or has the potential to impact – an organisation’s security. Also referred to as a malicious actor.
Threat assessment is a structured process used to identify and evaluate various risks or threats that an organisation might be exposed to.
The process of identifying potential threats, prioritising and planning mitigations.
A threat vector is a methodology that a threat uses to get to the target.
Token-based access control is an authentication method that offers additional security. Using this method, each user has a smart card or token that either displays a constantly changing password, passkey, or buttons that calculate a new password based on a challenge phrase. Without this card or token, it is impossible to authenticate yourself to the system. This two-factor authentication provides additional security by requiring an attacker to both guess the user’s password and steal the smart card or token that is used to access the system.
A trojan horse is a computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorization of a system entity that invokes the program.
Trunking is a method for a system to provide network access to many clients by sharing a set of lines or frequencies instead of providing them individually. This is analogous to the structure of a tree with one trunk and many branches.
A trusted certificate is any digital certificate that a certificate user accepts as being valid without testing the certificate to validate it as the final certificate on a certification path; especially a certificate that is used as a trust anchor certificate.
The technical term for the web address (location) of an internet resource such as a website or an image within a website.
Universal second factor is an open authentication standard that allows enrolment of a public key from a token, such as a USB or NFC device, for user authentication
Most often refers to a free Wi-Fi network, like at a café or shop.
A type of software bug where memory is reused after being freed to the allocator. This can lead to software crashes or code execution.
A user contingency plan is the alternative method of continuing business operations if its systems are unavailable.
Confirmation (through strong, sound, objective evidence) that requirements for a specific intended use or application have been fulfilled.
A type of malware. Viruses spread on their own by attaching code to other programs, or copying themselves across systems and networks.
A voice firewall is a physical discontinuity in a voice network that monitors, alerts, and controls inbound and outbound voice network activity based on user-defined call admission control (cac) policies, voice application layer security threats or unauthorized service use violations.
A type of media, such as RAM, which gradually loses its information when power is removed.
A specific weakness in a piece of software or system configuration, which an attacker can exploit
Vulnerability Assessment and Penetration Testing (VAPT) are both security services that focus on identifying vulnerabilities in the network, server and system infrastructure. Both the services serve a different purpose and are carried out to achieve different but complementary goals.
A war dialer is a computer program that automatically dials a series of telephone numbers to locate lines connected to computer systems, and catalogs those numbers so that a cracker or attacker can try to break into the systems.
Warchalking is marking areas, usually on sidewalks with chalk, that receive wireless signals to advertise an open wi-fi network. Warchalking was inspired by hobo symbols and was conceived by a group of friends in june 2002. They were published by Matt Jones who designed the set of icons and produced a downloadable document containing them.
Setting up a fake website (or compromising a real one) in order to infect and exploit visiting users.
A web server is a computer system that processes requests via http, the basic network protocol used to distribute information on the world wide web. Web server is used to refer either the entire system, or specifically to the software that accepts and supervises the http requests.
A type of phishing that targets executives and management.
An ethical computer hacker, or a computer security expert, who specialises in penetration testing and in other testing methodologies to legally and legitimately ensure the security of an organisation’s information systems. See also ‘black hat’ and ‘grey hat’.
An explicit list of entities that are allowed access. The opposite of a blacklist.
Self-replicating malware that uses a network to distribute copies of itself to other computer devices, often without user intervention. Worms need not attach themselves to existing programs.
Y2k is short for the year 2000 bug or the millennium bug. Y2k is a warning first published by bob bemer in 1971 describing the issues of computers using a two-digit year date stamp.
A newly discovered vulnerability – A software exploit that hasn’t been disclosed or patched by the software vendor.
A zombie computer is a computer connected to the internet that has been compromised by a hacker, a computer virus, or a trojan horse. Generally, a compromised machine is only one of many in a botnet, and is used to perform malicious tasks of one sort or another under remote direction.
We love our community and regularly publish industry blogs to share knowledge and give back.
New to the industry? You might find our Lingo Library useful, it’s full of industry terms with real industry examples.
AI is far more than just plugging in ChatGPT. When implemented correctly, it’s a game-changer in how we can…
The 21st century is witnessing a rapid proliferation of artificial intelligence (AI) across industries. From predicting diseases to powering…