Lingo Library

Acceptable Use Policy

Acceptable use policy is a policy that defines the level of access and degree of use of the organisation’s network or internet by the members of an organisation.

Access Control

The process of granting or denying requests for access to systems, applications and information. It can also refer to the process of granting or denying requests for access to facilities. An access control list is a set of rules or instructions to inform the operating system about the access constraints for users or user groups, so that the operating system knows whether or not a user id has permission to access a file or a directory.

Access Path

An access path is a logical order that directs to the location on the computer where an object such as webpage, file etc., is stored.

Access Point

An access point is a computer networking device which allows a wi-fi compliant device to connect to a wired network and usually connects via a router.

Access Profile

An access profile is information about a user that is stored on a computer, including their password and name as well as what they are allowed access to.

Access Rights

Access rights are the privileges or permissions awarded to a user or a program to access or alter, edit, delete the files stored on a network.

Access Type

Access type is applied to an entity class, mapped superclass or embeddable class and is used to specify attributes.

Account Harvesting

The illegal practice of collecting email accounts from information in the public domain or by using software to search for email addresses stored locally on a computer. Account harvesting may be used for spamming.

Account Management User

User account management is the methods which are used to create, manage and authenticate users.

Accountability

Accountability is the ability to trace an action performed on the system to a user, a process or an application.

ACORN

Australian Cybercrime Online Reporting Network. An Australian government initiative where members of the public can report cybercrime.

Active defence

The principle of proactively implementing a spectrum of security measures to strengthen a network or system to make it more robust against attack. Active defence is separate from offensive cyber operations, as well as passive defence or network hardening.
Note-some references to active defence focus on the employment of limited offensive action and counterattacks – commonly referred to as ‘hacking back’. The term active defence is not synonymous with ‘hacking back’, so these terms should not be used interchangeably.

Active Security Testing

Active security testing is security testing which involves directly interacting with a target, such as sending packets

Ad blockers

Software that prevents advertisements from appearing with the content the user is intentionally viewing. People block ads for a variety of reasons. For example, many of them find marketing ads annoying and even stressful.

Administrative Safeguards

Administrative safeguards are a special set of the hipaa security rules. Administrative safeguards focus on internal organisation, policies and procedures and the maintenance of security managers which are in place to protect sensitive patient information.

Advanced Encryption Standard (AES)

An advanced data encryption algorithm that employs key sizes of variable length in the range of 128 – 256 bits. Advanced encryption standards help protect highly sensitive data such as financial information, and classified government records.

Advanced penetration testing

Advanced penetration testing is the process of testing a network to discover vulnerabilities which make it open to harmful intruders; then addressing and remedying the issues.

Advanced persistent threat (APT)

A set of malicious cyber activity with common characteristics, often orchestrated by a person or group targeting specific entities over an extended period. An APT usually targets either private organisations, states or both for business or political motives.
Advanced persistent threat is a user or a program that has highly sophisticated techniques and intends to pursue them with a malicious intent.

Adversary

An adversary is a process, user or device that possesses a threat to the network.

Adware

A program that displays advertisements that can be installed legitimately as a part of another application or service, or illegitimately without the consent of the system user. Adware is software distributed to the user free of cost with advertisements embedded into them. As such, it displays advertisements, and redirects your queries to sponsor’s websites. Adware helps advertisers collect data for marketing purposes, without your permissions to do so. A user can disable ad pop-ups by purchasing a registration key.

Air gap

A network security measure employed on one or more computers to ensure that the network is physically isolated from any other network. This makes the isolated network secure, as it does not connect to unsecured networks such as the public internet or an unsecured local area network.

Anti Malware

Anti-malware is a program designed to protect computers and networks against any threats or attacks from viruses such as adware, spyware, and any such other malicious programs.

Antivirus software (AV)

Antivirus software is a program or a set of programs that help prevent any malicious object, code, program from entering your computer or network. If any such malicious programs enter your computer, antivirus software helps detect, quarantine, or remove such programs from the computer or networks.

Application

A software program or group of software programs designed for end users. Examples of an application include a word processor, a spreadsheet, an accounting application, a web browser, an email client, a media player, a file viewer, an aeronautical flight simulator, a console game or a photo editor. The collective noun application software refers to all applications collectively. This contrasts with system software, which is mainly involved with running the computer.

Application control

An approach in which only an explicitly defined set of trusted applications are allowed to run on systems.

Artificial intelligence (AI)

The simulation of intelligence processes by machines, especially computer systems. These processes include learning (the acquisition of information and rules for using the information), reasoning (using the rules to reach approximate or definite conclusions), and self-correction. Particular applications of AI include threat identification, expert systems, speech recognition and machine vision.

ASLR

Address Space Layout Randomisation. A feature that makes exploiting buffer overflow attacks more difficult by randomising where program code, variables, and linked libraries are located in memory

Australian Cyber Security Centre (ACSC)

The Australian Government’s lead for cyber security. The ACSC is part of the Australian Signals Directorate.

Australian Security Intelligence Organisation (ASIO)

Australia’s national security agency responsible for the protection of the country and its citizens from espionage, sabotage, acts of foreign interference, politically-motivated violence, attacks on the Australian defence system, and terrorism.

Authentication

Validation that an identity belongs to that person, for example, with a password or ID card. Authentication is the process of identifying a piece of information, the veracity of information provided. In computers, it is the process of identifying a person or system with the username; password, etc. Authentication helps individuals; systems gain authorization based on their identity.

Authorisation

The process of asserting an identity is allowed to perform an action on a resource

Backdoor

A purpose-built, secret way to bypass normal access methods.
A backdoor or trapdoor is a process to gain unauthorised access to a computer or a network. A programmer may bypass security steps and gain access to a computer by trapdoor programs, in the event of an attack on the computer system or networks. Attackers may also use such mechanisms to enter computers or networks without proper permission.

Baseline Security

Baseline security is the minimum set of security controls required for safeguarding an IT system. Baseline security is based upon a system’s identified needs for confidentiality, integrity and availability protection.

Big data

Large amounts of structured and unstructured data that exceeds the ability of commonly used software tools to capture, manage and process. Big data requires techniques and technologies with new forms of integration to reveal insights from datasets that are diverse, complex, and of a massive scale.

Black Hat

A person that hacks for personal gain and/or who engages in illicit and unsanctioned hacking activities. See also ‘grey hat’ and ‘white hat’.

Blacklist

A list of entities that are denied access

Blue Team

A group that defends an enterprise’s information systems when mock attackers (i.e., the Red Team) attack, typically as part of an operational exercise conducted according to rules established and monitored by a neutral group (i.e., the White Team).

Bot

A program that performs automated tasks. In a cyber security context, a malware-infected computer that carries out tasks set by someone other than the device’s legitimate user.

Botnet

A botnet is a remote controlled robotic network or a network of computers set up to further attacks such as spam, virus, etc., to the target computers or networks. Attackers use various malicious programs, viruses to take control of computers and form a botnet or robotic network; the owners of such member computers may be unaware that their computer carries and forwards such a threat.

Bring your own device (BYOD)

Bring your own device (byod) is a policy of the organisation allowing its employees to use their personal devices such as smartphones, tablet PCs, laptops for business purposes.

Brute Force

Brute force is a computing method that relies on strong algorithms and computing techniques to find the ultimate solution to a given issue.

Brute Force Attack

A brute force attack is the process of finding the solution by constantly trying many probable variants of information such as passwords, deciphered keys, etc., in a random fashion.

Cache Poisoning

A type of attack where false data is introduced into cache. The cache can be for a database, http, or any other service that implements caching.

CAPTCHA

A challenge designed to prove the user is human, and not a machine.

Category

A category is a restrictive label applied to classified or unclassified information to limit access.

Central Services Node

A central services node is the key management infrastructure core node that provides central security management and data management services.

Certificate Authority (CA)

A third party that issues digital certificates which indicate that the entity on the certificate owns their public/private key pair and the related domain name or business entity.

Certificates

A secure certificate is a file installed on a secure web server that identifies a website. This digital certificate establishes the identity and authenticity of the company or merchant so that online shoppers can trust that the website is secure and reliable.

Challenge Response Protocol

Challenge response protocol is a kind of authentication protocol in which the verifier sends the claimant a challenge. Then, via hashing the challenge or applying a private key operation, a response is generated and sent to the verifier. This information is then verified to establish the claimant’s control of the secret.

Cloud Computing

Cloud computing is a platform that utilises shared resources to access information, data, etc., rather than local servers. Information is stored on, and retrieved from the cloud or internet. Cloud computing allows remote sharing of files, data and facilitates remote working, as long as users are connected to the internet.

Cold site

A cold site is a backup site that can become operational fairly quickly, usually in one or two days. A cold site might have all the standard office things such as furniture and telephones, however there is unlikely to be any computer equipment in a cold site. Basically, a cold site is a backup facility ready to receive computer equipment should it need to move to an alternate location.

Common Vulnerabilities and Exposures (CVE)

A public list of security vulnerabilities in software or products, each with a unique identifying number. See https://cve.mitre.org/

Common Vulnerability Scoring System (CVSS)

An open standard to give a numerical score to a vulnerability to quantify its severity.

Common Weakness Enumeration (CWE)

A list of software weaknesses that can lead to a vulnerability. This list isn’t product-specific. See https://cwe.mitre.org/index.html

Compartmentalisation

Compartmentalisation is a technique of protecting confidential information by revealing it only to a few people, to those who actually need to know the details to perform their job. Thus, by restricting access to information, data the risk to business objectives is limited.

Cross Site Scripting (XSS)

Cross site scripting is an attack on trusted and otherwise secure websites, by injecting malicious scripting. Attackers target websites that do not filter user inputs for strings or common characters in a script.

Cryptography

Cryptography is the science and art of protecting the privacy of information by encrypting it into a secret code, so no one but the authorised person with an encryption key can read or view the information.

Cyber Attack

A deliberate act through cyberspace to manipulate, disrupt, deny, degrade or destroy computers or networks, or the information resident on them, with the effect of seriously compromising national security, stability or economic prosperity. Note: there are multiple global definitions of what constitutes a cyber attack.

Cyber Bullying

A form of bullying or harassment using electronic means. It is when someone bullies or harasses others on the internet and in other digital spaces, particularly on social media sites.

Cyber Defence

Defensive activity designed to protect information and systems against offensive cyber operations.

Cyber Espionage

Malicious activity designed to covertly collect information from a target’s computer systems for intelligence purposes without causing damage to those systems. It can be conducted by state or non-state entities, and can also include theft for commercial advantage.

Cyber Event

An identified occurrence of a system, service or network state indicating a possible breach of information security policy, failure of safeguards, or a previously unknown situation that may be security relevant.

Cyber Resilience

The ability to adapt to disruptions caused by cyber security incidents while maintaining continuous business operations. This includes the ability to detect, manage and recover from cyber security incidents.

Cyber Safety

The safe and responsible use of information and communication technologies.

Cyber Security

Measures used to protect the confidentiality, integrity and availability of systems, devices and the information residing on them.

Cyber Security Event

An occurrence of a system, service or network state indicating a possible breach of security policy, failure of safeguards or a previously unknown situation that may be relevant to security.

Cyber Security Incident

An unwanted or unexpected cyber security event, or a series of such events, that have a significant probability of compromising business operations.

Cyber Security Incident Responder (CSIR)

A cyber security expert with the skills to rapidly address security incidents and threats within an organisation. In the role of a first responder, a CSIR uses a host of forensics tools to find the root cause of a problem, limit the damage and significantly reduce the likelihood of it occurring again.

Cyber Threat

Any circumstance or event with the potential to harm systems or information.

Cyber Warfare

The use of computer technology to disrupt the activities of a state or organisation, especially the deliberate disruption, manipulation or destruction of information systems for strategic, political or military purposes.

Cyber Weapon

A computer code that is used, or designed to be used, with the aim of causing physical, functional or mental harm to structures, systems or people. Cyber weapon is a contentious term among the international policy and legal communities, and there is an absence of agreement surrounding its connotations and implications. Avoid using ‘cyber weapon’ and use more generic terms such as ‘destructive tools’ or ‘exploits’ when describing the capabilities used by cyber actors.

Cybercrime

Crimes directed at computers, such as illegally modifying electronic data or seeking a ransom to unlock a computer affected by malicious software. It also includes crimes where computers facilitate an existing offence, such as online fraud or online child sex offences.

Cyberspace

The environment formed by physical and non-physical components to store, modify, and exchange data using computer networks.

Daemon

System processes that run in the background, as opposed to interactive user sessions

Data

The basic element that can be processed or produced by a computer to convey information.

Data

The basic element that can be processed or produced by a computer to convey information.

Data Asset

A data asset is any entity that is composed of data; for example, a database is an example of a data asset. A system or application output file, database, document, or web page are also considered data assets. Data assets can also be a service that may be provided to access data from an application.

Data Breach

The unauthorised movement or disclosure of sensitive private or business information.

Data Classification

Data classification is a data management process that involves categorising and organising data into different classes based on their forms, types, importance, sensitivity, and usage in an organisation.

Data Encryption Algorithm

Algorithms that are used to encrypt and decrypt data. This algorithm type is used for encrypting data to encrypt and decrypt various parts of the message, including the body content and the signature.

Data Encryption Standard

A data encryption standard is a form of algorithm to convert plain text to a cipher text. Data encryption standard uses the same key to encrypt and decrypt the data, and hence it is a symmetric key algorithm.

Data Leakage

Data leakage is the accidental or intentional transfer and distribution of private and confidential information of an organisation without its knowledge or the permission.

Data Modelling

Data Modelling is a process used to define and analyse data requirements needed to support the business processes within the scope of corresponding information systems in organisations. Therefore, the process of data modelling involves professional data modellers working closely with business stakeholders, as well as potential users of the information system.

Data Protection

Data protection is the process of safeguarding important information from corruption, compromise or loss.

Data Spill

The accidental or deliberate exposure of information into an uncontrolled or unauthorised environment, or to people without a need to know that information.

Database

A database is a systematic collection and organisation of data by individuals or organisations so that it can be easily stored, retrieved, and edited for future use.

Defence in Depth

Defence in depth is the process of creating multiple layers of security to protect electronics and information resources against attackers. Also called the castle approach, it is based on the principle that in the event of an attack, even if one layer fails to protect the information resource other layers can offer defence against the attack.

Demilitarised Zone (DMZ)

A demilitarised zone is a firewall setting that separates the LAN of an organisation from the outside world or the internet. Demilitarised zone (dmz) makes certain resources servers, etc., available to everyone, yet keeping the internal lan access private, safe and secure offers access only to authorised personnel.

Denial of Service Attack

A denial of service attack is an attack on a network or a machine to make it unavailable to other or important users. Single users flood the network or server with the same requests keeping it busy, occupied, and unavailable for other users.

Digital Preservation

The coordinated and ongoing set of processes and activities that ensure long-term, error-free storage of digital information, with means for retrieval and interpretation, for the entire time the information is required.

Disaster Recovery

A set of policies, tools and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster. Disaster recovery focuses on the IT or technology systems supporting critical business functions, as opposed to business continuity.

Disaster Recovery Plan

A disaster recovery plan (DRP) or a business continuity plan (bcp) prescribes steps required to carry on the business as usual in the event of a disaster. Disaster recovery plans aim to bring business activities back to normalcy in the shortest possible time; such efforts require an in-depth study and analysis of business critical processes and their continuity needs. Business continuity plans also prescribe preventive measures to avoid disasters in the first place.

Discretionary Access Control

Discretionary access control is a security measure, by which the owner can restrict the access of the resources such as files, devices, directories to specific subjects or users or user groups based on their identity. It is the discretion of the owner to grant permission or restrict users from accessing the resources completely or partially.

Domain Name System (DNS)

A domain name system is a distributed system that internet servers follow to convert alphabetical domain names into numerical ip addresses. Internet servers follow a numerical ip addresses system, and to remember the numerical values of many domains is a difficult task, so domains use alphabetical addresses. Every time a user types in an alphabetical domain name, the dns helps the internet by converting the alphabetical domain name into a numerical IP address.

E commerce

The process of conducting any kind of business transaction or a commercial transaction electronically with the help of the internet is termed as e-commerce. The internet enables sellers to accept orders and payments online. As the most popular mode of business today, e-commerce is widely used for completing business-to-business; business-to-consumer; consumer-to-consumer; or consumer-to-business transactions.

Easter Egg

Hidden functionality within an application that is activated when an undocumented set of commands and keystrokes are entered. Easter eggs are typically used to display the credits for the development team or a humorous message and are intended to be non-threatening.

Encrypt

To convert information or data into a code, especially to prevent unauthorised access.

End User Device

A personal computer, personal digital assistant, smartphone or removable storage media (e.g. USB flash drive, memory card, external hard drive, writeable CD or DVD) that can store information.

End-to-End Encryption

A method of secure communication where only the communicating users can read data transferred from one end-system or device to the other.

Endpoint

A device such as a laptop, tablet, or phone at the edge of the network

Endpoint Detection and Response (EDR)

Endpoint Detection and Response (EDR), referred to as endpoint detection and threat response (EDTR), is an endpoint security solution that continuously monitors end-user devices to detect and respond to cyber threats like ransomware and malware.

Endpoint Security

A methodology of protecting a network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connection to the network creates a potential entry point for security threats.

Essential Eight (E8)

The eight essential mitigation strategies that the ACSC recommends organisations implement as a baseline to make it much harder for adversaries to compromise their systems.

Event Logging

Used by a security information and event management tool. This tool provides a level of analysis of the contents of an event log to help network administrators determine what is going on within a network.

Extended detection and response (XDR)

Extended detection and response or XDR is a new approach to threat detection and response that provides holistic protection against cyberattacks, unauthorised access and misuse. XDR breaks down traditional security silos to deliver detection and response across all data sources.
According to Gartner, XDR is “a SaaS-based, vendor-specific, security threat detection and incident response tool that natively integrates multiple security products into a cohesive security operations system.”

eXtensible Markup Language (XML)

A markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable.

Fail Safe

A fail safe is the automatic protection of programs and/or processing systems when hardware or software failure is detected.

​Filename Anomaly

File name anomaly is a mismatch between the internal file header and its external extension. A file name anomaly is also a file name inconsistent with the content of the file (e.g., renaming a graphics file with a non-graphical extension).

Firewall

A firewall is a security system tool that includes any software or hardware aimed at preventing viruses, worms, and hackers from intruding into a system or network.

Firewall Control Proxy

A firewall control proxy is the component that controls a firewall’s handling of a call. The firewall control proxy can instruct the firewall to open specific ports that are needed by a call, and direct the firewall to close these ports at call termination.

Fuzzing

A method used to discover errors or potential security vulnerabilities in software. Also called ‘fuzz testing’

Gateway

A way to securely manage data flows between connected networks from different security domains.Gateways are network points that act as an entrance to another network. A node or stopping point can be either a gateway node or a host (end-point) node. Get nearest server Get nearest server is a request packet sent by a client on an ipx network to locate the nearest active server of a particular type. An ipx network client issues a gns request to solicit either a direct response from a connected server or a response from a router that tells it where on the inter-network the service can be located. Gns is part of the ipx sap.

Gateway

A way to securely manage data flows between connected networks from different security domains.Gateways are network points that act as an entrance to another network. A node or stopping point can be either a gateway node or a host (end-point) node.

Greenfield

A software project that is developed from scratch rather than built from an existing program.

Grey hat

A hacker or computer security expert who may sometimes violate laws or typical ethical standards, but may not have the malicious intent typical of a black hat hacker. See also ‘white hat’ and ‘black hat’.

Hacker

A hacker is a term used for an expert computer programmer who tries to gain unauthorised access into a network or computer systems with intent.

Hacker

A hacker is a term used for an expert computer programmer who tries to gain unauthorised access into a network or computer systems with intent.

Hacktivist

A hacker whose motivation is political, religious or ideological, as opposed to criminal.

Handshaking Procedures

Handshaking procedures are the dialogue between two information systems for synchronising, identifying, and authenticating themselves to one another.

Hardening

Hardening is also known as system hardening and refers to providing protection to a computer system at various layers such as host, application, os, user, physical levels, and all the other sublevels in between. A hardened computer system is a more secure computer system. Hardening eliminates as many risks and threats to a computer system as necessary.

Hardware

A generic term for ICT equipment.

Hardware Vulnerabilities

An exploitable weakness in a computer system that enables attacks through remote or physical access to system hardware.

Hardware-Based Security (Hardsec)

Vulnerability protection in the form of a physical device rather than software that is installed on a computer system.

Hash Function (Hash)

A one way function that takes data of any size, then returns a fixed-size hash value, often shortened to hash. From the output, it is not possible to derive the input. Examples are MD5 or SHA1.

Honeypot

A computer system designed specifically to attract potential malicious actors in order to inform the development of defensive measures and responses.

Hybrid Attack

A hybrid attack is a blend of both a dictionary attack method as well as brute force attack. This means that while a dictionary attack method would include a wordlist of passwords, the brute-force attack would be applied to each possible password in that list.

Identity Theft

When a victim’s personal details are stolen and used to perpetrate crime, commonly fraud. Identity theft is a serious crime and can result in long-term and far-reaching negative consequences for victims.

Incident

An incident is an unplanned disruption or degradation of a network or system service and needs to be resolved immediately. An example of an incident is a server crash that causes a disruption in the business process. However, if the disruption is planned, say, a scheduled maintenance, it is not an incident.

Incident Handling

Incident handling is an action plan developed (by an organisation or individual) to counteract intrusions, cyber-theft, denial of service, fire, flood, and any other security-related events. It comprises six process steps: preparation, identification of attack, containment of attack, eradication, recovery, and analysis (lessons learned documentation).

Incremental Backups

An incremental backup provides a backup of only those files that have changed, modified, or are new since the last backup. Incremental backups are often desirable as they consume minimum storage and are quicker to perform than differential backups.

Inference Attack

An inference attack is a data mining technique used to illegally access information about a subject or database by analysing data. This is an example of breached information security. Such an attack occurs when a user is able to deduce key or critical information of a database from trivial information without directly accessing it.

Information and Communications Technology (ICT)

An extensible term for information technology that stresses the role of unified communications and the integration of telecommunications and computers, as well as related enterprise software, middleware, storage and audio-visual systems, that enable users to access, store, transmit and manipulate information.

Input Validation Attacks

Input validations attacks are when an attacker purposefully sends strange inputs to confuse a web application. Input validation routines serve as the first line of defence for such attacks. Examples of input validation attacks include buffer overflow, directory traversal, cross-site scripting and sql injection.

Internet Identity (Identity) (iid)

Internet identity (iid) or internet persona is a social identity that an internet user creates on online communities and websites. While some users prefer using their real names online, others prefer to be anonymous and identify themselves by means of pseudonyms.

Internet of Things (IoT)

The network of physical objects, devices, vehicles, buildings and other items which are embedded with electronics, software, sensors and network connectivity, which enables these objects to connect to the internet and collect and exchange data.

IoT Security (Internet of Things Security)

Internet of Things (IoT) security is the safeguards and protections for cloud-connected devices such as home automation, SCADA machines, security cameras, and any other technology that connects directly to the cloud. IoT technology is distinguished from mobile devices (e.g., smartphones and tablets) technology based on its automatic cloud connectivity in gadgets. IoT security involves securing traditionally poorly designed devices for data protection and cybersecurity. Recent data breaches have shown that IoT security should be a priority for most manufacturers and developers.

Java

A general purpose programming language that is a class-based and object-oriented, and designed to have as few implementation dependencies as possible.

Jump Server

A computer which is used to manage important or critical resources in a separate security domain. Also known as a jump host or jump box.

Keylogger

Malicious software that records which keys you press. These programs may be used to capture confidential information (such as login or financial details) and send to an attacker. Also known as keystroke logging.

KSQL

KSQL is a SQL engine that allows you to process and analyse the Real-Time Streaming Data present in the Apache Kafka platform. In other words, KSQL provides an Interactive Framework for performing Stream Processing activities such as Data Aggregation, Filtering, Joining, Sessionization, Windowing, and more.

Kubernetes

Platform as a service software for schedules, monitors, load balances, and automates containerised deployments

Lattice Techniques

Lattice techniques use security designations to determine access to information.

Least Privilege

Least privilege is the principle of allowing users or applications the least amount of permissions necessary to perform their intended function.

Local Area Network (LAN)

A computer network that interconnects devices within a limited area such as a home, school, laboratory or office building.

Logging

The automatically produced and time-stamped documentation of events relevant to a particular system.

Logic Bombs

A logic bomb is a piece of code that is deliberately inserted into a system to trigger a malicious program. Viruses and worms often contain logic bombs that execute a certain payload at a pre-defined time or when some other condition is met. Some viruses attack their host systems on specific dates, such as friday the 13th or april fools’ day. Trojans that activate on certain dates are often called time bombs

Mac Address

A media access control address (mac address) is also known as the physical address and is a unique identifier assigned to the network interface for communication. Mac addresses are generally used as a network address for most ieee 802 network technologies (including ethernet and wifi). Mac addresses are used in the media access control protocol sub-layer of the osi reference model.

Machine Learning (ML)

A type of artificial intelligence (AI) that allows software applications to become more accurate in predicting outcomes without being explicitly programmed. The basic premise of machine learning is to build algorithms that can receive input data and use statistical analysis to predict an output value within an acceptable range.

Malicious Actor

A party attempting to gain unauthorised access or negatively impact a computer system

Malicious Code

Malicious code is any code in any part of a software system or script that is intended to cause undesired effects, security breaches, or damage to a system. Such codes actually gain unauthorised access to system resources or trick a user into executing other malicious logic. Malicious code describes a broad category of system security terms that includes attack scripts, viruses, worms, trojan horses, backdoors, and malicious active content.

Malicious Insider

People who take advantage of their access to inflict harm on an organisation.

Malicious Software (Malware)

Malware is a short term used for malicious software. Malware is defined as any software that is used to interrupt or disrupt computer operations, gather sensitive information, or gain access to certain files or programs.

Malspam

Spam email used as a delivery method for malware, either as an attachment, or through a link contained in the email

Managed detection and response (MDR)

Managed detection and response (MDR) is a cybersecurity service that combines technology and human expertise to perform threat hunting, monitoring, and response. The main benefit of MDR is that it helps rapidly identify and limit the impact of threats without the need for additional staffing.

Metadata

Descriptive information about the content and context used to identify information.

Multi-Factor Authentication (MFA)

A method of computer access control in which a user is granted access only after successfully presenting several separate pieces of evidence to an authentication mechanism – typically at least two of the following categories: knowledge (something they know), possession (something they have), and inherence (something they are).

NAC

Network access control. A policy where only trusted endpoint devices are allowed to access network resources

Network

Two or more computer systems linked together

Network Host (Host)

A network host is a computer or other device connected to a computer network. A network host is a network node that is assigned a network layer host address. A network host may offer information resources, services, and applications to users or other nodes on the network.

Network-based Intrusion Detection Systems (NIDS)

NIDS are placed at a strategic point (or points) to monitor the traffic on the network. It analyses the passing traffic on the entire subnet, and matches the traffic that is passed on the subnets to the library of known attacks. When an attack is identified, or abnormal behaviour is detected, an alert is sent to the administrator.

Null Session

A null session is also known as anonymous logon. It is a method that allows an anonymous user to retrieve information such as user names and share this over the network, or connect without authentication. Null sessions are one of the most commonly used methods for network exploration employed by “hackers.” A null session connection allows you to connect to a remote machine without using a username or password. Instead, you are given anonymous or guest access.

Offensive Cyber Operations

Activities in cyberspace that manipulate, deny, disrupt, degrade or destroy targeted computers, information systems, or networks.

Office of the Australian Information Commissioner (OAIC)

Office of the Australian Information Commissioner is an Australian government agency responsible for privacy, freedom of information, and government information policy

One Time Password (OTP)

A password that is only valid for one login session.

Operating System

System software that manages hardware and software resources and provides common services for executing various applications on a computer.

PAC

Privilege Account Certificate. Part of a client’s Kerberos ticket which conveys authorisation data such as group membership and password credentials

Phishing

Untargeted, mass emails sent to many people asking for sensitive information (such as bank details), encouraging them to open a malicious attachment, or visit a fake website that will ask the user to provide sensitive information or download malicious content.

Position of Trust

A position that involves duties that require a higher level of assurance than that provided by normal employment screening. In some organisations additional screening may be required.
Positions of trust can include, but are not limited to, an organisation’s Chief Information Security Officer and their delegates, administrators or privileged users.

Potentially unwanted applications

Applications that may appear to serve a useful purpose but often perform actions that may adversely affect a computer’s performance. Also known as potentially unwanted applications.

Potentially Unwanted Software

Applications that may appear to serve a useful purpose but often perform actions that may adversely affect a computer’s performance. Also known as potentially unwanted applications.

Privileged Access Workstation

Provides a dedicated operating system for sensitive tasks and is protected from internet attacks and threat vectors.

Public Key Infrastructure (PKI)

A set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption.

QuadRooter

A set of four vulnerabilities affecting Android devices built using Qualcomm chipsets. If any one of the four vulnerabilities are exploited, an attacker can trigger privilege escalations for the purpose of gaining root access to a device.

Rainbow Table

A large table of pre-computed hashes with their corresponding inputs, stored in a compressed format for fast lookup and compact storage

Random Lottery

Unexpected prize and lottery scams that work by asking you to pay some sort of fee in order to claim your prize or winnings from a competition or lottery you never entered.

Ransomware

Malicious software which encrypts your files and holds the decryption key for a ransom.

Recovery Plan

A plan that outlines an organisation’s recovery strategy for how they are going to respond to an incident.

Red Team

A red team is a group that plays the role of an enemy or competitor to provide security feedback from that perspective (also see blue team)

Remote Access

Access to a system that originates from outside an organisation’s network and enters the network through a gateway, including over the internet.

Remote Access Scam

When a scammer pretends to be affiliated with a well known tech or computer company. The scammer usually tries to convince you that you have a computer or internet problem and you need to buy or install new software to fix the problem.

Remote Access Tool

A software administration tool or program that can be used by a hacker to remotely gain access and control of an infected machine.

Remote Access Trojan (RAT)

A type of malware where the attacker can then contact the trojan over the network to obtain keystrokes, credentials, logs, or take control of the infected system.

Remote Code Execution (RCE)

Where an attacker is able to run arbitrary code on the compromised system over a network connection.

Rootkit

A tool or set of tools used by an attacker in order to compromise a system, gain the highest level of privilege, and then hide their activity.

Router

A networking device that forwards data packets between computer networks

Salami Slicing Attack

Stealing money or data in very small quantities, so that the activity is less likely to be detected than exfiltrating the total amount at once

Scam

A fraudulent scheme performed by a dishonest or deceitful individual, group or company in an attempt to obtain money or something else of value.

Secure Sockets Layer (SSL)

A networking protocol designed for securing connections between web clients and web servers over an insecure network, such as the internet.

Security Information and Event Management (SIEM)

Security Information and Event Management (SIEM) is a software tool for real time monitoring, alerting, logging, and analysing events on a network. SIEM provides the ability to gather security data from information system components and present that data as actionable information via a single interface.

Security orchestration, automation and response (SOAR)

SOAR (security orchestration, automation and response) is a stack of compatible software programs that enables an organisation to collect data about security threats and respond to security events without human assistance. The goal of using a SOAR platform is to improve the efficiency of physical and digital security operations.
SOAR platforms have three main components: security orchestration, security automation and security response

Security Risk Appetite

Statements that communicate the expectations of an organisation’s senior management about the organisation’s security risk tolerance. These criteria help an organisation identify security risks and prepare appropriate treatments and provide a benchmark against which the success of mitigations can be measured.

Security Vulnerability

A weakness in a system’s security requirements, design, implementation or operation that could be accidentally triggered or intentionally exploited and result in a violation of the system’s security policy.

Server

A computer that provides services to users or other systems. For example, a file server, email server or database server.

Single Sign On (SSO)

An access control process which allows an user to authenticate to multiple applications through only one authentication service.

Social Engineering

Social engineering is a non-technical technique that intrusion hackers commonly use. This approach relies on human interaction and often involves tricking people into breaking normal security procedures.

Software

Software is any computer instructions, data, or programs that can be stored electronically and executed by computer hardware. While running any software, associated data that is stored in the hardware may be dynamically written or modified.

Spam

Spam is the term used for flooding the internet with many copies of the same message, in an attempt to force the message on individuals who would not otherwise choose to receive it. Most spam mails or messages are commercial advertising, often for dubious products, get-rich-quick schemes, or quasi-legal services.

Spear-Phishing

A phishing attempt that is specifically targeted to an individual or company.

Spoof

To deceptively imitate a legitimate service.

Stack Smashing

Star Network

Star networks are one of the most common computer network topologies. A star network consists of one central switch, hub or computer, which acts as a conduit to transmit messages. This consists of a central node, to which all other nodes are connected. The central node provides a common connection point for all nodes through a hub.

Stealthing

Stealthing is a term that refers to approaches used by malicious code to conceal its presence on the infected system.

Tamper

Tamper is defined as deliberately trying to change or alter a system’s logic, data, or control information to cause the system to perform unauthorized functions or services.

Threat

A threat is a possible danger that might exploit a vulnerability to violate security protocols and thus, cause possible harm. A threat can be either deliberate (example, an individual cracker or a criminal organisation) or accidental (example, the possibility of a computer malfunctioning, or the possibility of a natural disaster such as an earthquake, a fire, or a tornado) or otherwise a circumstance, capability, action, or event.

Threat Actor

An entity that is partially or wholly responsible for an incident that impacts – or has the potential to impact – an organisation’s security. Also referred to as a malicious actor.

Threat assessment

Threat assessment is a structured process used to identify and evaluate various risks or threats that an organisation might be exposed to.

Threat Modelling

The process of identifying potential threats, prioritising and planning mitigations.

Threat vector

A threat vector is a methodology that a threat uses to get to the target.

Token Based Access Control

Token-based access control is an authentication method that offers additional security. Using this method, each user has a smart card or token that either displays a constantly changing password, passkey, or buttons that calculate a new password based on a challenge phrase. Without this card or token, it is impossible to authenticate yourself to the system. This two-factor authentication provides additional security by requiring an attacker to both guess the user’s password and steal the smart card or token that is used to access the system.

Trojan Horse

A trojan horse is a computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorization of a system entity that invokes the program.

Trunking

Trunking is a method for a system to provide network access to many clients by sharing a set of lines or frequencies instead of providing them individually. This is analogous to the structure of a tree with one trunk and many branches.

Trusted Certificate

A trusted certificate is any digital certificate that a certificate user accepts as being valid without testing the certificate to validate it as the final certificate on a certification path; especially a certificate that is used as a trust anchor certificate.

Uniform Resource Locator (URL)

The technical term for the web address (location) of an internet resource such as a website or an image within a website.

Universal Second Factor (U2F)

Universal second factor is an open authentication standard that allows enrolment of a public key from a token, such as a USB or NFC device, for user authentication

Unsecured Network

Most often refers to a free Wi-Fi network, like at a café or shop.

Use After Free

A type of software bug where memory is reused after being freed to the allocator. This can lead to software crashes or code execution.

User Contingency Plan

A user contingency plan is the alternative method of continuing business operations if its systems are unavailable.

Validation

Confirmation (through strong, sound, objective evidence) that requirements for a specific intended use or application have been fulfilled.

Virus

A type of malware. Viruses spread on their own by attaching code to other programs, or copying themselves across systems and networks.

Voice firewall

A voice firewall is a physical discontinuity in a voice network that monitors, alerts, and controls inbound and outbound voice network activity based on user-defined call admission control (cac) policies, voice application layer security threats or unauthorized service use violations.

Volatile Media

A type of media, such as RAM, which gradually loses its information when power is removed.

Vulnerability

A specific weakness in a piece of software or system configuration, which an attacker can exploit

Vulnerability Assessment and Penetration Testing (VAPT)

Vulnerability Assessment and Penetration Testing (VAPT) are both security services that focus on identifying vulnerabilities in the network, server and system infrastructure. Both the services serve a different purpose and are carried out to achieve different but complementary goals.

War dialer

A war dialer is a computer program that automatically dials a series of telephone numbers to locate lines connected to computer systems, and catalogs those numbers so that a cracker or attacker can try to break into the systems.

Warchalking

Warchalking is marking areas, usually on sidewalks with chalk, that receive wireless signals to advertise an open wi-fi network. Warchalking was inspired by hobo symbols and was conceived by a group of friends in june 2002. They were published by Matt Jones who designed the set of icons and produced a downloadable document containing them.

Watering Hole

Setting up a fake website (or compromising a real one) in order to infect and exploit visiting users.

Web server

A web server is a computer system that processes requests via http, the basic network protocol used to distribute information on the world wide web. Web server is used to refer either the entire system, or specifically to the software that accepts and supervises the http requests.

Whaling

A type of phishing that targets executives and management.

White Hat

An ethical computer hacker, or a computer security expert, who specialises in penetration testing and in other testing methodologies to legally and legitimately ensure the security of an organisation’s information systems. See also ‘black hat’ and ‘grey hat’.

Whitelist

An explicit list of entities that are allowed access. The opposite of a blacklist.

Worm

Self-replicating malware that uses a network to distribute copies of itself to other computer devices, often without user intervention. Worms need not attach themselves to existing programs.

Y2k

Y2k is short for the year 2000 bug or the millennium bug. Y2k is a warning first published by bob bemer in 1971 describing the issues of computers using a two-digit year date stamp.

Zero Day (0 Day)

A newly discovered vulnerability – A software exploit that hasn’t been disclosed or patched by the software vendor.

Zombies

A zombie computer is a computer connected to the internet that has been compromised by a hacker, a computer virus, or a trojan horse. Generally, a compromised machine is only one of many in a botnet, and is used to perform malicious tasks of one sort or another under remote direction.

From the Blog

We love our community and regularly publish industry blogs to share knowledge and give back.

New to the industry? You might find our Lingo Library useful, it’s full of industry terms with real industry examples.