Glossary

The process of granting or denying requests for access to systems, applications and information. It can also refer to the process of granting or denying requests for access to facilities.

The illegal practice of collecting email accounts from information in the public domain or by using software to search for email addresses stored locally on a computer. Account harvesting may be used for spamming.

In computing terms, a set of instructions or formula, used to solve problems or perform tasks based on the understanding of available alternatives.

In online terms, Android means an open-source operating system used for smartphones and tablets.

Antivirus software are programs that protect your devices from becoming infected with viruses.

An approach in which only an explicitly defined set of applications are allowed to run on systems.

The simulation of intelligence processes by machines, especially computer systems. These processes include learning (the acquisition of information and rules for using the information), reasoning (using the rules to reach approximate or definite conclusions), and self-correction. Particular applications of AI include threat identification, expert systems, speech recognition and machine vision.

Verifying the identity of a user, process or device as a prerequisite to allowing access to resources in a system

The process of defining or verifying permission for a specific identity or device to access or use resources in a system.

To make a secondary copy of your important documents in case something goes wrong. For example, you can back up your digital files by saving them onto an external hard drive or the cloud.

Measurable physical characteristics used to identify or verify an individual.

Bluetooth is a wireless networking technology that enables data to be transferred between devices that are close together but not physically connected, such as between a smartphone and a laptop computer, or between a smartphone and wireless headphones.

A browser is a program that lets users move around, or browse, the internet. Also known as a web browser, it is the main way to access the internet, and allows users to view and interact with information online. Some of the most popular browsers are Chrome, Firefox, Safari, Internet Explorer, and Edge.

An unsophisticated and exhaustive process to try and determine a cryptographic key or password without the user's knowledge by systematically trying all alternatives or combinations until the correct one is discovered.

A business continuity plan is a document that outlines how an organisation can ensure its critical business functions will: continue to operate despite serious incidents or disasters that might otherwise have interrupted them; or will be recovered to an operational state within a reasonably short period.

Attacks that are a form of cybercrime which use email fraud to target business, government and non-profit organisations to achieve a specific outcome which negatively impacts the target organisation.

Catfishing means luring someone into a relationship using a fake online identity, often to scam them.

A working storage or memory space for files to allow for quicker loading. For example, web browsers hold copies of recently visited websites to avoid repeatedly transferring the same static data and only download any changes.

A form of false advertisement which uses links that are designed to attract attention and entice users to follow that link and read, view or listen to the linked content, with a defining characteristic of being deceptive, typically sensationalised or misleading.

The disclosure of information to unauthorised persons, or a violation of the security policy of a system in which unauthorised intentional or unintentional disclosure, modification, destruction or loss of an object may have occurred.

The assurance that information is disclosed only to authorised entities.

When you visit a website, the site sends a small file to your computer to keep track of your visits and activity. For example, if you shop online a cookie can keep track of the items in your shopping cart. Without cookies, your shopping cart would empty each time you clicked a new link on the site.

A type of cybercrime that involves stealing a victim's proof of identity. Once credential theft has been successful, the attacker will have the same account privileges as the victim. Stealing credentials is the first stage in a credential-based attack.

A type of digital currency which uses encryption techniques to regulate the generation of units of currency and verify the transfer of funds, operating independently of a central bank. The cryptography is designed for security and anti-counterfeiting measures.

A deliberate act through cyberspace to manipulate, disrupt, deny, degrade or destroy computers or networks, or the information resident on them, with the effect of seriously compromising national security, stability or economic prosperity.

A cyber criminal attacks computer systems with malicious intent. They steal sensitive data about companies or people.

An occurrence or activity that may threaten the confidentiality, integrity or availability of a system or the information stored, processed or communicated by it.

The use of computer technology to disrupt the activities of a nation-state or organisation, especially the deliberate disruption, manipulation or destruction of information systems for strategic, political or military purposes.

The dark web is a collection of websites that require specific software and encryption to access them and is typically used for illegal online activity. The dark web forms a portion of the deep web that is intentionally hidden from search engines and web browsers.

A data breach occurs when sensitive or personal information is accessed, disclosed or exposed to unauthorised people. This may be by accident, or the result of a security breach.

An attack in which threat actors steal data from systems and demand a ransom payment to prevent it being published on dark web leaks sites. A double extortion attack is when this technique is paired with a ransomware attack.

Data protection is the process of safeguarding important information from corruption, compromise or loss.

The accidental or deliberate exposure of information into an uncontrolled or unauthorised environment, or to people without a need to know that information.

A tool designed to decrypt files encrypted by a specific ransomware strain.

A 'deepfake' is an extremely realistic – though fake – image or video that shows a real person doing or saying something that they did not actually do or say. Deepfakes are created using artificial intelligence software that draws on a large number of photos or recordings of the person. Deepfakes have been used to create fake news, celebrity pornographic videos and malicious hoaxes.

Content in the deep web is not indexed by search engines. It consists of things like the content of company intranet websites, or information otherwise secured behind web portals requiring authorised access.

Refers to the information about a particular person that exists on the internet as a result of their online activity.

Outlines an organisation’s recovery strategy for how they are going to respond to a disaster.

To convert information or data into a code, especially to prevent unauthorised access.

End-to-end encryption is a method of secure communication that allows only the people communicating with each other to read the messages, images or files being exchanged.

The eight essential mitigation strategies that the Australian Signals Directorate recommends organisations implement as a baseline to make it much harder for malicious actors to compromise their systems and data.

A piece of code that exploits bugs or vulnerabilities in software or hardware to gain access to a system or network.

A feed, sometimes referred to as a newsfeed, is the homepage section of a social media platform that continuously updates with a list of content from people and pages that the user follows or subscribes to. Often it will also include advertisements targeted towards the user.

A network device that filters incoming and outgoing network data based on a series of rules.

The practice of gathering, retaining and analysing computer-related data for investigative purposes in a manner that maintains the integrity of the data.

Intentional deception to secure unfair or unlawful gain, or to deprive a victim of a legal right.

Full restoration of backups is tested at least once when initially implemented and each time fundamental information technology infrastructure changes occur.

A method used to discover errors or potential security vulnerabilities in software. Also called ‘fuzz testing’.

A hacker is a computer expert who can gain unauthorised access to computer systems (with or without malicious content).

Hardware, or computer hardware, is the physical components of a computer system, such as the circuitry, screen and keyboard (as opposed to software).

A server configured to appear as if it is running various software as lures to monitor threat actors’ tactics.

An area where wireless internet access is available to the general public.

A hyperlink, or hypertext link, is any text or graphic on a website that, when you click on it, takes you to another part of the same webpage or a different webpage. Hyperlinks often appear underlined or as text in a different colour.

Identity crime is when a criminal uses a fake, stolen or manipulated identity to commit a crime. An example is taking out a credit card in someone else's name using stolen identity documents.

When a victim’s personal details are stolen and used to perpetrate crime, commonly fraud. Identity theft is a serious crime and can result in long-term and far-reaching negative consequences for victims.

A plan for responding to cyber incidents.

A criminal pretends to be a trusted individual or entity to steal data or money from the target.

The assurance that information has been created, amended or deleted only by authorised individuals.

An HTML object that allows you to jump to a new location when you select it. Links provide a simple means of navigating between pages on the web.

Location-based services use GPS technology so users can report their physical location to others via social media or apps on their mobile phone. Some apps use location-based services to help users navigate a route or find places like restaurants or the nearest chemist.

To lurk is to listen in to a chat room or social media group without participating. Newcomers are sometimes encouraged to lurk for a while as they get the feel of a site and how it operates.

Any software that attempts to subvert the confidentiality, integrity or availability of a system.

A malicious link is created with the purpose of promoting scams, attacks and frauds. By clicking on an infected URL, you can download malware such as a Trojan or virus that can take control of your devices, or you can be persuaded to provide sensitive information on a fake website.

Short for ‘malicious software’. A software used to gain unauthorised access to computers, steal information and/or disrupt or disable networks. Types of malware include Trojans, viruses and/or worms.

False information that is spread due to ignorance, or by error or mistake without the intent to deceive.

Multi-factor Authentication (MFA) is an extra layer of security that uses two or more steps to login to a device, account or app. This could be a secret question, a pin number or a simple use code.

A network is a group of computers that can communicate with one another. It can be as small as two computers, or as large as billions of devices.

An online forum is a message board for users to read and post questions or otherwise contribute to a discussion. They are useful for building online communities and bringing people together with similar interests. Moderated forums are the safest to use.

An online password manager is an app you can install on a device that securely stores your passwords for all your online accounts, so you only have to remember a single password.

A sequence of words used for authentication.

An attempt to discover or bypass passwords used for authentication on systems and networks, and for different types of files.

The action of updating, fixing, or improving a computer program.

Information or an opinion about an identified individual, or an individual who is reasonably identifiable: whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not.

Phishing uses authentic-looking emails to request information from you or to direct you to a fake website. These fake emails try to trick you into downloading malware or sharing personal information.

Pop-ups are small windows that appear in the foreground of a webpage. On some websites, they have been designed to serve a useful purpose. However, in many cases, they display advertising with fake buttons or links that trick users to go to unsafe websites and may result in malware being installed.

Settings which control how a user's data is shared with other people or systems. Privacy settings apply to web browsers and social networking services.

Any Wi-Fi service established and owned by a contributing group that is provided for use by its customers on a wireless device. Public Wi-Fi may be unsecured, password protected or have other secure authentication protocols established and managed by such contributing group.

An interpreted high-level general-purpose programming language. Python is used for web development, AI, machine learning, operating systems, mobile application development and video games.

Highly destructive malware that encrypts or locks a victim’s network and data, and demands payment in return for access or decryption. Victims are unable to access any information on the infected network, making it almost impossible to conduct usual business operations.

Access to a system that originates from outside an organisation’s network and enters the network through a gateway, including over the internet.

Return to a former condition, place or position.

A Restricted Access System aims to limit the exposure of children and young people under 18 to pornography and other age-inappropriate online content.

A fraudulent scheme performed by a dishonest or deceitful individual, group or company in an attempt to obtain money or something else of value.

A person who commits fraud or participates in a dishonest scheme.

An image showing the contents of a screen at a particular time.

A server is a computer that provides data, or computer information, to other computers. This could be over a local area network (LAN) or a wide area network (WAN).

Shadowbanning is when an online community user's account or a feature of it (such as the ability to post or comment) is suspended or blocked without them being informed.

The theft of credit card information using card readers, or skimmers, to record and store victims’ data.

An internet-enabled digital device, such as a phone or tablet, that can be connected to other digital devices or online networks and apps.

The fraudulent practice of sending text messages purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords or credit card numbers.

The methods used to manipulate people into carrying out specific actions or divulging information.

An act of deception and fraud committed through social media websites or applications.

Social networking means communicating online with friends, and other contacts via social media sites such as Facebook and Twitter.

A download for an application, operating system or software suite that provides fixes for features that aren't working as intended or adds minor software enhancements and compatibility.

Unsolicited commercial electronic messages are known as spam. Under Australia's Spam Act 2003, spam includes email, instant messaging, SMS and MMS (text and image-based mobile phone messaging) of a commercial nature. It does not cover faxes, internet pop-ups or voice telemarketing.

A form of phishing that targets a specific person or group.

The forgery of an email or domain to mislead a recipient about the origin of a message or website.

A type of malicious software designed to enter a computer or mobile device to gather data and information about a person or organisation and forward it to a third party.

To stream an audio or video file is to use an internet-connected computer or mobile device to listen to or watch material that is stored on a host site, without downloading it.

A tag is a keyword or term used in metadata to describe and categorise a digitised item such as a picture, article or video clip. Tagging an item allows it to be found later by using a search engine.

A thread is series of messages on a web forum or social media discussion. It consists of an original message and all the replies that follow. People can respond to the original message or to each other in a 'threaded discussion'.

A malicious entity or individual that is partially or wholly responsible for an incident that impacts, or has the potential to impact, an organisation’s security.

A form of multi-factor authentication (see definition) to confirm a user's claimed identity by combining two different pieces of evidence.

Most often refers to a free Wi-Fi network, like at a café or shop.

URL stands for a 'uniform resource locator', such as an address of a file or webpage.

A virus is a type of computer program or malicious code that corrupts your devices. Viruses can delete critical files, lock important files so you can't access them or copy your keystrokes to track your login or to get information.

A phishing attack that involves the use of voice calls, using either conventional phone systems or voice over internet protocol (VoIP) systems.

A VPN, or 'virtual private network', is a service that securely tunnels a user’s connection across the internet, often to a different country, bypassing any filtering or monitoring. They are often used to hide the user’s location or online activities.

A web browser is a software program found on all computers and most internet-connected devices that allows you to browse the internet and look up websites.

The digital form of a physical event known as a seminar. It is usually a live interactive event that attendees join over the internet using a desktop computer or mobile device.

Wi-Fi is networking technology that uses radio waves to provide high-speed internet and network connections with no physical wiring.

www refers to the world wide web, which is a network of websites and webpages that you can access over the internet using a web browser.