Two factor Authentication. In other words you can’t login solely with your username and password, but typically you’d need to use something like an OTP (One-time pin) sent to your phone, or an app like Google Authenticator.
The illegal practice of collecting email accounts from information in the public domain or by using software to search for email addresses stored locally on a computer. Account harvesting may be used for spamming.
Amazon Web Services
Amazon Web Services is a comprehensive, evolving cloud computing platform provided by Amazon that includes a mixture of infrastructure as a service (IaaS), platform as a service (PaaS) and packaged software as a service (SaaS) offerings.
Android is a mobile operating system developed by Google. It is used by several smartphones and tablets. The Android operating system is based on the Linux kernel.
Software that is designed to detect, stop and remove viruses and other kinds of malicious software.
Application software is a program or group of programs designed for end users. Examples of an application include a word processor, a spreadsheet, an accounting application, a web browser, an email client, a media player, a file viewer, an aeronautical flight simulator, a console game or a photo editor. The collective noun application software refers to all applications collectively. This contrasts with system software, which is mainly involved with running the computer.
Australian Cyber Security Centre
The Australian Cyber Security Centre is the Australian Government lead agency for cyber security.
A feature or defect of a computer system that allows access to data by bypassing normal security measures.
Measurable physical characteristics used to identify or verify an individual.
A person that hacks for personal gain and/or who engages in illicit and unsanctioned hacking activities.
A distributed database that maintains a continuously growing list of records, called blocks, secured from tampering and revision. Each block contains a timestamp and a link to a previous block. By design, blockchains are inherently resistant to modification of the data—once recorded, the data in a block cannot be altered retroactively.
Bluetooth is a wireless technology standard used for exchanging data between fixed and mobile devices over short distances using short-wavelength UHF radio waves.
A program that performs automated tasks. In a cyber security context, a malware-infected computer that carries out tasks set by someone other than the device’s legitimate user.
A collection of computers infected by bots, remotely controlled by an actor to conduct malicious activities without the user’s knowledge, such as to send spam, spread malware, conduct denial of service activities or steal data.
Bring Your Own Device
An organisational policy that allows employees to use their own personal devices for work purposes. These devices connect to and utilise the organisations’ network, data and resources.
Occurs when your browser settings are changed without your knowledge or consent. Your browser may persistently redirect to malicious or other unwanted websites.
A typically unsophisticated and exhaustive process to determine a cryptographic key or password that proceeds by systematically trying all alternatives until it discovers the correct one.
A Content Delivery Network allows your part of your website (for example, all your images and text) to be hosted on servers across the world so that when someone visits your site from Belgium, and your site sits on a server in Sydney, they are served as much content as possible from the Belgium CDN. This works perfectly well with static content (content that does not change often) like images, but not with things that are dynamic, for example: a contact form that must be used “live”. It enables your site to load faster, and saves you on hosting costs too.
Cross Domain Solution
A secure certificate, is a file installed on a secure web server that identifies a website. This digital certificate establishes the identity and authenticity of the company or merchant so that online shoppers can trust that the website is secure and reliable.
Clickbait is a form of false advertisement which uses hyperlink text or a thumbnail link that is designed to attract attention and entice users to follow that link and read, view, or listen to the linked piece of online content, with a defining characteristic of being deceptive, typically sensationalised or misleading.
A network of remote servers hosted on the internet and used to store, manage, and process data in place of local servers or personal computers.
A service model that enables network access to a shared pool of computing resources such as data storage, servers, software applications and services.
Cloud Service Provider
A company that offers some component of cloud computing – typically infrastructure as a service (laaS), software as a service (SaaS) or platform as a service (PaaS) – to other businesses or individuals.
A small text file that is transmitted by a website and stored in the user’s web browser, used to identify the user and prepare customized webpages. A cookie can be used to track a user’s activity while browsing the internet.
Cross domain solution
A system capable of implementing comprehensive data flow security policies with a high level of trust between two or more differing security domains.
The ability to adapt to disruptions caused by cyber security incidents while maintaining continuous business operations. This includes the ability to detect, manage and recover from cyber security incidents.
The dark web is made up of sites that are not indexed by search engines and are only accessible through specialty networks such as The Onion Router (ToR). Often, the dark web is used by website operators who want to remain anonymous. The ‘Dark Web’ is a subset of the ‘Deep Web’.
Data Encryption Algorithm
Data encryption algorithms are the algorithms that are used to encrypt and decrypt data. This algorithm type is used for encrypting data to encrypt and decrypt various parts of the message, including the body content and the signature.
Where attackers use ‘password dictionaries’ or long lists of the most commonly-used passwords and character combinations against a password in order to guess it and break into a system.
An electronic document used to identify an individual, a system, a server, a company, or some other entity, and to associate a public key with the entity. A digital certificate is issued by a certification authority and is digitally signed by that authority.
The process of making data unreadable by others for the purpose of preventing others from gaining access to its contents.
End User Device
A personal computer, personal digital assistant, smart phone, or removable storage media (e.g. USB flash drive, memory card, external hard drive, writeable CD or DVD) that can store information.
A methodology of protecting a network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats.
A fibre is a particularly lightweight thread of execution. Like threads, fibres share address space. However, fibres use cooperative multitasking while threads use pre-emptive multitasking.
A network device that filters incoming and outgoing network data based on a series of rules.
Software embedded in ICT equipment.
The Five Eyes is an Anglophone intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom and the United States of America.
Fuzzing (or fuzz testing) is a method used to discover errors or potential security vulnerabilities in software.
General Data Protection Regulation
The General Data Protection Regulation is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas.
GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser.
A computer expert that can gain unauthorised access to computer systems. Hacker is an agnostic term and a hacker does not necessarily have malicious intent.
A hardware vulnerability is an exploitable weakness in a computer system that enables attack through remote or physical access to system hardware.
A collection of computers, servers, mainframes, network devices, peripherals, or other devices connected to one another to allow the sharing of data.
Software installed on a computer’s hard drive that enables computer hardware to communicate with and run computer programs.
Commonly referred to as programs, collection of instructions that enable the user to interact with a computer, its hardware or perform tasks.
A program designed to gather information about a user’s activity secretly – usually installed without a user’s knowledge when they click a link.
A network of remote servers that provide massive, distributed storage and processing power.
A physical device that can usually fit on a keyring, which generates a security code for use with networks or software applications.
A type of malware that is often disguised as legitimate software, used by cyber criminals to gain access to users’ systems.
A program designed to cause damage, steal personal information, modify data, send e-mail, display messages or a combination of these actions