Cyber Security Glossary
Be your company’s cyber security vocabulary. Our glossary provides definitions for the most frequently utilised cyber security terms.
A-
Accountable Authority
The individual or group with ultimate responsibility and decision-making power over the organization’s operations.
Accountable Material
Information that requires the highest level of control to ensure secure handling and restricted movement.
Accreditation
A structured process that reviews certifications and supporting documentation to confirm compliance and accept any remaining security risks.
Adversary
An entity or individual whose objectives conflict with yours, such as a criminal group or foreign government.
Agency
A public sector organization or entity operating under ministerial authority, as defined by relevant legislation.
Agency Governance Framework
The organizational structure and decision-making processes that guide management activities, ensuring security responsibilities are integrated into overall governance.
Agency Security Committee
A designated group responsible for coordinating and advising on all security-related aspects of the agency’s cybersecurity program or security plan.
Agency Security Executive (ASE)
A senior leader accountable for directing protective security measures and promoting strong cybersecurity governance across the agency.
Applicant(s)
Individuals applying for employment within the agency.
Attestation
A formal declaration confirming the truthfulness or accuracy of a statement or document.
Authorised Vetting Agency
An approved organization, such as AGSVA, responsible for conducting security clearance checks.
Availability
Making sure authorized users can get the information they need quickly and safely whenever they need it.
B-
Backdoor
A hidden way for attackers to get into a system without using normal security checks.
Bandwidth
How much data can move through a network in a set time, usually measured in bits per second.
Banner
A message shown when connecting to a service, often with system details or warnings.
Basic Authentication
A simple login method that sends a username and password with every request.
Bastion Host
A computer that is specially secured to resist attacks.
BIND
Software that runs DNS, which converts website names into IP addresses.
Biometrics
Security that uses physical traits like fingerprints or facial scans.
Bit
The smallest piece of digital data, shown as 0 or 1.
Block Cipher
An encryption method that locks data in fixed-size blocks.
Blue Team
A group that protects systems by using firewalls, updates and monitoring.
Boot Record Infector
Malware that hides in the boot section of a disk and runs when the computer starts.
Border Gateway Protocol (BGP)
A system that helps big networks and internet providers share routing information.
Bot
A program that does tasks automatically, sometimes copying human actions.
Botnet
A group of infected devices controlled remotely to attack or spread malware.
Bridge
A device or program that links two local networks using the same rules.
British Standard 7799
An old security standard adopted in Australia as AS/NZS 7799.2:2003, later replaced by ISO/IEC 27001.
Broadcast
Sending the same message to all devices on a network at once.
Broadcast Address
An address used to send data to every device on a network.
Browser
A program used to view websites and online content.
Brute Force Attack
A way to guess passwords by trying every possible combination.
Buffer Overflow
An error where too much data is put into a storage area, which can break the system.
Bring Your Own Device (BYOD)
A policy that lets employees use their own devices for work.
Business Continuity Plan (BCP)
A plan to keep important work going during emergencies.
Business Impact
The effect on operations if systems or data are compromised.
Business Impact Analysis (BIA)
A review that shows how much downtime is acceptable and what needs recovery first.
Byte
A basic unit of storage, usually eight bits, that holds one character.
C-
Cache
A high-speed storage area that temporarily holds data for quick access, reducing load times.
Cache Cramming
A technique that tricks a browser into running cached code with fewer security restrictions.
Cache Poisoning
An attack where false or malicious data is stored in a cache, often used in DNS attacks.
Call Admission Control (CAC)
A system that manages and controls voice network traffic based on set policies.
Cell
A small unit of data transmitted over an ATM network.
Certificate-Based Authentication
A security method using SSL certificates to verify identity and encrypt traffic.
CGI (Common Gateway Interface)
A way for web servers to run scripts and generate dynamic content.
Chain of Custody
Documented handling of evidence to maintain its integrity during investigations.
CHAP (Challenge-Handshake Authentication Protocol)
An authentication method that uses a challenge-response process to prevent replay attacks.
Checksum
A calculated value used to detect errors or changes in data.
Cipher
An algorithm used to encrypt and decrypt information.
Ciphertext
Data that has been encrypted and is unreadable without the correct key.
Circuit-Switched Network
A network where a dedicated physical path connects two endpoints for communication.
Client
A system or application that requests services from a server.
Cloud Computing
Using remote servers to store, manage and process data instead of local systems.
Cold/Warm/Hot Disaster Recovery Site
- Hot Site: Fully equipped and ready for immediate failover.
- Warm Site: Partially equipped, requires setup before use.
- Cold Site: Basic infrastructure only, needs full setup after a disaster.
Collision
When two devices send data at the same time on the same network, causing errors.
Competitive Intelligence
Gathering information about competitors using legal methods.
Computer Emergency Response Team (CERT)
A group that responds to cybersecurity incidents and issues alerts about threats.
Computer Network
A collection of connected devices that share data and resources.
Confidentiality
Ensuring information is only accessible to authorized individuals.
Configuration Management
Maintaining a known and secure system setup and tracking changes.
Cookie
Small data stored by a browser to remember user sessions and preferences.
Corruption
Unwanted changes to data or system functions that disrupt normal operations.
Cost-Benefit Analysis
Comparing the cost of security measures to the value of reduced risk.
Countermeasure
Actions taken to prevent or reduce the impact of a detected threat.
Covert Channel
A hidden way to transfer information using normal system operations.
Crimeware
Malicious software designed to help criminals make money, such as stealing data or launching attacks.
Cron
A tool in Unix systems that schedules tasks to run automatically at set times.
Crossover Cable
A cable that connects two similar devices directly by reversing wire pairs.
Cryptanalysis
The study of breaking or bypassing encryption systems.
Cryptographic Algorithm or Hash
A method used for encryption, hashing, digital signatures, or key exchange.
Cut-Through Switching
A network method that forwards packets after reading only the header.
Cyber-Attack
Any unauthorized attempt to access, disrupt, steal, or damage systems or data.
Cybersecurity Risk Assessment
A process to identify and evaluate potential threats and vulnerabilities.
Cyclic Redundancy Check (CRC)
A checksum method used to detect accidental changes in data.
D-
Daemon
A background program that runs continuously, often starting when the system boots, to handle tasks without user interaction.
Damage
The impact or harm caused when information is compromised.
Data Aggregation
Combining data from multiple sources to create a complete view for analysis.
Data Breach
Unauthorized access, theft, or disclosure of sensitive or confidential information.
Data Custodian
The person or entity responsible for managing and protecting data during its use.
Data Encryption Standard (DES)
An older encryption method using a shared secret key to secure data.
Data Mining
Analyzing large sets of data to find patterns or useful information.
Data Owner
The person or entity with authority and responsibility for specific data.
Data Warehousing
Storing data from multiple sources in one central location for analysis and reporting.
Datagram
A self-contained packet of data sent across a network without a fixed connection.
Day Zero (Zero Day)
The day a new vulnerability becomes known, often before a patch is available.
Declassification
Reducing information to an unclassified state when it no longer needs special protection.
Decapsulation
Removing protocol headers from a packet as it moves up the network stack.
Decryption
Converting encrypted data back into its original readable form.
Defacement
Unauthorized changes to a website’s content, often to embarrass or vandalize.
Defense in Depth
Using multiple layers of security to protect systems and data.
Demilitarized Zone (DMZ)
A network area that separates internal systems from external access, adding security.
Denial of Service (DoS)
An attack that prevents access to systems or delays their normal operations.
Dictionary Attack
A password-cracking method that tries common words from a dictionary.
Diffie-Hellman
A cryptographic method for securely exchanging keys over an insecure channel.
Digest Authentication
A web authentication method that uses hashed passwords for added security.
Digital Certificate
An electronic document that verifies identity and enables secure communication.
Digital Envelope
An encrypted message that includes an encrypted session key for secure transmission.
Digital Signature
A unique cryptographic code that verifies the sender and ensures message integrity.
Digital Signature Algorithm (DSA)
A method for creating digital signatures using asymmetric cryptography.
Digital Signature Standard (DSS)
A U.S. government standard for digital signatures based on DSA.
Disassembly
Breaking down a program’s binary code to understand its source instructions.
Disaster Recovery Plan (DRP)
A documented process for restoring IT systems after a disruption or disaster.
Discretionary Access Control (DAC)
A security model where users control access to their own resources.
Disruption
An event that interrupts normal system operations or services.
Distance Vector
A routing method that calculates the best path based on distance metrics.
Distributed Scans
Scanning a system using multiple source addresses to avoid detection.
Domain
A group of computers and resources managed under a common set of rules.
Domain Hijacking
An attack where control of a domain is taken by replacing its DNS server.
Domain Name
A human-readable address used to identify websites on the internet.
Domain Name System (DNS)
The system that translates domain names into IP addresses.
DomainKeys Identified Mail (DKIM)
An email authentication method using digital signatures to verify legitimacy.
Domain-based Message Authentication, Reporting & Conformance (DMARC)
An email security protocol that helps prevent spoofing and phishing.
Due Care
Taking reasonable steps to protect systems and data according to best practices.
Due Diligence
Implementing and maintaining security measures to prevent and detect threats.
Dumpster Diving
Collecting sensitive information by searching through discarded materials.
Dynamic Link Library (DLL)
A file containing code and data that can be used by multiple programs.
Dynamic Routing Protocol
A protocol that automatically updates routing tables based on network changes.
E-
Eavesdropping
Listening to private communications to gather sensitive information.
Echo Request
An ICMP message sent to check if a device is online and measure response time.
Echo Reply
The ICMP response sent back after receiving an echo request.
Egress Filtering
Controlling outbound network traffic to prevent data leaks or malicious activity.
Eligibility
The right to work in Australia, either as a citizen or with a valid work visa.
Emanations Analysis
Capturing signals unintentionally emitted by a system to extract data.
Encapsulation
Wrapping one data structure inside another to hide its details during transmission.
Encryption
Converting readable data into an unreadable format to protect its confidentiality.
End-of-Life
When a company stops supporting a product or service, often after releasing a newer version.
Ephemeral Port
A temporary port used by client applications for short-lived network connections.
Escrow Passwords
Passwords stored securely for emergency use when authorized personnel are unavailable.
Ethernet
A widely used technology for local area networks (LANs), defined by IEEE 802.3 standards.
Event
An observable occurrence in a system or network, such as a login or error.
Exemption
Formal approval to exclude a requirement from the South Australian Cyber Security Framework (SACSF).
Exposure
Sensitive data being revealed to an unauthorized party.
Extended ACLs (Cisco)
Advanced access control lists that filter traffic based on IP addresses, ports and protocols.
Extensible Authentication Protocol (EAP)
A flexible authentication framework supporting multiple methods like passwords and certificates.
Exterior Gateway Protocol (EGP)
A routing protocol used to exchange information between different autonomous systems.
Extreme Vulnerability
A critical security flaw that could allow remote code execution or affect essential systems, especially if actively exploited.
Exponential Backoff Algorithm
A method for adjusting network retry times to reduce congestion.
F-
Foreign Actor
An individual, organisation, agent, or government from outside Australia.
Framework
A structured model or system designed to address complex problems or guide decision-making.
Function
The role or responsibility carried out by an agency on behalf of the Government of South Australia.
False Rejects
When an authentication system mistakenly denies access to a legitimate user.
Fast File System (FFS)
An improved Unix file system that speeds up reading and writing by using disk caching and better file organisation. It relies on inodes and data blocks.
Fast Flux
A botnet technique that frequently changes DNS records for a domain name across multiple IP addresses to avoid detection.
Fault Line Attacks
Attacks that exploit weaknesses at the interface between systems or components.
File Transfer Protocol (FTP)
A standard TCP/IP protocol for transferring text or binary files over a network.
Filter
A rule or tool that determines which network packets are allowed or blocked. Commonly used in firewalls and packet sniffers.
Filtering Router
A router that applies security rules to decide whether data packets should be forwarded or blocked, often as part of a firewall.
Finger
An older protocol used to retrieve user information from a remote system, such as login status or contact details.
Fingerprinting
Sending unusual packets to a system to analyse its responses and identify its operating system.
Firewall
A physical or software-based barrier that prevents unauthorised access to networks or data.
Flooding
An attack that overwhelms a system with excessive traffic or input, causing failure or degraded performance.
Forest
In Microsoft Active Directory, a group of domains that share a common schema and replicate data between each other.
Fork Bomb
A denial-of-service attack that repeatedly creates processes until system resources are exhausted.
Form-Based Authentication
A web-based login method where users enter credentials into a form.
Forward Lookup
Using a domain name to find its corresponding IP address.
Forward Proxy
A server that processes client requests and forwards them to other servers, often for filtering or caching.
Fragment Offset
A field in an IP packet that indicates the position of a fragment within the original data packet.
Fragment Overlap Attack
A TCP/IP attack that exploits packet fragmentation by sending overlapping fragments to corrupt data reconstruction.
Fragmentation
Breaking a file into multiple non-contiguous blocks on a storage medium.
Frames
Units of data transmitted across a network, including headers and trailers for addressing and control.
Full Duplex
A communication mode where data flows in both directions simultaneously.
Fully Qualified Domain Name (FQDN)
A complete domain name that includes the hostname and the full domain path.
Fuzzing
A testing technique that inputs random or invalid data into an application to uncover security vulnerabilities.
G-
Governance
A structured system for decision-making, direction and control through rules, relationships, policies, standards, systems and processes.
Guideline
Detailed advice on applying a policy, often outlining good or best practices.
Guidance
See Guideline.
Gateway
A network point that serves as an entry to another network.
gethostbyaddr
A DNS query used when the IP address of a machine is known and its domain name is required.
gethostbyname
A DNS query used when the domain name of a machine is known and its IP address is required.
GNU
A Unix-like operating system distributed with source code that can be copied, modified and shared. The GNU Project was launched in 1983 by Richard Stallman and others under the Free Software Foundation.
Gnutella
An Internet-based file-sharing application that acts as both a server for sharing files and a client for searching and downloading files from other users.
H-
Handling
Processes for accessing, transmitting, transferring, storing, or disposing of official information.
Harm
Causing injury or damage, either physically or psychologically, to a person or group.
Hardening
The process of identifying and fixing vulnerabilities in a system to improve security.
Hash Function
An algorithm that maps data to a smaller, fixed-size value (hash), commonly used for data integrity checks.
Hash Functions (Cryptographic)
Specialised algorithms that generate a one-way checksum for larger data, making it difficult to reverse. Used to verify if files have been altered without comparing entire files. Common examples include MD5 and SHA-1.
Header
Additional information in a packet required by the protocol stack for processing.
Hijack Attack
An active wiretapping attack where an attacker takes control of an established communication session.
Honey Client (Honeymonkey)
An automated system that simulates user browsing to detect websites exploiting browser vulnerabilities.
Honey Pot
A decoy system or service designed to attract attackers and log their activities, providing early warning of potential attacks.
Hops
Each step or exchange with a gateway that a packet makes on its way to its destination.
Host
A computer with full two-way access to other computers on the Internet, or a system running a web server that serves website content.
Host-Based Intrusion Detection (Host-Based ID)
A security system that monitors operating system audit records on a host and compares activity against a predefined security policy. This can impose significant processing overhead.
HTTP Proxy
A server that acts as an intermediary between HTTP clients and servers.
HTTPS
A secure version of HTTP that uses encryption (typically SSL/TLS) to protect data transmitted between a browser and a web server.
Hub
A network device that repeats data received on one port to all other ports, broadcasting traffic to all connected devices.
Hybrid Attack
A password-cracking method that combines dictionary attacks with added numbers and symbols.
Hybrid Encryption
A cryptographic approach that combines symmetric and asymmetric encryption for secure communication.
Hyperlink
A clickable element (text or image) in hypertext or hypermedia that links to related information elsewhere.
Hypertext Markup Language (HTML)
A markup language used to structure and display content on web pages.
Hypertext Transfer Protocol (HTTP)
The protocol used to transfer hypertext documents across the Internet.
I-
ICT (Information and Communication Technology)
Technology used for managing and communicating information, including hardware, software, networks and systems.
Identity
The unique characteristics or details that define who a person is or what something is.
Incident
Any event that disrupts normal service operations, reduces service quality, or causes loss or corruption of information, potentially leading to a privacy or security breach.
Incident Handling
A structured plan for managing security events such as intrusions, cyber-theft, denial of service, or disasters. Typically includes six steps: Preparation, Identification, Containment, Eradication, Recovery and Lessons Learned.
Incident Response
A formal process for identifying, managing and mitigating cybersecurity incidents to minimise damage, restore operations and prevent recurrence.
Incremental Backups
Backups that only include files changed since the last backup, reducing storage and time requirements.
Inetd (xinetd)
An Internet daemon that manages smaller services like Telnet, FTP and POP.
Inference Attack
An attack where an adversary deduces sensitive information by logically connecting unrelated data points.
Information Assets
Any data or supporting resources that have value to an organisation, including systems, processes, people and physical documents.
Information Custodian
The person or group responsible for managing a set of information.
Information Owner
The person or group accountable for a set of information. They may delegate management responsibilities to an information custodian.
Information Security (InfoSec)
The practice of protecting information from unauthorised access, disclosure, alteration, destruction, or disruption.
Information Warfare
The strategic use of information to gain advantage, involving both offensive and defensive actions.
Ingress Filtering
Filtering inbound network traffic to prevent malicious or unauthorised packets from entering.
Input Validation Attacks
Attacks that exploit weaknesses in how applications validate user input, often by sending unexpected or malicious data.
Integrity
Ensuring information remains accurate, complete and unaltered except by authorised means.
Integrity Star Property
A security principle where a user cannot read data at a lower integrity level than their own.
Internet
A global network connecting multiple smaller networks, enabling worldwide communication and data exchange.
Internet Control Message Protocol (ICMP)
A protocol used to report errors and exchange status information within IP networks.
Internet Engineering Task Force (IETF)
An organisation that develops and maintains Internet standards, including protocols like TCP/IP.
Internet Message Access Protocol (IMAP)
A protocol for retrieving and managing email messages from a mail server, designed as an improvement over POP.
Internet Protocol (IP)
The fundamental protocol for sending data between computers on the Internet.
Internet Protocol Security (IPsec)
A standard for securing IP communications through encryption and authentication.
Internet Standard
A formally approved specification that is stable, widely implemented and recognised as useful across the Internet.
Interrupt
A signal that alerts the operating system to an event requiring immediate attention.
Intranet
A private network within an organisation, often based on Internet technologies, used for internal communication and collaboration.
Intrusion Detection System (IDS)
A system that monitors network or host activity to identify potential security breaches, including external attacks and internal misuse.
IP Address
A unique numerical identifier assigned to a device on a network, typically written as four numbers separated by dots (IPv4).
IP Flood
A denial-of-service attack that overwhelms a host with excessive ping requests.
IP Forwarding
An operating system feature that allows a device to act as a router by forwarding packets between networks.
IP Spoofing
The act of sending packets with a forged IP address to disguise the sender’s identity.
ISO (International Organization for Standardization)
A global body that develops and publishes international standards across various industries.
Issue-Specific Policy
A policy addressing a specific organisational need, such as password management.
ITU-T
The International Telecommunication Union’s standardisation sector, which publishes global telecommunications standards.
J-
Jitter
A variation or disturbance in data fields within a database while maintaining overall aggregate characteristics, often used for privacy or data masking.
Jump Bag
A pre-packed kit containing essential tools and resources for responding quickly to an incident, helping reduce delays in mitigation.
K-
Kerberos
A secure authentication protocol developed at MIT that uses passwords and symmetric encryption to provide ticket-based authentication and access control in client-server environments.
Kernel
The core component of an operating system responsible for managing system resources and providing essential services. It contrasts with the shell, which interacts with user commands. Commonly referenced in Unix and similar systems.
L-
Legacy System
An IT product (hardware, software, services, protocols, or systems) classified as ‘legacy’ when it meets both:
- Category A: Out of vendor/manufacturer support or considered end-of-life.
- Category B: Impractical to update, no longer cost-effective, poses unacceptable risk, offers limited business value, or obstructs agency IT strategies.
Likelihood
The probability of a risk event occurring.
Lattice Techniques
Access control methods that use security classifications to determine who can access specific information.
Layer 2 Forwarding Protocol (L2F)
A protocol (originally by Cisco) that tunnels PPP over IP to extend dial-up links across a network, initiated by the dial-up server and transparent to the user.
Layer 2 Tunneling Protocol (L2TP)
An extension of PPTP that enables Virtual Private Network (VPN) functionality over the Internet.
Least Privilege
A security principle that grants users or applications only the minimum permissions necessary to perform their tasks.
Legion
Software designed to detect unprotected network shares.
Lightweight Directory Access Protocol (LDAP)
A protocol for locating organisations, individuals and resources (such as files and devices) on a network, whether on the Internet or a corporate intranet.
Link State
A routing method where routers maintain information about all routers and links in an area to calculate optimal routes.
List-Based Access Control
An access control model that associates a list of users and their privileges with each object.
Loadable Kernel Modules (LKM)
Modules that allow additional functionality to be added to the operating system kernel while it is running.
Log Clipping
The selective removal of log entries to conceal evidence of compromise.
Logic Bombs
Malicious code that triggers when specific conditions occur, such as a date or event.
Logic Gate
A basic building block of digital circuits that processes binary inputs (0 or 1) to produce a binary output.
Loopback Address
The IP address 127.0.0.1, which refers to the local host and is never transmitted over a network.
M-
Malicious Insider
A current or former employee, contractor, or business partner who has legitimate access to an organisation’s systems or data and misuses that access to steal, damage, or sabotage. Any suspected malicious insider activity must be reported immediately to the appropriate authorities.
Malware
A broad term for software designed to harm systems, steal data, or gain unauthorised access. Common examples include viruses, worms, Trojans and ransomware.
Malicious Code
Software that appears to perform a useful function but executes harmful actions, such as compromising system security or tricking users into running malicious logic. Often classified as a type of malware.
Metadata
Information that describes other data, such as its structure, format, or context, helping to organise and manage data effectively.
Misconduct
Any breach of the public sector code of conduct or other inappropriate behaviour while employed in the public sector.
Mitigation
Actions or strategies implemented to reduce the likelihood or impact of risks, threats, or vulnerabilities.
Mobile Device
Portable, internet-enabled devices such as smartphones, tablets, laptops and removable storage media.
Multi-Factor Authentication (MFA)
An authentication approach requiring two or more independent credentials, typically combining “something you know” (password) and “something you have” (token or device).
MAC Address
A unique hardware identifier assigned to a network device for communication on a network.
Mandatory Access Control (MAC)
A security model where access to resources is enforced by system-defined policies based on classification levels. Users cannot override these controls.
Man-in-the-Middle Attack (MitM)
A cyberattack where an attacker intercepts and manipulates communication between two parties who believe they are communicating directly.
Masquerade Attack
An attack where an entity fraudulently assumes another identity to gain unauthorised access.
MD5
A widely used one-way cryptographic hash function for verifying data integrity. Often used alongside SHA-1.
Measures of Effectiveness (MOE)
A method for assessing the impact of actions in a given environment, commonly applied in information warfare to evaluate offensive or defensive capabilities.
Monoculture
A scenario where many users rely on the same software, creating widespread vulnerability to identical attacks.
Morris Worm
A computer worm released in 1988 by Robert T. Morris that disrupted thousands of systems on the ARPANET.
Multi-Cast
The process of sending data from one host to a defined group of hosts simultaneously.
Multi-Homed
A network configuration where a system is connected to two or more Internet Service Providers (ISPs) for redundancy or performance.
Multiplexing
Combining multiple signals into one stream for transmission over a single communication channel.
N-
National Institute of Standards and Technology (NIST)
A U.S. government agency under the Department of Commerce that develops and promotes measurement standards. Formerly known as the National Bureau of Standards, NIST also supports industry and science in adopting these standards.
Natural Disaster
An event caused by natural forces—such as fire, flood, earthquake, lightning, or severe wind—that disrupts or disables system components.
Netmask
A 32-bit value used to define the range of IP addresses within a network or subnet. For example, a Class C network mask is typically represented as 255.255.255.0.
Network Address Translation (NAT)
A process that translates IP addresses from one network to another, allowing internal (private) addresses to communicate with external (public) networks.
Network Mapping
The process of creating an electronic inventory of systems and services within a network.
Network Tap
A hardware device that connects to a network cable and duplicates traffic for monitoring or analysis without disrupting the original flow.
Network-Based Intrusion Detection System (NIDS)
A security system that monitors network traffic for suspicious activity by analysing packets on a specific network segment. Unlike host-based IDS, NIDS focuses on detecting attacks that occur over the network.
Non-Printable Character
Characters that do not have a visible representation, such as line feed (ASCII 10), carriage return (ASCII 13), or bell (ASCII 7). These are often inserted using special key combinations.
Non-Repudiation
A security principle ensuring that a sender cannot deny sending a message and that the message has not been altered.
Null Session
An unauthenticated network connection that allows anonymous users to access certain information, such as shared resources or usernames, often exploited for enumeration.
O-
Octet
A sequence of eight bits, equivalent to one byte.
One-Way Encryption
An irreversible process that converts plaintext into ciphertext, making it impossible to recover the original text without exhaustive methods—even if the encryption key is known.
One-Way Function
A mathematical function that is easy to compute in one direction but extremely difficult to reverse without brute-force methods.
Open Shortest Path First (OSPF)
A link-state routing protocol used within an autonomous system. It maintains a database of routers, their links, link costs and states to determine the shortest path for data transmission.
OSI (Open Systems Interconnection)
A reference model that defines how data should be transmitted between two points in a network. It consists of seven layers, each responsible for specific communication functions, providing a common framework for interoperability.
OSI Layers
The seven layers of the OSI model:
- Layer 7 – Application: Identifies communication partners, manages authentication and defines data syntax.
- Layer 6 – Presentation: Converts data formats for display or transmission.
- Layer 5 – Session: Establishes, manages and terminates communication sessions.
- Layer 4 – Transport: Ensures complete and error-free data transfer.
- Layer 3 – Network: Handles routing and forwarding of packets.
- Layer 2 – Data Link: Provides synchronization and error detection for physical transmission.
- Layer 1 – Physical: Transmits raw bit streams over physical media.
Overload
A condition where system performance is hindered due to excessive demand on its resources.
P-
Patching
The process of updating software to fix bugs, improve functionality, or enhance security.
Periodic
An event or action that occurs at regular, scheduled intervals.
Policy
A formal statement of principles or rules that guide activities to achieve organisational objectives.
Portable Device
A lightweight, easy-to-carry device capable of storing, transferring and accessing large volumes of data. Examples include smartphones, tablets, laptops and portable storage devices.
Position of Trust
A role within an organisation that involves elevated access to sensitive information or carries higher risk, often requiring additional screening or pre-employment checks.
Procurement
The process of sourcing and agreeing to terms for goods and services.
Protection
Measures or controls implemented to prevent or reduce the likelihood of compromise to people, information, or assets.
Protective Marking
A label that indicates the classification level and handling instructions for sensitive information.
Packet
A small unit of data transmitted over a packet-switched network, containing both the destination address and the data payload.
Packet-Switched Network
A network where data is broken into packets and each packet may take a different path to reach its destination.
Partitions
Logical divisions of physical disk space used for organising data storage.
Password Authentication Protocol (PAP)
A basic authentication method where passwords are transmitted across the network, often in plain text, making it insecure.
Password Cracking
The process of attempting to guess or recover passwords using various techniques.
Password Sniffing
Intercepting network traffic to capture passwords, typically through passive monitoring.
Payload
The actual application data carried within a packet.
Penetration
Gaining unauthorised access to sensitive data by bypassing system protections.
Penetration Testing
A controlled security test that simulates attacks to identify vulnerabilities in systems or networks.
Permutation
A cryptographic technique that rearranges characters within a message to obscure its meaning.
Personal Firewall
A firewall installed on an individual computer to monitor and control network traffic.
Pharming
Redirecting users from legitimate websites to fraudulent ones without their knowledge.
Phishing
Using deceptive emails or websites to trick users into revealing sensitive information, such as login credentials.
Ping of Death
An attack that sends oversized ICMP packets to crash or disrupt a target system.
Ping Scan
A technique used to identify active devices on a network by sending ICMP echo requests.
Ping Sweep
Sending ICMP echo requests to multiple IP addresses to discover live hosts.
Plaintext
Readable text before encryption or after decryption.
Point-to-Point Protocol (PPP)
A protocol for communication between two computers over a serial connection, often used for dial-up Internet access.
Point-to-Point Tunneling Protocol (PPTP)
A protocol that enables secure communication through encrypted tunnels over the Internet.
Poison Reverse
A routing technique that prevents loops by advertising unreachable routes with an infinite metric.
Polyinstantiation
A database feature that allows multiple records with the same key to prevent inference attacks.
Polymorphism
A technique used by malware to alter its code structure to evade detection.
Port
A numeric identifier for a communication endpoint on a device.
Port Scan
A method used to identify open ports on a system for potential exploitation.
Possession
The state of having control or the ability to use information.
Post Office Protocol Version 3 (POP3)
An email protocol that allows clients to retrieve messages from a mail server.
Practical Extraction and Reporting Language (Perl)
A scripting language widely used for text processing and system administration tasks.
Preamble
The initial portion of a data packet that contains control information for transmission.
Pretty Good Privacy (PGP)
A cryptographic program that provides encryption and authentication for email and other data.
Private Addressing
Reserved IP address ranges for private networks, as defined in RFC 1918 (e.g., 10.x.x.x, 172.16.x.x, 192.168.x.x).
Program Infector
Malware that attaches itself to executable files.
Program Policy
A high-level organisational policy that sets the overall direction for security practices.
Promiscuous Mode
A network mode where a device captures all packets on a network segment, regardless of destination.
Proprietary Information
Information unique to an organisation that provides a competitive advantage, such as trade secrets or customer data.
Protocol
A set of rules that define how data is transmitted and received across a network.
Protocol Stack (OSI)
A layered set of protocols that work together to enable network communication.
Proxy Server
An intermediary server that processes client requests and forwards them to other servers, often used for filtering or caching.
Public Key
The publicly available component of an asymmetric cryptographic key pair.
Public Key Encryption
An encryption method that uses a pair of keys—public and private—for secure communication.
Public Key Infrastructure (PKI)
A framework for managing digital certificates and public-key encryption.
Perfect Forward Secrecy (PFS)
A property of key exchange protocols ensuring that session keys remain secure even if long-term keys are compromised.
Q-
QAZ
A type of network worm that spreads across systems, typically exploiting vulnerabilities or weak configurations to propagate.
R-
Ransomware
A type of malware that encrypts files or locks systems, demanding payment (ransom) to restore access.
Reclassification
An administrative process to change the security classification of information after reassessing the potential impact of compromise.
Regular (Regularly)
An event or action that occurs at consistent intervals, typically defined by Standard Operating Procedures or a security schedule.
Resources
An organisation’s people, information and physical or digital assets.
Risk
The likelihood of a threat exploiting a vulnerability, resulting in potential harm or loss.
Risk Appetite
The level of risk an organisation is willing to accept. For example:
- Extreme/High Risk: Requires senior leadership action.
- Moderate Risk: Managed by the Security Committee.
- Low Risk: Handled by security management.
Risk Capacity
The maximum level of risk an organisation can tolerate while remaining operational.
Risk Profile
A summary of risks faced by an organisation or business unit, including mitigation strategies and risk ratings.
Risk Tolerance
The amount of residual risk an organisation is comfortable accepting after applying treatments.
Risk Treatment
Actions and resources applied to reduce the likelihood or impact of a security risk.
Risk-Based Approach
Prioritising mitigation measures based on the highest areas of risk.
Ruling
A mandatory interpretation or application of security policy that all agencies must follow.
Race Condition
A vulnerability that occurs when two processes attempt to access shared resources simultaneously, creating a timing gap that can be exploited.
Radiation Monitoring
Intercepting data, images, or audio from unprotected sources by detecting electromagnetic emissions.
Reconnaissance
The initial phase of an attack where adversaries gather information, map networks and identify vulnerabilities.
Reflexive ACLs (Cisco)
Access control lists that enable Cisco routers to filter traffic based on whether connections are part of established sessions, similar to stateful firewalls.
Registry
A central database in Windows operating systems that stores configuration settings and system information.
Regression Analysis
Testing software with predefined scripts to validate expected behaviour after updates. Often used before releasing new versions. Related to fuzzing.
Request for Comment (RFC)
A formal document series that defines Internet standards and protocols, managed by the Internet Engineering Task Force (IETF).
Resource Exhaustion
An attack that consumes system resources, making them unavailable for legitimate users.
Response
Information or action provided in reaction to a stimulus or event.
Reverse Address Resolution Protocol (RARP)
A protocol that allows a device to obtain its IP address from a gateway using its MAC address.
Reverse Engineering
Analysing and disassembling a system or component to understand its design or extract sensitive information.
Reverse Lookup
Using an IP address to find the corresponding domain name.
Reverse Proxy
A server that receives public requests and forwards them to internal servers, often used for load balancing and security.
Risk Assessment
The process of identifying risks and evaluating their potential impact.
Risk Averse
Avoiding risk even at the cost of losing opportunities, such as choosing a more expensive but secure communication method.
Rivest-Shamir-Adleman (RSA)
A widely used algorithm for asymmetric encryption, developed in 1977.
Role-Based Access Control (RBAC)
An access control model that assigns permissions based on user roles within an organisation.
Root
The administrator account in Unix systems with full system privileges.
Rootkit
A collection of tools used by attackers to hide intrusions and maintain privileged access.
Router
A network device that forwards data between networks based on IP addresses.
Routing Information Protocol (RIP)
A distance-vector routing protocol that uses hop count as its metric.
Routing Loop
A misconfiguration where packets circulate endlessly between routers.
RPC Scans
Scanning systems to identify active Remote Procedure Call (RPC) services.
Rule Set-Based Access Control (RSBAC)
An access control model that applies rules to determine actions on objects by entities.
S-
S Glossary (Rephrased & Unique)
Screening
The process of assessing an individual’s suitability for a role, often involving background checks and security vetting.
Security Adviser
A professional who provides expert guidance on implementing and maintaining security measures.
Security Assessor
An individual responsible for evaluating the effectiveness of security controls and compliance with standards.
Security Classified
Information assigned a classification level based on sensitivity and potential impact if compromised.
Security Domains
Distinct areas within an organisation’s IT environment that enforce specific security policies.
Security Maturity
A measure of how advanced and effective an organisation’s security practices are.
Security Plan
A documented strategy outlining security objectives, controls and responsibilities.
Security Risk
The potential for harm or loss resulting from a threat exploiting a vulnerability.
Security Zone
A designated physical or logical area with defined security measures to protect resources and assets.
Sender Policy Framework (SPF)
An email authentication protocol that detects forged sender addresses during email delivery.
Senior Leadership
Executives responsible for strategic decisions, including risk and security governance.
Social Engineering
Manipulating individuals through deception or psychological tactics to gain unauthorised access.
Standard
A documented set of rules or specifications ensuring consistency and compliance.
Strategy
A long-term plan designed to achieve specific organisational goals.
Supplier
An external entity providing goods or services to an organisation.
Supplier Access
Permissions granted to suppliers for accessing systems or facilities.
Suppliers Handling Data
Third-party providers responsible for managing or processing organisational data.
S/Key
A one-time password system that enhances authentication security.
Safety
Measures taken to protect individuals and assets from harm.
SANS
SysAdmin, Audit, Network, Security—a leading organisation providing cybersecurity training and research.
Scavenging
Recovering residual data from storage or memory to gain unauthorised access.
Secure Electronic Transactions (SET)
A protocol designed to secure online payment transactions.
Secure Shell (SSH)
A protocol for securely logging into remote systems, executing commands and transferring files.
Secure Sockets Layer (SSL)
A cryptographic protocol that provides secure communication over the Internet (largely replaced by TLS).
Security Policy
A formal document outlining rules and practices for protecting organisational assets.
Segment
A portion of data transmitted over a network, commonly associated with TCP packets.
Sensitive Information
Data that requires protection due to its potential impact if disclosed or altered.
Separation of Duties
A security principle that divides responsibilities among individuals to reduce fraud or error.
Server
A system that provides services or resources to client devices over a network.
Session
A temporary communication link between two systems for data exchange.
Session Hijacking
An attack where an adversary takes control of an active session between two parties.
Session Key
A temporary encryption key used for securing a single communication session.
SHA-1
A cryptographic hash function used for data integrity verification (now considered weak).
Shadow Password Files
System files that store encrypted passwords to prevent unauthorised access.
Share
A resource made available on a network, such as a file directory or printer.
Shell
A command-line interface that allows users to interact with the operating system.
Signals Analysis
Monitoring and analysing emitted signals to infer sensitive information.
Signature
A unique pattern in network traffic or files used to identify specific malware or exploits.
Simple Integrity Property
A rule stating that a user cannot write data to a higher integrity level than their own.
Simple Network Management Protocol (SNMP)
A protocol for monitoring and managing network devices.
Simple Security Property
A rule stating that a user cannot read data at a higher classification level than their own.
Smartcard
A physical card with embedded chips or magnetic strips used for secure authentication.
Smishing
A phishing attack delivered via SMS messages.
Smurf Attack
A denial-of-service attack that floods a target with ICMP packets using spoofed source addresses.
Sniffer
A tool that captures and analyses network traffic.
Sniffing
The act of monitoring network traffic, often for malicious purposes.
Socket
An endpoint for network communication, defined by an IP address and port number.
Socket Pair
A combination of source and destination IP addresses and ports that uniquely identifies a network connection.
SOCKS
A protocol that facilitates communication through a proxy server.
Software
Programs and associated data that run on computer hardware.
Source Port
The port number used by a client device to initiate a network connection.
Spam
Unsolicited or unwanted electronic messages, often sent in bulk.
Spanning Port
A switch configuration that mirrors traffic from one port to another for monitoring purposes.
Split Horizon
A routing technique that prevents loops by not advertising routes back to the source.
Split Key
A cryptographic key divided into multiple parts, each of which is useless on its own.
Spoofing
Impersonating a trusted entity to gain unauthorised access or deliver malicious content.
SQL Injection
An attack that manipulates database queries by injecting malicious SQL code.
Stack Mashing
Exploiting buffer overflows to execute arbitrary code.
Standard ACLs (Cisco)
Access control lists that filter traffic based solely on source IP addresses.
Star Property
A rule stating that a user cannot write data to a lower classification level without proper clearance.
State Machine
A system that transitions through defined states based on inputs and conditions.
Stateful Inspection
A firewall technique that tracks the state of active connections to make filtering decisions.
Static Host Tables
Text files mapping hostnames to IP addresses.
Static Routing
Routing that uses fixed paths defined manually by administrators.
Stealthing
Techniques used by malware to hide its presence on a system.
Steganalysis
Detecting and defeating hidden messages embedded using steganography.
Steganography
Concealing the existence of a message within another medium, such as an image or audio file.
Stimulus
Network traffic that initiates a connection or triggers a response.
Store-and-Forward
A switching method where the entire packet is read and verified before forwarding.
Straight-Through Cable
A network cable where pins are wired in the same order on both ends, typically used for connecting different device types.
Stream Cipher
An encryption method that processes data one bit or byte at a time.
Strong Star Property
A rule stating that a user cannot write data to higher or lower classification levels than their own.
Subnetwork
A smaller, identifiable segment of a larger network.
Subnet Mask
A value that defines the size of a network and its available IP addresses.
Switch
A network device that forwards data only to the intended recipient based on MAC addresses.
Switched Network
A network that uses switches to direct traffic efficiently.
Symbolic Links
Special files that point to another file or directory.
Symmetric Cryptography
An encryption method that uses the same key for both encryption and decryption.
Symmetric Key
A cryptographic key used in symmetric encryption algorithms.
SYN Flood
A denial-of-service attack that overwhelms a system with TCP connection requests.
Synchronization
A signal pattern used to indicate the start of a data frame in network communication.
Syslog
A standard logging facility for Unix systems.
System Security Officer (SSO)
An individual responsible for enforcing and managing system security policies.
System-Specific Policy
A policy tailored for a specific system or device.
T-
T1, T3
Digital circuits that use Time-Division Multiplexing (TDM) for high-speed data transmission.
Tamper
Deliberately altering system logic, data, or control information to make it perform unauthorised actions.
TCP Fingerprinting
A technique that uses unusual packet header combinations to identify the operating system of a remote host.
TCP Full Open Scan
A port scanning method that completes the full three-way TCP handshake to determine if a port is open.
TCP Half Open Scan
A stealth scanning technique that initiates but does not complete the TCP handshake, used to detect open ports.
TCP Wrapper
A tool that restricts access to network services based on source IP and monitors incoming traffic.
TCP/IP
The foundational Internet protocol suite combining Transmission Control Protocol (TCP) and Internet Protocol (IP) for reliable communication.
TCPDump
A Unix-based packet analyser that captures and displays network traffic for troubleshooting.
TELNET
An Internet protocol for remote login and command execution over TCP.
Threat
Any circumstance or event with the potential to breach security and cause harm.
Threat Assessment
The process of identifying and evaluating potential threats to an organisation.
Threat Model
A structured representation of threats, vulnerabilities and potential impacts on a system.
Threat Vector
The method or pathway a threat uses to reach its target.
Time to Live (TTL)
A value in an IP packet that limits its lifespan in the network, preventing endless circulation.
Tiny Fragment Attack
An attack that uses abnormally small IP fragments to bypass filtering rules by splitting header fields across multiple fragments.
Token Ring
A LAN topology where devices are connected in a ring and use token-passing to prevent data collisions.
Token-Based Access Control
An access control method that associates privileges with tokens assigned to users.
Token-Based Devices
Authentication devices that generate time-based one-time passwords for secure login.
Topology
The physical or logical arrangement of network elements, such as bus, star, or ring configurations.
Traceroute
A diagnostic tool that maps the path packets take from a source to a destination across a network.
Transmission Control Protocol (TCP)
A protocol that ensures reliable, ordered delivery of data packets between systems over IP networks.
Transport Layer Security (TLS)
A cryptographic protocol that secures communication between applications and users, replacing SSL.
Triple DES (3DES)
An encryption algorithm that applies the Data Encryption Standard three times for enhanced security.
Triple-Wrapped
In S/MIME, data that is signed, encrypted and signed again for maximum integrity and confidentiality.
Trojan Horse
A malicious program disguised as legitimate software, often used to bypass security controls.
Trunking
Connecting network switches to share VLAN information and enable efficient traffic management.
Trust
The level of permissions and actions allowed between systems or users.
Trusted Ports
Ports numbered below 1024, typically reserved for privileged processes.
Tunnel
A secure communication channel created by encapsulating one protocol within another, often used for VPNs.
U-
User
Any person, organisational entity, or automated process that accesses ICT resources, whether authorised or not.
UDP Scan
A scanning technique used to identify open UDP ports on a target system.
Unicast
A one-to-one communication method where data is sent from one host directly to another.
Uniform Resource Identifier (URI)
A generic term for all types of names and addresses that identify resources on the web.
Uniform Resource Locator (URL)
The global address of resources on the web, specifying the protocol and location (e.g., https://example.com).
Unix
A multi-user, multitasking operating system developed in the early 1970s at Bell Labs, widely used for its flexibility and stability.
Unprotected Share
A shared resource (such as a file system or printer) that lacks proper access controls, allowing anyone to connect.
User Contingency Plan
Alternative methods for continuing business operations if IT systems become unavailable.
User Datagram Protocol (UDP)
A lightweight communication protocol that runs on top of IP. Unlike TCP, UDP provides minimal error checking and is commonly used for broadcasting and real-time applications.
V-
Value
The importance assigned to information based on the potential impact of its compromise, which may include financial loss and other consequences.
Visitor
A person who is not a regular employee but is granted temporary access to an organization’s facilities.
Vulnerability
- The level of exposure an organization has to risks and threats.
OR
- A flaw in a system’s design, implementation, or operation that could be exploited—intentionally or accidentally, resulting in a breach of security policies.
Virtual Private Network (VPN)
A secure, virtual network built over a public network (such as the Internet) using encryption and tunneling techniques. VPNs allow organizations to connect multiple sites or remote users securely, typically at a lower cost than dedicated private networks.
Virus
A self-replicating piece of malicious software that attaches to legitimate programs. It activates only when the host program runs and can spread to other systems, often causing damage or data corruption.
Vishing (Voice or VoIP Phishing)
A phishing attack carried out through voice calls, using traditional phone systems or VoIP—to trick individuals into revealing sensitive information.
Voice Firewall
A security control for voice networks that monitors and manages call traffic based on predefined policies, helping prevent unauthorized access and voice-related threats.
Voice Intrusion Prevention System (Voice IPS)
A proactive security system for voice networks that detects and blocks suspicious call patterns or attack signatures, preventing fraud, denial-of-service attacks and other telecom abuses.
W–
War Chalking
The practice of marking public areas, often sidewalks, with symbols to indicate the presence of accessible wireless networks.
War Dialer
A program that automatically dials a range of phone numbers to identify lines connected to computer systems, creating a list for potential unauthorized access attempts.
War Dialing
A technique used to locate modems within a telephone network that may be vulnerable, often as a way to bypass perimeter security.
War Driving
The act of traveling through areas to detect wireless access points that can provide network connectivity.
Web of Trust
A decentralized trust model where confidence in digital signatures grows as users trust others’ signatures and the networks of trust they establish.
Web Server
Software running on an Internet-connected host that responds to HTTP requests from client browsers, delivering web content.
WHOIS
An Internet protocol used to query databases for information about domain names, IP addresses and network resources.
Windowing
A graphical system that allows multiple applications to share a computer’s display simultaneously. It uses a window manager to track the position, size and state of each window, enabling multitasking and interaction without restarting applications.
Windump
A free Windows-based protocol analyzer that captures and monitors network traffic for analysis.
Wired Equivalent Privacy (WEP)
A security protocol defined by IEEE 802.11b for wireless LANs, designed to provide data confidentiality comparable to wired networks.
Wireless Application Protocol (WAP)
A set of communication standards enabling wireless devices—such as mobile phones—to access Internet services like email, web browsing and messaging.
Wiretapping
The interception and recording of data transmitted between two points in a communication system.
World Wide Web (WWW)
A global collection of hypermedia resources and services accessible via the Internet, typically through browsers using HTTP and related protocols.
Worm
A self-contained program that replicates itself across networks without user intervention, often consuming resources and potentially causing damage.
Z-
Zone
A defined physical area or workspace where official information is created, accessed, processed and stored. (See also: security zone, zoning.)
Zoning
The method of assigning security zones and applying the necessary controls to safeguard information and systems.
Zero Day
The point in time when a new vulnerability becomes publicly known. A “zero-day” exploit refers to an attack that occurs before a patch or fix is available.
Zero-Day Attack
An attack that targets a previously unknown or undisclosed vulnerability in software or hardware, often before the vendor or public is aware of the issue.
Zero-Day Exploit
Malicious code or techniques that leverage an unpatched vulnerability in software, hardware, or firmware, allowing attackers to compromise systems.
Zombies
Computers infected with malware and remotely controlled by attackers, typically as part of a botnet. These compromised machines perform malicious tasks without the owner’s knowledge.