Cyber Security NSW Lexicon

Glossary

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

access control

The process of granting or denying requests for access to information and systems. Can also refer to the process of granting or denying requests to enter facilities.

ACSC

Australian Cyber Security Centre

active defence

The principle of implementing a spectrum of dynamic security measures to strengthen a network or system to make it more robust against attack. Active defence is separate from offensive cyber operations, as well as passive defence or network hardening. 

Advanced Persistent Threat (APT)

A label given to a set of malicious cyber activity with common characteristics, often orchestrated by a person or persons targeting specific entities over an extended period. An APT usually targets either private organisations, states or both for business or political motives.

adware

A program that displays advertisements that can be installed legitimately as a part of another application or service, or illegitimately without the consent of the system user.

air gap

A network security measure employed on one or more computers to ensure that a secure computer network is physically isolated from unsecured networks, such as the public Internet or an unsecured local area network.

A network security technique where the interface of a system is physically isolated from other networks.

antivirus

Software that is designed to detect, stop and remove viruses and other kinds of malicious software.

application whitelisting

An approach in which only an explicitly defined set of applications are permitted to execute on a system.

artificial intelligence

Artificial intelligence is the simulation of intelligence processes by machines, especially computer systems. These processes include learning (the acquisition of information and rules for using the information), reasoning (using the rules to reach approximate or definite conclusions), and self-correction. Particular applications of AI include threat identification, expert systems, speech recognition and machine vision.

attack surface

The aggregated ways in which an adversary can target, compromise and potentially cause damage to a system or network. The greater the attack surface the greater the chances are of an adversary finding an exploitable vulnerability.

attribution

The process of assessing the source, perpetrator or sponsor of malicious activity. Statements of attribution often use probabilistic language and indicate the level of confidence in the assessment.

authentication

Verifying the identity of a user, process or device as a prerequisite to allowing access to resources in a system.

authorisation

The process of defining or verifying permission for a specific identity or device to access or use resources in a system

back door

A feature or defect of a computer system that allows access to it, that bypasses its functional security controls.

big data

Large amounts of structured and unstructured data that exceeds the ability of commonly used software tools to capture, manage and process. Big data requires techniques and technologies with new forms of integration to reveal insights from datasets that are diverse, complex, and of a massive scale.

bitcoin

A brand of cryptocurrency, (see definition cryptocurrency).

Black Hat

A hacker who engages in unlawful or unsanctioned hacking activities.

blockchain

A distributed database that maintains a continuously growing list of records, called blocks, secured from tampering and revision. Each block contains a timestamp and a link to a previous block. By design, blockchains are inherently resistant to modification of the data — once recorded, the data in a block cannot be altered retroactively.

bot

A program that performs automated tasks. In a cyber security context, a malware-infected computer that carries out tasks set by someone other than the device's legitimate user. Short for ‘robot’.

botnet

A collection of computers or devices infected by bots, remotely controlled by an actor to conduct malicious activities without the user's knowledge, such as to send spam, spread malware, conduct denial of service activities or steal data.

breach (data)

When data is lost or subjected to unauthorised access, modification, disclosure, or other misuse or interference. Also referred to as a ‘Data Spill’.

breach (security)

An incident that results in unauthorised access to, modification or disruption of data, applications, services, networks and/or devices by bypassing their underlying security mechanisms.

bring your own device (BYOD)

Staff owned computing devices used for work purposes, as compared to ones issued by the employer. These devices connect to and utilise the organisations’ network, data and resources.

browser

A software application for retrieving, presenting and traversing information resources on the world wide web. Short for ‘Web Browser’.

brute force

An access control breaching technique that uses an automated process to determine a cryptographic key or password by systematically trying all alternatives until it discovers the correct one. This process is often supported by the use of known, or typically used credentials, and predefined key hashes.

bug

A flaw or error in a software program.

CIO

Chief Information Officer

CISO

Chief Information Security Officer

click fraud

Using a compromised computer to click ads on a website without the user’s awareness, with the intention of generating revenue for the website, or draining resources from the advertiser.

cloud computing

A service model that enables network access to a shared pool of computing resources such as data storage, servers, software applications and services.

cluster

(also lead cluster department or department)

Officially defined as Departments in Government Sector Employment Act 2013 Schedule 1 clusters are the ten groups into which NSW Government agencies are organised to enhance coordination and provision of related services and policy development.

compromise

An introduced vulnerability or loss of trust in the integrity of a system and data resulting from unauthorised access, violation of policy, or disclosure of information

computer

A programmable electronic device designed to accept data, perform prescribed mathematical and logical operations at high speed, and display the results of these operations.

computer network

Two or more interconnected devices that can exchange data.

cookie

A small text file that is transmitted by a website and stored in the user's web browser, used to identify the user and prepare customised webpages. A cookie can be used to track a user’s activity while browsing the internet.

credential harvesting

The use of social engineering techniques, digital scamming and malware to steal credentials. Also known as password harvesting.

critical infrastructure

Those physical facilities, supply chains, information technologies and communication networks which, if destroyed, degraded or rendered unavailable for an extended period, would significantly impact the social or economic wellbeing of the nation or affect Australia’s ability to conduct national defence and ensure national security (Security of Critical Infrastructure Act 2018).

Cross domain solution

A system capable of implementing comprehensive data flow security policies with a high level of trust between two or more differing security domains.

Crown jewels

The most valuable or operationally vital systems or information in an organisation.

Cryptocurrency

A digital currency and payment system underpinned by blockchain and encryption technologies. They can be used for online purchases or converted into official currency. It currently (2019) exists as an informal type of currency, not underwritten nor issued by nation-state reserve banks.

Cryptography

The practice and study of techniques for securing communications in which plaintext data is converted through a cipher into ciphertext, from which the original data cannot be recovered without the cryptographic key.

CSMS

A Cyber Security Management System is a management system focused on cyber security of control systems rather than information.

Cyber adversary

An individual or organisation (including state-sponsored) that conducts malicious activity including cyber espionage, crime or attack.

Cyber attack

A deliberate act through cyberspace to manipulate, disrupt, deny, degrade or destroy computers or networks, or the information resident on them, with the effect of seriously compromising national security, stability or economic prosperity.

Cyber crime

Crimes directed at computers, such as illegally modifying electronic data or seeking a ransom to unlock a computer affected by malicious software. It also includes crimes where computers facilitate an existing offence, such as online fraud or online child sex offences

cyber crisis

Major disruptions to services and operations, with genuine risks to critical infrastructure and services, with risks to the safety of citizens and businesses. Intense media interest, large demands on resources and critical services.

Cyber defence

Defensive activity designed to protect information and systems against offensive cyber operations.

Cyber espionage

Malicious activity designed to covertly collect information from an adversary’s computer systems for intelligence purposes without causing damage to those systems. Can be conducted by state or non-state entities and can also include theft for commercial advantage.

Cyber incident

An occurrence or activity that may threaten the confidentiality, integrity or availability of a system or the information stored, processed or communicated by it.

Cyber operations

Offensive and defensive activities designed to achieve effects in or through cyberspace.

Cyber security

 

All measures used to protect systems, and information processed, stored or communicated on such systems, from compromise of confidentiality, integrity and availability.

Cyber event

An identified occurrence of a system, service or network state indicating a possible breach of security policy or failure of safeguards.

Cyber Security Incident Reporting Scheme

A scheme established by the ACSC to collect information on cyber security incidents.

Cyber warfare

The use of computer technology to disrupt the activities of a state or organisation, especially the deliberate disruption, manipulation or destruction of information systems for strategic, political or military purposes.

Cyberspace

The environment formed by physical and non-physical components to store, modify, and exchange data using computer networks.

Dark web

The dark web is made up of sites that are not indexed by search engines and are only accessible through specialty networks such as The Onion Router (ToR). Often, the dark web is used by website operators who want to remain anonymous.

Data

The basic element that can be processed or produced by a computer to convey information.

Data breach

When data is lost or subjected to unauthorised access, modification, disclosure, or other misuse or interference. Also referred to as a ‘spill’.

Data spill

When data is lost or subjected to unauthorised access, modification, disclosure, or other misuse or interference. Also referred to as a ‘breach’.

Decryption

The decoding of encrypted messages.

Deep web

The part of the Internet that is not indexed by search engines. This can typically include: private networks, intranets and databases. Although they are connected to the Internet, they are access controlled.

Defence in depth

The implementation of multiple layers of security controls in a system to provide redundancy and resilience in the event a security control failure or a vulnerability is exploited.

Denial of service (DoS)

When legitimate users are denied access to computer services (or resources), usually by overloading the service with requests.

Digital certificate

An electronic document used to identify an individual, a system, a server, a company, or some other entity, and to associate a public key with the entity. A digital certificate is issued by a certification authority and is digitally signed by that authority.

Digital footprint

The unique set of traceable activities, actions, contributions and communications that are manifested on the Internet or on digital devices.

Digital signature

A cryptographic process that allows the proof of the source (with non-repudiation) and the verification of the integrity of that data.

Distributed denial of service (DdoS)

A denial-of-service (DoS) where the source is comprised of multiple unique IP addresses used to flood the bandwidth or resources of a targeted system or network.

Domain

In the Internet, a part of a naming hierarchy in which the domain name consists of a sequence of names (labels) separated by periods (dots).

Note: There are multiple other technical and communications-related definitions for ‘domain’.

Domain name system (DNS)

The naming system that translates domain names into IP addresses

domain verification

When you are checked and verified as the legitimate owner of a domain in order to add or change a service (such as a website) on that domain.

Downloader

A type of trojan that downloads other malware onto your PC. The downloader needs to connect to the Internet to download the files.

Doxing

Obtaining and publishing private or personally identifiable information about an individual over the internet for malicious purposes. Information can be obtained through a range of methods including network compromise, social engineering, data breaches, or research.

Drive by download

The unintended – automatic or accidental – download of malware from the Internet.

Driver

Software that interfaces a hardware device with an operating system.

Dropper

A type of trojan that installs other malware files onto your PC. The other malware is included within the trojan file and does not require connection to the internet.

email fraud

Intentional deception made for personal gain or to damage another individual through email. Almost as soon as email became widely used, it began to be used as a means to defraud people.

emanation security

The counter-measures employed to reduce classified emanations from a facility and its systems to an acceptable level. Emanations can be in the form of Radio Frequency (RF) energy, sound waves or optical signals.

encryption

The conversion of electronic plaintext data into unreadable ciphertext using algorithms. Encryption protects the confidentially of data at rest and in transit. Both encryption and decryption are functions of cryptography.

end to end encryption

A method of secure communication where only the communicating users can read data transferred from one end system or device to another.

endpoint security

A methodology of protecting a network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats.

executable

A file that causes a computer to perform indicated tasks according to encoded instructions.

exploit

A piece of code or method that exploits bugs or vulnerabilities in software, hardware or security controls to gain access, or compromise, a system or network.

firewall

A network device that filters incoming and outgoing network data based on a series of rules.

firmware

Software embedded in a hardware device that contains low level programs that allow the device to function.

gateway

A network point that acts as an entrance to another network.

GCISO

Government Chief Information Security Officer

Grey Hat

A hacker or computer security expert who may sometimes violate laws or typical ethical standards, but may not have the malicious intent typical of a black hat hacker.

hack

The unauthorised exploitation of weaknesses in a computer system or network.

hacker

A computer expert that can gain unauthorised access to computer systems. Hacker is an agnostic term and a hacker does not necessarily have malicious intent.

hacktivist

A civilian hacker whose motivation is political, religious, or ideological, as opposed to criminal or opportunistic. Can also include those who use the Internet in innovative ways to promote their cause, but not necessarily having any element of compromising the security of the system used, or breach of the Crimes Act (1901), pertaining to misuse of computers.

This also excludes those actors who are part of state-sponsored or militant groups.

hardware

A generic term for ICT equipment.

honeypot

A computer system designed specifically to attract potential malicious actors in order to inform the development of defensive measures and responses.

HTTPS

Hypertext Transfer Protocol, with the "S" for "Secure." The Hypertext Transfer Protocol (HTTP) is the basic framework that controls how data is transferred across the web, while HTTPS adds a layer of encryption for additional security.

IACS

Industrial Automation and Control Systems, also referred to as Industrial Control System (ICS), include “control systems used in manufacturing and processing plants and facilities, building environmental control systems, geographically dispersed operations such as utilities (i.e., electricity, gas, and water), pipelines and petroleum production and distribution facilities, and other industries and applications such as transportation networks, that use automated or remotely controlled or monitored assets.” (IEC/TS 62443-1-1 Ed 1.0)

ICT

Information and Communications Technology, also referred to as Information Technology (IT), includes software, hardware, network, infrastructure, devices and systems that enable the digital use and management of information and the interaction between people in a digital environment.

ICT system

A related set of hardware and software used for the processing, storage or communication of information and the governance framework in which it operates.

impersonation

A social engineering or programming method by which a target is fooled into believing the impersonator is a trusted identity in order to gain access or information

in the wild

Describes malware found in operation on the internet that infects and affects users' computers. This is opposed to malware seen only in internal test environments or malware collections.

industrial control system (ICS)

A collective term describing control systems and associated instrumentation used to efficiently operate and/or automate industrial processes. ICS include supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other smaller control system configurations such as programmable logic controllers (PLC).

information communications technology (ICT) equipment

Any device that can process, store or communicate electronic information —for example, computers, multifunction devices and copiers, landline and mobile phones, digital cameras, electronic storage media, IoT and other devices such as radio.

information security

The protection of information and information systems from unauthorised access, use, disclosure, disruption, modification or destruction in order to provide confidentiality, integrity and availability.

internet

The global system of interconnected computer networks that use standardised communication protocols to link devices and provide a variety of information and communication facilities.

internet of things (IoT)

The network of physical objects, devices, vehicles, buildings and other items which are embedded with electronics, software, sensors, and network connectivity, which enables these objects to connect to the internet (or private network) and collect and exchange data.

internet service provider (ISP)

A company that provides subscribers with access to the Internet.

iOS

A mobile operating system created and developed by Apple, designed primarily for mobile devices such as tablets and smartphones.

IoT

The Internet of Things (IoT) refers to the inter-connection of many devices and objects utilising internet protocols that can occur with or without the active involvement of individuals using the devices. The IoT is the aggregation of many machine-to-machine (M2M) connections.

ISMS

An Information Security Management System “consists of the policies, procedures, guidelines, and associated resources and activities, collectively managed by an organisation, in the pursuit of protecting its information assets. An ISMS is a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organisation’s information security to achieve business objectives” (ISO/IEC 27000:2018).

keylogger

Software that records which keys you press. Also known as keystroke logging.

local area network (LAN)

A computer network that interconnects devices within a limited area such as a residence, school, laboratory, or office building.

machine learning

A type of artificial intelligence (AI) that allows software applications to become more accurate in predicting outcomes without being explicitly programmed. The basic premise of machine learning is to build algorithms that can receive input data and use statistical analysis to predict an output value within an acceptable range.

macro

An instruction that causes the execution of a predefined sequence of instructions.

malvertising

The use of online advertising to spread malware. Malvertising involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and webpages.

malware

Malicious software used to gain unauthorised access to computers, steal information and disrupt or disable networks. Types of malware include trojans, viruses and worms.

man-in-the-middle (MITM)

A form of malicious activity where the attacker secretly accesses, relays, and possibly alters the communication between two parties who believe they are communicating directly with each other.

media

A generic term for hardware, often portable in nature, which is used to store information.

metadata

Information that describes data. This can include how the data was created, the time and date of creation, the author of the data and the location on a network where the data was created.

mobile device

A portable computing or communications device with information storage capability that can be used from a non–fixed location. Mobile devices include mobile phones, smartphones, portable electronic devices, personal digital assistants, laptops, netbooks, tablet computers and other portable Internet–connected devices (ISM).

multi-factor authentication

A method of computer access control in which a user is granted access only after successfully presenting several separate pieces of evidence to an authentication mechanism – typically at least two of the following categories: knowledge (something they know), possession (something they have), and inherence (something they are).

multifunction devices

ICT equipment that combines printing, scanning, copying, faxing or voice messaging functionality in the one device. These devices are often designed to connect to computer and telephone networks simultaneously.

network

Two or more computer systems linked together

network device

ICT equipment designed to facilitate the communication of information.

offensive cyber operations (OCO)

Activities in cyberspace that manipulate, deny, disrupt, degrade or destroy targeted computers, information systems, or networks.

operating system

System software that manages hardware and software resources and provides common services for executing various applications on a computer.

PABX

A Private Automatic Branch Exchange is an automatic telephone switching system within a private enterprise.

passive defence

Security measures that are applied within a network and require limited human interaction. Passive defence includes logging and monitoring mechanisms, and implementation of tools and processes to harden networks including firewalls, application whitelisting, patching procedures and antivirus software.

patch

An update to firmware or software to fix software bugs, improve security and/or enhance functionality.

payload

Part of digitally transmitted data that is the fundamental purpose of the transmission. In the cyber-security context, normally the part of a malware program that performs a malicious action.

penetration testing

A method of evaluating the security of an ICT system by seeking to identify and exploit vulnerabilities to gain access to systems and data. Also called a ‘pentest’.

personally identifiable Information (PII)

Information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.

phishing

A digital form of social engineering that uses authentic-looking, but fake, e-mails to request information from users or direct them to a fake Web site information.  Phishing seeks to trick someone to install malware or divulge sensitive information.  Vishing (Voice Phishing) is a phone-based variant. Spear phishing and whaling attacks are highly personalised variants.

polymorphic

Describes malware that can change parts of its code in order to avoid detection by security software.

Public Service agency

Section 3 of the Government Sector Employment Act defines a Public Service agency as:

  • a Department (listed in Part 1 of Schedule 1 to the Act), or
  • a Public Service executive agency (being an agency related to a Department), or
  • a separate Public Service agency.

ransomware

Malicious software that makes data or systems unusable until the victim makes a payment.

remote access tool (RAT)

A software administration tool or program that can be used by a hacker to remotely gain access and control of an infected machine.

resilience

The capacity to withstand or recover quickly from difficulties.

risk appetite

“Amount and type of risk that an organisation is willing to pursue or retain.” (ISO/Guide 73:2009)

risk tolerance

“Organisation’s or stakeholder’s readiness to bear the risk, after risk treatment, in order to achieve its objectives.” (ISO/Guide 73:2009)

rootkit

Software designed to hide itself and other malware from detection while it makes changes to a computer.

router

A networking device that forwards data packets between computer networks.

sandbox

A virtual space in which new, untrusted or untested software or coding can be run safely without risking harm to the hosting computer.

script (malware)

A type of malware written using a scripting language. Common forms of scripting language include JavaScript, HTML, Visual Basic Script, PowerShell, Perl, Python and Shell Scripting.

script kiddie

A derisive term used to describe an unskilled individual that uses existing computer scripts or programs to hack computers, networks or websites, lacking the expertise to write their own.

SDLC

The System Development Life Cycle is the “scope of activities associated with a system, encompassing the system’s initiation, development and acquisition, implementation, operation and maintenance, and ultimately its disposal”. (NIST SP 800-137)

secure-by-design

An approach to software and hardware development that tries to minimise vulnerabilities by designing from the foundation to be secure and taking malicious practices for granted.

See ‘Black Hat’, ‘Grey Hat’, and ‘White Hat’

An ethical computer hacker, or a computer security expert, who specialises in penetration testing and in other testing methodologies to legally and legitimately ensure the security of an organisation's information systems. See also ‘Black Hat’ and ‘Grey Hat’.

server

A computer that provides services to users or other systems. For example, a file server, email server or database server.

shell

The program that gives your commands to your computer's operating system.

signature

A distinct pattern in network traffic that can be identified to a specific tool or exploit. Signatures are used by security software to determine if a file has been previously determined to be malicious or not

significant cyber incident

Significant impact to services, information, assets, NSW Government reputation, relationships and disruption to activities of NSW business and/or citizens. Multiple NSW Government agencies, their operations and/or services impacted. May involve a series of incidents having cumulative impacts.

skimming

The theft of credit card information using card readers, or skimmers, to record and store victims' data.

social engineering

Methods used to manipulate people into carrying out specific actions, or divulging information.

spam

Unsolicited electronic messages, especially containing advertising, indiscriminately transmitted to a large number of people.

spearphishing

A form of phishing that is targeted at a specific person or group.

spoof

A type of attack where a message is made to look like it comes from a trusted source. For example, an email that looks like it comes from a legitimate business, but is actually trying to spread malware.

spyware

A program that collects information on the user’s activities without their consent. Spyware may be installed on a system illegitimately, or as a part of other software without the user’s knowledge.

SQL injection

Exploitation of a vulnerability in a database application that does not properly validate or encode user input, allowing the manipulation, exfiltration or deletion of data.

State owned corporation

Commercial businesses owned by the NSW Government: Essential Energy, Forestry Corporation3 of NSW, Hunter Water, Port Authority of NSW, Sydney Water, Landcom, Water NSW

state-sponsored actor

An actor that conducts activity on behalf of a state, for example a contracted hacker or company.

Structured Query Language (SQL)

A special-purpose programming language designed for managing data held in a relational database management system.

systems

Software, hardware, communications, networks and includes specialised systems such as industrial and automation control systems, telephone switching and PABX systems, building management systems and internet connected devices.

threat actor

An entity that is partially or wholly responsible for an incident that impacts – or has the potential to impact - an organisation's security. Also referred to as a malicious actor.

trojan

A type of malware or virus disguised as legitimate software, which is used to hack into the victim's computer.

two factor authentication (2FA)

A form of multi-factor authentication (see definition) to confirm a user's claimed identity by combining two different pieces of evidence.

vector

An access method for cyber operations.

virtualisation

Creating a virtual version of a hardware platform, application, operating system, storage device or network resource; upon which other software runs.

virus

A type of malware. Viruses spread on their own by attaching their code to other programs or copying themselves across systems and networks.

vulnerability

A weakness in system security requirements, design, software, implementation or operation that could be exploited.

vulnerability assessment

The process of identifying, quantifying, and prioritising (or ranking) the vulnerabilities in a system.

watering hole

Setting up a fake website (or compromising a real one) in order to infect and exploit visiting users.

website defacement

A type of data breach or compromise where illegitimate changes are made to the appearance and content of a website. Often likened to graffiti or online vandalism.

whaling

A highly-targeted form of spearphishing that is aimed at senior executives within an organisation.

whitelisting

Authorising only approved applications for use within organisations in order to protect systems from potentially harmful applications.

wide area network (WAN)

A telecommunications network or computer network that extends over a large geographical distance.

windows

A graphical interface-based operating system developed by Microsoft.

worm

Self-replicating malware that uses a network to distribute copies of itself to other computer devices, often without user intervention. Worms need not attach themselves to existing programs.

zero day

(also referred to as 0-day)

A software exploit that hasn’t been disclosed or patched by the software vendor.

 

Incident Source, Attack or Threat Vector

Attrition

The use of brute force methods to attempt to compromise, degrade or destroy systems, networks or services

Configuration

An incident caused by accidental or erroneous configuration of security controls

Email

An attack or incident executed via an email message or attachment

Removable media

Storage media that can be easily removed from a system and is designed for removal, for example USB flash drives or optical media.

Improper Usage

Any incident resulting from violation of an organisation’s acceptable usage policies by an authorised user, excluding the above categories.

Loss or Theft of Equipment

The loss or theft of a computing device or media used by the organisation, such as a laptop or smartphone.

Natural Disaster

An incident (especially in relation to availability) caused by a natural event (Fire, flood etc)

Web

An attack executed from a website or web-based application

Other

An attack that does not fit into any of the other categories.

Unknown

Unable to determine the source or cause of the incident.

 

Business Impact Categories

None

No effect to the organisations ability to provide all services to all users

Low

Minimal effect; the organisation can still provide all critical services to all users but has lost efficiency

Medium

Organisation has lost the ability to provide a critical service to a subset of system users

High

Organisation is no longer able to provide some critical services to any users

 

Incident Effects or Types

Compromised Asset

Compromised host (botnet, root account, Trojan, rootkit), network device, application, user account. This includes malware infected hosts where an attacker is actively controlling the host. Compromise also includes events of physical asset loss or theft where the device contains sensitive corporate information

Compromised Information

Successful destruction, corruption, or disclosure of sensitive corporate Information, including credentials and Intellectual Property.

Information Gathering

This category includes any activity that seeks obtain information about technology and services in use for later exploit, e.g. scans and probes.

Investigation

Unconfirmed or Suspected incidents that are reported which are potentially malicious or anomalous activity deemed by the reporting entity to warrant further review

Unauthorised Access

In this category an individual (internal or external) gains logical or physical access without permission to a national or local network, system, application, data, or other resource.

Unlawful Activity

Fraud / Human Safety / Child Porn. Computer related incidents of a criminal nature, likely involving law enforcement, Global Investigations, or Loss Prevention.

Unplanned Outage

An event occurring to ICT systems which is not attributable to a direct attack, malware, theft or unauthorised change which affects critical assets, systems or services. For example, A natural disaster causing data centre outage, power systems failure

None

The incident had no discernible impact

Other / Unknown

Not yet determined or not attributable to another category

Incident Severity

Extreme

  • Client information is compromised
  • Poses a potential large financial risk or legal liability
  • Adversely impacts an enterprise system or service critical to the operation of a Department
  • Poses a significant and immediate threat to human safety, such as a death-threat to an individual or group.
  • Has a high probability of propagating to many other systems and causing significant damage or disruption causing a severe degradation in, or loss of, organisational capability to an extent and duration that the agency cannot perform one or more of its functions for an extended time

high

  • Adversely impacts a moderate number of systems and/or people, such as an individual unit, or building
  • Adversely impacts a non-critical enterprise system or service such as a file server
  • Has a probability of propagating to other systems and causing moderate damage or disruption
  • Poses a significant risk to an enterprise or business critical system
  • Pose an immediate risk to Sensitive data integrity
  • Presents an immediate risk to NSW Government reputation

Medium

  • Poses a non-immediate risk to enterprise or business critical systems.
  • Disrupts a very small number of network devices or segments
  • Has potential to compromise NSW Sensitive data integrity
  • Compromises agreed access controls on production systems.
  • Medium functional impact / effect on systems , services or data requiring remediation

Low

  • Has little or no risk of propagation or causes only minimal disruption or damage in their attempt to propagate
  • Individual minor breach of access
  • Minimal effect on systems, services or data
  • Low potential risk of sensitive data, access or security compromise

 

Information Impact Categories

None

No information was exfiltrated, changed, deleted or otherwise compromised

Privacy Breach

Sensitive personally identifiable information (PII) was accessed or exfiltrated

Sensitive Breach

Sensitive proprietary information was accessed or exfiltrated

Integrity Loss

Sensitive or proprietary information was changed or deleted

 

Last updated