Cyber Security NSW Lexicon
Glossary
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
|
The process of granting or denying requests for access to information and systems. Can also refer to the process of granting or denying requests to enter facilities. |
|
|
ACSC |
Australian Cyber Security Centre |
|
active defence |
The principle of implementing a spectrum of dynamic security measures to strengthen a network or system to make it more robust against attack. Active defence is separate from offensive cyber operations, as well as passive defence or network hardening. |
|
Advanced Persistent Threat (APT) |
A label given to a set of malicious cyber activity with common characteristics, often orchestrated by a person or persons targeting specific entities over an extended period. An APT usually targets either private organisations, states or both for business or political motives. |
|
adware |
A program that displays advertisements that can be installed legitimately as a part of another application or service, or illegitimately without the consent of the system user. |
|
air gap |
A network security measure employed on one or more computers to ensure that a secure computer network is physically isolated from unsecured networks, such as the public Internet or an unsecured local area network. A network security technique where the interface of a system is physically isolated from other networks. |
|
antivirus |
Software that is designed to detect, stop and remove viruses and other kinds of malicious software. |
|
application whitelisting |
An approach in which only an explicitly defined set of applications are permitted to execute on a system. |
|
artificial intelligence |
Artificial intelligence is the simulation of intelligence processes by machines, especially computer systems. These processes include learning (the acquisition of information and rules for using the information), reasoning (using the rules to reach approximate or definite conclusions), and self-correction. Particular applications of AI include threat identification, expert systems, speech recognition and machine vision. |
|
attack surface |
The aggregated ways in which an adversary can target, compromise and potentially cause damage to a system or network. The greater the attack surface the greater the chances are of an adversary finding an exploitable vulnerability. |
|
attribution |
The process of assessing the source, perpetrator or sponsor of malicious activity. Statements of attribution often use probabilistic language and indicate the level of confidence in the assessment. |
|
authentication |
Verifying the identity of a user, process or device as a prerequisite to allowing access to resources in a system. |
|
authorisation |
The process of defining or verifying permission for a specific identity or device to access or use resources in a system |
|
A feature or defect of a computer system that allows access to it, that bypasses its functional security controls. |
|
|
big data |
Large amounts of structured and unstructured data that exceeds the ability of commonly used software tools to capture, manage and process. Big data requires techniques and technologies with new forms of integration to reveal insights from datasets that are diverse, complex, and of a massive scale. |
|
bitcoin |
A brand of cryptocurrency, (see definition cryptocurrency). |
|
black hat |
A hacker who engages in unlawful or unsanctioned hacking activities. |
|
blockchain |
A distributed database that maintains a continuously growing list of records, called blocks, secured from tampering and revision. Each block contains a timestamp and a link to a previous block. By design, blockchains are inherently resistant to modification of the data — once recorded, the data in a block cannot be altered retroactively. |
|
bot |
A program that performs automated tasks. In a cyber security context, a malware-infected computer that carries out tasks set by someone other than the device's legitimate user. Short for ‘robot'. |
|
botnet |
A collection of computers or devices infected by bots, remotely controlled by an actor to conduct malicious activities without the user's knowledge, such as to send spam, spread malware, conduct denial of service activities or steal data. |
|
breach (data) |
When data is lost or subjected to unauthorised access, modification, disclosure, or other misuse or interference. Also referred to as a ‘Data Spill'. |
|
breach (security) |
An incident that results in unauthorised access to, modification or disruption of data, applications, services, networks and/or devices by bypassing their underlying security mechanisms. |
|
bring your own device (BYOD) |
Staff owned computing devices used for work purposes, as compared to ones issued by the employer. These devices connect to and utilise the organisations' network, data and resources. |
|
browser |
A software application for retrieving, presenting and traversing information resources on the world wide web. Short for ‘Web Browser'. |
|
brute force |
An access control breaching technique that uses an automated process to determine a cryptographic key or password by systematically trying all alternatives until it discovers the correct one. This process is often supported by the use of known, or typically used credentials, and predefined key hashes. |
|
bug |
A flaw or error in a software program. |
|
Chief Information Officer |
|
|
CISO |
Chief Information Security Officer |
|
click fraud |
Using a compromised computer to click ads on a website without the user's awareness, with the intention of generating revenue for the website, or draining resources from the advertiser. |
|
cloud computing |
A service model that enables network access to a shared pool of computing resources such as data storage, servers, software applications and services. |
|
cluster (also lead cluster department or department) |
Officially defined as Departments in Government Sector Employment Act 2013 Schedule 1 clusters are the ten groups into which NSW Government agencies are organised to enhance coordination and provision of related services and policy development. |
|
compromise |
An introduced vulnerability or loss of trust in the integrity of a system and data resulting from unauthorised access, violation of policy, or disclosure of information |
|
computer |
A programmable electronic device designed to accept data, perform prescribed mathematical and logical operations at high speed, and display the results of these operations. |
|
computer network |
Two or more interconnected devices that can exchange data. |
|
cookie |
A small text file that is transmitted by a website and stored in the user's web browser, used to identify the user and prepare customised webpages. A cookie can be used to track a user's activity while browsing the internet. |
|
credential harvesting |
The use of social engineering techniques, digital scamming and malware to steal credentials. Also known as password harvesting. |
|
critical infrastructure |
Those physical facilities, supply chains, information technologies and communication networks which, if destroyed, degraded or rendered unavailable for an extended period, would significantly impact the social or economic wellbeing of the nation or affect Australia's ability to conduct national defence and ensure national security (Security of Critical Infrastructure Act 2018). |
|
Cross domain solution |
A system capable of implementing comprehensive data flow security policies with a high level of trust between two or more differing security domains. |
|
Crown jewels |
The most valuable or operationally vital systems or information in an organisation. |
|
Cryptocurrency |
A digital currency and payment system underpinned by blockchain and encryption technologies. They can be used for online purchases or converted into official currency. It currently (2019) exists as an informal type of currency, not underwritten nor issued by nation-state reserve banks. |
|
Cryptography |
The practice and study of techniques for securing communications in which plaintext data is converted through a cipher into ciphertext, from which the original data cannot be recovered without the cryptographic key. |
|
CSMS |
A Cyber Security Management System is a management system focused on cyber security of control systems rather than information. |
|
Cyber adversary |
An individual or organisation (including state-sponsored) that conducts malicious activity including cyber espionage, crime or attack. |
|
Cyber attack |
A deliberate act through cyberspace to manipulate, disrupt, deny, degrade or destroy computers or networks, or the information resident on them, with the effect of seriously compromising national security, stability or economic prosperity. |
|
Cyber crime |
Crimes directed at computers, such as illegally modifying electronic data or seeking a ransom to unlock a computer affected by malicious software. It also includes crimes where computers facilitate an existing offence, such as online fraud or online child sex offences |
|
cyber crisis |
Major disruptions to services and operations, with genuine risks to critical infrastructure and services, with risks to the safety of citizens and businesses. Intense media interest, large demands on resources and critical services. |
|
Cyber defence |
Defensive activity designed to protect information and systems against offensive cyber operations. |
|
Cyber espionage |
Malicious activity designed to covertly collect information from an adversary's computer systems for intelligence purposes without causing damage to those systems. Can be conducted by state or non-state entities and can also include theft for commercial advantage. |
|
Cyber incident |
An occurrence or activity that may threaten the confidentiality, integrity or availability of a system or the information stored, processed or communicated by it. |
|
Cyber operations |
Offensive and defensive activities designed to achieve effects in or through cyberspace. |
|
Cyber security |
All measures used to protect systems, and information processed, stored or communicated on such systems, from compromise of confidentiality, integrity and availability. |
|
Cyber event |
An identified occurrence of a system, service or network state indicating a possible breach of security policy or failure of safeguards. |
|
Cyber Security Incident Reporting Scheme |
A scheme established by the ACSC to collect information on cyber security incidents. |
|
Cyber warfare |
The use of computer technology to disrupt the activities of a state or organisation, especially the deliberate disruption, manipulation or destruction of information systems for strategic, political or military purposes. |
|
Cyberspace |
The environment formed by physical and non-physical components to store, modify, and exchange data using computer networks. |
|
The dark web is made up of sites that are not indexed by search engines and are only accessible through specialty networks such as The Onion Router (ToR). Often, the dark web is used by website operators who want to remain anonymous. |
|
|
Data |
The basic element that can be processed or produced by a computer to convey information. |
|
Data breach |
When data is lost or subjected to unauthorised access, modification, disclosure, or other misuse or interference. Also referred to as a ‘spill'. |
|
Data spill |
When data is lost or subjected to unauthorised access, modification, disclosure, or other misuse or interference. Also referred to as a ‘breach'. |
|
Decryption |
The decoding of encrypted messages. |
|
Deep web |
The part of the Internet that is not indexed by search engines. This can typically include: private networks, intranets and databases. Although they are connected to the Internet, they are access controlled. |
|
Defence in depth |
The implementation of multiple layers of security controls in a system to provide redundancy and resilience in the event a security control failure or a vulnerability is exploited. |
|
Denial of service (DoS) |
When legitimate users are denied access to computer services (or resources), usually by overloading the service with requests. |
|
Digital certificate |
An electronic document used to identify an individual, a system, a server, a company, or some other entity, and to associate a public key with the entity. A digital certificate is issued by a certification authority and is digitally signed by that authority. |
|
Digital footprint |
The unique set of traceable activities, actions, contributions and communications that are manifested on the Internet or on digital devices. |
|
Digital signature |
A cryptographic process that allows the proof of the source (with non-repudiation) and the verification of the integrity of that data. |
|
Distributed denial of service (DdoS) |
A denial-of-service (DoS) where the source is comprised of multiple unique IP addresses used to flood the bandwidth or resources of a targeted system or network. |
|
Domain |
In the Internet, a part of a naming hierarchy in which the domain name consists of a sequence of names (labels) separated by periods (dots). Note: There are multiple other technical and communications-related definitions for ‘domain'. |
|
Domain name system (DNS) |
The naming system that translates domain names into IP addresses |
|
domain verification |
When you are checked and verified as the legitimate owner of a domain in order to add or change a service (such as a website) on that domain. |
|
Downloader |
A type of trojan that downloads other malware onto your PC. The downloader needs to connect to the Internet to download the files. |
|
Doxing |
Obtaining and publishing private or personally identifiable information about an individual over the internet for malicious purposes. Information can be obtained through a range of methods including network compromise, social engineering, data breaches, or research. |
|
Drive by download |
The unintended – automatic or accidental – download of malware from the Internet. |
|
Driver |
Software that interfaces a hardware device with an operating system. |
|
Dropper |
A type of trojan that installs other malware files onto your PC. The other malware is included within the trojan file and does not require connection to the internet. |
|
Intentional deception made for personal gain or to damage another individual through email. Almost as soon as email became widely used, it began to be used as a means to defraud people. |
|
|
emanation security |
The counter-measures employed to reduce classified emanations from a facility and its systems to an acceptable level. Emanations can be in the form of Radio Frequency (RF) energy, sound waves or optical signals. |
|
encryption |
The conversion of electronic plaintext data into unreadable ciphertext using algorithms. Encryption protects the confidentially of data at rest and in transit. Both encryption and decryption are functions of cryptography. |
|
end to end encryption |
A method of secure communication where only the communicating users can read data transferred from one end system or device to another. |
|
endpoint security |
A methodology of protecting a network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. |
|
executable |
A file that causes a computer to perform indicated tasks according to encoded instructions. |
|
exploit |
A piece of code or method that exploits bugs or vulnerabilities in software, hardware or security controls to gain access, or compromise, a system or network. |
|
A network device that filters incoming and outgoing network data based on a series of rules. |
|
|
firmware |
Software embedded in a hardware device that contains low level programs that allow the device to function. |
|
A network point that acts as an entrance to another network. |
|
|
GCISO |
Government Chief Information Security Officer |
|
Grey Hat |
A hacker or computer security expert who may sometimes violate laws or typical ethical standards, but may not have the malicious intent typical of a black hat hacker. |
|
The unauthorised exploitation of weaknesses in a computer system or network. |
|
|
hacker |
A computer expert that can gain unauthorised access to computer systems. Hacker is an agnostic term and a hacker does not necessarily have malicious intent. |
|
hacktivist |
A civilian hacker whose motivation is political, religious, or ideological, as opposed to criminal or opportunistic. Can also include those who use the Internet in innovative ways to promote their cause, but not necessarily having any element of compromising the security of the system used, or breach of the Crimes Act (1901), pertaining to misuse of computers. This also excludes those actors who are part of state-sponsored or militant groups. |
|
hardware |
A generic term for ICT equipment. |
|
honeypot |
A computer system designed specifically to attract potential malicious actors in order to inform the development of defensive measures and responses. |
|
HTTPS |
Hypertext Transfer Protocol, with the "S" for "Secure." The Hypertext Transfer Protocol (HTTP) is the basic framework that controls how data is transferred across the web, while HTTPS adds a layer of encryption for additional security. |
|
Industrial Automation and Control Systems, also referred to as Industrial Control System (ICS), include “control systems used in manufacturing and processing plants and facilities, building environmental control systems, geographically dispersed operations such as utilities (i.e., electricity, gas, and water), pipelines and petroleum production and distribution facilities, and other industries and applications such as transportation networks, that use automated or remotely controlled or monitored assets.” (IEC/TS 62443-1-1 Ed 1.0) |
|
|
ICT |
Information and Communications Technology, also referred to as Information Technology (IT), includes software, hardware, network, infrastructure, devices and systems that enable the digital use and management of information and the interaction between people in a digital environment. |
|
ICT system |
A related set of hardware and software used for the processing, storage or communication of information and the governance framework in which it operates. |
|
impersonation |
A social engineering or programming method by which a target is fooled into believing the impersonator is a trusted identity in order to gain access or information |
|
in the wild |
Describes malware found in operation on the internet that infects and affects users' computers. This is opposed to malware seen only in internal test environments or malware collections. |
|
industrial control system (ICS) |
A collective term describing control systems and associated instrumentation used to efficiently operate and/or automate industrial processes. ICS include supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other smaller control system configurations such as programmable logic controllers (PLC). |
|
information communications technology (ICT) equipment |
Any device that can process, store or communicate electronic information —for example, computers, multifunction devices and copiers, landline and mobile phones, digital cameras, electronic storage media, IoT and other devices such as radio. |
|
information security |
The protection of information and information systems from unauthorised access, use, disclosure, disruption, modification or destruction in order to provide confidentiality, integrity and availability. |
|
internet |
The global system of interconnected computer networks that use standardised communication protocols to link devices and provide a variety of information and communication facilities. |
|
internet of things (IoT) |
The network of physical objects, devices, vehicles, buildings and other items which are embedded with electronics, software, sensors, and network connectivity, which enables these objects to connect to the internet (or private network) and collect and exchange data. |
|
internet service provider (ISP) |
A company that provides subscribers with access to the Internet. |
|
iOS |
A mobile operating system created and developed by Apple, designed primarily for mobile devices such as tablets and smartphones. |
|
IoT |
The Internet of Things (IoT) refers to the inter-connection of many devices and objects utilising internet protocols that can occur with or without the active involvement of individuals using the devices. The IoT is the aggregation of many machine-to-machine (M2M) connections. |
|
ISMS |
An Information Security Management System “consists of the policies, procedures, guidelines, and associated resources and activities, collectively managed by an organisation, in the pursuit of protecting its information assets. An ISMS is a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organisation's information security to achieve business objectives” (ISO/IEC 27000:2018). |
|
Software that records which keys you press. Also known as keystroke logging. |
|
|
A computer network that interconnects devices within a limited area such as a residence, school, laboratory, or office building. |
|
|
A type of artificial intelligence (AI) that allows software applications to become more accurate in predicting outcomes without being explicitly programmed. The basic premise of machine learning is to build algorithms that can receive input data and use statistical analysis to predict an output value within an acceptable range. |
|
|
macro |
An instruction that causes the execution of a predefined sequence of instructions. |
|
malvertising |
The use of online advertising to spread malware. Malvertising involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and webpages. |
|
malware |
Malicious software used to gain unauthorised access to computers, steal information and disrupt or disable networks. Types of malware include trojans, viruses and worms. |
|
man-in-the-middle (MITM) |
A form of malicious activity where the attacker secretly accesses, relays, and possibly alters the communication between two parties who believe they are communicating directly with each other. |
|
media |
A generic term for hardware, often portable in nature, which is used to store information. |
|
metadata |
Information that describes data. This can include how the data was created, the time and date of creation, the author of the data and the location on a network where the data was created. |
|
mobile device |
A portable computing or communications device with information storage capability that can be used from a non–fixed location. Mobile devices include mobile phones, smartphones, portable electronic devices, personal digital assistants, laptops, netbooks, tablet computers and other portable Internet–connected devices (ISM). |
|
multi-factor authentication |
A method of computer access control in which a user is granted access only after successfully presenting several separate pieces of evidence to an authentication mechanism – typically at least two of the following categories: knowledge (something they know), possession (something they have), and inherence (something they are). |
|
multifunction devices |
ICT equipment that combines printing, scanning, copying, faxing or voice messaging functionality in the one device. These devices are often designed to connect to computer and telephone networks simultaneously. |
|
Two or more computer systems linked together |
|
|
network device |
ICT equipment designed to facilitate the communication of information. |
|
Activities in cyberspace that manipulate, deny, disrupt, degrade or destroy targeted computers, information systems, or networks. |
|
|
operating system |
System software that manages hardware and software resources and provides common services for executing various applications on a computer. |
|
A Private Automatic Branch Exchange is an automatic telephone switching system within a private enterprise. |
|
|
passive defence |
Security measures that are applied within a network and require limited human interaction. Passive defence includes logging and monitoring mechanisms, and implementation of tools and processes to harden networks including firewalls, application whitelisting, patching procedures and antivirus software. |
|
patch |
An update to firmware or software to fix software bugs, improve security and/or enhance functionality. |
|
payload |
Part of digitally transmitted data that is the fundamental purpose of the transmission. In the cyber-security context, normally the part of a malware program that performs a malicious action. |
|
penetration testing |
A method of evaluating the security of an ICT system by seeking to identify and exploit vulnerabilities to gain access to systems and data. Also called a ‘pentest'. |
|
personally identifiable Information (PII) |
Information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. |
|
phishing |
A digital form of social engineering that uses authentic-looking, but fake, e-mails to request information from users or direct them to a fake Web site information. Phishing seeks to trick someone to install malware or divulge sensitive information. Vishing (Voice Phishing) is a phone-based variant. Spear phishing and whaling attacks are highly personalised variants. |
|
polymorphic |
Describes malware that can change parts of its code in order to avoid detection by security software. |
|
Public Service agency |
Section 3 of the Government Sector Employment Act defines a Public Service agency as:
|
|
Malicious software that makes data or systems unusable until the victim makes a payment. |
|
|
remote access tool (RAT) |
A software administration tool or program that can be used by a hacker to remotely gain access and control of an infected machine. |
|
resilience |
The capacity to withstand or recover quickly from difficulties. |
|
risk appetite |
“Amount and type of risk that an organisation is willing to pursue or retain.” (ISO/Guide 73:2009) |
|
risk tolerance |
“Organisation's or stakeholder's readiness to bear the risk, after risk treatment, in order to achieve its objectives.” (ISO/Guide 73:2009) |
|
rootkit |
Software designed to hide itself and other malware from detection while it makes changes to a computer. |
|
router |
A networking device that forwards data packets between computer networks. |
|
A virtual space in which new, untrusted or untested software or coding can be run safely without risking harm to the hosting computer. |
|
|
script (malware) |
A type of malware written using a scripting language. Common forms of scripting language include JavaScript, HTML, Visual Basic Script, PowerShell, Perl, Python and Shell Scripting. |
|
script kiddie |
A derisive term used to describe an unskilled individual that uses existing computer scripts or programs to hack computers, networks or websites, lacking the expertise to write their own. |
|
SDLC |
The System Development Life Cycle is the “scope of activities associated with a system, encompassing the system's initiation, development and acquisition, implementation, operation and maintenance, and ultimately its disposal”. (NIST SP 800-137) |
|
secure-by-design |
An approach to software and hardware development that tries to minimise vulnerabilities by designing from the foundation to be secure and taking malicious practices for granted. |
|
server |
A computer that provides services to users or other systems. For example, a file server, email server or database server. |
|
shell |
The program that gives your commands to your computer's operating system. |
|
signature |
A distinct pattern in network traffic that can be identified to a specific tool or exploit. Signatures are used by security software to determine if a file has been previously determined to be malicious or not |
|
significant cyber incident |
Significant impact to services, information, assets, NSW Government reputation, relationships and disruption to activities of NSW business and/or citizens. Multiple NSW Government agencies, their operations and/or services impacted. May involve a series of incidents having cumulative impacts. |
|
skimming |
The theft of credit card information using card readers, or skimmers, to record and store victims' data. |
|
social engineering |
Methods used to manipulate people into carrying out specific actions, or divulging information. |
|
spam |
Unsolicited electronic messages, especially containing advertising, indiscriminately transmitted to a large number of people. |
|
spearphishing |
A form of phishing that is targeted at a specific person or group. |
|
spoof |
A type of attack where a message is made to look like it comes from a trusted source. For example, an email that looks like it comes from a legitimate business, but is actually trying to spread malware. |
|
spyware |
A program that collects information on the user's activities without their consent. Spyware may be installed on a system illegitimately, or as a part of other software without the user's knowledge. |
|
SQL injection |
Exploitation of a vulnerability in a database application that does not properly validate or encode user input, allowing the manipulation, exfiltration or deletion of data. |
|
State owned corporation |
Commercial businesses owned by the NSW Government: Essential Energy, Forestry Corporation3 of NSW, Hunter Water, Port Authority of NSW, Sydney Water, Landcom, Water NSW |
|
state-sponsored actor |
An actor that conducts activity on behalf of a state, for example a contracted hacker or company. |
|
Structured Query Language (SQL) |
A special-purpose programming language designed for managing data held in a relational database management system. |
|
systems |
Software, hardware, communications, networks and includes specialised systems such as industrial and automation control systems, telephone switching and PABX systems, building management systems and internet connected devices. |
|
An entity that is partially or wholly responsible for an incident that impacts – or has the potential to impact - an organisation's security. Also referred to as a malicious actor. |
|
|
trojan |
A type of malware or virus disguised as legitimate software, which is used to hack into the victim's computer. |
|
two factor authentication (2FA) |
A form of multi-factor authentication (see definition) to confirm a user's claimed identity by combining two different pieces of evidence. |
|
An access method for cyber operations. |
|
|
virtualisation |
Creating a virtual version of a hardware platform, application, operating system, storage device or network resource; upon which other software runs. |
|
virus |
A type of malware. Viruses spread on their own by attaching their code to other programs or copying themselves across systems and networks. |
|
vulnerability |
A weakness in system security requirements, design, software, implementation or operation that could be exploited. |
|
vulnerability assessment |
The process of identifying, quantifying, and prioritising (or ranking) the vulnerabilities in a system. |
|
Setting up a fake website (or compromising a real one) in order to infect and exploit visiting users. |
|
|
website defacement |
A type of data breach or compromise where illegitimate changes are made to the appearance and content of a website. Often likened to graffiti or online vandalism. |
|
whaling |
A highly-targeted form of spearphishing that is aimed at senior executives within an organisation. |
|
whitelisting |
Authorising only approved applications for use within organisations in order to protect systems from potentially harmful applications. |
| white hat | An ethical computer hacker, or a computer security expert, who specialises in penetration testing and in other testing methodologies to legally and legitimately ensure the security of an organisation's information systems. See also ‘Black Hat' and ‘Grey Hat'. |
|
wide area network (WAN) |
A telecommunications network or computer network that extends over a large geographical distance. |
|
windows |
A graphical interface-based operating system developed by Microsoft. |
|
worm |
Self-replicating malware that uses a network to distribute copies of itself to other computer devices, often without user intervention. Worms need not attach themselves to existing programs. |
|
(also referred to as 0-day) |
A software exploit that hasn't been disclosed or patched by the software vendor. |
Incident Source, Attack or Threat Vector
|
Attrition |
The use of brute force methods to attempt to compromise, degrade or destroy systems, networks or services |
|
Configuration |
An incident caused by accidental or erroneous configuration of security controls |
|
|
An attack or incident executed via an email message or attachment |
|
Removable media |
Storage media that can be easily removed from a system and is designed for removal, for example USB flash drives or optical media. |
|
Improper Usage |
Any incident resulting from violation of an organisation's acceptable usage policies by an authorised user, excluding the above categories. |
|
Loss or Theft of Equipment |
The loss or theft of a computing device or media used by the organisation, such as a laptop or smartphone. |
|
Natural Disaster |
An incident (especially in relation to availability) caused by a natural event (Fire, flood etc) |
|
Web |
An attack executed from a website or web-based application |
|
Other |
An attack that does not fit into any of the other categories. |
|
Unknown |
Unable to determine the source or cause of the incident. |
Business Impact Categories
|
None |
No effect to the organisations ability to provide all services to all users |
|
Low |
Minimal effect; the organisation can still provide all critical services to all users but has lost efficiency |
|
Medium |
Organisation has lost the ability to provide a critical service to a subset of system users |
|
High |
Organisation is no longer able to provide some critical services to any users |
Incident Effects or Types
|
Compromised Asset |
Compromised host (botnet, root account, Trojan, rootkit), network device, application, user account. This includes malware infected hosts where an attacker is actively controlling the host. Compromise also includes events of physical asset loss or theft where the device contains sensitive corporate information |
|
Compromised Information |
Successful destruction, corruption, or disclosure of sensitive corporate Information, including credentials and Intellectual Property. |
|
Information Gathering |
This category includes any activity that seeks obtain information about technology and services in use for later exploit, e.g. scans and probes. |
|
Investigation |
Unconfirmed or Suspected incidents that are reported which are potentially malicious or anomalous activity deemed by the reporting entity to warrant further review |
|
Unauthorised Access |
In this category an individual (internal or external) gains logical or physical access without permission to a national or local network, system, application, data, or other resource. |
|
Unlawful Activity |
Fraud / Human Safety / Child Porn. Computer related incidents of a criminal nature, likely involving law enforcement, Global Investigations, or Loss Prevention. |
|
Unplanned Outage |
An event occurring to ICT systems which is not attributable to a direct attack, malware, theft or unauthorised change which affects critical assets, systems or services. For example, A natural disaster causing data centre outage, power systems failure |
|
None |
The incident had no discernible impact |
|
Other / Unknown |
Not yet determined or not attributable to another category |
Incident Severity
|
Extreme |
|
|
high |
|
|
Medium |
|
|
Low |
|
Information Impact Categories
|
None |
No information was exfiltrated, changed, deleted or otherwise compromised |
|
Privacy Breach |
Sensitive personally identifiable information (PII) was accessed or exfiltrated |
|
Sensitive Breach |
Sensitive proprietary information was accessed or exfiltrated |
|
Integrity Loss |
Sensitive or proprietary information was changed or deleted |