C&A or CnA. Certification and Accreditation. A formal procedure often conducted by a third party for evaluating and validating the adherence of a product, service, activity, process, proficiency/competence, and other systems to a set of widely/officially accepted norms or standards.
C&C or C2. Command and Control. The possession of authority by a [duly designated] entity over a network of resources, or the system through which such authority is exercised. In cybersecurity, the term often refers to the administrative capability or influence that is illegally acquired by a threat actor over a compromised IT system.
CAPTCHA. Completely Automated Public Turing Test to Tell Computers and Humans Apart. A challenge-response technique employed by a computer system to determine whether the user it currently interacts with is human.
CARO. Computer Antivirus Research Organization. An organization founded in 1990 to research malware and best known for its annual Virus Naming Convention.
CASB. Cloud Access Security Broker. A computer software positioned between cloud services/applications and their users that monitors activity and implements security protocols.
CBC. Cipher Block Chaining. An encryption/decryption method that uses a cipher key and a cryptograhic chain of plaintext blocks, each of which is dependent on the previous block. This method allows for a relatively safe the encryption and decryption of large amounts of data.
CBSP. Cloud-based Security Providers. Vendors that provide cloud-based IT security solutions.
CC. Credit Cards. A payment card issued by a financial institution to a user (cardholder) that provides a credit line for different types of purchase transactions, sometimes including cash advances.
CC. Common Criteria. A widely used framework, especially by standards-setting organisations such as the ISO (International Organization for Standardization) and the IEC (International Electrotechnical Commission) for specifying IT security requirements.
CCPA. California’s Consumer Privacy Act. A state law that reinforces the consumer protection for and the privacy rights of people residing in the U.S. state of California.
CCRA. Common Criteria Recognition Arrangement. An international agreement establishing the mutual recognition of certifications awarded using Common Criteria standards and protocols.
CCTV. Closed Circuit Television. A television system that transmits or broadcasts video content to a limited/restricted (i.e., closed circuit) set of monitors. Primarily used for security purposes, CCTV is also often called video surveillance.
CDE. Cardholder Data Environment. A computer system comprising of technologies, hardware, software, people, and protocols that facilitate the storage, processing, and transmission of cardholder data or authentication data related to sensitive payment transactions.
CDMA. Code Division Multiple Access. A protocol (i.e., channel-access method) used in radio/wireless communications, particularly in 2G (second generation) and 3G (third generation) mobile phone standards.
CDN. Content Delivery Network. A set of interconnected servers that are geographically distributed to bring web content closer to users, thereby accelerating its delivery.
CDP. Cisco Discovery Protocol. A proprietary DDL (data link layer) protocol developed by Cisco Systems to share information among Cisco devices.
CDP. Continuous Data Protection. A data backup process that automatically saves a copy of the data every time the data is changed. Also called continuous backup or real-time backup, this process ideally captures every version of the data and should be able to restore data at any point in its lifetime.
CDP. Content Delivery Platform. A software service that uses server-side embedded code to deliver web content to client devices.
CDP. Clean Desk Policy. A corporate policy that mandates employees to clear their desks of all papers at the end of the day. Previously aimed at establishing a sense of order and professionalism by eliminating clutter, CDP is now being implemented as an essential component of information security.
CDS. Cross Domain Solution. A system of software, hardware, and other elements aimed at mitigating specific security risks during information exchanges between security domains based on predefined security protocols.
CEH. Certified Ethical Hacker. A professional qualification or designation for a skilled computer user who performs legitimate “hacking” services for organisations, often with the aim of detecting network vulnerabilities and improving an organisation’s cybersecurity posture.
CERT. Computer Emergency Response Team. A group of IT experts designated to handle computer security or emergency incidents. Also known as Cyber Security Incident Response Team (CSIRT).
CFAA. Computer Fraud and Abuse Act. An amendment to the US Computer Fraud Law that prohibits accessing a computer without authorisation.
CGI. Common Gateway Interface. A data exchange specification used in passing data to and from a web server, an application, and a web client.
CHAP. Challenge-Handshake Authentication Protocol. An authentication protocol that periodically verifies the identity of a remote user during an online session using a three-way handshake. Commonly used by PPP (point-to-point) servers, CHAP is a challenge-and-response type of identity authentication.
CI. Critical Infrastructure. The physical, human, and cyber-based resources, networks, and systems that are vital to the normal functions, economy, and security of a state and its population.
CI/CD. Continuous Integration and Continuous Delivery (or Continuous Deployment). Complementary practices in software development that constitute a quicker and more reliable method for updating, testing, and deploying software codes (especially those already behind existing products, solutions, and/or services used by enterprises/customers). While CI/CD generally helps improve the IT security posture of its adopters, some security analysts note the enormous risks CI/CD poses when threat actors exploit it in massive supply chain/pipeline-type attacks.
CIA. Confidentiality, Integrity, Availability. Referred to as the CIA triad, confidentiality, integrity, and availability are the three most important concepts in information security. Confidentiality entails a reliable system of access restrictions and privileges as applied to information; integrity refers to the trustworthiness of, or the uncorrupted nature of information; and, availability refers to a stable and consistent access to information by authorised entities.
CIAM. Customer Identity and Access Management. A system for 1) authenticating customer identity; 2) authorising access to public-facing but gated resources; 3) securing customers’ personal data; and, 4) enhancing customer experience with said resources.
CIFS. Common Internet File System. A file-sharing protocol that enables users and local devices to collaborate and share documents over the Internet or within closed internal networks. It is based on the Server Message Block (SMB) communication protocol developed by successively by IBM and Microsoft.
CIISec. Chartered Institute of Information Security. An independent, non-profit organisation that aims to promote professionalism among information security practitioners and the industry as a whole.
CIO. Chief Information Officer. A corporate role or job title given to the most senior executive in charge of an organisation’s IT infrastructure and computer systems.
CIRT. Computer Incident Response Team. A group of experts designated to manage and resolve IT emergency and/or cyber security incidents. Also known as computer emergency response team (CERT), or cyber security incident response team (CSIRT).
CIS. Center for Internet Security. A non-profit organisation that develops best practice solutions to help people, companies, and states protect themselves against different types of IT security threats.
CISA. Cybersecurity and Infrastructure Security Agency. A U.S. federal agency operating under the Department of Homeland Security responsible for protecting the IT infrastructure and strengthening cybersecurity across all levels of government.
CISO. Chief Information Security Officer. A senior-level executive who leads the organisation’s efforts in the development and implementation of strategies, policies, and systems that secure and protect IT assets from all types of threats.
CLI. Command-line Interface. A text-based user interface for managing computer files, executing system commands, and running programs.
CMDB. Configuration Management Database. A type of database that stores all relevant information about the hardware, software, facilities, services, systems, and personnel that constitute an organisation’s IT infrastructure as well as the interrelationships of these components.
CMS. Content Management System. A software application for managing digital content, enabling users to create, edit, publish, and store different types of content.
CnA. Certification and Accreditation, see C&A. A formal procedure often conducted by a third party for evaluating and validating the adherence of a product, service, activity, process, proficiency/competence, and other systems to a set of widely/officially accepted norms or standards.
COBIT. Control Objectives for Information and Related Technologies. A business-oriented framework that helps organisations develop and improve the management and governance of IT systems.
CORS. Cross-Origin Resource Sharing. An HTTP-header based method for enabling servers and web browsers to establish which web content are permitted to be accessed and rendered across different domains. CORS is used to relax same-origin policy (SOP), which allows data to be accessed by scripts between web pages only if those web pages have the same origin (e.g., URI scheme, host name, and port number). A misconfigured CORS header can become a serious vulnerability that can be exploited by threat actors.
CPE. Common Platform Enumeration. A standardised method for naming and describing IT objects and systems such as operating systems, software applications, and hardware devices. The CPE Dictionary is hosted at the U.S. National Institute of Standards and Technology (NIST).
CRC. Cyclical Redundancy Check. A mathematical algorithm for determining whether digital data has been corrupted or tampered with. It is often used to detect common transmission errors.
CREST. Council for Registered Ethical Security Testers. An international association of professionals and organisations in the field of cyber security that provides training and certification.
CRM. Customer Relations Management. A process used by organisations to monitor, optimise, and enhance their interactions with customers.
CRUD. Create, Read, Update, Destroy. The four fundamental operations that can be performed with data elements. CRUD is often used in cybersecurity as a way to configure user accounts, particularly the permitted functions or capabilities for each user account regarding a specific data set (e.g., read only, editing credentials, etc.)
CSA. Cloud Security Alliance. A non-profit organisation that aims to develop, improve, and promote best practices in cloud computing security.
CSIRT. Computer Security Incident Response Team. A group of IT experts designated to handle computer security or emergency incidents. Also known as Computer Emergency Response Team (CERT).
CSMA/CD. Carrier Sense Multiple Access with Collision Detection. A network protocol that helps prioritise transmissions and regulate network traffic.
CSO. Chief Security Officer. The most senior executive responsible for securing and protecting an organisation’s personnel, physical assets, intellectual property, and other resources. In the absence of a chief information security officer (CISO), the CSO also leads the company’s cybersecurity efforts to defend all its corporate data and IT resources from all types of threat.
CSP. Content Security Policy. An IT security standard that helps protect online applications and websites from threats such as malicious data injection and cross-site scripting that can result to website defacement, clickjacking, malware distribution, and data theft.
CSP. Cloud Service Provider. A third-party entity that offers a cloud-based application, platform, infrastructure, storage, and other services.
CSPRNG. Cryptographically Secure Pseudo-Random Number Generator. A number generator commonly used in cryptography. Also known as cryptographic random number generator (CRNG).
CSRF. Cross-Site Request Forgery. A cyber attack wherein the threat actor tricks an authenticated user into performing an untintended action such as changing a password or transfering funds to an account controlled by the threat actor.
CSS. Cascading Style Sheets. A style sheet language commonly used with markup languages such as HTML to configure the design, presentation, and/or formatting aspects of webpages. Threat actors have been known to inject malicious code in CSS to activate malware such as web skimmers and keystroke loggers.
CSV. Comma-separated Values. A document format used to describe a plain-text file that contains tabular values separated by commas. CSV also refers to the file name extension used for such files. Threat actors can inject malicious website urls or executable code — known as Formula Injection — in CSV files.
CSWSH. Cross-Site WebSocket Hijacking. A cross-site request forgery (CSRF) attack on a WebSocket that typically involves a malicious webpage and the threat actor masquerading as an authenticated user performing actions during a valid session. As the name implies, a cross-site WebSocket hijacking can be used to steal (re: hijack) any sensitive data the authenticated user can access; and even to intercept and capture (re: hijack) the user’s own data as well.
CTF. Capture the Flag. A cyber security competition, exercise, or event where individuals or teams compete against each other in different challenges such as attacking/defending a computer network, reverse engineering malware, and packet sniffing.
CTI. Cyber Threat Intelligence. Refers to data, knowledge, or process that help improve the ways organisations detect, identify, evaluate, and address IT-related theats to proactively prevent potential attacks, protect cyberspace assets, and mitigate the harmful effects of such threats.
CTO. Chief Technology Officer. A high-level executive responsible for leading the scientific and technology components of an organisation. In many cases the CTO overseas the company’s IT infrastructure and computing environment. For tech-focused organisations, the CTO often heads research and product development as well.
CVE. Common Vulnerabilities and Exposures. An organized, standardised, and publicly accessible list of disclosed/known flaws and vulnerabilities in software and firmware that might be used/exploited for malicious purposes. Launched by the MITRE organisation in 1999, CVE enables technology vendors and security professionals to identifty and classify IT vulnerabilities in a dictionary-type format, using shared criteria and nomenclature conventions.
CVSS. Common Vulnerability Scoring System. A public and vendor-agnostic standard for rating the severity of different IT security vulnerabilities. Using this standard, a severity score of 0 is safe while 10 is most severe.
CWE. Common Weakness Enumeration. A system for classifying the vulnerabilities, weaknesses, or flaws in hardware and software, especially when it comes to security.
AWARDS
Our Address
Telephone
1300 667 871 or +61 7 3220 0352
Brisbane Office
Level 5, 488 Queen Street, Brisbane, QLD 4000
Sydney Office
Level 21, 133 Castlereigh Street, Sydney, NSW 2000
Melbourne Office
Level 28, 303 Collins Street, Melbourne, VIC 3000