PaaS. Platform as a Service. A cloud-based service delivery model by which a third-party entity offers a system of hardware and software that provides the full computing environment or infrastructure needed by its customers to build, develop, operate, and manage their own products, services, or applications under a pay-as-you go, rental, or licensing arrangement.
PAM. Pluggable Authentication Module. A security mechanism that allows the integration of one or more independent authentication schemes into an application programming interface (API).
PAM. Privileged Access Management. An information security policy, strategy, or mechanism that protects high-level digital accounts and identities that are authorised to access systems, data, and resources that are above and beyond those available to normal users. PAM helps organisations counter threat actors who aim to steal and exploit privilege accounts to breach the IT networks of their targets.
PAN. Personal Area Network. A system of interconnected electronic devices within an individual person’s computing space that can span between a few centimeters to a few meters from the user. The connected devices can be wireles or wired.
PAN. Primary Account Number. The multi-digit number that serves as a unique identifier for payment cards such as debit and credit cards. Typically around 14 to 19 digits, PANs are automatically generated and either laser-prointed or embossed on the front of the card. Among other things, PANs identify the card account holder as well as the card issuer.
PASTA. Process for Attack Simulation and Threat Analysis. A seven-step, risk-based framework for analysing cyber threats, simulating malicious attacks, and minimising associated business risks.
PCAP. Packet Capture. A method and tool used in IT security involving the interception of network data packets for analysis. While PCAP was designed to protect and optimise networks, it can be exploited by threat actors to steal sensitive information such as usernames and passwords.
PCI. Payment Card Industry. The segment of the financial industry that encompasses the creation, use, and governance of electronic forms of payment such as ATM, POS, credit, debit, prepaid, and e-purse services.
PCI-SSC. Payment Card Industry Security Standards Council. An international organisation of financial institutions, brands, and other stakeholders that develops data security standards, drives widespread adoption of those standards, and provides related resources for safe and efficient electronic payments around the world.
PCI-DSS. Payment Card Industry Data Security Standard. A mandatory set of guidelines, policies, and procedures that establishes an optimal IT security environment for transacations involving credit, debit, and cash cards. PCI-DSS protects both the financial companies that provide the payment service and their customers by preventing the theft and misuse of cardholder data for financial fraud.
PCRE. Perl-compatible Regular Expressions. A set of free-to-use functions that implement regular expression pattern matching based on the semantics and syntax of the Perl programming language. PCRE has had several known (and patched) vulnerabilities but can be used by IT security professionals as a payload detection tool.
PDF. Portable Document Format. A widely used electronic file format for presenting documents in a consistent manner regardless of the hardware, software, and operating system they are viewed from. Standardised as ISO 32000, PDF has had known IT security vulnerabilities that have been exploited by threat actors and subsequently patched by its developer, Adobe.
PE. Portable Executable. The standard digital file format for executables, dynamic link libraries (DLL), and object code used in 32-bit and 64-bit versions of Windows operating systems. Although threat actors can infect PE files with malware, most antivirus products can detect and stop PE file infectors.
PE. Privilege Escalation. A cyber attack process and technique used by threat actors to acquire increasingly greater access and control over the secured data and resources of an IT network by exploiting compromised user accounts.
PEB. Process Environment Block. A user-mode data structure that represents a process and contains extensive information about it. A PEB is internally used by the the Windows NT operating system.
PEBCAK. Problem Exists Between Chair and Keyboard. A variant of EBCAK (Error Between Chair and Keyboard), referring to a technical “problem” or “issue” whose root cause lies with the end-user, often because of a common, easily corrected human mistake. The term can be lighthearted and humorous but may be construed as derogatory, making its usage limited exclusively to informal conversations among technical support staff.
PFS. Perfect Forward Secrecy. An encryption technique that generates a unique and temporary session key for every session a user initiates during a private exchange between a client and a server.
PGP. Pretty Good Privacy. An encryption program based on the OpenPGP standard that uses digital signatures and file encryption/decryption to strengthen the security of email communications.
PHI. Protected Health Information. A set of personal data defined by and safeguarded under U.S. law that covers an individual’s demographic and medical background, health conditions, treatment histories, test and laboratory results, insurance coverage, and other healthcare-related information.
PHR. Personal Health Record. A collection of health-related data about an individual, which said person maintains. PHR covers information about the person’s allergies, immunisations/vaccinations, lab and test results, blood type, medications and treatments, underlying medical conditions, and other health-related information.
PIC. Position Independent Code. A piece of computer code that can execute properly regardless of its absolute address in a machine’s primary memory. Widely used to share resource libraries, PICs are also increasingly deployed to improve security by enabling randomisation of address spaces to undermine threat actors’ ability to determine the exact location of executable codes in the target’s memory.
PICNIC. Problem in Chair, Not in Computer. A variant of EBCAK (Error Between Chair and Keyboard) and PEBCAK (Problem Exists Between Chair and Keyboard), referring to a technical “problem” or “issue” whose root cause lies with the end-user, often because of a common, easily corrected human mistake. The term can be lighthearted and humorous but may be construed as derogatory, making its usage limited exclusively to informal conversations among technical support staff.
PID. Process Identifier. A number generated and used by computer systems to uniquely identify each active process in an operating system.
PII. Personally Identifiable Information. Any form of information representing a specific individual that, when used alone or with other data, allows the identity of said individual to be reasonably established.
PIN. Personal Identification Number. A numeric or alphanumeric string that serves as a user’s security passcode or authentication key for using digital/electronic systems such as credit cards, ATM machines, private computer networks, and mobile phones.
PKI. Public Key Infrastructure. The underlying systems, frameworks, and protocols encompassing the harware, software, and processes required to securely manage public key encryption, digital certificates, and information exchange in processes such as internet banking, e-commerce, and email.
PLC. Programmable Logic Controllers. A specific type of computer purposely designed for industrial use such as in robotic control, manufacturing processes, power generation, assembly lines, and mineral extraction. PLCs can be exploited by threat actors to disrupt operations, cause damage, or infiltrate an IT network.
PLD. Payload. The specific object being carried in a data transmission packet. A payload can be benign such as a message string, or malicious such as computer viruses, worms, trojans, and other malware.
PMK. Pairwise Master Key. A cryptographic key used in the security protocols in technologies such as UMTS and WiMax.
PNG. Portable Network Graphics. A file format for raster-type images that supports lossless data compression. Threat actors can code malware in PNG files that are difficult for anti-virus programs to detect.
POA&M. Plan of Action and Milestones. A document that specifies the target milestones for a project or system as well as the allocated timelines and required tasks for each milestone.
PoE. Power over Ethernet. A technology and method for delivering both electrical current and electronic data over Ethernet cabling. Largely used in local area neetworks (LAN), this method enables a single cable to establish data connectivity and provide electrical power to different types of digital devices.
POP. Post Office Protocol. An internet-based protocol widely used by local email clients to retrieve data from remote email servers.
POP. Procedure-oriented Programming. A computer programming paradigm that adopts a linear or top-down approach based on procedures and subroutines.
PP. Protection Profile. A document that specifies a collection of baseline security evaluation requirements or criteria for verifying vendors’ security statements about their IT products. Used as part of standard industry certification processes, a protection profile covers known threats, functional requirements, and security objectives for a given family of services/products.
PPP. Point-to-Point Protocol. A TCP/IP protocol used for establishing direct connectivity (such as through a telephone line) between two computer systems. TCP/IP stands for Transmission Control Protocol/Internet Protocol.
PPP. Public-Private Partnership. In cyber security, a long-term agreement or collaboration between private organisations, public institutions, and IT professionals particularly in sharing intelligence on IT security threats, research, risk mitigation, solutions, and best practices.
PPPoE. Point-to-Point Protocol over Ethernet. A networking protocol widely used by Internet service providers (ISP) to provide high-speed Internet services for digital subscriber line (DSL) customers. Among other things, PPP0E enables communication between network endpoints such as mobile devices.
PPPoEoA. PPPoE over ATM. A computer networking protocol that is typically used to connect domestic broadband modems to internet service providers via phone lines (using DSL — digital subscriber line — technology). More specifically, this is done by channeling PPP frames (data packets) through AAL5 (ATM Adaptation Layer 5, where ATM stands for Asynchronous Transfer Mode).
PPS. Packets per Second. A unit used to measure the throughput or performance of network devices such as routers and switches. One type of DDoS attack aims to overwhelm the target network’s hardware using strategically calibrated (in PPS) packets of data.
PPS. Physically Protected Space. An area or a set of tightly-linked areas within a physically protected perimeter.
PRF. Pseudorandom Function. A family of functions that can be used to generate outputs that are computationally indistinguishable from actual random outputs. PRFs are mainly used to create cryptographic primitives, which are well-established algorithms used to build cybersecurity protocols.
PRNG. Pseudo-Random Number Generator. A mathematical algorithm for generating a sequence of numbers that approximate the nature and properties of true random numbers. PRNG are used in environments that require some degree of randomness such as simulations, games, and cryptography.
PSH. Powershell. A configuration management and task automation tool for the Windows operating system and associated environments. While valuable for system administrators, PSH can also be exploited by threat actors.
PSK. Pre-shared Key. A secret cryptographic code established using a secure channel or method then shared between two parties authorised to use it.
PSPF. Protective Security Policy Framework. A security governance guide developed by the Australian government to help public sector agencies protect their people, information, and assets inside and outside the country.
PSTN. Public Switched Telephone Network. The copper-based, circuit-switched communication infrastructure that enables the exchange of analog voice data across local, national, and international networks.
PT. Penetration Test. An authorised process that simulates a hostile cyberattack used by organisations to test their security posture, evaluate regulatory compliance, and identify system vulnerabilities. Also called pentest, ethical hacking.
PTES. Penetration Testing Execution Standard. A comprehensive guide consisting of seven stages that aims to standardise the implementation process for penetration tests.
PTR. Pointer Record. A piece of information that helps map an IP address to a domain name.
1300 667 871 or +61 7 3220 0352
Level 5, 488 Queen Street, Brisbane, QLD 4000
Level 21, 133 Castlereigh Street, Sydney, NSW 2000
Level 28, 303 Collins Street, Melbourne, VIC 3000