A NSW Government website

NSW Government
Digital NSW

Glossary

Agency Heads

a) in the case of a Department – the Secretary of the Department, or
b) in any other case – the head of the agency listed in Part 2 or 3 of Schedule 1 of the Government Sector Employment Act 2013.

Access Control

The process of granting or denying requests for access to systems, applications and information. Can also refer to the process of granting or denying requests for access to facilities.

ACSC

Australian Cyber Security Centre.

Application control

An approach in which only an explicitly defined set of applications are allowed to run on systems.

Audit log

A chronological record of system activities including records of system access and operations performed.

Audit trail

A chronological record that reconstructs the sequence of activities surrounding, or leading to, a specific operation, procedure or event.

Authentication

Verifying the identity of a user, process or device as a prerequisite to allowing access to resources in a system.

Authorisation

The process of defining or verifying permission for a specific identity or device to access or use resources in a system.

Availability

The assurance that systems and information are accessible and useable by authorised entities when required.

Business continuity plan

A business continuity plan is a document that outlines how an organisation can ensure its critical business functions will: continue to operate despite serious incidents or disasters that might otherwise have interrupted them; or will be recovered to an operational state within a reasonably short period.

Breach (data)

When data is lost or subjected to unauthorised access, modification, disclosure, or other misuse or interference.

Breach (security)

A cyber incident that results in unauthorised access to data, applications, services, networks and/or devices by bypassing their underlying security mechanisms.

CIO

Chief Information Officer.

CISO

Chief Information Security Officer.

Classification

The categorisation of systems and information according to the expected impact if it was to be compromised.

Critical infrastructure

Physical facilities, supply chains and ICT networks which, if destroyed, degraded or rendered unavailable for an extended period, would significantly impact the social or economic wellbeing of the nation, or affect its ability to conduct national defence and ensure national security.

Crown jewels

The most valuable or operationally vital systems or information in an organisation.

Cyber attack

A deliberate act through cyberspace to manipulate, disrupt, deny, degrade or destroy computers or networks, or the information resident on them, with the effect of seriously compromising national security, stability or economic prosperity.

Note: There are multiple global definitions of what constitutes a cyber attack.

Cybercrime

Crimes directed at computers, such as illegally modifying electronic data or seeking a ransom to unlock a computer affected by malicious software. It includes crimes where computers facilitate an existing offence, such as online fraud or online child sex offenders.

Cyber crisis

Major disruptions to services and operations, with genuine risks to critical infrastructure and services that pose risks to the safety of citizens and businesses. These often result in intense media interest as well as large demands on resources and critical services.

Cyber event

An identified occurrence of a system, service or network state indicating a possible breach of security policy or failure of safeguards.

Cyber incident

An occurrence or activity that may threaten the confidentiality, integrity or availability of a system or the information stored, processed or communicated by it.

Cyber incident response plan

A plan for responding to cyber security incidents.

Cyber security

Measures used to protect the confidentiality, integrity and availability of systems, devices and the information residing on them.

Disaster recovery plan

Outlines an organisation’s recovery strategy for how they are going to respond to a disaster.

Essential Eight

The eight essential mitigation strategies that the ASD recommends organisations implement as a baseline to make it much harder for malicious actors to compromise their systems and data.

Exercise – functional (simulation)

Functional exercises take place in a simulated operational environment where participants perform their roles and responsibilities during a cyber incident. Functional exercises allow an organisation to test their equipment, software, hardware and communication during a cyber incident. 

Forensic artefacts and simulated attacks can be introduced by the control team so that participants can test their ability to detect and respond to threats.

Functional exercises are suitable for testing crisis communication and cooperation, in addition to evaluating the organisation’s cyber incident response processes.

Exercise – tabletop

Also known as a tabletop exercise, a discussion exercise has participants discuss a hypothetical cyber incident and propose approaches for remediation and recovery, while referencing the organisation’s cyber incident response plan and associated processes. 

Discussion exercises are led by a facilitator who guides exercise engagement and ensures participant discussion remains focused through the use of prompting questions.  

Discussion exercises are suitable for reviewing and evaluating cyber incident response processes.

Full backup

Full restoration of backups is tested at least once when initially implemented and each time fundamental information technology infrastructure changes occur.

IACS

Industrial Automation and Control Systems, also referred to as Industrial Control System (ICS), include “control systems used in manufacturing and processing plants and facilities, building environmental control systems, geographically dispersed operations such as utilities (i.e., electricity, gas, and water), pipelines and petroleum production and distribution facilities, and other industries and applications such as transportation networks, that use automated or remotely controlled or monitored assets.” (IEC/TS 62443-1-1 Ed 1.0)

ICT

Information and communications technology, also referred to as information technology (IT), includes software, hardware, network, infrastructure, devices and systems that enable the digital use and management of information and the interaction between people in a digital environment.

ISMS

An information security management system “consists of the policies, procedures, guidelines, and associated resources and activities, collectively managed by an organisation, in the pursuit of protecting its information assets. An ISMS is a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organisation’s information security to achieve business objectives”. (ISO/IEC 27000:2018)

Incident response plan

A plan for responding to cyber incidents.

Information security

The protection of information and information systems from unauthorised access, use, disclosure, disruption, modification or destruction in order to provide confidentiality, integrity and availability.

Internet of Things (IoT)

The network of physical objects, devices, vehicles, buildings and other items which are embedded with electronics, software, sensors and network connectivity, which enables these objects to connect to the internet and collect and exchange data.

Macro

An instruction that causes the execution of a predefined sequence of instructions.

Multi-factor authentication

A method of computer access control in which a user is granted access only after successfully presenting several separate pieces of evidence to an authentication mechanism – typically at least two of the following categories: knowledge (something they know), possession (something they have), and inherence (something they are).

NSW CCSO

NSW Chief Cyber Security Officer.

NSW Government shared service providers

Any departments, agencies or statutory authorities that provide services to entities covered by the NSW Cyber Security Policy.

Operational Technology (OT)

Operational technology is hardware and software that detects or causes a change, through the direct monitoring and/or control of industrial equipment, assets, processes and events.

PABX

A Private Automatic Branch Exchange is an automatic telephone switching system within a private enterprise.

Partial backup

A partial restoration would be anything less than a full restoration. The expectation would be at least any chosen file or database.

Patching

The action of updating, fixing, or improving a computer program.

Portfolio (also lead portfolio department or department)

Officially defined as departments in Government Sector Employment Act 2013 Schedule 1, portfolios are the eleven groups into which NSW Government agencies are organised to enhance coordination and provision of related services and policy development. This reflects the machinery-of-government changes effective in 2023.

Position of Trust

A position that involves duties that require a higher level of assurance than that provided by normal employment screening. In some organisations additional screening may be required.

Positions of trust can include, but are not limited to, an organisation’s Chief Information Security Officer and their delegates, administrators or privileged users.

Privileged user

A user who can alter or circumvent a system’s security measures. This can also apply to users who could have only limited privileges, such as software developers, who can still bypass security measures.

A privileged user can have the capability to modify system configurations, account privileges, audit logs, data files or applications.

Public service agency

Section 3 of the Government Sector Employment Act defines a Public Service agency as:

  • a Department (listed in Part 1 of Schedule 1 to the Act), or
  • a Public Service executive agency (being an agency related to a Department), or
  • a separate Public Service agency.

Remote access

Access to a system that originates from outside an organisation’s network and enters the network through a gateway, including over the internet.

Risk appetite

“Amount and type of risk that an organisation is willing to pursue or retain.” (ISO/Guide 73:2009)

Risk, inherent

The current risk level given the existing set of controls rather than the hypothetical notion of an absence of any controls.

Risk, residual

The rating of the current risk that remains after application of existing mitigating controls and/or other existing risk treatment.

Risk tolerance

“Organisation’s or stakeholder’s readiness to bear the risk, after risk treatment, in order to achieve its objectives.” (ISO/Guide 73:2009)

Secure-by-design principles

An approach to software and hardware development that tries to minimise vulnerabilities by designing from the foundation to be secure and taking malicious practices for granted.

Significant cyber incident

Significant impact to services, information, assets, NSW Government reputation, relationships and disruption to activities of NSW business and/or citizens. Multiple NSW Government agencies, their operations and/or services impacted. May involve a series of incidents having cumulative impacts.

State owned corporation

Commercial businesses owned by the NSW Government: Essential Energy, Forestry Corporation of NSW, Hunter Water, Landcom, Port Authority of NSW, Sydney Water, Transport Asset Holding Entity of NSW (TAHE), Water NSW.

Supply chain

A system of organisations, people, activities, information and resources involved in supplying a product or service to a consumer.

Systems

Software, hardware, data, communications, networks and includes specialised systems such as industrial and automation control systems, telephone switching and PABX systems, building management systems and internet connected devices.