Centre for Critical Infrastructure Protection

A-E:

Advisory

• A vulnerability that is deemed by the CCIP Operations Centre to be of significant importance and is posted directly to the CCIP subscribers via mailing lists. In addition, the advisory may be posted on the CCIP website if released for public information.

Back Door

• Hidden software or hardware mechanism used to circumvent security controls.

Banking and Finance Sector

• The infrastructure sector comprising organisations that allow for the management of money, credit, banking and investments, such as: banks, investment providers, credit and loan providers.

Biometrics

• The emerging field of technology devoted to identification of individuals using biological traits, such as those based on retinal or iris scanning, fingerprints, palm prints or face recognition. Used as an authentication mechanism.

Botnets

• A collection of compromised computers (called Zombie computers) running malicious programs under a command and control infrastructure.

Buffer Overflow

• A common exploit method which takes advantage of poor programming techniques, in particular the lack of 'bounds checking' on user input. May allow an attacker to insert and execute code into the overflow area.

CCIP

• Centre for Critical Infrastructure Protection

CIIP

• Critical Information Infrastructure Protection

CNI

• Critical National Infrastructure

Code

• Written computer instructions to execute computer commands.

Compromise

• Disclosure of information to unauthorised individuals, or a violation of the security policy of a system, in which unauthorised, intentional or unintentional disclosure, modification, destruction, interruption, use of assets or loss of information may have occurred. A compromise may not necessarily inflict damage on a system.

Computer Fraud

• A fraud committed with the aid of, or directly involving the use of information and communications technology assets.

DDoS

• Distributed Denial of Service. An attack in which a multitude of compromised systems attack a single target, thereby causing a Denial of Service for users of the targeted system.

Defacement

• A form of malicious hacking in which a Web Site is 'vandalised'.

Digital Certificate

• An electronic file that contains user credentials. Issued by a certification authority (CA), it may contain the user name, a serial number, expiration dates, a copy of the certificate holder's public key, and the digital signature of the issuing authority so a recipient can verify the authenticity of the certificate.

Digital Signature

• A method for verifying that a message originated from the intended source and that it has not changed en route.

Domain

• The part of a computer network in which the data processing resources are under common control.

DoS

• Denial of Service. An attack on a computer network that is designed to disrupt normal traffic by means of flooding the server with false requests.

Electronic Attack

• An attack using one computer system to compromise (without authority) another computer system with malicious intent.

Emergency Services Sector

• The infrastructure sector comprising organisations responsible for emergency management and response, such as: fire, police, ambulance and civil defence.

Encryption

• The technique of obscuring the contents of a message messages to protect their contents.

Exploit

• A general term referring to the methods and tools used to attack and/or exploit a vulnerability in an information system.