Cryptiq Cybersecurity Security First IT Solutions
Home  /  Security Glossary

Security glossary

Plain-English definitions of the cyber security terms you'll hear from any provider — so you can make informed decisions.

A–Z

Key terms, explained simply

Essential Eight
A baseline of eight mitigation strategies from the Australian Cyber Security Centre (ACSC) that, implemented together, significantly reduce the risk of cyber attacks. The eight are: application control, patch applications, configure Microsoft Office macros, user application hardening, restrict administrative privileges, patch operating systems, multi-factor authentication, and regular backups.
Maturity Level
A 0–3 rating used to measure how completely an Essential Eight strategy is implemented, from Level 0 (not in place) to Level 3 (fully and consistently implemented).
SOC (Security Operations Centre)
A team and toolset that monitors an organisation's systems 24/7 to detect, investigate and respond to security threats. A Managed SOC delivers this as an outsourced service.
SIEM (Security Information and Event Management)
Software that collects and correlates logs and events from across your environment to detect suspicious activity. Cryptiq builds SIEM on Microsoft Sentinel.
SOAR (Security Orchestration, Automation and Response)
Tools that automate repetitive security tasks and coordinate response actions, so analysts can react to threats faster.
MFA (Multi-Factor Authentication)
A login that requires more than just a password — for example a code from an app or a security key — making stolen passwords far less useful to attackers.
EDR (Endpoint Detection and Response)
Advanced security software on laptops, desktops and servers that detects, blocks and helps investigate threats on the device itself.
vCISO (Virtual Chief Information Security Officer)
An outsourced, part-time security leader who provides strategy, risk management, framework alignment and board-level reporting without the cost of a full-time executive.
Zero Trust
A security model that assumes no user or device is trusted by default. Every access request is verified based on identity, device health and context, regardless of network location.
Conditional Access
Policies that allow or block access based on signals such as user, device, location and risk — a core building block of Zero Trust.
Phishing
A social-engineering attack where criminals impersonate a trusted party to trick people into revealing credentials, paying fake invoices or installing malware.
Business Email Compromise (BEC)
A targeted scam where attackers compromise or impersonate a business email account to redirect payments or steal information.
Ransomware
Malicious software that encrypts your data and demands payment to restore access. Tested backups and strong identity controls are the best defences.
NDB (Notifiable Data Breaches)
An Australian scheme under the Privacy Act requiring organisations to notify the OAIC and affected individuals when an eligible data breach is likely to cause serious harm.
ISO 27001
An international standard for an Information Security Management System (ISMS), providing a framework for managing security risk systematically.
APRA CPS 234
An Australian prudential standard requiring APRA-regulated entities to maintain information security capability proportionate to the threats they face.
SMB1001
A tiered Australian cyber security certification standard designed to be achievable for small and medium businesses.
PSPF (Protective Security Policy Framework)
The Australian Government framework setting out protective security requirements for government entities.
ISM (Information Security Manual)
The ACSC's detailed catalogue of security controls used by government and industry to protect systems and data.

Still have questions?

Our Australian team is happy to explain anything in plain English — no jargon, no pressure.

Talk to us