Your browser has 'Cookies' disabled, alert boxes will continue to appear without this feature.

Planned maintenance activity on Wednesday 18 July from 8pm to 10pm AEST may impact performance of the RACGP website.

Practice standards

Computer and information security standards

Glossary of computer and information security terms

The following is a glossary of key technical terms used in this document relevant to computer and information security.

Free software that is supported by advertisements.
A general term for antivirus, antispyware and intrusion detection systems; it covers any type of software that detects and blocks unwanted data and programs.
Antivirus program
Software that searches for known computer viruses.
Ensuring that authorised users have access to information when required.
A copy of the files (system, software and data) in case the original is lost or corrupted.
An access control mechanism used to deny access to certain websites and URLs.
Stores recently used information for quicker access. The term is most commonly associated with the retrieval of web pages. A disk cache is an area of the computer’s memory that stores the most recently read information from the hard disk.
A computer that requests services from a computer called a server (e.g. in a network environment, a client would be your personal computer connected to the network). The client might request print services from a print server when you want to print a document or a file server when you want to access files.
Clinical information system
A computer-based system designed for the collection, storage, retrieval and manipulation of clinical and patient information to assist in healthcare delivery processes.
Computer and information security standards (CISS)
A document that provides guidance on the essential information needed to put in place effective computer and information security.
Ensuring that information is only accessible to those who have authorised access.
Contracted service provider (CSP)
A third-party organisation that can act on behalf of a healthcare provider organisation to deliver health software as a service and facilitate access to the National eHealth record system on behalf of the healthcare provider organisation.
Data sent to a computer by a web server that records browsing behaviour of the user. Cookies are small text files stored on your computer that keep your login and other information, so that a web application or server can keep track of your activity. Cookies are not a security risk in that they are not malicious code or programs and cannot access the data on the computer. However, they can compromise the user’s privacy.
Demilitarised zone (DMZ)
A separation of an internal trusted network from a connection to untrusted external networks such as the internet. It provides an extra layer of security (using firewalls) where public or external access to services such as a website is required. It is also referred to as a perimeter network.
Denial of service (DoS)
A computer network attack that prevents or impairs the authorised use of networks, systems or applications by exhausting resources.
Digital certificate
A mechanism used to establish identity and authenticity of the message sender and/or receiver. It may also be used to encrypt the message.
Domain key identified mail
A security method for associating a domain name (organisational identification) to an email allowing a person or organisation to assert responsibility for the message. The association is set up by means of a digital signature that can be validated by the email recipient.
The process of converting plain text characters into cipher text (i.e. meaningless data) as a means of protecting the contents of the data.
File integrity software
Software that generates, stores and compares message integrity checks for files to detect changes to the files.
A firewall is used to provide added security to messages by acting as a gateway or barrier between a private network and an outside or unsecured network (i.e. the internet). A firewall can be used to filter the flow of data through the gateway according to specific rules.
Hard drive (hard disk drive)
A hardware device used for storing programs and data on a computer.
Physical components of a computer, such as a monitor, hard drive or central processing unit (CPU).
Healthcare provider identifier – individual (HPI–I)
A unique identification number for healthcare professionals and other health personnel involved in providing patient care.
Healthcare provider identifier – organisation (HPI–O)
A unique identification number for organisations (e.g. a hospital or general practice) where healthcare is provided.
Inappropriate usage
When a person violates acceptable use of any network or computer policies.
A violation or imminent threat of violation of computer and information security policies, acceptable use of policies or standard security practices.
Individual healthcare identifier (IHI)
A unique identification number for individuals who seek healthcare.
Information security
The protection of confidentiality, integrity and availability of information.
Maintaining and safeguarding the accuracy and completeness of information and data.
Internet service provider (ISP)
A company that provides access to the internet.
Local area network (LAN)
A group of connected (networked) computers in the same location such as an office building or company.
Log file
Contains records of events that have occurred, automatically generated by the software or hardware.
Short for malicious software or code
the term used to describe software programs that are designed to damage data or perform unwanted actions. It is used as the collective term for viruses, worms, trojans and spyware.
A form of attack where an attacker intercepts the message exchange and makes independent connections with the correspondents, then relays messages between them. The correspondents believe they are communicating directly when in fact they are being sent messages via the attacker.
Mirrored hard disk
An additional hard disk that contains a mirror image of the original disk. If the original disk fails or becomes faulty, the mirrored disk can be used.
Acronym for modulator – demodulator: a device used to transmit computer information across the telephone network (by converting computer or digital signals into analogue signals and vice-versa). It can be used to allow users to connect to the office network while they are away from the office (e.g. at home or travelling), or to connect computers to the internet via a dial-up or broadband connection to an internet service provider.
National Authentication Service for Health (NASH)
Australia’s nationwide secure and authenticated service for healthcare delivery organisations and personnel to exchange sensitive eHealth information.
A collection of connected computers and peripheral devices used for information sharing and electronic communication.
Network drive
In the simplest case, a network drive is a complete hard disk/drive on a network server that is made available to users on the network.
Network interface card (NIC)
Also called a network adapter, an NIC is a hardware device (located inside the computer) that allows the computer to connect to a network and communicate with other computers on the network.
Means that you cannot deny having performed a transaction (e.g. if you send an email to your bank asking them to transfer money out of your account, non-repudiation means you cannot later deny having sent the email). Use of encryption and digital certificates provides non-repudiation capabilities.
Operating system
Software that communicates with the computer hardware at a basic level, allowing application software to function. For example, Macintosh, Windows and Linux are types of operating systems.
Organisation Maintenance Officer (OMO)
The OMO is registered with the Healthcare Identifiers Service (HI Service) and acts on behalf of the organisation in its dealings with the national e-health record System Operator. The OMO’s primary role is to undertake the day-to-day administrative tasks in relation to the HI Service and the eHealth record system. A healthcare organisation can have multiple OMOs. An OMO needs to be someone who is familiar with the IT system used by their organisation.
A piece of software applied to fix or update software programs or the operating system.
Peripheral device
A device attached to a network or a computer that provides input and output such as a keyboard or a printer.
Fake emails and websites attempting to acquire usernames, passwords and credit card details without authorisation or permission.
Proxy/proxy server
A server that all requests from computers on a local network have to pass through to access the internet. It can improve internet access speeds as it uses caching to save recently viewed web pages, images and files. It also acts as a filter for what is allowed into the local network.
Also known as crypto-viruses, crypto-trojans, crypto-worms: refers to a type of malware that prevents access to the computer system or the data, and demands a ‘ransom’ is paid. Ransomware works in one of two ways: by encrypting files with a password, which prevents access to them, or a ‘lock screen’ message, which displays an image or webpage that prevents access to anything else on the computer.
When you restart your computer. You might be required to reboot your computer in some instances (e.g. after installing new software) to enable the changes to take effect.
Redundant array of independent disks (RAID)
A method for storing data on multiple hard disks in a computer. This can improve performance and fault tolerance.
A database used by Microsoft Windows to store system configuration information about the software installed on a computer. It should never be tampered with unnecessarily as this can lead to your computer not functioning properly.
Remote access
The ability to gain access to a network or system that is not in the same physical location.
Remote desktop protocol (RDP)
A Microsoft program to connect remotely from one computer to another over a network connection.
Responsible Officer (RO)
An RO is registered with the Healthcare Identifiers Service (HI Service) and has authority to act on behalf of the seed organisation in its dealings with the eHealth record ‘System Operator’ and the HI Service Operator. The RO has primary responsibility for their organisation’s compliance with participation requirements in the eHealth record system. For large organisations the RO is usually the CEO; however, for smaller business organisations the RO could be the practice manager or business owner.
A group of programs and files designed to gain unauthorised access to a computer using full administrative privileges.
A device that provides connectivity between networks (e.g. between your internal network and the internet). A router forwards data from one network to the other and vice-versa. Many routers also have built-in firewall capabilities.
Secure socket layer (SSL)
SSL is a protocol to securely transfer files and messages over the internet using encryption.
Sender policy framework
An email validation system designed to detect and block spoofed (forged) emails by verifying the sender’s email server before delivering email to a recipient’s inbox.
Typically a computer in a network environment that provides services to users connected to a network (or ‘clients’), such as printing, accessing files and running software applications. A server can be used as a central data repository for the users of the network.
Social engineering
An attempt to trick someone into revealing information (e.g. a password) that can be used to attack systems or networks.
A program (or group of programs) that performs specific functions, such as word processor or spreadsheet programs.
Unsolicited or junk email. Often it is simply nuisance email, but it can entice you to provide confidential personal information (e.g. banking passwords).
Spoofing is where a person or program pretends to be another by faking information or data. Email spoofing is where an email appears to have originated from one source when it actually was sent from a fake email address.
Programs that are downloaded from the internet onto your computer (sometimes without your knowledge) to covertly send back information (e.g. your personal details) to the source.
Standalone computer
A computer that is not connected to a network or to other computers.
A potential event that could cause harm to information or an information system.
Transport layer security (TLS)
A protocol for providing security over the internet using encryption. It can be enabled on email servers to allow secure transmission of messages, and it is transparent to the email user. 
Malware disguised as a real program.
Unauthorised access
Attempting to gain access or gaining access without permission to a network, system, application or data.
Uniform resource locator (URL)
The address for an internet website, page or file, such as
Uninterruptible power supply (UPS)
Battery backup to maintain power for a specified time period during power outages.
USB flash drive
A memory data storage device integrated with a USB (universal serial bus) interface.
Virtual private network (VPN)
Creates a secure connection (using encryption) between specific locations or networks across the internet or a wide area network.
A malicious software program that can create copies of itself on the same computer and on others, and attach these copies to files and emails to spread itself.
Weakness in an information system that could be exploited by a threat or action.
An access control mechanism to allow access only to websites and URLs listed.
Wide area network (WAN)
A network that is not restricted to a local area. Using telephone lines, fibre-optic cable and satellite links, it can span long distances.
Wireless networking standard that enables transmission of data over wireless networks.
Wi-Fi protected access (WPA)
A security protection method using encryption to create secure wireless (Wi-Fi) networks.
Wi-Fi protected access 2 (WPA2)
A more advanced and security protection method than WPA using encryption to create secure wireless (Wi-Fi) networks.
A self-replicating computer program (similar to a computer virus) that uses the network to send copies to other computers.
Zero day exploits
A malicious computer attack that takes advantage of security vulnerability before it is known or patched.
Advertisement loading...