Glossary

Australian IT & cybersecurity terms, plainly defined.

AU compliance and security glossary for mid-market IT leaders

14 short definitions for the regulatory, compliance and cybersecurity terms that come up in mid-market IT engagements — calibrated for AU context, not generic global summaries.

Essential Eight
E8
The Australian Cyber Security Centre's baseline of eight mitigation strategies — the most widely cited cybersecurity framework for AU mid-market firms.
Read full definition →
ACSC
Australian Cyber Security Centre
The Australian Government's lead agency for cybersecurity advice, threat intelligence and incident response — part of the Australian Signals Directorate.
Read full definition →
APRA
Australian Prudential Regulation Authority
The Australian prudential regulator for banks, credit unions, mutuals, insurers and super funds — and the publisher of CPS 234 and CPS 230.
Read full definition →
CPS 234
APRA CPS 234 · Prudential Standard CPS 234
APRA's prudential standard for information security — board-accountable, in force since 1 July 2019, applies to all APRA-regulated entities.
Read full definition →
CPS 230
APRA CPS 230 · Prudential Standard CPS 230
APRA's prudential standard for operational risk management — in force from 1 July 2025, replaces CPS 231 and CPS 232.
Read full definition →
Privacy Act 1988
Privacy Act · Privacy Act (Cth)
The Commonwealth statute governing how personal information is handled — the foundation of Australian privacy law, regulated by the OAIC.
Read full definition →
Notifiable Data Breaches scheme
NDB · NDB scheme
The Privacy Act regime that requires notification of eligible data breaches to the OAIC and affected individuals — in force since February 2018.
Read full definition →
Australian Privacy Principles
APP · APPs · Australian Privacy Principle
The thirteen principles in the Privacy Act that govern how personal information may be collected, held, used, disclosed and disposed of.
Read full definition →
OAIC
Office of the Australian Information Commissioner
The Australian regulator for privacy and freedom of information — administers the Privacy Act and the Notifiable Data Breaches scheme.
Read full definition →
Maturity Level 2 (ML2)
ML2 · Essential Eight ML2
The intermediate maturity level in the ACSC Essential Eight model — calibrated for adversaries with moderate capability who target organisations specifically.
Read full definition →
Maturity Level 3 (ML3)
ML3 · Essential Eight ML3
The advanced maturity level in the ACSC Essential Eight model — calibrated for organisations facing well-resourced, persistent adversaries.
Read full definition →
Information Security Manual
ISM · ASD ISM · ACSC ISM
The ACSC's comprehensive cybersecurity standard — the technical baseline that government entities must apply and that mid-market firms increasingly reference.
Read full definition →
Protective Security Policy Framework
PSPF
The Commonwealth framework for protective security across non-corporate government entities — covers governance, personnel, physical and information security.
Read full definition →
SOCI Act
SOCI · Security of Critical Infrastructure Act
The Australian statute regulating critical infrastructure cybersecurity — covers eleven sectors including financial services, healthcare, energy, communications and data storage.
Read full definition →