Acronym Flashcards
AAA
Authentication, Authorization, Accounting:
- Authentication has 2 components: Identification (Username or email address) and the authentication factor (Something you know, Something you have, Something you are, Somewhere you are or are not, Something you do)
- Authorization: the rights and privileges assigned to a user to be able to perform their job.
- Accounting or Auditing: Accounting is the process of recording system activities and resource access. Auditing is part of accounting where an administrator examines logs of what was recorded.
ABAC
Attribute-based Access Control:
Access control based on different attributes: group membership, OS being used, IP address, the presence of up-to-date patches and anti-malware, geographic location. Typically used in an SDN (Software Defined Network).
ACL
Access Control List
AES
Advanced Encryption Standard:
A symmetric block cipher. Three different block sizes; 128, 192, & 256 bit. Used in BitLocker
AH
Authentication Header
AI
Artificial Intelligence
ALE
Annual Loss Expectancy:
The amount of money an organization would lose over the course of a year. The formula is the SLE (Single Loss Expectancy) times the ARO (Annual Rate of Occurrence). SLE x ARO = ALE.
AP
Access Point:
Sometimes referred to as a WAP (Wireless Access Point). An AP is a bridge between wireless and wired networks.
API
Application Programming Interface:
A software module or component that identifies inputs and outputs for an application
APT
Advanced Persistent Threat:
An attack that uses multiple attack vectors, attempt to remain hidden as to maintain a connection to compromised systems. You can normally tie this to nation-states (foreign countries)
ARO
Annual Rate of Occurrence:
The number of times a year that a particular loss occurs. It is used to measure risk with ALE and SLE in a quantitative risk assessment
ARP
Address Resolution Protocol:
Matches the MAC address to a known IP address. Easily spoofed, used in MITM (Man-in-the-Middle) attack.
ASCII
American Standard Code for Information Interchange
ATT&CK
Adversarial Tactics, Techniques, & Common Knowledge
AUP
Acceptable Use Policy
AV
Asset Value
BASH
Bourne Again Shell
BCP
Business Continuity Planning
Need to identify critical business systems, which systems need to be protected the most, and have resources available to help recover them
BEC
Business Email Compromise
BIA
Business Impact Analysis
BPA
Business Partnership Agreement
BYOD
Bring Your Own Device
CA
Certificate Authority:
Sometimes referred to as PKI (Public Key Infrastructure). Issues and signs certificates, and maintains the public / private key pair.
CASB
Cloud Access Security Broker
Enterprise management software
designed to mediate access to cloud services by users across all types of devices
CCA
Chosen Cipher Attack
CCTV
Closed-circuit Television
Detective Control, Deterrent Control
CEO
Chief Executive Officer
CER
Cross-over Error Rate
A metric for biometric technologies are rated. The CER is the point where the FRR (False Rejection Rate) and FAR (False Acceptance Rate) meet. The lowest possible CER is most desirable.
CERT
Computer Emergency Response Team
CFO
Chief Financial Officer
CHAP
Challenge Handshake Authentication Protocol
An encrypted authentication protocol normally used for remote access.
CIA
Confidentiality, Integrity, Availability
CI/CD
Continuous Integration / Continuous Delivery
CIO
Chief Information Officer
CIRT
Computer Incident Response Team
CIS
Center for Internet Security
CISO
Chief Information Security Officer
COOP
Continuity of Operations Plan
Designing operations and systems to be as little affected by an incident and to have resources to recover from them.
COPE
Corporate Owned, Personally Enabled
Company owns and supplies the device. The employee may use the device for web browsing, personal email, and personal social media sites.
CPU
Central Processing Unit
CRC
Cyclic Redundancy Check
CRL
Certificate Revocation List
A list of certificates that were revoked before they were configured to expire
CSF
Cybersecurity Framework
CSP
Cloud Service Provider
CSR
Certificate Signing Request
When a subject wants a certificate, it completes a CSR and submits it to a CA (Certificate Authority)
CTO
Chief Technology Officer
CVE
Common Vulnerabilities and Exposures
This is a place to find out what platforms have vulnerabilities
CVSS
Common Vulnerability Scoring System
This scoring system lets you know the criticality / impact to the system
CYOD
Choose Your Own Device
A mobile deployment model where the company gives the employees a list of approved mobile devices they can use on the corporate network. This helps keep the devices with more current models.
DAC
Discretionary Access Control
Access control is set by the data owner, or possibly the administrator. The permissions can be applied to a group or an individual.
DBA
Database Administrator
dd command
Data Duplicator
Linux command that makes a bit-by-bit copy of an input file, typically used for disk imaging
DDoS
Distributed Denial of Service
Many devices attacking a single device. The devices can be PCs’ laptops, DVRs, Webcams, etc. This type of attack is carried out via a botnet, and the devices are known as drones or zombies.
DES
Digital Encryption Standard
Considered weak encryption, symmetric block cipher that encrypts in blocks of 64 bits and uses a 56-bit key. This method is deprecated and the easiest upgrade is 3DES (Triple DES). Considered weak encryption and has been deprecated
DHCP
Dynamic Host Configuration Protocol
A protocol that provides an automated process of assigning IP addresses. Can also issue optional parameters such as DNS address, DNS suffix, Default Gateway, and subnet mask. Uses Ports 67 & 68 UDP
DKIM
Domain Keys Identified Mail
DLL
Dynamic Link Library
Is a binary package used to implement functionality, such as cryptography or establishing a network connection
DLP
Data Loss Prevention
A hardware or software solution that prevents a certain type of information from being exfiltrated from a device or network. Data like PII (Personally Identifiable Information), credit card numbers, Social Security numbers, data that is sensitive using keywords. USB blocking is a form of DLP. Preventing this type of information from being printed is another protection.
DMARC
Domain Message Authentication Reporting and Conformance
Prevents phishing and spear phishing attacks against an organization’s email server
DNS
Domain Name Service (Server)
A service that maps / resolves host names to an IP address. Use Port 53 UDP for DNS queries, uses Port 53 TCP for Zone Transfers
DNSSEC
Domain Name System Security Extensions
A security protocol
that provides authentication of DNS data and upholds DNS data integrity
DoS
Denial of Service
Is an attack that is one to one. Anything that can keep a device or user from accessing a service or information is a denial of service. One user flooding other user’s accounts with email attachments until the email box is full, cut the network cable or power are just a few examples.
DPO
Data Protection Officer
DRP
Disaster Recovery Plan
DSA
Digital Signature Algorithm
Public key encryption used for digital signatures. This is an asymmetric encryption method
EAP
Extensible Authentication Protocol
EAP allows different authentication methods, most of using a digital certificate on the server and/or the client
EAP-TLS
Extensible Authentication Protocol-Transport Layer Security
Requires certificates on the clients and server
EDR
Endpoint Detection and Response
A software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats
EF
Exposure Factor
ELB
Electronic Load Balancer
EOL
End of Life
When systems or applications are no longer supported by the manufacturer or developer.
ESP
Encapsulated Security Payload
An IPSec protocol that does the same as for AH (Authentication Header), but also encrypts/encapsulates the entire payload/packet. Uses protocol # 50.
EULA
End User Licensing Agreement
EXIF
Exchangeable Image File Format
FAR
False Acceptance Rate
A Type II error. The ratio of when a biometric system authenticates an unauthorized user as an authorized user.
FDE
Full Disk Encryption
This means that the entire contents of the drive (or volume), including system files and folders, are encrypted. Two methods are BitLocker and PGP Whole Disk Encryption. This is a software-based or an operating system encryption method. These methods are more CPU intensive processes.
FIM
File Integrity Monitoring
FPGA
Field Programmable Gate Array
FRR
False Rejection Rate
Type I error. The ratio in which a biometric system rejects an authorized user.
FTP
File Transfer Protocol
Uploads and downloads large files to and from an FTP server. FTP transmits data in plaintext. FTP active mode uses TCP port 21 for control and TCP port 20 for data transfer. FTP passive mode (PASV) also uses TCP port 21 for control signals, but it uses a random TCP port for data.
If the user can connect to the FTP but not upload or download, disable PASV (passive mode)
FTPS
Secure File Transfer Protocol / FTP over SSL
Ports 989 & 990 TCP,
transfer in plain text or encrypted via “Explicit” mode, forced to use encryption is “Implicit” mode
FWSM
Firewall Service Module
Gbps
Gigabit per second
GDPR
General Data Protection Regulation
Provisions and requirements
protecting the personal data of European Union (EU) citizens
GLBA
Gramm-Leach-Bliley Act
GPO
Group Policy Object
Group Policy Object is a component of Group Policy (in Microsoft Active Directory) that can be used in Microsoft operating systems to control user accounts and user activity.
GPS
Global Positioning System
GPS is a way of determining a device’s position (its latitude and longitude) based on information received from GPS satellites. The device must have line-of-sight to the GPS satellites. GPS provides another means of locating the device.
HA
High Availability
The key premise is that systems are resilient and redundant. HA is the percentage of uptime a system is able to maintain over a period of a year. For example, 99% would equal being down 3.65 per year of 14 minutes per day. The five 9’s, 99.999%, would equal being down 5.25 minutes per year or .86 seconds per day.
HDD
Hard Disk Drive
HIDS
Host-Based Intrusion Detection System
HIPAA
Health Insurance Portability Accountability Act
HIPS
Host-Based Intrusion Prevention System
HR
Human Resources
HSM
Hardware Security Module
Provides root of trust, stores cryptographic keys, can also work as an SSL accelerator
HTTP
Hypertext Transfer Protocol
Port 80 TCP, plaintext
HTTPS
Hypertext Transfer Protocol Secure
Port 443 TCP, requires certificates and TLS
HVAC
Heating, Ventilation, Air Conditioning
Provides availability
IaaS
Infrastructure as a Service
This type of service you have the most control.
IaC
Infrastructure as Code
A provisioning architecture in which deployment of resources is performed by scripted automation and orchestration.
IAM
Identity and Access Management
ICMP
Internet Control Message Protocol
Suite containing ping, tracert, and pathping
ICS
Industrial Control Systems
IdP
Identity Provider
IDS
Intrusion Detection System
Out-of-band. If anomaly, heuristic, or behavioral-based, need to establish a baseline first. Detects attacks and sends an alert.
IKE
Internet Key Exchange
IoC
Indicators of Compromise
IoT
Internet of Things
IoT includes any connecting to the Internet that is not a PC, tablet, or laptop.
IP
Internet Protocol
IPS
Intrusion Prevention System
IPS are in-band, either Signature-based or Anomaly-based.
IPSec
Internet Protocol Security
IPSec is used to secure data-in-transit. Works at Layer 3 of the OSI, and has two modes: transport and tunneling. In Transport mode, only the data is encrypted, not the header. in Tunnel mode, the packet and header are encrypted.
IR
Incident Response
IRC
Internet Relay Channel
IRP
Incident Response Plan
Specific procedures that must be performed if a certain type of event is detected or reported
ISA
Interconnection Security Agreement
ISAC
Information Sharing and Analysis
Center
Not-for-profit group set up to share sector-specific threat intelligence and security best practices amongst its members.
ISO
International Organization for Standardization
ISP
Incident Service Provider
JSON
JavaScript Object Notation
KMS
Key Management System
L2TP
Layer 2 Tunneling Protocol
Port 1701 UDP, uses IPSec
LAN
Local Area Network
LDAP
Lightweight Directory Access Protocol
Port 389 TCP, plaintext
LDAPS
Secure Lightweight Directory Access Protocol
Port 636 TCP, requires PKI/CA, uses TLS
LEAP
Lightweight Extensible Authentication Protocol
Does not require certificates, deprecated & replaced with EAP-FAST
MAC
Mandatory Access Control
Resources (objects) and users
(subjects) are allocated a clearance level (or label), or a “need to know” basis
MAC
Media Access Control:
A network data transfer policy that determines how data is transmitted between two computer terminals through a network cable.
MAM
Mobile Application Management
Enterprise management function that enables control over apps and storage for mobile devices and other endpoints
MD5
Message Digest 5
Hashing algorithm, 128 bit, fastest, provides an integrity check.
MDM
Mobile Device Management
The process and supporting technologies for tracking, controlling, and securing the
organization’s mobile infrastructure
MFA
Multifactor Authentication
Two or more factors from the following:
- Something you know
- Something you have
- Something you are
- Something you do
- Somewhere you are or are not
MiTM
Man in the Middle:
A man-in-the-middle (MITM) attack is a cyberattack where a criminal inserts themselves between two parties to intercept their communication. The attacker can then steal data or manipulate it without the victim’s knowledge.
MOA
Memorandum of Agreement:
A written contract between parties to work together on a project or goal
MOU
Memorandum of Understanding
A non-binding agreement between two or more parties. It’s a formal document that outlines the parties’ intentions, roles, and objectives.
MPLS
Multiprotocol Label Switching
A network routing technique that uses labels to direct data packets to their destinations.
MSA
Master Service Agreement
A contract that establishes the terms and conditions of a business relationship between two parties.
MS-CHAP
Microsoft Challenge-Handshake
Authentication Protocol
A password-based authentication method that’s used for secure user logins.
MSP
Managed Service Provider
A third-party company that manages a customer’s IT systems and information.
MSSP
Managed Security Service Provider
A third-party company that offers cybersecurity services to organizations.
MTBF
Mean Time Between Failures
The system can be repaired, the reliability of the system, need a redundant/fail-over system while the system is being repaired.
MTTF
Mean Time to Failure
Life expectancy of a system, cannot be repaired.
MTTR
Mean Time to Repair
The actual time it took to bring a system back online.
NAC
Network Access Control
Make sure systems have current Operating System updates and Antivirus updates.
NAT
Network Address Translation
Many internal IP addresses mapped to one external IP address.
NDA
Non-disclosure Agreement
NFC
Near-field Communication:
A wireless technology that allows devices to communicate when they are very close together.
NGFW
Next-generation Firewall:
A security device that protects networks by analyzing traffic and blocking potentially dangerous traffic.
NIC
Network Interface Card:
An essential component of any computer that connects it to the network.
NIDS
Network-based Intrusion Detection System
NIDS can also perform rogue system detection.
NIPS
Network-based Intrusion Prevention System
A security technology that actively monitors network traffic for malicious activity and takes immediate action to block or mitigate potential threats
NIST
National Institute of Standards and Technology:
Promotes U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life
NSA
National Security Agency:
Collects and analyzes intelligence to protect the United States from foreign threats.
NTLM
New Technology LAN Manager:
A set of Microsoft security protocols that authenticates users and protects their activity.
NTP
Network Time Protocol:
An internet standard that synchronizes clocks between devices.
OAuth
Open Authorization:
A standard that allows users to grant third-party apps access to their information without sharing their passwords.
OCSP
Online Certificate Status Protocol:
An internet protocol used to check the validity of a digital certificate, specifically whether it has been revoked, by querying a Certificate Authority (CA) in real-time.
OPSEC
Operational Security:
A security process that protects sensitive information from adversaries.
OS
Operating System
OSI
Open Systems Interconnection:
A framework that describes how different systems communicate on a network.
OSINT
Open Source Intelligence:
Information gathered from publicly available sources. It’s used by organizations like law enforcement, cybersecurity, and intelligence agencies.
OVAL
Open Vulnerability and Assessment Language
Used with SCAP
OWASP
Open Web Application Security Project:
A non-profit organization focused on improving the security of software applications by providing freely available resources like articles, methodologies, tools, and documentation to help developers and security professionals identify and mitigate common web application vulnerabilities.
PaaS
Platform as a Service:
A cloud computing model where a third-party provider delivers a complete development environment, including tools, middleware, operating systems, and databases, allowing users to build, test, deploy, and manage applications without having to manage the underlying infrastructure.
PAM
Privileged Access Management:
A cybersecurity strategy that protects an organization’s sensitive systems and data.
PAP
Password Authentication Protocol
Username and password sent in cleartext
PCAP
Packet Capture
PCI DSS
Payment Card Industry Data Security Standard
PDU
Power Distribution Unit
PEAP
Protected Extensible Authentication Protocol
PEM
Privacy-Enhanced Mail
PHI
Personal Health Information
PII
Personally Identifiable Information
PIN
Personal Identification Number
Something you know
PKI
Public Key Infrastructure:
A system of policies, hardware, software, and procedures that manage digital certificates and public-key encryption.
PNG
Portable Network Graphics:
A raster image file format that supports lossless compression.
PPPoE
Point-to-Point over Ethernet
Encapsulation
PPTP
Point-to-Point Tunneling Protocol:
A network protocol that creates virtual private networks (VPNs).
PSK
Pre-Shared Key
Password or passphrase
RADIUS
Remote Authentication Dial-in User Server
RAID
Redundant Array of Inexpensive Disks:
A data storage technology that combines multiple physical hard drives into a single logical unit, allowing for increased reliability and performance by distributing data across the drives, creating redundancy in case of a single drive failure; essentially, it lets you use several inexpensive disks to create a more reliable storage system.
RAM
Random Access Memory:
Your computer or laptop’s short-term memory. It’s where the data is stored that your computer processor needs to run your applications and open your files.
RAS
Remote Access Server:
A combination of hardware and software that allows users to connect to a network from a remote location.
RAT
Remote Access Trojan:
Is malicious software designed to allow attackers to monitor and control a computer system or network remotely.
RBAC
Role-Based Access Control:
A security model that limits access to systems and data based on a user’s role in an organization.
RBAC
Rule-Based Access Control:
A system that controls access to resources based on predetermined rules.
RDP
Remote Desktop Protocol
Port 3389
RFID
Radio Frequency Identifier:
A wireless system that uses radio waves to identify objects, people, or animals.
ROI
Return on Investment
ROM
Read-only Memory
Non-volatile
RPO
Recovery Point Objective
Amount of data an organization is willing to lose.
RSA
Rivest, Shamir, & Adleman
Asymmetric encryption, used to encrypt email, digital signatures, and X.509 certificates.
RSH
Remote Shell:
A command-line program that allows users to run commands on a remote computer as if they were logged in locally.
RSTP
Rapid Spanning Tree Protocol:
A network protocol that acts as an improved version of the standard Spanning Tree Protocol (STP), designed to significantly reduce the time it takes for a network to recover from topology changes by providing faster convergence when network links fail.
RTO
Recovery Time Objective
An allotted, expected, or maximum amount of time to get a system online.
RTOS
Real Time Operating System:
A specialized operating system designed to handle tasks with strict time constraints, ensuring that data is processed and events are responded to within a predictable timeframe.
RTP
Real-time Transfer Protocol
Audio, Video, VoIP
S/MIME
Secure/Multipurpose Internet Mail Extensions
Used for encrypting email and creating digital signatures
SA
Security Associations
SaaS
Software as a Service
You have no control over, can only use the program.
SAE
Simultaneous Authentication of Equals
Used with WPA-3, replaces PSK
SAM
Security Accounts Manager
SAML
Security Assertions Markup Language:
An open standard that allows applications to exchange authentication and authorization data between different parties.
SAN
Storage Area Network:
A high-speed network that connects servers to storage devices.
SAN
Subject Alternative Name
SASE
Secure Access Service Edge
SCADA
System Control and Data Acquisition:
A system that monitors and controls industrial processes by collecting real-time data from sensors and field devices, allowing operators to remotely manage equipment and conditions within a facility or network, often used in applications like power grids, water treatment plants, and oil pipelines.
SCAP
Security Content Automation Protocol
SCEP
Simple Certificate Enrollment Protocol:
An open-source protocol that allows devices to easily and automatically request and receive digital certificates from a Certificate Authority (CA) by using a standardized method to communicate, typically through a shared secret and a URL.
SCM
Supply Chain Management
SDLC
Software Development Life Cycle:
A structured process that software development teams follow, encompassing all stages from initial planning and requirement analysis to design, development, testing, deployment, and ongoing maintenance.
SDN
Software Defined Networking:
A network architecture that uses software to manage and control a network.
SD-WAN
Software-Defined Wide Area Network:
A network technology that uses software-based principles to manage and optimize wide area networks (WANs), allowing organizations to securely connect users and applications across multiple locations while improving performance, reliability, and scalability through centralized control and visibility over the network.
SED
Self-Encrypting Drives:
A hard disk drive (HDD) or solid state drive (SSD) that encrypts data as it’s written and decrypts it when it’s read.
SFTP
Secured File Transfer Protocol
Also known as FTP over SSH, uses port 22 TCP
SHA
Secure Hashing Algorithm:
A cryptographic function that turns an input of any size into a fixed-sized output, or hash value.
SIEM
Security Information and Event Management
This is a detective control.
SIP
Session Initiation Protocol
VoIP credentials
SLA
Service Level Agreement:
A contract between a service provider and a customer that defines the level of service expected.
SLE
Single Loss Expectancy:
The estimated amount of money lost if an asset is damaged or compromised.
SMS
Short Message Service
Test message
SMTP
Simple Mail Transfer Protocol
Port 25 TCP, sends email in plaintext
SNMP
Simple Network Management Protocol
Port 161 UDP, only secure version is version 3.
SOAR
Security Orchestration, Automation, Response
SoC
System on Chip
SOC
Security Operation Center
SOC
Service Organization Control
SOP
Standard Operating Procedure
SOW
Statement of Work
SPAN
Switched Port Analyzer:
A dedicated port on a switch that takes a mirrored copy of network traffic from within the switch to be sent to a destination.
SPF
Sender Policy Framework:
An email authentication method that verifies that an email’s sender is authorized to send mail from a domain.
SPIM
Spam over Internet Messaging
SQL
Structured Query Language
SQLi
SQL Injection:
A code injection technique that might destroy your database. SQL injection is one of the most common web hacking techniques.
SRTP
Secure Real-Time Protocol
Encrypts audio & video streaming, and VoIP
SSD
Solid State Drive:
Is a type of solid-state storage device that uses integrated circuits to store data persistently.
SSH
Secure Shell
Port 22 TCP
SSID
Service Set Identifier:
A unique name that identifies a wireless network.
SSL
Secure Sockets Layer:
A security protocol that encrypts data sent between a user’s device and a website or server.
SSO
Single Sign On:
System that lets users log in to multiple applications using one set of credentials.
STIX
Structured Threat Information eXchange:
A standardized language used to express and share cyber threat intelligence information in a consistent format.
STP
Spanning Tree Protocol
Prevents switching loops
SWG
Secure Web Gateway
URL filter, Content Filter
TAP
Test Access Point
TAXII
Trusted Automated eXchange of Indicator Information
TCP
Transmission Control Protocol:
A set of rules that govern how data is sent and received over a network.
TFTP
Trivial File Transfer Protocol
Uses port 69 UDP, mainly used for deploying images
TGT
Ticket Granting Ticket
TKIP
Temporal Key Integrity Protocol:
A security protocol used in wireless networking, primarily within the IEEE 802.11 standard, designed to provide more secure encryption than the older “Wired Equivalent Privacy” (WEP) while still working with existing hardware.
TLS
Transport Layer Security:
A cryptographic protocol that protects data sent over networks like the internet.
TOC/TOU
Time of Check / Time of Use
Used in a Race Condition attack
TOR
The Onion Router
TOTP
Time-based One Time Password
TPM
Trusted Platform Module:
A chip on a computer’s motherboard that helps protect sensitive information and verifies the authenticity of the operating system and firmware.
UAT
User Acceptance Testing
UBA
User Behavior Analytics
UDP
User Datagram Protocol
UPS
Uninterruptable Power Supply
URL
Universal Resource Locator
UTM
Unified Threat Management
VDI
Virtual Desktop Infrastructure
VLAN
Virtual Local Area Network
VM
Virtual Machine
VPC
Virtual Private Cloud
VPN
Virtual Private Network
VSAN
Virtual Storage Area Network
WAF
Web Application Firewall
WAP
Wireless Access Point
WEP
Wired Equivalent Privacy
WPA
Wi-Fi Protected Access
WPS
Wi-Fi Protected Setup
XaaS
Anything as a Service
XDR
Extended Detection and Response
XML
Extensible Markup Language:
A text-based format for storing, sharing, and exchanging data.
XSRF
Cross-Site Request Forgery:
A cyber attack that tricks a user into performing actions they didn’t intend. This can include transferring funds, changing passwords, or making purchases.
XSS
Cross-Site Scripting:
A web security flaw that allows attackers to inject malicious scripts into websites.
NAS
Network Attached Server
