Acronyms Flashcards
OSI Model
Open Systems Interconnection Model:
Physical
Data Link
Network
Transport
Session
Presentation
Application
TLS
Transport Layer Security. Secure form of TCP
RBAC
Role-based access control
IP
Internet Protocol. Network layer
AES
Advanced Encryption Standard. A symmetric block cipher chosen by the U.S. government to protect classified information.
IT
Information Technology
SAML
Security Assertion Markup Language
Open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider
REST
REpresentational State Transfer. A type of software architecture that was designed to ensure interoperability between different Internet computer systems. REST works by putting in place very strict constraints for the development of web services.
SOAP
Simple Object Access Protocol. A lightweight XML-based protocol that is used for the exchange of information in decentralized, distributed application environments. You can transmit SOAP messages in any way that the applications require, as long as both the client and the server use the same method.
POSIX
Portable Operating System Interface
Standards for maintaining compatibility between operating systems
ACID
Atomicity, Isolation, Durability. A set of properties of database transactions intended to guarantee data validity despite errors, power failures, and other mishaps.
I/O
Input/Output. Describes any operation, program, or device that transfers data to or from a computer
PNL
Profit and loss - talking about pre-sales
PKI
Public Key Infrastructure
API
Application Programming Interface -A mechanism whereby one software system asks another software system to perform a service.
IIS Handler
Internet Information Services Handler. Components that are configured to process requests to specific content, typically to generate a response for the request resource. For example, an ASP.NET Web page is one type of handler.
SSH
Secure Shell Protocol. A network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network
GPUs
Graphic Processing Unit
HTTP
Hypertext Transfer Protocol. Stateless Request Response Cycle. Application Layer.
HTTPS
Hypertext Transfer Protocol Secure. Uses certificates. Application Layer
TCP
Transmission Control Protocol. Alternative to UDP. Gives high importance to reliability over performance. Transport Layer
UDP
User Datagram Protocol. Alternative to TCP/TLS. Prizes performance over reliability. Transport Layer
SMTP
Simple Mail Transfer Protocol. Email Transfer Protocol. Application Layer.
SAST
Static Application Security Testing. Testing methodology that analyzes source code to find security vulnerabilities that make your organization’s applications susceptible to attack. Scans before code is compiled.
DAST
Dynamic Application Security Testing. Process of analyzing a web application through the front-end to find vulnerabilities through simulated attacks. Scans after code is compiled.
SCA
Software composition analysis. Process that identifies the open source software in a codebase.
RACI
Responsible, accountable, consulted, and informed
CIA Triad
Security. Confidentiality, Integrity, and Availability
DHCP
Dynamic Host Configuration Protocol. A network management protocol used on Internet Protocol networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a client–server architecture.
VLAN
A virtual local area network is any broadcast domain that is partitioned and isolated in a computer network at the data link layer. In this context, virtual refers to a physical object recreated and altered by additional logic, within the local area network.
CDN
Content Delivery Network. A group of geographically distributed servers that speed up the delivery of web content by bringing it closer to where users are.
DDoS
Distributed denial-of-service attack. Occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers.
802.1Q
This is the most common trunking protocol. It’s a standard and supported by many vendors, used in VLAN trunking.
SNI
Server Name Indication. An extension to TLS that allows multiple hostnames to be served over HTTPS from the same IP address
CA
Certificate Authority. A trusted entity that issues Secure Sockets Layer (SSL) certificates
UAT
User acceptance testing. Also called application testing or end-user testing. User acceptance testing validates the testing done at the end of the development cycle.
IPS
Intrusion Prevention System. A network security tool (which can be a hardware device or software) that continuously monitors a network for malicious activity and takes action to prevent it, including reporting, blocking, or dropping it, when it does occur.
IDS
Intrusion Detection System. A monitoring system that detects suspicious activities and generates alerts when they are detected. Based upon these alerts, a security operations center (SOC) analyst or incident responder can investigate the issue and take the appropriate actions to remediate the threat.
MSP
Managed Service Provider
SOC
Security Operations Center. The SOC is responsible for protecting enterprises against cyberattacks
GRC
Governance, risk management, and compliance. A holistic framework that helps organizations protect their data while operating efficiently and within the bounds of the law. The three components are interrelated yet distinct:
Governance ensures that organizational activities align with business objectives and stakeholder expectations.
Risk management involves identifying, assessing, and mitigating risks that could hinder the organization’s operations.
Compliance ensures adherence to both external regulations and internal policies.
CIDR
Classless Inter-Domain Routing is an IP address allocation method that improves data routing efficiency on the internet.
SIEM
Security Information and Event Management. A system or solution that aggregates large amounts of data regarding threat investigations. Because of this, SIEM is crucial for any organization looking to analyze and mitigate threats.
SLO
Service Level Objective is an agreement within an SLA about a specific metric like uptime or response time.
SLA
Service Level Agreement. It refers to a document that outlines a commitment between a service provider and a client, including details of the service, the standards the provider must adhere to, and the metrics to measure the performance.
DORA
DevOps Research and Assessment provides a standard set of DevOps metrics used for evaluating process performance and maturity. These metrics provide information about how quickly DevOps can respond to changes, the average time to deploy code, the frequency of iterations, and insight into failures.
SSL
Secure Sockets Layer. It is a standard technology for securing an internet connection by encrypting data sent between a website and a browser (or between two servers).
OWASP
Open Web Application Security Project. A non-profit group focused on security of software.
OLAP
Online analytical processing. Used for complex data analysis
OLTP
Online transaction processing. Used for real-time processing of online transactions. Used for analyzing both transactional and historical data.
JWT
JSON Web Token. An open standard for securely transmitting information between parties as a JSON object.
RDP
Remote Desktop Protocol. A secure network communication protocol developed by Microsoft that allows users to control and operate computers remotely.
