Acronyms Flashcards
3DES
Triple Digital Encryption Standard
Performs encryption in 3 times of the same algorithm
802.1x
Switch authentication
Standard for controlling access to intranet infrastructure
AAA
Authentication, Authorization, and Accounting
The Principle of verifying identity, capability and use
ABAC
Attribute-based Access Control
Granting access based upon the characteristic of the
subject, such as clearance level.
ACL
Access Control List
Restricting entry, based upon a listing of controls or permissions.
AES
Advanced Encryption Standard
Rijndael was approved by the US government and given this title
AES256
Advance Encryption Standard 256bit
The 26 bit version of this algorithm is its highest level and is deemed uncrackable by brute force methods.
AH
Authentication Header
The AH header transmit in clear text but authenticates and integrity checks each packet
AI
Artificial Intelligence
The simulation of human intelligence and thinking in a machine, including adaptive learning and problem solving
AIS
Automatic Indicator Sharing
Automated sharing of threat information between organizations to enhance detection and response.
ALE
Annualized Loss Expectancy
The single loss expectancy times the annualized rate of occurrence
ALG
Application Layer Gateway
This is a type of firewall able to inspect headers and payload in the upper protocol layers
AP
Access Point
Infrastructure connection point for most wireless networks
API
Application Programming Interface
These are developed tools used by programmers that have prebuilt functions with desired utility
APT
Advanced Persistent Threat
Applications with advanced targeting, zero days and
exfiltration techniques that are aimed at particular
organizations or industries.
ARO
Annualized Rate of Occurrence
Most risk assessments track threats and attacks on an
annualized basis.
ARP
Address Resolution Protocol
Given the IP address ARP will locate the MAC address.
ASLR
Address Space Layout Randomization
This randomizes the location of an application in
memory making it harder for attackers to successfully
perform the buffer overflow.
ASP
Application Service Provider
An organization provides access to its custom
developed software, such as accounting or customer
management.
ATT&CK
Adversarial Tactics,
Techniques, and Common
Knowledge
A database of adversarial tactics and techniques that
might be used to compromise systems organizations to
enhance threat management.
Asymmetric key
Public key/Private key
The use of complementary values to disguise and then
reveal information.
AUP
Acceptable Use Policy
This policy is legally required, if HR wants to fire
someone for misuse.
AV
Antivirus
Designed to identify malware, primarily based upon
known patterns.
AV
Asset Value
This can be the replacement cost or income derived
from something.
AXFR
Zone transfer
The synchronization of name resolution information
between a primary and secondary DNS server.
BASH
Bourne again shell
Bash is a UNIX and Linux command interface and
language.
BIA
Business Impact Analysis
This is the prerequisite for disaster recovery and
continuity planning to identify potential losses.
BIOS
Basic Input/Output System
The now deprecated initial program sets for computer.
Firmware based initialization code for booting a system.
Bluetooth
802.15
Technology commonly used to communicate with small
devices at modest speeds over a short range with low
security requirements.
BCP
Business Continuity Plan
The orderly planning for and management of threats and
incidents to an organization.
BGP
Border Gateway Protocol
Border Gateway Protocol is for routing exterior traffic
between autonomous systems/organizations.
BIA
Business Impact Analysis
Assessing the criticality of business activities and assets
in order to determine the appropriate protection and
recovery options.
BO
Buffer overflow
The insertion of malicious computer instructions into
the RAM of a host to accomplish denial of service or
injecting shellcode.
BPA
Business Partners Agreement
This outlines the goals and responsibilities between
entities pursuing a common work product.
BPDU
Bridge Protocol Data Unit
This protocol is used to identify efficient paths and
loops in a switched network.
BSSID
Basic Service Set IDentifier
This is the MAC address that a wireless device is
attached to.
Brute Force
Brute force attack
Discovers a hash or encrypted secret by attempting all
combinations and permutations.
BYOD
Bring Your Own Device
The organization compensates the individual for use of
their phone in organizational activities.
C2
Command and control
Servers that are centrally placed the hold control
instructions for illicitly managed hosts.
CA
Certificate Authority
This entity issues certificates. After verifying them, and
is the center of trust in PKI.
CAC
Common Access Card
A form of identification with photograph, barcode,
RFID and cryptographic storage of private key
information.
CAPTCHA
Completely Automated Public Turing to Tell
Computers and Humans Apart
This is intended to prevent rogue automated attempts at
access.
CAR
Corrective Action Report
A document generated when the defect or error has been
detected that has the goal of eliminating a reoccurrence.
CASB
Cloud Access Security
Broker
A software resource place between users and cloud
applications that monitors and enforces policy-based
access to cloud resources.
CBC
Cipher Block Chaining
Each plaintext block is XORed (see XOR) with the
immediately previous ciphertext block.
CBT
Computer-Based Training
Courseware or lessons that are delivered via a computer,
commonly used for at home and corporate training.
CCMP
Counter-Mode/CBC-Mac Protocol
Each plaintext block is XORed (see XOR) with the
immediately previous ciphertext block that includes a
message authentication code.
CCTV
Closed-circuit Television
Allows monitoring and recording of activities in an
area.
CER
Cross-over Error Rate
The point at which false acceptances are equal to false
rejection.
CER
Certificate
A generic term for a document that facilitates
authentication.
CERT
Computer Emergency Response Team
A multi-discipline group designated to handle IT
incidents.
CFB
Cipher Feedback
A mode of operation for a block cipher.
Chain of custody
Evidence control and management
The documentation of handling and protection of
evidence.
CHAP
Challenge Handshake Authentication Protocol
Commonly used by routers and has several derivatives
in use by Microsoft for authentication.
CIO
Chief Information Officer
The most senior official in an organization responsible
for the information technology and systems that support
enterprise.
CIRT
Computer Incident Response Team
A group that investigates and resolves IT security
problems.
CIS
Center for Internet Security
Its mission is to identify develop, promote, and lead the
world with regard to best practices for cybersecurity
solutions.
CMP
Change Management Policy
An organizational process designed to facilitate making
changes to organizational resources in such a way that
they are identifiable, auditable, and orderly.
CMS
Content Management System
These are applications that facilitate the creation,
editing, publishing and archival of web pages and
content.
CN
Common Name
An identifying name that may be applied to a directory
resource, such as a user, server, or other object.
COOP
Continuity of Operations Plan
Ensuring that vital and primary mission essential
functions continue to run, even in the face of
emergencies.
COPE
Corporate Owned, Personally Enabled
Smart phones owned by the organization, but approved
for personal use.
CP
Contingency Planning
Procedures to follow in the event of a catastrophic
incident, even though it may be unlikely.
CRC
Cyclical Redundancy Check
An error checking code, used in digital technology
primarily to identify accidental changes to data.
Crimeware
Cyber theft
A class of malware that automates malicious activity.
CRL
Certificate Revocation List
This is maintained by a certificate authority to identify
certificates associated with compromised or lost private
keys.
CSO
Chief Security Officer
This official is responsible for development, oversight,
mitigation and other risk strategies.
CSP
Cloud Service Provider
An organization that provides IaaS, PaaS or SaaS to an
array of customers.
An organization that provides cloud-based access to
infrastructure, storage and/or applications.
CSA
Cloud Security Alliance
A nonprofit organization that promotes best practices in
security for cloud-based computing.
CSIRT
Computer Security Incident Response Team
Information technology personnel whose purpose is to
prevent, manage and coordinate actions about security
incidents.
CSR
Certificate Signing Request
Created by an applicant seeking to gain a certificate
from an authority.
CSRF
Cross-site Request Forgery
An attack wherein a message is spoofed from a user to a
trusted site.
CSU
Channel Service Unit
A connecting device used to link an organization to
telco-based T-services
CTO
Chief Technology Officer
The executive person tasked with identifying useful
technology, IT strategies and partnerships.
CTOS
Centralized terminal operating system.
Legacy management.
CTR
Counter
This form of encryption is used by AES to perform
streaming encryption.
CVE
Common Vulnerabilities and Exposures
A database of known and published software flaws that
may impact security that is managed by MITRE.
CVSS
Common Vulnerability Scoring System
An empirical scheme for rating vulnerability severity
based upon specific aspects of the vulnerability,
environment, and nature of threats.
CYOD
Choose Your Own Device
In this mode of control and acquisition, an employee
chooses a device from a company provided list.
Ownership may be personal or organization.
DAC
Discretionary Access Control
The creator has all control over an asset and access to it.
The default form of access for Windows.
Data
custodian
Facilitates use
Exemplified by data center personnel who manage and
maintain systems.
Data owner
Responsible for use
Determines logical controls, authorizes use and defines
required security.
DBA
Database Administrator
This role is filled by personnel capable of managing
automated and large information repositories.
DDoS
Distributed Denial of Service
This attack methodology involves a multitude of
remotely controlled devices focusing upon a single
target.
DEP
Data Execution Prevention
And operating system memory management technique
that prevents user data from overlapping into computer
instructions.
DER
Distinguished Encoding Rules
A commonly used method of encoding the data that
makes up the certificate using ASN.1.
DES
Digital Encryption Standard
The first US government standard for symmetric
encryption. It has a 56 bit key.
DHCP
Dynamic Host Configuration Protocol
This is an extension of BOOTP and is used to
dynamically allocate IPs.
DHE
Diffie-Hellman Ephemeral
This is a key exchange algorithm that enhances
confidentiality by discarding the session keys after use.
Dictionary
Dictionary attack
Performs hashing or encryption on an array of
predetermined candidate phrases, and compares it to the
secret.
Differential
BU
Differential backup
-It backups files to alternative media that have the archive
bit set, and then it does not clear it.
DKIM
Domain Keys Identified Mail
A messaging security standard designed to facilitate
non-repudiation between sender and receiver.
DLL
Dynamic Link Library
These files are not directly executed, but are called up
by an application when certain additional functions or
libraries are needed.
DLP
Data Loss Prevention
Strategies and applications that prevent data theft or
illicit access.
DMARC
Domain Message Authentication Reporting
and Conformance
This is an email security standard designed to allow
domains to protect themselves from unauthorized use
and spoofing.
DNAT
Destination Network Address Translation
The initial destination of a packet as it enters a NAT
system to be redirected to another destination.
DMZ
Demilitarized Zone
The perimeter area where the outside world may access
certain services.
DNS
Domain Name Service
An application that handles symbolic name to address
mappings, as well as the reverse.
DNSSEC
Domain Name System
Security Extensions
An array of tools devised by the IETF to secure DNS
transactions.
DoS
Denial of Service
A one on one attack that causes access or utility to
cease.
DPO
Data Protection Officer
A senior officer responsible for an organization’s data
protection strategies and compliance.
DRP
Disaster Recovery Plan
The immediate plans for recovery of operations or
services in the event of a catastrophic incident.
DSA
Digital Signature Algorithm
An algorithm created by the NSA to implement non-
repudiation.
DSL
Digital Subscriber Line
High-speed Internet conductivity based upon existing
infrastructure for telephones.