Acronyms Flashcards

1
Q

ACL

A

Access Control List

A rule set that can be implemented on a firewall, switch, or other infrastructure device to control access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

AP

A

Access Point

A wireless transmitter and receiver that hooks into the wired portion of a network and provides an access point to that network for wireless devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

ASLR

A

Address Space Layout Randomization

A technique that can be used to prevent memory attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

AES

A

Advanced Encryption Standard

A symmetric algorithm adopted by the US government as the replacement algorithm for 3DES.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

APT

A

Advanced Persistent Threat

A hacking process that targets a specific entity and is carried out over a long period of time. The attacker is usually a group of organized individuals often funded and supported by a nation-state to gain illicit access to another government’s information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

ALE

A

Annualized Loss Expectancy

The expected risk cost of an annual threat event.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

ARO

A

Annualized Rate of Occurrence

An estimate of how often a given threat might occur annually.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

API

A

Application Programming Interface

A software interface that handles interactions between multiple software applications or mixed hardware/software intermediaries.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

ASIC

A

Application Specific Integrated Circuit

A circuit that is designed specifically for an application and thus is not a general-purpose chip.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

AI

A

Artificial Intelligence

The ability of a machine or computer to learn and adapt.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

ARF

A

Asset Reporting Format

A data model that is used to express the transport format of information about assets and the relationships between assets and reports.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

AJAX

A

Asynchronous JavaScript and XML

A group of interrelated web development techniques used on the client side to create asynchronous web applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

AIK

A

Attestation Identity Key

Versatile memory that ensures the integrity of an EK.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

ABAC

A

Attribute-Based Access Control

An access control system that takes multiple factors or attributes into consideration before authenticating and authorizing an entity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

AR

A

Augmented Reality

A program that overlays virtual objects on the real-world environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

AAA

A

Authentication, Authorization, and Accounting

Framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

BYOD

A

Bring Your Own Device

A strategy in which users bring their own devices and use them for company and personal work.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

BACnet

A

Building Automation and Control Network

An application, network, and media access control layer communications service that can operate over a number of layer 2 protocols, including ethernet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

BCP

A

Business Continuity Plan

A process that focuses on sustaining an organization’s business/mission processes during and after disruption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

BIA

A

Business Impact Analysis

The process of identifying mission critical systems and identifying measure to provide fault tolerance and high availability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

CMMI

A

Capability Maturity Model Integration

A process improvement approach.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

CA

A

Certificate Authority

An entity that creates and signs digital certificates, maintains the certificates, and revokes them when necessary.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

CRL

A

Certificate Revocation List

A list of digital certificates that a CA has revoked.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

CSR

A

Certificate Signing Request

A request that a self-generated certificate be validated and signed by a CA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

COPPA

A

Children’s Online Privacy Protection Act

A law that addresses abuse of children on the Internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

CYOD

A

Choose Your Own Device

A strategy in which organization users choose their own devices from a list of options but the devices are purchased, owned, and managed by the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

CBC

A

Cipher Block Chaining

A DES mode in which 64-bit blocks are chained together and each resultant 64-bit ciphertext block is applied to the next block.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

CASB

A

Cloud Access Security Broker

On-premises or cloud based software that sits between cloud service users and cloud applications and monitors all activity and enforces security policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

CCE

A

Common Configuration Enumeration

A set of best practice statements maintained by the NIST.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

CIP

A

Common Industrial Protocol

A suite of messages and services for the collection of manufacturing automation applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

CN

A

Common Name

The entity name protected by an SSL/TLS certificate, which is technically represented by the Common Name field in the X.509 certificate specification.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

CPE

A

Common Platform Enumeration

A naming scheme for describing and classifying operations systems, applications, and hardware devices used by SCAP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

CVE

A

Common Vulnerabilities and Exposures

A free MITRE database that lists vulnerabilities in published operating systems and application software as identified by Common Platform Enumeration (CPE).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

CVSS

A

Common Vulnerability Scoring System

A system of ranking vulnerabilities that are discovered based on predefined metrics.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

COBO

A

Company-Owned, Business Only

A strategy in which mobile devices, are purchased, owned, and managed by the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

CSIRT

A

Computer Security Incident Response Team

Provides a reliable and trusted single point of contact for reporting computer security incidents worldwide.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

CMDB

A

Configuration Management Database

A database that keeps track of the state of assets, such as products, systems, software, facilities, and people, as they exist at specific points in time, as well as the relationships between such assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

CDN

A

Content Delivery Network

A set of geographically dispersed servers that serve content to users based on their location, so that users get content from the physically nearest server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

CMS

A

Content Management System

Enables non-technical users the ability to create, manage, and modify content on a website.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

CTPH

A

Context Triggered Piecewise Hashes

A rolling hash that involves multiple traditional cryptographic hashes for one or more fixed-size segments in a file.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

COOP

A

Continuity of Operations Plan

A plan that focuses on restoring an organization’s mission essential functions at an alternate site and performing those functions for up to 30 days before returning to normal operations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

CD

A

Continuous Delivery

The ability to make software features, configuration changes, bug fixes, and experiments available to users safely and quickly and in a sustainable way.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

CDP

A

Continuous Delivery Pipeline

The workflows needed to introduce new functionality to software, from ideation to an on-demand release of value to the end user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

CI

A

Continuous Integration

The practice of merging all software developer working copies into a shared main line several times a day.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

CAN

A

Controller Area Network bus

A newer standard for vehicle-to-vehicle and vehicle-to-road communication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

COPE

A

Corporate Owned, Personally Enabled

A strategy in which an organization purchases mobile devices, and users manage those devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

CTR

A

Counter

A DES mode that uses an incrementing IV counter to ensure that each block is encrypted with a unique keystream.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

CPTED

A

Crime Prevention Through
Environmental Design

A multi-disciplinary approach to security that involves designing a facility from the ground up to support security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

CSRF

A

Cross-Site Request Forgery

An attack that causes an end user to execute unwanted actions on a web application in which they are currently authenticated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

XSS

A

Cross-Site Scripting

An attack in which an attacker locates a website vulnerability and injects malicious code into the web application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

CER

A

Crossover Error Rate

The point at which FRR equals FAR.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

CRM

A

Customer Relationship Management

Software that identifies customers and stores customer-related data, particularly contact information and data on any direct contacts with customers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

DLP

A

Data Loss Prevention

Software that uses ingress and egress filters to identify sensitive data that is leaving the organization and can prevent such leakage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

DAM

A

Database Activity Monitoring

The use of tools to monitor transactions and the activity of database services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

DDS

A

Data Distribution Service

Enables network interoperability for connect machines, facilitating the scalability, performance, and Quality of Service (QoS) features required for industrial applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

DevOps

A

Development Operations

A software development method that aims at shorter development cycles, increased deployment frequency, and more dependable releases, in close alignment with business objectives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

DevSecOps

A

Development Security Operations

A development approach that involves representatives from development, operations, and security to create a shared sense of responsibility with regard to security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

DH

A

Diffie-Hellmen

A key agreement process used with asymmetric encryption algorithms allowing for a symmetric key exchange without using public/private key pairs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

DRM

A

Digital Rights Management

Technology used by hardware manufacturers, publishers, copyright holders, and individuals to control the use of digital content.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

DSS

A

Digital Signature Standard

A US federal digital security standard that governs the Digital Security Algorithm (DSA).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

DRaaS

A

Disaster Recovery Plan

An information system-focused plan designed to restore operability of the target system, application, or computer facility infrastructure at an alternate site after an emergency.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

DRP

A

Disaster Recovery Plan

An information system-focused plan designed to restore operability of the target system, application, or computer facility infrastructure at an alternate site after an emergency.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

DAC

A

Discretionary Access Control

An access control system in which the owner of an object specifies which subjects can access the resource.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

DDoS

A

Distributed Denial of Service

An attack that is carried out from multiple attack locations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

DNP3

A

Distributed Network Protocol 3

A primary/secondary protocol that uses port 19999 when using TLS and port 2000 when not using TLS. Its main use is in utilities such as electric and water companies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

DoH

A

DNS over HTTPS

A method of transmitting DNS traffic to remote DNS servers using the Secure HTTPS protocol.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

DNS

A

Domain Name System

A database that provides a hierarchical naming system for computers, services, and any resources connected to the internet or a private network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

DNSSEC

A

Domain Name System Security Extensions

A secure form of DNS which ensures that a DNS server is authenticated before the transfer of DNS information begins between the DNS server and the client.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

DAST

A

Dynamic Application Security Testing

A form of testing that is automated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

DTP

A

Dynamic Trunking Protocol

A protocol that enables two switches to form a trunk link automatically, based on their configuration.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

ECB

A

Electronic Codebook

The easiest and fastest DES mode to use. It has security issues because every 64-bit block is encrypted with the same key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

ECC

A

Elliptic-Curve Cryptography

An approach to public key cryptography that is based on the algebraic structure of elliptic curves over finite fields.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

ECDH

A

Elliptic-Curve Diffie-Hellman

A key agreement protocol that uses an elliptic-curve public/private key pair to establish a symmetric key over an insecure channel.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

ECDSA

A

Elliptic-Curve Digital Signature Algorithm

An algorithm that provides elliptical-curve-based key exchange.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

EK

A

Endorsement Key

Persistent memory installed by a manufacturer that contains a public-private key pair.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

EDR

A

Endpoint Detection and Response

A proactive endpoint security approach that is designed to supplement existing defenses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

ERP

A

Enterprise Resource Planning

A process that involves collecting, storing, managing, and interpreting data from product planning, product cost, manufacturing or service delivery, marketing/sales, inventory management, shipping, payment, and any other business processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

ESB

A

Enterprise Service Bus

A software platform used to facilitate communication between mutually interacting software applications in an SOA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

ELF

A

Executable and Linkable Format

The standard binary format on Oss such as Linux. Capabilities include dynamic linking, dynamic loading, imposing run-time control on a program, and an improved method for creating shared libraries.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

EF

A

Exposure Factor

The percentage value or functionality of an asset that will be lost when a threat event occurs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

EV

A

Extended Validation

A certificate that requires verification of the requesting entity’s legal identify before the certificate can be issued.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

XACML

A

Extensible Access Control Markup Language

A standard for an access control policy language using XML. Its goal is to create an ABAC system that decouples the access decision from the application or the local machine.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

EAP

A

Extensible Authentication Protocol

A framework for port-based access control that uses the same three components that are used in RADIUS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

XCCDF

A

Extensible Configuration Checklist Description Format

A specification language for writing security checklists, benchmarks, and related kinds of documents that is used by SCAP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

XML

A

Extensible Markup Language

A markup language that is often used in web deployments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

FAR

A

False Acceptance Rate

A measurement of the percentage of invalid users that will be falsely accepted by the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

FRR

A

False Rejection Rate

A measurement of valid users that will be falsely rejected by the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

FERMA

A

Federation of European Risk Management Associations Risk Management Standard

An organization that provides guidelines for managing risk in an organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

FPGA

A

Field Programmable Gate Array

A type of PLD that is programmed by blowing fuse connections on the chip or using an anti-fuse that makes a connection when a high voltage is applied to the junction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

FIM

A

File Integrity Monitoring

Methods of ensuring that files have not been altered by an unauthorized person or application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q

FIFO

A

First-In, First-Out

A tape rotation scheme in which the newest backup is saved to the oldest media.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q

FTK

A

Forensic Toolkit

A tool for taking images of forensic data without making changed to the original evidence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q

FaaS

A

Function as a Service

An extension of PaaS that completely abstracts the virtual server from the developer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q

GCM

A

Galois/Counter Mode

A DES mode in which blocks are numbered sequentially, and then a block number is combined with an IV and encrypted with a block cipher, usually AES.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
95
Q

GDPR

A

General Data Protection Regulation

Regulatory guidelines required by the EU.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
96
Q

GPS

A

Global Positioning System

GPS sensors can report highly accurate location information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q

GPG

A

GNU Privacy Guard

A rewrite or upgrade of PGP that uses AES.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
98
Q

GDB

A

GNU Project Debugger

A tool that allows visibility into a program while it executes or determines what the program was doing at the moment it crashed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
99
Q

GFS

A

Grandfather/Father/Son

A tape rotation scheme in which three sets of backups are defined. Most often these three definitions are daily (sons), weekly (fathers), and monthly(grandfathers). Each week, one son advances to the father set.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
100
Q

HSM

A

Hardware Security Module

An appliance that safeguards and manages digital keys used with strong authentication and provides crypto processing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
101
Q

HMAC

A

Host-based Message Authentication Code

A keyed-has MAC that involves a hash function with a symmetric key. HMAC provides data ingrity an authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
102
Q

HSM

A

Hierarchical Storage Management

A backup method that involves storing frequently accessed data on faster media and less frequently accessed data on slower media.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
103
Q

HIDS

A

Host-based Intrusion Detection System

Provides threat detection by monitoring OS logs, processes, services, and file systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
104
Q

HIPS

A

Host-based Intrusion Prevention System

Provides detection and responds to identified anomalies by stopping service, blocking communications, or stopping processes.

105
Q

HMAC

A

Host-based Message Authentication Code

Specified message authentication that can verify both the source and content of a message without any other means. On the sender and receiver know the secret key.

106
Q

HOTP

A

HMAC-based One-Time Password

An algorithm that computes a password from a shared secret that is used on time only. It uses an incrementing counter that is synchronized on the client and the server to do this.

107
Q

HSTS

A

HTTP Strict Transport Security

A policy mechanism that informs web browsers (or other user agents) that they should automatically interact with it using only HTTPS connections.

108
Q

HUMINT

A

Human Intelligence

Any information gathered via person-to-person contact.

109
Q

HSDN

A

Hybrid Software-Defined Networks

A mix of traditional and software-defined networks operating within the same environment. A middle ground for companies with existing infrastructure who cannot replace all of the equipment to take full use of SDNs.

110
Q

IRT

A

Incident Response Team

A written document that helps an organization before, during, and after a confirmed or suspected security incident.

111
Q

IoC

A

Indicator of Compromise

Any activity, artifact, or log entry that is typically associated with an attack of some sort.

112
Q

ICS

A

Industrial Control System

A general term that encompasses several types of control systems used in industrial production.

113
Q

ISAC

A

Information Sharing and Analysis Center

Nonprofit organizations that host security information sharing systems.

114
Q

ISCP

A

Information System Contingency Plan

A plan that provides established procedures for the assessment and recovery of a system following a system disruption.

115
Q

IaaS

A

Infrastructure as a Service

A cloud service model in which the vendor provides the hardware platform or data center, and the company installs and manages its own OS and apps.

116
Q

IV

A

Initialization Vector

A fixed-size input to a cryptographic primitive that is typically required to be random or pseudorandom.

117
Q

IAST

A

Interactive Application Security Testing

A form of testing in which the tester interacts with the system.

118
Q

ISA

A

Interconnection Security Agreement

An agreement between two organizations that own and operate connected IT systems to document the technical requirements of the interconnection.

119
Q

IMAP

A

Internet Message Access Protocol

An application layer protocol used on a client to retrieve email from a server.

120
Q

IPSec

A

Internet Protocol Security

A suite of protocols that establishes a secure channel between two devices.

121
Q

IoT

A

Internet of Things

A system of interrelated computing devices, mechanical and digital machines, and objects that are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or humant-to-computer interaction.

122
Q

IDS

A

Intrusion Detection System

A system responsible for detecting unauthorized access or attacks against systems and networks.

123
Q

IPS

A

Intrusion Prevention System

A system that is responsible for preventing attacks.

124
Q

JSON

A

JavaScript Object Notation

The data exchange format used to send data between applications in the form of an API-based representational state transfer (REST) architectural style.

125
Q

JWT

A

JSON Web Token

A proposed internet standard that uses signed tokens to communicate with previously established authentication information in an SSO environment.

126
Q

KPI

A

Key Performance Indicator

A metric that is created, collected, and analyzed to assess performance.

127
Q

KRI

A

Key Risk Indicator

A metric that is created, collected, and analyzed to assess risk.

128
Q

L2TP

A

Layer 2 Tunneling Protocol

A newer protocol that operates at layer 2 of the OSI model. Like PPTP, L2TP can use various authentication mechanisms, however, L2TP does not provide any encryption. It is typically used with IPSec, which is a very strong encryption method.

129
Q

LEAP

A

Lightweight Extensible Authentication Protocol

A proprietary wireless LAN authentication method developed by Cisco.

130
Q

LDAP

A

Lightweight Directory Access Protocol

A common directory services standard.

131
Q

ML

A

Machine Learning

The use of generated training data to build a model that makes predictions and decisions without being explicitly programmed to do so.

132
Q

MDF

A

Main Distribution Frame

A signal distribution frame for connecting equipment (inside plant) to cables and subscriber carrier equipment (outside plant).

133
Q

MSSP

A

Managed Security Service Provider

A provider that offers the option to fully outsource all information assurance to a third party.

134
Q

MAC

A

Mandatory Access Control

An access control system in which subject authoritzation is based on security labels.

135
Q

MSA

A

Master Service Agreement

A contract between two partiees in which both parties agree to most of the terms that will govern future transactions or future agreements.

136
Q

MTBF

A

Mean Time Between Failures

The estimated amount of time a device will operate before a failure occurs.

137
Q

MTTR

A

Mean Time to Recovery

The average time to repair a single resource or function when a disaster or disruption occurs.

138
Q

MOU

A

Memorandum of Understanding

An agreement between two or more organizations that details a common line of action.

139
Q

MD5

A

Message Digest Algorithm

Produces a 128-bit output and is less secure than SHA. it sometimes represents passwords.

140
Q

ATT&CK

A

Adversarial Tactics, Techniques, & Common Knowledge

A knowledge base of adversarial tactics and technique based on real-world observations.

141
Q

ATT&CK ICS

A

ATT&CK for Industrial Control Systems

A MITRE knowledge base that focuses specifically on industrial control systems.

142
Q

MCKMS

A

Multi-Cloud Key Management System

A key management system configured for multiple clouds.

143
Q

MFA

A

Multi-Factor Authentication

Authentication in which authentication factors from at least two different factor categories are used. For example, a PIN, a retina scan, and signature dynamics.

144
Q

MIME

A

Multipurpose Internet Mail Extensions

An Internet standard that allows email to include non-text attachments, non-ASCII character sets, multiple part message bodies, and non-ASCII header information.

145
Q

NFC

A

Near Field Communication

A sect of communication protocols that allow two electronic devices, one of which is usually a mobile device, to establish communication when they are within 2 inches of each other.

146
Q

NPV

A

Net Present Value

A function that considers the fact that money spent today is worth more than savings realized tomorrow.

147
Q

NAC

A

Network Access Control

A service that goes beyond authentication of the user and includes examination of the state of the computer the user is introducing to the network when making a remove access, or VPN, connection to the network.

148
Q

NAT

A

Network Address Translation

A service that can be supplied by a router or by a server that translates public IP addresses to private IP addresses and vice versa.

149
Q

NIDS

A

Network Intrusion Detection System

An IDS that monitors network traffic on a local network segment.

150
Q

NIPS

A

Network Intrusion Prevention System

An IPS that scans traffic on a network for signs of malicious activity and takes some action to prevent it.

151
Q

NGFW

A

Next Generation Firewall

A type of firewall that attempts to address the traffic inspection and application-awareness shortcomings of a traditional stateful firewall without hampering performance.

152
Q

NDA

A

Non-Disclosure Agreement

An agreement between two parties that defines what information is considered confidential and cannot be shared outside the two parties.

153
Q

NX

A

No-Execute bit

Technology used in CPUs to segregate areas of memory for use by either storage of processor instructions or storage of data.

154
Q

OTP

A

One-Time Password

A password that is used only once to log in to the access control system. This password type provides the highest level of security because it is discarded after it is used once. Also called a dynamic password.

155
Q

OCSP

A

Online Certificate Status Protocol

An internet protocol that obtains the revocation status of an X.509 digital certificate by using the serial number.

156
Q

OAuth

A

Open Authorization

A standard for authorization that allows users to share private resources on one site to another site without using credentials.

157
Q

OSINT

A

Open-Source Intelligence

Data collected from publicly available sources.

158
Q

OSSTMM

A

Open Source Security Testing Methodology Manual

A manual that covers different kinds of security tests of physical, human (processes), and communication systems.

159
Q

OSA

A

Open System Authentication

The default authentication used in 802.11 networks using WEP. The authentication request contains only the station ID and authentication response.

160
Q

OVAL

A

Open Vulnerability and Assessment Language

A standardized method used to transfer security information across the entire spectrum of security tools and services.

161
Q

OWASP

A

Open Web Application Security Project

A group that monitors web attacks.

162
Q

OLA

A

Operational-Level Agreement

An internal organizational document that details the relationships that exist between departments to support business activities.

163
Q

OFB

A

Output Feedback

A DES mode that uses a previous keystream with a key to create the next keystream.

164
Q

OTA

A

Over-the-Air

An industry-standard mechanism or process that wirelessly delivers OS and firmware updates to a mobile device over Wi-Fi or a mobile data connection.

165
Q

PCAP

A

Packet Capture

Packet and protocol analysis rely on a sniffer tool to capture and decode the frames of data. Network traffic can be captured from a host or a network segment.

166
Q

PAP

A

Password Authentication Protocol

A password-based authentication protocol used by Point to Point Protocol (PPP) to validate users.

167
Q

PBKDF2

A

Password-Based Key Derivation FUnction 2

An encryption mechanism that basically uses a password and manipulates it to generate a strong key that can be used for encryption and subsequently decryption.

168
Q

PCI DSS

A

Payment Card Industry Data Security Standard

A security standard that enumerates requirements that payment card industry players should meet to secure and monitor their networks, protect cardholder data, manage vulnerabilities, implement strong access controls, and maintain security policies.

169
Q

PFS

A

Perfect Forward Secrecy

A process which ensures that a session key derived from a set of long term keys cannot be compromised if one of the long term keys is compromised in the future.

170
Q

PII

A

Personally Identifiable Information

A piece of data that can be used alone or with other information to identify a particular person.

171
Q

PaaS

A

Platform as a Service

A cloud service model in which the vendor provides the hardware platform or data center and the software running on the platform, including the OS and infrastructure software. The company is still involved in managing the system.

172
Q

PCR

A

Platform Configuration Register hash

Versatile memory that stores data hashes for the sealing function.

173
Q

PPTP

A

Point-to-Point Tunneling Protocol

A Microsoft protocol based on PPP that uses built-in Microsoft Point-to-Point encryption and can use a number of authentication methods, including CHAP, MS-CHAP, and EAP-TLS.

174
Q

POP

A

Post Office Protocol

An application layer email retrieval protocol.

175
Q

PRL

A

Preferred Roaming List

A list of radio frequencies that resides in the memory of some kinds of digital phones.

176
Q

PGP

A

Pretty Good Privacy

An encryption system that provides email encryption over the internet can provide confidentiality, integrity, and authentication, depending on the encryption methods used.

177
Q

PLA

A

Privacy-Level Agreement

A document that sets out in contractual terms how a third-party provider will ensure that the information it hosts will not be seen by the wrong set of eyes.

178
Q

PBX

A

Private Branch Exchange

A telephone exchange or telephone switching system that is installed at, and serves, a private organization with a large number of internal devices.

179
Q

PFE

A

Private Function Evaluation

The process of evaluating one party’s private data using a private function owned by another party.

180
Q

PIR

A

Private Information Retrieval

A type of protocol that can retrieve information from a server without revealing which item is retrieved.

181
Q

PAM

A

Privileged Access Management

Protects against the issues related to credential theft and misuse.

182
Q

PRI

A

Product Release Information

A connection between a mobile device and a radio

183
Q

PLD

A

Programmable Logic Device

An integrated circuit with connections or internal logic gates that can be changed through a programming process.

184
Q

PKI

A

Public Key Infrastructure

The set of systems, software, and communication protocols that distribute, manage, and control public key cryptography.

185
Q

RIPEMD

A

RACE Integrity Primitives Evaluation Message Digest

A hashing algorithm that produces a 160-bit hash value after performing 160 rounds of computations on 512-bit blocks.

186
Q

RTP

A

Real-Time Transport Protocol

A network protocol for delivering audio and video over IP networks.

187
Q

RUM

A

Real User Monitoring

A monitoring method that captures and analyzes every transaction of every application or website user.

188
Q

RAID

A

Redundant Array of Inexpensive Disks

Refers to how a sysadmin configures the storage array to provide redundancy in the case of one or more disks failing.

189
Q

RA

A

Registration Authority

A server that verifies a requester’s identity and registers the requester.

190
Q

RADIUS

A

Remote Authentication Dial-In User Service

A networking protocol that provides centralized authentication and authorization.

191
Q

RDP

A

Remote Desktop Protocol

A proprietary protocol developed by Microsoft that provides a graphical interface to connect to another computer over a network.

192
Q

RTU

A

Remote Terminal Unit

A device in an ICS that connects to sensors and converts sensor data to digital data, including telemetry hardware.

193
Q

REST

A

Representational State Transfer

A client/server model for interacting with content on remote systems, typically using HTTP.

194
Q

ROI

A

Return On Investment

The money gained or lost after an organization makes an investment.

195
Q

RSA

A

Rivest, Shamir, and Adleman

The most popular asymmetric algorithm.

196
Q

RBAC

A

Rule-Based Access Control

An access control system in which each subject is assigned to one or more roles. Roles are hierarchical, and access control is defined based on the roles.

197
Q

ROE

A

Rules of Engagement

A document describing how a pen-test may be performed, including the type of testing to be performed, the scope of software and systems to be included in the test, along with contact information.

198
Q

RoT

A

Root of Trust

Or, trust anchor, is a secure subsystem that provides attestation, meaning the receiver can trust a statement made by the system.

199
Q

SIS

A

Safety Instrumented Data

Contains sensors, logic solvers, and final control elements (like horns, flashing lights, and sirens) to return an industrial process to a safe state after detecting predetermined conditions.

200
Q

SOW

A

Scope of Work

Describes the specific systems, or range of IP addresses, time frame, testing, location of where testing is to be performed, and other details.

201
Q

SFE

A

Secure Function Evaluation

The process in which multiple parties collectively compute a function and receive its output without learning the inputs from any other party.

202
Q

SHA

A

Secure Hashing Algorithm

A family of four algorithms published by the US NIST.

203
Q

S/MIME

A

Secure Multipurpose Internet Mail Extensions

A secure version of MIME that encrypts and digitally signs email messages and encrypts attachments.

204
Q

SSH

A

Secure Shell

A protocol created to provide an encrypted method of performing remote command-line operations.

205
Q

SSL

A

Secure Sockets Layer

A protocol used to create secure connections to servers. It works at the application layer of the OSI model. It is used mainly to protect HTTP/HTTPS traffic or web servers.

206
Q

SAML

A

Security Assertion Markup Language

A security attestation model built on XML and SOAP-based services that allows for the exchange of authentication and authorization data between systems and that supports federated identity management.

207
Q

SCAP

A

Security Content Automation Protocol

A standard that the security automation community uses to enumerate software flaws and configuration issues.

208
Q

SEAndroid

A

Security-Enhanced Android

An SELinux version that runs on Android devices.

209
Q

SELinux

A

Security-Enhanced Linux

A Linux kernel security module that separates enforcement of security decisions from the security policy itself and streamlines the amount of software involved with security policy enforcement.

210
Q

SIEM

A

Security Information and Event Management

A system that provides log centralization and an automated solution for analyzing events.

211
Q

SOAR

A

Security Orchestration, Automation, and Response

The use of technologies to accomplish automation and orchestration in performing mundane tasks that are crucial to identifying and responding to security issues.

212
Q

SRTM

A

Security Requirements Traceability Matrix

A grid that documents the security requirements that a new asset must meet.

213
Q

STAR

A

Security Trust Assurance and Risk registry

A list of cloud providers that have met the requirements laid out by the Cloud Security Alliance (CSA).

214
Q

SED

A

Self-Encrypting Drives

An HDD or SSD designed to automatically encrypt drive data as it is written to the disk and decrypt stored data.

215
Q

SPF

A

Sender Policy Framework

An email validation system that works by using DNS to determine whether an email sent by someone has been sent by a host sanctioned by that domain’s administrator.

216
Q

SLA

A

Service Level Agreement

An agreement to respond to problems within a certain time frame while providing an agreed level of service.

217
Q

SOA

A

Service Oriented Architecture

A style of software design that involves using software to provide application functionality as services to other applications.

218
Q

SSID

A

Service Set Identifier

A name or value assigned to identify a WLAN from other WLANs.

219
Q

SKA

A

Shared Key Authentication

A verification process that uses WEP and a shared secret key for authentication. The challenge text is encrypted with WEP using the shared secret key.

220
Q

SCEP

A

Simple Certificate Enrollment Protocol

A protocol that is used in provisioning certificates to network devices, including mobile devices.

221
Q

SMTP

A

Simple Mail Transfer Protocol

An application layer protocol that is used to retrieve information from network devices and to send configuration changes to those devices.

222
Q

SNMP

A

Simple Network Management Protocol

An application layer protocol that is used to retrieve information from network devices and to send configuration changes to those devices.

223
Q

SOAP

A

Simple Object Access Protocol

A protocol specification for exchanging structured information in the implementation of web services in computer networks.

224
Q

SLE

A

Single Loss Expectancy

The monetary impact of a threat occurrence.

225
Q

SSO

A

Single Sign-On

226
Q

SaaS

A

Software as a Service

A cloud service model in which the vendor provides the entire solution, including the OS, the infrastructure software, and the application.

227
Q

SCA

A

Software Composition Analysis

The process of performing automated scans of an application’s code base, including related artifacts such as containers and registries, to identify all open-source components, their license compliance data, and any security vulnerabilities and fix vulnerabilities through prioritization and auto remediation.

228
Q

SDN

A

Software-Defined Networks

The decoupling of the control plan and the data plane in networking.

229
Q

SNAT

A

Stateful Network Address Translation

A service that implements two or more NAT devices to work together as a translation group. It is called stateful NAT because it maintains a table about the communication sessions between internal and external systems.

230
Q

SAST

A

Static Application Security Testing

A form of testing that is performed with the application not running.

231
Q

SRK

A

Storage Root Key

Persistent memory that secures the keys stored in a TPM chip.

232
Q

SQLi

A

Structured Query Language Injection

SQLi manipulates SQL language in poorly crafted web applications in order to gain access to data stored in the underlying database.

233
Q

SCADA

A

Supervisory Control And Data Acquisition

A system that operates with coded signals over communication channels to provide control of remote equipment.

234
Q

SoC

A

System on a Chip

Software contained on a chip such as a baseband processor in a network interface that manages radio functions.

235
Q

SFC

A

System File Checker

A command-line utility that checks and verifies the version of system files on a computer.

236
Q

SPAN

A

Switched-Port Analyzer

A port that has been configured to include mirrored traffic from other ports on a switch.

237
Q

TACACS

A

Terminal Access Controller Access Control System

A networking protocol that provides centralized authentication and authorization.

238
Q

TAP

A

Test Access Port

The preferred mechanism for performing traffic capture, sniffing.

239
Q

TOTP

A

Time-based One-Time Password

An algorithm that computes a password from a shared secret and the current time. It is based on the HOTP but turns the current time into an integer-based counter.

240
Q

TOCTOU

A

Time of Check vs Time of Use

Describes issues associated with programming that follow a sequence of steps and makes assumptions about the state of the steps. A lack of atomic execution exposes applications to TOCTOU types of attacks.

241
Q

TCO

A

Total Cost of Ownership

A measure of the overall costs associated with running an organizational risk management process, including insurance premiums, finance costs, administrative costs, and any losses incurred.

242
Q

TLS

A

Transport Layer Security

A cryptographic protocol that protects internet communications and is an upgrade of SSL.

243
Q

3DES

A

Triple Digital Encryption Standard

The replacement algorithm for DES.

244
Q

TPM

A

Trusted Platform Module

A specification for hardware-based storage of encryption keys, hashed passwords, and other user and platform identification information.

245
Q

2FA

A

Two-Factor Authentication

Authentication in which authentication factors from two different factor categories are used. For example, a password and an iris scan.

246
Q

UEFI

A

Unified Extensible Firmware Interface

An alternative to BIOS for interfacing between the software and the firmware of a system.

247
Q

UTM

A

Unified Threat Management

A solution in which devices perform multiple security functions. For example, antivirus, firewalling, and network access control may all be provided by a single device.

248
Q

UDDI

A

Universal Description Discovery and Integration

A platform-dependent, XML protocol that includes a (XML-based) registry by which businesses worldwide can list themselves on the internet, and a mechanism to register and locate web service applications.

249
Q

UEBA

A

User and Entity Behavior Analytics

A type of analysis that focuses on observing network behaviors for anomalies.

250
Q

VDI

A

Virtual Desktop Infrastructure

A server-based virtualization technology that hosts and manages virtual desktops. Functions include creating the desktop images, managing the desktops on the servers, and providing client network access for the desktop.

251
Q

WAF

A

Web Application Firewall

Provides effective protection of web applications by inspecting traffic for signs of malicious activity.

252
Q

WSS

A

Web Services Security

An extension to SOAP that is used to apply security to web services.

253
Q

WPA

A

Wi-Fi Protected Access
WPA2 Wi-Fi Protected Access 2
WPA3 Wi-Fi Protected Access 3

254
Q

WEP

A

Wired Equivalent Privacy

255
Q

WIDS

A

Wireless Intrusion Detection System

An IDS that operates on a WLAN rather than on a wired network.

256
Q

XN

A

Execute Never bit

A method for specifying areas of memory that cannot be used for execution.

257
Q

XXEi

A

XML External Entity Injection

An attack against an application that parses XML input. A weakly configured XML parser may process references to an external entity that could leak confidential data.

258
Q

XCCDF

A

Extensible Configuration Checklist Description Format

Provides a consistent and standardized way to define benchmark information as well as configuration and security checks to be performed during an assessment.