Acronyms Flashcards
ACL
Access Control List
A rule set that can be implemented on a firewall, switch, or other infrastructure device to control access.
AP
Access Point
A wireless transmitter and receiver that hooks into the wired portion of a network and provides an access point to that network for wireless devices.
ASLR
Address Space Layout Randomization
A technique that can be used to prevent memory attacks
AES
Advanced Encryption Standard
A symmetric algorithm adopted by the US government as the replacement algorithm for 3DES.
APT
Advanced Persistent Threat
A hacking process that targets a specific entity and is carried out over a long period of time. The attacker is usually a group of organized individuals often funded and supported by a nation-state to gain illicit access to another government’s information.
ALE
Annualized Loss Expectancy
The expected risk cost of an annual threat event.
ARO
Annualized Rate of Occurrence
An estimate of how often a given threat might occur annually.
API
Application Programming Interface
A software interface that handles interactions between multiple software applications or mixed hardware/software intermediaries.
ASIC
Application Specific Integrated Circuit
A circuit that is designed specifically for an application and thus is not a general-purpose chip.
AI
Artificial Intelligence
The ability of a machine or computer to learn and adapt.
ARF
Asset Reporting Format
A data model that is used to express the transport format of information about assets and the relationships between assets and reports.
AJAX
Asynchronous JavaScript and XML
A group of interrelated web development techniques used on the client side to create asynchronous web applications.
AIK
Attestation Identity Key
Versatile memory that ensures the integrity of an EK.
ABAC
Attribute-Based Access Control
An access control system that takes multiple factors or attributes into consideration before authenticating and authorizing an entity.
AR
Augmented Reality
A program that overlays virtual objects on the real-world environment.
AAA
Authentication, Authorization, and Accounting
Framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services.
BYOD
Bring Your Own Device
A strategy in which users bring their own devices and use them for company and personal work.
BACnet
Building Automation and Control Network
An application, network, and media access control layer communications service that can operate over a number of layer 2 protocols, including ethernet.
BCP
Business Continuity Plan
A process that focuses on sustaining an organization’s business/mission processes during and after disruption.
BIA
Business Impact Analysis
The process of identifying mission critical systems and identifying measure to provide fault tolerance and high availability.
CMMI
Capability Maturity Model Integration
A process improvement approach.
CA
Certificate Authority
An entity that creates and signs digital certificates, maintains the certificates, and revokes them when necessary.
CRL
Certificate Revocation List
A list of digital certificates that a CA has revoked.
CSR
Certificate Signing Request
A request that a self-generated certificate be validated and signed by a CA.
COPPA
Children’s Online Privacy Protection Act
A law that addresses abuse of children on the Internet.
CYOD
Choose Your Own Device
A strategy in which organization users choose their own devices from a list of options but the devices are purchased, owned, and managed by the organization.
CBC
Cipher Block Chaining
A DES mode in which 64-bit blocks are chained together and each resultant 64-bit ciphertext block is applied to the next block.
CASB
Cloud Access Security Broker
On-premises or cloud based software that sits between cloud service users and cloud applications and monitors all activity and enforces security policies.
CCE
Common Configuration Enumeration
A set of best practice statements maintained by the NIST.
CIP
Common Industrial Protocol
A suite of messages and services for the collection of manufacturing automation applications.
CN
Common Name
The entity name protected by an SSL/TLS certificate, which is technically represented by the Common Name field in the X.509 certificate specification.
CPE
Common Platform Enumeration
A naming scheme for describing and classifying operations systems, applications, and hardware devices used by SCAP.
CVE
Common Vulnerabilities and Exposures
A free MITRE database that lists vulnerabilities in published operating systems and application software as identified by Common Platform Enumeration (CPE).
CVSS
Common Vulnerability Scoring System
A system of ranking vulnerabilities that are discovered based on predefined metrics.
COBO
Company-Owned, Business Only
A strategy in which mobile devices, are purchased, owned, and managed by the organization.
CSIRT
Computer Security Incident Response Team
Provides a reliable and trusted single point of contact for reporting computer security incidents worldwide.
CMDB
Configuration Management Database
A database that keeps track of the state of assets, such as products, systems, software, facilities, and people, as they exist at specific points in time, as well as the relationships between such assets.
CDN
Content Delivery Network
A set of geographically dispersed servers that serve content to users based on their location, so that users get content from the physically nearest server.
CMS
Content Management System
Enables non-technical users the ability to create, manage, and modify content on a website.
CTPH
Context Triggered Piecewise Hashes
A rolling hash that involves multiple traditional cryptographic hashes for one or more fixed-size segments in a file.
COOP
Continuity of Operations Plan
A plan that focuses on restoring an organization’s mission essential functions at an alternate site and performing those functions for up to 30 days before returning to normal operations.
CD
Continuous Delivery
The ability to make software features, configuration changes, bug fixes, and experiments available to users safely and quickly and in a sustainable way.
CDP
Continuous Delivery Pipeline
The workflows needed to introduce new functionality to software, from ideation to an on-demand release of value to the end user.
CI
Continuous Integration
The practice of merging all software developer working copies into a shared main line several times a day.
CAN
Controller Area Network bus
A newer standard for vehicle-to-vehicle and vehicle-to-road communication.
COPE
Corporate Owned, Personally Enabled
A strategy in which an organization purchases mobile devices, and users manage those devices.
CTR
Counter
A DES mode that uses an incrementing IV counter to ensure that each block is encrypted with a unique keystream.
CPTED
Crime Prevention Through
Environmental Design
A multi-disciplinary approach to security that involves designing a facility from the ground up to support security.
CSRF
Cross-Site Request Forgery
An attack that causes an end user to execute unwanted actions on a web application in which they are currently authenticated.
XSS
Cross-Site Scripting
An attack in which an attacker locates a website vulnerability and injects malicious code into the web application.
CER
Crossover Error Rate
The point at which FRR equals FAR.
CRM
Customer Relationship Management
Software that identifies customers and stores customer-related data, particularly contact information and data on any direct contacts with customers.
DLP
Data Loss Prevention
Software that uses ingress and egress filters to identify sensitive data that is leaving the organization and can prevent such leakage.
DAM
Database Activity Monitoring
The use of tools to monitor transactions and the activity of database services.
DDS
Data Distribution Service
Enables network interoperability for connect machines, facilitating the scalability, performance, and Quality of Service (QoS) features required for industrial applications.
DevOps
Development Operations
A software development method that aims at shorter development cycles, increased deployment frequency, and more dependable releases, in close alignment with business objectives.
DevSecOps
Development Security Operations
A development approach that involves representatives from development, operations, and security to create a shared sense of responsibility with regard to security.
DH
Diffie-Hellmen
A key agreement process used with asymmetric encryption algorithms allowing for a symmetric key exchange without using public/private key pairs.
DRM
Digital Rights Management
Technology used by hardware manufacturers, publishers, copyright holders, and individuals to control the use of digital content.
DSS
Digital Signature Standard
A US federal digital security standard that governs the Digital Security Algorithm (DSA).
DRaaS
Disaster Recovery Plan
An information system-focused plan designed to restore operability of the target system, application, or computer facility infrastructure at an alternate site after an emergency.
DRP
Disaster Recovery Plan
An information system-focused plan designed to restore operability of the target system, application, or computer facility infrastructure at an alternate site after an emergency.
DAC
Discretionary Access Control
An access control system in which the owner of an object specifies which subjects can access the resource.
DDoS
Distributed Denial of Service
An attack that is carried out from multiple attack locations.
DNP3
Distributed Network Protocol 3
A primary/secondary protocol that uses port 19999 when using TLS and port 2000 when not using TLS. Its main use is in utilities such as electric and water companies.
DoH
DNS over HTTPS
A method of transmitting DNS traffic to remote DNS servers using the Secure HTTPS protocol.
DNS
Domain Name System
A database that provides a hierarchical naming system for computers, services, and any resources connected to the internet or a private network.
DNSSEC
Domain Name System Security Extensions
A secure form of DNS which ensures that a DNS server is authenticated before the transfer of DNS information begins between the DNS server and the client.
DAST
Dynamic Application Security Testing
A form of testing that is automated.
DTP
Dynamic Trunking Protocol
A protocol that enables two switches to form a trunk link automatically, based on their configuration.
ECB
Electronic Codebook
The easiest and fastest DES mode to use. It has security issues because every 64-bit block is encrypted with the same key.
ECC
Elliptic-Curve Cryptography
An approach to public key cryptography that is based on the algebraic structure of elliptic curves over finite fields.
ECDH
Elliptic-Curve Diffie-Hellman
A key agreement protocol that uses an elliptic-curve public/private key pair to establish a symmetric key over an insecure channel.
ECDSA
Elliptic-Curve Digital Signature Algorithm
An algorithm that provides elliptical-curve-based key exchange.
EK
Endorsement Key
Persistent memory installed by a manufacturer that contains a public-private key pair.
EDR
Endpoint Detection and Response
A proactive endpoint security approach that is designed to supplement existing defenses.
ERP
Enterprise Resource Planning
A process that involves collecting, storing, managing, and interpreting data from product planning, product cost, manufacturing or service delivery, marketing/sales, inventory management, shipping, payment, and any other business processes.
ESB
Enterprise Service Bus
A software platform used to facilitate communication between mutually interacting software applications in an SOA.
ELF
Executable and Linkable Format
The standard binary format on Oss such as Linux. Capabilities include dynamic linking, dynamic loading, imposing run-time control on a program, and an improved method for creating shared libraries.
EF
Exposure Factor
The percentage value or functionality of an asset that will be lost when a threat event occurs.
EV
Extended Validation
A certificate that requires verification of the requesting entity’s legal identify before the certificate can be issued.
XACML
Extensible Access Control Markup Language
A standard for an access control policy language using XML. Its goal is to create an ABAC system that decouples the access decision from the application or the local machine.
EAP
Extensible Authentication Protocol
A framework for port-based access control that uses the same three components that are used in RADIUS.
XCCDF
Extensible Configuration Checklist Description Format
A specification language for writing security checklists, benchmarks, and related kinds of documents that is used by SCAP.
XML
Extensible Markup Language
A markup language that is often used in web deployments.
FAR
False Acceptance Rate
A measurement of the percentage of invalid users that will be falsely accepted by the system.
FRR
False Rejection Rate
A measurement of valid users that will be falsely rejected by the system.
FERMA
Federation of European Risk Management Associations Risk Management Standard
An organization that provides guidelines for managing risk in an organization.
FPGA
Field Programmable Gate Array
A type of PLD that is programmed by blowing fuse connections on the chip or using an anti-fuse that makes a connection when a high voltage is applied to the junction.
FIM
File Integrity Monitoring
Methods of ensuring that files have not been altered by an unauthorized person or application.
FIFO
First-In, First-Out
A tape rotation scheme in which the newest backup is saved to the oldest media.
FTK
Forensic Toolkit
A tool for taking images of forensic data without making changed to the original evidence.
FaaS
Function as a Service
An extension of PaaS that completely abstracts the virtual server from the developer.
GCM
Galois/Counter Mode
A DES mode in which blocks are numbered sequentially, and then a block number is combined with an IV and encrypted with a block cipher, usually AES.
GDPR
General Data Protection Regulation
Regulatory guidelines required by the EU.
GPS
Global Positioning System
GPS sensors can report highly accurate location information.
GPG
GNU Privacy Guard
A rewrite or upgrade of PGP that uses AES.
GDB
GNU Project Debugger
A tool that allows visibility into a program while it executes or determines what the program was doing at the moment it crashed.
GFS
Grandfather/Father/Son
A tape rotation scheme in which three sets of backups are defined. Most often these three definitions are daily (sons), weekly (fathers), and monthly(grandfathers). Each week, one son advances to the father set.
HSM
Hardware Security Module
An appliance that safeguards and manages digital keys used with strong authentication and provides crypto processing.
HMAC
Host-based Message Authentication Code
A keyed-has MAC that involves a hash function with a symmetric key. HMAC provides data ingrity an authentication.
HSM
Hierarchical Storage Management
A backup method that involves storing frequently accessed data on faster media and less frequently accessed data on slower media.
HIDS
Host-based Intrusion Detection System
Provides threat detection by monitoring OS logs, processes, services, and file systems.