Acronyms Flashcards
ACL
Access control list- rule that either permits or denies actions.
ARP
Address resolution protocol (ARP)-A protocol that provides translations between MAC addresses and IP addresses on a local network. 3
AI
The use of artificial intelligence techniques by attackers for malicious purposes.
TTP
Adversary tactics, techniques, and procedures (TTPs)-The study of the methods used by cyber security adversaries when engaging in attacks. 3
AUP
Acceptable Use Policy–A document that provides network and system users with a clear direction on permissible uses of information resources.
APT
Advance persistent Treats -Cybersecurity adversary characterized by a sophisticated series of related attacks taking placed over an extended period of time.3
ALE
Annualized loss expectancy (ALE)–The possible yearly cost of all instances of a specific realized threat against a specific asset. THE ALE is calculated using the formula ALE=Single loss expectancy (SLE) *Annualized rate of occurrence (ARO) 4
ARO
Annualized Rate of Occurrence ARO- The expected frequency that a specific threat or risk will occur within a single year.
API
Application programming interfaces (API)- API’s allow application developers to interact directly with a web service through function calls. 4
AV
Asset Value (AV)– A dollar value assigned to an asset based on actual cost and nonmonetary expenses. 4
AC
Attack Complexity Metric (AC)- A metric that describes the difficulty of exploiting a vulnerability. 5
AV
Attack Vector Metric (AV)- A metric that describes how an attacker would exploit a vulnerability.5
ABAC
Attribute based access control (ABAC)- An advance implementation of a rule based access control model that uses polices that include multiple attributes for rules. 5
A
Availability Metric (A) - A metric that describes the type of distribution that might occur if an attacker successfully exploits a vulnerability. 5
BEC
Business Email Compromise (BEC)-Relies on using apparently legitimate email addresses to conduct scams and other attacks. 8
BIA
Business Impact Analysis (BIA)- a formal process designed to identify the mission-essential functions within an organization and facilitate the identification of the critical systems that support those functions. 8
BPA
Business Partners agreement (BPA) Exists when 2 organizations agree to do business with each other in a partnership. 8
CTF
Capture The Flag (CTF) –An exercise that pits technologist against one another in an attempt to attack a system and achieve a specific goal, such as stealing a sensitive file. 8
CCMP
CCMP- (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) –Encryption technology used in the WPA2 protocol. It implements AES (Advance Encryption Standard) with a 128 bit key as a stream cipher.
AES
AES (Advance Encryption Standard)
CIS
Center For Internet Security (CIS) An industry organization that publishes hundreds of benchmarks for commonly used platforms. 8
CA
Certificate Authorities (CA) CA are the glue that binds the public key infrastructure together. These neural organizations offer notarization services for digital certificates. 9
CRL
Certificate Revocation List (CRL) used to ensure that the certificate was not revoked. 9
CSR
Certificate Signing Request (CSR)– Provides your public key to the certificate authority to create an X.509 digital certificate containing your identifying information and a copy of your public key. 9
CHAP
Challenge handshake Authentication Protocol (CHAP) A protocol that challenges a user or system to verify its identity without sending a secret key over the network. 9
CYOD
Choose your Own Device (CYOD) – The organization owns the device but allows the user to select and maintain it. 9
CCTV
Closed Circuit Television (CCTV) displays what the camera is seeing on a screen. Some CCTV systems include recording capabilities.
CASB
Cloud Access Security Broker (CASB) – A security policy enforcement solution that consistently enforces security policies across cloud providers.
CN
Common name (CN) Clearly describes the certificate owner. 11
CPE
Common platform enumeration (CPE)–Provides a standard nomenclature for describing product names and versions. 11
CLE
Column level encryption (CLE) allows for specific columns within tables to be encrypted. 11
CCE
Common configuration enumeration (CCE) provides a standard nomenclatures for discussing system configuration issues.
CVE
Common Vulnerabilities and Exposure (CVE) Provides a standard nomenclature for describing security related software flaws. 11
CVSS
Common Vulnerability Scoring System (CVSS) – Security Content Automation Protocol (SCAP) Component that provides a standardized scoring system for describing the characteristics and severity of security vulnerabilities. 11
COBO
Company Owned Business ONLY (COBO) – Most frequently used to describe company owned devices used only for business work. 11
CBT
Computer Based Training (CBT)- method of Delivery training content to users by digital means.11
CD
Continuous Delivery (CD) – Sometimes called continuous delivery; it rolls out tested changes into production automatically as soon as they have been tested. 12
CI
Continuous Integration (CI)– A development practice that checks code into a shared repository on a consistent, ongoing basis.
COBIT
Control Objectives for Information and Related Technologies (COBIT)– Describes the common requirements that organizations should have in place surrounding their information systems. 13
COPE
Corporate-Owned, personally Enabled (COPE)– Corporate provided devices that allow reasonable personal use while meeting enterprise security and control needs. 13
XSRF/CSRF
Cross Site Request Forgery (XSRF/CSRF) An attack that is similar in nature to that of XSS. However, with XSRF, the attack is focused on the visiting user’s web browser more so than the website being visited. 13
XSRF/CSRF
Cross Site Request Forgery (XSRF/CSRF) An attack that is similar in nature to that of XSS. However, with XSRF, the attack is focused on the visiting user’s web browser more so than the website being visited. 13
XSS
Cross-Site Scripting (XSS)–Running a script routine on a user’s machine from a website without their permission. 13
CER
Cross Over Rate– The point at which the false rejection rate (FRR) and the False acceptance rate (FAR) are equal. Sometimes called the Equal Error Rate (ERR) 13
CSF
Cybersecurity Framework– NIST cybersecurity framework provides organization against cybersecurity risks.
CYOD
Choose your own device
DLP
Data Loss Prevention–Any systems that identify, monitor, and protect data to prevent it from unauthorized use, modification, destruction, egress, or exfiltration from a location.15
DPO
Data Protection Officer - A specific individual who bears overall responsibility for carrying out the organization’s data privacy efforts.16
DDoS
Denial of Service-One of the most common forms of the distributed denial of service attacks is a network based DDOS. Malicious actors commonly use large scale botnets to conduct network DDoS attacks, and commercial services exist that conduct DDOS attacks and DDos like behavior for stress and load testing purposes. 16
DMZ
Demilitarized Zone- A network zone that resides between an internal network and the internet used to host systems that require public access. 16
DRM
A type of protection software that uses encryption to enforce copyright restrictions on digital media. Over the past decade, publishers attempted to deploy DRM schemes across a variety of media types, including music, movies, and books. 17
DRP
Disaster Recovery Plan -Term that describes the actions an organization takes to resume normal operations after a disaster interrupts normal activity. 18
DMARC
Domain based message authentication reporting and conformance (DMARC)-A protocol that uses SPF and DKIM to determine if an email message is authentic. 19
DNS
Domain Name System (DNS)–The network service used in TCP/IP networks that translates hostnames to IP addresses. 19
DNSSEC
Domain Name System Security Extensions (DNSSEC)–Provide authentication of DNS data, allowing DNS queries to be validated even if they are not encrypted. 19
DV
Domain Validation (DV) Certificates The CA simply verifies that the certificate subject has control of the domain name. 19
DKIM
DomainKeys Identified Mail (DKIM)-Allows organizations to add content to messages to identify them as being from their domain. 19
DHCP
Dynamic Host Configuration Protocol (DHCP)– A protocol used to assign TCP/IP configuration settings to systems upon bootup. DHCP uses UDP
Dynamic Packet Filtering Firewall
A firewall that enables real time modification of the filtering rules based on traffic content. Dynamic packet-filtering firewalls are known as forth generation firewalls.