Acronyms Flashcards
16 CI infrastructure
16 critical infrastructure sectors
ACFCS
Association of Certified Financial Crime Specialists
Worldwide organization for private and public sector professionals working in financial crime disciplines; information sharing network for financial crime intelligence; offers member training products and service; awards CFCS certification to qualified candidates
Active defense
Includes attribution (finding out who is attacking and how), prevention (stopping attacks before they go too far), and retribution (“hacking back”) to defend systems
AFME
Association for Financial Markets in Europe
Trade group representing global European banks and other significant capital market players. Advocate on behalf of European banks for constructive EU policy development
APT
Advanced Persistent Attack
A series of cyber attacks targeting a specific entity
APWG
Anti-Phishing Working Group
BoE
Central bank of the U.K.
Manages the nation’s currency and financial system
Mission to maintain financial and monetary stability
C3
Critical infrastructure Cyber Community
Pronounced C-cubed
US-CERT’s voluntary program to assist the enhancement of critical infrastructure cyber security and promote the adoption of NIST Cybersecurity framework
CARMA
Cyber security Assessment and Risk Management Approach
Provide an outline of sector-wide risks for different categories of cyber critical infrastructure to help the owners/operators assess, prioritize, and manage cyber risks
CAT (FFIEC)
Cybersecurity Assessment Tool
CBEST
Intelligence led penetration testing methodology/process; firmly encouraged by the UK regulators (BoE/PRA) for all critical UK financial institutions to perform this testing process to assess potential vulnerabilities in their systems
CDT
Center for Democracy and Technology
Team of experts with deep knowledge of issues pertaining to the Internet, privacy, security, technology, and intellectual property; team members come from academia, private enterprise, government, and the non-profit worlds to translate complex policy into action; advocate for laws, corporate policies, and technology tools that protect the privacy of Internet users, and place stronger legal controls on government surveillance
CEH
Certified Ethical Hacker (or Hacking)
A skilled professional who knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of the target system(s). The CEH credential offered by the EC-Council certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective.
CERT
Computer Emergency Response Team
Expert groups that handle computer security incidents; there are many different CERTs (ex: for different countries) that operate independently but may coordinate on certain security incidents; also called CSIRTs
CFCS certification
Certified Financial Crime Specialist certification
Awarded by the ACFCS to professionals in the financial crime field who pass an exam
CFPB
Consumer Financial Protection Bureau
Organization established by Congress to protect consumers by carrying out federal consumer financial laws; they write rules, supervise companies, and enforce federal consumer financial protection laws
Chamber of Commerce
World’s largest business organization for US businesses; advocates for US business and the growth of the economy; develop and implement policies on major issues affecting business
CI
Critical Infrastructure
The assets, systems, and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof; there are 16 CI Industry Sectors
CIA
Central Intelligence Agency
Civilian foreign intelligence agency of the USG tasked with gathering, processing, and analyzing national security information from around the world; reports to the DNI
CIIA
Critical Infrastructure Information Act of 2002
Enacted as part of the Homeland Security Act of 2002; created a framework that enables members of the private sector and others to voluntarily submit sensitive information regarding the Nation’s CIKR to DHS with the assurance that the information, if it satisfies certain requirements, will be protected from public disclosure
CIIP
Critical Information Infrastructure Protection
Term used in the EU to describe initiatives for the protection and resilience of CI; ENISA has a CIIP and Resilience Unit, which is responsible for assisting national EU agencies and private sector organizations develop strong, proactive strategies for protection, response, and recovery from cyber security attacks
CIKR
Critical Infrastructure and Key Resources
refers to the assets of the US essential to the nation’s security, public health and safety, economic vitality, and way of life.
CINS
Critical Infrastructure Notification System
FS-ISAC’s notification system, which allows FS-ISAC to send cyber threat alerts to multiple recipients around the globe near-simultaneously
CIP
Critical Infrastructure Protection
A concept that relates to the preparedness and response to serious incidents involving national critical infrastructure
CIPAC
Critical Infrastructure Partnerships Advisory Council
DHS council to facilitate interaction between government entities and CI owners/operators
CISA
Cyber security Information Sharing Act of 2015
The reincarnation of CISPA; was passed by the Senate Intelligence Committee; was designed to encourage the sharing of data between private companies and the government to prevent and respond to cyber threats; still privacy concerns working against the bill (people believe it is a surveillance bill in disguise because it would allow for the sharing of personal data that goes beyond cyber security threats)
CISCP
Critical Infrastructure Cyber Information Sharing & Collaboration Program
Run by DHS; information sharing and collaboration between DHS and its critical infrastructure partners; CISCP shares near-real-time threat incident, and vulnerability information; key focus is to establish a community of trust between the Federal Government and critical infrastructure entities and to leverage those relationships to better understand cyber threats and improve the network defense of the entire community
CISO
Chief Information Security Officer
The senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are protected
CISPA
Cyber Intelligence Sharing and Protection Act
A proposed amendment to the National Security Act of 1947; would allow for the sharing of Internet traffic information between the US government and technology and manufacturing companies; the stated aim of the bill is to help the US government investigate cyber threats and ensure the security of networks against cyber attacks; however, there are concerns about privacy and civil liberties surrounding CISPA; was never passed
CISSP
Certified Information Systems Security Professional
You can earn this professional certification through ISC2
CNDA
Certified Network Defense Architect
Similar to CEH, but for government agencies only (certification offered by UC-Council)
CNI
Critical National Infrastructure
Same thing as CI (Critial Infrastructure)
CNO
Computer Network Operations
Deliberate actions taken to leverage and optimize computer networks to improve human endeavor and enterprise (in private sector organizations, for example) or, in warfare, to gain information superiority and deny the enemy this enabling capability; the NSA enables CNOs to give the U.S. and out allies an advantage over potential threats
ConOps
Concept of Operations
A` document describing the characteristics of a proposed system from the viewpoint of an individual who will use that system, used to describe the system to all stakeholders
CPMI
Committee on Payments and Market Infrastructures
Promotes the safety and efficiency of payment, clearing, settlement and related arrangements, thereby supporting financial stability and the wider economy; monitors and analyses developments in these arrangements; serves as a forum for central bank cooperation in related oversight, policy and operational matters, including the provision of central bank services; sets standards that aim to strengthen regulation, policy, and practices regarding such arrangements worldwide
CPNI
Centre for the Protection of National Infrastructure
UL authority; provides expert security advice to CI owners and operators; involved in R&D; have relationships with both private and public sector partners
CRADA
Cooperative Research and Development Agreement
An agreement between a government agency and a private company or university to work together on research and development (example: JPMC signed a CRADA with the IOW to share cyber security and threat information)
CRR
Cyber Resilience Reviews
Reviews that measure the cyber security capabilities of an organization using CSET and CARMA; run by DHS’s CSEP
CS&C
Office of Cybersecurity and Communications
DHS office within the NPPD; works to prevent or minimize disruptions to critical information infrastructure in order to protect the public, the economy, and government services; works to protect the .gov and .com domains; is the SSA for the Communications and IT sectors; reports consistent with the NRF
CSA
Cyber Security Alliance
Partnership of companies where members collaborate on customer-focused solutions, experiments, and end-to-end systems integration pilot programs to help provide early threat detection, protection, and multi-layer self-healing capabilities to solve customers’ difficult problems and meet future challenges; run by Lockheed Martin
CSA SG
Cyber Security Agency Singapore
Government agency that develops and oversees the nation’s cyber security strategy; mission to protect critical infrastructure; promotes cyber security awareness through public outreach
CSEP
Cyber Security Evaluation Program
The DHS program that performs CRRs
CSET
Cyber Security Evaluation Tool
Systematic and repeatable evaluation process used in CRRs to assess the posture of ICS networks
CSIAC
Cyber Security & Information Systems Information Analysis Center
A DoD IAC sponsored by the DACS, IATAC, and MSIAC; performs the BCO functions necessary to fulfill the mission and objectives applicable to the DoD RDT&E needs; activities include collection, analysis, synthesizing/processing, and dissemination of STI
CSIRT
Computer Security Incident Response Team
Another name for CERTs
CSIS
Center for Strategic and International Studies
CSOC
Cyber Security Operations Center
The center where an organization’s networks are monitored with advanced analytical processes to determine, confine, and destroy any cyber threats
CSP
Commercial Service Providers
An entity that supplies the system and services needed to provide back-office infrastructure for a business (internet, network, and communications service providers)
CSS
Central Security Service
Service that promotes full partnership between the NSA and the cryptologic elements of the U.S. armed forces; provides timely and accurate cryptologic support, knowledge, and assistance to the military cryptologic community; (NSA and CSS are combined)
CTI
Cyber Threat Indicator
Defined in CISA as “information that is necessary to describe or identify” any “attribute of a cyber security threat” so long as disclosure of the underlying attribute is not otherwise legally prohibited. This includes information about malicious reconnaissance patterns, methods for defeating security controls, security vulnerabilities, and the actual or potential harm caused by an incident. However, something that “describe[s]” an “attribute” of a “threat” could be interpreted so broadly as to include personally identifiable information (PII) or the content of private online communications, that is not actually needed to detect or protect against that threat.
CTIC
CyberPoint Technology Innovation Center
Cyber UCG, CUCG
Partner of the NCCIC; is comprised of senior and staff-level representatives from federal departments and agencies, state and local governments, and private sector CI stakeholders
CybOX
Cyber Observable eXpression
Standardized outline for the specification, capture, characterization, and communication of events or stateful properties that are observable in all system and network operations; aims to provide a common structure and content type for addressing cyber observables across a wide range of use cases to improve consistency and interoperability; effort led by DHS Office of Cyber security and Communications, NCCIC, and US-CERT
DACS
Data and Analysis Center for Software
IAC chartered to collect, analyze, and disseminate information relating to the software domain; serves as an information broker that identifies resources that exist within the global community and making those resources available to the software community via their website, technical reports/journals, and a variety of services offered free of charge
