Acronyms

Question 1

16 CI infrastructure

Answer 1

16 critical infrastructure sectors

Question 2

ACFCS

Answer 2

Association of Certified Financial Crime Specialists

Worldwide organization for private and public sector professionals working in financial crime disciplines; information sharing network for financial crime intelligence; offers member training products and service; awards CFCS certification to qualified candidates

Question 3

Active defense

Answer 3

Includes attribution (finding out who is attacking and how), prevention (stopping attacks before they go too far), and retribution (“hacking back”) to defend systems

Question 4

AFME

Answer 4

Association for Financial Markets in Europe

Trade group representing global European banks and other significant capital market players. Advocate on behalf of European banks for constructive EU policy development

Question 5

APT

Answer 5

Advanced Persistent Attack

A series of cyber attacks targeting a specific entity

Question 6

APWG

Answer 6

Anti-Phishing Working Group

Question 7

BoE

Answer 7

Central bank of the U.K.

Manages the nation’s currency and financial system

Mission to maintain financial and monetary stability

Question 8

C3

Answer 8

Critical infrastructure Cyber Community

Pronounced C-cubed

US-CERT’s voluntary program to assist the enhancement of critical infrastructure cyber security and promote the adoption of NIST Cybersecurity framework

Question 9

CARMA

Answer 9

Cyber security Assessment and Risk Management Approach

Provide an outline of sector-wide risks for different categories of cyber critical infrastructure to help the owners/operators assess, prioritize, and manage cyber risks

Question 10

CAT (FFIEC)

Answer 10

Cybersecurity Assessment Tool

Question 11

CBEST

Answer 11

Intelligence led penetration testing methodology/process; firmly encouraged by the UK regulators (BoE/PRA) for all critical UK financial institutions to perform this testing process to assess potential vulnerabilities in their systems

Question 12

CDT

Answer 12

Center for Democracy and Technology

Team of experts with deep knowledge of issues pertaining to the Internet, privacy, security, technology, and intellectual property; team members come from academia, private enterprise, government, and the non-profit worlds to translate complex policy into action; advocate for laws, corporate policies, and technology tools that protect the privacy of Internet users, and place stronger legal controls on government surveillance

Question 13

CEH

Answer 13

Certified Ethical Hacker (or Hacking)

A skilled professional who knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of the target system(s). The CEH credential offered by the EC-Council certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective.

Question 14

CERT

Answer 14

Computer Emergency Response Team

Expert groups that handle computer security incidents; there are many different CERTs (ex: for different countries) that operate independently but may coordinate on certain security incidents; also called CSIRTs

Question 15

CFCS certification

Answer 15

Certified Financial Crime Specialist certification

Awarded by the ACFCS to professionals in the financial crime field who pass an exam

Question 16

CFPB

Answer 16

Consumer Financial Protection Bureau

Organization established by Congress to protect consumers by carrying out federal consumer financial laws; they write rules, supervise companies, and enforce federal consumer financial protection laws

Question 17

Chamber of Commerce

Answer 17

World’s largest business organization for US businesses; advocates for US business and the growth of the economy; develop and implement policies on major issues affecting business

Question 18

CI

Answer 18

Critical Infrastructure

The assets, systems, and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof; there are 16 CI Industry Sectors

Question 19

CIA

Answer 19

Central Intelligence Agency

Civilian foreign intelligence agency of the USG tasked with gathering, processing, and analyzing national security information from around the world; reports to the DNI

Question 20

CIIA

Answer 20

Critical Infrastructure Information Act of 2002

Enacted as part of the Homeland Security Act of 2002; created a framework that enables members of the private sector and others to voluntarily submit sensitive information regarding the Nation’s CIKR to DHS with the assurance that the information, if it satisfies certain requirements, will be protected from public disclosure

Question 21

CIIP

Answer 21

Critical Information Infrastructure Protection

Term used in the EU to describe initiatives for the protection and resilience of CI; ENISA has a CIIP and Resilience Unit, which is responsible for assisting national EU agencies and private sector organizations develop strong, proactive strategies for protection, response, and recovery from cyber security attacks

Question 22

CIKR

Answer 22

Critical Infrastructure and Key Resources

refers to the assets of the US essential to the nation’s security, public health and safety, economic vitality, and way of life.

Question 23

CINS

Answer 23

Critical Infrastructure Notification System

FS-ISAC’s notification system, which allows FS-ISAC to send cyber threat alerts to multiple recipients around the globe near-simultaneously

Question 24

CIP

Answer 24

Critical Infrastructure Protection

A concept that relates to the preparedness and response to serious incidents involving national critical infrastructure

Question 25

CIPAC

Answer 25

Critical Infrastructure Partnerships Advisory Council

DHS council to facilitate interaction between government entities and CI owners/operators

Question 26

CISA

Answer 26

Cyber security Information Sharing Act of 2015

The reincarnation of CISPA; was passed by the Senate Intelligence Committee; was designed to encourage the sharing of data between private companies and the government to prevent and respond to cyber threats; still privacy concerns working against the bill (people believe it is a surveillance bill in disguise because it would allow for the sharing of personal data that goes beyond cyber security threats)

Question 27

CISCP

Answer 27

Critical Infrastructure Cyber Information Sharing & Collaboration Program

Run by DHS; information sharing and collaboration between DHS and its critical infrastructure partners; CISCP shares near-real-time threat incident, and vulnerability information; key focus is to establish a community of trust between the Federal Government and critical infrastructure entities and to leverage those relationships to better understand cyber threats and improve the network defense of the entire community

Question 28

CISO

Answer 28

Chief Information Security Officer

The senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are protected

Question 29

CISPA

Answer 29

Cyber Intelligence Sharing and Protection Act

A proposed amendment to the National Security Act of 1947; would allow for the sharing of Internet traffic information between the US government and technology and manufacturing companies; the stated aim of the bill is to help the US government investigate cyber threats and ensure the security of networks against cyber attacks; however, there are concerns about privacy and civil liberties surrounding CISPA; was never passed

Question 30

CISSP

Answer 30

Certified Information Systems Security Professional

You can earn this professional certification through ISC2

Question 31

CNDA

Answer 31

Certified Network Defense Architect

Similar to CEH, but for government agencies only (certification offered by UC-Council)

Question 32

CNI

Answer 32

Critical National Infrastructure

Same thing as CI (Critial Infrastructure)

Question 33

CNO

Answer 33

Computer Network Operations

Deliberate actions taken to leverage and optimize computer networks to improve human endeavor and enterprise (in private sector organizations, for example) or, in warfare, to gain information superiority and deny the enemy this enabling capability; the NSA enables CNOs to give the U.S. and out allies an advantage over potential threats

Question 34

ConOps

Answer 34

Concept of Operations

A` document describing the characteristics of a proposed system from the viewpoint of an individual who will use that system, used to describe the system to all stakeholders

Question 35

CPMI

Answer 35

Committee on Payments and Market Infrastructures

Promotes the safety and efficiency of payment, clearing, settlement and related arrangements, thereby supporting financial stability and the wider economy; monitors and analyses developments in these arrangements; serves as a forum for central bank cooperation in related oversight, policy and operational matters, including the provision of central bank services; sets standards that aim to strengthen regulation, policy, and practices regarding such arrangements worldwide

Question 36

CPNI

Answer 36

Centre for the Protection of National Infrastructure

UL authority; provides expert security advice to CI owners and operators; involved in R&D; have relationships with both private and public sector partners

Question 37

CRADA

Answer 37

Cooperative Research and Development Agreement

An agreement between a government agency and a private company or university to work together on research and development (example: JPMC signed a CRADA with the IOW to share cyber security and threat information)

Question 38

CRR

Answer 38

Cyber Resilience Reviews

Reviews that measure the cyber security capabilities of an organization using CSET and CARMA; run by DHS’s CSEP

Question 39

CS&C

Answer 39

Office of Cybersecurity and Communications

DHS office within the NPPD; works to prevent or minimize disruptions to critical information infrastructure in order to protect the public, the economy, and government services; works to protect the .gov and .com domains; is the SSA for the Communications and IT sectors; reports consistent with the NRF

Question 40

CSA

Answer 40

Cyber Security Alliance

Partnership of companies where members collaborate on customer-focused solutions, experiments, and end-to-end systems integration pilot programs to help provide early threat detection, protection, and multi-layer self-healing capabilities to solve customers’ difficult problems and meet future challenges; run by Lockheed Martin

Question 41

CSA SG

Answer 41

Cyber Security Agency Singapore

Government agency that develops and oversees the nation’s cyber security strategy; mission to protect critical infrastructure; promotes cyber security awareness through public outreach

Question 42

CSEP

Answer 42

Cyber Security Evaluation Program

The DHS program that performs CRRs

Question 43

CSET

Answer 43

Cyber Security Evaluation Tool

Systematic and repeatable evaluation process used in CRRs to assess the posture of ICS networks

Question 44

CSIAC

Answer 44

Cyber Security & Information Systems Information Analysis Center

A DoD IAC sponsored by the DACS, IATAC, and MSIAC; performs the BCO functions necessary to fulfill the mission and objectives applicable to the DoD RDT&E needs; activities include collection, analysis, synthesizing/processing, and dissemination of STI

Question 45

CSIRT

Answer 45

Computer Security Incident Response Team

Another name for CERTs

Question 46

CSIS

Answer 46

Center for Strategic and International Studies

Question 47

CSOC

Answer 47

Cyber Security Operations Center

The center where an organization’s networks are monitored with advanced analytical processes to determine, confine, and destroy any cyber threats

Question 48

CSP

Answer 48

Commercial Service Providers

An entity that supplies the system and services needed to provide back-office infrastructure for a business (internet, network, and communications service providers)

Question 49

CSS

Answer 49

Central Security Service

Service that promotes full partnership between the NSA and the cryptologic elements of the U.S. armed forces; provides timely and accurate cryptologic support, knowledge, and assistance to the military cryptologic community; (NSA and CSS are combined)

Question 50

CTI

Answer 50

Cyber Threat Indicator

Defined in CISA as “information that is necessary to describe or identify” any “attribute of a cyber security threat” so long as disclosure of the underlying attribute is not otherwise legally prohibited. This includes information about malicious reconnaissance patterns, methods for defeating security controls, security vulnerabilities, and the actual or potential harm caused by an incident. However, something that “describe[s]” an “attribute” of a “threat” could be interpreted so broadly as to include personally identifiable information (PII) or the content of private online communications, that is not actually needed to detect or protect against that threat.

Question 51

CTIC

Answer 51

CyberPoint Technology Innovation Center

Question 52

Cyber UCG, CUCG

Answer 52

Partner of the NCCIC; is comprised of senior and staff-level representatives from federal departments and agencies, state and local governments, and private sector CI stakeholders

Question 53

CybOX

Answer 53

Cyber Observable eXpression

Standardized outline for the specification, capture, characterization, and communication of events or stateful properties that are observable in all system and network operations; aims to provide a common structure and content type for addressing cyber observables across a wide range of use cases to improve consistency and interoperability; effort led by DHS Office of Cyber security and Communications, NCCIC, and US-CERT

Question 54

DACS

Answer 54

Data and Analysis Center for Software

IAC chartered to collect, analyze, and disseminate information relating to the software domain; serves as an information broker that identifies resources that exist within the global community and making those resources available to the software community via their website, technical reports/journals, and a variety of services offered free of charge