Acronyms & Terms Flashcards
CRL
Certificate Revocation List
RTO
Recovery Time Objective
PBKDF2
Password-Based Key Derivation Function 2 Key stretching algorithm (combines password with a random value, AKA a salt, and hashes them to create much longer keys.) Another algorithm is Bcrypt.
WIPS
Wireless Intrusion Prevention System
ESB
Enterprise Service Bus
Implements a communication system between mutually interacting software applications in a service-oriented architecture.
BIA
Business Impact Analysis
UDDI
Universal Description Discovery and Integration
A platform-dependent, XML Protocol that includes a (XML-based) registry by which businesses worldwide can list themselves on the Internet, and a mechanism to register and locate web service applications.
RTP
Real-time Transport Protocol
A network protocol for delivering audio and video over IP networks.
QLAN
Audio over IP networking technology component of the Q-Sys audio signal processing platform from QSC Audio Products.
SLA
Service Level Agreement
Commitment between a service provider and client.
Diameter
AAA protocol proceeding RADIUS. Application layer.
LEAP
Lightweight Extensible Authentication Protocol
A proprietary wireless LAN authentication method developed by Cisco.
DAM
Database Activity Monitor
Tool to monitor, capture and record database events in near-real time and provide alerts about policy violations.
COBO
Company-Owned Business Only
SCEP
Simple Certificate Enrollment Protocol The protocol is designed to make the issuing of digital certificates as scalable as possible. The idea is that any standard network user should be able to request their digital certificate electronically and as simply as possible. These processes have usually required intensive input from network administrators, and so have not been suited to large scale deployments.
RAD
Rapid Application Development
DSA
Digital Signature Algorithm
A FIPS for digital signatures, based on the mathematical concept of modular exponentiations and the discrete logarithm problem.
OTP
One-Time Password
IA
Interoperability Agreement
Jitter
The variations in transmission latency that can cause packet loss and degraded VoIP call quality.
LUN Masking
Authorization process that makes Logical Unit Numbers available to some hosts and unavailable to others. Implemented primarily at the HBA level.
FRR
False Rejection Rate
The probability of type 1 errors (false positive) in biometrics.
VDI
Virtual Desktop Infrastructure
The process of running a user desktop inside a virtual machine that lives on a server in the datacenter.
ICS
Industrial Control System
CAN
Controller Area Network
A robust vehicle bus standard designed to allow microcontrollers and devices to communicate with each other in applications without a host computer.
CYOD
Choose Your Own Device
PIP
Policy Information Point
ISO 27001
Specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical, and technical controls involved in an organization’s information risk management process.
Includes best practices for information security management.
Sandboxing
Limits the environment in which certain code can execute. Goal is to improve security by isolating an application from:
- Outside malware
- Intruders
- System resources
- Other applications
BPA
Business Partnership Agreement
PTZ
Pan-Tilt-Zoom
A camera that is capable of remote directional and zoom control.
NTLM
New Technology LANMAN
APT
Advanced Persistent Threat
A stealthy computer network attack in which a person or group gains unauthorized access to a network and remains undetected for an extended period of time.
RFC
Request For Change
Document used for the request/creation of new requirements.
Compensating Control
Also called an alternative control, is a mechanism that is put in place to satisfy the requirement for a security measure that is deemed too difficult or impractical to implement at the present time.
VLAN Hopping
An attack. Attacker tries to send or access data that belongs to other VLANs.
SDLM
Software Development Lifecycle Methodology
Or SDM?
REST
Representational State Transfer
- A format for HTTP.
- Simple way to organize interactions between independent systems.
- REST allows you to interact with minimal overhead with clients as diverse as mobile phones and other websites.
RFP
Request For Proposal
Identifies the requirements for security.
Data Deduplication
The process of removing redundant data to improve enterprise storage utilization.
RA (2)
Request Authority
Recovery Agent
SONET
Synchronous Optical Network Technologies (Fibre)
FCoE
Fibre Channel over Ethernet -encapsulates fibre frames over Ethernet. -Allows up to 10Gbps.
SOE
Standard Operating Environment
PBX
Private Branch Exchange
A telephone exchange or telephone switching system that is installed at, and serves, a private organization a large number of internal devices.
EDR
Endpoint detection and response (EDR) platforms are a category of endpoint security tools, built to provide endpoint visibility, and are used to detect and respond to cyber threats and exploits.
IDF
Intermediate Distribution Frame
A central office or customer premises, which cross-connects the user cable media to individual line circuits and may serve as a distribution point for multipair cables from the Main Distribution Frame (MDF) or Combined Distribution Frame (CDF) to individual cables connected to equipment in areas remote from these frames.
vSCAN
Vulnerability scanner using nmap and NSR.
SP
Service Provider
WWN
World Wide Name
TACACS
Terminal Access Controller Access-Control System -Developed by Cisco. -XTACACS = Extended (extension) -TACACS+ = Newer yet separate protocol from TACACS
EAL levels
Evaluation Assurance Level
- Functionally tested
- Structurally tested
- Methodically tested and checked
- Methodically designed, tested and reviewed
- Semi-formally designed and tested
- Semi-formally verified design and tested
- Formally verified design and tested
ITSEC
Information Technology Security Evaluation Criteria
For evaluating computer security within products and systems.
Region: Europe
PCI-DSS
Payment Card Industry Data Security Standard
An information security standard for organizations that handle branded credit cards from the major card schemes.
SIEM
Security Information and Event Management
An approach to security management that combines SIM (Security Information Management) and SEM (Security Event Management) functions into one security management system.
IV
Initialization Vector
A fixed-size input to a cryptographic primitive that is typically required to be random or pseudorandom.
MDF
Main Distribution Frame
A signal distribution frame for connecting equipment (inside plant) to cables and subscriber carrier equipment (outside plant).
ESA
Enterprise Security Architecture
PEAP
Protected Extensible Authentication Protocol
IAX
Inter-Asterisk eXchange Communications protocol native to the Asterisk private branch exchange (PBX) software.
ASLR
Address Space Layout Randomization (ASLR) is a computer security technique involved in preventing exploitation of memory corruption vulnerabilities. In order to prevent an attacker from reliably jumping to, for example, a particular exploited function in memory, ASLR randomly arranges the address space positions of key data areas of a process, including the base of the executable and the positions of the stack, heap and libraries.
SIP
Session Initiation Protocol Used mainly with IP telephony.
PFS
Perfect Forward Secrecy
A feature of specific key agreement protocols that gives assurances your session keys will not be compromised even if the private key of the server is compromised.
COPE
Corporate-Owned, Personally-Enabled A business model in which an organization provides its employees with mobile computing devices and allows the employees to use them as if they were personally-owned notebook computers, tablets or smartphones.
PAP
Password Authentication Protocol
A password-based authentication protocol used by Point to Point Protocol (PPP) to validate users.
NAC
Network Access Control Steps taken to ensure that all security standards are met prior to connecting a device to the network.
ROI / Formula
Return On Investment. Net profit / Investment
OCSP
Online Certificate Status Protocol
Used for obtaining the revocation status of an X.509 digital certificate.
SRTP
Secure Real-time Transport Protocol
INE
Inline Network Encryptor
Device/software used to encrypt data prior to transmission or as the data flow is streamed.
PDP
Policy Decision Point
A component of a policy-based access control system that makes the determination of whether or not to authorize a user’s request, based on available info (attributes) and applicable security policies.
FDE
Full Disk Encryption
CRM
Customer Relationship Management
ISMS
Information Security Management System
An information security standard which specifies a management system that is intended to bring information security under management control and gives specific requirements.
ISL
Inter-Switch Link (Cisco Protocol) Wraps Ethernet frames with VLAN Information.
XACML
eXtensible Access Control Markup Language
Standard which defines a declarative fine-grained, attribute-based access control policy language, an architecture, and a processing model describing how to evaluate access requests according to the rules defined in policies.
CASB
Cloud Access Security Broker
On-premises or cloud based software that sits between cloud service users and cloud applications, and monitors all activity and enforces security policies.
802.1q
AKA Dot1q. Networking standard that supports VLANs on an IEEE 802.3 Ethernet network.
SDN
Software Defined Networking
An approach to cloud computing that facilitates net management and enables programmatically efficient net configuration in order to improve net performance and monitoring.
3 parts to SDN architecture: Control, Data, and Management Planes.
2 APIs: Northbound connects application layer to control layer.
Southbound connects control later to infrastructure layer.
SWT
Simple Web Token
TSIG
Transaction Signature Interoperability Group
Key Escrow
The backup and storage of certificates by a third party.
GLBA
Gramm-Leach-Bliley Act aka Financial Services Modernization Act of 1999.
ORB
Object Request Broker
A middleware which allows program calls to be made from one computer to another via a computer network, providing transparency through remote procedure calls.
CISO
Chief Information Security Officer
ROT 3 Cipher
Caesar “Rotation” cipher.
IC3
Internet Crime Complaint Center
(FBI/Internet Crime Center)
JSON
JavaScript Object Notation
PKCS
Public Key Cryptography Standards
Designed and published by RSA Security LLC.
TCO
Total Cost of Ownership
Goes beyond considering just acquisition costs.
WAC
Web Access Control
SCP
Secure Copy Protocol
(Linux, based on SSH)
VNC
Virtual Network Computing
A graphical desktop sharing system that uses the Remote Frame Buffer (RFB) Protocol to remotely control another computer.
MSS
Managed Security Service
Net security services outsourced to a service provider (MSSP).
FAR
False Acceptance Rate
The probability of type 2 errors (false negative) in biometrics.
MDM
Mobile Device Management
Bell-LaPadula Model
State machine model used for enforcing access control in government and military applications. A formal state transition system of computer security policy that describes a set of access control rules which use security labels on objects and clearance for subjects.
Confidentiality-based
AJAX
Asynchronous JAVA and XML
Technique for creating better, faster and more interactive web applications with the help of XML, HTML, CSS, and Java Script.
DSCP
Differentiated Services Code Point aka DiffServ Computer networking architecture that specifies a simple and scalable mechanism for classifying and managing network traffic and providing QoS on modern IP networks.
AH
Authentication Header
IPSEC protocol which provides a mechanism for authentication only. Provides data integrity, data origin authentication, and an optional replay protection service.
eGRC
Electronic Government Regulatory and Compliance
KPI
Key Performance Indicator
A type of performance measurement. KPIs evaluate the success of an organization or of a particular activity (such as projects, programs, products and other initiatives) in which it engages.
OVAL
Open Vulnerability Assessment Language
An international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services.
PSP
Provisioning Service Point
Also called SPML Server or simple “provider”, this software component takes the request from the client, processes it, and returns it with a (SPML) response.
SOX
Sarbanes-Oxley Act
AKA: Public Company Accounting Reform and Investor Protection Act.
WSDL
Web Services Description Language
MOU
Memo of Understanding
Agreement between two (bilateral) or more (multilateral) parties. Specifies the maximum amount of outage time.
NOS
Network Operating System
ERP
Enterprise resource planning (ERP) is the integrated management of core business processes, often in real-time and mediated by software and technology.
WIDS
Wireless Intrusion Detection System
KRI
Key Risk Indicator
A measure used in management to indicate how risky an activity is. Key risk indicators are metrics used by organizations to provide an early signal of increasing risk exposures in various areas of the enterprise.
SOA (2)
Start of Authority
Service-Oriented Architecture
SAS70
Statement on Auditing Standards No. 70
An authoritative auditing standard developed by the American Institute of Certified Public Accounts (AICPA).
DOM
Document Object Model
A cross-platform and language-independent API that treats an HTML, XHTML, or XML document as a tree structure wherein each node is an object representing a part of the document.
SDL
Security Development Lifecycle
A software development process used and proposed by Microsoft to reduce software maintenance costs and increase reliability of software concerning software security related bugs.
WAF
Web Application Firewall
SOAP
Simple Object Access Protocol
A messaging protocol specification for exchanging structured information in the implementation of web services in computer networks.
HSM
Hardware Security Module
A physical computing device that safeguards and manages digital keys for strong authentication and provides cryptoprocessing.
LUN (2)
Logical Unit Number
Link Uninhibit (SS7)
SPIT
Spam over Internet Telephony
TKIP
Temporal Key Integrity Protocol
Biba Model
A formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity. Uses the following: “This property states that an object at one level of integrity is not permitted to write to an object of higher integrity.”
JWT
JSON Web Token
DLP
Data Loss Prevention
A strategy for making sure that end users do not send sensitive or critical information outside the corporate network.
ECC
Elliptical Curve Cryptography
TOS
Type of Service
SIP
Session Initiation Protocol
A signaling protocol used for initiating, maintaining, and terminating real-time sessions that include voice, video, and messaging applications.
SRTM
Software Requirements Traceability Matrix
A grid that allows documentation and easy viewing of what is required for a system’s security. Necessary for technical projects that call for security to be included.
NDP
Neighbor Discovery Protocol
Protol that replaced ARP in IPv6.
MTD
Maximum Tolerable Downtime
DEP
Data Execution Prevention
A Windows security feature that monitors programs to ensure they use system memory safely and closes them when they don’t. This guards against security threats attempting to execute code from system memory.
SOC
Security Operations Center
PST
Provisioning Service Target
IDM
Identity Management
WAYF
Where Are You From
A service that guides a user to his or her identity provider.
HMAC
Hashed Message Authentication Code
A specific type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key.
KDC
Key Distribution Center
LDAP
Lightweight Directory Access Protocol
An open, vendor-neutral industry standard application protocol for accessing and maintaining distributed directory information services over an IP network.
RFQ
Request For Quote
DPI
Deep Packet Inspection
A form of packet filtering that examines the data part (and possibly the header) of a packet as it passes an inspection point.
SOCKS
SocketSecure
Circuit proxy server with commercial freeware implementation.
Protocol that is intended to act as a circuit level proxy for applications.
Layer 5 of OSI model.
Can act as VPN if encryption is supported.
Port 180.
IAVA
Information Assurance Vulnerability Alert
OLA
Operating Level Agreement
TCSEC
Trusted Computer System Evaluation Criteria
US DoD standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.
Region: USA
CSRF
Cross-Site Request Forgery
An attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated.
SPML
Service Provisioning Markup Language
An OASIS-approved standard intended to provide an CML framework for managing the provisioning and allocation of identity information and system resources within and between organizations.
Kerberos
A computer network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.
“Customers will have delegated access to multiple digital services.”
HBA (2)
Host Bus Adapter: Connects a computer to other network and storage devices.
Host-Based Authentication
RBAC
Rule/Role-Based Access Control
RPO
Recovery Point Objective
FERPA
Family Educational Rights and Privacy Act
Federal law that protects the privacy of student educational records.
TOTP
Time-based One Time Password
FIM
File Integrity Monitoring
CIA (2)
Cryptographic Information Application
Confidentiality, Integrity, Availability
POCE
Personally Owned Corporate Enabled
PEP
Policy Enforcement Point
RC4
Rivest Cipher 4 The only widely used stream cipher. Known to be insecure.
EICAR Test File
European Institute for Computer Antivirus Research file to test virus detection software.
SAML
Security Assertions Markup Language
An XML standard for exchanging authentication and authorization data between security domains—between an identity provider and a service provider.
“Authentication to cloud-based corporate portals will feature single sign-on.”
ELA
Enterprise License Agreement
KPI
Key Performance Indicator
DKIM
DomainKeys Identified Mail
An email authentication method designed to detect forged sender addresses in emails.
CERT
Computer Emergency Response Team
ESP
Encapsulating Security Payload
IPSEC protocol. Provides data confidentiality (encryption) and authentication (data integrity, data origin authentication, and replay protection).
Block Ciphers
DES (64bits), 3DES, IDEA, RC5, AES (aka Rijndael) Blowfish, CAST, SAFER Stronger than stream ciphers. Encrypts in fixed-length “blocks”.
Pivoting
A method used by penetration testers that uses the compromised system to attack other systems on the same network to avoid restrictions such as firewall configurations, which may prohibit direct access to all machines.
SCSI
Small Computer System Interface A set of standards for physically connecting and transferring data between computers and peripheral devices.
Helix
A forensics and incident response live CD based on Knoppix distribution.
NGFW
NextGen FireWall
Packet filtering, NAT/PAT, stateful inspection, VPN support.
NIST
National Institute of Standards and Technology
A physical sciences laboratory, and non-regulatory agency of the US Department of Commerce. It’s mission is to promote innovation and industrial competitiveness.
Responsible for the creation of lists of known vulnerabilities in OSs.
NLA
Network Level Authentication
SSDLC
Security System Development Life Cycle
BCP
Business Continuity Planning
CIRT
Computer Incident Response Team
SSO
Single Sign-On
MTBF
Mean Time Between Failures
XSS
Cross-Site Scripting Vulnerability/attack. AKA “Confused Deputy Attack”
SPIM
Spam over Internet Message
CredSSP
Credential Security Support Provider (Protocol)
An authentication provider that processes authentication requests for other applications.
MSA
Master Service Agreement
Contract reached between parties, in which the parties agree to most of the terms that will govern future transactions or future agreements.
MTTR
Mean Time To Recovery
NX/XN Bit
The NX bit (no-execute) is a technology used in CPUs to segregate areas of memory for use by either storage of processor instructions (code) or for storage of data, a feature normally only found in Harvard architecture processors. However, the NX bit is being increasingly used in conventional von Neumann architecture processors, for security reasons. (XN = execute never)
XSRF
Cross-Site Request Forgery
IKE
Internet Key Exchange
Protocol used to set up a Security Association (SA) in the IPSec protocol suite.
MAC (2)
Mandatory Access Control (deals with classification)
Message Authentication Code
UAT
User Acceptance Testing
EV
Extended Validation (certificate)
GRC
Governance, Risk, and Compliance.
A company’s coordinated strategy for managing the broad issues of corporate governance, enterprise risk management (ERM) and corporate compliance with regard to regulatory requirements.
L2TP
Layer 2 Tunneling Protocol
Used to support VPNs or as part of the delivery of services by ISPs.
ACM
Access Control Matrix
The table structure of an ACL.
Side Loading
A term similar to “upload” and “download”, but in reference to the process of transferring between two local devices, in particular between a computer and a mobile device.
DAC
Discretionary Access Control
A type of Access Control used as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong.
SCADA
Supervisory Control and Data Acquisition A control system architecture that uses computers, networked data communications and GUIs for high-level process supervisory management.
oAuth
An open standard for access delegation, commonly used as a way for internet users to grant websites or apps access to their info on other websites but without giving them the passwords. (Amazon, google, IG, FB, etc)
“Where users are attached to the corporate network, SSO will be utilized.”
PSK
Pre-Shared Key
SAFER
Secure And Fast Encryption Routine Family of block ciphers.
IDP
Identity Provider
CIFS
Common Internet File System
A network file system protocol used for providing shared access to files and printers between machines on the network.
ISA
Interconnection Security Agreement
KRI
Key Result Indicator
CCMP
Counter-Mode / CBC (Cipher Block Chaining)-MAC (Message Authentication Code) Protocol
An encryption protocol designed for WLAN products that implements the standards of the IEEE 802.11i amendment to the original IEEE 802.11 standard.
