SEC ACRONYMS Flashcards
3DES
-Triple Data Encryption Standard
a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block.
AAA
-Authentication, authorization, and accounting
security framework that controls access to computer resources, enforces policies, and audits usage.
ABAC
-Attribute-based access control
provides access to users based on who they are rather than what they do
ACL
-Access-control list
list of permissions that dictate what a user has access to and what types of operations they are allowed to do with that access.
AD
-Active Directory
a database and set of services that connect users with the network resources they need to get their work done
AES
- Advanced Encryption Standard
symmetric block cipher chosen by the U.S. government to protect classified information
128-bit blocks
AES256
- Advanced Encryption Standard 256
virtually impenetrable symmetric encryption algorithm that uses a 256-bit key to convert your plain text or data into a cipher.
AH
-Authentication Header
provides a means to verify the source of an IP packet
AIS
-Automated Indicator Sharing
enable real-time exchange of machine-readable cyber threat indicators and defensive measures between public and private-sector organizations.
ALE
-Annualized Loss Expectancy
your yearly cost due to a risk
API
-Advanced Persistent Threat
a set of programming code that allows two programs to talk to each other
ARO
-Annualized Rate of Occurrence
The probability that a risk will occur in a particular year
ARP
-Address Resolution Protocol
protocol that maps dynamic IP addresses to permanent physical machine addresses in a local area network (LAN).
(link layer address)
ASLR
-Address Space Layout Randomization
memory-protection process for operating systems that guards against buffer-overflow attacks by randomizing the location where system executables are loaded into memory.
ASP
-Active Server Pages
enables web servers to dynamically generate webpages and create interactive web applications by using server-side scripting technology
ATT&CK
-Adversarial Tactics, Techniques,
and Common Knowledge
guideline for classifying and describing cyberattacks and intrusions.
(It was created by the Mitre Corporation and released in 2013)
AUP
-Acceptable Use Policy
practices users must agree to in order to use a network or other resource
BASH
-Bourne Again Shell
free and enhanced version of the Bourne shell distributed with Linux and GNU operating systems.
BCP
-Business Continuity Planning
establishes protocols and creates prevention and recovery systems in case of a cyber-attack or natural disaster
BGP
-Border Gateway Protocol
most effective Internet protocol that enables routing, reachability and sharing data between autonomous systems (AS) on the Internet.
BIA
-Business Impact Analysis
measures the severity of those threats and how they would affect business operations and finances
BIOS
-Basic Input/Output System
a set of computer instructions in firmware which control input and output operations.
BPA
-Business Partnership Agreement
establishes rules for two or more parties going into business together
BPDU
-Bridge Protocol Data Unit
spanning tree protocol (STP) message unit that describes the attributes of a switch port such as its MAC address, priority and cost to reach.
BPDUs enable switches that participate in a spanning tree protocol to gather information about each other.
BSSID
-Basic Service Set Identifier
the MAC (Media Access Control) physical address of the access point or wireless router that is used to connect to the WiFi.
BYOD
-Bring Your Own Device
policy that enables employees in an organization to use their personally owned devices for work-related activities.
CA
-Certificate Authority
entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate.
CAPTCHA
-Completely Automated Public Turing
Test to Tell Computers and Humans Apart
type of challenge–response test used in computing to determine whether the user is human in order to deter bot attacks and spam.
CAR
-Corrective Action Report
a report which lists the defects (or defect) which need to be rectified or corrected.
The report outlines the remedial actions necessary to rectify whatever has gone wrong or will likely go wrong as per the current situation during the project.
CASB
-Cloud Access Security Broker
on-premises or cloud-based security policy enforcement point between cloud service consumers and providers.
CBC
-Cipher Block Chaining
the plaintext of a block is combined with the ciphertext of the previous block via an exclusive or (xor) operation, and the result is encrypted.
The result is the ciphertext of that block, and will also be used in the encryption of the following block.
CBT
-Computer-based Training
a form of learning that utilizes computer technology and digital resources for delivering educational content.
CCMP
-Counter-Mode/CBC-MAC Protocol
an encryption protocol designed for Wireless LAN products that implements the standards of the IEEE 802.11i
,.. amendment to the original IEEE 802.11 standard.
CERT
-Computer Emergency Response Team
a group of information security experts responsible for the protection against, detection of and response to an organization’s cybersecurity incidents.
