Security + Acronyms CramList

AAA

Authentication, Authorization, and Accounting (AAA): A framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services.

ACL

Access Control List (ACL): A table that tells a computer operating system which access rights each user has to a particular system object, such as a file directory or individual file.

AES

Advanced Encryption Standard (AES): A symmetric encryption algorithm widely used across the globe to secure data.

AES-256

Advanced Encryption Standards 256-bit (AES-256): A version of the AES using a 256-bit key size for encryption, providing a higher level of security.

AH

Authentication Header (AH): A part of the IPsec protocol suite that provides authentication and integrity to the data.

AI

Artificial Intelligence (AI): The simulation of human intelligence processes by machines, especially computer systems.

AIS

Automated Indicator Sharing (AIS): A system that allows the exchange of cyber threat indicators between the public and private sectors.

ALE

Annualized Loss Expectancy (ALE): A risk management concept to estimate the monetary loss that can be expected for an asset due to a risk over a year.

AP

Access Point (AP): A networking hardware device that allows other Wi-Fi devices to connect to a wired network.

API

Application Programming Interface (API): A set of functions and procedures allowing the creation of applications that access the features or data of an operating system, application, or other services.

APT

Advanced Persistent Threat (APT): A prolonged and targeted cyber attack in which an intruder gains access to a network and remains undetected for an extended period.

ARO

Annualized Rate of Occurrence (ARO): The expected frequency with which a specific event is likely to occur annually.

ARP

Address Resolution Protocol (ARP): A communication protocol used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address.

ASLR

Address Space Layout Randomization (ASLR): A computer security technique involved in preventing exploitation of memory corruption vulnerabilities.

ATT&CK;

Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK;): A knowledge base maintained by MITRE for listing and explaining cyber adversary behavior.

AUP

Acceptable Use Policy (AUP): A policy that sets out the rules and guidelines for the proper use of an organization's information technology.

AV

Antivirus (AV): Software designed to detect and destroy computer viruses.

BASH

Bourne Again Shell (BASH): A Unix shell and command language.

BCP

Business Continuity Planning (BCP): The process involved in creating a system of prevention and recovery from potential threats to a company.

BGP

Border Gateway Protocol (BGP): The protocol used to route information across the internet.

BIA

Business Impact Analysis (BIA): A process that identifies and evaluates the potential effects of natural and man-made events on business operations.

BIOS

Basic Input/Output System (BIOS): Firmware used to perform hardware initialization during the booting process and to provide runtime services for operating systems and programs.

BPA

Business Partners Agreement (BPA): A contract between parties who have agreed to share resources to undertake a specific, mutually beneficial project.

BPDU

Bridge Protocol Data Unit (BPDU): A type of network message that is transmitted by a local area network (LAN) bridge.

BYOD

Bring Your Own Device (BYOD): A policy that allows employees to bring personally owned devices to their workplace and use those devices to access company information and applications.

CA

Certificate Authority (CA): An entity that issues digital certificates for use by other parties.

CAPTCHA

Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA): A type of challenge-response test used in computing to determine whether the user is human.

CAR

Corrective Action Report (CAR): A report that outlines the corrective actions necessary to rectify a detected non-conformance.

CASB

Cloud Access Security Broker (CASB): On-premises or cloud-based security policy enforcement points placed between cloud service consumers and cloud service providers.

CBC

Cipher Block Chaining (CBC): A mode of operation for a block cipher that provides confidentiality but not message integrity.

CCMP

Counter Mode/CBC-MAC Protocol (CCMP): An encryption protocol used in Wi-Fi networks.

CCTV

Closed-circuit Television (CCTV): A TV system in which signals are not publicly distributed but are monitored, primarily for surveillance and security purposes.

CERT

Computer Emergency Response Team (CERT): An expert group that handles computer security incidents.

CFB

Cipher Feedback (CFB): A mode of operation for a block cipher.

CHAP

Challenge Handshake Authentication Protocol (CHAP): A type of authentication protocol used primarily to authenticate a user or network host to an authenticating entity.

CIA

Confidentiality, Integrity, Availability (CIA): A model designed to guide policies for information security within an organization.

CIO

Chief Information Officer (CIO): A job title commonly given to the most senior executive in an enterprise responsible for the information technology and computer systems that support enterprise goals.

CIRT

Computer Incident Response Team (CIRT): A service organization that is contacted when a security breach or other computer-related emergency occurs.

CMS

Content Management System (CMS): Software that helps users create, manage, and modify content on a website without the need for specialized technical knowledge.

COOP

Continuity of Operation Planning (COOP): A process by government agencies to ensure that critical functions continue during a wide range of emergencies, including localized acts of nature, accidents, and technological or attack-related emergencies.

COPE

Corporate Owned, Personally Enabled (COPE): A business strategy for managing mobile devices that allows employees to use corporate-owned IT devices for personal use.

CP

Contingency Planning (CP): A course of action designed to help an organization respond effectively to a significant future event or situation that may or may not happen.

CRC

Cyclical Redundancy Check (CRC): An error-detecting code commonly used in digital networks and storage devices to detect accidental changes to raw data.

CRL

Certificate Revocation List (CRL): A list of digital certificates that have been revoked by the issuing certificate authority before their scheduled expiration date and should no longer be trusted.

CSO

Chief Security Officer (CSO): A company executive responsible for the security of personnel, physical assets, and information in both physical and digital form.

CSP

Cloud Service Provider (CSP): A company that offers some component of cloud computing - typically Infrastructure as a Service (IaaS), Software as a Service (SaaS) or Platform as a Service (PaaS) - to other businesses or individuals.

CSR

Certificate Signing Request (CSR): A message sent from an applicant to a certificate authority in order to apply for a digital identity certificate.

CSRF

Cross-site Request Forgery (CSRF): A type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts.

CSU

Channel Service Unit (CSU): A device used in digital data transmission for interfacing a digital data terminal with a digital transmission medium.

CTM

Counter Mode (CTM): A mode of operation in cryptography for block ciphers.

CTO

Chief Technology Officer (CTO): An executive-level position in a company or other entity whose occupant is focused on scientific and technological issues within an organization.

CVE

Common Vulnerability Enumeration (CVE): A list of publicly disclosed cybersecurity vulnerabilities.

CVSS

Common Vulnerability Scoring System (CVSS): A free and open industry standard for assessing the severity of computer system security vulnerabilities.

CYOD

Choose Your Own Device (CYOD): A corporate policy that permits employees to choose which devices they use for work purposes.

DAC

Discretionary Access Control (DAC): A type of access control defined by the Access Control List (ACL) where access rights are assigned to users by the system (or system's administrators).

DBA

Database Administrator (DBA): A person who uses specialized software to store and organize data.

DDoS

Distributed Denial of Service (DDoS): A type of cyber-attack where multiple compromised computer systems attack a target, such as a server, website, or other network resource, and cause a denial of service for users of the targeted resource.

DEP

Data Execution Prevention (DEP): A security feature that can help prevent damage to your computer from viruses and other security threats.

DES

Digital Encryption Standard (DES): A previously dominant algorithm for the encryption of electronic data.

DHCP

Dynamic Host Configuration Protocol (DHCP): A network management protocol used on IP networks whereby a DHCP server dynamically assigns an IP address and other network configuration parameters to each device on a network.

DHE

Diffie-Hellman Ephemeral (DHE): A method of securely exchanging cryptographic keys over a public channel.

DKIM

DomainKeys Identified Mail (DKIM): An email authentication method designed to detect forged sender addresses in emails.

DLL

Dynamic Link Library (DLL): A feature of Windows and other operating systems that allows multiple software programs to share the same functionality.

DLP

Data Loss Prevention (DLP): A set of tools and processes used to ensure that sensitive data is not lost, misused, or accessed by unauthorized users.

DMARC

Domain Message Authentication Reporting and Conformance (DMARC): An email authentication protocol designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing.

DNAT

Destination Network Address Translation (DNAT): A technique for transparently changing the destination IP address of an end route packet and performing the inverse function for any replies.

DNS

Domain Name System (DNS): The phonebook of the Internet, a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network.

DoS

Denial of Service (DoS): A cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.

DPO

Data Privacy Officer (DPO): A role within a company or organization responsible for ensuring that the company complies with data protection laws.

DRP

Disaster Recovery Plan (DRP): A structured approach with policies and procedures for responding to an unplanned incident and recovering critical systems.

DSA

Digital Signature Algorithm (DSA): A standard for digital signatures.

DSL

Digital Subscriber Line (DSL): A family of technologies that provide internet access by transmitting digital data over the wires of a local telephone network.

EAP

Extensible Authentication Protocol (EAP): An authentication framework frequently used in wireless networks and Point-to-Point connections.

ECB

Electronic Code Book (ECB): A mode of operation for a block cipher, with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value.

ECC

Elliptic Curve Cryptography (ECC): An approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields.

ECDHE

Elliptic Curve Diffie-Hellman Ephemeral (ECDHE): A variant of the Diffie-Hellman algorithm that uses elliptic curve cryptography.

ECDSA

Elliptic Curve Digital Signature Algorithm (ECDSA): A cryptographic algorithm used by Bitcoin to ensure that funds can only be spent by their rightful owners.

Endpoint Detection and Response (EDR)

A cybersecurity technology that addresses the need for continuous monitoring and response to advanced threats.

Encrypted File System (EFS)

A feature of some versions of Microsoft Windows that provides filesystem-level encryption.

Enterprise Resource Planning (ERP)

Business process management software that allows an organization to use a system of integrated applications to manage the business and automate many back office functions.

Electronic Serial Number (ESN)

A unique identification number embedded by manufacturers on a microchip in wireless phones.

Encapsulated Security Payload (ESP)

A component of IPsec used for providing confidentiality, along with some authentication and integrity, to the data.

File System Access Control List (FACL)

A data structure, most often associated with Microsoft Windows and NTFS, that controls access to files and folders.

Full Disk Encryption (FDE)

Encryption at the hardware level.

File Integrity Management (FIM)

A technology that monitors and reports changes in files, often used in IT security.

Field Programmable Gate Array (FPGA)

An integrated circuit designed to be configured by a customer or a designer after manufacturing - hence 'field-programmable'.

False Rejection Rate (FRR)

In biometric security systems, the measure of the likelihood that the biometric security system will incorrectly reject an access attempt by an authorized user.

File Transfer Protocol (FTP)

A standard network protocol used for the transfer of computer files between a client and server on a computer network.

Secured File Transfer Protocol (FTPS)

An extension of FTP that adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols.

Galois Counter Mode (GCM)

A mode of operation for symmetric key cryptographic block ciphers that has been widely adopted because of its efficiency and performance.

General Data Protection Regulation (GDPR)

A regulation in EU law on data protection and privacy in the European Union and the European Economic Area.

Gnu Privacy Guard (GPG)

A free software re-implementation of the OpenPGP standard as defined by RFC4880, which allows you to encrypt and sign your data and communications.

Group Policy Object (GPO)

A feature of Windows that provides centralized management and configuration of operating systems, applications, and users' settings in an Active Directory environment.

Global Positioning System (GPS)

A satellite-based radionavigation system owned by the United States government and operated by the United States Space Force.

Graphics Processing Unit (GPU)

A specialized electronic circuit designed to rapidly manipulate and alter memory to accelerate the creation of images in a frame buffer intended for output to a display device.

Generic Routing Encapsulation (GRE)

A tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links or point-to-multipoint links over an Internet Protocol network.

High Availability (HA)

Refers to systems that are durable and likely to operate continuously without failure for a long time.

Hard Disk Drive (HDD)

A data storage device that uses magnetic storage to store and retrieve digital information using one or more rigid rapidly rotating disks coated with magnetic material.

Host-based Intrusion Detection System (HIDS)

A system that monitors important operating system files.

Host-based Intrusion Prevention System (HIPS)

An installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host.