Note
Studied by 18 peopleSec+ Acronyms
A
AAA (Authentication, Authorization, and Accounting) โ A security framework that controls access to resources, verifies identity, and logs activity.
ACL (Access Control List) โ A list of rules that define permissions for accessing network resources.
AES (Advanced Encryption Standard) โ A symmetric encryption algorithm widely used for secure data encryption.
AH (Authentication Header) โ A component of IPSec that ensures integrity and authenticity of packets.
APT (Advanced Persistent Threat) โ A prolonged cyberattack where an attacker gains undetected access to a network.
ARP (Address Resolution Protocol) โ A protocol that maps IP addresses to MAC addresses.
ASLR (Address Space Layout Randomization) โ A security technique that randomizes memory addresses to prevent exploitation.
B
BCP (Business Continuity Planning) โ A strategy for maintaining operations during disruptions.
BIA (Business Impact Analysis) โ Identifies critical business functions and potential impacts of disruptions.
BIOS (Basic Input/Output System) โ Firmware that initializes hardware before the OS loads.
BYOD (Bring Your Own Device) โ A policy allowing employees to use personal devices at work.
C
CAC (Common Access Card) โ A smart card used for authentication in government networks.
CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) โ A test to differentiate humans from bots.
CBC (Cipher Block Chaining) โ A mode of encryption that uses the previous ciphertext block for encryption.
CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) โ A security protocol used in WPA2 for wireless encryption.
CCTV (Closed-Circuit Television) โ A video surveillance system used for security monitoring.
CHAP (Challenge Handshake Authentication Protocol) โ A protocol that verifies user identity through challenge-response authentication.
CIA (Confidentiality, Integrity, Availability) โ The core principles of cybersecurity.
CIRT (Computer Incident Response Team) โ A team that responds to security incidents.
CISO (Chief Information Security Officer) โ An executive responsible for an organizationโs security strategy.
CSRF (Cross-Site Request Forgery) โ A web attack where an attacker tricks a user into making unauthorized requests.
CSP (Cloud Service Provider) โ A company that offers cloud-based services like storage, computing, and networking.
CSR (Certificate Signing Request) โ A request sent to a certificate authority to obtain a digital certificate.
CTF (Capture The Flag) โ A cybersecurity competition that challenges participants to solve security-related tasks.
CVSS (Common Vulnerability Scoring System) โ A standardized system for assessing the severity of security vulnerabilities.
D
DAC (Discretionary Access Control) โ A security model where owners set access permissions.
DDoS (Distributed Denial of Service) โ An attack that overwhelms a system with traffic.
DEP (Data Execution Prevention) โ A security feature that prevents code execution in certain memory areas.
DES (Data Encryption Standard) โ An outdated encryption algorithm replaced by AES.
DHCP (Dynamic Host Configuration Protocol) โ Assigns IP addresses to devices on a network.
DLP (Data Loss Prevention) โ A strategy to prevent unauthorized data transfers.
DMZ (Demilitarized Zone) โ A network segment that isolates public-facing services from an internal network.
DNS (Domain Name System) โ Translates domain names into IP addresses.
DoS (Denial of Service) โ An attack that disrupts system availability.
DRP (Disaster Recovery Plan) โ A plan to restore IT systems after a disaster.
DSA (Digital Signature Algorithm) โ A cryptographic algorithm used for digital signatures.
DSS (Digital Signature Standard) โ A federal standard for digital signatures.
This is just the first partโlet me know if you want me to continue with the rest or format it differently! ๐ฅ
4o
You said:
keep going
ChatGPT said:
Gotcha! Here's the rest of the definitions:
E
EAP (Extensible Authentication Protocol) โ A framework that supports various authentication methods like passwords, biometrics, and certificates.
EDR (Endpoint Detection and Response) โ A security solution focused on detecting and responding to threats on devices like computers and smartphones.
EFS (Encrypting File System) โ A Windows feature for encrypting files on a computer.
EMS (Enterprise Mobility Suite) โ A suite of tools for managing mobile devices, apps, and data in an enterprise environment.
ERP (Enterprise Resource Planning) โ Software used to manage and automate core business processes.
F
FAR (False Acceptance Rate) โ The rate at which unauthorized users are incorrectly granted access in biometric systems.
FDE (Full Disk Encryption) โ The process of encrypting an entire disk to protect data at rest.
FIM (File Integrity Monitoring) โ A security process that checks for unauthorized changes to files.
FTP (File Transfer Protocol) โ A protocol for transferring files over a network.
G
GPO (Group Policy Object) โ A feature in Windows that defines user and computer configurations.
GPS (Global Positioning System) โ A satellite-based navigation system.
GRC (Governance, Risk, and Compliance) โ A framework for managing governance, risk, and compliance requirements in an organization.
H
HIDS (Host-Based Intrusion Detection System) โ A security system that monitors and analyzes the activity of a single host to detect suspicious behavior.
HMAC (Hash-Based Message Authentication Code) โ A mechanism for ensuring the integrity and authenticity of a message using a cryptographic hash function.
HOTP (HMAC-based One-Time Password) โ A one-time password algorithm based on HMAC.
HTTPS (Hypertext Transfer Protocol Secure) โ A secure version of HTTP that uses encryption (SSL/TLS) to protect data exchanged between a web server and client.
I
IAM (Identity and Access Management) โ A framework for managing digital identities and controlling access to resources.
ICMP (Internet Control Message Protocol) โ A protocol used for sending control messages, such as error reports and diagnostics, over an IP network.
IDS (Intrusion Detection System) โ A system that monitors network traffic for signs of malicious activity.
IEC (International Electrotechnical Commission) โ An international organization that develops standards for electrical, electronic, and related technologies.
IKE (Internet Key Exchange) โ A protocol used to set up a security association (SA) in the IPSec protocol suite.
IoT (Internet of Things) โ A network of physical devices that communicate and exchange data with each other over the internet.
IPSec (Internet Protocol Security) โ A suite of protocols used to secure network traffic through encryption and authentication.
IPv4 (Internet Protocol version 4) โ The fourth version of IP, widely used for assigning IP addresses.
IPv6 (Internet Protocol version 6) โ The latest version of IP that uses a larger address space than IPv4.
J
JIT (Just In Time) โ A software development and manufacturing approach that minimizes inventory and delays by producing items only when they are needed.
JWT (JSON Web Token) โ A compact, URL-safe token used to securely transmit information between parties as a JSON object.
K
KDC (Key Distribution Center) โ A server that manages keys for secure communication in Kerberos authentication.
KPI (Key Performance Indicator) โ A measurable value used to assess the success of an organization or project.
L
LAN (Local Area Network) โ A network that connects devices within a limited area, such as a home or office.
LDAP (Lightweight Directory Access Protocol) โ A protocol used to access and manage directory services, such as contact information in an organization.
LFI (Local File Inclusion) โ A vulnerability that allows attackers to include files from the local server on a website, leading to potential code execution.
LKM (Loadable Kernel Module) โ A piece of code that can be loaded into the kernel to add functionality to an operating system.
LOLBINs (Living Off the Land Binaries) โ Legitimate tools or software used maliciously for an attack.
M
MAC (Media Access Control / Mandatory Access Control) โ
Media Access Control: A unique identifier for network interfaces.
Mandatory Access Control: A security model that restricts access to resources based on predefined policies.
MD5 (Message Digest 5) โ A widely used cryptographic hash function, though considered insecure due to vulnerability to collisions.
MITM (Man In The Middle) โ An attack where an attacker intercepts and potentially alters communications between two parties.
MSSP (Managed Security Services Provider) โ A company that provides outsourced monitoring and management of security systems.
MFA (Multi-Factor Authentication) โ A security process where users provide two or more verification factors to gain access to a resource.
MPLS (Multi-Protocol Label Switching) โ A method for routing data in high-performance networks using labels instead of traditional IP routing.
N
NAC (Network Access Control) โ A security approach that regulates access to a network based on predefined policies.
NAT (Network Address Translation) โ A method used to modify IP address information in packet headers for routing purposes.
NIDS (Network Intrusion Detection System) โ A system that monitors network traffic for signs of malicious activity.
NIST (National Institute of Standards and Technology) โ A federal agency that develops standards and guidelines for cybersecurity.
NTFS (New Technology File System) โ A file system used by Windows operating systems to manage files on a disk.
Thatโs all the way through "N." You want me to keep going from "O" forward, or is this good for now?
4o mini
You said:
go to z
ChatGPT said:
Alright, hereโs the rest of the list, all the way to Z:
O
OAuth (Open Authorization) โ An open standard for access delegation that allows users to grant third-party applications access to their resources without sharing passwords.
OCSP (Online Certificate Status Protocol) โ A protocol used to check the revocation status of an X.509 digital certificate in real-time.
OSINT (Open Source Intelligence) โ Intelligence gathered from publicly available sources, such as websites, social media, and public records.
OTP (One-Time Password) โ A password that is valid for only one login session or transaction, used for secure authentication.
P
P2P (Peer-to-Peer) โ A decentralized network model where each participant (peer) acts as both a client and server.
PBKDF2 (Password-Based Key Derivation Function 2) โ A cryptographic algorithm used to derive secure keys from a password, commonly used for password hashing.
PCI-DSS (Payment Card Industry Data Security Standard) โ A set of security standards designed to ensure that organizations handling card payments protect cardholder data.
PEAP (Protected Extensible Authentication Protocol) โ A secure method of authenticating wireless clients that encapsulates EAP within a TLS tunnel.
PKI (Public Key Infrastructure) โ A framework for managing digital keys and certificates for secure communications.
PIV (Personal Identity Verification) โ A federal government ID card used for identity verification and access control.
PoLP (Principle of Least Privilege) โ A security concept that ensures users and systems are only granted the minimum permissions necessary for their tasks.
PT (Penetration Testing) โ The practice of testing a system's security by simulating attacks to identify vulnerabilities.
PSA (Public Service Announcement) โ A message issued to inform the public about important matters.
PTA (Privacy Threshold Assessment) โ A process used to determine whether a system or project collects or uses personal data that requires protection.
Q
QoS (Quality of Service) โ A set of techniques used to manage network resources and prioritize traffic to ensure high-quality service.
R
RADIUS (Remote Authentication Dial-In User Service) โ A protocol for authentication, authorization, and accounting for remote network access.
RAID (Redundant Array of Independent Disks) โ A technology used to combine multiple disk drives into a single unit for redundancy, performance, or both.
RBAC (Role-Based Access Control) โ A model for restricting access to resources based on users' roles within an organization.
RFID (Radio Frequency Identification) โ A technology used to automatically identify and track objects using radio waves.
RPO (Recovery Point Objective) โ The maximum acceptable amount of data loss measured in time.
RTO (Recovery Time Objective) โ The maximum acceptable amount of downtime for a system or application after a disaster.
S
SAML (Security Assertion Markup Language) โ An XML-based standard used for exchanging authentication and authorization data between parties.
SCADA (Supervisory Control and Data Acquisition) โ A system used to monitor and control industrial processes, such as manufacturing and power generation.
SHA (Secure Hash Algorithm) โ A family of cryptographic hash functions designed by NIST to provide secure data hashing.
SIEM (Security Information and Event Management) โ A system that collects and analyzes security-related data from various sources to detect and respond to incidents.
SIM (Subscriber Identity Module) โ A small card used in mobile devices that stores the subscriber's identity and authentication data.
SLA (Service Level Agreement) โ A contract that defines the level of service a provider will deliver to a customer.
SOW (Statement of Work) โ A document that outlines the scope, deliverables, and timeline for a project.
MOU (Memorandum of Understanding) โ A document that outlines the terms and conditions of an agreement between parties.
MOA (Memorandum of Agreement) โ A formal document that outlines an agreement between two or more parties.
BPA (Business Partnership Agreement) โ A contract that governs the terms of a business relationship between two or more parties.
NDA (Non-Disclosure Agreement) โ A legal agreement that prevents parties from disclosing confidential information.
T
TACACS+ (Terminal Access Controller Access-Control System Plus) โ A protocol used for centralized authentication, authorization, and accounting in network access systems.
TOTP (Time-Based One-Time Password) โ A one-time password that is valid only for a short period, typically used in two-factor authentication.
TLS (Transport Layer Security) โ A cryptographic protocol used to secure communication over a computer network.
TPM (Trusted Platform Module) โ A hardware-based security feature that provides encryption and secure storage of cryptographic keys.
TTPs (Tactics, Techniques, and Procedures) โ A framework used to describe the behavior and methods of attackers in cybersecurity.
U
UEBA (User and Entity Behavior Analytics) โ A security technology that uses machine learning to detect unusual behavior patterns in users and entities.
UDP (User Datagram Protocol) โ A connectionless protocol used for transmitting data in real-time applications, such as video streaming and VoIP.
UPS (Uninterruptible Power Supply) โ A device that provides backup power to critical systems during power outages.
URL (Uniform Resource Locator) โ The address used to access resources on the internet.
V
VLAN (Virtual Local Area Network) โ A logical network created within a physical network to segment traffic for security or performance reasons.
VPN (Virtual Private Network) โ A secure network connection that allows remote access to an internal network over the internet.
VPC (Virtual Private Cloud) โ A private network within a public cloud, allowing users to isolate and secure resources.
VRRP (Virtual Router Redundancy Protocol) โ A protocol that provides high availability for routers by assigning a virtual IP address to a group of routers.
W
WAF (Web Application Firewall) โ A security system that monitors and filters HTTP traffic to and from a web application.
WAN (Wide Area Network) โ A network that covers a large geographic area, often used to connect multiple local networks.
WEP (Wired Equivalent Privacy) โ An outdated wireless security protocol for Wi-Fi networks, vulnerable to attacks.
WPA (Wi-Fi Protected Access) โ A security protocol designed to secure wireless networks, more secure than WEP.
X
XSS (Cross-Site Scripting) โ A vulnerability that allows attackers to inject malicious scripts into web pages viewed by users.
XML (Extensible Markup Language) โ A flexible text-based format used to store and transport data in a structured manner.
Z
ZTA (Zero Trust Architecture) โ A security model that assumes no device or user can be trusted by default, requiring strict verification for access to any network resource