Abbreviations Flashcards
(121 cards)
1
Q
AES
Cryptography
A
Advanced Encryption Standard
2
Q
AH
A
Authentication Header
3
Q
Wireless Technology
ATIM
A
Announcement Traffic Indication Messages
4
Q
ALE
A
Annual Loss Expectancy
SLE times ARO
SLE times ARO
5
Q
APT
A
Advanced Persistant Threat
6
Q
ARO
GRC
A
Annual rate of Occurance
number of times a loss can occur within an year
7
Q
ARP
A
Address Resolution Protocol
8
Q
C2
A
Command to Control
9
Q
CASB
A
Cloud Access Security Broker
10
Q
CCM
A
Cloud Controls Matrix
CSA CCM - Cloud Security Aliance CCM - to assess the security posture of an organisation
11
Q
CCMP
A
Cipher Block Chaining Message Authentication Code Protocol
Counter Mode Cipher Block Chaining Message Authentication Code Protocol (Counter Mode CBC-MAC Protocol) or CCM mode Protocol (CCMP)
12
Q
CER
A
Cross Error Rate
used to determine the effectiveness of a control
13
Q
CHAP
A
Challenge Handshake Authentication Protocol
14
Q
CIS-RAM
A
Center for Internet Security - Risk Assessment Method
to evaluate the overall security posture
15
Q
CRL
issued by Certificate Authority(CA)
A
Certificate Revocation List
16
Q
CSF
A
Cybersecurity Framework
NIST CSF - security policy to assess and improve the ability to prevent, detect and respond to cybersecurity attacks
17
Q
CVE
A
Common Vulnerabilities and Exposures
18
Q
CVSS
A
Common Vulnerability Scoring System
19
Q
DDoS
A
Distributed Denial of Service
20
Q
DES
A
Data Encryption Standard
21
Q
DLP
A
Data Loss Prevention
22
Q
DNS
A
Domain Name System
23
Q
EAP
A
Extensible Authentication Protocol
802.1x - allows multiple authentication methods to permit users access LAN &WLAN
24
Q
EAP-AKA
A
EAP Authentication and Key Agreement
25
EAP-EKE
EAP Encrypted Key Exchange
26
EAP-FAST
EAP Flexible Authentication via Secure Tunneling
| Cisco Proprietory - designed to replace LEAP
27
EAP-GTC
EAP Generic Token Card
28
EAP-IKEv2
EAP Internet Key Exchange v2
29
EAP-NOOB
Nible out-of-band Authentication for EAP
30
EAP-PSK
EAP Pre-Shared Key
31
EAP-SIM
EAP Subscriber Identity Module
32
EAP-TLS
EAP Transport Layer Security
33
EAP-TTLS
EAP Tunneled Transport Layer Security
34
ECDHE
Elliptic Curve Diffie-Hellman Ephemeral
35
EF
Exposure Factor
## Footnote
This is the percentage of the asset value that would be lost as a result of a threat. This is used to calculate SLE. SLE = Asset Value X EF
36
ESP
Encapsulation Security Payload
37
FAR
False Acceptance Rate
38
FRR
False Rejection Rate
39
FTPES
Explicit FTP over SSL
40
FTPS
FTP over SSL
41
GDPR
General Data Protection Regulation
## Footnote
Regulation in EU
42
GRC
Governance, risk and compliance
43
HIPAA
Health Insurence Portability & Accountability Act
44
HIPS
Host based Intrusion Prevention System
45
HMAC
Hash-based message authentication code
46
HOTP
HMAC-Based One-Time Password Algorithm
47
HPKP
HTTP Public Key Pinning
## Footnote
an obsolete Internet security mechanism delivered via an HTTP header
48
HSM
Hardware Security Module
49
HVAC
Heating, Ventilation & Air Conditioning
50
IA
Information Assurance
51
IaaS
Infrastructure as a Service
52
IAM
Identity & Access Management
53
ICMP
Internet Control Message Protocol
| Supporting protocol in the Internet protocol suite.
## Footnote
It is used by network devices, including routers, to send error messages and operational information
54
ICV
Integrity Check Value
55
IDS
Intrusion Detection System
56
IPS
Intrusion Prevention System
57
ISFW
Internal Segmentation Firewall
58
LEAP
Lightweight EAP
59
MDA
Message Digest Algorithm
| Also known as md5
## Footnote
The MD5 hashing algorithm is a one-way cryptographic function that accepts a message of any length as input and returns as output a fixed-length digest value to be used for authenticating the original message.
60
MitM
Man-in-the-Middle
61
MoU
| Done before any engagement.
Memorandum of Understanding
## Footnote
used during the priliminary discussions stage between two merging/parterning businesses
62
MTBF
Mean Time Between Failures
## Footnote
provides a measure of a system's average reliability and is measured in hours. This is used to measure for repairable assets
63
MTTF
Mean Time To Failure
## Footnote
used to measure the non-repairable assets
64
MTTR
Mean Time To Recover
## Footnote
is the average time it takes to restore a system after an outage.
65
NFC
Near Field Communication
## Footnote
NFC doesn't provide encryption, so eavesdropping and MitM attacks are possible.
66
NGFW
Next Generation Firewall
67
NIST
National Institute of Standards & Technology
68
OCSP
## Footnote
It is an Internet Protocol (IP) that certificate authorities (CAs) use to determine the status of secure sockets layer/transport layer security (SSL/TLS) certificates
Online Certificate Status Protocol
69
OIDC
## Footnote
an authenticaiton protocol
Open ID Connect
## Footnote
is an authentication protocol, providing authenticaiton for federated applications
70
OSINT
Open Source Intelligence
71
PaaS
Platform as a Service
72
PAP
## Footnote
It is a basic authenticaiton mechanism.
Password Authentication Protocol
## Footnote
an unsophisticated authentication method used as the basic authentication mechanism in HTTP. It relies on clear-text password exchange.
73
PAT
## Footnote
in layer 3
Port Address Translation
## Footnote
Similar to NAT
74
PCI-DSS
## Footnote
GRC
Payment Card Industry Data Security Standard
75
PEAP
Protected EAP
76
PFS
## Footnote
Cryptography
Perfect Forward Secrecy
77
PII
## Footnote
GRC
Personally Identifiable Information
78
POP3
PostOffice Protocol V3
79
PPP
Point-to-Point Protocol
80
PUP
Potentially Unwanted Program
81
QoS
Quality of Service
## Footnote
802.1p
82
RADIUS
Remote Authentication Dial Up
## Footnote
used primarily for network access control
83
RASP
## Footnote
Security mechanism
Runtime Application Self Protection
84
RBAC
## Footnote
Technical Control
Role Based Access Control
85
RCE
Remote Code Execution
86
RoR
Rate of Return
87
RPO
Recovery Point Objective
## Footnote
identifies a point in time that data loss is acceptable. In the event of a system failure, the company may lose some data, but the RPO is the last seven days.
88
RRset
Resource Records set
89
RSA
## Footnote
Cryptography
Rivest, Shamir, Adleman
## Footnote
Widely used, but it's no more secure
90
RTO
## Footnote
GRC
Recovery Time Objective
## Footnote
identifies the maximum time it takes to recover a system in the event of an outage. for example Eight hours to restore represent the RTO.
91
RTP
Real-time Transport Protocol
92
S/MIME
Secure Multipart Internet Message Extensions
## Footnote
to sign & encrypt mail messages using an email certificate
93
SaaS
Software as a Service
94
SECaas
Security as a Service
95
SED
## Footnote
Cryptography
Self Encrypting Drive
96
SFTP
Secure Shell FTP
97
# In Cryptography
SHA
Secure Hash Algorithm
## Footnote
SHA & salt are part of key stretching process
98
SIP
Session Initiation Protocol
99
SLE
## Footnote
GRC
Single Loss Expectancy
## Footnote
cost of any single item loss. SLE = AV X EF
100
SOAR
Security Orchestration, Automation & Response
101
SoC
System on a Chip
102
SOC
Security Operations Center
103
SRTP
Secure RTP
## Footnote
Used for Video and VOIP calls
104
SSO
Single Sign-On
105
SSRF
Server Side Request Forgery
106
SWG
Secure Web Gateway
107
TACACS+
Terminal Access Controller Access-Control System Plus
## Footnote
specifically designed for network administration of routers. TACACS+ performs authentication, authorization, and accounting functions better than RADIUS
108
TEAP
Tunnel Extensible Authentication Protocol
109
TLS
Transport Layer Security
110
TOTP
Time based One Time Password Algorithm
111
TPM
Trusted Platform Module
112
TTP
Tactics, Techniques & Procedures
113
UBA
User Behaviour Analytics
114
UTM
Unified Threat Management
115
WAP
Wireless Application Protocol
116
WAS
Web Application Security
117
XSS
Cross-Site Scripting
118
ZTNA
Zero Trust Network Access
119
PMK
## Footnote
Cryptography
Pairwise Master Key
120
BSS
Basic Service Set
121
IBSS
Independent BSS
