SEC+ Acronyms

Question 1

GDPR

Answer 1

General Data Protection Regulation

Establishes personal data privacy enforcement and penalties for non-compliance and limits how an individual’s personal data can be shared. “Right to erasure.”

Question 2

PCI-DSS

Answer 2

Payment Card Industry Data Security Standard

Protects cardholder data and authentication data (storage, processing, and transmission).

Question 3

PAN

Answer 3

Primary Account Number

Question 4

CIS

Answer 4

Center for Internet Security

Non-profit that provides cyber defense guidance, best practices, advisories, alert levels, and configuration baseline guidance

Question 5

MS-ISAC

Answer 5

Multi-state information sharing and analysis center

provides historical cyber threat statistics, reports, incident response, and forensics to state and local U.S. governments.

Question 6

RMF

Answer 6

NIST Risk Management Framework

Overall framework for the U.S. federal government to manage organizational risk throughout the system development life cycle; focuses on security control selection, deployment, and auditing using a six-step model

Question 7

SSAE

Answer 7

Statement on Standards for Attestation Engagements

System and organization controls (SOC) reports examine an organization’s internal controls IRT security, availability, process integrity, confidentiality, etc. Current standard is SSAE 18.

Question 8

CSA

Answer 8

Cloud Security Alliance

International organization that researches and developers best practices for cloud computing environments

Question 9

ISO

Answer 9

International Organization for Standardization

Publishes international standards and guidelines.

Question 10

NDA

Answer 10

Non-Disclosure Agreement

Question 11

CBT

Answer 11

Computer-based training

Question 12

AUP

Answer 12

Acceptable Use Policy

Defines the conditions in which company resources may be used.

Question 13

SLA

Answer 13

Service-level Agreement

A formal definition of a service provided to or by the organization

Question 14

MSA

Answer 14

Measurements System Analysis

A method of determining the amount of variation and uncertainty that exists within a measurement process

Question 15

EOL

Answer 15

End of Life

End of support for a product

Question 16

EOSL

Answer 16

End of Service Life

Agreed-upon service is no longer offered by the service provider

Question 17

MOU

Answer 17

Memorandum of Understanding

A less formal agreement of mutual goals between two or more organizations with a focus on partitioning of responsibilities

Question 18

BPA

Answer 18

Business Partnership Agreement

Question 19

DPO

Answer 19

Data Protection Officer

Responsible for the care and protection of customer data.

Question 20

PII

Answer 20

Personally Identifiable Information

Question 21

PHI

Answer 21

Personal Health Information

Question 22

IP

Answer 22

Intellectual Property

Question 23

SLE

Answer 23

Single Loss Expectancy

how much realizing a risk costs for one occurrence

Question 24

ALE

Answer 24

Annualized Loss Expectancy

how much realizing a risk costs per year

Question 25

BCP

Answer 25

Business Continuity Planning the preventative and proactive strategic plan to mitigate disruptive incidents to business operations

Question 26

BIA

Answer 26

Business Impact Analysis Management tool that helps determine the financial impact of business or organization changes

Question 27

COOP

Answer 27

Continuity of operations plan

Question 28

RPO

Answer 28

Recovery point objective acceptable loss (how much we are willing to lose)

Question 29

RTO

Answer 29

Recovery time objective acceptable downtime (how much we can are okay being down - ie how long we’re okay being in the dark)

Question 30

MTD

Answer 30

Maximum tolerable downtime the point of no return (if we are down longer than ___, then we won’t make it — ie the maximum time we can be in the dark)

Question 31

MTBF

Answer 31

Mean time between failures anticipated time frame of operational longevity (ie how long a lightbulb will last)

Question 32

MTTR

Answer 32

Mean time to repair anticipated time frame to return to operational status (ie how long it will take to replace the lightbulb)

Question 33

“T.O.M.” | Security Control Categories

Answer 33

Technical Operational Managerial

Question 34

DRP

Answer 34

Disaster recovery plan Detailed tactical plan for responding to disasters so core essential business process can be brought back online

Question 35

ACL

Answer 35

Access Control List

Question 36

IDS

Answer 36

Intrusion Detection System

Question 37

“C.I.A.” | CIA Triad Model

Answer 37

Confidentiality Integrity Availability

Question 38

TLS

Answer 38

Transport Layer Security

Question 39

PRNG

Answer 39

Pseudo-random number generator

Question 40

IV

Answer 40

Initialization Vector Random values used in conjunction with algorithms, applied to plain text data, the key, or the cypher text before encryption is completed.

Question 41

PFS

Answer 41

Perfect Forward Secrecy Ephemeral Keys (Temporary session keys)

Question 42

LSB

Answer 42

Least Significant Bit The bit to the far right; used in stenography

Question 43

MAC | IRT Cryptography

Answer 43

Message Authentication Code Establishes message authenticity

Question 44

HMAC

Answer 44

Hashed MAC (Message Authentication Code)

Question 45

“C.3.2.B.R.A.I.D.S.”

Answer 45

Symmetric Algorithms ``` CAST-128/256 3DES 2 fish Blowfish RC4/6 AES IDEA DES, Serpent ```

Question 46

CBC

Answer 46

Cipher block chaining Cipher text from the previous block is used as the IV (initialization vector) for the next block

Question 47

GCM

Answer 47

Galois Counter Mode

Question 48

“R.E.D.”

Answer 48

Asymmetric Algorithms Rivets, Shamir, Adleman Elliptic curve cryptography Difffie-Hellman

Question 49

DH

Answer 49

Diffie-Hellman

Question 50

RSA

Answer 50

Rivets, Shamir, & Adleman

Question 51

ECC

Answer 51

Elliptic Curve Cryptography

Question 52

PKI

Answer 52

Public Key Infrastructure Framework for provisioning, storing, and de-provisioning asymmetric keys

Question 53

CTM

Answer 53

Counter Mode

Question 54

CCM

Answer 54

Counter with CBC-MAC (Cipher Block Chaining - Message Authentication Code)