© obpcnh/Shutterstock
Standard Acronyms |
APPENDIX |
ABAC attribute-based access control
ACD automatic call distributor
AES Advanced Encryption Standard
ALE annual loss expectancy
ANSI American National Standards Institute
AO authorizing official
AP access point
API application programming interface
APT advanced persistent threat
ARO annual rate of occurrence
ATM asynchronous transfer mode
AUP acceptable use policy
AV antivirus
B2B business to business
B2C business to consumer
BBB Better Business Bureau
BC business continuity
BCP business continuity plan
BGP4 Border Gateway Protocol 4 for IPv4
BIA business impact analysis
BU business unit
BYOD bring your own device
C2C consumer to consumer
CA certificate authority
CAC Common Access Card
CAN controller area network
CAN-SPAM Controlling the Assault of Non-Solicited Pornography and Marketing Act
CAP Certification and Accreditation Professional
CAUCE Coalition Against Unsolicited Commercial Email
CBA cost-benefit analysis
CBF critical business function
CBK common body of knowledge
CCC CERT Coordination Center
CCNA Cisco Certified Network Associate
CDR call-detail recording
CERT Computer Emergency Response Team
CFE Certified Fraud Examiner
C-I-A confidentiality, integrity, availability
CIPA Children’s Internet Protection Act
CIR committed information rate
CIRT computer incident response team
CISA Certified Information Systems Auditor
CISM Certified Information Security Manager
CISSP Certified Information System Security Professional
CMIP Common Management Information Protocol
CMMI Capability Maturity Model Integration
CND computer network defense
CNE computer network exploitation
COBIT Control Objectives for Information and related Technology
COPPA Children’s Online Privacy Protection Act
COS class of service
COSO Committee of Sponsoring Organizations
CPs control partners
CRC cyclic redundancy check
CSA Cloud Security Alliance
CSF critical success factor
CSI Computer Security Institute
CSP cloud service provider
CTI Computer Telephony Integration
CVE Common Vulnerabilities and Exposures
DAC discretionary access control
DBMS database management system
DCS distributed control system
DDoS distributed denial of service
DEP data execution prevention
DES Data Encryption Standard
DHCPv6 Dynamic Host Configuration Protocol v6 for IPv6
DHS Department of Homeland Security
DIA Defense Intelligence Agency
DISA direct inward system access
DLP data loss protection OR data leakage protection
DMZ demilitarized zone
DNS Domain Name Service OR Domain Name System
DoD Department of Defense
DoS denial of service
DPI deep packet inspection
DR disaster recovery
DRP disaster recovery plan
DSL digital subscriber line
DSS Digital Signature Standard
DSU data service unit
EDI Electronic Data Interchange
EIDE Enhanced IDE
ELINT electronic intelligence
EPHI electronic protected health information
EULA End-User License Agreement
FACTA Fair and Accurate Credit Transactions Act
FAR false acceptance rate
FCC Federal Communications Commission
FDIC Federal Deposit Insurance Corporation
FEP front-end processor
FERPA Family Educational Rights and Privacy Act
FIPS Federal Information Processing Standard
FISMA Federal Information Security Management Act
FRCP Federal Rules of Civil Procedure
FRR false rejection rate
FTC Federal Trade Commission
FTP File Transfer Protocol
GAAP generally accepted accounting principles
GDPR General Data Protection Regulation
GIAC Global Information Assurance Certification
GigE Gigibit Ethernet LAN
GLBA Gramm-Leach-Bliley Act
HIDS host-based intrusion detection system
HIPAA Health Insurance Portability and Accountability Act
HIPS host-based intrusion prevention system
HTML Hypertext Markup Language
HTTP Hypertext Transfer Protocol
HTTPS Hypertext Transfer Protocol Secure
HUMINT human intelligence
IA information assurance
IaaS Infrastructure as a Service
IAB Internet Activities Board
ICMP Internet Control Message Protocol
IDEA International Data Encryption Algorithm
IDPS intrusion detection and prevention system
IDS intrusion detection system
IEEE Institute of Electrical and Electronics Engineers
IETF Internet Engineering Task Force
IGP interior gateway protocol
IMINT imagery intelligence
InfoSec information security
IP intellectual property OR Internet Protocol
IPS intrusion prevention system
IPSec Internet Protocol Security
IPv4 Internet Protocol version 4
IPv6 Internet Protocol version 6
IRT incident response team
ISACA Information Systems Audit and Control Association
IS-IS intermediate system-to-intermediate system
(ISC)2 International Information System Security Certification Consortium
ISO International Organization for Standardization
ISP Internet service provider
ISS Internet systems security
ITIL Information Technology Infrastructure Library
ITRC Identity Theft Resource Center
IVR interactive voice response
L2TP Layer 2 Tunneling Protocol
LAN local area network
MAC mandatory access control
MAN metropolitan area network
MAO maximum acceptable outage
MASINT measurement and signals intelligence
MD5 Message Digest 5
modem modulator demodulator
MP-BGP Multiprotocol Border Gateway Protocol for IPv6
MPLS multiprotocol label switching
MSTI multiple spanning tree instance
MSTP Multiple Spanning Tree Protocol
NAC network access control
NAT network address translation
NFIC National Fraud Information Center
NIC network interface card
NIDS network intrusion detection system
NIPS network intrusion prevention system
NIST National Institute of Standards and Technology
NMS network management system
NOC network operations center
NSA National Security Agency
NVD national vulnerability database
OPSEC operations security
OS operating system
OSI open system interconnection
OSINT open source intelligence
OSPFv2 Open Shortest Path First v2 for IPv4
OSPFv3 Open Shortest Path First v3 for IPv6
PAA privileged-level access agreement
PaaS Platform as a Service
PBX private branch exchange
PCI Payment Card Industry
PCI DSS Payment Card Industry Data Security Standard
PGP Pretty Good Privacy
PHI protected health information
PII personally identifiable information
PIN personal identification number
PKI public key infrastructure
PLC programmable logic controller
POAM plan of action and milestones
PoE power over Ethernet
POS point-of-sale
PPTP Point-to-Point Tunneling Protocol
PSYOPs psychological operations
RA registration authority OR risk assessment
RAID redundant array of independent disks
RAT remote access Trojan OR remote access tool
RCSA risk and control self-assessment
RFC Request for Comments
RIPng Routing Information Protocol next generation for IPv6
RIPv2 Routing Information Protocol v2 for IPv4
ROI return on investment
RPO recovery point objective
RSA Rivest, Shamir, and Adleman (algorithm)
RSTP Rapid Spanning Tree Protocol
RTO recovery time objective
SA security association
SaaS Software as a Service
SAN storage area network
SANCP Security Analyst Network Connection Profiler
SANS SysAdmin, Audit, Network, Security
SAP service access point OR security awareness policy
SCADA supervisory control and data acquisition
SCSI small computer system interface
SDLC system development life cycle
SDSL symmetric digital subscriber line
SET secure electronic transaction
SGC server-gated cryptography
SHA secure hash algorithm
S-HTTP secure HTTP
SIEM Security Information and Event Management system
SIGINT signals intelligence
SIP Session Initiation Protocol
SLA service level agreement
SLE single loss expectancy
SLT senior leadership team
SMFA specific management functional area
SNMP Simple Network Management Protocol
SOX Sarbanes-Oxley Act of 2002 (also Sarbox)
SPOF single point of failure
SQL Structured Query Language
SSA Social Security Administration
SSCP Systems Security Certified Practitioner
SSID service set identifier (name assigned to a Wi-Fi network)
SSL Secure Sockets Layer
SSL-VPN Secure Sockets Layer virtual private network
SSO single system sign-on
STP shielded twisted pair OR Spanning Tree Protocol
TCP/IP Transmission Control Protocol/Internet Protocol
TCSEC Trusted Computer System Evaluation Criteria
TFA two-factor authentication
TFTP Trivial File Transfer Protocol
TGAR trunk group access restriction
TNI Trusted Network Interpretation
TPM technology protection measure OR trusted platform module
UC unified communications
UDP User Datagram Protocol
UPS uninterruptible power supply
USB universal serial bus
UTP unshielded twisted pair
VA vulnerability assessment
VBAC view-based access control
VLAN virtual local area network
VoIP Voice over Internet Protocol
VPN virtual private network
W3C World Wide Web Consortium
WAN wide area network
WAP wireless access point
WEP wired equivalent privacy
Wi-Fi wireless fidelity
WLAN wireless local area network
WNIC wireless network interface card
WPA Wi-Fi Protected Access
WPA2 Wi-Fi Protected Access 2
XML Extensible Markup Language
XSS cross-site scripting