| Acronym | Description |
| 3DES | Triple Data Encryption Standard |
| ACL | Access Control List |
| ADP | Automated Data Processing |
| AES | Advance Encryption Standard |
| AH | Authentication Header |
| AIS | Automated Information System |
| AO | Area of Operations |
| APT | Advanced Persistent Threat |
| BCP | Business Continuity Plan |
| BIA | Business Impact Analysis |
| BoD | Beginning of Day |
| BYOD | Bring Your Own Device |
| CA | Certificate Authority |
| CIO | Chief Information Officer |
| CISO | Chief Information Security Officer |
| CSO | Chief Security Officer |
| CAPEC | Common Attack Pattern Enumeration and Classification |
| CERT | Computer Emergency Response Team |
| DES | Data Encryption Standard |
| DHS | Department of Homeland Security |
| DRP | Disaster Recovery Plan |
| DAC | Discretionary Access Control |
| DNS | Domain Name System |
| ECC | Elliptical Curve Cryptography |
| EFT | Electrionic Funds Transfer |
| ESP | Encapsulation Security Payload |
| EW | Electronic Warfare |
| FISMA | Federal Information Security Act |
| FTP | File Transfer Protocol |
| FO | Forward Observer |
| GRC | Governance Risk Management and Compliance |
| HIPPA | Health Insurance |
| HTTP | Hypertext Transfer Protocol |
| HTTPS | Hypertext Transfer Protocol Secure |
| IDS | Intrusion Detection System |
| IaaS | Infrastructure as a Service |
| IANA | Inernet Assigned Numbers Authority |
| ICMP | Internet Control Message Protocol |
| IDS | Intrusion Detection System |
| IETF | Internet Engineering Task Force |
| IG | Interior Guard |
| IP | Internet Protocol |
| IPS | Intrusion Prevention System |
| IPSec | Internet Protocol Security |
| IPX | Internetwork Packet Exchange |
| IS | Information Systems |
| ISO | International Standards Organization |
| ISP | Internet Service Provider |
| KRI | Key Risk Indicator |
| LAN | Local Area Network |
| LDAP | Lightweight Directory Access Protocol |
| MAC | Mandatory Access Control |
| MAC Address | Media Access Control |
| MAN | Metropolitan Access Network |
| Acronym | Description |
| NAT | Network Address Translation |
| NetBIOS | Network Basic Input/Output System |
| NIC | Network Interface Control |
| NIAP | National Information Assurance Partnership |
| NIST | National Institute for Standards and Technology |
| NNTP | Network News Transfer Protocol |
| OpSec | Operational Security |
| OS | Operating System |
| OSI | Open Systems Interconnect |
| OWASP | Open Web Application Security Project |
| PaaS | Platform as a Service |
| PIN | Personal Identification Number |
| PKI | Public Key Infrastructure |
| POTS | Plain Old Telephone Service |
| PSTN | Public Switched Telephone Network |
| RA | Registration Authority |
| RAS | Remote Access Service |
| ROI | Return On Investment |
| RPO | Recovery Point Objective |
| RTO | Recovery Time Objective |
| SaaS | Software as a Service |
| SCADA | Supervisory Control and Data Acquisition |
| SDLC | Software Development Life Cycle |
| SDO | Service Delivery Objectives |
| SecaaS | Security as a Service |
| SET | Secure Electronic Transaction |
| SET | Social-Engeneer Toolkit |
| SFA | Single Factor Authentication |
| SLA | Service Level Agreement |
| S/MIME | Secure Multipurpose Internet Mail Extension |
| SMTP | Simple Mail Transfer Protocol |
| SoD | Segregation/Seperation of Duties |
| SoD | Start of Day |
| SPX | Sequenced Packet Exchange |
| SSH | Secure Shell |
| SSL | Secure Socket Layer |
| TCO | Total Cost of Ownership |
| TCP | Transmission Control Protocol |
| TCP/IP | Transmission Control Protocol/Internet Protocol |
| TKIP | Temperal Key Integrety Protocol |
| TLS | Transport Layer Security |
| URL | Uniform Resource Locator |
| UDP | User Datagram Protocol |
| VLAN | Vitrual Local Area Network |
| VPN | Virtual Private Network |
| VoIP | Voice Over Internet Protocol |
| WAN | Wide Area Network |
| WAP | Wi-Fi Protected Access |
| WAP2 | Wi-Fi Protected Access II |
| WEP | Wired Equivalent Privacy |
| WLAN | Wireless Local Area Network |
| XSS | Cross-site Scripting |
| CNSSI 4009, National Information Assurance (IA) Glossary, June 2006. |
| CISSPÆ All-in-One Exam Guide, Forth Edition, Shon Harris, The McGraw-Hill Companies, 2008. |
| Official (ISC)2 Æ Guide To The CISSPÆ CBK by Harold F. Tipton, et. al., Auerbach Publications, 2006. |
| Official (ISC)2 Æ Guide To The CISSPÆ Exam by Susan Hansche, et. al., Auerbach Publications, 2004. |
| NIST SP 800-16, Information Technology Security Training Requirements: A Role- and Performance-Based Model, April 1998. |
| NIST SP 800-30, Risk Management Guide for Information Technology Systems, July 2002. |
| NIST SP 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems, May 2004. |
| NIST SP 800-53, Rev. 2, Recommended Security Controls for Federal Information Systems, December 2007. |
| NIST SP 800-64 Rev. 1, Security Considerations in the Information System Development Life Cycle, June 2004. |
| NIST SP 800-61, Computer Security Incident Handling Guide, January, 2004. |
| NIST SP 800-65, Integrating IT Security into the Capital Planning and Investment Control Process, January 2005. |
| NIST SP 800-67, Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher, May 2004. |
| NIST SP 800-77, Guide to IPsec VPNs, December 2005. |
| FIPS 46-3, Data Encryption Standard (DES), October 1999. |
| FIPS 140-2, Security Requirements for Cryptographic Modules, May 2001. |
| FIPS 180-2, Secure Hash Standard (SHS), August 2002. |
| FIPS 185, Escrowed Encryption Standard, February 1994. |
| FIPS 186-2, Digital Signature Standard (DSS), January 2000. |
| FIPS 197, Advanced Encryption Standard, November 2001. |
| FIPS 198, The Keyed-Hashed Message Authentication Code (HMAC), March 2002. |
| FIPS 199, Standards for Security Categorization of Federal Information and Information Systems, December 2003. |
| FIPS 200, Minimum Security Requirements for Federal Information and Information Systems, March 2006. |
| Information Assurance Technical Framework (IATF), Release 3.1, NSA IA Solutions Technical Directors, September 2002. |
| ISO/IEC 15408-1:2005, Evaluation Criteria for IT Security ñ Part 1: Introduction and General Model, 2005. |
| ISO/IEC 15408-2:2005, Evaluation Criteria for IT Security ñ Part 2: Security Functional Requirements, 2005. |
| ISO/IEC 15408-3:2005, Evaluation Criteria for IT Security ñ Part 3: Security Assurance Requirements, 2005. |
| BS ISO/IEC 17799:2005, Code of Practice for Information Security Management, 2005. |
| Control Objectives for Information and related Technology (COBIT), Release 4.0, IT Governance Institute, 2005. |
| ISO/IEC 21827, Systems Security Engineering ñ Capability Maturity Model (SSE-CMMÆ), 2002. |
| ISO/IEC 27001, Information Security Management Systems ñ Requirements, 2005. |
| Draft MIL-STD-499C, Systems Engineering, Aerospace Corporation, April 15, 2005. |
| ISO/IEC 15288:2008(E), IEEE Std 15288-2008, Systems and Software Engineering ñ System Life Cycle Processes, February 1, 2008. |
| IEEE STD 1220-2005, IEEE Standard for Application and Management of the Systems Engineering Process, September 9, 2005. |
| IEEE/EIA 12207.0-1996, Industrial Implementation of International Standard ISO/IEC 12207:1995 Software Life Cycle Processes, March 1998. |
| IEEE/EIA 12207.1-1997, Industrial Implementation of International Standard ISO/IEC 12207:1995 Software Life Cycle ProcessesóLife Cycle Data, April 1998. |
| IEEE/EIA 12207.2-1997, Industrial Implementation of International Standard ISO/IEC 12207:1995 Software Life Cycle ProcessesóImplementation Considerations, April 1998. |
| DoD 5200.28-STD, Department of Defense Trusted Computer System Evaluation Criteria, December 1985. (a.k.a. Orange Book). |
| NCSC-TG-003, Version-1 A, Guide to Understanding Discretionary Access Control in Trusted Systems, September 30, 1987. (a.k.a. Neo-Orange Book). |
| Information Technology Security Evaluation Criteria (ITSEC), Version 1.2, June 1991. |
|
ACCESS CONTROL |
The process of granting or denying specific requests for or attempts to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities |
|
ADVANCED PERSISTENT THREAT (APT) |
An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). |
|
AIR GAP |
To physically separate or isolate a system from other systems or networks. |
|
ATTACK PATH |
The steps that an adversary takes or may take to plan, prepare for, and execute an attack. |
|
ATTACK PATTERN |
Similar cyber events or behaviors that may indicate an attack has occurred or is occurring, resulting in a security violation or a potential security violation. |
|
ATTACK SIGNATURE |
A characteristic or distinctive pattern that can be searched for or that can be used in matching to previously identified attacks. |
|
AUTHENTICATION |
The process of verifying the identity or other attributes of an entity (user, process, or device). |
|
AUTHORIZATION |
A process of determining, by evaluating applicable access control information, whether a subject is allowed to have the specified types of access to a particular resource. |
|
BACKDOOR |
A backdoor is a tool installed after a compromise to give an attacker easier access to the compromised system around any security mechanisms that are in place. |
|
BEHAVIOR MONITORING |
Observing activities of users, information systems, and processes and measuring the activities against organizational policies and rule, baselines of normal activity, thresholds, and trends. |
|
BLACKLIST |
A list of entities that are blocked or denied privileges or access. |
|
BLUE TEAM |
A group that defends an enterprise’s information systems when mock attackers (i.e., the Red Team) attack, typically as part of an operational exercise conducted according to rules established and monitored by a neutral group (i.e., the White Team). |
|
BOT |
A computer connected to the Internet that has been surreptitiously / secretly compromised with malicious logic to perform activities under the command and control of a remote administrator. |
|
BUG |
An unexpected and relatively small defect, fault, flaw, or imperfection in an information system or device. |
|
CHECKSUM |
A value that is computed by a function that is dependent on the contents of a data object and is stored or transmitted together with the object, for the purpose of detecting changes in the data. |
|
CIP |
Critical Infrastructure Protection. The North American Electric Reliability Corporation (NERC), which FERC directed to develop Critical Infrastructure Protection (CIP) cyber security reliability standards. |
|
CIPHERTEXT |
Data or information in its encrypted form. |
|
CLOUD COMPUTING |
A model for enabling on-demand network access to a shared pool of configurable computing capabilities or resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. |
|
COMPUTER (DIGITAL) FORENSICS |
The processes and tools to create a bit by bit copy of a an electronic device (collection and acquisition) for the purpose of analyzing and reporting evidence; gather and preserve evidence that is legally defensible and does not alter the original device or data. |
|
CONTINUITY OF OPERATIONS PLAN |
A document that sets forth procedures for the continued performance of core capabilities and critical operations during any disruption or potential disruption. |
|
CRITICAL INFRASTRUCTURE |
The systems and assets, whether physical or virtual, so vital to society that the incapacity or destruction of such may have a debilitating impact on the security, economy, public health or safety, environment, or any combination of these matters. |
|
CRYPTANALYSIS |
The operations performed in defeating or circumventing cryptographic protection of information by applying mathematical techniques and without an initial knowledge of the key employed in providing the protection. |
|
CSIRT |
Cyber Security Incident Response Team |
|
CYBER MUNITIONS |
Technology system that has a purpose of causing harm and destruction by altering the running state of another system without permission. |
|
DATA BREACH |
The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information. |
|
DATA LOSS PREVENTION |
A set of procedures and mechanisms to stop sensitive data from leaving a security boundary. |
|
DATA MINING |
The process or techniques used to analyze large sets of existing information to discover previously unrevealed patterns or correlations. |
|
DENIAL OF SERVICE (DOS) |
An attack that prevents or impairs the authorized use of information system resources or services. |
|
DIGITAL FORENSICS |
The processes and specialized techniques for gathering, retaining, and analyzing system-related data (digital evidence) for investigative purposes. |
|
DIGITAL RIGHTS MANAGEMENT (DRM) |
A form of access control technology to protect and manage use of digital content or devices in accordance with the content or device provider’s intentions. |
|
DIGITAL SIGNATURE |
A value computed with a cryptographic process using a private key and then appended to a data object, thereby digitally signing the data. |
|
DISTRIBUTED DENIAL OF SERVICE (DDOS) |
A denial of service technique that uses numerous systems to perform the attack simultaneously. |
|
DMZ |
DeMilitarized Zone. A physical or logical subnetwork where publicly facing internet connections occur; a subnetwork where an organization’s external- facing services are exposed to an untrusted network (i.e. internet). |
|
DOXING |
The process or technique of gathering personal information on a target or subject, and building a dossier with the intent to cause harm. |
|
DYNAMIC ATTACK SURFACE |
The automated, on-the-fly changes of an information system’s characteristics to thwart actions of an adversary. |
|
ELECTRONIC SIGNATURE |
Any mark in electronic form associated with an electronic document, applied with the intent to sign the document. |
|
ENTERPRISE RISK MANAGEMENT |
A comprehensive approach to risk management that engages people, processes, and systems across an organization to improve the quality of decision making for managing risks that may hinder an organization’s ability to achieve its objectives. |
|
EVENT LOGS |
The computer-based documentation log of all events occurring within a system. |
|
EXFILTRATION |
The unauthorized transfer of information from an information system. |
|
EXPLOIT |
A technique to breach the security of a network or information system in violation of security policy. |
|
EXPOSURE |
The condition of being unprotected, thereby allowing access to information or access to capabilities that an attacker can use to enter a system or network. |
|
FIREWALL |
A physical appliance or software designed to control inbound and/or outbound electronic access. |
|
HASH VALUE |
A numeric value resulting from applying a mathematical algorithm against a set of data such as a file. |
|
HASHING |
A process of applying a mathematical algorithm against a set of data to produce a numeric value (a ”hash value”) that represents the data. The result of hashing is a value that can be used to validate if a file has been altered. Frequently used hash functions are MD5, SHA1 and SHA2 |
|
IDENTITY AND ACCESS MANAGEMENT |
The methods and processes used to manage subjects and their authentication and authorizations to access specific objects. |
|
INCIDENT |
An occurrence that actually or potentially results in adverse consequences to an information system or the information that the system processes, stores, or transmits and that may require a response action to mitigate the consequences. |
|
INCIDENT HANDLER (CYBER SECURITY) |
The person assigned to lead a team of subject matter experts in cyber security and how to respond to adverse security events. |
|
INDUSTRIAL CONTROL SYSTEM |
An information system used to control industrial processes such as manufacturing, product handling, production, and distribution or to control infrastructure assets. |
|
INTEGRITY |
The property whereby information, an information system, or a component of a system has not been modified or destroyed in an unauthorized manner. |
|
INTRUSION DETECTION |
The process and methods for analyzing information from networks and information systems to determine if a security breach or security violation has occurred. |
|
KEYLOGGER |
Software or hardware that tracks keystrokes and keyboard events, usually surreptitiously / secretly, to monitor actions by the user of an information system. |
|
MACRO VIRUS |
A type of malicious code that attaches itself to documents and uses the macro programming capabilities of the document’s application to execute, replicate, and spread or propagate itself. |
|
MALWARE |
Software that compromises the operation of a system by performing an unauthorized function or process. |
|
MITIGATION |
The application of one or more measures to reduce the likelihood of an unwanted occurrence and/or lessen its consequences. |
|
MOVING TARGET DEFENSE |
The presentation of a dynamic attack surface, increasing an adversary’s work factor necessary to probe, attack, or maintain presence in a cyber target. |
|
MSSP |
Managed Security Service Provider |
|
NIST |
National Institute of Standards and Technology. The 800 series (NIST 800) covers cyber and information security. |
|
OPEN SOURCE |
Denoting software whose original source code is made free and available with no restrictions on use, selling, distribution or modification of the code. |
|
OPEN SOURCE INTELLIGENCE |
Intelligence collected from publicly available sources |
|
OPEN SOURCE TOOLS |
Tools that are made with open source code. |
|
OPERATIONAL EXERCISE |
An action-based exercise where personnel rehearse reactions to an incident scenario, drawing on their understanding of plans and procedures, roles, and responsibilities. |
|
PACKET CAPTURES |
The process of collecting, or capturing, network packets as they are being sent and received; used in diagnosing and solving network problems. |
|
PENETRATION TESTING (PEN TEST) |
An evaluation methodology whereby assessors actively probe for vulnerabilities and attempt to circumvent the security features of a network and/or information system. |
|
PHISHING |
A digital form of social engineering to deceive individuals into providing sensitive information. |
|
PRIVATE KEY |
A cryptographic key that must be kept confidential and is used to enable the operation of an asymmetric (public key) cryptographic algorithm. |
|
PUBLIC KEY |
The publicly-disclosed component of a pair of cryptographic keys used for asymmetric cryptography. |
|
RDP |
Remote Desktop Protocol. A Microsoft protocol through which a desktop or server may be accessed by a remote client. |
|
RECOVERY |
The activities after an incident or event to restore essential services and operations in the short and medium term and fully restore all capabilities in the longer term. |
|
RED TEAM |
A group authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s cybersecurity posture. |
|
REDUNDANCY |
Additional or alternative systems, sub-systems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of another system, sub-system, asset, or process. |
|
RESILIENCE |
The ability to adapt to changing conditions and prepare for, withstand, and rapidly recover from disruption. |
|
RESPONSE |
The activities that address the short-term, direct effects of an incident and may also support short-term recovery. |
|
RISK MANAGEMENT |
The process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken. |
|
ROAMING PROFILE |
A configuration in which the user profile within the domain is stored on a server and allows authorized users to log on to any computer within a network domain and have a consistent desktop experience. |
|
ROOTKIT |
A set of software tools with administrator-level access privileges installed on an information system and designed to hide the presence of the tools, maintain the access privileges, and conceal the activities conducted by the tools. |
|
SCRIPTKIDDIE |
An unskilled or non-sophisticated individual using pre-made hacking techniques and software to attack networks and deface websites. |
|
SECURITY AUTOMATION |
The use of information technology in place of manual processes for cyber incident response and management. |
|
SECURITY POLICY |
A rule or set of rules that govern the acceptable use of an organization’s information and services to a level of acceptable risk and the means for protecting the organization’s information assets. |
|
SIEM |
System Incident and Event Management. Tools and processes that collect data generated from devices and services to perform real time and historical correlated analysis to detect security, compliance and service levels events. |
|
SIGNATURE |
A recognizable, distinguishing pattern. |
|
SITUATIONAL AWARENESS |
Comprehending information about the current and developing security posture and risks, based on information gathered, observation and analysis, and knowledge or experience. |
|
SOFTWARE ASSURANCE |
The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its lifecycle, and that the software functions in the intended manner. |
|
SPEARPHISHING |
An email or electronic communications scam targeted towards a specific individual, organization, or business. |
|
SPOOFING |
Faking the sending address of a transmission to gain illegal or unauthorized entry into a secure system. Extended The deliberate inducement of a user or resource to take incorrect action. Note: Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing. |
|
SPYWARE |
Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner. |
|
TABLETOP EXERCISE |
A discussion-based exercise where personnel meet in a classroom setting or breakout groups and are presented with a scenario to validate the content of plans, procedures, policies, cooperative agreements or other information for managing an incident. |
|
THREAT AGENT |
An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities. |
|
THREAT ASSESSMENT |
The product or process of identifying or evaluating entities, actions, or occurrences, whether natural or man-made, that have or indicate the potential to harm life, information, operations, and/or property. |
|
TICKET |
In access control, data that authenticates the identity of a client or a service and, together with a temporary encryption key (a session key), forms a credential. |
|
TOPOLOGY DIAGRAM |
A schematic diagram displaying how the various elements in a network communicate with each other. A topology diagram may be physical or logical. |
|
TRAFFIC LIGHT PROTOCOL |
A set of designations employing four colors (RED, AMBER, GREEN, and WHITE) used to ensure that sensitive information is shared with the correct audience. |
|
TROJAN HORSE |
A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program. |
|
VIRUS |
A computer program that can replicate itself, infect a computer without permission or knowledge of the user, and then spread or propagate to another computer. |
|
VULNERABILITY |
A characteristic or specific weakness that renders an organization or asset (such as information or an information system) open to exploitation by a given threat or susceptible to a given hazard. Extended Characteristic of location or security posture or of design, security procedures, internal controls, or the implementation of any of these that permit a threat or hazard to occur. Vulnerability (expressing degree of vulnerability): qualitative or quantitative expression of the level of susceptibility to harm when a threat or hazard is realized. |
|
WHITE TEAM |
A group responsible for refereeing an engagement between a Red Team of mock attackers and a Blue Team of actual defenders of information systems. |
|
WHITELIST |
A list of entities that are considered trustworthy and are granted access or privileges. |
|
WORK FACTOR |
An estimate of the effort or time needed by a potential adversary, with specified expertise and resources, to overcome a protective measure. |
|
WORM |
A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself. |
|
ZERO DAY |
The Zero Day is the day a new vulnerability is made known. In some cases, a zero day exploit is referred to an exploit for which no patch is available yet. (Day one is day at which the patch is made available). |