click below
click below
Normal Size Small Size show me how
Security+ Acronyms
Acronyms and abbreviations for the Security+ SY0-501 exam
Abbreviation | Description | Details |
---|---|---|
3DES | Triple Digital Encryption Standard | |
AAA | Authentication, Authorization and Accounting | |
ABAC | Attribute-based Access Control | |
ACL | Access Control List | |
AES | Advanced Encryption Standard | |
AES256 | Advanced Encryption Standard 256-bit | |
AH | Authentication Header | |
ALE | Annualized Loss Expectancy | |
AP | Access Point | |
API | Application Programming Interface | |
APT | Advanced Persistent Threat | |
ARO | Annualized Rate of Occurrence | |
ARP | Address Resolution Protocol | |
ASLR | Address Space Layout Randomization | ASLR helps prevent exploitation of memory by randomly arranging the memory locations used by a program or process. |
ASP | Application Service Provider | ASP is a business providing computer-based services to customers over a network; such as access to a particular software application using a standard protocol. Also known as SaaS. |
AUP | Acceptable Use Policy | |
AV (2) | Antivirus or Asset Value | |
BAC | Business Availability Center | |
BCP | Business Continuity Plan | BCP identifies critical systems and components that need to be protected. Defines how the business will continue to operate if a disaster occurs. Also known as a COOP. |
BIA | Business Impact Analysis | |
BIOS | Basic Input/Output System | |
BPA | Business Partners Agreement | |
BPDU | Bridge Protocol Data Unit | |
BYOD | Bring Your Own Device | |
CA | Certificate Authority | |
CAC | Common Access Card | |
CAN | Controller Area Network | |
CAPTCHA | Completely Automated Public Turing test to tell Computers and Humans Apart | |
CAR | Corrective Action Report | |
CBC | Cipher Block Chaining | |
CCMP | Counter-mode CBC-MAC Protocol | Counter-mode Cipher Block Chaining Message Authentication Code Protocol - Used with WPA2. Cryptographic encapsulation method that is more secure than WEP and TKIP of WPA. |
CCTV | Closed-circuit Television | |
CER (2) | Cross-over Error Rate or Canonical Encoding Rules | Cross-over Error Rate = Where the false acceptance rate and false rejection rate are equal. Canonical Encoding Rules = Certificate information is stored in a base-64 encoded X.509 certificate format in an ASCII file. |
CERT | Computer Emergency Response Team | |
CFB | Cipher Feedback | CFB is a close relative of CBC, and makes a block cipher into a self-synchronizing stream cipher. Operation is very similar; in particular, CFB decryption is almost identical to CBC encryption performed in reverse: |
CHAP | Challenge Handshake Authentication Protocol | |
CIO | Chief Information Officer | |
CIRT | Computer Incident Response Team | |
CMS | Content Management System | CMS is a software application or set of related programs that are used to create and manage digital content. Examples are: Joomla, Drupal, and Squarespace. |
COOP | Continuity of Operations Plan | Also known as a BCP. Defines how the business will continue to operate if a disaster occurs. |
COPE | Corporate Owned Personally Enabled | |
CP | Contingency Planning | |
CRC | Cyclical Redundancy Check | |
CRL | Certificate Revocation List | |
CSIRT | Computer Security Incident Response Team | |
CSO | Chief Security Officer | |
CSP | Cloud Service Provider | |
CSR | Certificate Signing Request | A CSR is a request submitted to a CA for a digital certificate. |
CSRF | Cross-site Request Forgery | |
CSU | Channel Service Unit | |
CTM | Counter-Mode | |
CTO | Chief Technology Officer | |
CTR Mode | Counter Mode | Counter mode is a block cipher mode that works similar to a stream cipher. |
CYOD | Choose Your Own Device | |
DAC | Discretionary Access Control | |
DBA | Database Administrator | |
DDoS | Distributed Denial of Service | |
DEP | Data Execution Prevention | DEP is a system-level memory protection feature built into the Windows operating system. DEP marks pages of memory as non-executable. This means code cannot be run from those regions of memory. This makes it harder for buffer overruns to occur through exploitation. |
DER | Distinguished Encoding Rules | A DER certificate is stored in a binary file format. In LDAP, DER gives exactly one way to represent any ASN.1 value as an Octet String. |
DES | Digital Encryption Standard | |
DFIR | Digital Forensics and Incident Response | |
DHCP | Dynamic Host Configuration Protocol | |
DHE (2) | Diffie-Hellman Ephemeral or Data-Handling Electronics | Diffie-Hellman Ephemeral uses temporary public keys. Data-Handling Electronics is a process that ensures research data is stored, archived or disposed of in a safe and secure manner during and after a research project. |
DLL | Dynamic Link Library | |
DLP | Data Loss Prevention | |
DMZ | Demilitarized Zone | |
DNAT | Destination Network Address Translation | DNAT is also known as port forwarding |
DNS | Domain Name Service (Server) | |
DoS | Denial of Service | |
DRP | Disaster Recovery Plan | A DRP is a disaster recovery strategy describing how the company will recover with minimal lost time and money. |
DSA | Digital Signature Algorithm | |
DSL | Digital Subscriber Line | |
DSU | Data Service Unit | |
EAP | Extensible Authentication Protocol | |
ECB | Electronic Code Book | |
ECC | Elliptic Curve Cryptography | |
ECDHE | Elliptic Curve Diffie-Hellman Ephemeral | Variant of Diffie-Hellman Ephemeral (DHE) that uses elliptic curve cryptography, which uses less computational power. |
ECDSA | Elliptic Curve Digital Signature Algorithm | |
EFS | Encrypted File System | |
EMI | Electromagnetic Interference | |
EMP | Electro Magnetic Pulse | |
ERP | Enterprise Resource Planning | |
ESN | Electronic Serial Number | The ESN is a unique identification number embedded by manufacturers on a microchip in wireless phones. The ESN is automatically transmitted to a base station when a call is made. The carrier's mobile switching office then detects the ESN and checks the validity of the call to prevent fraud. |
ESP | Encapsulated Security Payload | |
EF | Exposure Factor | Exposure factor is the subjective, potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor is a subjective value that the person assessing risk must define. |
FACL | File System Access Control List | |
FAR | FALSE Acceptance Rate | |
FDE | Full Disk Encryption | |
FRR | FALSE Rejection Rate | |
FTP | File Transfer Protocol | |
FTPS | File Transfer Protocol over SSL | FTPS is different from SSH File Transfer Protocol - SFTP |
GCM | Galois Counter Mode | GCM is a mode of operation for symmetric-key cryptographic block ciphers that has been widely adopted because of its efficiency and performance. |
GPG | GNU Privacy Guard | GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows you to encrypt and sign your data and communications; it features a versatile key management system, along with access modules for all kinds of public key directories. |
GPO | Group Policy Object | |
GPS | Global Positioning System | |
GPU | Graphics Processing Unit | |
GRE | Generic Routing Encapsulation | |
HA | High Availability | |
HDD | Hard Disk Drive | |
HIDS | Host-based Intrusion Detection System | |
HIPS | Host-based Intrusion Prevention System | |
HMAC | Hashed Message Authentication Code | |
HOTP | HMAC-based One-Time Password | HMAC-based One-time Password algorithm (HOTP) is a one-time password (OTP) algorithm based on hash-based message authentication codes (HMAC). It is a cornerstone of the Initiative for Open Authentication (OAuth). |
HSM | Hardware Security Module | |
HTML | Hypertext Markup Language | |
HTTP | Hypertext Transfer Protocol | |
HTTPS | Hypertext Transfer Protocol over SSL/TLS | |
HVAC | Heating Ventilation and Air Conditioning | |
IaaS | Infrastructure as a Service | IaaS offers networking, storage, load balancing, routing and VM hosting. Offloads networking infrastructure to the cloud. |
ICMP | Internet Control Message Protocol | |
ICS | Industrial Control Systems | |
ID | Identification | |
IDEA | International Data Encryption Algorithm | |
IDF | Intermediate Distribution Frame | |
IdP | Identity Provider | |
IDS | Intrusion Detection System | |
IEEE | Institute of Electrical and Electronics Engineers | |
IIS | Internet Information Services | IIS for Windows® Server is a flexible, secure and manageable Web server. |
IKE | Internet Key Exchange | |
IM | Instant Messaging | |
IMAP4 | Internet Message Access Protocol v4 | |
IoT | Internet of Things | |
IP | Internet Protocol | |
IPSec | Internet Protocol Security | IPSec is an IETF standard suite of protocols between two communication points across the IP network that provide data authentication, integrity, and confidentiality. It also defines the encrypted, decrypted and authenticated packets. |
IR | Incident Response or Incident Report | |
IRC | Internet Relay Chat | |
IRP | Incident Response Plan | |
ISA | Interconnection Security Agreement | An ISA is a document that regulates security-relevant aspects of an intended connection between an agency and an external system. It regulates the security interface between any two systems operating under two different distinct authorities. It includes a variety of descriptive, technical, procedural, and planning information. |
ISP | Internet Service Provider | |
ISSO | Information Systems Security Officer | |
ITCP | IT Contingency Plan | ITCP describes alternate procedures for disruptions of service |
IV | Initialization Vector | |
KDC | Key Distribution Center | |
KEK | Key Encryption Key | |
L2TP | Layer 2 Tunneling Protocol | |
LAN | Local Area Network | |
LDAP | Lightweight Directory Access Protocol | |
LEAP | Lightweight Extensible Authentication Protocol | |
MaaS | Monitoring as a Service | MaaS deploys monitoring in the cloud. |
MAC (3) | Mandatory Access Control or Media Access Control or Message Authentication Code | |
MAN | Metropolitan Area Network | |
MBR | Master Boot Record | |
MD5 | Message Digest 5 | |
MDF | Main Distribution Frame | |
MDM | Mobile Device Management | |
MFA | Multi-Factor Authentication | |
MFD | Multi-Function Device | |
MITM | Man-in-the-Middle | |
MMS | Multimedia Message Service | |
MOA | Memorandum of Agreement | |
MOU | Memorandum of Understanding | |
MPLS | Multi-Protocol Label Switching | |
MSCHAP | Microsoft Challenge Handshake Authentication Protocol | |
MSP | Managed Service Provider | |
MTBF | Mean Time Between Failures | |
MTTF | Mean Time to Failure | |
MTTR (2) | Mean Time to Recover or Mean Time to Repair | |
MTU | Maximum Transmission Unit | |
NAC | Network Access Control | |
NAT | Network Address Translation | |
NDA | Non-disclosure Agreement | |
NFC | Near Field Communication | |
NGAC | Next Generation Access Control | |
NIDS | Network-based Intrusion Detection System | |
NIPS | Network-based Intrusion Prevention System | |
NIST | National Institute of Standards & Technology | |
NTFS | New Technology File System | |
NTLM | New Technology LAN Manager | |
NTP | Network Time Protocol | |
OAUTH | Open Authorization | OAuth is an open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications without sharing the initial logon credential. |
OCSP | Online Certificate Status Protocol | OCSP is used to determine the state of an identified certificate. The OCSP client and the OCSP responder exchange information about whether a certificate is valid or revoked. |
OID | Object Identifier | |
OS | Operating System | |
OTA | Over The Air | |
OVAL | Open Vulnerability and Assessment Language | Protocol to standardize the transfer of security content information across the entire spectrum of security tools and services. |
PKCS #12 | Public Key Cryptography Standards #12 | Defines a file format commonly used to store private keys with accompanying public key certificates, protected with a password-based symmetric key. -- .p12 and .pfx are file extensions |
P2P | Peer to Peer | |
PaaS | Platform as a Service | PaaS provides applications in a virtual environment without the customer bearing the burden of the physical platform costs. VDEs and VDIs are usually part of PaaS. |
PAC | Proxy Auto Configuration | A PAC file defines how web browsers and other user agents can automatically choose the appropriate proxy server (access method) for fetching a given URL. |
PAM | Pluggable Authentication Modules A mechanism to integrate multiple low-level authentication schemes into a high-level application programming interface (API). | |
PAP | Password Authentication Protocol | |
PAT | Port Address Translation | |
PBKDF2 | Password-based Key Derivation Function 2 | PBKDF2 applies a pseudorandom function to the input password along with a salt and repeats the process to produce a derived key, which can be used as a cryptographic key in subsequent operations. a/k/a key stretching |
PBX | Private Branch Exchange | |
PCAP | Packet Capture | .pcap is the Wireshark filename extension for packet captures. |
PEAP | Protected Extensible Authentication Protocol | PEAP encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel. |
PED | Portable Electronic Device | Examples of PEDs are: Examples are laptop computers, tablets, e-readers, smartphones, MP3 players, drones and electronic toys. |
PEM | Privacy-Enhanced Mail | Privacy-Enhanced Mail (PEM) is an Internet standard that provides for secure exchange of electronic mail. PEM employs a range of cryptographic techniques to allow for confidentiality, sender authentication, and message integrity. |
PFS | Perfect Forward Secrecy | |
PFX | Personal Information Exchange | Binary format to store a server certificate, intermediate certificates and private key in one file. Used to import and export certs and private keys. -- .p12 and .pfx are filename extensions. |
PGP | Pretty Good Privacy | |
PHI | Protected Health Information | PHI is any information in the medical record or designated record set that can be used to identify an individual |
PII | Personally Identifiable Information | |
PIV | Personal Identity Verification | A personal identity verification (PIV) card is a United States Federal smart card that contains the necessary data for the cardholder to be granted to Federal facilities and information systems and assure appropriate levels of security for all applicable Federal applications. |
PKI | Public Key Infrastructure | |
POODLE | Padding Oracle On Downgrade Legacy Encryption | POODLE is a man-in-the-middle exploit found in 2014 which takes advantage of Internet and security software clients' backward compatibility to SSL 3.0. |
POP | Post Office Protocol | |
POTS | Plain Old Telephone Service | |
PPP | Point-to-Point Protocol | |
PPTP | Point-to-Point Tunneling Protocol | |
PSK | Pre-shared Key | |
PTZ | Pan-Tilt-Zoom | |
RA (2) | Recovery Agent or Registration Authority | A Recovery Agent is someone who is permitted to decrypt another user's data in case of emergency. A Registration Authority authenticates the entity making the request for a digital certificate. Sometimes called a subordinate CA. |
RAD | Rapid Application Development | RAD is a form of Agile software development methodology. Unlike Waterfall methods, RAD emphasizes working software and user feedback over strict planning and requirements recording. In other words, RAD is less talk, more action, and lots of testing. |
RADIUS | Remote Authentication Dial-in User Server | |
RAID | Redundant Array of Independent Drives (Disks) | |
RAS | Remote Access Server | |
RAT | Remote Access Trojan | |
RBAC | Role-based Access Control or Rule-based Access Control | |
RC4 | Rivest Cipher version 4 | |
RDP | Remote Desktop Protocol | |
RFID | Radio Frequency Identifier | |
RIPEMD | RACE Integrity Primitives Evaluation Message Digest | RACE = Research and development in Advanced Communications technologies in Europe |
ROI | Return on Investment | |
RMF | Risk Management Framework | |
RPO | Recovery Point Objective | |
RSA | Rivest, Shamir and Adelman | |
RTBH | Remotely Triggered Black Hole | Routing technique to drop undesirable traffic (into a black hole) before it enters the protected network. |
RTO | Recovery Time Objective | |
RTOS | Real-time Operating System | |
RTP | Real-time Transport Protocol | |
S/MIME | Secure/Multipurpose Internet Mail Extensions | |
SaaS | Software as a Service | SaaS provides users access to applications via a third party. Applications can run in a web browser or could use screen sharing or remote desktop to provide access to the applications. |
SAML | Security Assertions Markup Language | SAML is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. Primarily used for web browser single sign-on |
SAN (2) | Storage Area Network or Subject Alternative Name | A storage area network is a computer network which provides access to consolidated, block-level data storage. A Subject Alternative Name (SAN) is an extension to X.509 that allows various values to be associated with a security certificate. Alternative names include: Email addresses, IP addresses, URLs, and DNS names |
SCADA | System Control and Data Acquisition | A SCADA system refers to the computer and software responsible for communicating with the field connection controllers, like PLCs and HMI software running on operator workstations. |
SCAP | Security Content Automation Protocol | SCAP is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation of systems deployed in an organization |
SCEP | Simple Certificate Enrollment Protocol | SCEP allows you to securely issue certificates to large numbers of network devices using an automatic enrollment technique. |
SCP | Secure Copy SCP uses Secure Shell (SSH) for data transfer and authentication. SCP runs over TCP port 22 by default. | |
SCSI | Small Computer System Interface | |
SDK | Software Development Kit | |
SDLC | Software Development Life Cycle | |
SDLM | Software Development Life Cycle Methodology | |
SDN | Software Defined Network | |
SED | Self-encrypting Drive | |
SEH | Structured Exception Handling | Structured exception handling is a mechanism for handling both hardware and software exceptions. Structured exception handling enables the programmer to have complete control over the handling of exceptions and provides support for debuggers. |
SFTP | SSH File Transfer Protocol | SFTP is different from FTP over SSL (FTPS) |
SHA | Secure Hashing Algorithm | |
SHTTP | Secure Hypertext Transfer Protocol | |
SIEM | Security Information and Event Management | |
SIM | Subscriber Identity Module | |
SLA | Service Level Agreement | |
SLE | Single Loss Expectancy | |
SMB | Server Message Block | |
SMS | Short Message Service | |
SMTP | Simple Mail Transfer Protocol | |
SMTPS | Simple Mail Transfer Protocol Secure | |
SNMP | Simple Network Management Protocol | |
SOAP | Simple Object Access Protocol | SOAP allows processes running on disparate operating systems (such as Windows and Linux) to communicate using Extensible Markup Language (XML). |
SoC | System on a Chip | Integrates a CPU, graphics, RAM and data storage on an integrated circuit board. A smartwatch and a Raspberry Pi are examples. |
SPF | Sender Policy Framework | Email authentication method designed to detect the forging of sender addresses during the delivery of the email. |
SPIM | Spam over Internet Messaging | |
SPoF | Single Point of Failure | |
SQL | Structured Query Language | |
SRTP | Secure Real-Time Transport Protocol | Provides confidentiality, message authentication, and replay protection to the RTP traffic and to the control traffic for RTP, the Real-time Transport Control Protocol (RTCP). |
SSD | Solid State Drive | |
SSH | Secure Shell | |
SSID | Service Set Identifier | |
SSL | Secure Sockets Layer | |
SSO | Single Sign-on | |
STP (2) | Shielded Twisted Pair or Spanning-Tree Protocol | |
TACACS+ | Terminal Access Controller Access Control System Plus | |
TCP/IP | Transmission Control Protocol/Internet Protocol | |
TGT | Ticket Granting Ticket | |
TKIP | Temporal Key Integrity Protocol | |
TLS | Transport Layer Security | |
TOTP | Time-based One-time Password | |
TPM | Trusted Platform Module | |
TSIG | Transaction Signature | |
UAT | User Acceptance Testing | |
UAV | Unmanned Aerial Vehicle | |
UDP | User Datagram Protocol | |
UEFI | Unified Extensible Firmware Interface | |
UPS | Uninterruptable Power Supply | |
URI | Uniform Resource Identifier | An URL is a specific type of URI, but they basically mean the same thing. |
URL | Universal Resource Locator | |
USB | Universal Serial Bus | |
USB OTG | USB On The Go | |
UTM | Unified Threat Management | |
UTP | Unshielded Twisted Pair | |
VDE | Virtual Desktop Environment | |
VDI | Virtual Desktop Infrastructure | |
VLAN | Virtual Local Area Network | |
VLSM | Variable Length Subnet Masking | |
VM | Virtual Machine | |
VoIP | Voice over IP | |
VPN | Virtual Private Network | |
VTC | Video Teleconferencing | |
WAF | Web Application Firewall | A WAF is an application firewall for HTTP applications. It applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. While proxies generally protect clients, WAFs protect servers. |
WAP | Wireless Access Point | |
WEP | Wired Equivalent Privacy | |
WIDS | Wireless Intrusion Detection System | |
WIPS | Wireless Intrusion Prevention System | |
WORM | Write Once Read Many | |
WPA | WiFi Protected Access | |
WPA2 | WiFi Protected Access 2 | |
WPS | WiFi Protected Setup | |
WTLS | Wireless TLS | |
XML | Extensible Markup Language | |
XOR | Exclusive Or | |
XSRF | Cross-site Request Forgery | |
XSS | Cross-site Scripting | |
PKCS | Public Key Cryptography Standards | Public-key cryptography standards devised and published by RSA Security LLC, starting in the early 1990s. |
RCE | Remote Code Execution | a/k/a Arbitrary Code Execution - executing commands on a remote computer via a vulnerability. |
RAID 0 | Striping | Data striped across multiple disks. No redundancy. |
RAID 1 | Mirroring | Data copied to two or more disks. |
RAID 6 | Striping with dual parity | Data is striped across multiple disks. Two sets of parity info is striped across each disk. |
RAID 1+0 | Stripe of Mirrors | Minimum of four disks. Contains at least two RAID 1 mirrors that are also striped. |
REST API | REpresentational State Transfer | Web services that conform to the REST architectural style, called RESTful Web services (RWS), provide interoperability between computer systems on the Internet. OpenID works with OAuth and supports REST. |
Type 1 Authentication | Something you know | |
Type 2 Authentication | Something you have | |
Type 3 Authentication | Something you are | |
RAID 5 | Striping with parity | Data is striped across multiple disks. Parity info is also striped across each disk. |
GPT | GUID Partition Table | Replacement for MBR. Necessary for partitions larger than 2 TB. GUID = Globally Unique IDentifier. |
GUID | Globally Unique IDentifier | 128-bit distinctive reference number |
SOX | Sarbanes-Oxley | Governs the disclosure of financial and accounting information. Cracks down on corporate fraud. Enacted 2002. |
HIPAA | Health Insurance Portability and Accounting Act | Governs the disclosure and protection of health information. Enacted 1996. |
GLB | Gramm-Leach-Bliley Act | Regulates the collection and disclosure of private financial information; financial institutions must protect such information; and prohibits pretexting. Enacted 1999. |
HAVA | Help America Vote Act | Governs the security and integrity of personal information related to electronic voting systems. Enacted 2002. |
SPI | Stateful Packet Inspection | The firewall monitors active communications passing through it to decide which packets are permitted or denied. |
ANT | a proprietary, ultra low power, wireless protocol used primarily by sensors for communicating data | Wireless technology generally used for fitness and health sensors that can spend long periods in low-power mode and activate briefly during reception and transmission. ANT is part of Garmin Canada, but is interoperable with other vendors like Android, Sony and Ericsson. |
DAMP | Database Activity Monitoring and Prevention | Provides privileged user and application access monitoring that is independent of native database logging and audit functions and can block unauthorized activities. |
PIA | Privacy Impact Assessment | Often included in a BIA, the PIA identifies and mitigates privacy risks. |