|Authentication, Authorization, and Accounting. Centralized authentication that records those that login for billing and audit purposes.
|Attribute-based Access Control. Access control method that relies on an attribute that is unique to the person.
|Access Control List. A list of those allowed or denied access with the relevant permissions.
|Active Directory. A directory service created by Microsoft that authenticated and authorized users in a Windows Domain Environment.
|Advanced Encryption Standard. A symmetric encryption standard that works in blocks of 128, 192, or 256 bit.
|A software development model that focuses on flexibility, speed, and customer satisfaction.
|Authentication Header. An IPSec protocol that provides integrity of an IPSec packet using SHA1 or MD5.
|Artificial Intelligence. Developing a computer system so that it can think like a human when making decisions.
|Network isolation where the host has no network connections.
|Automated Indicator Sharing. Department of Homeland Security threat intelligence feed.
|Annualized Loss Expectancy. Projected annual loss calculated using the formula SLE x ARO.
|Access Point. Connects wireless devices to a wireless network.
|Application Programming Interface. Enables software developers to connect applications to an operating system.
|Advanced Persistent Threat. An attacker who is well-funded, well-organized, and sophisticated.
|Annualized Rate of Occurrence. The number of times a loss will be incurred in a year.
|Address Resolution Protocol. A protocol that maps IP addresses to MAC addresses.
|Redirects an IP Address to a MAC address that was not the intended target.
|Adversarial Tactics, Techniques, and Common Knowledge. A database maintained by MITRE listing the security threats, with their tactics and techniques.
|Acceptable Use Policy. Informs individuals of what actions they are allowed to conduct themselves whilst using computer systems.
|Antivirus. A solution to prevent a computer being attacked by a virus.
|Bourne Again Shell. This is a command shell and scripting language for automating tasks in Linux.
|Business Continuity Planning. A plan for moving a business forward following a disaster.
|An infected host that will allow attackers to launch remote attacks.
|Business Partnership Agreement. An agreement between two entities that lays down the contribution of each, how they will operate, and who will make the decisions.
|Bridge Protocol Data Unit Guard. Prevents attacks on the Spanning Tree Protocol.
|Basic Service Set Identifier. Lists the MAC Address of the Wireless Access Point to which a client is connected.
|A password attack that uses every available combination.
|A data attack where a larger amount of data than allowed is inserted into an application, resulting in data overflow into the adjacent memory and memory corruption.
|A scheme to reward those finding software flaws in a company’s web servers.
|Bring Your Own Device. A scheme allowing employees to use their personal devices in the workplace.
|Certificate Authority. The top server used to sign certificates in a PKI environment.
|Common Access Card. A smart card used by the US military.
|An image or text where a human types in the text or selects certain pictures to confirm that they are not bots.
|Controls access to a wireless network, asking for additional identity before allowing access to the internal network. It can be used for billing purposes.
|Capture the Flag
|Exercise wherein users complete training and move up a level each time. When they finish all levels, they have captured the flag. Improves a skill set.
|Copying a credit card or an access card. Also known as skimming.
|Cloud Access Security Broker. Enterprise management software that manages and pushed policies and updates out to cloud clients. It can control access.
|Cipher Block Chaining. An encryption method that starts off with an IV or XOR. The output of one encryption sequence is the input to the next block.
|Computer-based Training. Interactive training carried out on a computer.
|Counter-Mode/CBC-MAC Protocol. Strongest wireless protocol that uses AES up to 128 bits.
|Closed-Circuit Television. It records video footage of events happening in the foreground.
|Chain of Custody
|A record of who has handled the evidence from collection to court.
|Crossover Error Rate. A biometric measurement where the FAR=FRR. A low CER is used when purchasing a new biometric system
|A legacy authentication protocol that uses one way encryption of the password.
|Chief Information Officer. A top-level executive responsible for management and usability of computer systems.
|Center for Internet Security. A not-for-profit organization that publishes what most critical security controls.
|Content Management System. A computer system used to manage digital content.
|Computer Security Incident Response Team. A team that responds to cyber security attacks.
|Common Name. An x500 object relating to a host. Used as a subject identifier in a digital signature.
|This is where a digital signature is used to confirm that the code is the original.
|A disaster recovery site without equipment or data.
|An appliance that collects log files, such as a syslog server.
|A secondary control that replaces a primary control, should it fail.
|Multiple developers merge the code they produced.
|Continuity of Operations Planning. A business continuity process used by the US government
|Corporate-owned Personally Enabled. Business owned device that can be lent for personal use to an employee.
|Actions taken to get a company back up and running following an event.
|Contingency Planning. Used for getting a business back to an operational state following a disaster.
|Certificate Revocation List. A list of certificates that have been revoked due to expiry or compromise.
|Cloud Security Alliance. Raising awareness of the best practice to security your cloud environment
|Cloud Service Provider. Provides cloud services.
|Certificate Signing Request. Official method of new certificate application.
|Cross-Site Request Forgery. Forces a logged-in user to click on a link and invoke an action to a web server.
|Common Vulnerabilities and Exposures. A list of vulnerabilities produced by MITRE that can be used by security teams.
|Common Vulnerability Scoring System. Provides a score against a vulnerability to show the severity. Critical event will score between 9.0-10.0.
|Choose Your Own Device. A selection of company-owned device that an employee will choose from.