Standard Acronyms |
APPENDIX |
ACK acknowledge
ACL access control list
AES Advanced Encryption Standard
AG attorney general
AI artificial intelligence
ALE annual loss expectancy
APT advanced persistent threat
ARO annual rate of occurrence
ATM automated teller machine
ATO authorization to operate
AUP acceptable use policy
AV asset value
BC business continuity
BCP business continuity plan
BI business intelligence
BIA business impact analysis
BIOS basic input/output system
CA certificate authority
CAP Certification and Accreditation Professional
CBA cost-benefit analysis
CBF critical business function
CCB change control board
CCO chief compliance officer
CCTV closed circuit TV
CECO chief ethics compliance officer
CEO chief executive officer
CERT Computer Emergency Response Team
CFO chief financial officer
C-I-A confidentiality, integrity, availability
CIO chief information officer
CIPA Children’s Internet Protection Act
CIRT computer incident response team
CISO chief information security officer
CISQ Consortium for IT Software Quality
CISSP Certified Information Systems Security Professional
CMMI Capability Maturity Model Integration
COBIT Control Objectives for Information and Related Technologies
COPPA Children’s Online Privacy Protection Act
CSF critical success factor
CSIRT computer security incident response team
CSO chief security officer
CTO chief technology officer
CVE Common Vulnerabilities and Exposures
CVRF Common Vulnerability Reporting Framework
DAT damage assessment team
DC domain controller
DDoS distributed denial of service
DHCP Dynamic Host Configuration Protocol
DHS Department of Homeland Security
DIACAP Department of Defense Information Assurance Certification and Accreditation Process
DISA Defense Information Systems Agency
DLP data loss prevention
DMZ demilitarized zone
DNS Domain Name Service or Domain Name System
DoD Department of Defense
DOJ Department of Justice
DoS denial of service
DR disaster recovery
DRP disaster recovery plan
ECO ethics compliance officer
EEA European Economic Area
EF exposure factor
EMT emergency management team
ETL extract, transform, and load
FCC Federal Communications Commission
FCPA Foreign Corrupt Practices Act
FDIC Federal Deposit Insurance Corporation
FERPA Family Educational Rights and Privacy Act
FFRDC Federally Funded Research and Development Center
FISMA Federal Information Security Modernization Act
FTC Federal Trade Commission
FTP File Transfer Protocol
GAAP generally accepted accounting principles
GAISP Generally Accepted Information Security Principles
GASSP Generally Accepted System Security Principles
GB gigabyte
GDPR General Data Protection Regulation
GLBA Gramm-Leach-Bliley Act
HIDS host-based intrusion detection system
HIMSS Healthcare Information and Management Systems Society
HIPAA Health Insurance Portability and Accountability Act
HR human resources
HTTP Hypertext Transfer Protocol
HTTPS Hypertext Transfer Protocol Secure
HVAC heating and air-conditioning
IA information assurance
IANA Internet Assigned Numbers Authority
ICMP Internet Control Message Protocol
ICS-CERT Industrial Control Systems Cyber Emergency Response Team
IDPS intrusion detection and prevention system
IDS intrusion detection system
IEC International Electrotechnical Commission
IP intellectual property or Internet Protocol
IPS intrusion prevention system
IPSec Internet Protocol Security
IS information security
(ISC)2 International Information System Security Certification Consortium
ISO International Organization for Standardization
ISP Internet service provider
ISSA Information Systems Security Association
IT information technology
ITG information technology governance
ITIL Information Technology Infrastructure Library
ITL Information Technology Laboratory
L2TP Layer 2 Tunneling Protocol
LAN local area network
LOB line of business
MAC media access control
MAO maximum acceptable outage
MBCO minimum business continuity objective
MTBF mean time between failures
MTD maximum tolerable downtime
MTO maximum tolerable outage
MTPD maximum tolerable period of disruption
MTPOD maximum tolerable period of disruption
NAC network access control
NCCIC National Cybersecurity and Communications Integration Center
NCUA National Credit Union Administration
NIC network interface card
NIDS network-based intrusion detection system
NIPS network intrusion prevention system
NIST National Institute of Standards and Technology
NNTP Network News Transfer Protocol
NSA National Security Agency
NVD National Vulnerability Database
OLTP online transaction processing
OMB Office of Management and Budget
OS operating system
P2P peer to peer
PBX phone branch exchange
PCI Payment Card Industry
PCI DSS Payment Card Industry Data Security Standard
PGP Pretty Good Privacy
PHI protected health information
PII personally identifiable information
PIN personal identification number
PKI public key infrastructure
PM project manager
POAM plan of action and milestones
POC point of contact
POS point of sale
PR public relations
PTZ pan, tilt, zoom
RAID redundant array of independent disks
RAM random access memory
RAT remote access tool
RMF Risk Management Framework
ROI return on investment
RPO recovery point objective
RSA Rivest, Shamir, and Adelman (algorithm)
RTO recovery time objective
SEC Securities and Exchange Commission
SID security identifier
SIEM security information and event management
SLA service level agreement
SLE single loss expectancy
SME subject matter expert
SMTP Simple Mail Transfer Protocol
SOX Sarbanes-Oxley Act of 2002 (also Sarbox)
SP service pack or special publication
SPOF single point of failure
SQL Structured Query Language
SSCP Systems Security Certified Practitioner
SWIFT Society for Worldwide Interbank Financial Telecommunications
SYN synchronize
TARP Troubled Asset Relief Program
TB terabyte
TCP Transmission Control Protocol
TPM technology protection measure or trusted platform module
TRT technical recovery team
UPS uninterruptible power supply
URL Universal Resource Locator
USB universal serial bus
US-CERT United States Computer Emergency Readiness Team
VoIP Voice over Internet Protocol
VP vice president
VPN virtual private network
WAN wide area network
WEP wired equivalent privacy
Wi-Fi wireless fidelity
WIPO World Intellectual Property Organization
WLAN wireless local area network
WPA Wi-Fi Protected Access
WPA2 Wi-Fi Protected Access 2
XSS cross-site scripting
18.118.23.147