https://en.wikipedia.org/wiki/List_of_computing_and_IT_abbreviations
ATT&CK: Adversary Tactics, Techniques and Common Knowledge, a framework released and supported by MITRE.
Biannual: he prefix bi- means “two.” Anni, enni, and annu come from the Latin word for “year.” When something is biannual, it happens twice in one year. When something is biennial, it happens once every two years.
Biennial: The prefix bi- means “two.” Anni, enni, and annu come from the Latin word for “year.” When something is biannual, it happens twice in one year. When something is biennial, it happens once every two years.
CISA (Agency): Cybersecurity and Infrastructure Security Agency. CISA is part of the Department of Homeland Security (DHS) and works with public and private partners to develop tools and resources to improve the security and resilience of critical infrastructure sectors.
CISA (Certification): Certified Information Systems Auditor. Offered by ISACA.
CISM: Certified Information Security Manager Offered by ISACA.CISO: Chief Information Security Officer
CISSP: Certified Information Systems Security Professional. Offered by ISC2.
COBIT: Control Objectives for Information and Related Technologies. Offered by ISACA.
Corporate Governance:
CRISC: Certified in Risk and Information Systems Control. Offered by ISACA.
Cyber Security: Focuses on digital systems. Similar to Information Security, which focuses on both digital and analog information.
CVE: Common Vulnerabilities and Exposures
Department of Homeland Security
Daemon: Daemons are computer programs that run in the background and perform tasks without user interaction. They are a vital part of Linux-based computer systems, even though they are invisible. The term “daemon” comes from the Greek word δαίμων, which is an older form of the word “demon”. The term was coined in 1963 by programmers at MIT’s Project MAC, who were inspired by Maxwell’s demon, a supernatural being from Greek mythology that works in the background.
FFRDC: Federally Funded Research and Development Center
Governance Programs: Sets of procedures and controls put in place to allow an organization to effectively direct its work.
GRC: Governance, Risk, and Compliance
Information Security: Focuses on both digital and analog information. Similar to Cyber Security which focuses on digital systems.
ISACA: Information Systems Audit and Control Association.
ISO: International Organization of Standardization
MITRE: American Non-Profit Company founded in 1958, initially as a military think tank. It is a FFRDC, supporting various government agencies. Funded by NIST and well known in Cyber Security for maintaining a library of CVE’s and for the release of the ATT&CK framework.
NIST: National Institutes of Standards and Technology
Security Policy: Serves as the foundation for any Cyber Security Program, setting out the principles and rules that guide the execution of security efforts throughout the enterprise. Often based on best practice frameworks developed by organizations like ISO or NIST. May also be influenced by external compliance obligations that regulators impose on the organization.
System & Organization Controls (SOC)
SOC 1
SOC 1 reporting engagements provide user organizations comfort about the outsourced services performed by service organizations on their behalf, which are relevant to their internal controls over financial reporting.
•Purpose: Reports on the controls of the service organization that are relevant to the user organization’s internal controls over financial reporting
•Scope: Controls related to the accuracy and completeness of financial data processing and information technology general controls
•Audience: User organization’s financial executives, compliance officers and financial statement auditors
SOC 2
•Purpose: Reports on the effectiveness of the controls of the service organization related to operations, based on the selected trust services criteria (TSC)
•Scope: Governance, operational and information technology general controls that address one or more of the TSC categories: security, confidentiality, availability, processing integrity and privacy
•Audience: User organization’s information technology executives, compliance officers, vendor management executives, regulators, other specified parties and appropriate business partners
•Additional Criteria: SOC 2 reports can also include other suitable criteria, such as HITRUST, the HIPAA Security Rule and others
SOC 3
•Purpose: Same purpose as SOC 2 report
•Information required: Same information as SOC 2 report, but with a less detailed description of the controls of the service organization
•Audience: May be unrestricted and can be used by anyone who has the appropriate understanding of the subject matter and who would like confidence in the controls for the service organization
Type 1
Single Point in Time
Type 2
Over a Period of Time
Center for Internet Security (CIS)
Mixture of Security Controls
Category of Control
Managerial
Operational
Technical
Types of Controls
Preventive: A security measure that prevents undesirable events, like data breaches or system intrusions, from occurring. Preventive controls are a proactive way to improve system security by deterring potential incidents before they happen.
Detective: Security measures that are designed to identify and detect unwanted or unauthorized activity within systems and networks.
Corrective: Activities and procedures that are implemented to address and correct the undesirable outcomes of an event, such as restoring systems to their normal state after a security breach, repairing damages, and updating processes to prevent future occurrences.
Deterrent: Discourage potential security violations.
Physical
SMART Framework
Specific
Measurable
Achievable
Relevant
Time Bound
SWOT
Strengths (Internal)
Weaknesses (Internal)
Opportunities
Threats (External)
CMMI
Capability Maturity Model Integration
0 Incomplete: Incomplete or ad hoc.
1 Initial: Unpredictable and Reactive
2 Managed: Managed on the Project Level
3 Defined: Proactive with clear organizational standards
4 Quantitatively: Managed: Measured and controlled
5 Optimizing: Stable and Flexible
Policy Frameworks
Policy: (Mandatory) High level statement of management intent.
Standards: (Mandatory) Describe detailed implementation requirements for policies
Procedures: (Mandatory) Step by step instruction
Guidelines: Offer optional advice that complement the policy framework.
RACI
Responsible: Those who complete the task
Accountable: Final authority or approval
Consulted: Provides guidance or expertise
Informed: Kept up to date
Security Frameworks
NIST National Institute of Standards and Technology CSF Cyber Security Framework
NIST National Institute of Standards and Technology RMF Risk Management Framework
ISO International Organization for Standards
ISO 27001: Framework Information Security Management
ISO 27002: Standards Information Security Management. Provides guidance on implementing information security controls within an Information Security Management System (ISMS). Extends ISO 27001
ISO 27701: Protect personally identifiable information PII. Extends ISO 27001 and 27002.
ISO 31000: Risk Management
GDPR (Law) (General Data Protection Regulation): 5/28/2018
HIPAA (Law) (Health Insurance Portability and Accountability Act): 8/21/1996
PCI-DSS (Contract) (Payment Card Industry Data Security Standard):
FERPA (Law) (Family Educational Rights and Privacy Act): 8/21/1974
DMCA (Law) (Digital Millennium Copyright Act): 10/28/1998
NIST Cyber Security Framework CSF – 5 Core Functions
Identify: Identify critical functions and cybersecurity risks
Protect: Contain the impact of a cybersecurity breach
Detect: Assess if a company’s systems are compromised
Respond: Respond quickly to a detected breach
Recover: Get back any data that might have been lost
COBIT – Control Objectives for Information and Related Technology Framework
EDM (Evaluate, Direct, and Monitor):
APO (Align, Plan, and Organize):
BAI (Build, Acquire, and Implement):
DSS (Deliver, Service, and Support):
MEA (Monitor, Evaluate, and Assess):
Agreements
MSA (Master Service Agreement): – Legal contract that establishes the terms and conditions for a business relationship between two parties.
SOW (Statement of Work): Legally binding agreement that outlines the details of a project, including the scope, timeline, cost, and deliverables.
SLA (Service Level Agreement): Contract between a service provider and a customer that outlines the level of service to be provided.
OLA (Operational Level Agreement): Internal contract that defines the responsibilities and expectations of different teams within an organization.
Chip – Processors
ISA (Instruction Set Architecture):
RISC (Reduced Instruction Set Computer):
CISC (Complex Instruction Set Computer):
FPGA (Field Programmable Gate Arrays):
GPU (Graphical Processing Unit):
NPU (Neural Processing Unit):
TPU (Tensor Processing Unit):
ASIC (Application Specific Integrated Circuits):
Hardware Acronyms
IC (Integrated Circuit):
AC (Analog Comparator):
ACK (Acknowledge):
ADC (Analog-to-Digital Converter):
ADDR (Address):
AES (Advanced Encryption Standard):
ALU (Arithmetic Logic Unit):
AREF (Analog reference voltage)
BLB (Boot Lock Bit):
BOD (Brown-out Detector):
CAL (Calibration):
CCMP (Compare/Capture):
CCL (Configurable Custom Logic):
CCP (Configuration Change Protection):
CLK (Clock):
CLKCTRL (Clock Controller):
CRC (Cyclic Redundancy Check):
CTRL (Control):
DAC (Digital-to-Analog Converter):
DFLL (Digital Frequency Locked Loop):
DMAC (DMA (Direct Memory Access) Controller):
DNL (Differential Nonlinearity (ADC characteristics)):
EEPROM (Electrically Erasable Programmable Read-Only Memory):
EVSYS (Event System):
GND (Ground):
GPIO (General Purpose Input/Output):
I2C (Inter-Integrated Circuit):
IF (Interrupt flag):
INL (Integral Nonlinearity (ADC characteristics)):
INT (Interrupt):
IrDA (Infrared Data Association):
IVEC (Interrupt Vector):
LSB (Least Significant Byte):
LSb (Least Significant bit):
LUT (Look Up Table):
MBIST (Memory Built-in Self-test):
MSB (Most Significant Byte):
MSb (Most Significant bit):
NACK (Not Acknowledge):
NMI (Non-maskable interrupt):
NVM (Nonvolatile Memory):
NVMCTRL (Nonvolatile Memory Controller):
OPAMP (Operation Amplifier):
OSC (Oscillator):
PC (Program Counter):
PER (Period)
POR (Power-on Reset)
PORT (I/O Pin Configuration)
PTC (Peripheral Touch Controller)
PWM (Pulse-width Modulation):
RAM (Random Access Memory):
REF (Reference):
REQ (Request):
RISC (Reduced Instruction Set Computer):
RSTCTRL (Reset Controller):
RTC (Real-time Counter):
RX (Receiver/Receive):
SERCOM (Serial Communication Interface):
SLPCTRL (Sleep Controller):
SMBus (System Management Bus):
SP (Stack Pointer):
SPI (Serial Peripheral Interface):
SRAM (Static Random Access Memory):
SYSCFG (System Configuration):
TC (Timer/Counter) (Optionally superseded by a letter indicating type of TC):
TRNG (True Random Number Generator):
TWI (Two-wire Interface):
TX (Transmitter/Transmit):
ULP (Ultra Low Power):
UPDI (Unified Program and Debug Interface):
USART (Universal Synchronous and Asynchronous Serial Receiver and Transmitter):
USB (Universal Serial Bus):
VDD (Voltage to be applied to VDD):
VREF (Voltage Reference):
VCM (Voltage Common mode):
WDT (Watchdog Timer):
XOSC (Crystal Oscillator):