In the current online-text based era, we are all accustomed to acronyms and definitions comprising a large portion of our lingo. Whether socially or in business, modern communication reflects the immediacy and compactness born from this text-based way of communicating.
Technology has always been inundated with acronyms and cybersecurity is no different. Getting your head around the core components of Extended Detection and Response architecture can be challenging enough without having to first decipher what XDR bringing together solutions including EDR, NDR and SIEM under a single platform even means.
If you are new to navigating the world of cybersecurity, start with this cheat sheet of acronyms and definitions along with links to additional information. The main thing to remember, there are too many acronyms in cybersecurity to remember!
RaaS: Ransomware as a Service is a business model used by ransomware developers, in which they lease ransomware variants in the same way that legitimate software developers lease SaaS products. RaaS gives everyone, even people without much technical knowledge, the ability to launch ransomware attacks just by signing up for a service.
(2FA): Two-factor authentication requires one additional layer of authentication in addition to a username and password.
(MFA): Multi-factor authentication This is a layered authentication approach that creates an extra step to verify the identity of a person who wants to gain access to servers and databases. It provides access only after presenting two or more proofs of identity.
(PAM): Privileged access management typically involves the use of repository, logging, and administrative account protection. It works by having administrators go through the PAM system and check out the account which will then be authenticated and logged. When the account is checked back into, the credential will be reset, so the administrator will be forced to check the account again in order to use it.
CI/CD: Is a method for distributing to clients frequently using automation stages of application development. The main items which are attributed to the CI / CD are continuous integration and continuous distribution.
FIM: File Integrity Monitoring is a technology that monitors and detects changes in files that may indicate a cyberattack. Otherwise known as change monitoring, file integrity monitoring involves examining files to see if and when they change, how they change, who changed them, and what can be done to restore those files if those modifications are unauthorized.
MTTR & MTTD: two key cybersecurity performance indicators:
- Mean Time to Detect (MTTD): MTTD is the average time it takes to discover a security threat or incident.
- Mean Time to Respond (MTTR): MTTR measures the average time it takes to control and remediate a threat.
PCI DSS: The Payment Card Industry Data Security Standard is a set of security standards set by The Payment Card Industry Security Standards Council (PCI SSC) to ensure that companies that accept, process, store or transmit credit card information maintain a secure environment.
NERC CIP: North American Electric Reliability Corporation Critical Infrastructure Protection is a set of requirements designed to secure the assets required for operating North America’s bulk electric system.
GDPR: General Data Protection Regulation set standards that companies that collect data on citizens in the European Union (EU) must comply with to protect customer data.
HIPAA: The Health Insurance Portability and Accountability Act sets the standard for sensitive patient data protection. Companies that deal with protected health information (PHI) must have a physical, network, and process security measures in place and follow them to ensure HIPAA Compliance.
SOX: The United States Congress passed the Sarbanes-Oxley Act in 2002 and established rules to protect the public from fraudulent or erroneous practices by corporations and other business entities.
FISMA: According to Digital Guardian, “The Federal Information Security Management Act is a United States federal law passed in 2002 that made it a requirement for federal agencies to develop, document, and implement an information security and protection program.”
NIST: The National Institute of Standards and Technology is a non-regulatory government agency that develops technology, metrics, and standards to drive innovation and economic competitiveness at U.S.-based organizations in the science and technology industry.
OT and ICS: Operational Technology refers to computing systems that are used to manage industrial operations as opposed to administrative operations. Industrial control systems (ICS) is a major segment within the operational technology sector. It comprises systems that are used to monitor and control industrial processes.
CIS: The Center for Internet Security publishes the CIS Critical Security Controls (CSC) to help organizations better defend against known attacks by distilling key security concepts into actionable controls to achieve greater overall cybersecurity defense.
IDS: Intrusion Detection System is a monitoring system that detects suspicious activities and generates alerts when they are detected. Based upon these alerts, analyst or incident responder can investigate the issue and take the appropriate actions to remediate the threat.
IT and OT: IT/OT convergence is the integration of information technology (IT) systems with operational technology (OT) systems. IT systems are used for data-centric computing; OT systems monitor events, processes and devices, and make adjustments in enterprise and industrial operations.
CUI: Controlled Unclassified Information is an umbrella term that encompasses many different markings to identify information that is not classified but which should be protected.
CMMC: Cybersecurity Maturity Model Certification is a unifying standard for the implementation of cybersecurity across the Defense Industrial Base (DIB)
DPI: Deep packet inspection or packet sniffing is an advanced method of examining and managing network traffic.
SASE: Secure Access Service Edge combine network and security functionality in a single, cloud-native service to help secure access wherever users and applications reside.
XDR: Extended (or Cross Platform) Detection and Response brings together threat detection and response solutions, including EDR, NDR and SIEM, under a single platform.
EDR: Endpoint Detection and Response is an integrated, layered approach to endpoint protection that combines real-time continuous monitoring and endpoint data analytics with a rule-based automated response.
NDR: Network Detection and Response enables organizations to monitor network traffic for malicious actors and suspicious behavior, and react and respond to the detection of cyber threats to the network.
SIEM: Security Information and Event Management is a tool or service that collects logs across security devices, servers and network devices.
NGIPS: Next-Generation Intrusion Prevention System is a system for enhancing network security, that comes in physical and virtual forms. It allows you to see the network’s contextual data to spot vulnerabilities, integrate with the existing network and keep security updated with new signatures and rules.
IPS: An Intrusion Prevention System is a form of network security that works to detect and prevent identified threats. Intrusion prevention systems continuously monitor your network, looking for possible malicious incidents and capturing information about them.
CASB: A Cloud Access Security Broker is an on-premises or cloud-based security policy enforcement point that is placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as cloud-based resources are accessed.
SOC: A Security Operations Center is a facility that houses an information security team responsible for monitoring and analyzing an organization’s security posture on an ongoing basis. The SOC team’s goal is to detect, analyze, and respond to cybersecurity incidents using a combination of technology solutions and a strong set of processes
IOC: Indicator of compromise is a forensic term that refers to the evidence of a potential security breach on a system or network.
MITRE ATT&CK: According to McAfee, “MITRE Adversarial Tactics, Techniques, and Common Knowledge framework is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s attack lifecycle and the platforms they are known to target.”.
MDR: Managed detection and response is a cybersecurity service that combines technology and human expertise to perform threat hunting, monitoring, and response. The main benefit of MDR is that an organization gains access to a 24/7 security operations centre to help rapidly identify and limit the impact of threats without the need for additional staffing.
MSP and MSSP: A Managed Service Provider ensures that the IT infrastructure of a company is operational. They are the professionals to turn to provide an enterprise with basic network requirements. A Managed Security Services Provider is a type of IT service provider whose primary focus is cybersecurity. Because of their specialized nature, MSSPs can provide a much higher level of security than MSPs and help organizations implement complex security procedures and institute appropriate practices.
SSDF: According to NIST, “The Secure Software Development Framework is a set of fundamental, sound, and secure software development practices based on established secure software development practice”.
CSF: The Cybersecurity Framework was created by The National Institute of Standards and Technology (NIST) as a voluntary cybersecurity framework based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk.
Now that you have been briefly acquainted with a few of our favourite terms, you can keep them handy for the next time you will encounter a vaguely familiar three-letter acronym! And if you are looking for further assistance with the endless amounts of cybersecurity acronyms and definitions, you will be happy to find that’s not all from us – stay tuned for the second instalment of cybersecurity acronyms and definitions, coming out soon!