==== InfoSec Abbreviations ==== ACL = Access Control List; list of access control entries that describe what type access is permitted from where, by who, and to what; term is often used in networking for firewall, router, and switch configurations ([[wp>Access-control_list|ACL]]) AES = Advanced Encryption Standard; also known as Rinnsale; established by the United States National Institute of Standards & Technology in 2001; block cypher with 128 bits block size; key length is 128, 192, or 256 bits ([[wp> Advanced_Encryption_Standard|AES]]) APT = Advanced Persistent Threat; stealthy threat actor, typically a nation state; stays undetected in compromised networks for an extended amount of time ([[wp>Advanced_persistent_threat|APT]]) ASN = Autonomous System Number; used in Border Gateway Protocol (BGP) based routing; the Internet is based on it ([[wp>Autonomous_system_(Internet)|ASN]]) C2 = Command & Control; refers to infrastructure/servers that have the purpose of controlling infected/compromised systems; botnets use c2 infrastructure at its core ([[https://www.varonis.com/blog/what-is-c2/|What is C2?]]) EDR = Endpoint Detection & Response - an agent based tool that collects process-level information from your computers and alert you on potentially malicious activity ([[wp> Endpoint_detection_and_response|EDR]]) EPP = Endpoint Protection Platform - aka next-gen AntiVirus; blocks know malware and programs that behaves like malware ([[wp> Endpoint_security|EPP]]) IOC = Indicator of Compromise; artifacts like domain names, IP addresses, email addresses, file hashes, file names, folder names, URLs ([[wp>Indicator_of_compromise|IOC]]) MFA = Multi Factor Authentication; often used in the 2FA variant, were two out off three possible factors are being used; 3 possible factors are: something you know (password), something you have (smartphone), something you are (fingerprint); ([[wp>Multi-factor_authentication|MFA]]) NIST CSF = NIST CyberSecurity Framework; maturity assessment tool for #cybersecurity programs; created and maintained by the National Institute of Standards & Technology in the United States ([[https://www.nist.gov/cyberframework|NIST CSF]]) PAM = Privilege Account/Access Management; tools & processes that make sure that the right amount of privilege is used by the right individuals at the right time; privileges are usually administrative permissions on systems and networks ([[wp>Identity_management|PAM]]) ransom = amount of money paid to receive a decryption key for maliciously encrypted data ([[wp>Ransom|Ransom]]) SOAR = Security Orchestration Automation Response; tool to (semi) automate security operations tasks and manage incidents ([[wp>Computer_security_incident_management|SOAR]]) TI = Threat Intelligence; general term for any information about malicious actors and their activities ([[wp>Threat_intelligence|TI]]) TIP = Threat Intelligence Platform; tool to gather, analyze, transform, and share threat intelligence ([[wp>Threat_Intelligence_Platform|TIP]]) TVM = Threat & Vulnerability Management; tools and processes to discover, evaluate, prioritize, remediate, track software vulnerabilities with the goal to minimize attack surface ([[wp>Vulnerability_management|TVM]]) vuln = short for vulnerability; most often a software bug that allows misuse; sometimes a hardware design flaw ([[wp>Vulnerability_(computing)|Vulnerability]])