Information security (IS) is responsible for protecting corporate networks, confidential and raw data, mobile applications, social networks, cloud computing, etc. It includes:
- infrastructure security,
- cloud security,
- application security,
- recovery in case of an incident,
- incident response,
- vulnerability management,
- encryption (cryptography).
IS uses common abbreviations, abbreviations for security tools, as well as standards and certificates. So that an IT specialist or a novice IS specialist does not get confused, we have prepared this information security guide.
Information security guide
This guide contains definitions, information security technologies, certifications, and the roles of Chief Information Security Officers and SOCs. Use the search Ctrl + F to find the desired abbreviation.
2FA, Two-factor authentication
Two-factor authentication is a type of multi-factor authentication (MFA) that enhances access security with two methods (authentication factors) to verify the user's identity. Protects against phishing, social engineering attacks, and password brute force attacks, and protects your logins from attackers using weak or stolen credentials.
AES, Advanced Encryption Standard
The Advanced Encryption Standard is a symmetric block cipher chosen by the US government to protect sensitive information. Embedded in software and hardware around the world to encrypt sensitive data. The standard is important for government computer security, cybersecurity and electronic data protection.
APT, Advanced Persistent Threat
Advanced persistent threats are threats in which individuals or groups gain access to and remain on your systems for an extended period of time. Attackers carry out these attacks to collect sensitive information over time or as a basis for future attacks. APT attacks are carried out by organized groups that may be paid by rival states, terrorist organizations, or industry competitors.
Antivirus protection is the first line of defense against viruses, online threats, fake, fraudulent, phishing and “fake” websites designed to harm devices, compromise security, and even steal personal information. Works in real time.
A network of malware-infected computers that are under the control of a single attacker. Each individual machine is called a bot. From one central point, an attacker can instruct every computer in its botnet to simultaneously commit a coordinated criminal act.
BYOD, Bring Your Own Device
Bring your own device – an approach that allows employees to use their personal devices such as laptops, tablets, smartphones, USB drives and PCs for work purposes. This means employees can use their devices to connect to the corporate network and access critical systems and sensitive data.
CASB, Cloud Access Security Broker
A cloud access security broker is software hosted in the cloud or on-premises software or hardware that acts as an intermediary between users and cloud service providers. CASB address security gaps extends to software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS) environments.
CASP, CompTIA Advanced Security Practitioner
The CompTIA Advanced Security Practitioner Certification is a certification for technicians who want to stay immersed in technology rather than strictly manage. CASP+ validates advanced level competency in the following areas: risk management, enterprise security operations, and architecture.
CEH, Certified Ethical Hacker
Certified Ethical Hacker is a qualification obtained by demonstrating knowledge of evaluating the security of computer systems by searching for weaknesses and vulnerabilities in target systems using the same knowledge and tools as a malicious hacker but in a legal and legal manner to assess the security posture of a target system .
CIS, Center for Internet Security
The Internet Security Center publishes recommendations on best practices in the field of computer security. The project began in early 2008 in response to the extreme data loss faced by organizations at the US military industrial base. It is a non-profit organization that uses the power of the global IT community to protect public and private organizations from cyber threats.
CISA, Certified Information Systems Auditor
Certified Information Systems Auditor refers to the designation issued by the Information Systems Auditing and Control Association (ISACA). This title is the global standard for professionals pursuing a career in information systems, auditing, control and security.
CISM, Certified Information Security Manager
The ISACA Information Security Manager certification is for those with technical knowledge and experience in security and control. CISM can add credibility to your interactions with internal and external stakeholders, peers and regulators.
CISO, Chief Information Security Officer
Information security leaders are responsible for managing and ensuring the security of an organization's information. This role may be a stand-alone position or may be part of the responsibilities of the Vice President (VP) Security or Chief Security Officer (CSO).
CISSP, Certified Information Systems Security Professional
The Information Systems Security Specialist Certification is a certification for security analysts. Independent information security certification issued by ISC. The CISSP exam is a difficult test of 100-150 questions, taking up to three hours.
CSO, Chief Security Officer
The Chief Security Officer is responsible for the company's physical and digital security, provides executive direction, and oversees risk identification, assessment, and prioritization, guiding all organizational security efforts.
CSPM, Cloud Security Posture Management
Cloud Security State Management is a set of methods and technologies used to assess the security of your cloud resources. The technology allows you to scan configurations, compare protections against benchmarks, and ensure uniform application of security policies. CSPM solutions provide recommendations or remediation recommendations that can be used to improve security.
DAM, Database Activity Monitoring
Database activity monitoring is the monitoring of database performance and resources in order to create and maintain a high performance and highly available application infrastructure.
DDoS, Distributed Denial of Service
Distributed Denial of Service – In a DDoS attack, attackers overload servers or resources with requests. These attacks can be carried out manually or via botnets, networks of compromised devices used to propagate request sources. The purpose of a DDoS attack is to prevent users from accessing services or distract security services while other attacks are taking place.
DES, Data Encryption Standard
The data encryption standard is a block cipher, meaning that a cryptographic key and algorithm are applied to a block of data at the same time, rather than one bit at a time. To encrypt a text message, DES groups it into 64-bit blocks.
DLP, Data Loss Prevention
Data Loss Prevention – Data loss prevention strategies include tools and techniques that protect data from loss or alteration. Includes data categorization, data backup, and monitoring how data is distributed within and outside the organization. DLP solutions are used to scan outgoing emails to determine if sensitive information is being transferred inappropriately.
DNS, Domain Name System
The Domain Name System is a name database that stores Internet domain names and translates them into Internet Protocol (IP) addresses. The Domain Name System matches the name that people use to find a website to the IP address that a computer uses to find that website.
EDR, Endpoint Detection and Response
Endpoint discovery and response (EDR) allows you to monitor endpoint activity, detect suspicious activity, and automatically respond to threats. The solutions are designed to improve endpoint visibility and can be used to prevent threats from entering your networks or leaking information. Continuous data collection of endpoints, detection mechanisms and event logging is carried out.
EPP, Endpoint Protection Platform
Endpoint Protection Platform is a solution deployed on end devices to prevent file-based malware attacks, detect malicious activity, and provide the investigation and remediation capabilities needed to respond to dynamic security incidents and alerts.
FIPS, Federal Information Processing Standards
US Government Information Processing (Encryption) Standard, which describes document processing, encryption algorithms, and other information technology standards for use by non-military government agencies and by government contractors and vendors who work with agencies.
FWM, Firewall Management
Managing the security of firewalls and firewalls is vital to maintaining network security and reducing the risks associated with cyber threats. Firewalls allow you to filter traffic and pass traffic data to monitoring and detection systems.
GDPR, General Data Protection Regulation
The General Data Protection Regulation is the toughest privacy and security law in the world. Although it was developed and adopted by the European Union (EU), it imposes obligations on organizations anywhere as long as they target or collect data related to people in the EU.
GIAC, Global Information Assurance Certification
The Global Information Security Certification is an information security certification organization that specializes in technical and practical certification, as well as new research within its program. Recognized as the most valuable certification in the industry, widely recognized as one of the most challenging and meaningful cybersecurity certifications.
IAM/IDM, Identity and Access Management
Identity management (IdM), a subset of identity and access management (IAM), is a framework of policies and processes that enables seamless management of user identities and identities across organizations. The methodology allows seamless management of employee roles and permissions from one central location.
IDS/IPS, Intrusion Detection and Prevention Systems
Intrusion detection and prevention systems are used to monitor incoming traffic and detect threats. These tools evaluate traffic and alert you to any instances that appear to be suspicious or malicious. The solutions respond to traffic that is identified as suspicious or malicious by blocking requests or ending user sessions.
IoC, Indicators of Compromise
Indicators of compromise serve as forensic evidence of potential intrusions into a host system or network. These indicators allow information security professionals and system administrators to detect intrusion attempts or other malicious activities.
IoT, Internet of Things
The Internet of Things is a system of interconnected computing devices, mechanical and digital machines, objects and people who are provided with unique identifiers and the ability to transmit data over a network without the need for human-to-human or human-to-computer interaction.
MDM, Mobile Device Management
Mobile security management includes administration of mobile endpoints (laptops, smartphones, tablets). Implemented by software with suitable control functions for one or more operating systems. With MDM, companies can monitor, manage, and secure their mobile devices to ensure device performance and secure device use.
MDR, Managed Detection and Response
Managed Detection and Response is an outsourced service that provides organizations with services to detect threats and respond to threats once they are detected. Includes Human Factors: Security service providers provide their customers with access to their pool of security researchers and engineers who are responsible for monitoring networks, analyzing incidents, and responding to security issues.
MFA, Multi-factor authentication
Multi-Factor Authentication – The security mechanism requires users to provide information in addition to their username and password. MFA prevents threat actors from compromising accounts, even if the actor knows the username and password. Organizations should implement MFA for all users with privileged access to networks and systems, including administrators and security professionals.
MI, Machine Learning
Machine learning allows a machine to automatically learn from past data without being explicitly programmed. The purpose of artificial intelligence is to create a smart computer system to solve complex problems. Classical artificial intelligence and simple neural networks are based on batch learning.
MiTM, Man in The Middle
Man-in-the-middle attacks occur when messages are sent over insecure channels. During these attacks, attackers intercept requests and responses to read content, manipulate data, or redirect users. There are the following types of attacks: session hijacking, IP spoofing, eavesdropping attacks.
MITRE ATT&CK, Adversarial Tactics, Techniques and Common Knowledge
Security system created by MITER Corporation. It defines all the constituent stages of the life cycle of a cyber attack and contains information about the methods, behavior and tools involved in each stage of various attacks. The platform offers a standard vocabulary and practical applications to help security professionals discuss and collaborate in the fight against cyber threats. Security teams use this information to inform and improve the organization's threat detection and response (TDR) system.
MSSP, Managed Security Service Provider
A managed security service provider sells security services to enterprises. MSSP helps protect your business from security threats, whether it's providing software and services that keep your company's data secure. These are networks of security experts that can respond to attacks as they occur.
NGFW, Next-Generation Firewall
Next generation firewalls are a security appliance for processing network traffic and applying rules to block potentially harmful traffic. NGFW includes intrusion prevention, threat intelligence, packet filtering, status checking, VPN, and other useful features.
NIST, National Institute of Standards and Technology
The National Institute of Standards and Technology advances innovation and US industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.
NOC, Network Operations Center
The Network Operations Center is the location from which corporate information technology administrators, internal or external, control and maintain the telecommunications network.
OSCP, Offensive Security Certified Professional
The Certified Offensive Security Professional certification exam simulates a live network in a private VPN that contains a small number of vulnerable machines. You have 23 hours and 45 minutes to take the exam.
PAM, Privileged Access Management
Privileged Access Management is a cybersecurity strategy and technology for controlling elevated access and permissions for users, accounts, processes, and systems in an IT environment.
Penetration testing involves simulating a cyberattack to find vulnerabilities and weaknesses in a security system. It is a sanctioned form of ethical hacking performed to improve the security posture of an organization. There is an external pentest (an attempt to break into a network without prior knowledge of the architecture) and an internal pentest (checking the source code to find vulnerabilities).
PCI DSS, Payment Card Industry Data Security Standard
The Payment Card Industry Data Security Standard, a generally accepted set of policies and procedures designed to optimize the security of credit, debit and cash card transactions and protect cardholders from the misuse of their personal information.
RAT, Remote Access Trojan
A remote access Trojan is a malicious program that includes a back door for administrative control over the target computer. Usually downloaded silently by a user-requested program. Once a host system is compromised, an attacker can use it to spread the RAT to other vulnerable computers and create a botnet.
A secure testing environment is an isolated environment on the network that mimics the operating environment of the end user. Sandboxes are used to safely execute suspicious code without risking harm to the host device or network.
SASE, Secure Access Service Edge
Access Security Edge is a cybersecurity concept, merging wide area networks (WANs) and network security services (such as CASB, FWaaS, and Zero Trust) into a single cloud service model.
SEG, Secure Email Gateway
A secure email gateway is a device or software for monitoring email sent and received. The solution improves the protection of incoming and outgoing e-mail. Email traffic filtering blocks cyber threats, phishing emails, BEC (Business Email Compromise), Trojans, ransomware, and other types of malware.
SIEM, Security Information and Event Management
Management of information and information security events, SIEM solutions allow you to receive and compare information from different systems. This data aggregation allows teams to detect threats more effectively, manage alerts more effectively, and provide better context for investigations. Useful for logging events occurring in the system, or generating event and performance reports. You can use this information to validate compliance or to optimize configurations.
SOAR, Security Orchestration, Automation and Response
Security Organization, Automation, and Response is a suite of compatible software programs that enables an organization to collect security threat data and respond to security events without human assistance.
SOC, Security Operations Center
The Trust Center is a set of tools and team members who constantly monitor and ensure the security of an organization. SOCs serve as a single base from which teams can detect, investigate, respond to, and remediate security threats or vulnerabilities, and help organizations prevent and manage cybersecurity threats.
SSCP, Systems Security Certified Practitioner
Certified System Security Professional – The certification shows employers that you have the basics of IT security to protect against cyberattacks and puts you on a clear path to earning an SSCP certification.
SSE, Security Service Edge
Border Security is a convergence of network security services delivered on a purpose-built cloud platform. SSE can be thought of as a subset of the Secure Access Infrastructure (SASE) with its architecture focused entirely on security services.
SSO, Single Sign On
Single sign-on (SSO) is an authentication method that allows users to securely authenticate to multiple applications and websites using only one set of credentials.
SWG, Security Web Gateway
Secure Web Gateway is a security solution that prevents unsecured Internet traffic from entering an organization's internal network. It is used by businesses to protect employees and users from being accessed or infected by malicious websites and web traffic, internet viruses, malware, and other cyber threats. It also helps ensure regulatory compliance.
TI, Threat Intelligence
Threat intelligence is used for security monitoring and incident response. It is a key aspect of the security architecture that helps security and risk management technicians detect, triage, and investigate threats.
UAM, User Activity Monitoring
User Activity Monitor is a software tool for tracking and alerting you to the activity and general behavior of your users. The most common use of user activity monitoring tools is to detect and prevent insider threats.
UBA, User Behavior Analytics
User behavioral analytics collects information about user actions and correlates this behavior with a baseline. The solutions then use this baseline as a comparison against the new behavior to identify inconsistencies. The solution then flags these inconsistencies as potential threats. For example, you can use UBA solutions to monitor user activity and determine if a user is starting to export large amounts of data, which indicates an insider threat.
UCF, Unified Compliance Framework
The Unified Compliance System is the largest database of interconnected controls and compliance source documents that facilitates compliance with multiple rules and frameworks by automatically eliminating redundant controls and testing caused by duplication of requirements.
UEBA, User and Entity Behavior Analytics
User and organization behavior analytics is the process of collecting information about network events that users generate every day. Once collected and analyzed, it can be used to detect the use of compromised credentials, lateral movement, and other malicious behavior.
VPN, Virtual Private Network
Remote Access VPN allows organizations to provide secure remote access to data and applications located on the corporate network. The VPN creates a tunnel between the network and the remote user. It secures the traffic passing through the tunnel by encrypting it.
WAF, Web Application Firewall
Web Application Firewall acts as an application firewall for HTTP applications, implements a set of rules for HTTP conversation, and these rules will describe how to deal with common attacks such as cross-site scripting (XSS) and SQL injection.
XDR, Extended Detection and Response
Advanced discovery and response brings together tools and data that provide advanced visibility, analysis, and response across networks and clouds, as well as applications and endpoints. XDR is a more sophisticated and advanced endpoint discovery and response (EDR) security system. XDR extends these capabilities beyond the endpoint to multiple security control points (including email, networks, server, and cloud) for faster threat detection using data collected across different domains.
ZTNA, Zero Trust Network Access
Zero Trust Network Access is a set of technologies and features that provide secure access to internal applications for remote users. It operates on an adaptive trust model where trust is never implicit and access is granted on an as-needed basis with minimal privileges defined by fine-grained policies.
The information security threat data bank contains information about the main information security threats and vulnerabilities, primarily those specific to government information systems and automated control systems for production and technological processes of critical facilities.
The state system for detecting, preventing and eliminating the consequences of computer attacks is being created to exchange information about cyber attacks on information systems, the violation or termination of which will have an extremely negative impact on the country's economy or the security of citizens.
The protection of personal data includes the protection of personal information (name, identifiers, cookies, phone number, address and other factors).
Critical information infrastructure is defined as facilities, systems, or functions whose failure or destruction could have a devastating impact on the national security, governance, economy, and social well-being of a nation.
The National Coordination Center for Computer Incidents warns of the threat of an increase in the intensity of computer attacks on Russian information resources, including critical information infrastructure (CII).
A cryptographic information protection tool is a method of protecting information assets. Suitable for any purpose. When using this method on modern gadgets, you do not need to use the full power of the device.
An information security system refers to the processes and methodologies associated with maintaining confidentiality, availability and ensuring its integrity. This also applies to access controls that prevent unauthorized personnel from accessing or accessing the system.
STO BR IBBS
The Bank of Russia standard for providing information security for banking systems of the Russian Federation is a set of documents of the Bank of Russia that describes a unified approach to building an information security system for banking organizations, taking into account the requirements of Russian legislation.
The Center for Monitoring and Response to Computer Attacks in the Credit and Financial Sphere is a special structural unit of the Bank of Russia for responding to computer incidents.
The Federal Service for Technical and Export Control implements state policy, organizes interdepartmental coordination and interaction, special and control functions in the field of state security.