Authentication, Authorization, and Accounting. Authentication, Authorization, and Accounting. AAA protocols are used in remote access systems. For example, TACACS + is an AAA protocol that uses multiple challenges and responses during a session. Authentication verifies a user's identification. Authorization determines if a user should have access. Accounting tracks a user's access with logs.

Annualized Rate of Occurrence. Annual (or annualized) rate of occurrence. The ARO identifies how many times a loss is expected to occur in a year and it is used to measure risk with ALE and SLE in a quantitative risk assessment. The calculation is SLE × ARO = ALE. 

Basic Input/Output System. Basic Input/ Output System. A computer's firmware used to manipulate different settings such as the date and time, boot drive, and access password. UEFI is the designated replacement for BIOS. 

Counter-Mode/CBC-Mac Protocol. Counter Mode with Cipher Block Chaining Message Authentication Code Protocol. An encryption protocol based on AES and used with WPA2 for wireless security. It is more secure then TKIP, which was used with the original release of WPA. 

Continuity of Operations Plan. Continuity of operations planning. Continuity of operations planning (COOP) sites provide an alternate location for operations after a critical outage. A hot site includes personnel, equipment, software, and communication capabilities of the primary site with all the data up to date. A cold site will have power and connectivity needed for COOP activation, but little else. A warm site is a compromise between a hot site and a cold site. Mobile sites do not have dedicated locations, but can provide temporary support during a disaster. 

Channel Service Unit. Channel Service Unit. A line bridging device used with T1 and similar lines. It typically connects with a DSU as a CSU/ DSU. 

Digital Encryption Standard. Digital Encryption Standard. An older symmetric encryption standard used to provide confidentiality. DES is a block cipher and it encrypts data in 64-bit blocks. DES uses 56 bits and is considered cracked. Use AES instead, or 3DES if the hardware doesn't support AES. 

Denial of Service. Denial-of-service. An attack from a single source that attempts to disrupt the services provided by the attacked system. Compare to DDoS. 

Encrypted File System. Encrypting File System. A feature within NTFS on Windows systems that supports encrypting individual files or folders for confidentiality. 

False Rejection Rate. the False Rejection Rate (FRR) is the probability that an authentication system incorrectly denies access to a legitimate user 

Extensible Authentication Protocol-Tunneled Transport Layer Security. An extension of EAP sometimes used with 802.1x. It allows systems to use some older authentication methods such as PAP within a TLS tunnel. It requires a certificate on the 802.1x server but not on the clients.

Internet Small Computer System Interface. A lower-cost alternative to traditional SANs. It supports sending traditional SCSI commands over an IP network.

Attribute-based Access Control. Attribute-Based Access Control (ABAC) is a system that grants access to resources based on a set of policies that evaluate attributes of the user, the resource, and the environment 

Address Resolution Protocol. Address Resolution Protocol. Resolves IPv4 addresses to MAC addresses. ARP poisoning attacks can redirect traffic through an attacker's system by sending false MAC address updates. NDP is used with IPv6 instead of ARP. 

Business Partners Agreement. Business partners agreement. A written agreement that details the relationship between business partners, including their obligations toward the partnership. 

Closed-circuit Television. Closed-circuit television. This is a detective control that provides video surveillance. Video surveillance provides reliable proof of a person's location and activity. It is also a physical security control and it can increase the safety of an organization's assets. 

Corporate Owned, Personally Enabled. Corporate-Owned, Personally-Enabled (COPE) in cybersecurity refers to a mobile device management strategy where a company owns the device but allows employees to use it for personal tasks, providing a balance between security control and employee flexibility. 

Counter-Mode. Counter (CTR) mode is a cryptographic mode of operation that uses a counter function to encrypt data, turning a block cipher into a stream cipher 

Digital Forensics and Investigation Response. Digital Forensics and Incident Response (DFIR) is a critical cybersecurity discipline that involves investigating cyberattacks, containing the damage, and recovering from the incident. 

Disaster Recovery Plan. Disaster recovery plan. A document designed to help a company respond to disasters, such as hurricanes, floods, and fires. It includes a hierarchical list of critical systems and often prioritizes services to restore after an outage. Testing validates the plan. The final phase of disaster recovery includes a review to identify any lessons learned and may include an update of the plan. 

Electromagnetic Interference. Electromagnetic interference. Interference caused by motors, power lines, and fluorescent lights. EMI shielding prevents outside interference sources from corrupting data and prevents data from emanating outside the cable. 

File Transfer Protocol. File Transfer Protocol. Used to upload and download files to an FTP server. FTP uses TCP ports 20 and 21. Secure FTP (SFTP) uses SSH for encryption on TCP port 22. FTP Secure (FTPS) uses SSL or TLS for encryption. 

Electrostatic discharge. Release of static electricity. ESD can damage equipment and low humidity causes a higher incidence of electrostatic discharge (ESD). High humidity can cause condensation on the equipment, which causes water damage.

Local area network manager. Older authentication protocol used to provide backward compatibility to Windows 9x clients. LANMAN passwords are easily cracked due to how they are stored.

Access Control List. Access control list. Routers and packet-filtering firewalls perform basic filtering using an ACL to control traffic based on networks, subnets, IP addresses, ports, and some protocols. In NTFS, a list of ACEs makes up the ACL for a resource. 

Address Space Layout Randomization. Address Space Layout Randomization (ASLR) is a cybersecurity technique that randomizes the memory locations of key program areas like the stack, heap, and libraries to prevent attackers from predicting where to inject malicious code. 

Bridge Protocol Data Unit. A Bridge Protocol Data Unit (BPDU) is a network message used by network switches to communicate and prevent network loops through the Spanning Tree Protocol (STP). 

Certificate. A "certificate in cybersecurity" can refer to a broad category of credentials, including entry-level certifications like CompTIA Security+ or Google Cybersecurity Certificate, which validate foundational skills, and more specialized or advanced certifications for specific roles. 

Contingency Planning. Contingency planning. Plans for contingencies in the event of a disaster to keep an organization operational. BCPs include contingency planning. 

Chief Technology Officer. Chief Technology Officer. A "C" level executive position in some organizations. CTOs focus on technology and evaluate new technologies. 

Dynamic Host Configuration Protocol. Dynamic Host Configuration Protocol. A service used to dynamically assign TCP/ IP configuration information to clients. DHCP is often used to assign IP addresses, subnet masks, default gateways, DNS server addresses, and much more. 

Digital Signature Algorithm. Digital Signature Algorithm. A digital signature is an encrypted hash of a message. The sender's private key encrypts the hash of the message to create the digital signature. The recipient decrypts the hash with the sender's public key, and, if successful, it provides authentication, non-repudiation, and integrity. Authentication identifies the sender. Integrity verifies the message has not been modified. Non-repudiation is used with online transactions and prevents the sender from later denying he sent the email. 

Electro Magnetic Pulse. An electromagnetic pulse (EMP) is a powerful burst of energy that can damage or destroy electronic systems, presenting a unique cybersecurity threat by physically disabling hardware rather than attacking software. 

Secured File Transfer Protocol. File Transfer Protocol Secure. An extension of FTP that uses SSL to encrypt FTP traffic. Some implementations of FTPS use TCP ports 989 and 990. 

File System Access Control List. An ACL used for file systems. As an example, NTFS uses the DAC model to protect files and folders.

Local shared objects or locally shared objects. A Flash cookie created by Adobe Flash player.

Advanced Encryption Standard. Advanced Encryption Standard. A symmetric algorithm used to encrypt data and provide confidentiality. AES is a block cipher and it encrypts data in 128-bit blocks. It is quick, highly secure, and used in a wide assortment of cryptography schemes. It includes key sizes of 128 bits, 192 bits, or 256 bits. 

Application Service Provider. Application Service Provider. Provides an application as a service over a network. 

Bring Your Own Device. Bring your own device. A policy allowing employees to connect personally owned devices, such as tablets and smartphones, to a company network. Data security is often a concern with BYOD policies and organizations often use VLANs to isolate mobile devices. 

Cross-over Error Rate. the Cross-over Error Rate (CER), also known as the Equal Error Rate (EER), is a metric for evaluating the performance of biometric systems. 

Cyclical Redundancy Check. Cyclical Redundancy Check. An error detection code used to detect accidental changes that can affect the integrity of data. 

Counter. "counter" refers to the methods and actions used to prevent, detect, and respond to cyber threats and attacks. 

Data-Handling Electronics. Data-Handling Electronics. Term used at NASA indicating electronic systems that handle data. 

Digital Subscriber Line. Digital subscriber line. Improvement over traditional dial-up to access the Internet. 

Enterprise Resource Planning. ERP (Enterprise Resource Planning) cybersecurity involves a multi-layered approach to protecting sensitive business data within an ERP system by using technologies like encryption and AI-powered threat detection, implementing strong access controls and regular employee training, and maintaining software through automated patching. 

Galois Counter Mode. Galois/Counter Mode (GCM) is a widely used encryption mode that provides both data confidentiality (encryption) and integrity (authentication) simultaneously, making it essential for modern cybersecurity applications like TLS and VPNs. 

Fibre Channel over Ethernet. A lower-cost alternative to traditional SANs. It supports sending Fibre Channel commands over an IP network.

Neighbor Discovery Protocol performs several functions on IPv6. For example, it performs functions similar to ARP, which is used on IPv4. It also performs autoconfiguration of device IPv6 addresses and discovers other devices on the network such as the IPv6 address of the default gateway.

Advanced Encryption Standards 256bit. Advanced Encryption Standard 256 bit. AES sometimes includes the number of bits used in the encryption keys and AES-256 uses 256-bit encryption keys. Interestingly, Blowfish is quicker than AES-256. 

Acceptable Use Policy. Acceptable use policy. An AUP defines proper system usage. It will often describe the purpose of computer systems and networks, how users can access them, and the responsibilities of users when accessing the systems. 

Certificate Authority. Certificate Authority. An organization that manages, issues, and signs certificates and is part of a PKI. Certificates are an important part of asymmetric encryption. Certificates include public keys along with details on the owner of the certificate and on the CA that issued the certificate. Certificate owners share their public key by sharing a copy of their certificate. 

Computer Emergency Response Team. Computer Emergency Response Team. A group of experts who respond to security incidents. Also known as CIRT, SIRT, or IRT. 

Certificate Revocation List. Certification revocation list. A list of certificates that a CA has revoked. Certificates are commonly revoked if they are compromised, or issued to an employee who has left the organization. The Certificate Authority (CA) that issued the certificate publishes a CRL, and a CRL is public. 

Choose Your Own Device. "Choose Your Own Device" (CYOD) in cybersecurity is a policy where employees select a device for work from a pre-approved list of company-chosen hardware, offering a balance between security and employee flexibility. 

Diffie-Hellman Ephemeral. Diffie-Hellman Ephemeral. An alternative to traditional Diffie-Hellman. Instead of using static keys that stay the same over a long period, DHE uses ephemeral keys, which change for each new session. Sometimes listed as EDH. 

Data Service Unit. Data Service Unit. An interface used to connect equipment to a T1 and similar lines. It typically connects with a CSU as a CSU/ DSU. 

Electronic Serial Number. Electronic Serial Number. Numbers used to uniquely identify mobile devices. 

Gnu Privacy Guard. GNU Privacy Guard (GPG). Free software based on the OpenPGP standard and used to encrypt and decrypt files. It is similar to PGP but avoids any conflict with existing licensing by using open standards. 

Graphical user interface. Users interact with the graphical elements instead of typing in commands from a text interface. Windows is an example of a GUI.

Network Basic Input/ Output System (NetBIOS) is a name resolution service for NetBIOS names on internal networks. NetBIOS also includes session services for both TCP and UDP communication. NetBIOS uses UDP ports 137 and 138, and TCP port 139. It can use TCP port 137, but rarely does.

Authentication Header. Authentication Header. IPsec includes both AH and ESP. AH provides authentication and integrity using HMAC. ESP provides confidentiality, integrity, and authentication using HMAC, and AES or 3DES. AH is identified with protocol ID number 51. 

Antivirus. Antivirus software is a cybersecurity tool that detects, removes, and prevents malware from infecting devices. 

Common Access Card. Common Access Card. A specialized type of smart card used by the U.S. Department of Defense. It includes photo identification and provides confidentiality, integrity, authentication, and non-repudiation for the users. It is similar to a PIV. 

Cipher Feedback. Cipher Feedback (CFB) mode is a type of block cipher that converts a block cipher into a stream cipher by using the previous ciphertext block as feedback for the next encryption step. 

Computer Security Incident Response Team. A Computer Security Incident Response Team (CSIRT) is a specialized group in cybersecurity that handles security breaches and cyberattacks. 

Discretionary Access Control. Discretionary access control. An access control model where all objects have owners and owners can modify permissions for the objects (files and folders). Microsoft NTFS uses the DAC model. Other access control models are MAC and RBAC. 

Dynamic Link Library. Dynamic Link Library. A compiled set of code that can be called from other programs. 

Extensible Authentication Protocol. Extensible Authentication Protocol. An authentication framework that provides general guidance for authentication methods. Variations include EAP-TLS, EAP-TTLS, LEAP, and PEAP. 

Encapsulated Security Payload. Encapsulating Security Protocol. IPsec includes both AH and ESP. AH provides authentication and integrity using HMAC. ESP provides confidentiality, integrity, and authentication using HMAC and AES or 3DES. ESP is identified with protocol ID number 50. 

Group Policy Object. Group Policy Object. Group Policy is used within Microsoft Windows to manage users and computers. It is implemented on a domain controller within a domain. Administrators use it to create password policies, lock down the GUI, configure host-based firewalls, and much more. 

Intrusion detection system. A detective control used to detect attacks after they occur. Monitors a network (NIDS) or host (HIDS) for intrusions and provides ongoing protection against various threats. IDSs include sniffing capabilities. Many IDSs use numbering systems to identify vulnerabilities.

Network interface card. Provides connectivity to a network.

Annualized Loss Expectancy. Annual (or annualized) loss expectancy. The ALE identifies the expected annual loss and is used to measure risk with ARO and SLE in a quantitative risk assessment. The calculation is SLE × ARO = ALE. 

Asset Value. asset value is the monetary and operational worth an organization assigns to its digital and physical assets, such as data, systems, and intellectual property 

Controller Area Network. Controller Area Network. A standard that allows microcontrollers and devices to communicate with each other without a host computer. 

Challenge Handshake Authentication Protocol. Challenge Handshake Authentication Protocol. Authentication mechanism where a server challenges a client. More secure than PAP and uses PPP. MS-CHAPv2 is an improvement over CHAP and uses mutual authentication. 

Chief Security Officer. A Chief Security Officer (CSO) in cybersecurity is a senior executive responsible for protecting an organization's physical and digital assets, while a Chief Information Security Officer (CISO) focuses specifically on information and cyber threats. 

Database Administrator. Database administrator. A DBA administers databases on database servers. 

Data Loss Prevention. Data loss prevention. A network-based DLP system can examine and analyze network traffic. It can detect if confidential company data or any PII data is included in email and reduce the risk of internal users emailing sensitive data outside the organization. End-point DLP systems can prevent users from copying or printing sensitive data. 

Electronic Code Book. In cybersecurity, the Electronic Codebook (ECB) is a simple block cipher mode where each block of plaintext is encrypted independently with the same key. 

Exposure Factor. exposure factor (EF) is the estimated percentage of an asset's value that would be lost if a specific threat materializes. 

Global Positioning System. Global Positioning System. GPS tracking can help locate lost mobile devices. Remote wipe, or remote sanitize, erases all data on lost devices. Full disk encryption protects the data on the device if it is lost. 

Internet Group Management Protocol. Used for multicasting. Computers belonging to a multicasting group have a multicasting IP address in addition to a standard unicast IP address.

No operation, sometimes listed as NOOP. NOP instructions are often used in a buffer overflow attack. An attacker often writes a large number of NOP instructions as a NOP sled into memory, followed by malicious code. Some processors use hexadecimal code x90 for NOP so a string of x90 characters indicates a potential buffer overflow attack.

Access Point. Access point, short for wireless access point (WAP). APs provide access to a wired network to wireless clients. Many APs support Isolation mode to segment wireless users from other wireless users. 

Business Availability Center. Business Availability Center. An application that shows availability and performance of applications used or provided by a business. 

Completely Automated Public Turing Test to Tell Computers and Humans Apart. Completely Automated Public Turing Test to Tell Computers and Humans Apart. Technique used to prevent automated tools from interacting with a web site. Users must type in text, often from a slightly distorted image. 

Chief Information Officer. Chief Information Officer. A "C" level executive position in some organizations. A CIO focuses on using methods within the organization to answer relevant questions and solve problems. 

Cloud Service Provider. A cloud service provider (CSP) in cybersecurity is a company that offers security services and solutions for cloud-based environments, managing the security of data, applications, and infrastructure. 

Distributed Denial of Service. Distributed denial-of-service. An attack on a system launched from multiple sources intended to make a computer's resources or services unavailable to users. DDoS attacks typically include sustained, abnormally high network traffic. Compare to DoS. 

Demilitarized Zone. Demilitarized zone. A buffer zone between the Internet and an internal network. It allows access to services while segmenting access to the internal network. Internet clients can access the services hosted on servers in the DMZ, but the DMZ provides a layer of protection for the internal network. DNAT— Dynamic Network Address Translation. A form of NAT that uses multiple public IP addresses. In contrast, PAT uses a single public IP address. It hides addresses on an internal network. 

Elliptic Curve Cryptography. Elliptic curve cryptography. An asymmetric encryption algorithm commonly used with smaller wireless devices. It uses smaller key sizes and requires less processing power than many other encryption methods. 

File System Access Control List. File System Access Control List. An ACL used for file systems. As an example, NTFS uses the DAC model to protect files and folders. 

Graphic Processing Unit. GPUs are used in cybersecurity for tasks like high-speed, real-time threat detection and response due to their parallel processing capabilities, which can accelerate malware analysis and intrusion detection. 

Internet Protocol version 4. Identifies hosts using a 32-bit IP address. IPv4 is expressed in dotted decimal format with decimal numbers separated by dots or periods like this: 192.168.1.1.

Network Operating System. Software that runs on a server and enables the server to manage resources on a network.