Cissp Acronym

Mandatory Access Control. A MAC system is one where access control is based on labels (such as security classifications and clearances) and enforced by the system and cannot be overridden. If you think government systems with classified data on them you have the right idea. Ordinary operating systems like Windows, Unix, and Linux are not MAC.

Discretionary Access Control. A system where access controls are under the discretion of the owner of a resource as well as the administrators. For example, Windows is a DAC system and if you own a file, you can give rights to other users. Also an administrator can give rights to users. When I think DAC, I think consumer and most commercial systems.

Role Based Access Control. A system where access is based on what roles you have. In reality, these roles are usually mapped to operating systems groups, so the access or rights you have are determined by what groups you belong to.

Access Control Matrix. An ACM is a matrix where the X-axis specifies resources or objects, and the Y-axis specifies subjects such as users or roles/groups. Each cell specifies what access a specific subject has to a specific object. In a typical computer environment, where you may have thousands of users, groups, and other subjects like running processes, and who knows how many files and other objects, a full blown ACM is going to be absurdly large meaning it's basically a theoretical concept in this case. A limited ACM, one for example showing which roles have what access to certain functionality, can be useful in designing and understanding systems.

False Reject Rate. In biometric systems, the FRR is the percentage of authentic users who are denied access. It is also known as Type I Error (pronounced as "type one error"). I remember it as Type I as it is not as bad as Type II, below.

False Accept Rate. In biometric systems, Type II Error (pronounced as "type two error") is the percentage of fake or unenrolled users allowed access. I remember it as Type II as it is worse than Type I (of course the requirements of the system are an issue, but in general it is worse).

Crossover Error Rate. A biometric system can be tuned to minimize FAR or FRR. The CER is when a system is tuned so that the FAR and FRR are the same, and is used as a metric to indicate the overall accuracy of the biometric system.

Single Sign On

Key Distribution Server. In the Kerberos Authentication System, the KDC is essentially a login server that knows everyone's password (or "secret key") and issues login credentials, known as TGTs.

Ticket Granting Ticket. Kerberos issues a TGT when a user first logs in. It is sent to the user encrypted by their password, and if they got their password correct, decrypted and their login succeeds.

Secure European System for Applications in a Multi-Vendor Environment. Kerberos is seen by ISC2 as USA centric, as it was developed at MIT in Massachusetts. SESAME is the same idea, but considered international by ISC2 (European somehow equals international). Kerberos uses tickets and symmetric encryption, SESAME uses Privilege Attribute Certificates or PACs and both symmetric and asymmetric encryption. This conveniently avoids the issue that SESAME never took off or was widely implemented at all, and essentially doesn't exist anymore

Privilege Attribute Certificate. Again, SESAME uses PACs, while Kerberos uses tickets.

Intrusion Detection System. An IDS is an alarm system. It watches and raises "alerts" when something occurs that needs human investigation. Just like physical alarm systems, IDSs have false alarms or alerts as well. The primary (or at least one of the primary) technical detection controls.

Time of Check/Time of Use. A timing attack. Imagine an application that creates a file, and then applies appropriate permission to it (hey, that's how they taught me to do it in school). There is a vulnerability for a fraction of second between when the file is created and when the file has appropriate security permissions applied that might be exploitable. Also known as a race condition.

Denial Of Service

Distributed Denial of Service. An example would be a 100,000 computer strong botnet where each computer in the botnet sends a few packets to one IP address. Good chance that whatever sits at that IP address will be overwhelmed.

Electronic Magnetic Interference. Especially with older systems, for example ones using Cathode Ray Tube based monitors, there is a substantial amount of EMI. It is possible to remotely receive this EMI and recreate what is on the screen. Although perhaps beyond the capability of your competitors, this is well within the capability of many nation-states.

Access Control List

DeMilitarized Zone, the Internet accessible part of an organization's network.

Local Area Network. A bunch of computers electronically close to each other, typically used to mean within one broadcast domain. I.e. they can broadcast to each other. From the security standpoint, the LAN is also a security demarcation perimeter as if you are in a LAN you are fundamentally more trusted than if you are not in the LAN.

Wide Area Network. A bunch of LANs connected together via a (usually high speed) backbone.

Metropolitan Area Network. As in "What's bigger than a LAN but smaller than a WAN? A MAN." Term is not used that often anymore.

Global Area Network. A big WAN. The biggest GAN is obviously the Internet.

Fiber Distributed Data Interface. A token ring based network. It contains two fiber based rings, one as a backup for the other. Considered legacy as fast Ethernet and other technologies have eclipsed it.

Asynchronous Transfer Mode. An older protocol which is typically used as a high speed backbone connected LANs together, although it also can be used as a LAN protocol. Frames are 53 bytes, 48 of data and 5 of header. Elegant design based on the technologies and limitations of the day or an odd bastard designed by committee? Perhaps a bit of both.

Software Development Life Cycle. Instead of simply sitting down and starting to write code, unfortunately a common technique used in software development historically and still somewhat today, software development should follow a lifecycle, beginning with planning and eventually ending in retirement of the system.

High-Level Data Link Control. A bit-oriented synchronous data link layer protocol based on SDLC (above). I think of it as the protocol that moves data over an X.25 or Frame Relay cloud.

Integrated Services Digital Network, or perhaps "It Still Does Nothing." A "faster than modem" technology that works over standard copper telephone lines. Never really took off at least in North America, since DSL and Cable Modem came around the same time and are much faster, but still used for some purposes including video teleconferencing and popular in parts of Europe and India as well.

Digital Subscriber Line

Asymmetric Digital Subscriber Line. Faster download speeds than upload speeds.

Single Line Digital Subscriber Line - Symmetrical download and upload rates of 1.544 mbps. An operating range of 10,000 feet from the phone company's central switching equipment.

High Rate Digital Subscriber Line. Like SDSL but uses two pairs of twisted copper lines instead of one to give a 12,000 feet operating range at 1.544mps symmetric. Sometimes used to implement a T1 line.

Very high rate Digital Subscriber Line. Asymmetric, downstream rates of 13 to 52 mbps and upstream rates of 1.5 to 2.3 mbps, Short range, only 1000 to 4,500 feet from the phone company's central switching equipment.

Carrier Sense Multiple Access

Carrier Sense Multiple Access with Collision Detection, used for example by Ethernet.

Carrier Sense Multiple Access with Collision Avoidance

Wired Equivalent Privacy. The original Wi-Fi (IEEE 802.11 wireless networks) security protocol. Depreciated as it is very weak and has numerous flaws.

Wi-Fi Protected Access, and WPA2, Wi-Fi Protected Access II, replacements for WEP.

Virtual Circuit

Switched Virtual Circuit

Permanent Virtual Circuit

Voice Over IP, which interestingly is considered a WAN protocol by ISC2.

Public Switched Telephone Network. The legacy phone network.

Private Branch Exchange. A phone switch.

Session Initialization Protocol. A VOIP signaling protocol for setting up and tearing down VOIP calls. Locating users, and negotiating common protocol. The other VOIP signaling protocol is the much more complex H.323.

Serial Line Internet Protocol . A protocol for relaying IP packets over dialup lines. Mostly replaced by PPP.

Point to Point Protocol, used for dialup connections to the Internet, including ISDN and cellular modems.

Extensible Authentication Protocol, an authentication framework used with PPP. There are many EAP protocols.

Data Terminal Equipment, any device connected to a network like a workstation, server, router, bridge, etc.

Data Communication Equipment or Data Circuit-Terminating Equipment, a hardware device that sits between a DTE and the data transmission circuit. One example of a DCE is a modem.

Data Service Unit/Channel Service Unit. A modem sized hardware device that connects a DTE (like a router) to a digital circuit like a T1 or T3 line. A DSU/CSU is an example of a DCE.

Open Systems Interconnection model, a networking model that breaks networking into 7 layers. Essentially theoretical today but often referred to.

Media Access Control address, a unique hardware address assigned to network interfaces, commonly burnt into a NIC at manufacture time.

Network Interface Card

Domain Name System, a hierarchical distributed naming system for converting names like securitycerts.org to IP addresses and vice-versa.

Network Address Translation

User Datagram Protocol. A layer 4 protocol

Transmission Control Protocol. A layer 4 protocol

Internet Control Message Protocol. A layer 3 protocol like IP, but carried in an IP packet like UDP and TCP.

Secure/Multipurpose Internet Mail Extensions, a standard for email encryption and digital signature based on digital certificates. Supported by most modern email clients like Thunderbird and Microsoft Outlook.

Secure Electronic Transaction. A protocol for transferring credit card information over insecure networks like the Internet. A legacy protocol that never took off.

Secure Shell. A protocol for making secure connections between machines. Often used for administering Unix and Linux machines.

Secure Sockets Layer, a cryptographic protocol that allows secure communications over the Internet and other untrusted networks. It supports digital certificates both on both the client and server side, but in practice most commonly only the server has a certificate and the client is authenticated "out of band" (for example by verification of a credit card or other information). TLS (see below) is a standards based replacement of SSL, and considered a later version, for example TLS 1.0 is often referred to as SSL 3.1.

Transport Layer Security, a standards based version and successor to SSL. Modern browsers support TLS 3.0 or greater.

File Transfer Protocol, a clear text protocol that is widely used but that passes passwords and usernames in clear text over the network.

Trivial File Transfer Protocol. A simplified version if FTP most commonly used for transferring configuration or boot files over LANs.

Simple Mail Transfer Protocol, the Internet standard for email transmission over IP.

Simple Network Management Protocol

Address Resolution Protocol, resolves between network addresses and link layer addresses, for example between IP addresses and MAC addresses.

Reverse Address Resolution Protocol, resolves between link layer addresses and network addresses.

Routing Information Protocol, a simple router protocol that solely uses hop count as the distance metric. The fewer hops, the closer something is, and it ignores any other factors such as network speeds etc.

Open Shortest Path First, a common routing protocol that is more advanced and complex than RIP.

Border Gateway Protocol, a very commonly used router protocol between autonomous systems on the Internet.

Virtual memory. Allows each process to believe it has its own dedicated physical memory and maps between virtual memory and the underlying physical memory.

Virtual Private Network

Remote Authentication Dial In User Service

Terminal Access Controller Access Control System

Password Authentication Protocol, an early protocol that sends the username and password over the network in clear text.

Challenge Handshake Authentication Protocol, a protocol that does not send the password over the network.

Authentication Header. An IPSec protocol that provides for integrity, origin authentication, but no confidentiality.

Encapsulating Security Payload. An IPSec protocol that provides for integrity, origin authentication, and confidentiality.

Confidentiality, Integrity, and Availability

Disclosure, Alteration, and Destruction. The opposite of CIA

Sensitive But Unclassified. A US government classification between Confidential and Unclassified. Disclosure of SBU information will not cause damage to national security.

Freedom of Information Act. Data that would otherwise be classified can be made public through the FOIA. With the emphasis on internationalizing the exam, you probably won't see FOIA, but it still may be lingering in some questions in the question bank.

Non Disclosure Agreement. A short legal document between two or more parties usually doing business together that states that confidential information may be shared but cannot be disclosed to other parties. For example I have an NDA with The SANS Institute that allows them to share confidential information with me such as new class dates and new course information that is not yet public, and I cannot disclose that information to anyone else.

Exposure Factor. The amount of an asset that is lost when a threat is manifested. For example, if you sell vintage wedding dresses, and the threat is theft, the EF is 100% - if a dress is stolen it is 100% gone!

Single Loss Expectancy. The asset value times the Exposure Factor. If each Vintage Wedding Dress is worth $20,000, the SLE is $20,000.

Annualized Rate of Occurrence. How many times a year a threat is manifest. If 5 of your vintage wedding dresses are stolen each year, your ARO is 5.

Annualized Loss Expectancy. Your SLE times your ARO. If your SLE is $20,000 per wedding dress stolen, and your ARO is 5, your ALE is $100,000. Knowing this value helps you make intelligent business decisions including those pertaining to security controls.

Total Cost of Ownership. A financial estimate of the direct and indirect costs of a product or system. For example, an IDS might cost $25,000, but if there are expenses involved with setup, training of personnel, and personnel time or maybe even dedicated personnel are required, the TCO will be much higher.

Operations Security. Ok, it's not an acronym. Plenty of ways to look at OPSEC, but I look at it as looking for the weakest link and then making it less weak.

European Organization for Economic Cooperation and Development.

Service Level Agreements. A service level agreement is a contract stipulating a certain level of performance with financial penalties for not meeting that performance. For example an SLA with a service provider might stipulate 99% uptime for full payment, with payment prorated or otherwise reduced for not maintaining 99% uptime or greater.

Capability Maturity Model, or SoftWare- Capability Maturity Model. A model aimed at improving quality which assigns one of 5 levels. It begins with Level One, called Initial, which uses terms like "chaotic," Level Two, called Repeatable, where some repeatable processes have been defined, up to Level Five, called Optimizing, which focuses on continual improvements.

Rapid Application Development.

Object Oriented

Object Request Broker. A middleware service, commonly implemented as a server process per machine, which takes object references and resolves them regardless of where the object may reside in the network.

Common Object Request Broker Architecture. An industry standard for ORBs from the OMG (below) that was a good first attempt but was so vague that CORBA compliant ORB implementations from different vendors like IBM, Sun, and HP, simply did not interoperate.

Object Management Consortium. A bunch of smart folks from Framingham Mass that had the "Object Religion" a bit too intensely and developed CORBA. Apparently they still exist but no one really cares.

Component Object Model/Distributed Component Object Model. A Microsoft proprietary technology similar to CORBA. Good stuff, and they let out the source code and people started implementing on other platforms like Unix/Linux but the WWW protocols took over.

Distributed Data Processing. An ancient term ISC2 still uses (Wikipedia doesn't even have a reference) that means we are not still all on a mainframe from very dumb terminals nearby.

Computer Aided Software Engineering tools

eXclusive OR. A simple and blazingly fast way to add two binary numbers and used extensively in encryption especially because it is so fast. It's essentially binary addition without carry.

A symmetric substitution algorithm where each letter of the alphabet is replaced by the letter which comes "n" characters later in the alphabet. The Caesar cipher, for example, is ROT 3. "a" is replaced by "d", "b" is replaced by "e", "c" is replaced by "f" etc. This is very easy to break using character frequency analysis.

Coordinating Committee for Multilateral Export Controls. An attempt by Western Block countries to prevent the export of advanced technologies including encryption technologies to "dangerous" countries. Formerly dissolved in 1994, it was followed up by Wassenaar Agreement which has similar goals. Of course the definition of dangerous countries depends on who you are. Both focused on the export of technologies, and symmetric key technology was free for export.

Data Encryption Standard. A very widespread symmetric encryption algorithm that is very fast. It was first developed in 1975 and not considered secure today because of its small key size, 56 bits. Triple DES is still widely used, for example by Web browsers.

International Data Encryption Algorithm. A symmetric encryption algorithm. Used by PGP, Pretty Good Privacy, but not in widespread use otherwise.

Secure And Fast Encryption Routine. A family of symmetric key algorithms. Bluetooth optionally uses a variant of SAFER.

The Advanced Encryption Standard. A symmetric key encryption algorithm chosen by the US government as a replacement for DES. It was chosen as the result of a contest by The Nation Institute of Standards and Technologies, NIST, in 2000, and was formerly known as Rijndael (pronounced "Rain Doll" unless you are Dutch, in which case you'd probably laugh at the pronunciation). It has variable block length and key length.

A family of symmetric key ciphers by Ron Rivest. Sometimes called "Ron's Cipher" or Rivest's Cipher."

Secret Key Cryptography. The original type of crypto where the same keys are used to encrypt and decrypt.

Rivest, Shamir, and Adelman, named after the three inventers of this very popular asymmetric key encryption algorithm. It is based on the mathematic fact that large prime integers are easy to multiply together, but the result is difficult to factor into the original factors, meaning the original large prime numbers. Or to put it even more simply: multiplication is easier than division.

Ecliptic Curve Cryptosystems. ECC are public key cryptosystems and are ideal for small devices such as smart cards as ECC does NOT use a lot of resources such as power, CPU, and memory. The reason for this is that ECC provides a high level of security with relatively short key lengths, so the underlying mathematics are simpler and hence the resources required are minimal.

Message Digest. These are hashing algorithms, used primarily for integrity. MD5 is used quite a bit and has a 128 bit hash value.

Secure Hashing Algorithm.

Public Key Cryptography. In public key cryptography, as opposed to secret key cryptography, keys come in pairs. If one key in the pair is used to encrypt something, only the other key in the key pair will decrypt it. In common usage, each party has a key pair, and the keys are referred to as the private key and the public key. The private key is kept private; no one else knows it. For example, it may live in a smart card and be further protected by a PIN. The public key is publicly available, often as part of a data structure called a Digital Certificate.

Electronic Code Book, the default way (or "mode") that the DES encryption algorithm is used.

Cipher Block Chaining, a mode of DES that utilizes an initialization vector to introduce randomness. This initialization vector is simply a random number that is combined (via the XOR operation) with the first block of plaintext before it is encrypted. Each subsequent block of plaintext is XORed with the previous ciphertext block before being encrypted.

Cipher FeedBack, a mode of DES similar to CBC. This is a streaming cipher, as opposed to ECB and CBC which are block ciphers, and suitable for use with streaming data such as streaming audio and streaming video.

Output FeedBack, a streaming mode of DES like CFB. OFB has the property that flipping a bit in the ciphertext flips the same bit in the plaintext, so many error correcting codes still function even when applied before encryption.

CounTeR Mode, a streaming mode of DES that uses an initialization vector (also called a "nonce" - which is simply a random number) which is combined with the first block of plaintext as in CBC, however this initialization vector is incremented and reused with each subsequent block. Used by IPSec.

National Institute of Standards and Technology, a US Governmental body formerly known as the National Bureau of Standards (NBS), and responsible for a number of standards pertaining to security, such a DES and AES among many others.

Digital Signature Standard

Public Key Infrastructure. An infrastructure to distribute the public key of public-private key pairs (used in asymmetric cryptography). PKIs create Digital Certificates, which are data structures containing a name and associated public key which are digitally signed by a central authority called a Certificate Authority.

Certificate Authority, the part of a PKI which creates and digitally signs Digital Certificates, data structures containing a name and associated public key. The best known CA on the Internet is Verisign, and many organizations have their own internal CAs.

Organizational Registration Authority. A registration authority vets an entity before a CA will issue a Digital Certificate for it.

Certificate Revocation List. A list of Digital Certificates that have not expired (the expiration date in the certificate has not past) but that are not to be trusted. CRLs are typically stored in LDAP databases along with Digital Certificates. A Digital Certificate may be added to a CRL for a multitude or reasons, such as suspected compromise of the associated private key, a name change perhaps due to marriage or religious conversion, retirement, death, etc.

Pretty Good Privacy, a program used primarily for email encryption but which also supports file, directory, and partition encryption. Provides confidentiality (data encryption) and authentication (via digital signature). Based on a "Web of Trust" model instead of central authority like PKI (although later versions can work with a PKI).

Operating System. The basic software that controls the hardware and allows the execution of application software efficiently. Examples of common operating systems include Windows 7, MacOS, and the various types of Linux and Unix.

Initial Program Load. The operating system on a mainframe computer is sometimes called the IPL.

Graphical User Interface. Many programs and operating systems have a GUI (pronounced "gooey") while others may only have a command line interface.

Data Manipulation Language. A database term. Structured Query Language (SQL), pronounced "Sequel," is the most popular and is used to retrieve and manipulate data in relational databases.

Data Definition Language. A database term. A language for defining data structures such as database schemas. Commonly this is Structured Query Language (SQL), or more specifically a subset of SQL.

Central Processing Unit

Arithmetic Logic Unit. The part of the CPU that performs arithmetic and logic operations.

Complex Instruction Set Computer. A CPU which has a rich instruction set. This makes life easy for low level programmers as they have lots of instructions they can call, instead of needing to rely on just a very basic instruction set. Most personal computers are CISC based.

Reduced Instruction Set Computer. As CPUs became more complex and got a more complex instruction set, some manufacturers started to make RISC CPU based computers. A RISC based CPU has only a few instructions, but can execute them all very quickly. Low level programming is more difficult on a RISC based computer.

Read Only Memory. Memory that is directly addressable from the CPU and contains critical startup code such as that to start the bootup sequence. This critical code is often called "firmware." For example, think BIOS (Basic Input/Output System) on PCs. ROM is non-volatile - it doesn't go away when power is removed.

Programmable Read Only Memory. This is ROM but is blank when manufactured, and programmed by the system developer/designer. Standard PROM can only be programmed once. Thousands or millions of tiny traces on the chip actually burn out once it is programmed. This makes PROMs not so cool for firmware, as the firmware can never be updated.

A type of PROM that can be erased and reprogrammed. It is erased by "flashing" it with ultraviolet light. EPROMs are uncommon today.

Electrically Erasable PROM. A type of ROM that can be rewritten. Most computers use EEPROM for their BIOS today. This is sometimes called "Flash Memory" even though it is the far less common EPROMs that are erased by flashing them with UV light.

Programmable Logic Device. PROMs, EPROMs, and EEPROMs are examples of a more general technology and type of chip called a Programmable Logic Device. This term seems to show up fairly often on the exam.

Random Access Memory

Dynamic Random Access Memory. A type of RAM usually used for main memory, for example the laptop I'm typing on now has 4 Gig of memory/DRAM. DRAM must be refreshed many times a second as it depends on small capacitance charges that decay with time.

Static Random Access Memory. A very fast and expensive form of RAM that is typically used for cache.

Virtual Memory Manager. The part of the operating system that handles virtual memory. Today often implemented in part by hardware support (a MMU or memory management unit) that is part of the same chip that holds the CPU, such as on the Intel x86 microprocessors.

Write Once Read Memory. A data storage device that can only be written once and not modified afterwards.

Bell-LaPadula. A theoretical security model focused solely on protecting confidentiality, and used in DoD classified systems. There are two main rules: • No Read Up (Simple Security Property). A subject cannot read an object at a higher classification level. For example a secret user cannot read top secret data. • No Write Down (* Security Property, pronounced "Star Security Property"). A subject at a higher classification level cannot write to a lower classification level. For example a secret user cannot email to unclassified systems.

The Biba Security Model, named after Ken Biba, is a theoretical security model focused solely on Integrity, and hence the opposite of Bell-LaPadula. There are two main rules: • No Read Down (Simple Security Axiom). A subject cannot read an object at a lower classification level. For example a top secret user cannot read secret data. This is to prevent bad information from moving up. Think about a document that has been declassified for example. It is often less integral as parts of it have been removed (or blacked out for physical documents). • No Write Up (* Integrity Axiom). A subject at a lower classification level cannot write to a higher classification level. For example a secret user cannot write to a top secret file.

Conflict of Interest

Trusted Computing Base. The low level hardware, software like the OS kernel, and firmware that must be trusted or nothing secure can be built on the system. TCSEC and ITSEC (below) are concerned with defining and qualifying the TCB.

Trusted Computer Systems Evaluation Criteria, also known as the Orange Book. A US centric (Department of Defense) standard. Ranges from "D" - minimal protection, to "A" - verified design. Not actively used today, but other models are built using it (like ITSEC).

Information Technology Security Evaluation Criteria. The first European attempt at an evaluation criteria (similar to the Orange Book or TCSEC). Despite being European, it's considered "International." ITSEC has two parts, Functionally (F) and Assurance (E). This is quite complex and essentially superseded by the much simpler EAL below.

Evaluation Assurance Level, also known as the Common Criteria, follow on to ITSEC and much simpler and more reasonable. Each product or system gets an EAL level, ranging from EAL1 (functionally tested) to EAL7 (formally verified, designed, and tested). The second European attempt at an evaluation criteria. Once again, despite being European, it's considered "International."

Target of Evaluation, what is being evaluated by the Common Criteria (EAL).

Designated Approval Authority. US government systems need certification and accreditation prior to becoming operational. The DAA is usually a mid level government bureaucrat that relies on the technical expertise of others that report to them.

Payment Card Industry Data Security Standard, usually abbreviated to PCI. Originally started by Visa but now controlled by an industry consortium. A set of best practices for organizations that handle payment cards such as credit and debit cards.

Cross Site Scripting. A vulnerability where client side code, for example Javascript, HTML, or SQL, can be injected into and executed on the server side. A prime defense is sanitizing all input on the server side (assuming "all input is evil").

Network Intrusion Detection System. An IDS that functions by watching the packets on a network. A NIDS will commonly be placed at a network aggregation point, for example before the firewall, after the firewall, or on a spanning/mirroring port on a network switch. Snort is a popular open source NIDS.

Host Intrusion Detection System. An IDS that sits on one specific host and watches it. HIDS is commonly used to refer to anything that protects a host, and there are also HIDS specific products available. OSSEC is a popular open source HIDS.

Computer Incident Response Team. A CIRT analyses potential incidents and responds if appropriate. Synonymous with CERT, Computer Emergency Response Team.

Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned. The 6 steps in incident handling. Yes, you need to know these, including the order.

Redundant Array of Inexpensive Disks. There are several RAID levels defined by the RAID advisory board. Note that RAID 0, striping, does NOT provide any redundancy, and RAID 2 is the only level which has a required number of disk, 39. 39 might seem like a strange number unless you are mainframe person as traditionally IBM mainframes had 39 disks.

Configuration Management. The process of tracking and approving changes to a system, both hardware and software. If there is little or no CM, each system may be configured slightly differently, sometimes called the snowflake effect. If each system is somewhat different, the process of testing patches before rolling them out is certainly negatively affected as you don't even know what the system configurations are that the patches should be tested on.

Business Continuity Plan. An overarching plan to minimize interruption to a business after a disruptive event like a disaster occurs. The BCP is a long term and strategic plan. The BCP deals with risks that have not been handled by other controls. There is always a default BCP, which is you die or go out of business when a large disruptive event occurs.

Disaster Recovery Plan. The sub-component of the Business Continuity plan that deals with the recovery of IT systems. Short term and tactical.

Continuity Of Operations Plan. A term commonly used in the US Government similar to the term BCP. The COOP is actually part of the BCP dealing with sustaining or continuing operations.

Business Impact Analysis. The BIA comes after the (limited to critical systems) risk analysis and determines tolerable impact levels to systems.

Maximum Tolerable Downtime, also sometimes called Maximum Allowable Downtime. How long critical systems can be down until the point of no return, until irreparable damage to the organization is done. The MTD is the primary output of the Business Impact Analysis. For some reason the acronym MAD is never used.

Standard Operating Procedures. Written documents detailing how to perform specific procedures. A common item in the BCP appendixes.

Point of Contact. A Point of Contact list is a list of people and contact information for them, for example phone numbers. A common item in the BCP appendixes.

The United Nations

Mutual Legal Assistant Treaties involve law enforcement in different countries working together to combat crimes such as money laundering, cyber crime, and more.

Business Software Alliance, an industry group whose primary purpose is to prevent copyright infringement of software produced by its members. Software piracy is a big issue, but they are controversial because of some of their tactics, including their "Bust Your Boss!" campaign and others which pay disgruntled employees up to $200,000 to report alleged software piracy.

Intellectual Property. Physical security, at least in large part for most organizations, should be focused on protecting IP. Yeah, yeah, I know it stands for something else too!

Health Insurance Portability and Accountability Act, which addresses the security and privacy of health care data.

Internet Activities Board. The IAB has a code of ethics published as RFC 1087 and describes 5 unethical and unacceptable types of activities.

Heating, Ventilation, and Air Conditioning. HVAC is an issue in physical and environmental security. With joint tenancy, HVAC can be a major concern as others may have access to your HVAC controls.

Emergency Power Off. Sometimes called the "big red button" which can shut off power to the entire data center when an emergency occurs (or when it's pressed by mistake).

Closed Circuit TeleVision. A primarily detective physical control. Although wireless and IP based cameras are more common these days, there are still a lot of CCTV systems in use.

Cathode Ray Tube. Old style monitors, which are heavy, relatively fragile, and deep, and made of a vacuum tube with three electron beams, one for red, green, and blue, producing an image. Older cameras were also CRT based.

Charge Coupled Discharge. The technology used by newer cameras, and in fact most cameras today.

Radio Frequency Interference. RFI can be caused by devices like neon lights and electric motors and RFI can modulate electric power, called "noise" on the electric power. Normally electric is routed away from other cables, grounded, and shielded to help prevent noise from RFI and from EMI (ElectroMagnetic Interference).