After spending some time reviewing other IINSv2 materials, it was apparent that there are a lot of acronyms. Thinking it may be beneficial to define expand and define the terms, the list quickly became huge. As a result, I decided to break the acronyms into separate categories that will likely align with study areas as learners plow through the CCNA Security material. This article covers the first category, Concepts and General Terms.
AAA (Authentication, Authorization, Accounting)–describes a framework to answer the following questions about a user. Who is the user? What can they access? What did they do?
AUP (Acceptable Use Policy)–common document or policy imposed by an organization to standardize appropriate use of information systems.
CIA (Confidentiality, Integrity and Availability)–three tenants that form a framework for security requirements for information systems. CIA is also often and acronym that represents the Central Intelligence Agency, an agency that provides security intelligence to senior US policymakers.
CVE (Common Vulnerabilities and Exposures)–standardized method of recording and serializing a known vulnerability or exposure for public identification and sharing
DMZ (Demilitarized Zone)–in networking, an area that is logically close to an untrusted network. Hosts located in the DMZ are not trusted and traffic sent to internal hosts would be closely monitored.
HIPAA (Health Insurance Portability and Accountability Act)–US Policy that is administered by the Office for Civil Rights. Defines several rules to protect the Confidentiality, Availability and Integrity of protected health information.
NTP (Network Time Protocol)–allows network devices and hosts to accurately synchronize time over network while accommodating for latency found in the network
NVD (National Vulnerability Database)–Sponsored by the US Department of Homeland Security, a national database of CVEs (Common Vulnerabilities and Exposures)
OOB (Out Of Band)–a method of managing network devices or hosts that utilizes a complete separate network or connection. Generally considered more secure due to the segregation.
SIEM (Security Information Event Management)–log management system that consolidates and parses disparate types of logs from various sources in order to produce actionable security operational information.
SOX (Sarbanes-Oxley)–US Federal Law with a primary focus on accurate financial reporting for publicly held companies. Due to the electronic nature of financial reporting and the asset value of information systems, SOX auditors regularly assesses the soundness of an organization’s IT operations.