"O conhecimento é em si mesmo um poder"
-Francis Bacon-
Para efeito deste documento fica estabelecido que:
Banco de dados, contratos, documentação de sistemas, sistemas, manuais de usuários, material de treinamento, planos de continuidade de negócios, sistemas e aplicações ou qualquer outro recurso que tenha valor para a organização e precisa ser adequadamente protegido.
AV - Antivírus
APT - Advanced Persistent Threat
AI - Artificial Intelligence
ACL - Access Control List
AES - Advanced Encryption Standard
ABAC - Attribute- Based Access Control
API - Aplication Programming Interface
BCP - Business Continuity Planning
BEC - Business Email Compromise
BOF - Buffer Overflow
CASB - Cloud Access Security Broker
CNAPP - Cloud Native Application Protection Plataform
CWPP - Cloud Workload Protection Plataform
CVSS - Common Vulnerability Scoring System
CVE - Common Vulnerabilitie and Exposure
CIRT - Cyber Incident Response Team
CSF - Cyber Security Framework
CSRF - Cross-Site Request Forgery
C2 - Command & Control
COBIT - Control Objectives for Information and Related Technologies
CSOC - Cyber Security Operation Center
CIS - Center for Internet Security
DLP - Data Loss Prevention
DNS - Domain Name System
DMZ - Demilitarized Zone
DDOS - Distributed Denial Of Service
DOS - Denial Of Service
DAST - Dynamic Application Security Testing
EPP - Endpoint Protection Plataform
FIM - File Integrity Monitor
FEDRAMP - Federal Risk and Authorization Management Program
GRC - Governance, Risk and Compliance
GDPR - General Data Protection Regulation
HIPPA - Health Insurance Portability and Accountability Act
IDS - Itrusion Detection Systems
IPS - Intrusion Prevention System
IOT - Internet Of Things
IAM - Identity and Access Management
IT - Information Technology
ISO - International Organization for Standardzation
MTTD - Mean Time to Detect
MFA - Multi-factor Authentication
MTTR - Mean Time to Resolve (or) Recovery
MTTC - Mean Time to Contain
MTTA - Mean Time to Acknowledge
MTBF - Mean Time Between Failures
ML - Machine Learning
MITM - Man In The Middle
MSSP - Managed Security Service Provider
MDR - Managed Detection and Response
NHT - Non Human Traffic
NOC - Network Operation Center
NIST - National Institute Of Standards and Technology
OT - Operational Technology
PAM - Privileged Access Management
PUP - Potentially Unwanted Programs
PCI-DSS - Payment Card Industry Data Security Standard Pentest - Penetration Testing
RAT - Remote Access Trojan
RBAC - Role- Based Access Control
SIEM - Security Information and Event Management
SOAR - Security Orchestration Automation and Response
SSO - Single Sign On SWG - Secure Web Gateway
SSE - Security Service Edge
SASE - Secure Access Service Edge
SSID - Service Set Identifier
SSL - Secure Socks Layer
SOC - Security Operation Center
SQLI - Structured Query Language Injection
SCF - Secure Controls Framework
SAST - Static Application Security Testing
2FA - Two-Factor Authentication
TTP - Tactics Techniques and Procedures
TLS - Transport Layer Security
TI - Threat Intelligence
UEBA - User and Entity Behavior Analytics
UCF - Unified Compliance Framework
VPN - Virtual Private Network
WAF - Web Application Firewall
WAS - Web Application Scan
XDR - Extended Detection and Response
XSS - Cross-Site Scripting
ZTNA - Zero Trust Network Access
Copyright © 2024 Inteligência Brasil