Acrônimos e Conceitos

 
"O conhecimento é em si mesmo um poder"
-Francis Bacon-

Para efeito deste documento fica estabelecido que:

Ativo:

Banco de dados, contratos, documentação de sistemas, sistemas, manuais de usuários, material de treinamento, planos de continuidade de negócios, sistemas e aplicações ou qualquer outro recurso que tenha valor para a organização e precisa ser adequadamente protegido.

A


AV - Antivírus
APT - Advanced Persistent Threat
AI - Artificial Intelligence
ACL - Access Control List
AES - Advanced Encryption Standard
ABAC - Attribute- Based Access Control
API - Aplication Programming Interface

B


BCP - Business Continuity Planning
BEC - Business Email Compromise
BOF - Buffer Overflow

C


CASB - Cloud Access Security Broker
CNAPP - Cloud Native Application Protection Plataform
CWPP - Cloud Workload Protection Plataform
CVSS - Common Vulnerability Scoring System
CVE - Common Vulnerabilitie and Exposure
CIRT - Cyber Incident Response Team
CSF - Cyber Security Framework
CSRF - Cross-Site Request Forgery
C2 - Command & Control
COBIT - Control Objectives for Information and Related Technologies
CSOC - Cyber Security Operation Center
CIS - Center for Internet Security


D


DLP - Data Loss Prevention
DNS - Domain Name System
DMZ - Demilitarized Zone
DDOS - Distributed Denial Of Service
DOS - Denial Of Service
DAST - Dynamic Application Security Testing


E


EPP - Endpoint Protection Plataform

F


FIM - File Integrity Monitor
FEDRAMP - Federal Risk and Authorization Management Program

G


GRC - Governance, Risk and Compliance
GDPR - General Data Protection Regulation

H


HIPPA - Health Insurance Portability and Accountability Act

I


IDS - Itrusion Detection Systems
IPS - Intrusion Prevention System
IOT - Internet Of Things
IAM - Identity and Access Management
IT - Information Technology
ISO - International Organization for Standardzation

J


K


L


M


MTTD - Mean Time to Detect
MFA - Multi-factor Authentication
MTTR - Mean Time to Resolve (or) Recovery
MTTC - Mean Time to Contain
MTTA - Mean Time to Acknowledge
MTBF - Mean Time Between Failures
ML - Machine Learning
MITM - Man In The Middle
MSSP - Managed Security Service Provider
MDR - Managed Detection and Response

N


NHT - Non Human Traffic
NOC - Network Operation Center
NIST - National Institute Of Standards and Technology

O


OT - Operational Technology

P


PAM - Privileged Access Management
PUP - Potentially Unwanted Programs
PCI-DSS - Payment Card Industry Data Security Standard Pentest - Penetration Testing


Q


R


RAT - Remote Access Trojan
RBAC - Role- Based Access Control

S


SIEM - Security Information and Event Management
SOAR - Security Orchestration Automation and Response
SSO - Single Sign On SWG - Secure Web Gateway
SSE - Security Service Edge
SASE - Secure Access Service Edge
SSID - Service Set Identifier
SSL - Secure Socks Layer
SOC - Security Operation Center
SQLI - Structured Query Language Injection
SCF - Secure Controls Framework
SAST - Static Application Security Testing


T


2FA - Two-Factor Authentication
TTP - Tactics Techniques and Procedures
TLS - Transport Layer Security
TI - Threat Intelligence

U


UEBA - User and Entity Behavior Analytics
UCF - Unified Compliance Framework

V


VPN - Virtual Private Network

W


WAF - Web Application Firewall
WAS - Web Application Scan

X


XDR - Extended Detection and Response
XSS - Cross-Site Scripting

Y


Z


ZTNA - Zero Trust Network Access



Referências