terms Archives -

Security+ Terms and Acronyms

Greg Palmer — Mon, 12 Dec 2016 19:19:28 +0000

Terms and Acronyms Used in Security+

Term	Acronym
Triple Digital Encryption Standard	3DES
Authentication, Authorization and Accounting	AAA
Access Control List	ACL
Advanced Encryption Standard	AES
Advanced Encryption Standards 256-bit	AES256
Authentication Header	AH
Annualized Loss Expectancy	ALE
Access Point	AP
Application Programming Interface	API
Advanced Persistent Threat	APT
Annualized Rate of Occurrence	ARO
Address Resolution Protocol	ARP
Address Space Layout Randomization	ASLR
Application Service Provider	ASP
Acceptable Use Policy	AUP
Antivirus	AV
Business Availability Center	BAC
Business Continuity Planning	BCP
Business Impact Analysis	BIA
Basic Input/Output System	BIOS
Business Partners Agreement	BPA
Bridge Protocol Data Unit	BPDU
Bring Your Own Device	BYOD
Certificate Authority	CA
Common Access Card	CAC
Controller Area Network	CAN
Completely Automated Public Turing test to tell Computers and Humans Apart	CAPTCHA
Corrective Action Report	CAR
Counter-mode/CBC-MAC Protocol	CCMP
Closed-Circuit Television	CCTV
Computer Emergency Response Team	CERT
Cipher Feedback	CFB
Challenge Handshake Authentication Protocol	CHAP
Chief Information Officer	CIO
Computer Incident Response Team	CIRT
Content Management System	CMS
Continuity Of Operation Planning	COOP
Contingency Planning	CP
Cyclical Redundancy Check	CRC
Certificate Revocation List	CRL
Customer Relationship Management	CRM
Chief Security Officer	CSO
Cloud Service Provider	CSP
Certificate Signing Request	CSR
Cross-Site Request Forgery	CSRF
Channel Service Unit	CSU
Chief Technology Officer	CTO
Discretionary Access Control	DAC
Database Administrator	DBA
Distributed Denial of Service	DDoS
Data Execution Prevention	DEP
Digital Encryption Standard	DES
Dynamic Host Configuration Protocol	DHCP
Data-Handling Electronics	DHE
Diffie-Hellman Ephemeral	DHE
Dynamic Link Library	DLL
Data Loss Prevention	DLP
Demilitarized Zone	DMZ
Destination Network Address Transaction	DNAT
Domain Name Service (Server)	DNS
Denial of Service	DoS
Disaster Recovery Plan	DRP
Digital Signature Algorithm	DSA
Digital Subscriber Line	DSL
Data Service Unit	DSU
Extensible Authentication Protocol	EAP
Elliptic Curve Cryptography	ECC
Elliptic Curve Diffie-Hellman Exchange	ECDHE
Elliptic Curve Digital Signature Algorithm	ECDSA
Encrypted File System	EFS
Electromagnetic Interference	EMI
Enterprise Resource Planning	ERP
Electronic Serial Number	ESN
Encapsulated Security Payload	ESP
File system Access Control List	FACL
Full Disk Encryption	FDE
Fully Qualified Domain Name	FQDN
False Rejection Rate	FRR
File Transfer Protocol	FTP
Secured File Transfer Protocol	FTPS
Galois Counter Mode	GCM
GNU Privacy Guard	GPG
Group Policy Object	GPO
Global Positioning System	GPS
Graphic Processing Unit	GPU
Generic Routing Encapsulation	GRE
High Availability	HA
Hard Disk Drive	HDD
Host-based Intrusion Detection System	HIDS
Host-based Intrusion Prevention System	HIPS
Hashed Message Authentication Code	HMAC
HMAC-based One Time Password	HOTP
Hardware Security Module	HSM
Hot Standby Router Protocol	HSRP
Hypertext Markup Language	HTML
Hypertext Transfer Protocol	HTTP
Hypertext Transfer Protocol over SSL	HTTPS
Heating, Ventilation and Air Conditioning	HVAC
Infrastructure as a Service	IaaS
Internet Control Message Protocol	ICMP
Industrial Control Systems	ICS
Identification	ID
International Data Encryption Algorithm	IDEA
Intermediate Distribution Frame	IDF
Identity Provider	IdP
Intrusion Detection System	IDS
Internet Key Exchange	IKE
Instant Messaging	IM
Internet Message Access Protocol v4	IMAP4
Internet of Things	IoT
Internet Protocol	IP
Internet Protocol Security	IPSec
Incident Response	IR
Internet Relay Chat	IRC
Incident Response Procedure	IRP
Interconnection Security Agreement	ISA
Internet Service Provider	ISP
Information Systems Security Officer	ISSO
IT Contingency Plan	ITCP
Initialization Vector	IV
Just a Bunch Of Disks	JBOD
Key Distribution Center	KDC
Key Encryption Key	KEK
Layer 2 Tunneling Protocol	L2TP
Local Area Network	LAN
Lightweight Directory Access Protocol	LDAP
Lightweight Extensible Authentication Protocol	LEAP
Monitoring as a Service	MaaS
Mandatory Access Control or Media Access Control	MAC
Message Authentication Code	MAC
Metropolitan Area Network	MAN
Master Boot Record	MBR
Message Digest 5	MD5
Main Distribution Frame	MDF
Man-In-The-Middle	MITM
Memorandum Of Understanding	MOU
Multi-Protocol Layer Switch	MPLS
Microsoft Challenge Handshake Authentication Protocol	MSCHAP
Mean Time Between Failures	MTBF
Mean Time To Recover	MTTR
Mean Time To Failure	MTTF
Maximum Transmission Unit	MTU
Network Access Control	NAC
Network Address Translation	NAT
Non-Disclosure Agreement	NDA
Near Field Communication	NFC
Network-based Intrusion Detection System	NIDS
Network-based Intrusion Prevention System	NIPS
National Institute of Standards and Technology	NIST
Network Operating System	NOS
New Technology File System	NTFS
New Technology LANMAN	NTLM
Network Time Protocol	NTP
Open Authorization	OAUTH
Online Certificate Status Protocol	OCSP
Open License Agreement	OLA
Operating System	OS
Open Vulnerability Assessment Language	OVAL
Peer to Peer	P2P
Proxy Auto Configuration	PAC
Pluggable Authentication Modules	PAM
Password Authentication Protocol	PAP
Port Address Translation	PAT
Password-Based Key Derivation Function 2	PBKDF2
Private Branch Exchange	PBX
Packet Capture	PCAP
Protected Extensible Authentication Protocol	PEAP
Personal Electronic Device	PED
Perfect Forward Secrecy	PFS
Pretty Good Privacy	PGP
Personally Identifiable Information	PII
Personal Identity Verification	PIV
Public Key Infrastructure	PKI
Plain Old Telephone Service	POTS
Point-to-Point Protocol	PPP
Point-to-Point Tunneling Protocol	PPTP
Pre-Shared Key	PSK
Pan-Tilt-Zoom	PTZ
Recovery Agent	RA
Registration Authority	RA
Rapid Application Development	RAD
Remote Authentication Dial-In User Server	RADIUS
Redundant Array of Inexpensive Disks	RAID
Remote Access Server	RAS
Role-Based Access Control	RBAC
Rule-Based Access Control	RBAC
RSA Variable Key Size Encryption Algorithm	RC4
Remote Desktop Protocol	RDP
Integrity Primitives Evaluation Message Digest	RIPEMD RACE
Return On Investment	ROI
Recovery Point Objective	RPO
Rivest, Shamir and Adleman	RSA
Remote Triggered Black Hole	RTBH
Recovery Time Objective	RTO
Real-time Transport Protocol	RTP
Secure/Multipurpose Internet Mail Extensions	S/MIME
Security Assertions Markup Language	SAML
Software as a Service	SaaS
Storage Area Network	SAN
System Control and Data Acquisition	SCADA
Security Content Automation Protocol	SCAP
Simple Certificate Enrollment Protocol	SCEP
Small Computer System Interface	SCSI
Software Development Life Cycle	SDLC
Software Development Life Cycle Methodology	SDLM
Structured Exception Handler	SEH
Secure Hashing Algorithm	SHA
Secured File Transfer Protocol	SFTP
Secure Hypertext Transfer Protocol	SHTTP
Security Information and Event Management	SIEM
Subscriber Identity Module	SIM
Service Level Agreement	SLA
Single Loss Expectancy	SLE
Short Message Service	SMS
Simple Mail Transfer Protocol	SMTP
Simple Mail Transfer Protocol Secure	SMTPS
Simple Network Management Protocol	SNMP
Simple Object Access Protocol	SOAP
Synchronous Optical Network Technologies	SONET
Spam over Internet Messaging	SPIM
Structured Query Language	SQL
Solid State Drive	SSD
Secure Shell	SSH
Secure Sockets Layer	SSL
Single Sign-On	SSO
Shielded Twisted Pair or Spanning Tree Protocol	STP
Terminal Access Controller Access Control System Plus	TACACS+
Transmission Control Protocol/Internet Protocol	TCP/IP
Trivial File Transfer Protocol	TFTP
Ticket Granting Ticket	TGT
Temporal Key Integrity Protocol	TKIP
Transport Layer Security	TLS
Time-based One-Time Password	TOTP
Trusted Platform Module	TPM
Transaction Signature	TSIG
User Acceptance Testing	UAT
Unified Extensible Firmware Interface	UEFI
User Datagram Protocol	UDP
Uninterruptable Power Supply	UPS
Uniform Resource Identifier	URI
L Universal Resource Locator	UR
Universal Serial Bus	USB
Unified Threat Management	UTM
Unshielded Twisted Pair	UTP
Virtualization Desktop Infrastructure	VDI
Virtual Local Area Network	VLAN
Variable Length Subnet Masking	VLSM
Virtual Machine	VM
Voice over IP	VoIP
Virtual Private Network	VPN
Video Teleconferencing	VTC
Web-Application Firewall	WAF
Wireless Access Point	WAP
Wired Equivalent Privacy	WEP
Wireless Intrusion Detection System	WIDS
Wireless Intrusion Prevention System	WIPS
WiFi Protected Access	WPA
WiFi Protected Access 2	WPA2
WiFi Protected Setup	WPS
Wireless TLS	WTLS
Extensible Markup Language	XML
Cross-Site Request Forgery	XSRF
Cross-Site Scripting	XSS

References

CompTIA Security+ Certification Exam Objectives

Disclaimer

The post Security+ Terms and Acronyms appeared first on .

Online Terms of Service Agreements in Contract Law

Greg Palmer — Sat, 19 Nov 2016 04:00:00 +0000

The Importance of Online Terms of Service Agreements in Contract Law

Online Terms of Service agreements (TOS) found in contracts must have the following elements to be considered legal and enforceable:

Parties to the contract must have the legal ability to enter a contract known as contractual capacity.
A contract can only be used for transactions that are legal and do not violate basic principles of society
Contract parties must show an intention to enter the contract with specific terms referred to as mutual assent. Mutual assent is demonstrated through the offer and acceptance process.

Additionally, a contract must demonstrate a principle known as meeting of the minds where the parties must agree to the terms of a contract, and the contracting parties must also bargain for something of value referred to as consideration (Grama, 2015, pg.316-322).

Online provider “terms of service” are considered contracts of adhesion. These type contracts usually benefit the online entity and do not allow an opportunity to negotiate the terms of the contract. These are known as “take it or leave it” contracts which give the offerer all bargaining power. These contracts are also known as “form” or “boilerplate” contracts. These type contracts may be considered undesirable but are sometimes necessary in e-commerce since it is not feasible for e-commerce merchants to negotiate the terms of every transaction separately (Grama, 2015, pg.332-333).

Kelly (n.d.) states that that every entity doing business on the Internet should have a comprehensive, well written Terms of Service (TOS) agreement posted or available on any website they conduct business or commerce from. Kelly (n.d.) further states that a TOS should have five components as follows:

If the website allows a user to create and access an account, the TOS must specify the terms associated with this.
If your site allows a client to submit user-generated content, then the TOS must make it clear that any derogatory, harassing, or other illegal content will not be tolerated.
When allowing users to submit their own content, the TOS must also inform them that such submissions automatically become property of the hosting entity. Additionally, the hosting entity has the right to modify, copy, distribute, and use their submissions as they see fit.
A provision concerning the use or dissemination of your copyrighted materials to ensure a user does not copy an entities website as a whole, or sections, and reproduce it elsewhere.
A well written stipulation must be provided clarifying the hosting entities lack of liability. It must specify that any incidental or consequential damages incurred by the user, no matter how caused, are not the entities fault.

The news and discussion site reddit provides the following user agreement that follows the principles discussed by both Grama (2015) and Kelly (n.d.) as shown below.

“To participate on reddit, you must create an account that includes a user name and password (“Your Account”) and, if you want to be able to reset your password or have us contact you, an email address as well.”

reddit contains graphics, text, photographs, images, video, audio, software, code, website compilation, website “look and feel,” and advertisements supplied by us or our licensors, which we call “reddit content.” reddit content is protected by intellectual property laws including copyright and other proprietary rights of the United States and foreign countries.

You retain the rights to your copyrighted content or information that you submit to reddit (“user content”) except as described below.

By submitting user content to reddit, you grant us a royalty-free, perpetual, irrevocable, non-exclusive, unrestricted, worldwide license to reproduce, prepare derivative works, distribute copies, perform, or publicly display your user content in any medium and for any purpose, including commercial purposes, and to authorize others to do so.

You agree that you have the right to submit anything you post, and that your user content does not violate the copyright, trademark, trade secret or any other personal or proprietary right of any other party.”

We take no responsibility for, we do not expressly or implicitly endorse, and we do not assume any liability for any user content submitted by you to reddit.”

It was also noted that one of the first provisions that reddit provides in its user agreement is clarification of the contract between reddit and its users which states that the “agreement is a legal contract between you and us. You acknowledge that you have read, understood, and agree to be bound by the terms of this agreement” (Reddit user agreement, 2016).

References

Grama, J. L. (2015). Legal issues in information security (2nd ed.). Boston, MA: Jones & Bartlett Learning.

Kelly, A. (n.d.). Crucial Elements of a Terms of Service Agreement. Retrieved June 8, 2016, from https://www.hg.org/article.asp?id=20466

Reddit user agreement. (2016, May 27). Reddit user agreement. Retrieved June 8, 2016, from https://www.reddit.com/wiki/useragreement

Disclaimer

The post Online Terms of Service Agreements in Contract Law appeared first on .