ITSY Key Acronyms/terms Module 5 1. Some of you are new to Information Security (InfoSec) and some are experienced practitioners looking for some additional education/certification. 2. The biggest part of learning anything new is getting a grasp of the professional vocabulary and with all things the IT/infosec related acronyms…spoiler alert -- there are LOT of them. 3. What to do: a. If it is acronyms spell it out (remember these terms are relevant to cyber security) b. Provide a brief definition in your own words c. Use the acronym/term in a few sentences explaining how it is relevant to cyber security…for instance: Example: A+ - is a CompTIA certification and is generally consider the first in the series. The A+ certification covers the following areas of IT knowledge/skills: installing, maintaining, customizing, and operating personal computers. Before I was able to take the CompTIA Network+ exam I had to first take and pass the A+ exam. Having the A+ certification on my resume helped me land my first computer repair job. 4. Each acronym/term should require about 3-4 sentences in order to really define and describe it (remember use your own words please do not just copy and paste from a internet search). Term/Acronym NTFS – New Technology File System is a filing system by Microsoft used in their operating system software in which hard drives connected to the system are formatted and partitioned to accommodate applications and data to be installed or stored. NTFS is an upgraded version of the File Allocation Table (FAT) starting from Windows NT operating system. It is available on other operating systems such as Linux and MacOS but has a limited capacity. NTFS helps with features such as disk usage quotas, file/data search and backup, sharable hard drive space, file compression, indexing, and encryption, among others. PKI – Public Key Infrastructure is a system of policies that uses technology to provide security and protection/management of data, its storage, and transfer within and around networks. It deals mostly in the services of encryption along the lines of CIA (Confidentiality, Integrity, and Availability) by issuing private/public keys or certificates for secure access/use after trusted devices, entities, or users have been verified. PKI helps with secure connections in authorizing and authenticating users to networks, applications, and other important data that needs protection. IEEE – The Institute of Electrical and Electronics Engineers is a professional organization that continually improves the electrical and electronics industry, and its related fields, through standardizations and innovations for the demand to meet the development and maintenance of ever-growing technology. The organization has a presence in over 150 countries and associations in numerous academic institutions. IEEE makes a lot of publications in engineering, computing, science, and technology, as well as conferences, to inform academics on new research, development, and innovations. The most popular standards that IEEE has ever developed are IEEE 802 and IEEE 802.11, known as Wi-Fi. ICANN - The Internet Corporation for Assigned Names and Numbers is the organization responsible for the allocation and coordination of IP addresses, root servers, domain names, numerical and namespaces on the Internet to ensure the stability and security of running networks. The databases associated with the namespaces and numbers on the Internet are also under their supervision, but no control over the contents that run across them. ICANN issues accreditation to new and existing entities for domain registration to have and run a domain name. IANA - The Internet Assigned Numbers Authority is an organization that tracks IP addresses, domain names, protocol parameters, and other values on the Internet to function at the standard required. By performance, devices on the Internet are meant to be able to communicate with each other. Thus, certain values register these communications, and they are entered into a registry maintained by IANA to be available for public viewing. NIST - The National Institute of Standards and Technology is a government agency in the US that aims to develop and promote the novelty of technology in industries and promote competition through the continual improvement of standards. Some of these standards are cybersecurity, privacy, and data protection. NIST operates in multiple areas of science and technology, mostly in research at laboratories to provide definite standards of measurements, communication, engineering, and information technology for the public and private sectors to adhere to. ISO - The International Organization for Standardization is an international organization tasked with providing industrial, title, and commercial, standards. ISO has member representative bodies in over 150 countries with their respective names but similar duties in their territories. The ISO creates standards for emerging industries that offer products and services, and also to existing ones to ensure that requirements are met, and quality is assured. International Association of Chiefs of Police – This is an international association of police leaders and law enforcement personnel that recommend policies and training to further improve the practice of the service of policing. They provide education, advocacy, and reforms from research to provide safer environments. The International Association of Chiefs of Police strives to uphold high standards of professionalism, principles, morality, and honor for its members and to have positive impacts with community outreach. CTIN - The Cyber Threat Intelligence Network is a consulting agency that is an offshoot of Homeland Security tasked with dealing with the threats of cyberattacks involving the US and its entities. CTIN encompasses multiple agencies in many states tasked with training and formulating best practices against cyber-attacks. CTIN’s tasks also include gathering intelligence on potential or known cyber adversaries, setting up cyber defenses, and educating through evidence-based knowledge. IACIS – The International Association of Computer Investigative Specialists are members of an organization that made computer forensics training available to interested individuals. The corporation also trains law enforcement agents in the field of forensics and law. IACIS offers certifications, volunteer training programs, and conferences to professionals and members of the public that are interested.