# – 2 – A – B – C – D – E – F – G – H – I – J – K – L – M – N – O – P – Q – R – S – T – U – V –W – X – Y – Z

2

2FA

Two Factor Authentication / Zwei-Faktor-Authentifizierung
Identification using two independent components (e.g. card plus PIN or web login plus mobile phone TAN)

A

API

API Application Programming Interface

APT

Advanced Persistent Threat
Sophisticated, targeted way of attacking the IT / OT / ICS infrastructure of an organization or a company

ATP

Advanced Threat Protection
Defence against targeted, high-tech attacks

B

BYOD

Bring Your Own Device
Use of private devices in the company environment (Internet access, access to contact data, etc.)

C

C2 / C&C

Command and Control
C&C servers are central computers that control botnets, collect data and send commands

CMS

Content Management System
Software for the provision and processing of content, e.g. for websites

CPU

Central Processing Unit

CRM

Customer Relationship Management
Software for the management of customer data and relationships

CVE

Common Vulnerabilities and Exposures
List of publicly known vulnerabilities

D

(D)DoS

(Distributed) Denial of Service
Attack targeting the unavailability of an Internet service

DKIM

Domain Keys Identified Mail
Prevents changes to emails during transport

DMARC

Domain-Based Message Authentication Reporting and Conformance
Combination from SPF and DKIM

DNS

Domain Name System
System for resolving computer names into IP addresses and vice versa

F

FTP

File Transfer Protocol
Network protocol for transferring files over IP networks

G

GDPR

General Data Protection Regulation
Legal requirements for dealing with sensitive data

H

HTTPS

Hyper Text Transfer Protocol Secure
Communication protocol for the secure transmission of data over the Internet (secure HTTP connection)

I

IACS

Industrial Automation and Control Systems

ICS

Industrial Control Systems
Control systems for industrial processes

ID

Identifikator
Unique identification feature

IDS

Intrusion Detection System
A system for detecting attacks on computer systems or networks

IEC

International Electrotechnical Commission
International standardization commission for electrical engineering

IoCs

Indicators of Compromise
Indicators of an infection, e.g. signatures or addresses of command & control servers

IoT

Internet of Things
Network of “intelligent” objects that communicate with each other via processors and sensors via an IP network

IP

Internetprotokoll
Widely used network protocol for data packet switching

ISMS

Information Security Management System
Describes all internal processes and rules that have the task – online or offline – of permanently defining, controlling, monitoring, maintaining and improving information security

IT

Information Technology
Information and data processing based on provided technical services and functions

M

MDR

Managed Detection and Response
Managed (outsourced) detection and response services

N

NFC

Near Field Communication
Transmission standard for contactless data exchange

O

OT

Operational Technology
Hardware and software for monitoring and controlling the performance of industrial devices or processes

P

PIN

Personal Identification Number
Secret code used for identification

PKI

Public Key Infrastruktur
System that can issue, distribute and verify digital certificates

Q

QR-Code

Quick Response Code
2D codes that are read by QR Code scanners and may contain links, text or other data

R

RFID

Radio Frequency Identification
Technology for automatic and contactless identification and localization using radio waves

S

SIEM

Security Information and Event Management
System that evaluates, summarizes and correlates the log files of the used IT security solutions

SLA

Service Level Agreement
Recurring Services Contract

SOAR

Security Orchestration Automation and Response
Orchestration, control and collection of data from different programs about security threats

SOC

Security Operation Center
Managed security platform that centrally collects alerts and event data and whose team of experts evaluates them against up-to-date threat data

SPF

Sender Policy Framework
Defines allowed senders for email domains

SSL

Secure Sockets Layer
Network protocol for secure data transmission

T

TI

Threat Intelligence
Data on threats (e.g. malware or groups of attackers)

TLS

Transport Layer Security
Upgraded version of SSL

TTPs

Tactics, Tools and Procedures
Typical attackers’ approaches

U

URL

Uniform Resource LocatorInternet address of a single page

USB

Universal Serial Bus
System for connection (e.g. data transmission) between computer and external devices

V

VR

Virtual Reality
Representation and perception of reality in a computer-generated interactive environment

W

WAF

Web Application Firewall
A service to protect against attacks via HTTP on web applications.

WHALING

Attack scenario in which the attackers pose as high-ranking employees of the company, also known as CEO fraud

WiFi

Short for “Wireless Fidelity”
Wireless local radio network for the 802.11 radio standard and compatible devices

WLAN

Wireless Local Area Network

WPA

WiFi Protected Access
Encryption type in the area of radio networks