cism acronyms.pdf

8/17/2019 CISM Acronyms.pdf

1/4

CISM AcronymsThe CISM candidate should be familiar with the following list of acronyms. These acronyms arethe only standalone abbreviations used in examination questions.

CD Compact DiskCD-ROM Compact Disk Read Only MemoryDMZ Demilitarized zoneHTML Hypertext Markup LanguageID IdentificationIP Internet ProtocolIPS Intrusion prevention systemIPSec Internet Protocol SecurityIS Information systemsISP Internet service providerIT Information technologyOS Operating systemURL Uniform resource locator

XML Extensible Markup Language

In addition to the aforementioned acronyms, candidates may also wish to become familiar withthe following additional acronyms. Should any of these abbreviations be used in examinationquestions, their meanings would be included when the acronym appears.

AESRM Alliance for Enterprise Security Risk Management AIW Acceptable interruption window ALE Annual loss expectancy API Application programming interface AS/NZS Australian Standard/New Zealand Standard ASCII American Standard Code for Information Interchange ASIC Application-specific integrated circuit ASP Application service provider ATM Asynchronous Transfer Mode AV Asset valueBCI Business Continuity InstituteBCM Business continuity managementBCP Business continuity planningBGP Border Gateway ProtocolBI Business intelligenceBIA Business impact analysisBIMS Biometric information management and securityBIOS Basic input/output systemBITS Banking Information Technology StandardsBLP Bell-LaPadulaBLP Bypass label process

BS British StandardCA Certificate authorityCASPR Commonly accepted security practices and recommendationsCEO Chief executive officerCERT Computer emergency response teamCFO Chief financial officerCIM Computer-integrated manufacturingCIO Chief information officerCIRT Computer incident response team


2/4

CISM Acronyms – Page 2

CISO Chief information security officerCMM Capability Maturity ModelCOO Chief operating officerCOOP Continuity of operations planCORBA Common Object Request Broker ArchitectureCOSO Committee of Sponsoring Organizations of the Treadway CommissionCPO Chief privacy officerCPU Central processing unitCRM Customer relationship managementCSA Control self-assessmentCSF Critical success factorCSIRT Computer security incident response teamCSO Chief security officerCSRC Computer Security Resources Center (USA)CTO Chief technology officerCVE Common vulnerabilities and exposuresDAC Discretionary access controlsDBMS Database management systemDCE Distributed control environmentDCE Data communications equipment

DCE Distributed computing environmentDCL Digital command languageDDoS Distributed denial of serviceDES Data Encryption StandardDHCP Dynamic Host Configuration ProtocolDNS Domain name systemDNSSEC Domain Name Service SecureDoS Denial of serviceDOSD Data-oriented system developmentDR Disaster recoveryDRII Disaster Recovery Institute InternationalDRP Disaster recovery planningEDI Electronic data interchange

EER Equal error rateEF Exposure factorEFT Electronic funds transferEGRP External Gateway Routing ProtocolEIGRP Enhanced Interior Gateway Routing ProtocolEU European UnionFAIR Factor analysis of information riskFAR False-acceptance rateFCPA Foreign Corrupt Practices ActFIPS Federal Information Processing Standards (USA)FISMA Federal Information Security Management Act (USA)FSA Financial Security Authority (USA)GLBA Gramm-Leach-Bliley Act (USA)

GMI Governance Metrics InternationalHD-DVD High definition/high density-digital video discHIDS Host-based intrusion detection systemHIPAA Health Insurance Portability and Accountability Act (USA)HIPO Hierarchy Input-Process-OutputHR Human resourcesHTTP Hypertext Transfer ProtocolI/O Input/outputICT Information and communication technologiesIDEFIX Integration Definition for Information Modeling


3/4


IDS Intrusion detection systemIEC International Electrotechnical CommissionIETF Internet engineering task forceIFAC International Federation of AccountantsIIA Institute of Internal AuditorsIMT Incident management teamIPF Information processing facilityIPL Initial program loadIPMA International Project Management AssociationIPRs Intellectual property rightsIPS Intrusion-prevention systemIRP Incident response planIRT Incident response teamISF Information Security ForumISO International Organization for StandardizationISSA Information System Security AssociationISSEA International System Security Engineering AssociationITGI IT Governance InstituteJCL Job control languageKGI Key goal indicator

KLOC Kilo lines of codeKPI Key performance indicatorKRI Key risk indicatorL2TP Layer 2 Tunneling ProtocolLAN Local area networkLCP Link Control ProtocolM&A Mergers and AcquisitionMAC Mandatory access controlMAO Maximum allowable outageMIME Multipurpose Internet mail extensionsMIS Management information systemMitM Man-in-the-middleMTD Maximum tolerable downtime

MTO Maximum tolerable outageNAT Network address translationNCP Network Control ProtocolNDA Nondisclosure agreementNIC Network interface cardNIDS Network intrusion detection systemNIST National Institute of Standards and Technology (USA)NPV Net present valueOCSP Online Certificate Status ProtocolOCTAVE Operationally Critical Threat, Asset and Vulnerability EvaluationOECD Organization for Economic Co-operation and DevelopmentOEP Occupant emergency planOSI Open systems interconnection

OSPF Open Shortest Path FirstPAN Personal area networkPCI DSS Payment Card Industry Data Security StandardPDCA Plan-do-check-actPKI Public key infrastructurePMBOK Project Management Body of KnowledgePOS Point-of-salePPPoE Point-to-point Protocol over EthernetPRA Probabilistic risk assessmentPSTN Public switched telephone network


4/4


PVC Permanent virtual circuitQA Quality assuranceRAID Redundant array of inexpensive disksROI Return on investmentROSI Return on security investmentRPO Recovery point objectiveRRT Risk Reward Theorem/TradeoffRSA Rivest, Shamir and Adleman (RSA stands for the initials of the developers’

last names)RTO Recovery time objectiveS/HTTP Secure Hypertext Transfer ProtocolSABSA Sherwood Applied Business Security ArchitectureSCADA Supervisory Control and Data AcquisitionSDLC System development life cycleSDO Service delivery objectiveSEC Securities and Exchange Commission (USA)SIEM Security information and event managementSIM Security information managementSLA Service level agreementSMART Specific, measurable, achievable, relevant, time-bound

SMF System management facilitySOP Standard operating procedureSPI Security Parameter IndexSPICE Software process improvement and capability determinationSPOC Single point of contactSPOOL Simultaneous peripheral operations onlineSQL Structured Query LanguageSSH Secure ShellSSL Secure Sockets LayerSSO Single sign-onTCO Total cost of ownershipTCP Transmission Control ProtocolTLS Transport layer security

UDP User Datagram ProtocolUSB Universal Serial BusVAR Value at riskVoIP Voice-over IPVPN Virtual private networkXBRL Extensible Business Reporting Language

cism acronyms.pdf

Documents