DEV Community: Abdelkrim

Acronyms you should master in Cybersecurity

Abdelkrim — Wed, 16 Nov 2022 16:02:53 +0000

the update list is available here: https://altf1be.wordpress.com

ACID Atomicité, Cohérence, Isolation et Durabilité
AM Access Management
API Application Programming Interface
APT Advanced Persistent Threat
ARA Architecture Risk Analysis
ATP Advanced Threat Protection
BCP Business Continuity Plan
BIA Business Impact Analysis
CA Certificate Authority
CASB Cloud access security brokers are on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed www.gartner.com
CERT Computer Emergency Response Team
CICS Customer Information Control System
COSI Committee on Internal Security
CSPM Cloud security posture management implements continuous, automated security and compliance processes, primarily to secure the infrastructure where workloads are deployed.
CVE Common Vulnerabilities Exposure
CWPP Cloud Workload Protection Platform enables you to perform security functions across multiple environments.
DAG Data Access Governance
DCSA Data-Centric Security Architecture
DFIR Digital Forensics and Incident response
DLO Data loss objective
DLP Data Loss Prevention
DNS Domain Name System
DRP Disaster Recovery Plan
EDR Endpoint Detection and Response
EDR Endpoint detection and response is an integrated endpoint security solution that combines real-time continuous monitoring and collection of endpoint data with rules-based automated response and analysis capabilities. www.trellix.com
EDRM Enterprise Digital Rights Management
EFW Enterprise firewall
EOB End Of Business
EPP Endpoint protection platform is a solution deployed on endpoint devices to prevent file-based malware attacks, detect malicious activity, and provide the investigation and remediation capabilities needed to respond to dynamic security incidents and alerts www.gartner.com
ETDR endpoint threat detection and response www.trellix.com
FQDN Fully-Qualified Domain Name
GDPR General Data Protection Regulation (EU)2016/679
GRC Governance Risk & Compliance
HSM Hardware Security Module
ICS Industrial Control System
IDS Intrusion Detection System
IEC International Electrotechnical Commission
IFSMS Information Security Management System
IGA Identity Governance and Administration is at the center of IT operations, enabling and securing digital identities for all users, applications and data www.sailpoint.com
IoT Internet Of Things
IPS Intrusion Prevention Systems
IR Incident Response
ISA Information Security Advisor
ISMS Information Security Management System
ITSM Information Technologie and Service Management
KMS Key Management Service
MDM Mobile Device Management
MDR Managed Detection and response
MTD Mobile Threat Defense crsc.nist.gov
MTTR Mean time to Recover
NAC Network Access Control
OWASP Open Web Application Security Project
PAM Privileged Access Management
PKI Public Key Infrastructure
PSSI Pfolitique de sécurité des systèmes d’information
ROPA Record of Processing Activity
RPO Recovery Point Objective. The RPO of a business characterizes the maximum acceptable period of time that can pass between the time that data was last backed up and a critical failure such as a cyber-attack.[source]
RTO Recovery Time Objective
SABSA Sherwood Applied Business Security Architecture
SCADA Supervisory Control And Data Acquisition
SEG Secure Email Gateway is a solution that improves the protection of incoming and outgoing emails www.gatefy.com
SIAM Service Integration And Management
SIEM System Information & Event Management
SLA Service Level Agreement
SMSI Système de Management de la Sécurité d’Information
SOA Statement of Applicability
SOAR Security Orchestration, Automation, and Response
SOC Security Operating Center
SSLC Secured software lifecycle development
SWG Secure Web Gateway protects users from web-based threats in addition to applying and enforcing corporate acceptable use policies www.paloaltonetworks.com
TLS Transport Layer Security
TOGAF The Open Group Architecture Framework
UDC User-Driven Classification
UEBA User and Entity Behavior Analytics
UEM/UES Unified endpoint management/Unified Endpoint Security
UTM Unified Threat Management
VMDR Vulnerability Management, Detection and Response
VPN Virtual Private Network
WAAP Web Application API Protection
WAF Web Application Firewall
XDR Extended Detection and Response is a security solution based on the concept of correlating and analyzing data from multiple sources, including machine data, log * data, and network data into a single, unified stream www.extrahops.com
ZTNA Zero trust network access (ZTNA) is a product or service that creates an identity- and context-based, logical access boundary around an application or set of applications. The applications are hidden from discovery, and access is restricted via a trust broker to a set of named entities www.gartner.com

COVID-19, mobile apps that preserve privacy. And the winner is ….

Abdelkrim — Sun, 19 Apr 2020 22:43:24 +0000

The World struggles and needs to choose between data privacy and the interruption of new chains of SARS-CoV-2 (COVID-19, Coronavirus) transmission.

Here is a summary of the best mobile apps preserving the data privacy built by Governments (https://github.com/fs0c131y/covid19-tracker-apps)

We count 34 mobile apps from countries all over the World, from Argentina to Vietnam.

Some apps focus on cities or provinces (e.g., Madrid – Spain, Lombardia – Italy)
Google Play (store) (it is a guess) accepts to name an app “COVID” only if a public administration publishes it (try it from your location: https://play.google.com/store/search?q=covid)
The mobile app written by Iran is not available on the store and needs to be installed outside the app store
Apple Store (it is not a guess) accepts to name any app with “COVID” (try it from your location on the https://apps.apple.com)

Most mobile apps indicate that their authors pay strict attention to the data privacy of the users or that the mobile app is not mandatory to use.

Some mobile apps require the mobile phone number of their smartphone’ owner to enable the Ministry of Health to contact them
Geolocations are kept in the mobile phone
- Geolocations are shared only if the user accepts it
The authors (Ministry of Health) may ask the geolocation of the user if he/she is infected
The user is aware of its possible infection by another person if he/she has walked near an infected person in the last 14 days
Data about phones near the user does not reveal personal identities
Data about phones near the user are stored on user’ phone [and not centrally]
Other third-party services will not be able to track the user’ identity
Users are in control of their data and can revoke consent any time
User’ data will only be used for COVID-19 contact tracing
The author of the app collects anonymized data to improve the software

By far, the availability of the source code facilitates the work of software engineers and fasten the deployment of applications taking good care of the data privacy of individuals, Israël, Iceland and Pasteur Institute and Greater Paris University Hospitals paved the way to other public administrations.

A mobile app will never save the World from the virus, but it may reduce its spread in the long run (remember that we need to flatten the curve).

Full details are available here: https://altf1be.wordpress.com/2020/04/20/covid-19-mobile-apps-that-preserve-privacy-and-the-winner-is

COVID-19, gather and analyze data from the ECDC

Abdelkrim — Mon, 30 Mar 2020 23:43:59 +0000

The notebook displays using plotly the aggregated data by the European Center for Disease Control about the COVID-19 outbreak

https://bit.ly/2ylpkeO