“Study; relax; remember you just need to pass, not excel.”
PII – Personally Identifiable Information. Any data that could potentially be used to identify, contact, or locate a specific individual either alone or in conjunction with other data.
PHI – Personal Health Information. Any information about health, health care, or health care payments that can be connected to a specific individual. Regulatory law tends to define PHI very broadly.
CHD – Card Holder Data. Credit Card related information such as credit card numbers, cardholders names, card verification values (CVV), expiration dates, etc.
SBU – Sensitive But Unclassified. A US government classification between Confidential and Unclassified. Disclosure of SBU information will not cause damage to national security.
Think for example of the Veterans Administration laptop that went missing with lots of veteran’s personal information such as dates of birth, social security numbers, etc. Clearly this was sensitive information, but no damage to national security could result.
FOIA – Freedom of Information Act. Data that would otherwise be classified can be made public through the FOIA. With the emphasis on internationalizing the exam, you probably won’t see FOIA, but it still may be lingering in some questions in the question bank.
ESI – Electronically Stored Information.
Data Controller – The entity that creates and manages sensitive data. A commonly given example is a company that collects and manages their employee data for payroll purposes.
Data Processor – A 3rd party entity that processes
data on behalf of the Data Controller. A commonly given example is a
company that processes payroll data on behalf of the Data Controller.
Memory: The basic rule with memory is: the faster it is, the more expensive it is, and the less of it you have! Hence most systems have far less SRAM than DRAM for example.
RAM – Random Access Memory.
DRAM – Dynamic Random Access Memory. A type of RAM usually used for main memory, for example the laptop I’m typing on now has 8 Gig of memory/DRAM. DRAM must be refreshed many times a second as it depends on small capacitance charges that decay with time.
SRAM – Static Random Access Memory. A very fast and expensive form of RAM that is typically used for cache.
WORM – Write Once Read Many. Sometimes called Write Once Read Memory. A data storage device that once written cannot be rewritten.
ROM – Read Only Memory. Memory that is directly addressable from the CPU and contains critical startup code such as that to start the bootup sequence. This critical code is often called “firmware.” For example, think BIOS (Basic Input/Output System) on PCs. ROM is non-volatile – it doesn’t go away when power is removed.
PROM – Programmable Read Only Memory. This is ROM but is blank when manufactured, and programmed by the system developer/designer. Standard PROM can only be programmed once. Thousands or millions of tiny traces on the chip actually burn out when it is programmed. This makes PROMs not so cool for firmware, as the firmware can never be updated.
EPROM – A type of PROM that can be erased and reprogrammed. It is erased by “flashing” it with ultraviolet light. EPROMs are uncommon today.
EEPROM – Electrically Erasable PROM. A type of ROM that can be rewritten. Most computers use EEPROM for their BIOS today. This is sometimes called “Flash Memory” even though it is the far less common EPROMs that are erased by flashing them with UV light.
PLD – Programmable Logic Device. PROMs, EPROMs, and EEPROMs are examples of a more general technology and type of chip called a Programmable Logic Device. This term seems to show up fairly often on the exam.
GAL – Generic Array Logic or Gate Array Logic. A type of PLD which is reprogrammable.
CPU – Central Processing Unit.
SSD – Solid State Drive. Also called a Solid State Disk. Very fast drives which have no moving parts and use integrated circuit assemblies to store data.
ATA Secure Erase – Used to securely erase SSDs. More secure than an OS disk format, however not all data may be erased in case of physical damage; physical blocks marked as “bad” may still contain data.
CIS – The Center for Internet Security. A non profit organization whose goal is to foster cyber security through collaborative best practices. They make a wide variety of benchmarks, assessment tools, and much more available.
NIST – National Institute of Standards and Technology, a US Governmental body formerly known as the National Bureau of Standards (NBS), and responsible for a number of standards pertaining to security, such a DES and AES among many others.
DISA – The USA Defense Information Systems Agency, a United States Department of Defense (DoD) support agency that provides information technology and communications support.
STIGS – Secure Technical Implementation Guides from DISA. Secure configuration standards to lockdown software and hardware.
ISO – The International Organization for Standardization.
IETF – Internet Engineering task Force. Very simply the group that develops and promotes Internet standards.
RFC - Internet standards are known as RFCs, Requests For Comments.
Scoping – Determining which parts of a standard are applicable and will be followed.
Tailoring – Customizing a standard for a particular organization. Tailoring consists of Scoping then supplementing with additional controls and/or control enhancements as appropriate.
Get a PDF of The CISSP Acronym Edge: CISSP Study & Review Guide - signup below & I'll send it to you.