TMCEC CYBER SECURITY TRAINING
Casey Kennedy Director, Information Services Texas Office of Court Administration
Agenda
•What is cyber-security? •Why is cyber-security important? •The essential role you play. •Overview cyber security threats. •Best practices in dealing with those threats.
What is cyber-security?
• Measures taken to protect a computer or computer system against unauthorized access, use, disclosure, disruption, or attack.
• Cyber-security extends beyond computers. • How much of your daily life relies on computers? • How much of your personal information is stored either on your own computer or on someone else’s system? Why is cyber-security important?
• Many aspects of our lives rely on the Internet and computers, including communications (email, cell phones, texting), government (birth/death records, social security, licensing, tax and court records), finance (bank accounts, loans, electronic paychecks), medicine (equipment, medical records).
• Cyber-security involves protecting the information and systems we rely on every day-whether at home, work or school.
Major breaches in the past year
The essential role you play
• Employees/custodians of the data and information resources are the first line of defense.
• Employees need to understand the value of protecting customer and organizational information and their role in keeping it safe. Threats
• Social Engineering – phishing and phone calls. • Ransomware – Cryptolocker, Cryptowall. • Rootkits and Botnets. • Hactivists – Anonymous. • Wireless and Mobile Devices. • USB Threats – Keystroke loggers.
Social Engineering
• The art of manipulating people into performing actions or divulging confidential information.
• Criminals use social engineering tactics because it is usually easier to exploit your natural inclination to trust than it is to discover ways to hack your software. Best practices for Social Engineering
• Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. • Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person's authority to have the information. • Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email. • Don't send sensitive information over the Internet before checking a website's security.
Social engineering continued…
• Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net). • If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. • Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic. • Take advantage of any anti-phishing features offered by your email client and web browser.
Rootkits and Botnets
• A rootkit is a piece of software that can be installed and hidden on your computer without your knowledge.
• Botnet is a term derived from the idea of bot networks. In its most basic form, a bot is simply an automated computer program, or robot. In the context of botnets, bots refer to computers that are able to be controlled by one, or many, outside sources. How do you know if your system is compromised?
• The following symptoms could indicate that your system is infected: • unusually slow network performance (opening files or accessing websites). • unavailability of a particular website. • inability to access any website. • dramatic increase in the amount of spam you receive in your account.
Advanced Malware
Ransomware example Best practices for avoiding malware
• Use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses, so you may be able to detect and remove the virus before it can do any damage. Because attackers are continually writing new viruses, it is important to keep your definitions up to date. • Install/enable a firewall - Firewalls may be able to prevent some types of infection by blocking malicious traffic before it can enter your computer and limiting the traffic you send. Some operating systems actually include a firewall, but you need to make sure it is enabled. • Use good passwords - Select passwords that will be difficult for attackers to guess, and use different passwords for different programs and devices. Do not choose options that allow your computer to remember your passwords. • Keep software up to date - Install software patches so that attackers can't take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates.
Online Activism
• Anonymous – a loosely associated international network of activist and hacktivist entities.
You are the target
• Texas Judge recuses self after threats from hacker group ‘Anonymous‘. • An Ector County judge was targeted due to decision he made in a child custody dispute. • Anonymous hacker arrested in Texas for compromising county website. • the attack “compromised sensitive human resources and emergency alert data, caused slowness and latency for users, and left administrators unable to access or manage the website for most of the day. • Anonymous Hack of Texas Police Contains Huge Amount of Private Data. Wireless Access or WiFi
• How do wireless networks work? As the name suggests, wireless networks, sometimes called WiFi, allow you to connect to the internet without relying on wires. If your home, office, airport, or even local coffee shop has a wireless connection, you can access the network from anywhere that is within that wireless area. • What security threats are associated with wireless networks? Because wireless networks do not require a wire between a computer and the internet connection, it is possible for attackers who are within range to hijack or intercept an unprotected connection.
WIFI Security Best Practices
• Use caution on public Wi-Fi networks Avoid using open Wi-Fi networks to conduct personal business, bank, or shop online. Open Wi-Fi networks at places such as airports, coffee shops, and other public locations present an opportunity for attackers to intercept sensitive information that you would provide to complete an online transaction.
• Turn off Bluetooth when not in use Bluetooth-enabled accessories can be helpful, such as earpieces for hands-free talking and external keyboards for ease of typing. When these devices are not in use, turn off the Bluetooth setting on your phone. Cyber criminals have the capability to pair with your phone's open Bluetooth connection when you are not using it and steal personal information.
Minimize the risks to your wireless network?
• Change default passwords - These default passwords are easily found online, so they don't provide any protection. Changing default passwords makes it harder for attackers to take control of the device. • Restrict access - Only allow authorized users to access your network. You can restrict or allow access to your network by filtering. Consult your user documentation to get specific information about enabling these features. • Encrypt the data on your network - Encrypting the data would prevent anyone who might be able to access your network from viewing your data. Email security
• Email is easily circulated - Most viruses don't even require users to forward the email—they scan a users' computer for email addresses and automatically send the infected message to all of the addresses they find. • Attackers take advantage of the reality that most users will automatically trust and open any message that comes from someone they know. • Email programs offer many "user-friendly" features - Some email programs have the option to automatically download email attachments, which immediately exposes your computer to any viruses within the attachments.
Email security best practices.
• Be wary of unsolicited attachments, even from people you know -Just because an email message looks like it came from a valid contact doesn't mean that it did. Many viruses can "spoof" the return address, making it look like the message came from someone else.
• Keep software up to date - Install software patches so that attackers can't take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it.
• Trust your instincts - If an email or email attachment seems suspicious, don't open it, even if your anti-virus software indicates that the message is clean. If something about the email or the attachment makes you uncomfortable, there may be a good reason. Don't let your curiosity put your computer at risk.
Mobile Devices
• Provide work benefits: boost productivity, allow us to work on the move, and these devices can store a large amount of data. • Mobile devices are inherently insecure: • They can be lost or stolen. • Information can be stolen over wireless networks. • Mobile malware. • Device users are uneducated on risks and how to secure. Mobile Device security best practice
• Change any pre-configured default passwords on your mobile device to ones that would be difficult for an outsider to guess. • Keep your anti-virus software updated. • Use caution when downloading or clicking on any unknown links. • Emails that can harm your computer can also harm your mobile device. • Be sure to review and understand the details of an app before installing it and be wary of the information it requests. • Use the Federal Communications Commission's mobile phone security checker at www.fcc.gov/smartphone-security
USB Drives – Universal Serial Bus
• USB drives are popular for storing and transporting data, but some of the characteristics that make them convenient also introduce security risks. • One option is for attackers to use your USB drive to infect other computers. An attacker might infect a computer with malicious code, or malware, that can detect when a USB drive is plugged into a computer. • Some attackers have also targeted electronic devices directly, infecting items such as electronic picture frames and USB drives during production. When users buy the infected products and plug them into their computers, malware is installed on their computers. USB Threats
Keystroke loggers.
• In a non-public advisory distributed to companies in the hospitality industry on July 10, the Secret Service and the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC) warned that a task force in Texas recently arrested suspects who have compromised computers within several major hotel business centers in the Dallas/Fort Worth areas.
Passwords – access and authentication
• Passwords are the most common means of authentication and the first line of defense against cyber criminals. • It’s crucial to pick strong passwords that are unique for each of your important accounts and it is good practice to update your passwords regularly. • Use a long password made up of numbers, letters and symbols. • Set up your password recovery options and keep them up-to-date. Best practices for passwords
• Don't use passwords that are based on personal information that can be easily accessed or guessed. • Don't use words that can be found in any dictionary of any language. • Develop a mnemonic for remembering complex passwords. • Use a combination of letters, numbers, and special characters. • Use passphrases when you can. • Use different passwords on different systems.
Physical security Best Practices when travelling.
• Password-protect your computer - Make sure that you have to enter a password to log in to your computer or mobile device. • Keep your valuables with you at all times - When traveling, keep your device with you. Meal times are optimum times for thieves to check hotel rooms for unattended laptops. If you are attending a conference or trade show, be especially wary—these venues offer thieves a wider selection of devices that are likely to contain sensitive information, and the conference sessions offer more opportunities for thieves to access guest rooms. • Downplay your laptop or mobile device - There is no need to advertise to thieves that you have a laptop or mobile device. Avoid using your device in public areas, and consider non-traditional bags for carrying your laptop. • Be aware of your surroundings - If you do use your laptop or mobile device in a public area, pay attention to people around you. Take precautions to shield yourself from "shoulder surfers"—make sure that no one can see you type your passwords or see any sensitive information on your screen.
Physical Security best practices cont...
• Consider an alarm or lock - Many companies sell alarms or locks that you can use to protect or secure your laptop. If you travel often or will be in a heavily populated area, you may want to consider investing in an alarm for your laptop bag or a lock to secure your laptop to a piece of furniture. • Back up your files - To avoid losing all of the information, make backups of important information and store the backups in a separate location. Not only will you still be able to access the information, but you'll be able to identify and report exactly what information is at risk. • What can you do if your laptop or mobile device is lost or stolen? Report the loss or theft to the appropriate authorities. These parties may include representatives from law enforcement agencies, as well as hotel or conference staff. If your device contained sensitive corporate or customer account information, immediately report the loss or theft to your organization so that they can act quickly.
Questions or Comments?
Casey Kennedy Director, Information Services Texas Office of Court Administration [email protected] Resources
• http://www.krebsonsecurity.com - Brian Krebs, former reporter for the Washington Post. • http://www.dir.texas.gov/security/securetexas/Pages/overv iew.aspx • http://www.dhs.gov/topic/cybersecurity • http://www.staysafeonline.org/ - NCSA's mission is to educate and therefore empower a digital society to use the Internet safely and securely at home, work, and school, protecting the technology individuals use, the networks they connect to, and our shared digital assets. • csrc.nist.gov – Computer Security Resource Center. TMCEC Cyber Security Training Agenda I. Why is cyber‐security important? II. The essential role you play. III. Review Texas Computer Security Laws. IV. Overview Information Security Threats. V. Communications security. VI. Computer and network security. VII. Physical security. VIII. Cyber security best practices.
Cyberattacks on State Databases Escalate By Jeffrey Stinson, Stateline.org McClatchy‐Tribune Information Services
Oct. 02‐‐NASHVILLE, Tenn. ‐‐ State governments are facing a daily barrage of cyberattacks from increasingly sophisticated computer hackers. The hackers' rapidly changing tactics threaten the exposure of personal information of millions of citizens and can cost taxpayers millions of dollars to fix.
"We see attacks on Texas' system to the tune of millions a month," said Karen Robinson, Texas' state chief information officer.
Although breaches of Texas' state computers are rare, Robinson said, the risks are high. They can result in the theft of citizens' Social Security numbers, dates of birth, driver's license numbers and even personal and business financial information.
All states are facing a growing number of wide‐ranging, quickly evolving attacks, according to a new report released here Wednesday at the start of National Cybersecurity Awareness Month, sponsored by the U.S. Department of Homeland Security and backed by the states.
Despite the threat, the report found, state legislators often don't give their technology and security officials enough money to combat it, and states struggle to retain technologically savvy cybersecurity personnel.
The report, from the National Association of State Chief Information Officers and the consulting firm Deloitte & Touche LLP, said the dangers of insufficient cybersecurity are high‐‐not only for citizens whose personal information can be compromised, but for taxpayers and the public's trust in government.
"These incidents have cost states millions of dollars in clean‐up costs, as well as a loss of both revenues and public trust," the report said. "The problem is not likely to go away any time soon, as cybercriminals continue to be drawn to the wealth of data residing in each state."
Valuable Data
State computers hold a treasure trove of personal information. Motor vehicle agencies have citizens' dates of birth and driver's license numbers. Health agencies have people's birth certificates and Social Security numbers. Tax records contain what banks people and businesses have accounts with. States also have credit card numbers from people who have made payments to state agencies.
"You can get pretty much everything on someone out of state computers," said Srini Subramanian, a state cybersecurity specialist with Deloitte who co‐authored the report. "It makes them a very attractive target to cybercriminals."
Recent breaches point up the dangers and the costs:
‐‐Montana notified 1.3 million people in June that their personal data was possibly exposed to hackers in a breach of state Department of Public Health and Human Services computers a year earlier. The state said there was no evidence personal information was stolen but offered free credit monitoring and insurance for a year to those they notified.
‐‐Washington state's court system was hacked in February, exposing up to 160,000 Social Security numbers and a million driver's license numbers. The courts' administration office said some numbers in its computers had definitely been accessed.
‐‐California's Department of Technology reported 7,345 data breaches at state departments and agencies from the beginning of 2013 through early November last year, KNTV television reported. The state had to notify 23,379 individuals that their personal information may have been compromised and spent at least $5 million to fix the breaches.
Although not every state database has been badly breached, the threat is a daily one. Six out of 10 of the state chief information and security officers from 49 states pointed to greater sophistication in the attacks, the report said. That's an increase from two years ago, when a similar report found roughly half saw more sophisticated tactics.
"Everybody is getting hit daily," said Michael Cockrill, chief information officer for the state of Washington, home to high‐tech computer software giant Microsoft and to a large number of computer hackers.
Cockrill, who recently came to his new job from the private high‐tech sector, said he's seen reports that as many as 40 percent of cyber‐attacks launched in the U.S. originate from inside his state.
Looming Threats
Thieves want the personal information stored by states because it helps enable identity theft that opens greater doors of financial opportunity, the information officers said. That's more valuable than just credit card information, which can be damaging enough.
"Health records are valuable because they have so much information," Cockrill said of the dates of birth and Social Security numbers they can contain. "Health records are worth $10 on the black market, credit cards a dollar."
Although the report's survey said the security officials' biggest fear is the placement of malicious software code in state computers, other threats are on the rise that can compromise citizens' personal information.
Eight out 10 of the officers predict an increase in "phishing" and "pharming" for personal or business information, and 72 percent predict more "social engineering" of people‐‐ manipulating them into divulging personal information or tricking them into schemes to defraud them.
Phishing attacks usually involve fraudulent e‐mail messages that guide victims to a fake website that looks legitimate, but which is designed to obtain personal information such as passwords to their financial accounts.
Pharming redirects people from a legitimate website that's been tampered with to another site that is fake, although it looks like the legitimate site.
"It's the user who can be the window into the system," Texas' Robinson said.
That means state employees, as well as citizens, must be vigilant and wary‐‐and informed about the latest tactics. In Texas, 336,000 state employees have to be trained to be careful, Robinson said.
Also on the rise is "hacktivism," the hacking into government computers to make a social statement, cause mayhem or provide a platform for activist groups to gain exposure.
"They aren't after financial gains," Deloitte's Subramanian said. "They want to make a statement. And what's a better place to make a statement than on a state government site."
One example, he said, is Ferguson, Missouri, where police computers and those of police unions were attacked by activists seeking the identity of the officer involved in the racially charged shooting this summer that set off nights of civil unrest.
Unprepared
Only 24.5 percent of the information and security officers said they were "very confident" they could protect against cyber threats, the report found. That's little different from two years ago, when 24 percent said the same thing.
In contrast, 60 percent of officials in the state departments and agencies that the information technology officers serve say they are very confident in their states' abilities to protect them.
That disconnection between the information technology people on the front lines and other state officials helps explain why states aren't putting as much money into cybersecurity as they should, Subramanian said.
About half the states allocate only 1 percent to 2 percent of their information technology budgets to security, the report said. The federal government, by contrast, allocates about 11 percent, Cockrill said.
States rely in large part on outside security software companies to help protect and police their computer systems. And despite their increased sophistication in surveillance, protection and response, most state officers said they are only somewhat confident in their cybersecurity.
States also have trouble getting and hanging onto trained cybersecurity personnel.
Fifty‐nine percent of the officers surveyed for the report said they are short on trained people. That's up from the 46 percent who said so two years ago.
The officers say states simply cannot pay as much as the private sector. That's especially true in high‐tech Washington.
"We've been hiring people from Eastern Europe to provide security," Cockrill said. "We're a training ground for the private sector. They come, they get trained and get paid twice as much or more in the private sector."
To recruit new security analysts, Cockrill is turning to military veterans. With some grant money, he's seeking to give them computer skills to supplement the security and threat analysis experience they have from their military service. To retain them, he said, he'll have to appeal to their sense of duty, because he can't pay salaries nearly as high as what is available in the private sector.
___
(c)2014 Stateline.org
Visit Stateline.org at www.stateline.org
Distributed by MCT Information Services
IT Acronyms
ACL Access Control List
ADC Analog-to-Digital Converter
ADF Automatic Document Feeder
ADSL Asymmetric Digital Subscriber Line
AGP Accelerated Graphics Port
AIFF Audio Interchange File Format
AIX Advanced Interactive Executive
ALU Arithmetic Logic Unit
ANSI American National Standards Institute
API Application Program Interface
APU Accelerated Processing Unit
ARP Address Resolution Protocol
ASCII American Standard Code for Information Interchange
ASP Active Server Page or Application Service Provider
ATA Advanced Technology Attachment
ATM Asynchronous Transfer Mode
AUP Acceptable Use Policy
Bash Bourne-Again Shell
BASIC Beginner's All-purpose Symbolic Instruction Code
Bcc Blind Carbon Copy
BIOS Basic Input/Output System
Blob Binary Large Object
BMP Bitmap
BSOD Blue Screen of Death
CAD Computer-Aided Design
Cc Carbon Copy
CCD Charged Coupled Device
CD Compact Disc
CD-R Compact Disc Recordable
CD-ROM Compact Disc Read-Only Memory
CD-RW Compact Disc Re-Writable
CDFS Compact Disc File System
CDMA Code Division Multiple Access
CDN Content Delivery Network
CGI Common Gateway Interface CISC Complex Instruction Set Computing
CLOB Character Large Object
CMOS Complementary Metal Oxide Semiconductor
CMS Content Management System
CMYK Cyan Magenta Yellow Black
CPA Cost Per Action
CPC Cost Per Click
CPL Cost Per Lead
CPM Cost Per 1,000 Impressions
CPS Classroom Performance System
CPU Central Processing Unit
CRM Customer Relationship Management
CRT Cathode Ray Tube
CSS Cascading Style Sheet
CTP Composite Theoretical Performance
CTR Click-Through Rate
DAC Digital-to-Analog Converter
DAW Digital Audio Workstation
DBMS Database Management System
DCIM Digital Camera IMages
DDL Data Definition Language
DDR Double Data Rate
DDR2 Double Data Rate 2
DDR3 Double Data Rate Type 3
DFS Distributed File System
DHCP Dynamic Host Configuration Protocol
DIMM Dual In-Line Memory Module
DLC Downloadable Content
DLL Dynamic Link Library
DMA Direct Memory Access
DNS Domain Name System
DOS Disk Operating System
DPI Dots Per Inch
DRAM Dynamic Random Access Memory
DRM Digital Rights Management
DSL Digital Subscriber Line DSLAM Digital Subscriber Line Access Multiplexer
DTD Document Type Definition
DV Digital Video
DVD Digital Versatile Disc
DVD+R Digital Versatile Disc Recordable
DVD+RW Digital Versatile Disk Rewritable
DVD-R Digital Versatile Disc Recordable
DVD-RAM Digital Versatile Disc Random Access Memory
DVD-RW Digital Versatile Disk Rewritable
DVI Digital Video Interface
DVR Digital Video Recorder
ECC Error Correction Code
EDI Electronic Data Interchange
EIDE Enhanced Integrated Drive Electronics
EPS Encapsulated PostScript
EUP Enterprise Unified Process
EXIF Exchangeable Image File Format
FAQ Frequently Asked Questions
FDDI Fiber Distributed Data Interface
FIFO First In, First Out
FILO First In, Last Out
FiOS Fiber Optic Service
FLOPS Floating Point Operations Per Second
FPU Floating Point Unit
FSB Frontside Bus
FTP File Transfer Protocol
Gbps Gigabits Per Second
GIF Graphics Interchange Format
GIGO Garbage In, Garbage Out
GIS Geographic Information Systems
GPIO General Purpose Input/Output
GPS Global Positioning System
GPU Graphics Processing Unit
GUI Graphical User Interface
GUID Globally Unique Identifier
HDD Hard Disk Drive HDMI High-Definition Multimedia Interface
HDTV High Definition Television
HDV High-Definition Video
HFS Hierarchical File System
HSF Heat Sink and Fan
HTML Hyper-Text Markup Language
HTTP HyperText Transfer Protocol
HTTPS HyperText Transport Protocol Secure
I/O Input/Output
ICANN Internet Corporation For Assigned Names and Numbers
ICF Internet Connection Firewall
ICMP Internet Control Message Protocol
ICS Internet Connection Sharing
ICT Information and Communication Technologies
IDE Integrated Device Electronics or Integrated Development Environment
IDS Intrusion Detection System
IEEE Institute of Electrical and Electronics Engineers
IGP Integrated Graphics Processor
IIS Internet Information Services
IM Instant Message
IMAP Internet Message Access Protocol
InterNIC Internet Network Information Center
IP Internet Protocol
IPS Intrusion Prevention System
IPX Internetwork Packet Exchange
IRC Internet Relay Chat
IRQ Interrupt Request
ISA Industry Standard Architecture
iSCSI Internet Small Computer Systems Interface
ISDN Integrated Services Digital Network
ISO International Organization for Standardization
ISP Internet Service Provider
IT Information Technology
IVR Interactive Voice Response
JFS Journaled File System
JPEG Joint Photographic Experts Group JRE Java Runtime Environment
JSF JavaServer Faces
JSON JavaScript Object Notation
JSP Java Server Page
Kbps Kilobits Per Second
KDE K Desktop Environment
KVM Switch Keyboard, Video, and Mouse Switch
LAMP Linux, Apache, MySQL, and PHP
LAN Local Area Network
LCD Liquid Crystal Display
LDAP Lightweight Directory Access Protocol
LED Light-Emitting Diode
LIFO Last In, First Out
LPI Lines Per Inch
LTE Long Term Evolution
LUN Logical Unit Number
MAC Address Media Access Control Address
MAMP Mac OS X, Apache, MySQL, and PHP
MANET Mobile Ad Hoc Network
Mbps Megabits Per Second
MBR Master Boot Record
MCA Micro Channel Architecture
MDI Medium Dependent Interface
MIDI Musical Instrument Digital Interface
MIPS Million Instructions Per Second
MIS Management Information System
MMS Multimedia Messaging Service
MP3 MPEG-1 Audio Layer-3
MPEG Moving Picture Experts Group
MTU Maximum Transmission Unit
NAT Network Address Translation
NetBIOS Network Basic Input/Output System
NIC Network Interface Card
NNTP Network News Transfer Protocol
NOC Network Operations Center
NSP Network Service Provider NTFS New Technology File System
NUI Natural User Interface
NVRAM Non-Volatile Random Access Memory
OASIS Organization for the Advancement of Structured Information Standards
OCR Optical Character Recognition
ODBC Open Database Connectivity
OEM Original Equipment Manufacturer
OLAP Online Analytical Processing
OLE Object Linking and Embedding
OLED Organic Light Emitting Diode
OOP Object-Oriented Programming
OSD On Screen Display
OSPF Open Shortest Path First
P2P Peer To Peer
PC Personal Computer
PCB Printed Circuit Board
PCI Peripheral Component Interconnect
PCI-X Peripheral Component Interconnect Extended
PCMCIA Personal Computer Memory Card International Association
PDA Personal Digital Assistant
PDF Portable Document Format
PHP Hypertext Preprocessor
PIM Personal Information Manager
PMU Power Management Unit
PNG Portable Network Graphic
PON Passive Optical Network
POP3 Post Office Protocol
POST Power On Self Test
PPC Pay Per Click
PPGA Plastic Pin Grid Array
PPI Pixels Per Inch
PPL Pay Per Lead
PPM Pages Per Minute
PPP Point to Point Protocol
PPPoE Point-to-Point Protocol over Ethernet
PPS Pay Per Sale PPTP Point-to-Point Tunneling Protocol
PRAM Parameter Random Access Memory
PROM Programmable Read-Only Memory
PS/2 Personal System/2
PUM Potentially Unwanted Modification
PUP Potentially Unwanted Program
QBE Query By Example
RAID Redundant Array of Independent Disks
RAM Random Access Memory
RDF Resource Description Framework
RDRAM Rambus Dynamic Random Access Memory
RFID Radio-Frequency Identification
RGB Red Green Blue
RISC Reduced Instruction Set Computing
ROM Read-Only Memory
RPC Remote Procedure Call
RPM Revenue Per 1,000 Impressions
RSS RDF Site Summary
RTE Runtime Environment
RTF Rich Text Format
RUP Rational Unified Process
SaaS Software as a Service
SAN Storage Area Network
SATA Serial Advanced Technology Attachment
SCSI Small Computer System Interface
SD Secure Digital
SDK Software Development Kit
SDRAM Synchronous Dynamic Random Access Memory
SDSL Symmetric Digital Subscriber Line
SEO Search Engine Optimization
SERP Search Engine Results Page
SIMM Single In-Line Memory Module
SIP Session Initiation Protocol
SKU Stock Keeping Unit
SLA Software License or Service Level Agreement
SLI Scalable Link Interface SMART Self-Monitoring Analysis And Reporting Technology
SMB Server Message Block
SMM Social Media Marketing
SMS Short Message Service
SMTP Simple Mail Transfer Protocol
SNMP Simple Network Management Protocol
SO-DIMM Small Outline Dual In-Line Memory Module
SOA Service Oriented Architecture
SOAP Simple Object Access Protocol
SQL Structured Query Language
SRAM Static Random Access Memory
sRGB Standard Red Green Blue
SSD Solid State Drive
SSH Secure Shell
SSID Service Set Identifier
SSL Secure Sockets Layer
TCP/IP Transmission Control Protocol/Internet Protocol
TFT Thin-Film Transistor
TIFF Tagged Image File Format
TTL Time To Live
TWAIN Toolkit Without An Informative Name
UAT User Acceptance Testing
UDDI Universal Description Discovery and Integration
UDP User Datagram Protocol
UGC User Generated Content
UML Unified Modeling Language
UNC Universal Naming Convention
UPnP Universal Plug and Play
UPS Uninterruptible Power Supply
URI Uniform Resource Identifier
URL Uniform Resource Locator
USB Universal Serial Bus
UTF Unicode Transformation Format
VCI Virtual Channel Identifier
VDSL Very High Bit Rate Digital Subscriber Line
VDU Visual Display Unit VFAT Virtual File Allocation Table
VGA Video Graphics Array
VLB VESA Local Bus
VLE Virtual Learning Environment
VoIP Voice Over Internet Protocol
VPI Virtual Path Identifier
VPN Virtual Private Network
VRAM Video Random Access Memory
VRML Virtual Reality Modeling Language
W3C World Wide Web Consortium
WAIS Wide Area Information Server
WAMP Windows, Apache, MySQL, and PHP
WAN Wide Area Network
WDDM Windows Display Driver Model
WEP Wired Equivalent Privacy
Wi-Fi Wireless Fidelity
WINS Windows Internet Name Service
WPA Wi-Fi Protected Access
WWW World Wide Web
XHTML Extensible Hypertext Markup Language
XML Extensible Markup Language
XMP Extensible Metadata Platform
XSLT Extensible Style Sheet Language Transformation
ZIF Zero Insertion Force