Cyber Security Acronyms (M)

MAC.   Mandatory Access Control.   An IT security mechanism by which the access, permissions, and capabilities of end users are restricted as defined by the system administrator. MAC criteria, permissions, and/or restrictions are strictly enforced by the security kernel or operating system, preventing end-users from making any modification.

 

MAC.   Media Access Control.  A sublayer in the Open Systems Interconnection (OSI) model that facilitates data packet transmission and provides the mechanism for providing unique addresses (currently specified via a 12-digit hexadecimal number) to networked devices.

 

MAC.   Message Authentication Code.   A security code or tag that serves as a short piece of information for authenticating the sender (origin) and integrity (state, nature. legitimacy) of a message.

 

MD5.   Message Digest 5.   A hash function used in cryptographic digital signatures  that produces a 128-bit hash value. While still being used to verify data integrity and detect unintentional corruption, MD5 has been found to have signifficant vulnerabilities and has been flagged by US authorities as unsuiitable for further use.

 

MDR.   Managed Detection and Response.   An outsourced service consisting of cybersecurity technologies and human expertise that provides organisations with an expanded tool stack and enhanced capabilities to monitor, detect, investigate, identify, and proactively respond to threats through immediate containment and mitigation.

 

MFA.   Multi-Factor Authentication.   A layered security mechanism that strengthens the authentication process by requiring two or more proofs of identity before allowing access to a protected resource. Such proofs may include something the user knows (pin, password, secret question, etc.), possesses (physical key, ATM card, etc.), or inherently is (fingerprints and other biometric signatures). The Australian Cyber Security Centre recommends the use of MFA by both individuals and businesses, describing the technology as as one of the most efffective ways to “protect valuable information and accounts against unauthorised access.”

 

MFD.   Multifunction Device.   An electronic equipment that combines several key functions — such as printing, copying, scanning, faxing, and and communications in one device. Because these devices are often connected to the organisation’s IT systems, MFDs are often exploited by bad actors to breach and lurk inside the the targeted company’s computer network.

 

MIME.   Multipurpose Internet Mail Extensions.   An email protocol that enables users to exchange data files such as videos, images, audio files, and applications. MIME represents an upgrade to the Simple Mail Transport Protocol (SMTP) which supports only ASCII text.

 

MISP.   Malware Information Sharing Platform.   An open source platform for sharing, storing, and analysing indicators of compromise (IoC), financial fraud data, vulnerability information, and other aspects of threat intelligence.

 

MitM.   Man-in-the-Middle.   A type off cyberattack wherein the attacker covertly and maliciously positions itself between two parties (often a legitimate user and an online resource) for the purpose of intercepting messages to 1) spy on targeted entities; 2) sabotage communications; 3) corrupt data; or 4) steal crucial information such as login credentials, financial account details, etc.

 

MITRE® ATT&CK.   MITRE Adversarial Tactics, Techniques, and Common Knowledge.   A free, dynamic, and openly accessible repository of adversarial tactics and techniques that serves as a guideline for a) classifying, modeling, and describing all forms of cyberattacks; and b) building more effective cybersecurity systems.

 

MMC.   Microsoft Management Console.   A component of the Microsoft Windows 2000 OS (and up) that serves as the main tool and interface for administrators to configure, monitor, and manage the system.

 

MOTD.   Message of the day banner.   A system-generated welcome message that is displayed when a user starts, connects to, or logs on to a computer system or network. Many MOTDs display information about the system (such as software version) that readily provides threat actors with information they can exploit to undertake a cyber attack.

 

MPLS.   Multi-Protocol Label Switching.   A routing method that uses labels rather than network addresses for directing data traffic from one network node to the next.

 

MQ.   Message Queue.   An organised repository where messages can be sent until they are processed; retrieved by associated applications, programs, or services; and deleted. MQs serve as a lightweight buffer to lighten/smoothen processing load/complexity.

 

MRA.   Mobile and Remote Access.   A component solution of the Cisco Collaboration Edge Architecture that allows endpoint services to retain a secure, off-premises connectivity to the enterprise network.

 

MS.   Member Server.   One of two server roles in a given domain as defined by Microsoft Active Directory, the other being the domain controller. Member servers typically function as the application and service backbone of a domain, configured as database servers, firewalls, application servers, Web servers, and file servers.

 

MSA.   Master Service Agreement.   A contract that stipulates the mutual concurrence of all parties to the terms or overall framework that will govern future transactions and subsequent agreements. Also known as Framework Agreement.

 

MSCT.   Microsoft Security Compliance Toolkit.   A set of tools enterprise network administrators can use to download, test, compare, edit, and store security configuration baselines recommended by Microsoft.

 

MSP.   Managed Service Provider.   A business organisation that delivers and manages IT-related services such as infrastructure buildout, network monitoring, enterprise applications, cybersecurity, and strategy planning and implementation.

 

MSSP.   Managed Security Service Provider.   A managed service provider that focuses on delivering IT security solutions.

 

MTA-STS.   Mail Transfer Agent Strict Transport Security.   An email protocol and policy that aims to improve email security by informing associated services that an organisation’s email system supports Transport Layer Security (TLS, or higher) and that such services should also use TLS or higher protocols.

 

MTD.   Moving Target Defense.   A cybersecurity concept and a defense tactic that advocates for increasing the uncertainty, volatility, and complexity of attack surfaces to make it more difficult, rare, and costly for threat actors to find and exploit a suitable weakness, much less succeed at achieving their ultimate objectives. The term stems from the fact that moving targets are much harder to hit than stationary ones.

 

MTTD.   Mean Time to Detection.   The average elpased time from the actual start of a security incident (such as a network intrusion and other malicious activity) to its discovery an entity’s IT security infrastructure.

 

MTTR.   Mean Time to Respond.   The average time it takes an entity’s IT security infrastructure to control a cyber incident and restore the targeted system to full functionality. Also known as Mean Time to Repair.