
Technology is inundated with acronyms, and cyber security is no exception. The Infosec Partners team of cyber security experts have compiled a list of acronyms. How many do you know? If we’ve missed any then let us know.
Acronym |
Stands for |
Definition |
2FA | 2 Factor Authentication | Requires both knowledge (like a password) and something tangible (such as a hardware or software authentication system) to gain access to a protected computer system. |
ACL | Access Control List | A formal and approved list of users who have defined access rights to an asset. |
AI | Artificial Intelligence | Artificial intelligence is intelligence demonstrated by machines, AI algorithms use training data to learn how to respond to different situations. They learn by copying and adding additional information as they go along. AI is technology that appears to emulate human behaviour in that it can continually learn and draw its own conclusions, engage in natural dialog with people, and / or replace people in the execution of more complex (non-routine) tasks. |
AP | Access Point | A wireless hub that enables both fixed and wireless devices to access a network. |
APT | Advanced Persistent Threat | A cyber attack that continuously uses advanced techniques to conduct cyber espionage or crime. |
APWG | Anti-Phishing Working Group | An international consortium that brings together businesses affected by phishing attacks with security companies, law enforcement, government, trade associations, and others. |
ASP | Application Service Provider | An organisation who provides access to an application or software. |
ASV | Approved Scanning Vendor | An entity that can perform scans that will validate adherence to the external scanning requirement as per PCI DSS Requirement. |
ATT&CK | Adversarial Tactics, Techniques and Common Knowledge | ATT&CK is a structured list of known attacker behaviours that have been compiled into tactics and techniques. |
AV | Antivirus | A computer program used to prevent, detect, and remove malware. |
AVIEN | Anti-Virus Information Exchange Network | A group of Antivirus and security specialists who share information regarding AV companies, products, malware and other threats. |
BAS | Breach, Attack and Simulation Tools | Technology platforms that allow enterprises to simulate complex cyber attacks on demand. These tools automate the simulation of advanced adversarial activities to help expose gaps to be remediated before a real attacker can exploit the same gaps to cause damage. |
BCM | Business Continuity Management | The creation and management of an organisation’s business continuity strategy. |
BCP | Business Continuity Plan | A scenario plan that details the action to take in the event of an incident. |
BGP | Border Gateway Protocol | This is how route happens at the WAN level with routers announcing which peers they connect with, this allows for IP routing. |
C2 | Command and Control | Often used by attackers to retain communications with compromised systems within a target network. |
CAPTCHA | Completely Automated Public Turing Test to Tell Computers and Humans Apart | A CAPTCHA is a type of challenge–response test used in computing to determine whether or not the user is human. |
CARTA | Continuous Adaptive Risk and Trust Assessment | A CARTA mindset allows enterprises to make decisions based on risk and trust. Decisions must continuously adapt, security responses must continuously adapt, and thus Risk and Trust must continuously adapt. |
CARO | Computer Antivirus Research Organisation | An organisation established in 1990 to study malware. |
CAP | A Certification and Accreditation Professional | The CAP credential is awarded by the ISC and is designed for security professionals involved in certification and accreditation, supporting those who are designing and implementing processes used to assess risk and identify solutions. |
CASB | Cloud Access Security Broker | Technology platforms that help organisations better secure the use of cloud delivered applications (SaaS) and infrastructure. |
CBC | Cipher Block Chaining | A block cipher mode of operation is an algorithm that uses a block cipher to provide information security such as confidentiality or authenticity. The plaintext of a block is combined with the ciphertext of the previous block via an exclusive operation, and the result is encrypted. The result is the ciphertext of that block, and will also be used in the encryption of the following block. |
CBC-MAC | Cipher Block Chaining Message Authentication Code | This constructs a message authentication code from a block cipher. The message is encrypted with some block cipher algorithm in CBC mode. This creates a chain of blocks with each block depending on the correct encryption of the previous block. |
CEH | Certified Ethical Hacker | An individual certified in the specific discipline of ethical hacking. |
CERT | Computer Emergency Response Team | In this case, an expert group that handles computer security incidents and alerts organisations about them. |
CHAP | Challenge-Handshake Authentication Protocol | The method of authentication between a server and a client that provides protection against replay attacks through the use of a changing identifier and a variable challenge-value. |
CIRT | Computer Incident Response Team | A group that handles events involving computer security and data breaches. |
CIS | Center for Internet Security | A not for profit global organisation with a mission to “Identify, develop, validate, promote, and sustain best practice solutions for cyber defence and build and lead communities to enable an environment of trust in cyberspace.” |
CISA | Certified Information Systems Auditor | A certified professional who monitors, audits, controls, and assesses information systems. |
CISM | Certified Information Systems Security Manager | A certification programme for experienced Information Security System Managers. It promotes international best practices and demonstrates an understanding of the relationship between an information security program and broader business goals and objectives. |
CISMP | Certificate in Information Security Principles | A qualification based on ISO27001 which provides a base level of knowledge for individuals working in a security related function. |
CISO | Chief Information Security Officer | The CISO is the executive responsible for an organisation’s information and data security, and aligns security goals with business enablement or digital transformation. See CISO as a Service |
CISSP | Certified Information Systems Security Professional | The CISSP is a security certification for security analysts, designed to indicate a person has learned certain standardised knowledge in cybersecurity. |
CMDB | Configuration Management Database | Provides the ability to log devices that move in and out of an environment, which facilitates easier targeting and patching of any potential security vulnerabilities. |
CSIA | Central Sponsor for Information Assurance | A unit of the UK’s Cabinet Office responsible for safeguarding the UK’s IT and telecommunication services. |
CSPM | Cloud Security Posture Management | Concentrates on security assessment and compliance monitoring for workloads in public cloud environments. It can be used to provide a unified view across disparate cloud environments. |
CNAP | Cybersecurity National Action Plan | A U.S. plan to enhance cybersecurity awareness and protections, protect privacy, maintain public safety, and economic and national security. |
COBIT | Control Objectives for Information and Related Technologies | An IT management including practices, tools and models for risk management and compliance. |
CSEC | Cyber Security Education Consortium | The CSEC, also known as the CEC, partners with educators and the broader cybersecurity community to ensure students are prepared to lead and be change makers in the cybersecurity workforce. |
CSA | Cloud Security Alliance | The Cloud Security Alliance is the world’s leading organisation for defining best practices in cloud cybersecurity. |
CSO | Chief Security Officer | A senior role with responsibility for Information Security, the CSO is in charge of an organisation’s entire security posture or strategy. |
CSPM | Cloud Security Posture Management | Concentrates on security assessment and compliance monitoring for workloads in public cloud environments. It can be used to provide a unified view across disparate cloud environments. |
CTI | Cyber Threat Intelligence | Cyber threat intelligence is information about threats and threat actors that helps mitigate harmful events in cyberspace. Cyber threat intelligence sources include open source intelligence, social media intelligence, human Intelligence, technical intelligence or intelligence from the deep and dark web |
CVE | Common Vulnerabilities and Exposures | A list of entries of publicly known vulnerabilities and exposures which are used in numerous cybersecurity products and services from around the world. |
CVSS | Common Vulnerability Scoring System | An industry standard for rating the severity of security vulnerabilities. CVSS attempts to assign severity scores to vulnerabilities, allowing responders to prioritise responses and resources according to threat. |
CWE | Common Weakness Enumeration | A way to categorise software weaknesses and vulnerabilities based on similarities in effect or execution. |
CWPP | Cloud Workload Protection Platform | Emerging category of technology solutions primarily used to secure server workloads in public cloud Infrastructure as a Service (IaaS) environments. |
DAG | Data Access Governance | Data security technology that allows enterprises to gain visibility to sensitive unstructured data that exists across the organisation, and enforce policies to control access to that data. |
DAST | Dynamic Application Security Testing | A security solution used to uncover vulnerabilities in software during its running state, including when it is actually deployed in production. |
DDoS | Distributed Denial of Service | A distributed denial-of-service (DDoS) attack attempts to disrupt normal traffic of a targeted server, service or network to make a service such as a website unusable by “flooding” it with malicious traffic or data from multiple sources (often botnets). |
DLP | Data Loss Prevention | A technology and business process designed to detect and prevent violations to corporate policies regarding the use, storage, and transmission of sensitive data. See Managed DLP |
DMZ | Demilitarised Zone | The buffer zone between two enemies, in cyber this can be a network that’s between an organisations secure perimeter and the untrusted zone i.e. the internet |
DNS attack | Domain Name Server | DNS uses the name of a website to redirect traffic to its owned IP address. Amazon.com should take you to Amazon’s website, for example. During this type of attack, which is complex and appears in several ways, cybercriminals can redirect you to another site for their own purposes. This attack takes advantage of the communication back and forth between clients and servers. |
EDR | Endpoint Detection & Response | Endpoint Detection & Response solutions are designed to detect and respond to endpoint anomalies, extending firewall functionality by providing in-depth endpoint visibility and analysis. See managed EDR and FortiEDR |
EPSS | Endpoint Protection Scoring System | The Exploit Prediction Scoring System is an open, data-driven effort for predicting when software vulnerabilities will be exploited. |
FWaaS | Firewall as a Service | An emerging method to deliver select firewall functionality as a cloud service as opposed to the more traditional hardware-based firewall platforms. See Managed Firewall Service |
GRC | Governance, Risk Management, and Compliance | Three parts of a strategy for managing an organisation’s overall governance, enterprise risk management and compliance with regulations. |
HTTPS | Secure Hypertext Transfer Protocol | An extension of the Hypertext Transfer Protocol. It is used for secure communication over a computer network by encrypting the information you send from your computer to another website, for example. It is a means of ensuring privacy, security and also a way of authenticating that the site you’re on is the one you intended to visit. |
IA | Information Assurance | Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. |
IAM | Identity and access management | IAM is a framework of policies and technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources. This helps organisations maintain “least privileged” or “zero trust” account access, where employees only have access to the minimum amount of data needed for their roles. See Managed IAM |
IAST | Interactive Application Security Testing | An emerging application security testing approach which combines elements of both of its more established siblings in SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing). |
IBE | Identity-Based Encryption | A type of public-key encryption in which the public key of a user is some unique information about the identity of the user, like a user’s email address, for example. |
IDS/IDP | Intrusion Detection/Intrusion Detection and Prevention | Intrusion Detection Systems (IDS) analyse network traffic for signatures that match known cyberattacks. Intrusion Prevention Systems (IPS) analyse packets as well, but can also stop the packet from being delivered based on what kind of attacks it detects, helping to stop the attack. |
IOA | Indicator of Attack | Indicators of attack focus on detecting the intent of what an attacker is trying to accomplish, regardless of the malware or exploit used in an attack. |
IOC | Indicator of Compromise | Clues to compromise or pieces of forensic data, system log entries or files, that can be considered unusual and may identify potentially malicious activity on a system or network. |
IOT | Internet of Things | IoT represents a rapidly growing class of non-traditional computing devices that are connected to the internet to drive some sort of intelligent operation. |
IPAM | IP Address Management | IPAM is a means of planning, tracking, and managing the Internet Protocol address space used in a network. |
IR | Incident Response | Actions a company takes to manage the aftermath of a security breach or cyberattack. See Managed Cyber Incident Response (CIR) and Cyber Incident Response Planning (CIRP) |
ISACA | Information Systems Audit and Control Association | ISACA is an international professional association focused on IT governance, providing certifications for IT security, audit and risk management professionals. |
ISAKMP | Internet Security Association and Key Management Protocol | A protocol for establishing Security Associations and cryptographic keys in an Internet environment. ISAKMP only provides a framework for authentication and key exchange and is designed to be key exchange independent. |
(ISC)² | International Information Systems Security Certification Consortium | The International Information System Security Certification Consortium, or (ISC)², is a non-profit organisation which specialises in training and certifications for cybersecurity professionals. Certifications include the CISSP. |
ISMS | Information Security Management System | An ISMS is a systematic approach consisting of processes, technology and people that helps you protect and manage your organisation’s information through effective risk management. |
ISO | International Organisation for Standardisation | An organisation that develops international standards of many types, including two major information security management standards, ISO 27001 and ISO 27002. |
ISP | Internet Service Provider | The users method of connecting to the internet. This could be a residential ISP like Virgin Media or a commercial grade one like Voxility |
ISSA | Information Systems Security Association | ISSA is a not-for-profit, international organisation of information security professionals and practitioners. |
ISSO | Information Systems Security Officer | Individual with assigned responsibility for maintaining the appropriate operational security posture for an information system or program. |
ISSPM | Information Systems Security Program Manager | The ISSPM, sometimes called an IT Security Manager, coordinates and executes security policies and controls, as well as assesses vulnerabilities within a company. They are often responsible for data and network security processing, security systems management, and security violation investigation. |
JSM | Java Security Manager | To use Java security to protect a Java application from performing potentially unsafe actions, you can enable a security manager for the JVM in which the application runs. The security manager enforces a security policy, which is a set of permissions (system access privileges) that are assigned to code sources. |
KRI | Key Risk Indicator | Key risk indicator metrics articulate an organisation’s level of risk and allow security and business leaders to track how the risk profile is evolving. For instance, cybersecurity operations can use metrics that analyse the threats and vulnerabilities reported by various tools. |
LAN | Local Area Network | Two or more devices that are connected and able to share resources. |
MDR | Managed Detection and Response | An outsourced service that leverages external experts to make the security benefits of tools such as EDR and proactive threat hunting accessible to customers of all maturity levels. |
MFA | Multi Factor Authentication | Requires both knowledge (like a password) and something tangible (such as a hardware or software authentication system) to gain access to a protected computer system. |
ML | Machine Learning | An approach to AI that uses a system that is capable of learning from experience, uses data you have to make decisions when confronted with new data. |
MS-ISAC | Multi-State Information Sharing and Analysis Centre | The mission of the MS-ISAC is to improve the overall cybersecurity posture of the nation’s state, local, tribal and territorial governments through focused cyber threat prevention, protection, response, and recovery. |
MSSP | Managed Security Services Provider | Provides outsourced monitoring and management of security devices and systems. Common services include managed firewall, intrusion detection, virtual private network, vulnerability scanning and anti-viral services. |
MTTD | Managed Time To Detect | The amount of time it takes an organisation to neutralise an identified threat or failure within their network environment. |
NAC | Network Access Control | Network Access Control is an approach to computer security that attempts to unify endpoint security technology, user or system authentication and network security enforcement, providing visibility and control of devices accessing a corporate network. See Managed NAC and FortiNAC |
NGAV | Next Generation Anti Virus | Takes traditional antivirus software to a new, advanced level of endpoint security protection, going beyond known file-based malware signatures and heuristics because it’s a system-centric, cloud-based approach. |
OSINT | Open Source Intelligence | OSINT is information drawn from publicly available data that is collected, exploited, and reported to address a specific intelligence requirement. In the intelligence community, the term “open” refers to overt, publicly available sources (as opposed to covert or clandestine sources). |
OT | Operational Technology | Systems that are used to monitor and manage the manufacturing equipment or industrial process assets of an organisation. |
OWASP | Open Web Application Security Project | Specifies the top 10 application vulnerabilities that an organisation should secure. |
PAM | Privileged Access Management | PAM polices privileged accounts (how administrators login to critical IT resources they must manage). Since access rights associated with admin privileges are high level, they are often the target of cyber attacks and must be uniquely secured. |
PCI-DSS | Payment Card Industry Data Security Standard | The Payment Card Industry Data Security Standard (PCI-DSS) is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment. |
PPTP | Point-To-Point-Tunnelling Protocol | Provides security for transmission of sensitive data over unprotected networks. |
SANS | System Administration, Networking, and Security Institute | A private company that specialises in information security training and security certification. |
SAST | Static Application Security Testing | A security solution used to uncover vulnerabilities in software during its static (not-running) state by analysing such things as its source code, byte code or binary code. |
SASE | Secure Access Service Edge | The convergence of the WAN edge and network security. |
SD-WAN | Software Defined Area Network | A new way to manage and optimise a wide area network, designed to address the changing use of enterprise networks due to the growth of cloud computing and mobile devices. |
SDN | Software Defined Networking | An approach to computer networking in the LAN or data centre of an enterprise that uses software to abstract the underlying network elements and to logically centralise network intelligence and control. |
SIEM | Security Information and Event Management | Security Information and Event Management (SIEM) technology supports threat detection and security incident response through the real-time collection and historical analysis of security events from a wide variety of event and contextual sources. See Managed SIEM and FortiSIEM |
SOAR | Security Orchestration, Automation and Response | Technology platforms that aggregate security intelligence and context from disparate systems, and apply machine intelligence to streamline (or even completely automate) the incident detection and response process. |
SOC | Security Operations Center | A central location or team within an organisation that is responsible for monitoring, assessing and defending security issues. |
SPOG | Single Pane of Glass | A single interface that provides a view of data gathered from multiple sources. |
SSID | Service Set Identifier | The name assigned to a wireless network. |
SSL | Secure Socket Layer | Protocol for web browsers and servers that allows for the authentication, encryption and decryption of data sent over the Internet. |
SSO | Single Sign-On | A system which enables users to securely authenticate themselves with multiple applications and websites by logging in with a single set of credentials. |
TTP | Tactics, Techniques, and Procedures | The behaviour of an actor. A tactic is the highest-level description of this behaviour, while techniques give a more detailed description of behaviour in the context of a tactic, and procedures an even lower-level, highly detailed description in the context of a technique. |
TVM | Threat Vulnerability Management | The cyclical practice of identifying, assessing, classifying, remediating, and mitigating security weaknesses together with fully understanding root cause analysis to address potential flaws in policy, process and, standards |
VPN | Virtual Private Network | By connecting through a VPN, all the data you send and receive travels through an encrypted “tunnel” so that no one can see what you are transmitting or decipher it if they do get a hold of it. VPNs also allow you to hide your physical location and IP address, often displaying the IP address of the VPN service, instead. |
WAN | Wide Area Network | A large network of information that is not tied to a single location. WANs can facilitate communication, the sharing of information and much more between devices from around the world through a WAN provider. |
UBA / UEBA | User Behaviour Analytics & User and Entity Behaviour Analytics | UBA is a cybersecurity process about detection of insider threats, targeted attacks, and financial fraud. UBA solutions look at patterns of human behaviour, and then apply algorithms and statistical analysis to detect meaningful anomalies from those patterns—anomalies that indicate potential threats. Instead of tracking devices or security events, UBA tracks a system’s users. UEBA expands the definition from UBA to include devices, applications, servers, data, or anything with an IP address. It moves beyond the fraud-oriented UBA focus to a broader one encompassing “malicious and abusive behaviour that otherwise went unnoticed by existing security monitoring systems”, reflecting that devices may play a role in a network attack and may also be valuable in uncovering attack activity. |