Skip to main content
Computer SecurityITSecurityTraining

Top Cyber Security Acronyms. How Many Do You Know?

By April 8, 2021January 5th, 2022No Comments
cyber security acronyms

Technology is inundated with acronyms, and cyber security is no exception.  The Infosec Partners team of cyber security experts have compiled a list of acronyms.  How many do you know?  If we’ve missed any then let us know.


Stands for


2FA2 Factor AuthenticationRequires both knowledge (like a password) and something tangible (such as a hardware or software authentication system) to gain access to a protected computer system.
ACLAccess Control ListA formal and approved list of users who have defined access rights to an asset.
AIArtificial IntelligenceArtificial intelligence is intelligence demonstrated by machines, AI algorithms use training data to learn how to respond to different situations. They learn by copying and adding additional information as they go along. AI is technology that appears to emulate human behaviour in that it can continually learn and draw its own conclusions, engage in natural dialog with people, and / or replace people in the execution of more complex (non-routine) tasks.
APAccess PointA wireless hub that enables both fixed and wireless devices to access a network.
APTAdvanced Persistent ThreatA cyber attack that continuously uses advanced techniques to conduct cyber espionage or crime.
APWGAnti-Phishing Working GroupAn international consortium that brings together businesses affected by phishing attacks with security companies, law enforcement, government, trade associations, and others.
ASPApplication Service ProviderAn organisation who provides access to an application or software.
ASVApproved Scanning VendorAn entity that can perform scans that will validate adherence to the external scanning requirement as per PCI DSS Requirement.
ATT&CKAdversarial Tactics, Techniques and Common KnowledgeATT&CK is a structured list of known attacker behaviours that have been compiled into tactics and techniques.
AVAntivirusA computer program used to prevent, detect, and remove malware.
AVIENAnti-Virus Information Exchange NetworkA group of Antivirus and security specialists who share information regarding AV companies, products, malware and other threats.
BASBreach, Attack and Simulation ToolsTechnology platforms that allow enterprises to simulate complex cyber attacks on demand. These tools automate the simulation of advanced adversarial activities to help expose gaps to be remediated before a real attacker can exploit the same gaps to cause damage.
BCMBusiness Continuity ManagementThe creation and management of an organisation’s business continuity strategy.
BCPBusiness Continuity PlanA scenario plan that details the action to take in the event of an incident.
BGPBorder Gateway ProtocolThis is how route happens at the WAN level with routers announcing which peers they connect with, this allows for IP routing.
C2Command and ControlOften used by attackers to retain communications with compromised systems within a target network.
CAPTCHACompletely Automated Public Turing Test to Tell Computers and Humans ApartA CAPTCHA is a type of challenge–response test used in computing to determine whether or not the user is human.
CARTAContinuous Adaptive Risk and Trust AssessmentA CARTA mindset allows enterprises to make decisions based on risk and trust. Decisions must continuously adapt, security responses must continuously adapt, and thus Risk and Trust must continuously adapt.
CAROComputer Antivirus Research OrganisationAn organisation established in 1990 to study malware.
CAPA Certification and Accreditation ProfessionalThe CAP credential is awarded by the ISC and is designed for security professionals involved in certification and accreditation, supporting those who are designing and implementing processes used to assess risk and identify solutions.
CASBCloud Access Security BrokerTechnology platforms that help organisations better secure the use of cloud delivered applications (SaaS) and infrastructure. 
CBCCipher Block ChainingA block cipher mode of operation is an algorithm that uses a block cipher to provide information security such as confidentiality or authenticity. The plaintext of a block is combined with the ciphertext of the previous block via an exclusive operation, and the result is encrypted. The result is the ciphertext of that block, and will also be used in the encryption of the following block.
CBC-MACCipher Block Chaining Message Authentication CodeThis constructs a message authentication code from a block cipher. The message is encrypted with some block cipher algorithm in CBC mode. This creates a chain of blocks with each block depending on the correct encryption of the previous block.
CEHCertified Ethical HackerAn individual certified in the specific discipline of ethical hacking.
CERTComputer Emergency Response TeamIn this case, an expert group that handles computer security incidents and alerts organisations about them.
CHAPChallenge-Handshake Authentication ProtocolThe method of authentication between a server and a client that provides protection against replay attacks through the use of a changing identifier and a variable challenge-value.
CIRTComputer Incident Response TeamA group that handles events involving computer security and data breaches.
CISCenter for Internet SecurityA not for profit global organisation with a mission to “Identify, develop, validate, promote, and sustain best practice solutions for cyber defence and build and lead communities to enable an environment of trust in cyberspace.”
CISACertified Information Systems AuditorA certified professional who monitors, audits, controls, and assesses information systems.
CISMCertified Information Systems Security ManagerA certification programme for experienced Information Security System Managers. It promotes international best practices and demonstrates an understanding of the relationship between an information security program and broader business goals and objectives.
CISMPCertificate in Information Security PrinciplesA qualification based on ISO27001 which provides a base level of knowledge for individuals working in a security related function.
CISOChief Information Security OfficerThe CISO is the executive responsible for an organisation’s information and data security, and aligns security goals with business enablement or digital transformation.
See CISO as a Service
CISSPCertified Information Systems Security ProfessionalThe CISSP is a security certification for security analysts, designed to indicate a person has learned certain standardised knowledge in cybersecurity.
CMDBConfiguration Management DatabaseProvides the ability to log devices that move in and out of an environment, which facilitates easier targeting and patching of any potential security vulnerabilities.
CSIACentral Sponsor for Information AssuranceA unit of the UK’s Cabinet Office responsible for safeguarding the UK’s IT and telecommunication services.
CSPMCloud Security Posture ManagementConcentrates on security assessment and compliance monitoring for workloads in public cloud environments. It can be used to provide a unified view across disparate cloud environments.
CNAPCybersecurity National Action PlanA U.S. plan to enhance cybersecurity awareness and protections, protect privacy, maintain public safety, and economic and national security.
COBITControl Objectives for Information and Related TechnologiesAn IT management including practices, tools and models for risk management and compliance.
CSECCyber Security Education ConsortiumThe CSEC, also known as the CEC, partners with educators and the broader cybersecurity community to ensure students are prepared to lead and be change makers in the cybersecurity workforce.
CSACloud Security AllianceThe Cloud Security Alliance is the world’s leading organisation for defining best practices in cloud cybersecurity.
CSOChief Security OfficerA senior role with responsibility for Information Security, the CSO is in charge of an organisation’s entire security posture or strategy.
CSPMCloud Security Posture ManagementConcentrates on security assessment and compliance monitoring for workloads in public cloud environments. It can be used to provide a unified view across disparate cloud environments.
CTICyber Threat IntelligenceCyber threat intelligence is information about threats and threat actors that helps mitigate harmful events in cyberspace. Cyber threat intelligence sources include open source intelligence, social media intelligence, human Intelligence, technical intelligence or intelligence from the deep and dark web
CVECommon Vulnerabilities and ExposuresA list of entries of publicly known vulnerabilities and exposures which are used in numerous cybersecurity products and services from around the world.
CVSSCommon Vulnerability Scoring SystemAn industry standard for rating the severity of security vulnerabilities. CVSS attempts to assign severity scores to vulnerabilities, allowing responders to prioritise responses and resources according to threat.
CWECommon Weakness EnumerationA way to categorise software weaknesses and vulnerabilities based on similarities in effect or execution.
CWPPCloud Workload Protection PlatformEmerging category of technology solutions primarily used to secure server workloads in public cloud Infrastructure as a Service (IaaS) environments.
DAGData Access GovernanceData security technology that allows enterprises to gain visibility to sensitive unstructured data that exists across the organisation, and enforce policies to control access to that data.
DASTDynamic Application Security TestingA security solution used to uncover vulnerabilities in software during its running state, including when it is actually deployed in production.
DDoSDistributed Denial of ServiceA distributed denial-of-service (DDoS) attack attempts to disrupt normal traffic of a targeted server, service or network to make a service such as a website unusable by “flooding” it with malicious traffic or data from multiple sources (often botnets).
DLPData Loss PreventionA technology and business process designed to detect and prevent violations to corporate policies regarding the use, storage, and transmission of sensitive data.
See Managed DLP
DMZDemilitarised ZoneThe buffer zone between two enemies, in cyber this can be a network that’s between an organisations secure perimeter and the untrusted zone i.e. the internet
DNS attackDomain Name ServerDNS uses the name of a website to redirect traffic to its owned IP address. should take you to Amazon’s website, for example. During this type of attack, which is complex and appears in several ways, cybercriminals can redirect you to another site for their own purposes. This attack takes advantage of the communication back and forth between clients and servers.
EDREndpoint Detection & ResponseEndpoint Detection & Response solutions are designed to detect and respond to endpoint anomalies, extending firewall functionality by providing in-depth endpoint visibility and analysis.
See managed EDR and FortiEDR
EPSSEndpoint Protection Scoring SystemThe Exploit Prediction Scoring System is an open, data-driven effort for predicting when software vulnerabilities will be exploited.
FWaaSFirewall as a ServiceAn emerging method to deliver select firewall functionality as a cloud service as opposed to the more traditional hardware-based firewall platforms.
See Managed Firewall Service
GRCGovernance, Risk Management, and ComplianceThree parts of a strategy for managing an organisation’s overall governance, enterprise risk management and compliance with regulations.
HTTPSSecure Hypertext Transfer ProtocolAn extension of the Hypertext Transfer Protocol. It is used for secure communication over a computer network by encrypting the information you send from your computer to another website, for example. It is a means of ensuring privacy, security and also a way of authenticating that the site you’re on is the one you intended to visit.
IAInformation AssuranceMeasures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation.
IAMIdentity and access managementIAM is a framework of policies and technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources. This helps organisations maintain “least privileged” or “zero trust” account access, where employees only have access to the minimum amount of data needed for their roles.
See Managed IAM
IASTInteractive Application Security TestingAn emerging application security testing approach which combines elements of both of its more established siblings in SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing).
IBEIdentity-Based EncryptionA type of public-key encryption in which the public key of a user is some unique information about the identity of the user, like a user’s email address, for example.
IDS/IDPIntrusion Detection/Intrusion Detection and PreventionIntrusion Detection Systems (IDS) analyse network traffic for signatures that match known cyberattacks. Intrusion Prevention Systems (IPS) analyse packets as well, but can also stop the packet from being delivered based on what kind of attacks it detects, helping to stop the attack.
IOAIndicator of AttackIndicators of attack focus on detecting the intent of what an attacker is trying to accomplish, regardless of the malware or exploit used in an attack.
IOCIndicator of CompromiseClues to compromise or pieces of forensic data, system log entries or files, that can be considered unusual and may identify potentially malicious activity on a system or network.
IOTInternet of ThingsIoT represents a rapidly growing class of non-traditional computing devices that are connected to the internet to drive some sort of intelligent operation.
IPAMIP Address ManagementIPAM is a means of planning, tracking, and managing the Internet Protocol address space used in a network.
IRIncident ResponseActions a company takes to manage the aftermath of a security breach or cyberattack.
See Managed Cyber Incident Response (CIR) and Cyber Incident Response Planning (CIRP)
ISACAInformation Systems Audit and Control AssociationISACA is an international professional association focused on IT governance, providing certifications for IT security, audit and risk management professionals.
ISAKMPInternet Security Association and Key Management ProtocolA protocol for establishing Security Associations and cryptographic keys in an Internet environment. ISAKMP only provides a framework for authentication and key exchange and is designed to be key exchange independent.
(ISC)²International Information Systems Security Certification ConsortiumThe International Information System Security Certification Consortium, or (ISC)², is a non-profit organisation which specialises in training and certifications for cybersecurity professionals. Certifications include the CISSP.
ISMSInformation Security Management SystemAn ISMS is a systematic approach consisting of processes, technology and people that helps you protect and manage your organisation’s information through effective risk management.
ISOInternational Organisation for StandardisationAn organisation that develops international standards of many types, including two major information security management standards, ISO 27001 and ISO 27002.
ISPInternet Service ProviderThe users method of connecting to the internet. This could be a residential ISP like Virgin Media or a commercial grade one like Voxility
ISSAInformation Systems Security AssociationISSA is a not-for-profit, international organisation of information security professionals and practitioners.
ISSOInformation Systems Security OfficerIndividual with assigned responsibility for maintaining the appropriate operational security posture for an information system or program.
ISSPMInformation Systems Security Program ManagerThe ISSPM, sometimes called an IT Security Manager, coordinates and executes security policies and controls, as well as assesses vulnerabilities within a company. They are often responsible for data and network security processing, security systems management, and security violation investigation.
JSMJava Security ManagerTo use Java security to protect a Java application from performing potentially unsafe actions, you can enable a security manager for the JVM in which the application runs. The security manager enforces a security policy, which is a set of permissions (system access privileges) that are assigned to code sources.
KRIKey Risk IndicatorKey risk indicator metrics articulate an organisation’s level of risk and allow security and business leaders to track how the risk profile is evolving. For instance, cybersecurity operations can use metrics that analyse the threats and vulnerabilities reported by various tools.
LANLocal Area NetworkTwo or more devices that are connected and able to share resources.
MDRManaged Detection and ResponseAn outsourced service that leverages external experts to make the security benefits of tools such as EDR and proactive threat hunting accessible to customers of all maturity levels.
MFAMulti Factor AuthenticationRequires both knowledge (like a password) and something tangible (such as a hardware or software authentication system) to gain access to a protected computer system.
MLMachine LearningAn approach to AI that uses a system that is capable of learning from experience, uses data you have to make decisions when confronted with new data.
MS-ISACMulti-State Information Sharing and Analysis CentreThe mission of the MS-ISAC is to improve the overall cybersecurity posture of the nation’s state, local, tribal and territorial governments through focused cyber threat prevention, protection, response, and recovery.
MSSPManaged Security Services ProviderProvides outsourced monitoring and management of security devices and systems. Common services include managed firewall, intrusion detection, virtual private network, vulnerability scanning and anti-viral services.
MTTDManaged Time To DetectThe amount of time it takes an organisation to neutralise an identified threat or failure within their network environment.
NACNetwork Access ControlNetwork Access Control is an approach to computer security that attempts to unify endpoint security technology, user or system authentication and network security enforcement, providing visibility and control of devices accessing a corporate network.
See Managed NAC and FortiNAC
NGAVNext Generation Anti VirusTakes traditional antivirus software to a new, advanced level of endpoint security protection, going beyond known file-based malware signatures and heuristics because it’s a system-centric, cloud-based approach.
OSINTOpen Source IntelligenceOSINT is information drawn from publicly available data that is collected, exploited, and reported to address a specific intelligence requirement. In the intelligence community, the term “open” refers to overt, publicly available sources (as opposed to covert or clandestine sources).
OTOperational TechnologySystems that are used to monitor and manage the manufacturing equipment or industrial process assets of an organisation.
OWASPOpen Web Application Security ProjectSpecifies the top 10 application vulnerabilities that an organisation should secure.
PAMPrivileged Access ManagementPAM polices privileged accounts (how administrators login to critical IT resources they must manage). Since access rights associated with admin privileges are high level, they are often the target of cyber attacks and must be uniquely secured.
PCI-DSSPayment Card Industry Data Security StandardThe Payment Card Industry Data Security Standard (PCI-DSS) is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment.
PPTPPoint-To-Point-Tunnelling ProtocolProvides security for transmission of sensitive data over unprotected networks.
SANSSystem Administration, Networking, and Security InstituteA private company that specialises in information security training and security certification.
SASTStatic Application Security TestingA security solution used to uncover vulnerabilities in software during its static (not-running) state by analysing such things as its source code, byte code or binary code.
SASESecure Access Service EdgeThe convergence of the WAN edge and network security.
SD-WANSoftware Defined Area NetworkA new way to manage and optimise a wide area network, designed to address the changing use of enterprise networks due to the growth of cloud computing and mobile devices.
SDNSoftware Defined NetworkingAn approach to computer networking in the LAN or data centre of an enterprise that uses software to abstract the underlying network elements and to logically centralise network intelligence and control.
SIEMSecurity Information and Event ManagementSecurity Information and Event Management (SIEM) technology supports threat detection and security incident response through the real-time collection and historical analysis of security events from a wide variety of event and contextual sources.
See Managed SIEM and FortiSIEM
SOARSecurity Orchestration, Automation and ResponseTechnology platforms that aggregate security intelligence and context from disparate systems, and apply machine intelligence to streamline (or even completely automate) the incident detection and response process.
SOCSecurity Operations CenterA central location or team within an organisation that is responsible for monitoring, assessing and defending security issues.
SPOGSingle Pane of GlassA single interface that provides a view of data gathered from multiple sources.
SSIDService Set IdentifierThe name assigned to a wireless network.
SSLSecure Socket LayerProtocol for web browsers and servers that allows for the authentication, encryption and decryption of data sent over the Internet.
SSOSingle Sign-OnA system which enables users to securely authenticate themselves with multiple applications and websites by logging in with a single set of credentials.
TTPTactics, Techniques, and ProceduresThe behaviour of an actor. A tactic is the highest-level description of this behaviour, while techniques give a more detailed description of behaviour in the context of a tactic, and procedures an even lower-level, highly detailed description in the context of a technique.
TVMThreat Vulnerability ManagementThe cyclical practice of identifying, assessing, classifying, remediating, and mitigating security weaknesses together with fully understanding root cause analysis to address potential flaws in policy, process and, standards
VPNVirtual Private NetworkBy connecting through a VPN, all the data you send and receive travels through an encrypted “tunnel” so that no one can see what you are transmitting or decipher it if they do get a hold of it. VPNs also allow you to hide your physical location and IP address, often displaying the IP address of the VPN service, instead.
WANWide Area NetworkA large network of information that is not tied to a single location. WANs can facilitate communication, the sharing of information and much more between devices from around the world through a WAN provider.
UBA / UEBAUser Behaviour Analytics & User and Entity Behaviour AnalyticsUBA is a cybersecurity process about detection of insider threats, targeted attacks, and financial fraud. UBA solutions look at patterns of human behaviour, and then apply algorithms and statistical analysis to detect meaningful anomalies from those patterns—anomalies that indicate potential threats. Instead of tracking devices or security events, UBA tracks a system’s users. UEBA expands the definition from UBA to include devices, applications, servers, data, or anything with an IP address. It moves beyond the fraud-oriented UBA focus to a broader one encompassing “malicious and abusive behaviour that otherwise went unnoticed by existing security monitoring systems”, reflecting that devices may play a role in a network attack and may also be valuable in uncovering attack activity.

Leave a Reply

Close Menu