Skip to main content
Computer SecurityITSecurityTraining

Top Cyber Security Acronyms. How Many Do You Know?

By April 8, 2021March 10th, 2023No Comments
cyber security acronyms

Technology is inundated with acronyms, and cyber security is no exception.  The Infosec Partners team of cyber security experts have compiled a list of acronyms.  How many do you know?  If we’ve missed any then let us know.


Stands for


2FA 2 Factor Authentication Requires both knowledge (like a password) and something tangible (such as a hardware or software authentication system) to gain access to a protected computer system.
ACL Access Control List A formal and approved list of users who have defined access rights to an asset.
AI Artificial Intelligence Artificial intelligence is intelligence demonstrated by machines, AI algorithms use training data to learn how to respond to different situations. They learn by copying and adding additional information as they go along. AI is technology that appears to emulate human behaviour in that it can continually learn and draw its own conclusions, engage in natural dialog with people, and / or replace people in the execution of more complex (non-routine) tasks.
AP Access Point A wireless hub that enables both fixed and wireless devices to access a network.
APT Advanced Persistent Threat A cyber attack that continuously uses advanced techniques to conduct cyber espionage or crime.
APWG Anti-Phishing Working Group An international consortium that brings together businesses affected by phishing attacks with security companies, law enforcement, government, trade associations, and others.
ASP Application Service Provider An organisation who provides access to an application or software.
ASV Approved Scanning Vendor An entity that can perform scans that will validate adherence to the external scanning requirement as per PCI DSS Requirement.
ATT&CK Adversarial Tactics, Techniques and Common Knowledge ATT&CK is a structured list of known attacker behaviours that have been compiled into tactics and techniques.
AV Antivirus A computer program used to prevent, detect, and remove malware.
AVIEN Anti-Virus Information Exchange Network A group of Antivirus and security specialists who share information regarding AV companies, products, malware and other threats.
BAS Breach, Attack and Simulation Tools Technology platforms that allow enterprises to simulate complex cyber attacks on demand. These tools automate the simulation of advanced adversarial activities to help expose gaps to be remediated before a real attacker can exploit the same gaps to cause damage.
BCM Business Continuity Management The creation and management of an organisation’s business continuity strategy.
BCP Business Continuity Plan A scenario plan that details the action to take in the event of an incident.
BGP Border Gateway Protocol This is how route happens at the WAN level with routers announcing which peers they connect with, this allows for IP routing.
C2 Command and Control Often used by attackers to retain communications with compromised systems within a target network.
CAPTCHA Completely Automated Public Turing Test to Tell Computers and Humans Apart A CAPTCHA is a type of challenge–response test used in computing to determine whether or not the user is human.
CARTA Continuous Adaptive Risk and Trust Assessment A CARTA mindset allows enterprises to make decisions based on risk and trust. Decisions must continuously adapt, security responses must continuously adapt, and thus Risk and Trust must continuously adapt.
CARO Computer Antivirus Research Organisation An organisation established in 1990 to study malware.
CAP A Certification and Accreditation Professional The CAP credential is awarded by the ISC and is designed for security professionals involved in certification and accreditation, supporting those who are designing and implementing processes used to assess risk and identify solutions.
CASB Cloud Access Security Broker Technology platforms that help organisations better secure the use of cloud delivered applications (SaaS) and infrastructure. 
CBC Cipher Block Chaining A block cipher mode of operation is an algorithm that uses a block cipher to provide information security such as confidentiality or authenticity. The plaintext of a block is combined with the ciphertext of the previous block via an exclusive operation, and the result is encrypted. The result is the ciphertext of that block, and will also be used in the encryption of the following block.
CBC-MAC Cipher Block Chaining Message Authentication Code This constructs a message authentication code from a block cipher. The message is encrypted with some block cipher algorithm in CBC mode. This creates a chain of blocks with each block depending on the correct encryption of the previous block.
CEH Certified Ethical Hacker An individual certified in the specific discipline of ethical hacking.
CERT Computer Emergency Response Team In this case, an expert group that handles computer security incidents and alerts organisations about them.
CHAP Challenge-Handshake Authentication Protocol The method of authentication between a server and a client that provides protection against replay attacks through the use of a changing identifier and a variable challenge-value.
CIRT Computer Incident Response Team A group that handles events involving computer security and data breaches.
CIS Center for Internet Security A not for profit global organisation with a mission to “Identify, develop, validate, promote, and sustain best practice solutions for cyber defence and build and lead communities to enable an environment of trust in cyberspace.”
CISA Certified Information Systems Auditor A certified professional who monitors, audits, controls, and assesses information systems.
CISM Certified Information Systems Security Manager A certification programme for experienced Information Security System Managers. It promotes international best practices and demonstrates an understanding of the relationship between an information security program and broader business goals and objectives.
CISMP Certificate in Information Security Principles A qualification based on ISO27001 which provides a base level of knowledge for individuals working in a security related function.
CISO Chief Information Security Officer The CISO is the executive responsible for an organisation’s information and data security, and aligns security goals with business enablement or digital transformation.
See CISO as a Service
CISSP Certified Information Systems Security Professional The CISSP is a security certification for security analysts, designed to indicate a person has learned certain standardised knowledge in cybersecurity.
CMDB Configuration Management Database Provides the ability to log devices that move in and out of an environment, which facilitates easier targeting and patching of any potential security vulnerabilities.
CSIA Central Sponsor for Information Assurance A unit of the UK’s Cabinet Office responsible for safeguarding the UK’s IT and telecommunication services.
CSPM Cloud Security Posture Management Concentrates on security assessment and compliance monitoring for workloads in public cloud environments. It can be used to provide a unified view across disparate cloud environments.
CNAP Cybersecurity National Action Plan A U.S. plan to enhance cybersecurity awareness and protections, protect privacy, maintain public safety, and economic and national security.
COBIT Control Objectives for Information and Related Technologies An IT management including practices, tools and models for risk management and compliance.
CSEC Cyber Security Education Consortium The CSEC, also known as the CEC, partners with educators and the broader cybersecurity community to ensure students are prepared to lead and be change makers in the cybersecurity workforce.
CSA Cloud Security Alliance The Cloud Security Alliance is the world’s leading organisation for defining best practices in cloud cybersecurity.
CSO Chief Security Officer A senior role with responsibility for Information Security, the CSO is in charge of an organisation’s entire security posture or strategy.
CSPM Cloud Security Posture Management Concentrates on security assessment and compliance monitoring for workloads in public cloud environments. It can be used to provide a unified view across disparate cloud environments.
CTI Cyber Threat Intelligence Cyber threat intelligence is information about threats and threat actors that helps mitigate harmful events in cyberspace. Cyber threat intelligence sources include open source intelligence, social media intelligence, human Intelligence, technical intelligence or intelligence from the deep and dark web
CVE Common Vulnerabilities and Exposures A list of entries of publicly known vulnerabilities and exposures which are used in numerous cybersecurity products and services from around the world.
CVSS Common Vulnerability Scoring System An industry standard for rating the severity of security vulnerabilities. CVSS attempts to assign severity scores to vulnerabilities, allowing responders to prioritise responses and resources according to threat.
CWE Common Weakness Enumeration A way to categorise software weaknesses and vulnerabilities based on similarities in effect or execution.
CWPP Cloud Workload Protection Platform Emerging category of technology solutions primarily used to secure server workloads in public cloud Infrastructure as a Service (IaaS) environments.
DAG Data Access Governance Data security technology that allows enterprises to gain visibility to sensitive unstructured data that exists across the organisation, and enforce policies to control access to that data.
DAST Dynamic Application Security Testing A security solution used to uncover vulnerabilities in software during its running state, including when it is actually deployed in production.
DDoS Distributed Denial of Service A distributed denial-of-service (DDoS) attack attempts to disrupt normal traffic of a targeted server, service or network to make a service such as a website unusable by “flooding” it with malicious traffic or data from multiple sources (often botnets).
DLP Data Loss Prevention A technology and business process designed to detect and prevent violations to corporate policies regarding the use, storage, and transmission of sensitive data.
See Managed DLP
DMZ Demilitarised Zone The buffer zone between two enemies, in cyber this can be a network that’s between an organisations secure perimeter and the untrusted zone i.e. the internet
DNS attack Domain Name Server DNS uses the name of a website to redirect traffic to its owned IP address. should take you to Amazon’s website, for example. During this type of attack, which is complex and appears in several ways, cybercriminals can redirect you to another site for their own purposes. This attack takes advantage of the communication back and forth between clients and servers.
EDR Endpoint Detection & Response Endpoint Detection & Response solutions are designed to detect and respond to endpoint anomalies, extending firewall functionality by providing in-depth endpoint visibility and analysis.
See managed EDR and FortiEDR
EPSS Endpoint Protection Scoring System The Exploit Prediction Scoring System is an open, data-driven effort for predicting when software vulnerabilities will be exploited.
FWaaS Firewall as a Service An emerging method to deliver select firewall functionality as a cloud service as opposed to the more traditional hardware-based firewall platforms.
See Managed Firewall Service
GRC Governance, Risk Management, and Compliance Three parts of a strategy for managing an organisation’s overall governance, enterprise risk management and compliance with regulations.
HTTPS Secure Hypertext Transfer Protocol An extension of the Hypertext Transfer Protocol. It is used for secure communication over a computer network by encrypting the information you send from your computer to another website, for example. It is a means of ensuring privacy, security and also a way of authenticating that the site you’re on is the one you intended to visit.
IA Information Assurance Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation.
IAM Identity and access management IAM is a framework of policies and technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources. This helps organisations maintain “least privileged” or “zero trust” account access, where employees only have access to the minimum amount of data needed for their roles.
See Managed IAM
IAST Interactive Application Security Testing An emerging application security testing approach which combines elements of both of its more established siblings in SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing).
IBE Identity-Based Encryption A type of public-key encryption in which the public key of a user is some unique information about the identity of the user, like a user’s email address, for example.
IDS/IDP Intrusion Detection/Intrusion Detection and Prevention Intrusion Detection Systems (IDS) analyse network traffic for signatures that match known cyberattacks. Intrusion Prevention Systems (IPS) analyse packets as well, but can also stop the packet from being delivered based on what kind of attacks it detects, helping to stop the attack.
IOA Indicator of Attack Indicators of attack focus on detecting the intent of what an attacker is trying to accomplish, regardless of the malware or exploit used in an attack.
IOC Indicator of Compromise Clues to compromise or pieces of forensic data, system log entries or files, that can be considered unusual and may identify potentially malicious activity on a system or network.
IOT Internet of Things IoT represents a rapidly growing class of non-traditional computing devices that are connected to the internet to drive some sort of intelligent operation.
IPAM IP Address Management IPAM is a means of planning, tracking, and managing the Internet Protocol address space used in a network.
IR Incident Response Actions a company takes to manage the aftermath of a security breach or cyberattack.
See Managed Cyber Incident Response (CIR) and Cyber Incident Response Planning (CIRP)
ISACA Information Systems Audit and Control Association ISACA is an international professional association focused on IT governance, providing certifications for IT security, audit and risk management professionals.
ISAKMP Internet Security Association and Key Management Protocol A protocol for establishing Security Associations and cryptographic keys in an Internet environment. ISAKMP only provides a framework for authentication and key exchange and is designed to be key exchange independent.
(ISC)² International Information Systems Security Certification Consortium The International Information System Security Certification Consortium, or (ISC)², is a non-profit organisation which specialises in training and certifications for cybersecurity professionals. Certifications include the CISSP.
ISMS Information Security Management System An ISMS is a systematic approach consisting of processes, technology and people that helps you protect and manage your organisation’s information through effective risk management.
ISO International Organisation for Standardisation An organisation that develops international standards of many types, including two major information security management standards, ISO 27001 and ISO 27002.
ISP Internet Service Provider The users method of connecting to the internet. This could be a residential ISP like Virgin Media or a commercial grade one like Voxility
ISSA Information Systems Security Association ISSA is a not-for-profit, international organisation of information security professionals and practitioners.
ISSO Information Systems Security Officer Individual with assigned responsibility for maintaining the appropriate operational security posture for an information system or program.
ISSPM Information Systems Security Program Manager The ISSPM, sometimes called an IT Security Manager, coordinates and executes security policies and controls, as well as assesses vulnerabilities within a company. They are often responsible for data and network security processing, security systems management, and security violation investigation.
JSM Java Security Manager To use Java security to protect a Java application from performing potentially unsafe actions, you can enable a security manager for the JVM in which the application runs. The security manager enforces a security policy, which is a set of permissions (system access privileges) that are assigned to code sources.
KRI Key Risk Indicator Key risk indicator metrics articulate an organisation’s level of risk and allow security and business leaders to track how the risk profile is evolving. For instance, cybersecurity operations can use metrics that analyse the threats and vulnerabilities reported by various tools.
LAN Local Area Network Two or more devices that are connected and able to share resources.
MDR Managed Detection and Response An outsourced service that leverages external experts to make the security benefits of tools such as EDR and proactive threat hunting accessible to customers of all maturity levels.
MFA Multi Factor Authentication Requires both knowledge (like a password) and something tangible (such as a hardware or software authentication system) to gain access to a protected computer system.
ML Machine Learning An approach to AI that uses a system that is capable of learning from experience, uses data you have to make decisions when confronted with new data.
MS-ISAC Multi-State Information Sharing and Analysis Centre The mission of the MS-ISAC is to improve the overall cybersecurity posture of the nation’s state, local, tribal and territorial governments through focused cyber threat prevention, protection, response, and recovery.
MSSP Managed Security Services Provider Provides outsourced monitoring and management of security devices and systems. Common services include managed firewall, intrusion detection, virtual private network, vulnerability scanning and anti-viral services.
MTTD Managed Time To Detect The amount of time it takes an organisation to neutralise an identified threat or failure within their network environment.
NAC Network Access Control Network Access Control is an approach to computer security that attempts to unify endpoint security technology, user or system authentication and network security enforcement, providing visibility and control of devices accessing a corporate network.
See Managed NAC and FortiNAC
NGAV Next Generation Anti Virus Takes traditional antivirus software to a new, advanced level of endpoint security protection, going beyond known file-based malware signatures and heuristics because it’s a system-centric, cloud-based approach.
OSINT Open Source Intelligence OSINT is information drawn from publicly available data that is collected, exploited, and reported to address a specific intelligence requirement. In the intelligence community, the term “open” refers to overt, publicly available sources (as opposed to covert or clandestine sources).
OT Operational Technology Systems that are used to monitor and manage the manufacturing equipment or industrial process assets of an organisation.
OWASP Open Web Application Security Project Specifies the top 10 application vulnerabilities that an organisation should secure.
PAM Privileged Access Management PAM polices privileged accounts (how administrators login to critical IT resources they must manage). Since access rights associated with admin privileges are high level, they are often the target of cyber attacks and must be uniquely secured.
PCI-DSS Payment Card Industry Data Security Standard The Payment Card Industry Data Security Standard (PCI-DSS) is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment.
PPTP Point-To-Point-Tunnelling Protocol Provides security for transmission of sensitive data over unprotected networks.
SANS System Administration, Networking, and Security Institute A private company that specialises in information security training and security certification.
SAST Static Application Security Testing A security solution used to uncover vulnerabilities in software during its static (not-running) state by analysing such things as its source code, byte code or binary code.
SASE Secure Access Service Edge The convergence of the WAN edge and network security.
SD-WAN Software Defined Area Network A new way to manage and optimise a wide area network, designed to address the changing use of enterprise networks due to the growth of cloud computing and mobile devices.
SDN Software Defined Networking An approach to computer networking in the LAN or data centre of an enterprise that uses software to abstract the underlying network elements and to logically centralise network intelligence and control.
SIEM Security Information and Event Management Security Information and Event Management (SIEM) technology supports threat detection and security incident response through the real-time collection and historical analysis of security events from a wide variety of event and contextual sources.
See Managed SIEM and FortiSIEM
SOAR Security Orchestration, Automation and Response Technology platforms that aggregate security intelligence and context from disparate systems, and apply machine intelligence to streamline (or even completely automate) the incident detection and response process.
SOC Security Operations Center A central location or team within an organisation that is responsible for monitoring, assessing and defending security issues.
SPOG Single Pane of Glass A single interface that provides a view of data gathered from multiple sources.
SSID Service Set Identifier The name assigned to a wireless network.
SSL Secure Socket Layer Protocol for web browsers and servers that allows for the authentication, encryption and decryption of data sent over the Internet.
SSO Single Sign-On A system which enables users to securely authenticate themselves with multiple applications and websites by logging in with a single set of credentials.
TTP Tactics, Techniques, and Procedures The behaviour of an actor. A tactic is the highest-level description of this behaviour, while techniques give a more detailed description of behaviour in the context of a tactic, and procedures an even lower-level, highly detailed description in the context of a technique.
TVM Threat Vulnerability Management The cyclical practice of identifying, assessing, classifying, remediating, and mitigating security weaknesses together with fully understanding root cause analysis to address potential flaws in policy, process and, standards
VPN Virtual Private Network By connecting through a VPN, all the data you send and receive travels through an encrypted “tunnel” so that no one can see what you are transmitting or decipher it if they do get a hold of it. VPNs also allow you to hide your physical location and IP address, often displaying the IP address of the VPN service, instead.
WAN Wide Area Network A large network of information that is not tied to a single location. WANs can facilitate communication, the sharing of information and much more between devices from around the world through a WAN provider.
UBA / UEBA User Behaviour Analytics & User and Entity Behaviour Analytics UBA is a cybersecurity process about detection of insider threats, targeted attacks, and financial fraud. UBA solutions look at patterns of human behaviour, and then apply algorithms and statistical analysis to detect meaningful anomalies from those patterns—anomalies that indicate potential threats. Instead of tracking devices or security events, UBA tracks a system’s users. UEBA expands the definition from UBA to include devices, applications, servers, data, or anything with an IP address. It moves beyond the fraud-oriented UBA focus to a broader one encompassing “malicious and abusive behaviour that otherwise went unnoticed by existing security monitoring systems”, reflecting that devices may play a role in a network attack and may also be valuable in uncovering attack activity.

Leave a Reply

ten + 5 =

Close Menu