This page contains a collection of acronyms and abbreviations which are often used in the cyber security / information security industry.
There are included also acronyms from related fields such as:
- Information technology
- Operational technology
- Software engineering
- Telecommunications
- Military and Defense
- Business and Corporate environment
Hint: Use the Search function to quickly filter through the acronyms.
Acronym | Meaning |
---|---|
2FA | 2-factor Authentication |
AAA | Authentication, Authorization, and Accounting |
ABAC | Attribute Based Access Control |
ABI | Application Binary Interface |
ACE | AccessData Certified Examiner |
ACE | Access Control Entry |
ACE | Arbitrary Code Execution |
ACL | Access Control Lists |
ADB | Android Debug Bridge |
ADFS | Active Directory Federation Services |
AD | Active Directory |
AES | Advanced Encryption Standard |
AFAIK | As Far As I Know |
AFK | Away from Keyboard |
AI | Artificial Intelligence |
AJAX | Asynchronous JavaScript And XML |
ALE | Annualized Loss Expectancy |
AMS | Asset Management System |
ANSI | American National Standards Institute |
API | Application Programming Interface |
APK | Android Package |
APT | Advanced Persistent Threat |
APT | Application Penetration Testing |
AP | Access Point |
ARO | Annualised Rate of Occurrence |
ASCII | American Standard Code for Information Interchange |
ASLR | Address Space Layout Randomization |
ASN | Autonomous System Number |
ASV | Approved Scanning Vendors |
AS | Application Server |
AS | Autonomous System (networking) |
ATM | At the moment |
ATM | Automated Teller Machine |
ATP | Advanced Threat Protection (Microsoft Defender) |
AUP | Acceptable Use Policy |
AV | Antivirus |
AV | Asset Value |
AWS | Amazon Web Services |
AXFR | Authoritative Zone Transfer (DNS) |
BAU | Business As Usual |
BBS | Bulletin Board System |
BCC | Blind Carbon Copy |
BCRs | Binding Corporate Rules (for intra group data transfers) |
BER | Bit Error Rate |
BGP | Border Gateway Protocol |
BIA | Burned-in Address |
BIA | Business Impact Analysis |
BLOB | Binary Large Object |
BMP | Bitmap Image format |
BoF | Buffer Overflow |
BPDU | Bridge Protocol Data Unit |
BSD | Berkeley Software Distribution (UNIX) |
BSOD | Blue Screen of Death (Windows crash) |
BSSID | Basic Service Set Identifier |
BSS | Block Started by Symbol |
BTW | By the way |
BYOD | Bring Your Own Device |
C2 | Command and Control |
CACE | Excida IEC 62443 Certified Automation Cybersecurity Expert |
CACS | Excida IEC 62443 Certified Automation Cybersecurity Specialist |
CAMS | IMI Certfied Access Management Specialist |
CAM | Computer-aided Manufacturing |
CAPTCHA | Completely Automated Public Turing test to tell Computers and Humans Apart |
CAP | (ISC)2 Certified Authorization Professional |
CASE | EC Council Certified Application Security Engineer (.NET or Java) |
CASM | GAQM Certified Agile Scrum Master |
CASST | GAQM Certified Advanced Software Security Tester |
CAWFE | IACIS Certified Advanced Windows Forensic Examiner |
CA | Certification Authority |
CBC | Cipher Block Chaining |
CBSP | Cloud-based Security Providers |
CCAr | Cisco Certified Architect |
CCDE | Cisco Certified Design Expert |
CCE | ISFCE Certified Computer Examiner |
CCFE | IACRB Certified Computer Forensics Examiner |
CCIE Ent | Cisco Certified Internetwork Expert - Enterprise Infrastructure |
CCISO | EC Council Certified Information Security Officer |
CCNA | Cisco Certified Network Associate |
CCNP Ent | Cisco Certified Network Professional - Enterprise |
CCNP Sec | Cisco Certified Network Professional - Security |
CCPA | California’s Consumer Privacy Act |
CCRMP | IBITGQ Certified in Managing Cyber Security Risk |
CCSA | Checkpoint Certified Security Administrator |
CCSC | CertNexus Cyber Secure Coder |
CCSE | Checkpoint Certified Security Expert |
CCSM | Checkpoint Certified Security Master |
CCSP | (ISC)2 Certified Cloud Security Professional |
CCTHP | IACRB Certified Cyber Threat Hunting Professional |
CCTV | Closed Circuit Television |
CCT | Cisco Certified Technician |
CC | Carbon Copy |
CC | Credit Cards (Carding fraud) |
CDE | Cardholder Data Environemnt (network segment containing credit cards) |
CDMA | Code Division Multiple Access |
CDN | Content Delivery Network |
CDPSE | ISACA Certified Data Privacy Solutions Engineer |
CDP | Cisco Discovery Protocol |
CDP | Clean Desk Policy |
CDP | IMI Certified in Data Protection |
CDRP | IACRB Certified Data Recovery Professional |
CECS | Lunarline Certified Expert in Cloud Security |
CEH | EC Council Certified Ethical Hacker |
CEIA | Lunarline Certified Expert Independent Assessor |
CEIM | Lunarline Certified Expert Incident Manager |
CEO | Chief Executive Officer |
CEPM | Lunarline Certified Expert Program Manager |
CEPP | Lunarline Certified Expert Privacy Professional |
CEPT | IACRB Certified Expert Penetration Tester |
CEREA | IACRB Certified Expert Reserve Engineering Analyst |
CERP | Lunarline Certified Expert RMF Professional |
CESA | Lunarline Certified Expert Security Analyst |
CESE | Lunarline Certified Expert Security Executive |
CESO | Lunarline Certified Expert Security Officer |
CFAA | Computer Fraud and Abuse Act |
CFA | GAQM Certified Forensic Analyst |
CFCE | IACIS Certified Forensic Computer Examiner |
CFO | Chief Financial Officer |
CFR | CertNexus CyberSec First Responder |
CFSR | OpenText Certified Forensic Security Responder |
CGEIT | ISACA Certified in the Governance of Enterprise IT |
CGI | Common Gateway Interface |
CHAT | ISECOM Certified Hacker Analyst Trainer |
CHA | ISECOM Certified Hacker Analyst |
CHFI | EC Council Computer Hacking Forensics Investigator |
CIAM | Identify Management Institute Certified Identify and Access Manager |
CIA | Confidentiality, Integrity, Availability |
CIC | Cyber Intelligence Center |
CIDR | Classless Inter-Domain Routing |
CIFS | Common Internet File System |
CIGE | IMI Certified Identity Governance Expert |
CIISec ICSF | CIISec Information and Cybersecurity Fundamentals |
CIISec | Chartered Institute of Information Security |
CIMP | IMI Certified Identity Management Professional |
CIOTSP | CertNexus Certified Internet of Things Security Practitioner |
CIO | Chief Information Officer |
CIPA | IMI Certified Identity Protection comptia-advanced-security-practitioner |
CIPP | IAPP Certified Information Privacy Professional |
CIPT | IAPP Certified Information Privacy Technologist |
CIRM Fdn | IBITGQ Cyber Incident Response Management Foundation |
CIRT | Computer Incident Response Team |
CISA | ISACA Certified Information Systems Auditor |
CISM | ISACA Certified Information Security Manager |
CISO | Chief Information Security Officer |
CISP | GAQM Certified Information Security Professional |
CISRM | IBITGQ Certified ISO 27005 Information Security Management Specialist Risk Management |
CISSM | GAQM Certified Information Systems Security Manager |
CISSP | (ISC)2 Certified Information Systems Security Professional |
CISST | GAQM Certified Information systems Security Tester |
CIST | IMI Certfied Identity and Security Technologist |
CIS F | IBITGQ Certified ISO 27001 Information Security Management Specialist Foundation |
CIS IA | IBITGQ Certified ISO 27001 Information Security Management Specialist Internal Auditor |
CIS LA | IBITGQ Certified ISO 27001 Information Security Management Specialist Lead Auditor |
CIS LI | IBITGQ Certified ISO 27001 Information Security Management Specialist Lead Implementer |
CIS RM | IBITGQ Certified ISO 27005 Information Security Management Specialist Risk Management |
CIS | Center for Internet Security |
CITGP | IBITGQ Certified in Implementing IT Governance - Foundation & Principles |
CI/CD | Continuous Integration and either Continuous Delivery or Continuous Deployment |
CI | Critical Infrastructure |
CLI | Command-line Interface |
CMDB | Configuration Management Database |
CMDB | Content Management Database |
CMFE | IACRB Certified Mobile Forensics Examiner |
CMO | Chief Marketing Officer |
CMS | Content Management System |
CMWAPT | IACRB Certified Mobile and Web App Penetration Tester |
CNA | Certification and Accreditation |
CNDA | EC Council Certified Network Defense Architect |
CND | EC Council Certified Network Defender |
COO | Chief Operating Officer |
CORS | Cross-Origin Resource Sharing |
CPC | Core Protection System |
CPD | GAQM Certified Project Director |
CPE | Common Platform Enumeration |
CPT | IACRB Certified Penetration Tester |
CRC | Cyclical Redundancy Check |
CREA | IACRB Certified Reverse Engineering Analyst |
CREST CCSAS | CREST Certified Simulated Attack Specialist |
CREST CCT | CREST Certified Infrastructure Tester |
CREST CHIA | CREST Certified Host intrustion Analyst |
CREST CMRE | CREST Certified Malware Reverse Engineer |
CREST CNIA | CREST Certified Network Intrusion Analyst |
CREST CPIA | CREST Practitioner Intrusion Analyst |
CREST CPSA | CREST Practitioner Security Analyst |
CREST CPTIA | CREST Practitioner Threat Intelligence Analyst |
CREST CRIA | CREST Registered Intrusion Analyst |
CREST CRTSA | CREST Registered Technical Security Architect |
CREST CRT | CREST Registered Penetration Tester |
CREST CSAM | CREST Certified Simulated Attack Manager |
CREST CSAS | CREST Certified Simulated Attack Specialist |
CREST CTIM | CREST Certified Threat Intelligence Manager |
CREST CWAT | CREST Certified Web Application Tester |
CREST CWS | CREST Certified Wireless Specialist |
CREST RTIA | CREST Registered Threat Intelligence Analyst |
CREST | Council for Registered Ethical Security Testers |
CRFS | IMI Certified Red Flag Specialist |
CRISC | ISACA Certified in Risk and Information Systems Control |
CRM | Customer Relations Management |
CRO | Chief Revenue Officer |
CRTOP | IACRB Certified Red Team Operations Professional |
CRUD | Create, Read, Update, Destroy |
CSAE | Cyber Struggle AEGIS |
CSAP | IACRB Certified Security Awareness Practitioner |
CSA CCSK | Cloud Security Alliance Certificate of Cloud Security Knowledge |
CSA CGC | Cloud Security Alliance Cloud Governance & Compliance |
CSA | Consultant Service Agreement |
CSA | EC Council Certified SOC Analyst |
CSBA | QAI Certified Software Business Analyst |
CSCU | EC Council Certified Secure Computer User |
CSFA | CSIAC CyberSecurity Forensic Analyst |
CSIRT | Computer Security Incident Response Team |
CSMA/CD | Carrier Sense Multiple Access with Collision Detection |
CSM | GAQM Certified Scrum Master |
CSPRNG | Cryptographically Secure Pseudo-Random Number Generator |
CSP | Content Security Policy |
CSP | GAQM Certified SAFe Practitioner |
CSRF | Cross-Site Request Forgery |
CSR | Cyber Struggle Ranger |
CSSA | IACRB Certified SCADA Security Architect |
CSSLP | (ISC)2 Certified Secure Software Lifecycle Professional |
CSST | GAQM Certified Software Security Tester |
CSS | Cascading Style Sheets |
CSV | Comma-separated Values |
CSWSH | Cross-Site WebSocket Hijacking |
CSX-F | IBITGQ Cyber Incident Response Management Foundation |
CSX-PA | ISACA Cybersecurity Packet Analysis Certificate |
CSX-P | ISACA Cybersecurity Practitioner |
CSX-T | ISACA Cybersecurity Technical Foundation |
CTF | Capture the Flag |
CTIA | EC Council Certified Threat intelligence Analyst |
CTI | Cyber Threat Intelligence |
CTOps | Cyber Threat Operations |
CTO | Chief Technology Officer |
CTR | Click-through Rate |
CUCM | Cisco Unified Communications Manager |
CVE | Common Vulnerabilities and Exposures |
CVSS | Common Vulnerability Scoring System |
CWE | Common Weakness Enumeration |
CW | Content Warning |
CySA+ | CompTIA Cybersecurity Analyst+ |
C CS F | IBITGQ Certified Cyber Security Foundation |
C&A | Certification and Accreditation |
C&C | Command and Control |
C)CSO | Mile2 Certified Cloud Security Officer |
C)DFE | Mile2 Certified Digital Forensics Examiner |
C)ISCAP | Mile2 Information Systems Certification and Accredidation Professional |
C)ISMS-LA | Mile2 Certified Information security Management Systems Lead Auditor |
C)ISSA | Mile2 Certified Information Systems Security Auditor |
C)ISSM | Mile2 Certified Information Systems Security Manager |
C)ISSO | Mile2 Certified Information Systems Security Officer |
C)NFE | Mile2 Certified Network Forensics Examiner |
C)PEH | Mile2 Certified Professional Ethical Hacker |
C)PSH | Mile2 Certified Powershell Hacker |
C)PTC | Mile2 Certified Penetration Testing Expert |
C)PTE | Mile2 Certified Penetration Testing Engineer |
C)SLO | Mile2 Certified Security Leadership Officer |
C)SP | Mile2 Certified Security Principles |
C)VA | Mile2 Certified Vulnerability Assessor |
C)VCP | Mile2 Certified Virtualization & Cloud Principles |
C)VE | Mile2 Certified Virtualization Engineer |
C)VFE | Mile2 Certified Virtualization Forensics Examiner |
DACL | Discretionary Access Control List |
DACRP | DRI Associate Cyber Resilience Professional |
DAO | Direct Access Object |
DAST | Dynamic Application Security Testing |
DBA | Database Administrator |
DCBCA | DRI Certified Business Continuity Auditor |
DCBCLA | DRI Certified Business Continuity Lead Auditor |
DCCRP | DRI Certified Cyber Resilience Professional |
DCOM | Distributed Component Object Model |
DCPP | DSCI Certified Privacy Professional |
DCRMP | DRI Certified Risk Management Professional |
DCSA | Defense Counterintelligence and Security Agency |
DCS | Data Communication Systems |
DCS | Distributed Control System |
DC | Data Center |
DC | Domain Controller (Active Directory) |
DDE | Dynamic Data Exchange |
DDoS | Distributed Denial of Service |
DES | Data Encryption Standard |
DevNet A | Cisco DevNet Associate |
DevNet Pro | Cisco DevNet Professional |
DFIR | Digital Forensics Incident Response |
DH | Diffie-Hellman key exchange |
DISA | Defense Information Systems Agency |
DKIM | Domain Keys Identified Mail |
DLL | Dynamic-link Library |
DLP | Data Loss Prevention |
DMARC | Domain-based Message Authentication, Reporting & Conformance |
DMA | Direct Memory Access |
DMZ | Demilitarized Zone |
DM | Direct Message |
DNS | Deferred Net Settlement (banking) |
DNS | Domain Name System |
DN | Distinguished Name (LDAP) |
DOB | Date of Birth |
DOM | Document Object Model |
DoS | Denial of Service |
DPAPI | Data Protection API |
DPA | Data Processing Agreement |
DPA | Data Protection Act (UK law) |
DPIA | Data Protection Impact Assessment |
DPP | Data and Privacy Protection |
DRAC | Dell Remote Access Control |
DRI | Disaster Recovery Institute |
DRM | Digital Rights Management |
DRP | Disaster Recovery Planning |
DR | Disaster Recovery |
DSA | Digital Signature Algorithm |
DSCI | Data Security Council of India |
DTP | Dynamic Trunking Protocol (Cisco) |
EBS | Amazon Elastic Block Store |
eCDFP | eLearnSecurity Certified Digital Forensics Professional |
ECES | EC Council Certified Encryption Specialist |
ECIH | EC Council Certified Incident Handler |
eCIR | eLearnSecurity Certified Incident Responder |
eCMAP | eLearnSecurity Certified Malware Analysis Professional |
eCPPT | eLearnSecurity Certified Professional Penetration Tester |
eCPTX | eLearnSecurity Certified Penetration Tester eXtreme |
eCRE | eLearnSecurity Certified Reverse Engineer |
ECSA | EC Council Certified Security Analyst |
ECSS | EC Council Certified Security Specialist |
eCTHP | eLearnSecurity Certified Threat Hunting Professional |
eCXD | eLearnSecurity Certified eXploit Developer |
EDRP | EC Council Disaster Recovery Professional |
EDR | Endpoint Detection and Response |
EEHF | EXIN Ethical Hacking Foundation |
EEXIN ISM | EXIN Information Security Management Expert |
EFF | Electronic Frontier Foundation |
EF | Exposure Factor |
EICAR | Antivirus test file |
EIGRP | Enhanced Interior Gateway Routing Protocol |
EISM | EC Council Information Security Manager |
EITCA/IS | EITCA/IS Information Security Certificate |
eJPT | eLearnSecurity Junior Penetration Tester |
ELF | Executable and Linkable Format |
EL | Engagement Letter |
eMAPT | eLearnSecurity Mobile Application Penetration Tester |
EMR | Electromagnetic Radiation |
EnCE | OpenText EnCase Certified Examiner |
eNDP | eLearnSecurity Network Defense Professional |
EOL | End of Life |
EOP | Elevation/Escalation of Privilege |
EOR | Employer of Record |
EPDPE | EXIN Privacy and Data Protection Essentials |
EPDPF | EXIN Privacy and Data Protection Foundation |
EPDPP | EXIN Privacy and Data Protection Practitioner |
EPT | External Penetration Testing |
ERP | Enterprise Resource Planning |
ES | Enterprise Security |
ETA | Ewil Twin Attack (Wi-Fi) |
EVP | Executive Vice President |
eWDP | eLearnSecurity Web Defense Professional |
eWPTX | eLearnSecurity Web Application Penetration Tester eXtreme |
eWPT | eLearnSecurity Web Application Penetration Tester |
EXIN CIT | EXIN Cyber & IT Security |
EXIN PCA | EXIN Professional Cloud Administrator |
EXIN PCSA | EXIN Professional Cloud Solution Architect |
EXIN PCSerM | EXIN Professional Cloud Service Manager |
EXIN PCSM | EXIN Professional Cloud Security Manager |
F5 CA | F5 Big-IP Certified Administrator |
F5 CSE Sec | F5 Big-IP Certified Solution Expert - Security |
F5 CTS APM | F5 Big-IP Certified Technical Specialist - Access Policy Manager |
F5 CTS DNS | F5 Big-IP Certified Technical Specialist - Domain Name Services |
FDE | Full Disk Encryption |
FERPA | Family Educational Rights and Privacy Act |
FEXIN | EXIN Information Secourity Foundation |
FIM | File Integrity Monitoring |
FQDN | Fully Qualified Domain Name |
FTC | Full Time Contract |
FTE | Full Time Employee |
FTP | File Transfer Protocol |
FUD | Fear, Uncertainty and Doubt |
FW | Firewall |
FYI | For Your Information |
FYSA | For Your Situational Awareness |
GAQM | Global Association for Quality Management |
GASF | GIAC Advanced Smartphone Forensics |
GAWN | GIAC Assessing Wireless Networks |
GBFA | GIAC Battlefield Forensics and Acquisition |
GCCC | GIAC Critical Controls Certification |
GCDA | GIAC Certified Detection Analyst |
GCED | GIAC Certified Enterprise Defender |
GCFA | GIAC Certified Forensic Analyst |
GCFE | GIAC Cerified Forensics Examiner |
GCIA | GIAC Certified Intrusion Analyst |
GCIH | GIAC Certified Incident Handler |
GCIP | GIAC Critical Infrastructure Protection |
GCPEH | GAQM Certified Professional Ethical Hacker |
GCPM | GIAC Certified Project Manager |
GCPT | GAQM Certified Penetration Tester |
GCSA | GIAC Cloud Security Automation |
GCTI | GIAC Cyber Threat Intelligence |
GCWN | GIAC Certified Windows Security Administrator |
GC | Garbage Collection |
GDAT | GIAC Defending Advanced Threats |
GDPR | General Data Protection Regulation |
GDSA | GIAC Defensible Security Architecture |
GEOINT | Geospatial Intelligence |
GEVA | GIAC Enterprise Vulnerability Assessor |
GIAC | Global Information Assurance Certification |
GICSP | GIAC Global Industrial Security Professional |
GISF | GIAC Information Security Fundamentals |
GISP | GIAC Information Security Professional |
GLEG | GIAC Law of Data Security & Investigations |
GMOB | GIAC Mobile Device Security Analyst |
GMON | GIAC Continuous Monitoring |
GNFA | GIAC Network Forensic Analyst |
Google ACE | Google Associate Cloud Engineer |
Google PCSA | Google Professional Cloud Architect |
Google PCSE | Google Professional Cloud Security Engineer |
GOSI | GIAC Open Source Intelligence |
GPEN | GIAC Certified Penetration Tester |
GPG | GNU Privacy Guard |
GPO | Group Policy Object |
GPPA | GIAC Certified Perimeter Protection Analyst |
GPP | Group Policy Preferences (Active Directory) |
GPYC | GIAC Python Coder |
GRC | Governance, Risk and Compliance |
GREM | GIAC Reverse Engineering Malware |
GRE | Generic Routing Encapsulation |
GRID | GIAC Response and Industrial Defense |
GSEC | GIAC Security Essentials Certification |
GSE | GIAC Security Expert |
GSLC | GIAC Security Leadership Certification |
GSM | Global System for Mobile (communications) |
GSNA | GIAC Systems and Network Auditor |
GSSP | GIAC Secure Software Programmer JAVA or .NET |
GSTRT | GIAC Strategic Planning, Policy and Leadership |
GUID | Globally Unique Identifier |
GUI | Graphical User Interface |
GWAPT | GIAC Web Application Penetration Tester |
GWEB | GIAC Certified Web Application Defender |
GWT | Google Web Toolkit |
GXPN | GIAC Exploit Researcher and Advanced Penetration Tester |
HIDS | Host IDS (Intrusion Detection System) |
HIPAA | Health Insurance Portability Accountability Act |
HIPS | Host IPS (Intrusion Prevention System) |
HKCC | HKEY_CURRENT_CONFIG Windows registry hive |
HKCR | HKEY_CLASSES_ROOT Windows registry hive |
HKCU | HKEY_CURRENT_USER Windows registry hive |
HKLM | HKEY_LOCAL_MACHINE Windows registry hive |
HKU | HKEY_USERS Windows registry hive |
HMAC | Hash-based Message Authentication Code. |
HOF | Hall of Fame |
HPP | HTTP Parameter Pollution |
HSTS | HTTP Strict Transport Security |
I2P | Invisible Internet Project |
IaaS | Infrastructure as a Service |
IACIS | International Association of Computer Investigative Specialists |
IACRB | Information Assurance Certification Review Board |
IAM | Identity Access Management |
IANAL | I am not a lawyer |
IAPP | International Association of Privacy Professionals |
IAR | Information Asset Register |
IAST | Interactive Application Security Testing |
IAVA | Information Assurance Vulnerability Alert |
IAVM | Information Assurance Vulnerability Management |
IBITGQ | International Board for IT Governance Qualifications |
ICE | Intrusion Countermeasures Electronics |
ICMP | Internet Control Message Protocol |
ICS | Incident Command System |
ICS | Industrial Control System |
IDE | Integrated Development Environment |
IDM | Identity Management |
IDOR | Insecure Direct Object Reference |
IDS | Intrusion Detection System |
ID | Information Disclosure |
IEC | International Electrotechnical Commission |
IEEE | Institute of Electrical and Electronics Engineers |
IETF | Internet Engineering Task Force |
IG | Information Governance |
IIA CIA | Institute of Internal Auditors Certified Internal Auditor |
IIA | Institute of Internal Auditors |
IIBA CCA | IIBA Certification in Cybersecurity Analysis |
IIBA | International Institute of Business Analysis |
IIoT | Industrial Internet of Things |
IIRC | If I recall correctly |
IKE | Internet Key Exchange |
iLO | HP Integrated Lights Out |
IMI | Identity Management Institute |
IMMA | Isolate, Minimize, Monitor, Active Defense (IR) |
IMPS | Immediate Payment Service (banking) |
IM | Instant Messaging |
IOC | Indicator of Compromise |
IoT | Internet of Things |
IPMI | Intelligent Platform Management Interface |
IPP | Internet Printing Protocol |
IPsec | Internet Protocol Security |
IPSec | Internet Protocol Security |
IPS | Intrusion Prevention System |
IPT | Internal Penetration Testing |
IP | Intellectual Property |
IP | Internet Protocol |
IRC | Internet Relay Chat |
IRL | In real life |
IRM | Information Rights Management |
IRP | Incident Response Plan or Policy |
IR | Incident Response |
ISACA | Information Systems Audit and Control Association |
ISAC | Information Sharing and Analysis Center |
ISAKMP | Internet Security Association Key Management Protocol |
ISA CE | ISA Cybersecurity Expert |
ISA CFS | ISA Certified Fundamentals Specialist |
ISA CRAS | ISA Certified Risk Assesment Specialist |
ISA | International Society of Automation |
ISECOM | Institute for Security and Open Methodologies |
ISMS | Information Security Management System |
ISM | Information Security Manual |
ISO | Information System Owner (in RMF - Risk Management Framework) |
ISO | International Organization for Standardization |
ISP | Internet Service Provider |
ISSAF | Information Systems Security Assessment Framework |
ITIL Fdn | ITIL Foundation |
ITIL Master | ITIL Master |
ITIL MP | ITIL Managing Professional |
ITIL SL | ITIL Strategic Leader |
ITIL | Information Technology Infrastructure Library |
IT | Information Technology |
I&C | Instrumentation and Control |
JCE | Java Cryptography Extension |
JMX | Java Management Extensions |
JNCIA Sec | Juniper Networks Certified Internet Associate, Security |
JNCIE Sec | Juniper Networks Certified Internet Expert, Security |
JNCIP Sec | Juniper Networks Certified Internet Professional, Security |
JNCIS Sec | Juniper Networks Certified Internet Specialist, Security |
JPEG | Joint Photographic Experts Group |
JSON | JavaScript Object Notation |
JSP | Jakarta Server Pages |
JSP | Java Servlet Pages |
JS | JavaScript |
JVM | Java Virtual Machine |
JWT | JSON Web Token |
K8S | Kubernetes |
KC | Kill Chain |
KLCP | Kali Linux Certified Professional |
KMaaS | Key Management as a Service |
KMS | Key Management Service |
LAMP | Linux, Apache, MySQL, and PHP |
LAN | Local Area Network |
LDAP | Lightweight Directory Access Protocol |
LE | Let's Encrypt |
LFCA | Linux Foundation Certified IT Associate |
LFCE | Linux Foundation Certified Engineer |
LFCS | Linux Foundation Certified System Administrator |
LFI | Local File Inclusion |
LKM | Loadable Kernel Modules |
LLMNR | Link-Local Multicast Name Resolution protocol |
LM | LAN Manager (Windows) |
LOIC | Low Orbit Ion Cannon |
LPA | Least Privilege Access |
LPE | Local Privilege Escalation |
LPIC-1 | Linux Professional Institute Certified: Linux Administrator |
LPIC-2 | Linux Professional Institute Certified: Linux Engineer |
LPIC-3 | Linux Professional Institute Certified: 303 Security |
LPT | EC Council Licensed Penetration Tester |
LSASS | Local Security Authority Subsystem Service |
LTE | Long-Term Evolution |
LTS | Long-Term Support |
M365 EAE | Microsoft 365 Certified Enterprise Administrator Expert |
MAC | Mandatory Access Control |
MAC | Media Access Control (MAC address) |
MAC | Message Authentication Code |
MAC | Milestone Acceptance Certificate |
MD5 | Message Digest 5 (hash) |
MDR | Managed Detection and Response |
MFA | Multi-factor Authentication |
MIME | Multipurpose Internet Mail Extensions |
MISP | Malware Information Sharing Platform |
MitM | Man-in-the-Middle |
MMC | Microsoft Management Console |
MOTD | Message of the day banner |
MPLS | Multi-Protocol Label Switching |
MQ | Message Queue |
MRA | Mobile and Remote Access |
MSA | Master Service Agreement |
MSCT | Microsoft Security Compliance Toolkit |
MSSP | Managed Security Services Provider |
MS | Member Server (Active Directory) |
MS | Microsoft |
MTA | Microsoft Technology Associate |
MVP | Mimimum Viable Product (the smallest, simplest thing that meets the criteria) |
NAC | Network Access Control |
NAT | Network Address Translation |
NBNS | NetBIOS Name Service |
NCSC CCPLP | NCSC Certified Cybersecurity Professional - Lead Practitioner |
NCSC CCPP | NCSC Certified Cybersecurity Professional - Practitioner |
NCSC CCPSP | NCSC Certified Cybersecurity Professional - Senior Practitioner |
NCSC | National Cyber Security Centre |
NCS | National Cybersecurity Strategy |
NDA | Non-disclosure agreement |
NEFT | National Electronic Funds Transfer (banking) |
Net+ | CompTIA Network+ |
NFS | Network File System |
NGFW | Next Generation Firewall |
NIDS | Network IDS (Intrusion Detection System) |
NIPS | Network IPS (Intrusion Prevention System) |
NIST | National Institute of Science & Technology |
NLA | Network Level Authentication |
NOC | Network Operations Centre |
NOP | No Operation |
NPE | Null Pointer Exception |
NSE 4 | NSE 4 - FortiNET Network Security Professional |
NSE 7 | NSE 7 - FortiNET Network Security Architect |
NSE 8 | NSE 8 - Fortinet Network Security Expert |
NTLM | New Technology LAN Manager (Windows) |
NVD | National Vulnerability Database |
OBOE | Off-by-one Error |
OCR | Optical Character Recognition |
OEM | Original Equipment Manufacturer |
OOB | Out-of-band |
OOP | Object-oriented Programming |
OPSA | ISECOM OSSTMM Professional Security Analyst |
OPSEC | Operations Security |
OPSE | ISECOM OSSTMM Professional Security Expert |
OPST | ISECOM OSSTMM Professional Security Tester |
OSCE | Offensive Security Certified Expert |
OSCP | Offensive Security Certified Professional |
OSEE | Offensive Security Exploitation Expert |
OSEP | Offensive Security Experienced Penetration Tester |
OSGI | Open Services Gateway Initiative |
OSINT | Open Source Intelligence |
OSPF | Open Shortest Path First |
OSSTMM | Open Source Security Testing Methodology Manual |
OSWE | Offensive Security Web Expert |
OSWP | Offensive Security Wireless Professional |
OTA | Over-the-air programming |
OTP | One-time Password |
OTX | Open Threat Exchange |
OT | Operational Technology |
OWASP | Open Web Application Security Project |
OWA | Outlook Web Access |
OWSE | ISECOM OSSTMM Wireless Security Expert |
P2P | Peer to Peer |
PaaS | Platform as a service |
PACES | Pentester Academy Certified Enterprise Security Specialist |
PAM | Post-Accident Monitoring |
PAN | Personal Area Network |
PAN | Primary Account Number |
PASTA | Process for Attack Simulation and Threat Analysis |
PA CRTE | Pentester Academy Certified Red Teaming Expert |
PA CRTP | Pentester Academy Certified Red Team Professional |
PCAP | Packet Capture |
PCCSA | Palo Alto Networks Certified Cybersecurity Associate |
PCIDSS | Payment Card Industry Data Security Standards |
PCI | Payment Card Industry |
PCNSA | Palo Alto Networks Certified Network Security Administrator |
PCNSE | Palo Alto Networks Certified Network Security Engineer |
PCRE | Perl-compatible Regular Expressions |
Portable Document Format | |
PEBCAK | Problem Exists Between Chair and Keyboard |
PEBKAC | Problem Exists Between Keyboard And Chair. |
PEB | Process Environment Block |
Pentest+ | CompTIA Pentest+ |
PERSEC | Personal Security (military) |
PEXIN ISM | EXIN Information Security Management Professional |
PE | Portable Executable (Windows executable) |
PE | Privilege Escalation |
PFS | Perfect Forward Secrecy |
PGP | Pretty Good Privacy |
PHI | Protected Health Information |
PHR | Personal Health Record |
PIC | Position Independent Code |
PID | Process Identifier |
PII | Personally Identifiable Infomation |
PIN | Personal Identification Number |
PKI | Public Key Infrastructure |
PLC | Programmable Logic Controller |
PLC | Programmable Logic Controllers |
PLD | Payload |
PMI | Project Management Institute |
PMP | Project Management Professional certification |
PM | Product Manager |
PM | Program Manager |
PNG | Portable Network Graphics |
POA&M | Plan of Action & Mitigation |
PoC | Proof of Concept |
PoE | Power over Ethernet |
POP | Post Office Protocol |
POP | Procedure-oriented Programming |
PO | Purchase Order |
PPPoEoA | PPPoE over ATM |
PPPoE | Point-to-Point Protocol over Ethernet |
PPP | Point-to-Point Protocol |
PPP | Public Private Partnership |
PPS | Plant Protection System |
PRNG | Pseudo-Random Number Generator |
PSH | Powershell |
PSK | Pre-shared Key |
PTES | Penetration Testing Execution Standard |
PTO | Personal Time Off |
PTRF | Penetration Test Request Form |
PTR | DNS pointer record (hostname -> IP) |
PTR | Penetration Test Request |
PT | Penetration Test |
QR | Quick Response code |
QSA | Quality Security Assessor |
RASP | Runtime Application Self-Protection |
RAT | Remote Access Tool |
RAT | Remote Administration Tool |
RBAC | Role Based Access Control |
RBA | Risk-based Assessment |
RCA | Root Cause Analysis |
RCE | Remote Code Execution |
RCP | Remote Copy |
RDP | Remote Desktop Protocol |
REST | Representational State Transfer (web services) |
REXEC | Remote Execute |
RE | Reverse Engineering |
RFID | Radio Frequency Identification (card) |
RFI | Remote File Inclusion |
RFI | Request For Information |
RFP | Request For Proposal |
RFQ | Request for Quotation |
RHCA | Red Hat Certified Architect |
RHCE | Red Hat Certified Engineer |
RHCSA | Red Hat Certified System Administrator |
RMF | Risk Management Framework |
RMI | Remote Method Invocation |
RM | Records Management |
RoE | Rules of Engagement |
ROM | Read-Only Medium |
ROM | Read-Only Memory |
ROPA | Record of Processing Activity (GDPR article 30) |
ROP | Return Oriented Programming |
RPC | Remote Procedure Call |
RPO | Recovery Point Objective |
RSA | Rivest-Shamir-Adleman (encryption) |
RSH | Remote Shell |
RTFM | Read The Fucking Manual |
RTGS | Real-Time Gross Settlement (banking) |
RTO | Recovery Time Objective |
RTP | Real-time Transport Protocol |
SaaS | Security as a Service |
SaaS | Software as a Service |
SABSA SCF | SABSA Chartered Security Architect - Foundation Certificate |
SABSA SCM | SABSA Chartered Security Architect - Master Certificate |
SABSA SCP | SABSA Chartered Security Architect - Practitioner Certificate |
SAML | Security Assertion Markup Language |
SANS | SysAdmin Audit Network Security institute |
SASL | Simple Authentication and Security Layer |
SAST | Static Application Security Testing |
SA | Security Association (VPN) |
SA | Situational Awareness |
SBC | Session Border Controller |
SBC | Single Board Computer |
SCADA | Supervisory Control And Data Acquisition |
SCA | Software Composition Analysis |
SCA | SUSE Certified Administrator |
SCCM | System Center Configuration Manager |
SCCs | Standard Contractual Clauses |
SCD | Source Code Disclosure |
SCE | SUSE Certified Engineer |
SDA | Sensitive Digital Assets |
SDK | Software Development Kit |
SDLC | Software Development Lifecycle |
SDN | Software-defined Networking |
SECaaS | Security as a Service |
SECO | Security & Continuity Institute |
SEH | Structured Exception Handling |
SFCCCC | SalesForce Certified Community Cloud Consultant |
SFCIAMD | SalesForce Certified Identity and Access Management Designer |
SFCTA | Salesforce Certified Technical Architect |
SFSA | SalesForce System Architect |
SHA | Secure Hash Algorithm |
SID | Security Identifier (Windows) |
SIEM | Security Information and Event Management |
SIP | Session Initiation Protocol |
SIR | Security Incident Response (plan) |
SLAAC | Stateless Address Autoconfiguration (attack) |
SLA | Service-level Agreement |
SLD | Second-level Domain |
SLE | Single Loss Expentancy |
SMB | Server Message Block |
SME | Subject Matter Expert |
SMTP | Simple Mail Transfer Protocol |
SNMP | Simple Network Management Protocol |
SOAP | Simple Object Access Protocol |
SOAR | Security Orchestration, Automation and Response |
SOA | Service-oriented Architecture |
SOA | Start of authority record (DNS) |
SOCaaS | Security Operations Center as a Service |
SOCKS | Socket Secure protocol |
SOCMINT | Social Media Intelligence |
SOC | Security Operations Center |
SOC | System On a Chip |
SOHO | Small Office, Home Office |
SOP | Same-origin Policy |
SOP | Standard Operating Procedure |
SOW | Statement of Work |
SPF | Sender Policy Framework |
SPI | Security Parameter Index |
Splunk ECSA | Splunk Enterprise Security Certified Administrator |
SPN | Service Principal Name |
SQLi | SQL Injection |
SRE | Site Reliability Engineering |
SRI | Security Risk Intelligence |
SRP | Software Restriction Policies (Windows) |
SSCP | (ISC)2 Systems Security Certified Practitioner |
SSDLC | Secure Software Development Lifecycle |
SSE | Server Side Encryption |
SSH | Secure Shell |
SSID | Service Set Identifier |
SSI | Server Side Includes |
SSL | Secure Sockets Layer |
SSN | Social Security number |
SSO | Single Sign-on |
SSP | Security Support Provider |
SSRF | Server-side Request Forgery |
STEM | Science, Technology, Engineering, and Math |
STIG | Security Technical Implementation Guides |
STIX | Structured Threat Information Expression |
STP | Spanning Tree Protocol |
STS | Security Token Service |
STUN | Session Traversal Utilities for NAT |
SVP | Senior Vice President |
SWRE | Software Reverse Engineering |
S-CEHL | SECO Certified Etheical Hacker Leader |
S-CISO | SECO Certified Information Security Officer |
S-EHE | SECO Ethical Hacker Expert |
S-EHF | SECO Ethical Hacking Foundation |
S-EHP | SECO Ethical Hacking Practitioner |
S-ISF | SECO Information Security Foundation |
S-ISME | SECO Information Security Management Expert |
S-ISP | SECO Information Security Practitioner |
S-SPF | SECO Secure Programming Foundation |
TBD | To Be Discussed |
TBD | To Be Done |
TCO | Total Cost of Ownership |
TCP | Transmission Control Protocol |
TEB | Thread Environment Block |
TGT | Ticket Granting Ticket (Kerberos) |
TI | Threat Intelligence |
TKIP | Temporal Key Integrity Protocol |
TLDR | Too long, didn't read |
TLD | Top-level Domain |
TLS | Transport Layer Security |
TOCTOU | Time-of-check to time-of-use (race condition) |
ToE | Target of Evaluation |
TOGAF Fdn | OpenGroup TOGAF Certified |
TOGAF | The Open Group Architecture Framework |
TOR | The Onion Router |
TOTP | Time-based One-time Password |
TPB | The Pirate Bay |
TPM | Technical Product Manager |
TPM | Technical Program Manager |
TPM | Trusted Platform Module |
TPoC | Technical Point of Contact |
TTD | Time to Detection |
TTL | Time to live (IP, DNS, HTTP protocols) |
TTP | Tactics, Techniques, and Procedures |
TUV Auditor | TUV Rheinland IT Security Auditor (GERMAN) |
TUV COTCP | TUV Rheinland Certified Operational Technology Cybersecurity Professional (GERMAN) |
TUV CyAware | TUV Rheinland Cybersecurity Awareness (GERMAN) |
TUV CySec | TUV Rheinland Cybersecurity Specialist (GERMAN) |
TUV ITSM | TUV IT Security Manager (GERMAN) |
TUV MSA | TUV Rheinland Mobile Security Analyst (GERMAN) |
UAC | User Account Control |
UAT | User Acceptance Testing |
UBA | User Behaviour Analytics |
UC | Unified Communications |
UC | Unintended Consequences |
UDP | User Datagram Protocol |
UEBA | User and Entity Behaviour Analytics |
UPI | Unified Payments Interface (banking) |
UPS | Uninterruptible Power Supply |
URI | Uniform Resource Identifier |
URL | Uniform Resource Locator |
URN | Uniform / Universal Resource Name |
UTMS | Universal Mobile Telecommunications Service |
UUID | Universally Unique Identifier |
VAPT | Vulnerability Assessment and Penetration Test |
VA | Vulnerability Assessment |
VCDX DCV | VMware Certified Design Expert in Datacenter Virtualization |
VCIX DCV | VMware Certified Implementation Expert in Datacenter Virtualization |
VCIX NV | VMware Certified Implementation Expert in Network Virtualization |
VCP DCV | VMware Certified Professional in Datacenter Virtualization |
VCP NV | VMware Certified Professional in Network Virtualization |
VCS | Cisco TelePresence Video Communication Server (SIP trunk) |
VDI | Virtual Desktop Infrastructure |
VDP | Vulnerability Disclosure Program |
VLAN | Virtual Local Area Network |
VLOM | Vulnerability Lifecycle Management |
VMP | Vulnerability Management Program |
VM | Virtual Machine |
VM | Vulnerability Management |
VNC | Virtual Network Computing |
VoIP | Voice over Internet Protocol |
VPC | Virtual Private Cloud |
VPLS | Virtual Private LAN Service |
VPN | Virtual Private Network |
VPRN | Virtual Private Routed Network |
VPR | Vulnerability Priority Rating |
VPS | Virtual Private Server |
VP | Vice President |
VR | Vulnerability Research |
VSA | Vendor Security Assessment |
WAF | Web Application Firewall |
WAMP | Windows, Apache, MySQL, and PHP |
WAN | Wide Area Network |
WAPT | Web Application Penetration Test |
WAP | Web Application Protection |
WAP | Wireless Access Point |
WCE | Windows Credentials Editor |
WCNA | Protocol Analysis Institute Wireshark Certified Network Analyst |
WebDAV | Web Distributed Authoring and Versioning |
WEP | Wired Equivalent Privacy |
WIDS | Wireless Intrusion Detection System |
WIPS | Wireless Intrusion Prevention System |
WIP | Work in Progress |
WMI | Windows Management Instrumentation |
WPA | Wi-Fi Protected Access |
WUI | Web User Interface |
XHR | XMLHttpRequest |
XMPP | Extensible Messaging and Presence Protocol |
XOR | Exclusive Or (encryption) |
XSLT | Extensible Stylesheet Language Transformations |
XSL | Extensible Stylesheet Language |
XSRF | Cross Site Request Forgery |
XSS | Cross Site Scripting |
XXE | XML External Entity |
YARA | Yet Another Recursive Acronym |
Zach EAA | Zachman Enterprise Architect Associate (Level 1) |
Zach EAPro | Zachman Enterprise Architect Professional (Level 3) |
Zach EAP | Zachman Enterprise Architect Practitioner (Level 2) |
ZT | Zero Trust |