Cybersecurity Acronyms – A Practical Glossary

APT – Advanced Persistent Threat:
A bad actor, usually state-sponsored or nation-state group, which uses sophisticated techniques for their criminality. APTs can remain undetected for some time.

AV – Antivirus:
Software used to prevent, detect and remove computer viruses – or malware.

BOTNET – Robot Network:
A group of connected computers controlled by software.

CAPTCHA – Automated Public Turing Test to Tell Computers and Humans Apart:
A response test used to determine whether a user is a human or not.

CEH – Certified Ethical Hacker:
A certified and skilled individual who knows how to look for vulnerabilities and weaknesses in systems using the same tools as a bad actor would. CEHs are also often referred to as penetration testers – or pentester.

CERT – Computer Emergency Response Team:
A group of security experts responsible for incidents and reporting.

CIO – Chief Information Officer:
A senior-level title given to an individual responsible for managing and implementing within the information technology and computer systems.

COO – Chief Operating Officer:
A high-ranking, senior-level executive, usually second in command. COOs are responsible for overseeing day-to-day operations.

CISA – Certified Information Systems Auditor:
A certified individual responsible for implementing an audit strategy for information systems.

CISA – Cybersecurity and Infrastructure Security Agency:
CISA is the Nation’s risk advisor, working with partners to defend against today’s threats and collaborating to build more secure and resilient infrastructure for the future.

CISO – Chief Information Security Officer:
Senior-level executive responsible for an organization’s data and information security. Furthermore, ensuring technologies and information assets are protected.

CISSP – Certified Information Systems Security Professional:
This certification covers the fundamentals of cybersecurity. Individuals that are CISSPs are considered extremely knowledgeable in the cybersecurity field. This certification is offered by ISC(2).

CMMC – Cybersecurity Maturity Model Certification:
Unified standard for implementing cybersecurity across the defense industrial base.

CSO – Chief Security Officer:
A senior executive responsible for information security.

CSP – Cloud Service Provider:
A third-party organization or company offering cloud-based platform, infrastructure, application or storage services.

CVSS – Common Vulnerability Scoring System:
An industry standard for assessing and scoring security vulnerabilities.

DevOps – a portmanteau of “Development” and “Operations”:
A set of practices combining both development and operations. Furthermore, DevOps enables what was once siloed roles to collaborate together, thus producing more reliable products.

DevSecOps – a portmanteau of “Development”, “Security” and “Operations”:
Involves utilizing security best practices from the beginning of development, shifting the focus on security away from auditing at the end and towards development in the beginning using a shift-left strategy.

DHS – Department of Homeland Security:
The United States Department of Homeland Security is the U.S. federal executive department responsible for public security, roughly comparable to the interior or home ministries of other countries.

DoD – Department of Defense:
The United States Department of Defense is an executive branch department of the federal government charged with coordinating and supervising all agencies and functions of the government directly related to national security and the United States Armed Forces.

DDoS – Distributed Denial-of-Service:
When an attacker tries to impede traffic on a targeted server(s) or network(s) and attempts to make a service unserviceable, oftentimes by drowning a system with data requests from multiple systems.

DoS – Denial-of-Service:
Much like a DDoS, a DoS attack attempts employs the same tactics; however, where a DDoS attack uses multiple systems, a DoS attack uses one system to send the bad data.

DLP – Data Loss Prevention:
A set of tools and processes used to be able to label data automatically, apply rules and then decide on whether to allow the data to pass through the system or to prevent it from being used.

DNS – Domain Name Server:
Translates the name of a website (or domain) to a machine-readable IP address. (i.e., www.uscybersecurity.net/subscribe translates to 192.168.x.xx

EDR – Endpoint Detection and Response:
An integrated and layered endpoint solution technology that continuously monitors and collects endpoint data to mitigate risk.

EO – Executive Order:
An issuing of federal directives in the U.S., issued by the President, which manages federal government operations.

FISMA – Federal Information Security Modernization Act:
A United States Federal Law enacted in 2002 as Title III of the E-Government Act of 2002. The act recognized the importance of information security to the economic and national security interests of the United States.

GB – Gigabyte:
A unit of information equal to 1,000 megabytes. An amount of data.

GDPR – General Data Protection Regulation:
A legal framework that sets guidelines to protect the personal data and privacy of European Union citizens and any occurring transactions with member states.

GRC – Governance, Risk Management and Compliance:
An integrated collection of capabilities to help organizations manage IT and security risks, reduce costs and meet compliance requirements.

HIPAA – Health Insurance Portability and Accountability Act:
A federal law that was enacted and signed in 1996 by former President Bill Clinton that protects sensitive patient health information and personally identifiable information from being disclosed without the patient’s consent or knowledge.

HTTPS – Hypertext Transfer Protocol Secure:
A secure version of its predecessor, HTTP, and is also known as SSL (or a Secure Socket Layer). HTTPS is a protocol for secure communication over a computer network.

IA – Information Assurance:
The practice of assuring and managing risks related to the use, processing, storage, and transmission of information.

IAM – Identity and Access Management:
Gartner said it best “the discipline that enables the right individuals to access the right resources at the right times for the right reasons.”

IDS – Intrusion Detection System:
A network security technology that monitors networks and traffic for any vulnerability exploits or malicious activity; however, it requires a human to examine any detected threatening results.

InfoSec – a portmanteau of “Information” and “Security”:
A set of practices meant to keep data (information) secure from unauthorized users/access.

IoT – Internet of Things:
A network of objects – or ‘things’ – that are internet-connected and collect and transfer data over systems and devices over the Internet.

IP (address) – Internet Protocol Address:
A ‘unique’ string of numbers (or address) assigned to each device on the local network or Internet.

IP – Intellectual Property:
Creations of the human mind (or intellect) which includes intangible creations. (Think copyright, patents, and trade secrets).

IPS – Intrusion Prevention System:
A network security technology (and control system) that monitors networks and traffic for any vulnerability exploits or malicious activity which will automatically either allow or deny the detected traffic (good or bad) based on its established ruleset.

ISACA – Information Systems Audit and Control Association:
An international professional association focused on IT governance. ISACA provides practical guidance, benchmarks, and tools for enterprises that use information systems. Through its comprehensive publications and services, ISACA defines roles for information system governance, security, audit, and assurance professionals worldwide.

ISO – International Organization for Standardization:
An independent, non-governmental international organization that develops international standards including ISO 27001.

ISSO – Information Systems Security Officer:
An individual responsible for an organization’s information security, protecting information and preventing unauthorized access.

IT – Information Technology:
The use of computers and systems to store or retrieve data/information.

kHz – Kilohertz:
Used to measure frequency or cycles per second. Equal to 1,000 hertz.

LAN – Local Area Network:
A network that interconnects devices within a specific or limited area.

MB – Megabyte:
A unit of information equal to 1,000,000 bytes. An amount of data.

MFA – Multi-factor Authentication:
A method of identifying yourself through a variety of different sources.

MITRE® ATT&CK – MITRE Adversarial Tactics, Techniques, and Common Knowledge:
A globally accessible knowledge base of adversary tactics and techniques based on real-world observations.

MSP – Managed Service Provider:
A company or organization that remotely manages, monitors, and maintains their customer’s IT department and infrastructure.

NCSAM – National Cybersecurity Awareness Month:
Created to raise awareness about the importance of cybersecurity across our Nation, ensuring that all Americans have the resources they need to be safer and more secure online. NCASM is in October.

NGFW – Next-generation Firewall:
Gartner said it best again “NGFWs are deep-packet inspection firewalls that move beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall.”

NICCS – National Initiative for Cybersecurity Careers and Studies:
Managed by the Cybersecurity Defense Education and Training subdivision within the Cybersecurity and Infrastructure Security Agency’s (CISA) Cybersecurity Division, the vision of NICCS is to provide the nation with the tools and resources necessary to ensure the Nation’s workforce has the appropriate training and education in the cybersecurity field.

NICE – National Institute for Cybersecurity Education:
Led by the National Institute of Standards and Technology (NIST) in the U.S. Department of Commerce, NICE is a partnership between government, academia, and the private sector focused on cybersecurity education, training, and workforce development.

NIST – National Institute of Standards and Technology:
Founded in 1901, NIST’s mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. NIST is known for their Cybersecurity Framework which is a set of guidelines for private sector companies in the U.S. to follow and use to be prepared for identifying, detecting, and responding to cyber-attacks.

NSA/CSS – National Security Agency/Central Security Service:
Leads the U.S. Government in cryptology that encompasses both signals intelligence and information assurance (now referred to as cybersecurity) products and services and enables computer network operations in order to gain a decision advantage for the Nation and our allies under all circumstances.

OSI model – Open Systems Interconnection model:
A conceptual model that describes seven layers computer systems use to communicate with the network and devices connected to it.

OSINT – Open Source Intelligence:
A collective term used to describe all techniques and tools used to harvest information from publicly available resources in a timely manner to support a specific intelligence requirement.

PaaS – Platform as a Service:
A cloud-computing model that allows third-party vendors to deliver software and hardware to users via the Internet. (Think Azure, OpenShift and Zoho Creator).

PCI-DSS – Payment Card Industry Data Security Standard:
Created to set guidelines/standards for companies that accept, process, transmit or store credit card information to improve consumer safety.

PII – Personally Identifiable Information:
Any information that can be used to identify an individual, aka personal data.

RAM – Random Access Memory:
Computer’s memory and short-term data storage. RAM stores information that is being used actively for quick access. 

RASP – Runtime Application Self-Protection:
A security technology that was designed to provide personalized protection to applications by detecting and blocking attacks by taking advantage of information from inside the running software.

RBAC – Role-based Access Control:
Restricts network access based on a user’s role within their respective organization, thus permission is dictated by a user’s roles and permissions are not directly assigned.

RCE – Remote Code Execution:
When a cybercriminal targets and exploits a vulnerability in a network or system and runs arbitrary code.

RF – Radio Frequency:
Any frequency within the electromagnetic spectrum associated with radio wave propagation.

SaaS – Software as a Service:
A service allowing users to connect and use cloud-based apps via the Internet. (Think Zoom, Shopify and SalesForce).

SANS – Sysadmin, Audit, Network and Security:
A cooperative for information security thought leadership, it is SANS’ ongoing mission to empower cybersecurity professionals with the practical skills and knowledge they need to make our world a safer place.

SIEM – Security Information and Event Management:
A solution software that collects and analyzes data and activity from various resources across an entire IT infrastructure in real-time. SIEM provides a thorough and centralized view of security posture.

SOC – Security Operations Center:
A centralized unit with dedicated persons, technology and processes that detect, monitor, and prevent cyberthreats and improve an organization’s security.

SQLi – Structured Query Language Injection:
The placing (injecting) of malicious code into an SQL statement to interfere with queries via web page input to its database.

SSL – Secure Socket Layer:
A security certificate that is used to encrypt data traveling across the Internet, thus protecting sensitive information.

SSO – Single sign-on:
User authentication tool enabling users to securely authenticate themselves and sign in once to access all services and applications.

Sysadmin – System Administrator:
An individual who is responsible for network setup, software configuration, system monitoring, upkeep, and reliable operation of computer systems within an organization.

TB – Terabyte:
A unit of information equal to 1,000 gigabytes. An amount of data.

TCP/IP model – Transmission Control Protocol/Internet Protocol:
A suite of communication protocols used to connect host computers on the Internet.

TTP – Tactics, Techniques and Procedures:
Refers to the tactics, techniques and procedures used by bad actors in cyber-attacks.

UBA – User Behavior Analytics:
As defined by Gartner, UBA is a cybersecurity process about detection of insider threats, targeted attacks and financial fraud.

VPN – Virtual Private Network:
A private network that encrypts and protects data over a public network and online.

WAP – Wireless Application Protocol:
Specification of communication protocols that enables wireless device users to interact with and access services on the Internet.

WAS – Web Application Security:
Protocols and tools used to ensure security against cyberthreats within websites, web applications and varying web services.

XSS – Cross-site Scripting:
A type of vulnerability most often found in web applications.

ZTNA – Zero Trust Network Access:
As defined by Gartner, ZTNA is a product or service that creates an identity – and context-based, logical access boundary around an application or set of applications. Wherein applications are hidden from discovery, and access is restricted via a trust broker to a set of named entities.