Overview of acronyms in the information security domain. This page does not aim to provide a complete list but only to provide the most relevant terms. Also, certain general IT, OT and Privacy acronyms are relevant for information security, but this list only provides the specific Information Security Acronyms. Knowing the meaning of these acronyms helps one understand texts relating to information security better.

• 2FA = Two-Factor Authentication
• ACL = Access Control List
• AES = Advanced Encryption Standard
• APT = Advanced Persistent Threat
• ATT&CK = Adversarial Tactics, Techniques and Common Knowledge
• AUP = Acceptable Use Policy
• AV = Anti-Virus
• C2 = Command and Control
• CA = Certification Authority
• CAPTCHA = Completely Automated Public Turing Test to Tell Computers and Humans Apart
• CASB = Cloud Access Security Broker
• CBC = Cipher Block Chaining
• CBC-MAC = Cipher Block Chaining Message Authentication Code
• CC = Common Criteria
• CEH = Certified Ethical Hacker
• CERT = Computer Emergency Response Team
• CIAC = Computer Incident Advisory Capability
• CSIRT = Computer Security Incident Response Team
• CISO = Chief Information Security Officer
• CRL = Certificate Revocation List
• CTI = Cyber Threat Intelligence
• CVE = Common Vulnerabilities and Exposure
• CVSS = Common Vulnerability Scoring System
• CWE = Common Weakness Enumeration
• DAST = Dynamic Application Security Testing
• DDoS = Distributed Denial of Service
• DES = Digital Encryption Standard
• DLP = Data Loss Prevention
• DMZ = Demilitarized Zone
• DoS = Denial of Service
• DRP = Disaster Recovery Plan
• E2EE = End-to-End Encryption
• EAL = Evaluation Assurance Level
• EDR = Endpoint Detection and Response
• ERM = Enterprise Risk Management
• FDE = Full Disk Encryption
• HMAC = Hash-Based Message Authentication Code
• IAM = Identity and Access Management
• IBE = Identity-Based Encryption
• IDPS = Intrusion Detection and Prevention System
• IDS = Intrusion Detection System
• IOC = Indicator of Compromise
• IPS = Intrusion Prevention System
• IPSec = Internet Protocol Security
• IR = Incident Response
• IRP = Incident Response Plan
• IRT = Incident Response Team
• ISMS = Information Security Management System
• MAC = Message Authentication Code
• MDR = Managed Detection and Response
• MFA = Multi-Factor Authentication
• MSSP = Managed Security Service Provider
• NAC = Network Access Control
• NDR = Network Detection and Response
• NVD = National Vulnerability Database
• OSINT = Open Source intelligence
• PAM = Privileged Access Management
• PAP = Policy Administration Point
• PDP = Policy Decision Point
• PEP = Policy Enforcement Point
• PGP = Pretty Good Privacy
• PIP = Policy Information Point
• PKI = Public Key Infrastructure
• PQC = Post-Quantum Cryptography
• PRP = Policy Retrieval Point
• PSK = Pre-Shared Key
• RBAC = Role-Based Access Control
• RPO = Recovery Point Objective
• RTO = Recovery Time Objective
• SAML = Security Assertion Markup Language
• SASE = Secure Access Service Edge
• SAST = Static Application Security Testing
• SCA = Security Control Assessor
• SHA = Secure Hash Algorithm
• SIEM = Security Information and Event Management
• SOAR = Security Orchestration, Automation, and Response
• SOC = Security Operations Center
• SSDLC = Secure Software Development Life Cycle
• SSH = Secure Shell
• SSL = Secure Socket Layer
• SSO = Single Sign-On
• TLS = Transport Layer Security
• TPM = Trusted Platform Module
• VPN = Virtual Private Network
• WAF = Web Application Firewall
• XDR = Extended Detection and Response
• ZTNA = Zero Trust Network Access

Are you missing a certain acronym specifically related to information security? Please add a comment or write a message to me.

Also check out the additional acronym lists:

• IT Acronyms
• OT Acronyms
• Privacy Acronyms