Overview of acronyms in the information security domain. This page does not aim to provide a complete list but only to provide the most relevant terms. Also, certain general IT, OT and Privacy acronyms are relevant for information security, but this list only provides the specific Information Security Acronyms. Knowing the meaning of these acronyms helps one understand texts relating to information security better.
- 2FA = Two-Factor Authentication
- ACL = Access Control List
- AES = Advanced Encryption Standard
- APT = Advanced Persistent Threat
- ATT&CK = Adversarial Tactics, Techniques and Common Knowledge
- AUP = Acceptable Use Policy
- AV = Anti-Virus
- C2 = Command and Control
- CA = Certification Authority
- CAPTCHA = Completely Automated Public Turing Test to Tell Computers and Humans Apart
- CASB = Cloud Access Security Broker
- CBC = Cipher Block Chaining
- CBC-MAC = Cipher Block Chaining Message Authentication Code
- CC = Common Criteria
- CEH = Certified Ethical Hacker
- CERT = Computer Emergency Response Team
- CIAC = Computer Incident Advisory Capability
- CSIRT = Computer Security Incident Response Team
- CISO = Chief Information Security Officer
- CRL = Certificate Revocation List
- CTI = Cyber Threat Intelligence
- CVE = Common Vulnerabilities and Exposure
- CVSS = Common Vulnerability Scoring System
- CWE = Common Weakness Enumeration
- DAST = Dynamic Application Security Testing
- DDoS = Distributed Denial of Service
- DES = Digital Encryption Standard
- DLP = Data Loss Prevention
- DMZ = Demilitarized Zone
- DoS = Denial of Service
- DRP = Disaster Recovery Plan
- E2EE = End-to-End Encryption
- EAL = Evaluation Assurance Level
- EDR = Endpoint Detection and Response
- ERM = Enterprise Risk Management
- FDE = Full Disk Encryption
- HMAC = Hash-Based Message Authentication Code
- IAM = Identity and Access Management
- IBE = Identity-Based Encryption
- IDPS = Intrusion Detection and Prevention System
- IDS = Intrusion Detection System
- IOC = Indicator of Compromise
- IPS = Intrusion Prevention System
- IPSec = Internet Protocol Security
- IR = Incident Response
- IRP = Incident Response Plan
- IRT = Incident Response Team
- ISMS = Information Security Management System
- MAC = Message Authentication Code
- MDR = Managed Detection and Response
- MFA = Multi-Factor Authentication
- MSSP = Managed Security Service Provider
- NAC = Network Access Control
- NDR = Network Detection and Response
- NVD = National Vulnerability Database
- OSINT = Open Source intelligence
- PAM = Privileged Access Management
- PAP = Policy Administration Point
- PDP = Policy Decision Point
- PEP = Policy Enforcement Point
- PGP = Pretty Good Privacy
- PIP = Policy Information Point
- PKI = Public Key Infrastructure
- PQC = Post-Quantum Cryptography
- PRP = Policy Retrieval Point
- PSK = Pre-Shared Key
- RBAC = Role-Based Access Control
- RPO = Recovery Point Objective
- RTO = Recovery Time Objective
- SAML = Security Assertion Markup Language
- SASE = Secure Access Service Edge
- SAST = Static Application Security Testing
- SCA = Security Control Assessor
- SHA = Secure Hash Algorithm
- SIEM = Security Information and Event Management
- SOAR = Security Orchestration, Automation, and Response
- SOC = Security Operations Center
- SSDLC = Secure Software Development Life Cycle
- SSH = Secure Shell
- SSL = Secure Socket Layer
- SSO = Single Sign-On
- TLS = Transport Layer Security
- TPM = Trusted Platform Module
- VPN = Virtual Private Network
- WAF = Web Application Firewall
- XDR = Extended Detection and Response
- ZTNA = Zero Trust Network Access
Are you missing a certain acronym specifically related to information security? Please add a comment or write a message to me.
Also check out the additional acronym lists:
Hope you’re doing good Hiko! There are many which you might be missing –
1. AA = Adaptive Authentication
2. ASLR = Address Space Layout Randomization
3. BEC = Business Email Compromise
4. CTF = Capture The Flag (used in cybersecurity training/competitions)
5. DCAP = Data-Centric Audit and Protection
6. DLP = Data Leakage Prevention (alternative term to Data Loss Prevention)
7. EPP = Endpoint Protection Platform
8. FIM = File Integrity Monitoring
9. FISMA = Federal Information Security Management Act
10. GDPR = General Data Protection Regulation (specific to privacy but often related to security compliance)
11. HIDS = Host-based Intrusion Detection System
12. HIPS = Host-based Intrusion Prevention System
13. LFI = Local File Inclusion
14. MITM = Man-in-the-Middle Attack
15. OWASP = Open Web Application Security Project
16. PDR = Prevention, Detection, and Response
17. RCE = Remote Code Execution
18. RTOS = Real-Time Operating System (important in IoT security)
19. SAML = Security Assertion Markup Language
20. SCADA = Supervisory Control and Data Acquisition (important for ICS security)
21. SMB = Server Message Block (relevant to vulnerabilities and attacks like EternalBlue)
22. SOC 2 = Service Organization Control 2 (security compliance framework)
23. TTPs = Tactics, Techniques, and Procedures (used in threat intelligence)
24. UEBA = User and Entity Behavior Analytics
25. VAPT = Vulnerability Assessment and Penetration Testing
Hi Naveen, Thanks for your input! Some of your suggestions are included in my more specific IT, OT, or Privacy Acronyms lists, but some I will check if I should add them to the InfoSec list.