Acronyms for Cybersecurity
3DES – Triple Data Encryption Standard: A symmetric encryption algorithm that uses a key length of 168 bits to provide cryptographic protection for data.
AAA – Authentication, Authorization, and Accounting: A framework for access control that provides authentication of users, authorization of their access to resources, and accounting of their activities.
ABAC – Attribute-based Access Control: A type of access control system that uses attributes (such as user identity, role, and resource) to determine access rights.
ACL – Access Control List: A list of permissions attached to an object, such as a file or network resource, that specifies which users or groups are allowed to access the object and what actions they can perform on it.
AD – Active Directory: A Microsoft technology that provides centralized authentication and authorization services for Windows-based computers and applications.
AES – Advanced Encryption Standard: A symmetric encryption algorithm that uses a key length of 128, 192, or 256 bits to provide cryptographic protection for data.
AES256 – Advanced Encryption Standard 256bit: A variant of AES that uses a 256-bit key length to provide stronger cryptographic protection for data.
AH – Authentication Header: A protocol used in IPsec to provide authentication and integrity protection for IP packets.
AI – Artificial Intelligence: The simulation of human intelligence processes by computer systems, including learning, reasoning, and self-correction.
AIS – Automated Indicator Sharing: A system that enables the sharing of cyber threat indicators between private sector organizations and the U.S. government.
ALE – Annualized Loss Expectancy: A metric used in risk management to estimate the expected financial loss over a one-year period from a particular threat.
AP – Access Point: A device that connects wireless devices to a wired network.
API – Application Programming Interface: A set of protocols, tools, and standards for building software applications that specify how software components should interact.
APT – Advanced Persistent Threat: A sophisticated and targeted cyber attack that typically involves an attacker gaining access to a network and then remaining undetected for an extended period of time.
ARO – Annualized Rate of Occurrence: A metric used in risk management to estimate how often a particular threat is likely to occur over a one-year period.
ARP – Address Resolution Protocol: A protocol used in IP networks to map a network address (such as an IP address) to a physical address (such as a MAC address).
ASLR – Address Space Layout Randomization: A security technique used to prevent buffer overflow attacks by randomizing the memory layout of an application.
ASP – Active Server Pages: A technology for building dynamic web pages using server-side scripts.
ATT&CK – Adversarial Tactics, Techniques, and Common Knowledge: A framework developed by MITRE that describes the tactics, techniques, and procedures used by attackers in cyber attacks.
AUP – Acceptable Use Policy: A set of rules governing the use of computer systems and networks, typically established by an organization’s management.
AV – Antivirus: Software that detects and removes computer viruses and other malicious software.
BASH – Bourne Again Shell: A Unix shell and command language that provides a command-line interface for interacting with the operating system.
BCP – Business Continuity Planning: The process of developing and implementing a plan for ensuring that an organization can continue to operate in the event of a disaster or other disruptive event.
BGP – Border Gateway Protocol: A routing protocol used to exchange routing information between different networks on the Internet.
BIA – Business Impact Analysis: A process for identifying and evaluating the potential impact of a disruptive event on an organization’s business operations.
BIOS – Basic Input/Output System: A firmware program that initializes the hardware and provides basic functionality for a computer system.
BPA – Business Partnership Agreement: A formal agreement between two or more organizations to work together on a particular project or initiative.
BPDU: Bridge Protocol Data Unit is a data packet used in the spanning tree protocol to detect and prevent loops in network topology.
BSSID: Basic Service Set Identifier is a unique identifier assigned to a wireless access point or wireless client device that allows it to be identified on a wireless network.
BYOD: Bring Your Own Device refers to a policy where employees use their personal devices such as smartphones, laptops, or tablets for work purposes.
CA: Certificate Authority is a trusted third-party organization that issues digital certificates to verify the authenticity of websites, software, and other digital entities.
CAPTCHA: Completely Automated Public Turing test to tell Computers and Humans Apart is a type of challenge-response test used to determine whether the user is human or machine.
CAR: Corrective Action Report is a document that identifies a problem or nonconformance, describes the root cause, and outlines the corrective action taken to prevent it from recurring.
CASB: Cloud Access Security Broker is a security solution that provides visibility and control over cloud applications and services accessed by an organization.
CBC: Cipher Block Chaining is a block cipher mode of operation that uses a chaining mechanism to increase the security of encryption.
CBT: Computer-based Training is a method of delivering education and training through a computer or mobile device.
CCMP: Counter-Mode/CBC-MAC Protocol is a protocol used in the Wi-Fi Protected Access II (WPA2) standard to provide secure communication over wireless networks.
CCTV: Closed-Circuit Television is a system of video cameras and monitors used for surveillance and security purposes.
CERT: Computer Emergency Response Team is a group of cybersecurity experts responsible for responding to and resolving incidents related to computer security.
CFB: Cipher Feedback is a block cipher mode of operation that uses the output of the previous encryption operation as input to the next encryption operation.
CHAP: Challenge-Handshake Authentication Protocol is a protocol used to authenticate remote users or devices in a network by providing a challenge that is responded to with a hashed value.
CIO: Chief Information Officer is a senior executive responsible for the information technology strategy and systems of an organization.
CIRT: Computer Incident Response Team is a group of experts responsible for responding to and resolving incidents related to computer security.
CIS: Center for Internet Security is a nonprofit organization that provides cybersecurity guidance and resources to organizations of all sizes.
CMS: Content Management System is a software application used to create, manage, and publish digital content.
CN: Common Name is a component of a digital certificate that identifies the name of the entity that the certificate is issued to.
COOP: Continuity of Operations Planning is a process that ensures essential business functions can continue during and after a disruptive event.
COPE: Corporate-owned Personally Enabled is a mobile device management strategy that allows employees to use personal devices for work purposes, while giving the organization control over the corporate data on those devices.
CP – Contingency Planning: CP refers to the process of preparing for and responding to unexpected events or disruptions that could impact an organization’s operations. The goal of contingency planning is to minimize the impact of a disruption and ensure that critical business functions can continue.
CRC – Cyclic Redundancy Check: CRC is a method used to detect errors in data transmission. It involves adding a small, fixed-size check value to a message that is calculated based on the message’s contents. The receiver of the message can then use the same calculation to verify that the message was not corrupted during transmission.
CRL – Certificate Revocation List: CRL is a list of digital certificates that have been revoked by the issuing certificate authority. When a certificate is revoked, it means that it should no longer be trusted to authenticate the identity of the entity it was issued to. CRLs are used to ensure that only valid certificates are trusted for secure communication.
CSA – Cloud Security Alliance: CSA is a nonprofit organization that aims to promote best practices for security in cloud computing. It provides education and resources to individuals and organizations to help them better understand and manage the security risks associated with cloud computing.
CSIRT – Computer Security Incident Response Team: A CSIRT is a group of people responsible for managing the response to computer security incidents, such as malware infections, unauthorized access, and data breaches. The team’s primary goal is to minimize the damage caused by the incident and prevent similar incidents from occurring in the future.
CSO – Chief Security Officer: The CSO is the executive responsible for overseeing an organization’s security program. The CSO is responsible for identifying and managing security risks, implementing security policies and procedures, and ensuring compliance with relevant laws and regulations.
CSP – Cloud Service Provider: A CSP is a company that provides cloud-based services, such as storage, computing, and application hosting, to other organizations. CSPs are responsible for maintaining the security and availability of their services and for ensuring that customer data is protected.
CSR – Certificate Signing Request: A CSR is a request sent by an entity to a certificate authority to obtain a digital certificate. The CSR contains information about the entity that the certificate will be issued to, such as its name and public key.
CSRF – Cross-Site Request Forgery: CSRF is a type of web-based attack that involves tricking a user into unknowingly performing an action on a web application, such as submitting a form or clicking a link. The attack is carried out by exploiting the trust between the user and the web application.
CSU – Channel Service Unit: A CSU is a device used to connect a digital communication line to a customer’s equipment. The CSU performs functions such as conditioning and monitoring the signal to ensure that it is within acceptable parameters.
CTM – Counter-Mode: CTM is a cryptographic mode of operation that is used to encrypt and authenticate data. It involves generating a stream of pseudo-random values that are combined with the plaintext to produce ciphertext.
CTO – Chief Technology Officer: The CTO is the executive responsible for overseeing an organization’s technology strategy and implementation. The CTO is responsible for identifying and implementing new technologies that can help the organization achieve its business goals.
CVE – Common Vulnerabilities and Exposures: CVE is a database of known software vulnerabilities and exposures maintained by the MITRE Corporation. Each entry in the database contains a unique identifier, a description of the vulnerability, and information about how to mitigate it.
CVSS – Common Vulnerability Scoring System: CVSS is a system used to assess the severity of software vulnerabilities. It provides a numerical score based on factors such as the ease of exploiting the vulnerability and the potential impact if it is exploited.
CYOD – Choose Your Own Device: CYOD is an approach to enterprise device management where employees are allowed to select their own device from a pre-approved list of devices. This policy allows employees to use a device of their choice, which they are comfortable using, for work-related purposes.
DAC – Discretionary Access Control: DAC is a type of access control system where the owner of an object, usually a file or a resource, decides which users or groups have access to it. In a DAC system, the access control is at the discretion of the owner, who can grant or revoke access rights to any user or group.
DBA – Database Administrator: A DBA is a professional responsible for maintaining and managing the database systems of an organization. Their responsibilities include managing the database, ensuring data security, optimizing database performance, and performing data backups and recovery.
DDoS – Distributed Denial-of-Service: DDoS is a type of cyber attack that aims to disrupt the normal functioning of a website or server by overwhelming it with a large number of requests from multiple sources. DDoS attacks can cause the target server to slow down or crash, resulting in loss of business, revenue, or reputation.
DEP – Data Execution Prevention: DEP is a security feature built into modern operating systems that prevents malicious code from executing in memory locations reserved for data. DEP protects against buffer overflow attacks and other exploits that rely on executing code from memory locations that should only contain data.
DER – Distinguished Encoding Rules: DER is a binary format used to encode digital certificates, public keys, and other cryptographic objects. DER is a subset of the Abstract Syntax Notation One (ASN.1) standard, and it is widely used in security protocols such as SSL/TLS and S/MIME.
DES – Data Encryption Standard: DES is a symmetric key encryption algorithm used to encrypt and decrypt data. DES uses a 56-bit key to encrypt data in 64-bit blocks. Although DES was widely used in the past, it is now considered to be insecure due to its small key size and vulnerability to brute-force attacks.
DHCP – Dynamic Host Configuration Protocol: DHCP is a network protocol that automatically assigns IP addresses and other network configuration parameters to devices on a network. DHCP simplifies network administration by eliminating the need to manually assign IP addresses to each device.
DHE – Diffie-Hellman Ephemeral: DHE is a variant of the Diffie-Hellman key exchange algorithm that generates a new key pair for each key exchange. DHE provides forward secrecy, which means that even if an attacker obtains the private key of a server, they cannot decrypt previous communications.
DKIM – Domain Keys Identified Mail: DKIM is an email authentication method that allows email senders to associate a domain name with an email message, thereby verifying the email’s authenticity. DKIM uses digital signatures to verify that the message was sent by an authorized sender and that the message content has not been tampered with.
DLL – Dynamic-link Library: DLL is a library of executable functions or data that can be used by a Windows program at run time. DLLs are used to reduce program size, conserve memory, and simplify program development by allowing developers to reuse code.
DLP – Data Loss Prevention: DLP is a set of technologies and processes used to prevent sensitive data from being lost, stolen, or exposed. DLP systems can be used to monitor and control data in motion, data at rest, and data in use, and they can enforce policies that restrict access to sensitive data.
DMARC: Domain-based Message Authentication, Reporting and Conformance is a technical standard that helps prevent email phishing and spoofing by verifying that incoming messages are sent from the domain that they claim to be from. DMARC allows email domain owners to specify policies for how to handle emails that fail authentication checks, such as quarantining or rejecting them.
DNAT: Destination Network Address Translation is a networking technique that involves modifying the destination IP address of a packet as it passes through a router or firewall, allowing the packet to be forwarded to a different destination than originally intended. DNAT is often used to redirect incoming traffic to a different server or network segment.
DNS: The Domain Name System is a hierarchical naming system that translates human-readable domain names into IP addresses that are used to identify and locate devices on a network. DNS servers store information about domain names and their associated IP addresses, allowing clients to resolve domain names into IP addresses and vice versa.
DNSSEC: The Domain Name System Security Extensions is a set of security protocols that add digital signatures to DNS data to prevent DNS spoofing and other attacks. DNSSEC uses cryptographic keys to verify the authenticity of DNS data, ensuring that clients receive accurate and trustworthy information from DNS servers.
DoS: Denial-of-Service is a type of cyber attack that aims to disrupt or disable a network, server, or website by overwhelming it with traffic or other malicious activity. DoS attacks can be carried out by a single attacker or by a group of attackers using a network of compromised devices.
DPO: A Data Protection Officer is a person who is responsible for ensuring that an organization’s data protection policies and practices comply with applicable data protection laws and regulations. The DPO is typically a senior executive who reports directly to the organization’s leadership.
DRP: A Disaster Recovery Plan is a set of procedures and protocols that an organization follows in the event of a disaster, such as a natural disaster or a cyber attack. DRP outlines the steps that the organization will take to restore critical systems and data, minimize downtime, and resume normal operations as quickly as possible.
DSA: The Digital Signature Algorithm is a cryptographic algorithm that is used to create digital signatures, which are used to authenticate the originator of a digital document or message. DSA is widely used in digital certificates and other security applications.
DSL: Digital Subscriber Line is a type of broadband Internet connection that uses existing telephone lines to transmit digital data. DSL provides faster data transfer rates than traditional dial-up connections and is widely used in homes and businesses.
EAP: The Extensible Authentication Protocol is a networking protocol that provides a framework for various authentication methods used in wireless networks, virtual private networks, and other network environments. EAP allows for mutual authentication between a client and a server and can be used with a wide range of authentication methods, including passwords, digital certificates, and smart cards.
ECB: Electronic Code Book is a mode of operation for a block cipher that involves dividing the plaintext into blocks of fixed length and encrypting each block independently using the same key. ECB is a simple and fast encryption method, but it is vulnerable to certain types of attacks and is not recommended for use in most applications.
ECC: Elliptic-curve Cryptography is a type of public-key cryptography that is based on the mathematics of elliptic curves. ECC is widely used in digital certificates and other security applications and is known for its strength and efficiency.
ECDHE: Elliptic-curve Diffie-Hellman Ephemeral is a key exchange protocol that is used to establish a shared secret key between two parties over an insecure communication channel. ECDHE is based on elliptic-curve cryptography and is known for its strength and efficiency.
ECDSA – Elliptic-curve Digital Signature Algorithm is a public-key cryptography algorithm that is used to authenticate digital signatures. It is based on the algebraic structure of elliptic curves over finite fields and offers a smaller key size than other public-key algorithms like RSA.
EDR – Endpoint Detection and Response is a security solution designed to monitor and respond to security incidents on endpoints. It is used to detect and respond to advanced threats like malware, ransomware, and other attacks that target endpoints like laptops, desktops, servers, and mobile devices.
EFS – Encrypted File System is a feature of Windows operating system that enables users to encrypt files and folders on a computer’s hard drive. This feature provides an added layer of security to protect sensitive data from unauthorized access and prevent data breaches.
EIP – Extended Instruction Pointer is a processor register that stores the memory address of the next instruction to be executed. It is used to control the flow of instructions in a program and enable the program to jump to different parts of the code.
EOL – End of Life is a term used to describe the end of support or service for a particular product or technology. It signifies that the product or technology will no longer receive updates, patches, or security fixes from the manufacturer or vendor.
EOS – End of Service is a term used to describe the end of a service agreement or contract. It signifies that the service will no longer be available or supported by the service provider.
ERP – Enterprise Resource Planning is a business management software that helps organizations automate and integrate core business functions like finance, human resources, procurement, and supply chain management. It provides real-time visibility into business operations and enables organizations to streamline their processes and improve productivity.
ESN – Electronic Serial Number is a unique identification number used to identify mobile devices like smartphones, tablets, and other wireless devices. It is used by cellular networks to track devices and prevent fraud and theft.
ESP – Encapsulating Security Payload is a protocol used in IPSec VPNs to provide encryption and authentication of network traffic. It is used to secure communication between two endpoints over an untrusted network like the internet.
ESSID – Extended Service Set Identifier is the name given to a wireless network. It is used by devices to identify and connect to a specific wireless network.
FACL – File System Access Control List is a mechanism used to manage file permissions in Unix-like operating systems. It provides a finer level of control over file access permissions than traditional Unix file permissions.
FDE – Full Disk Encryption is a security feature that encrypts the entire hard drive of a computer or device. It is used to protect sensitive data from unauthorized access and prevent data breaches.
FIM – File Integrity Monitoring is a security feature that monitors files and folders on a computer or device for changes or modifications. It is used to detect and prevent unauthorized changes to critical files and prevent data breaches.
FPGA – Field Programmable Gate Array is a type of integrated circuit that can be programmed after manufacturing to perform a specific function. It is used in a wide range of applications, including digital signal processing, computer networking, and aerospace.
FRR – False Rejection Rate is a metric used in biometric systems to measure the rate at which a valid user is rejected by the system. It is used to evaluate the accuracy of the system and improve its performance.
FTP – File Transfer Protocol is a protocol used to transfer files over a network. It is used to transfer files between computers or devices connected to a network.
FTPS – Secured File Transfer Protocol is a secure version of FTP that uses SSL/TLS encryption to protect data in transit. It is used to transfer sensitive files securely over a network.
GCM – Galois/Counter Mode: GCM is an encryption mode used in authenticated encryption with associated data (AEAD). It provides both confidentiality and integrity of the data. GCM uses a combination of counter mode (CTR) and Galois field multiplication to provide encryption and authentication.
GDPR – General Data Protection Regulation: GDPR is a regulation in the European Union that sets guidelines for the collection, processing, and protection of personal data of individuals within the EU. It applies to all organizations that process personal data of EU citizens, regardless of where the organization is located.
GPG – GNU Privacy Guard: GPG is a free and open-source software tool used for encryption and digital signing of data. It uses the OpenPGP standard to provide confidentiality and authenticity of the data.
GPO – Group Policy Object: GPO is a feature in Microsoft Windows that allows administrators to manage user and computer settings across a network. GPOs can be used to enforce security policies, software deployment, and other system configurations.
GPS – Global Positioning System: GPS is a satellite-based navigation system that provides location and time information anywhere on or near the Earth. It is commonly used in mobile devices, vehicles, and aircraft for navigation purposes.
GPU – Graphics Processing Unit: GPU is a specialized processor used to accelerate the rendering of graphics and video. It is commonly used in gaming, scientific computing, and artificial intelligence applications.
GRE – Generic Routing Encapsulation: GRE is a tunneling protocol used to encapsulate one network protocol within another network protocol. It is often used in virtual private networks (VPNs) to allow remote access to a private network.
HA – High Availability: HA is a system design approach that ensures that a system or service is available and functioning even in the event of hardware or software failure. It typically involves redundant components, failover mechanisms, and automatic recovery.
HDD – Hard Disk Drive: HDD is a storage device that uses spinning disks to store and retrieve data. It is commonly used in desktop and laptop computers, servers, and other data storage systems.
HIDS – Host-based Intrusion Detection System: HIDS is a security tool that monitors and analyzes system activity on a single host to detect signs of intrusion or unauthorized activity. It typically uses log analysis and system event monitoring to identify security threats.
HIPS – Host-based Intrusion Prevention System: HIPS is a security tool that monitors and analyzes system activity on a single host to prevent security threats before they occur. It typically uses a combination of behavior analysis, signature detection, and policy enforcement to block unauthorized activity.
HMAC – Hash-based Message Authentication Code: HMAC is a message authentication code that uses a cryptographic hash function and a secret key to verify the integrity and authenticity of a message. It is commonly used in network security protocols to ensure message integrity.
HOTP – HMAC-based One-time Password: HOTP is a two-factor authentication protocol that uses a cryptographic hash function and a secret key to generate a one-time password that is valid for a single use. It is commonly used in online banking, e-commerce, and other security-sensitive applications.
HSM – Hardware Security Module: A hardware security module is a physical device used for generating, storing, and managing digital keys and for encrypting and decrypting sensitive data. It provides a high level of security for cryptographic operations and is often used in industries that require secure transactions and communications, such as finance, government, and healthcare.
HSMaaS – Hardware Security Module as a Service: HSMaaS is a cloud-based service that provides access to hardware security modules on a subscription basis. It allows businesses to take advantage of the benefits of HSMs without the upfront costs of purchasing and maintaining the hardware.
HTML – Hypertext Markup Language: HTML is a markup language used for creating web pages and other documents that can be displayed in a web browser. It uses tags and attributes to define the structure and content of a web page, including text, images, and links.
HTTP – Hypertext Transfer Protocol: HTTP is a protocol used for transmitting data over the internet. It is used by web browsers and servers to exchange information, such as HTML documents, images, and other media.
HTTPS – Hypertext Transfer Protocol Secure: HTTPS is a secure version of HTTP that uses encryption to protect data transmitted between a web browser and server. It is commonly used for online transactions, such as banking and e-commerce.
HVAC – Heating, Ventilation, Air Conditioning: HVAC refers to the systems used for controlling temperature, humidity, and air quality in buildings. It includes heating, cooling, and ventilation systems.
IaaS – Infrastructure as a Service: IaaS is a cloud computing service model in which a third-party provider hosts and manages infrastructure components, such as servers, storage, and networking, on behalf of customers. Customers can then access and use these resources on a pay-as-you-go basis.
IAM – Identity and Access Management: IAM is a framework of policies and technologies used for managing digital identities and controlling access to resources. It includes processes for creating, managing, and revoking user identities and for defining access permissions and privileges.
ICMP – Internet Control Message Protocol: ICMP is a protocol used for exchanging error messages and other control information between network devices. It is used by routers, switches, and other network devices to report errors and other status information to each other.
ICS – Industrial Control Systems: ICS refers to the systems used for controlling and monitoring industrial processes, such as manufacturing and energy production. It includes technologies such as sensors, controllers, and SCADA systems.
IDEA – International Data Encryption Algorithm: IDEA is a symmetric key encryption algorithm used for securing data transmission and storage. It uses a 128-bit key and is used in some applications, such as PGP.
IDF – Intermediate Distribution Frame: IDF is a type of networking equipment used in telecommunications and data centers. It provides a centralized point for connecting and distributing network cables and devices.
IdP – Identity Provider: An identity provider is a service that manages digital identities for users and provides authentication services for online applications and services.
IDS – Intrusion Detection System: IDS is a security system that monitors network traffic for suspicious activity and alerts administrators when potential security threats are detected.
IEEE – Institute of Electrical and Electronics Engineers: IEEE is an international organization that develops standards for electronics and electrical engineering. It is known for its development of networking and wireless communication standards.
IKE – Internet Key Exchange: IKE is a protocol used for establishing secure communications channels over IP networks. It is used in conjunction with IPSec and other VPN protocols to negotiate encryption and authentication parameters between devices.
IM – Instant Messaging: IM refers to real-time messaging services that allow users to exchange text, images, and other media with each other over the internet. Popular examples include WhatsApp, Facebook Messenger, and Slack.
IMAP4 – Internet Message Access Protocol v4: IMAP is an Internet standard protocol used by email clients to retrieve and view email messages from a mail server. The latest version of the protocol is IMAP4, which stands for Internet Message Access Protocol version 4.
IoC – Indicators of Compromise: IoCs are pieces of evidence that indicate that a system or network has been compromised or attacked. These can include IP addresses, domain names, hashes, file names, or other artifacts that are associated with malicious activity.
IoT – Internet of Things: IoT refers to a network of physical devices, vehicles, buildings, and other items embedded with sensors, software, and connectivity, allowing them to connect and exchange data with each other over the internet.
IP – Internet Protocol: IP is the primary protocol used to send and receive data packets over the internet. It is responsible for routing data packets between networks and providing error checking to ensure that packets are delivered correctly.
IPS – Intrusion Prevention System: IPS is a network security technology that monitors network traffic for signs of unauthorized access or malicious activity and takes action to block or prevent such activity.
IPSec – Internet Protocol Security: IPSec is a suite of protocols used to secure internet communications by providing authentication, encryption, and integrity services for IP packets.
IR – Incident Response: IR refers to the process of identifying, investigating, containing, and remedying security incidents or breaches in an organization’s IT infrastructure.
IRC – Internet Relay Chat: IRC is a text-based chat protocol that allows users to communicate in real-time over the internet. It was widely used in the early days of the internet but has since been largely supplanted by newer chat technologies.
IRP – Incident Response Plan: An IRP is a documented plan outlining the steps that an organization will take in response to a security incident or breach.
ISA – Interconnection Security Agreement: ISA refers to a formal agreement between two or more organizations that outlines the security requirements for the interconnection of their respective IT systems or networks.
ISFW – Internal Segmentation Firewall: An ISFW is a firewall that is used to segment an organization’s internal network into smaller subnetworks, providing an additional layer of security against internal and external threats.
ISO – International Organization for Standardization: ISO is an international standard-setting body that develops and publishes standards for a wide range of industries and technologies, including information security.
ISP – Internet Service Provider: An ISP is a company that provides internet access to customers through wired or wireless networks.
ISSO – Information Systems Security Officer: An ISSO is an individual responsible for overseeing the information security policies and procedures of an organization and ensuring that they are compliant with industry standards and regulations.
ITCP – IT Contingency Plan: An ITCP is a plan that outlines the steps an organization will take to maintain critical IT operations during and after a disruption, such as a natural disaster, power outage, or cyberattack.
IV – Initialization Vector: An IV is a random or pseudo-random value used in conjunction with a cryptographic key to encrypt data. It is used to ensure that two identical plaintext messages will not encrypt to the same ciphertext.
KDC – Key Distribution Center: A KDC is a server that provides keys to clients for encryption and decryption of messages. It is used in Kerberos authentication protocol to authenticate users in a network.
KEK – Key Encryption Key: KEK is a key that is used to encrypt other keys, often used to protect the encryption keys stored on a device.
L2TP – Layer 2 Tunneling Protocol: L2TP is a tunneling protocol used to support virtual private networks (VPNs). It combines the functionality of PPTP and L2F protocols.
LAN – Local Area Network: LAN is a computer network that is used to connect computers, printers, and other devices within a localized area, such as a school or office building.
LDAP – Lightweight Directory Access Protocol: LDAP is an Internet protocol that is used to access and maintain distributed directory information services over a network. It is commonly used for user authentication and management.
LEAP – Lightweight Extensible Authentication Protocol: LEAP is a wireless network authentication protocol developed by Cisco Systems. It provides a method of securely exchanging authentication information between a client and a network access point.
MaaS – Monitoring as a Service: MaaS is a cloud-based service that allows organizations to monitor their networks, applications, and infrastructure in real-time, providing visibility into performance and security.
MAC – Media Access Control: MAC is a unique identifier assigned to a network interface controller (NIC) for use as a network address in communications within a network segment.
MAM – Mobile Application Management: MAM is a software management solution that provides organizations with the ability to manage and secure applications on mobile devices.
MAN – Metropolitan Area Network: MAN is a network that spans a metropolitan area and connects local area networks (LANs) and wide area networks (WANs).
MBR – Master Boot Record: MBR is a special type of boot sector located at the beginning of a storage device such as a hard drive. It contains the information necessary to boot the operating system.
MD5 – Message Digest 5: MD5 is a cryptographic hash function that is used to generate a unique digital fingerprint of a message or data set. It is commonly used for file verification.
MDF – Main Distribution Frame: MDF is a central point in a telecommunication system where all of the cables from outside plant equipment are terminated and connected to the inside plant equipment.
MDM – Mobile Device Management: MDM is a software management solution that provides organizations with the ability to manage and secure mobile devices such as smartphones and tablets.
MFA – Multifactor Authentication: MFA is a security mechanism that requires users to provide multiple forms of authentication in order to access a system or application. It is used to increase the security of systems and applications by making it more difficult for unauthorized users to gain access.
MFD – Multifunction Device: A multifunction device (MFD) is a device that can perform several functions such as printing, scanning, copying, and faxing in a single unit. MFDs can save office space, reduce maintenance costs, and improve efficiency.
MFP – Multifunction Printer: A multifunction printer (MFP) is similar to an MFD but primarily focuses on printing capabilities. In addition to printing, MFPs can also perform scanning, copying, and faxing functions.
ML – Machine Learning: Machine learning (ML) is an artificial intelligence (AI) technology that enables computer systems to learn and improve from experience without being explicitly programmed. ML algorithms are designed to recognize patterns in data and make predictions or decisions based on those patterns.
MMS – Multimedia Message Service: Multimedia Message Service (MMS) is a standard for sending multimedia content such as photos, videos, and audio messages between mobile devices. MMS is an extension of the Short Message Service (SMS) and can support larger message sizes than SMS.
MOA – Memorandum of Agreement: A memorandum of agreement (MOA) is a document that outlines the terms and details of a mutually agreed-upon arrangement between two or more parties. An MOA typically covers the responsibilities and obligations of each party, timelines, payment terms, and other relevant details.
MOU – Memorandum of Understanding: A memorandum of understanding (MOU) is similar to an MOA but is less formal and usually outlines a broader framework of understanding between two or more parties. An MOU is often used to establish the groundwork for future agreements or collaborations.
MPLS – Multiprotocol Label Switching: Multiprotocol Label Switching (MPLS) is a protocol used to enhance the performance of network traffic by directing data packets through predetermined paths, known as label-switched paths (LSPs). MPLS can improve network speed, efficiency, and security.
MSA – Measurement Systems Analysis: Measurement systems analysis (MSA) is a statistical process used to validate the accuracy and reliability of a measurement system. MSA is commonly used in manufacturing and quality control to ensure that measurement devices are accurately measuring the characteristics of a product.
MS-CHAP – Microsoft Challenge-Handshake Authentication Protocol: Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP) is an authentication protocol used to secure remote access connections. MS-CHAP provides a challenge-response mechanism to ensure that only authorized users can access a network.
MSP – Managed Service Provider: A managed service provider (MSP) is a company that provides IT services to other organizations. MSPs typically offer services such as network and server management, data backup and recovery, cybersecurity, and other IT-related functions.
MSSP – Managed Security Service Provider: A managed security service provider (MSSP) is a type of MSP that specializes in providing cybersecurity services to other organizations. MSSPs typically offer services such as threat monitoring, vulnerability assessments, security audits, incident response, and other security-related functions.
MTBF: Mean Time Between Failures. MTBF is a measure of the reliability of a system, typically measured in hours, that represents the average time interval between two consecutive failures of a system. It is used to predict how long a system is likely to operate without failure.
MTTF: Mean Time to Failure. MTTF is a measure of the reliability of a system, typically measured in hours, that represents the expected time until the first failure of a system.
MTTR: Mean Time to Repair. MTTR is a measure of the maintainability of a system, typically measured in hours, that represents the average time it takes to repair a system after a failure has occurred.
MTU: Maximum Transmission Unit. MTU is the largest size of a packet or frame that can be transmitted over a network.
NAC: Network Access Control. NAC is a security solution that controls access to a network, requiring users and devices to meet specific security requirements before being granted access.
NAS: Network-attached Storage. NAS is a type of storage device that is attached to a network and provides file-level storage to other devices on the network.
NAT: Network Address Translation. NAT is a technique used in networking to translate one IP address into another, typically used to connect a private network to the Internet.
NDA: Non-disclosure Agreement. NDA is a legal contract that requires one or more parties to protect confidential information shared with them and to not disclose it to others.
NFC: Near-field Communication. NFC is a communication technology that enables two devices to communicate with each other when they are in close proximity.
NFV: Network Function Virtualization. NFV is a network architecture concept that uses virtualization technologies to create and manage network services.
NGFW: Next-generation Firewall. NGFW is a type of firewall that combines traditional firewall capabilities with other network security functions such as intrusion prevention, application awareness, and advanced threat protection.
NG-SWG: Next-generation Secure Web Gateway is a type of web security solution that provides advanced web filtering and threat protection capabilities to help protect networks from malicious web content, malware, and other cyber threats.
NIC: A Network Interface Card is a hardware component that enables a computer to connect to a network and communicate with other devices. It can be either wired or wireless.
NIDS: A Network-based Intrusion Detection System is a security solution that monitors network traffic for signs of potential security breaches and attacks, alerting security administrators of suspicious activities.
NIPS: A Network-based Intrusion Prevention System is similar to an NIDS, but it also has the capability to block or prevent malicious traffic from entering the network.
NIST: The National Institute of Standards and Technology is a US government agency that develops and promotes measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life.
NOC: A Network Operations Center is a centralized location where network administrators monitor and manage a company’s network infrastructure, including servers, switches, routers, and other network devices.
NTFS: The New Technology File System is a file system used by the Windows operating system that offers advanced features such as file permissions and encryption.
NTLM: The New Technology LAN Manager is a Microsoft authentication protocol used for Windows networks. It has been largely replaced by the more secure Kerberos protocol.
NTP: The Network Time Protocol is a protocol used to synchronize clocks between computer systems over a network.
OCSP: The Online Certificate Status Protocol is a protocol used to check the validity and revocation status of digital certificates.
OID: An Object Identifier is a unique identifier used to identify objects in a hierarchical naming structure, such as in the domain name system (DNS) or in digital certificates.
OS: An Operating System is the software that manages and controls the hardware and software resources of a computer system, providing a platform for other software to run on.
OSI: The Open Systems Interconnection model is a conceptual model that defines the communication functions of a computer or telecommunications network.
OSINT: Open-source Intelligence refers to intelligence gathering from publicly available sources, such as news articles, social media, and other public data.
OSPF: Open Shortest Path First is a routing protocol used in computer networks to determine the best path for network traffic.
OT: Operational Technology refers to the hardware and software systems used in industrial control systems, such as those used in manufacturing, energy, and transportation industries.
OTA – Over-The-Air: OTA refers to the wireless delivery of software updates and other data to mobile devices without any wired connections.
OTG – On-The-Go: On-The-Go (OTG) is a specification that enables USB devices such as smartphones, tablets, and digital cameras to act as a host, allowing other USB devices like keyboards, mice, and flash drives to be connected directly.
OVAL – Open Vulnerability and Assessment Language: OVAL is an international, open standard used for assessing and reporting vulnerabilities in computer systems.
OWASP – Open Web Application Security Project: OWASP is a non-profit organization that provides unbiased and practical information about web application security.
P12 – PKCS #12: P12 or PKCS #12 is a file format used to store a certificate and its associated private key. It is commonly used for secure email, VPN, and web browser client authentication.
P2P – Peer-to-Peer: P2P is a decentralized communication model where each participant has equal rights and privileges, allowing them to communicate and share resources directly without a central server.
PaaS – Platform as a Service: PaaS is a cloud computing model that provides developers with a platform to develop, run, and manage applications without having to manage the underlying infrastructure.
PAC – Proxy Auto Configuration: PAC is a configuration file used by web browsers to automatically determine the proxy server to use for a given URL.
PAM – Privileged Access Management: PAM is a set of protocols and tools used to manage and monitor the access of privileged users to sensitive information or critical systems.
PAM – Pluggable Authentication Modules: PAM is a framework used by Unix-like operating systems to centralize authentication policies and services, allowing for greater flexibility and customization.
PAP – Password Authentication Protocol: PAP is a simple authentication protocol used by remote access servers to authenticate remote users by their username and password.
PAT – Port Address Translation: PAT is a network address translation (NAT) technique used to map multiple private IP addresses to a single public IP address by modifying the source port number. It is commonly used for sharing a single public IP address among many private devices.
PBKDF2: Password-based Key Derivation Function 2 is a key derivation function that is used to derive cryptographic keys from a password. It uses a salt value to protect against dictionary attacks and brute force attacks on the password. PBKDF2 is widely used for password-based encryption and authentication schemes.
PBX: A Private Branch Exchange is a telephone system within an enterprise that switches calls between enterprise users on local lines while enabling all users to share a certain number of external phone lines.
PCAP: Packet Capture is a technique used to capture and record network traffic. It is used for network troubleshooting, network analysis, and security auditing. PCAP captures and stores packets in a standardized format that can be analyzed by a variety of tools.
PCI DSS: The Payment Card Industry Data Security Standard is a set of security standards created by the major credit card companies to protect against credit card fraud. It specifies a set of security requirements for organizations that store, process or transmit credit card information.
PDU: A Power Distribution Unit is a device that distributes electric power to computers, servers, and networking equipment. It provides multiple outlets for power distribution and is commonly used in data centers.
PE: Portable Executable is a file format used in Windows operating systems to store executable code and other executable files like DLLs (Dynamic Link Libraries) and device drivers.
PEAP: Protected Extensible Authentication Protocol is an extension of the Extensible Authentication Protocol (EAP) used to provide secure authentication over wireless networks. PEAP encrypts the authentication process using Transport Layer Security (TLS).
PED: Portable Electronic Device is a handheld computing device, such as a smartphone or tablet, that is designed to be portable and used on the go.
PEM: Privacy Enhanced Mail is a secure email protocol that uses encryption and digital signatures to provide privacy and authentication for email messages.
PFS: Perfect Forward Secrecy is a security property of cryptographic protocols that ensures that the compromise of long-term keys does not compromise the confidentiality of past session keys. PFS is used to protect against attacks on the confidentiality of past communications.
PGP: Pretty Good Privacy is an encryption program used for secure email communication and file encryption. It uses public key cryptography to secure email messages and files.
PHI: Personal Health Information is sensitive information related to an individual’s medical history, health status, and health care services. PHI is protected under various privacy laws and regulations, including the Health Insurance Portability and Accountability Act (HIPAA) in the United States.
PII: Personally Identifiable Information is any information that can be used to identify an individual, including name, address, social security number, email address, and phone number. PII is protected under various privacy laws and regulations.
PIN – Personal Identification Number: A numeric code used as a security measure for authentication purposes. Typically, PINs are used to verify the identity of an individual attempting to access a system or device, such as an ATM or mobile phone.
PIV – Personal Identity Verification: A type of smart card that is used for secure authentication and access control in federal government facilities. PIV cards store the identity credentials of an individual, including their photo, fingerprint, and other biometric data.
PKCS – Public Key Cryptography Standards: A set of standards developed by RSA Security for the use of public key cryptography, which is a method of encryption that uses a pair of keys (a public key and a private key) to encrypt and decrypt data.
PKI – Public Key Infrastructure: A system that enables secure communication by using public key cryptography. PKI relies on digital certificates issued by a trusted third party, called a certificate authority (CA), to verify the identity of users and devices.
PoC – Proof of Concept: A demonstration that shows the feasibility of a concept or idea. PoCs are often used to evaluate the potential of a new technology or to demonstrate a new application or feature.
POP – Post Office Protocol: A protocol used for retrieving email messages from a mail server. POP downloads messages to a local email client, where they can be stored, read, and deleted.
POTS – Plain Old Telephone Service: The traditional voice communication service provided by telephone companies. POTS uses analog signals to transmit voice and is typically delivered over copper wire.
PPP – Point-to-Point Protocol: A protocol used for establishing a direct connection between two network nodes. PPP is often used for dial-up connections and VPNs.
PPTP – Point-to-Point Tunneling Protocol: A protocol used for creating VPN connections. PPTP creates a secure tunnel between two network nodes over the Internet.
PSK – Preshared Key: A method of authentication used in wireless networks, where a shared key is used to authenticate devices before they can connect to the network.
PTZ – Pan-Tilt-Zoom: A type of camera that can be remotely controlled to pan (move horizontally), tilt (move vertically), and zoom in or out.
PUP – Potentially Unwanted Program: A type of software that is often bundled with legitimate software but may also contain unwanted or malicious components. PUPs may include adware, spyware, and other types of malware.
QA: Quality Assurance is a process that ensures that a product or service meets the established quality standards. It is a systematic approach to assessing the quality of the product or service before it is released to the market.
QoS: Quality of Service is a set of techniques used to manage network traffic to ensure that important data packets are prioritized over less important ones. It is used to guarantee a certain level of performance in terms of throughput, delay, and packet loss.
PUP: Potentially Unwanted Program is a type of software that is installed on a computer without the user’s consent and may have undesirable effects. PUPs often include adware, spyware, and other unwanted software that can compromise the security of the computer.
RA: Registration Authority is an entity that is responsible for verifying the identity of individuals or organizations before issuing digital certificates. It is part of the public key infrastructure (PKI) and ensures that the certificates are issued only to legitimate entities.
RAD: Rapid Application Development is a software development methodology that emphasizes iterative and incremental development of software. RAD is characterized by shorter development cycles, prototyping, and continuous user feedback.
RADIUS: Remote Authentication Dial-in User Service is a networking protocol that provides centralized authentication, authorization, and accounting management for users who connect and use a network service. RADIUS is commonly used in enterprise networks to control access to wireless and wired networks.
RAID: Redundant Array of Inexpensive Disks is a data storage technology that combines multiple physical disks into a single logical unit to provide redundancy and improved performance. RAID can be used to increase data reliability, fault tolerance, and performance.
RAM: Random Access Memory is a type of computer memory that allows data to be accessed randomly, regardless of its location in memory. RAM is used to temporarily store data that the CPU needs to access quickly.
RAS: Remote Access Server is a server that provides remote access to a network or computer system. RAS is commonly used to allow remote users to access corporate networks securely.
RAT: Remote Access Trojan is a type of malware that allows an attacker to gain unauthorized access to a computer system. RATs are often used to steal sensitive information or to take control of the victim’s computer.
RC4: Rivest Cipher version 4 is a symmetric-key encryption algorithm used to encrypt data in wireless networks, virtual private networks, and other applications. RC4 is widely used because of its simplicity and speed, but it has some vulnerabilities that can make it insecure.
RCS: Rich Communication Services is a protocol that allows users to send and receive multimedia messages over the internet. RCS supports features like group messaging, file sharing, and video calling, and it is designed to replace traditional SMS messaging.
RFC: Request for Comments is a series of documents that describe the technical specifications, protocols, and procedures used on the internet. RFCs are published by the Internet Engineering Task Force (IETF) and are widely used as standards for internet technologies.
RFID: Radio Frequency Identification is a technology that uses radio waves to identify and track objects. RFID tags can be attached to products, animals, or people, and they can be used in applications like inventory management, access control, and tracking.
RIPEMD (RACE Integrity Primitives Evaluation Message Digest) is a family of cryptographic hash functions developed by Hans Dobbertin, Antoon Bosselaers, and Bart Preneel. It was designed to be used as a secure replacement for the widely used MD4 and MD5 hash functions. RIPEMD comes in several different versions, including RIPEMD-128, RIPEMD-160, and RIPEMD-256, which produce hashes of 128, 160, and 256 bits, respectively.
ROI (Return on Investment) is a financial metric used to evaluate the profitability of an investment. It is calculated as the ratio of the net profit or loss to the cost of the investment. ROI is often used by businesses to evaluate the success of their investments and determine which projects to pursue in the future.
RPO (Recovery Point Objective) is a measure of how much data a business can afford to lose in the event of a disaster. It represents the amount of time between the last backup of critical data and the disaster itself. RPO is an important metric in disaster recovery planning, as it helps organizations determine how frequently they need to back up their data to ensure they can recover it in the event of a disaster.
RSA (Rivest, Shamir, & Adleman) is a public-key cryptosystem widely used for secure data transmission. It was invented by Ron Rivest, Adi Shamir, and Leonard Adleman in 1977. RSA works by using two keys: a public key, which is used to encrypt data, and a private key, which is used to decrypt it. RSA is widely used for secure online transactions and is considered one of the most secure encryption algorithms available.
RTBH (Remotely Triggered Black Hole) is a technique used to mitigate denial-of-service (DoS) attacks on computer networks. It involves sending traffic destined for the attacked system to a “black hole” or null route, effectively dropping the traffic before it reaches the target. RTBH is triggered remotely by network administrators or automated systems in response to a detected attack.
RTO (Recovery Time Objective) is a measure of how quickly a business needs to recover from a disaster. It represents the amount of time that can elapse between the occurrence of a disaster and the recovery of critical systems and applications. RTO is an important metric in disaster recovery planning, as it helps organizations determine how quickly they need to restore critical services in the event of a disaster.
RTOS (Real-time Operating System) is an operating system designed for use in embedded systems and other applications that require real-time processing capabilities. RTOS is optimized for fast and predictable response times and typically includes features such as pre-emptive multitasking, task prioritization, and interprocess communication.
RTP (Real-time Transport Protocol) is a protocol used to transmit audio and video data over IP networks. It is often used in streaming applications, such as video conferencing and online gaming, where low latency and real-time data transmission are critical. RTP is typically used in conjunction with the Real-time Control Protocol (RTCP), which is used to monitor and control the transmission of RTP data.
S/MIME – Secure/Multipurpose Internet Mail Extensions: A standard for public key encryption and digital signing of MIME data. S/MIME is used for securing email messages and attachments, and it provides a way to verify the authenticity of the sender and the integrity of the message content.
SaaS – Software as a Service: A cloud computing model where software applications are provided over the internet as a service. SaaS eliminates the need for organizations to install and maintain software on their own servers, and instead allows them to use the software through a web browser or mobile app.
SAE – Simultaneous Authentication of Equals: A key agreement protocol used in wireless networks that provides mutual authentication between two devices without using pre-shared keys. SAE is used in the Wi-Fi Protected Access 3 (WPA3) standard for securing wireless networks.
SAML – Security Assertions Markup Language: An XML-based standard used for exchanging authentication and authorization data between identity providers and service providers. SAML is commonly used in single sign-on (SSO) systems to authenticate users across multiple applications or websites.
SCADA – Supervisory Control and Data Acquisition: A control system architecture used in industrial processes, such as manufacturing and energy production, to monitor and control processes remotely. SCADA systems typically consist of remote terminal units (RTUs), programmable logic controllers (PLCs), and a centralized control system.
SCAP – Security Content Automation Protocol: A suite of standards for automating vulnerability management, patch management, and compliance checking of computer systems. SCAP includes a standardized language for describing security-related data, and a set of tools for analyzing and reporting on that data.
SCEP – Simple Certificate Enrollment Protocol: A protocol used for issuing digital certificates in a public key infrastructure (PKI). SCEP allows devices such as routers, switches, and mobile devices to request and receive digital certificates from a certificate authority (CA).
SDK – Software Development Kit: A collection of software development tools and libraries used for building software applications. SDKs typically include compilers, debuggers, code libraries, and documentation.
SDLC – Software Development Life Cycle: The process of developing software, from the initial planning and requirements gathering phase, through development, testing, deployment, and maintenance. The SDLC is a framework for ensuring that software is developed in a structured, predictable manner that meets quality and business requirements.
SDLM – Software Development Life-cycle Methodology: This refers to a set of guidelines and best practices that are used to manage the development of software applications. SDLM is a comprehensive approach that includes planning, analysis, design, coding, testing, deployment, and maintenance of software. The goal of SDLM is to ensure that software projects are delivered on time, within budget, and with high quality.
SDN – Software-defined Networking: This is an approach to network architecture that enables the network to be programmatically configured and managed through software, rather than through manual configuration of hardware devices. SDN separates the control plane from the data plane, allowing network administrators to centrally manage the network, automate network provisioning and policy enforcement, and respond quickly to changing network demands.
SDP – Service Delivery Platform: This is a software platform that enables the delivery of services over the internet. It provides the necessary tools and infrastructure for service providers to build, deploy, and manage their services, including customer management, billing, and service delivery.
SDV – Software-defined Visibility: This is an approach to network visibility that uses software to monitor and analyze network traffic. SDV enables network administrators to gain visibility into network traffic, detect security threats, and identify network performance issues in real-time.
SED – Self-Encrypting Drives: These are hard drives that have built-in encryption capabilities. SEDs are designed to protect sensitive data at rest by automatically encrypting all data stored on the drive. The encryption keys are stored on the drive itself, and access to the keys is protected by a password.
SEH – Structured Exception Handling: This is a programming technique used to handle exceptions or errors in software applications. SEH uses a structured approach to handle exceptions, allowing for better error handling and improved program reliability.
SFTP – SSH File Transfer Protocol: This is a secure file transfer protocol that is used to transfer files over a secure SSH connection. SFTP provides strong encryption and authentication, ensuring that data is transmitted securely over the network.
SHA – Secure Hashing Algorithm: This is a cryptographic hash function that is used to generate a fixed-length hash value from a message. SHA is commonly used in digital signature algorithms, as well as in other security applications.
SIEM – Security Information and Event Management: This is a software solution that provides real-time analysis of security alerts generated by network hardware and applications. SIEM enables security professionals to monitor and manage security events across an organization from a centralized console.
SIM – Subscriber Identity Module: This is a small card that is inserted into a mobile phone to identify and authenticate the user to the mobile network. SIM cards store the user’s mobile phone number, contacts, and other data.
SIP – Session Initiation Protocol: This is a signaling protocol that is used to initiate, maintain, and terminate real-time sessions that involve voice, video, and messaging applications over IP networks. SIP enables users to establish and manage multimedia sessions, as well as to transfer files and share desktop applications.
SLA – Service-level Agreement: This is a contract between a service provider and a customer that defines the level of service that will be provided, as well as the consequences of failing to meet that level of service. SLAs typically include metrics such as uptime, response time, and resolution time.
SLE – Single Loss Expectancy: This is a security metric that is used to calculate the expected monetary loss that would result from a single security incident. SLE is used in conjunction with the Annualized Rate of Occurrence (ARO) to calculate the Annualized Loss Expectancy (ALE), which is a measure of the expected annual loss from security incidents.
SMB (Server Message Block): A protocol used for sharing files, printers, and other resources between computers on a network. It is the native protocol used by Windows-based computers.
SMS (Short Message Service): A text messaging service used for sending short text messages between mobile phones, or from a computer or other device to a mobile phone.
SMTP (Simple Mail Transfer Protocol): A protocol used for sending email messages between servers on the Internet. It is responsible for transferring email messages from the sender’s mail server to the recipient’s mail server.
SMTPS (Simple Mail Transfer Protocol Secure): An extension of SMTP that provides encryption and authentication using SSL/TLS protocols to secure the email communication.
SNMP (Simple Network Management Protocol): A protocol used for managing and monitoring network devices, such as routers, switches, and servers. It is commonly used by network administrators to monitor and troubleshoot network problems.
SOAP (Simple Object Access Protocol): A protocol used for exchanging structured information in the implementation of web services in computer networks. It is used to communicate between client applications and web services, and is designed to be platform-independent.
SOAR (Security Orchestration, Automation, Response): An approach to security operations that involves the automation of security processes and the coordination of security tools to detect and respond to security threats more efficiently and effectively.
SoC (System on Chip): A type of integrated circuit that combines all the components of a computer or other electronic system onto a single chip.
SOC (Security Operations Center): A facility or team responsible for monitoring, detecting, and responding to security threats in an organization’s computer systems and networks.
SPF (Sender Policy Framework): An email authentication protocol used to verify the sender of an email message. It works by verifying that the IP address of the sender is authorized to send email for the domain in the email address.
SPIM (Spam over Instant Messaging): The unwanted and unsolicited messages sent over instant messaging (IM) services.
SQL (Structured Query Language): A programming language used for managing and manipulating data in relational databases. It is used to create, modify, and delete databases, tables, and other database objects, as well as to insert, update, and retrieve data.
SQLi (SQL Injection): A type of web application vulnerability that allows an attacker to inject malicious SQL code into an application’s database query, potentially allowing them to access, modify, or delete sensitive data.
SRTP – Secure Real-time Transport Protocol is a security extension to Real-time Transport Protocol (RTP) which is used for transmitting audio and video data over IP networks. SRTP provides confidentiality, integrity, and authentication of the transmitted data by encrypting the data and generating message authentication codes.
SSD – Solid State Drive is a type of storage device that uses non-volatile memory to store data. SSDs are faster, more durable, and consume less power than traditional Hard Disk Drives (HDDs) that use spinning disks to store data.
SSH – Secure Shell is a cryptographic network protocol used for secure communication over an unsecured network. SSH provides secure remote access and file transfer capabilities between two networked devices.
SSID – Service Set Identifier is a unique name given to a wireless network. It is used by wireless devices to identify and connect to a specific wireless network.
SSL – Secure Sockets Layer is a protocol used for secure communication over the internet. SSL provides encryption and authentication of data transmitted between web servers and web browsers.
SSO – Single Sign-On is an authentication method that allows users to access multiple applications with a single set of login credentials. Once the user logs in to one application, they are automatically authenticated to other applications without having to enter their credentials again.
STIX – Structured Threat Information eXpression is a standardized language used for exchanging cyber threat intelligence information between different organizations and systems. STIX is designed to improve the automation and consistency of sharing threat information, making it easier for organizations to protect against cyber attacks.
STP – Shielded Twisted Pair is a type of Ethernet cable that uses shielding to reduce electromagnetic interference and crosstalk between wires. STP cables are commonly used in high-speed networking environments where interference can cause signal degradation.
SWG – Secure Web Gateway is a security solution used to protect web applications and networks from cyber threats. SWG provides web filtering, malware protection, and data loss prevention capabilities to protect against web-based attacks such as phishing, malware, and ransomware.
TACACS+ – Terminal Access Controller Access Control System Plus: TACACS+ is a protocol used to provide centralized access control for network devices. It separates authentication, authorization, and accounting (AAA) functions, and provides a method for managing access to a network device. TACACS+ is an improvement over the earlier TACACS protocol and is widely used in enterprise networks.
TAXII – Trusted Automated eXchange of Intelligence Information: TAXII is an open standard protocol used to exchange cyber threat intelligence between different organizations. It is designed to support the automated sharing of threat intelligence in a secure and structured manner, enabling organizations to quickly identify and respond to threats.
TCP/IP – Transmission Control Protocol/Internet Protocol: TCP/IP is a set of protocols used to facilitate communication between devices on the internet. TCP is responsible for reliable data transmission, while IP is responsible for routing and addressing.
TGT – Ticket Granting Ticket: A TGT is a ticket issued by a Kerberos authentication server that is used to obtain additional tickets for accessing network resources. When a user logs into a Kerberos realm, the authentication server issues a TGT, which the user can use to obtain additional tickets for accessing specific resources.
TKIP – Temporal Key Integrity Protocol: TKIP is a security protocol used to provide data encryption for wireless networks. It is a predecessor to the more secure AES encryption standard used in modern wireless networks.
TLS – Transport Layer Security: TLS is a security protocol used to provide encryption and authentication for internet communications. It is the successor to the earlier SSL protocol and is widely used to secure online transactions and other sensitive data exchanges.
TOTP – Time-based One Time Password: TOTP is a two-factor authentication method that uses a time-based token to generate a one-time password. The token is typically a smartphone app or a physical device, and the one-time password is valid for a short period of time.
TPM – Trusted Platform Module: TPM is a hardware-based security feature that provides secure storage for cryptographic keys, and supports hardware-based authentication and encryption. TPM is commonly used in enterprise environments to enhance the security of endpoint devices.
TSIG – Transaction Signature: TSIG is a security mechanism used to authenticate DNS requests and responses between DNS servers. It provides a way to ensure the integrity of DNS data and prevent DNS cache poisoning attacks.
TTP – Tactics, Techniques, and Procedures: TTP refers to the methods and tools used by threat actors to carry out cyber attacks. TTPs are a critical component of threat intelligence, and are used to identify and defend against specific types of attacks.
UAT – User Acceptance Testing: UAT stands for User Acceptance Testing, which is the final phase of software testing where end-users test the software to ensure it meets their requirements. This testing is conducted in a controlled environment to make sure the software functions as expected and is suitable for release to the market.
UDP – User Datagram Protocol: UDP stands for User Datagram Protocol, which is a connectionless protocol used for transmitting data over a network. Unlike TCP, UDP does not establish a connection before sending data and does not guarantee the delivery of packets.
UEBA – User and Entity Behavior Analytics: UEBA stands for User and Entity Behavior Analytics, which is a security technology used to detect unusual activity patterns in a network or system. UEBA uses machine learning algorithms to analyze user behavior and detect anomalous patterns that may indicate a security threat.
UEFI – Unified Extensible Firmware Interface: UEFI stands for Unified Extensible Firmware Interface, which is a replacement for the traditional BIOS firmware interface used to boot computers. UEFI provides faster boot times, improved security features, and greater flexibility in configuring system settings.
UEM – Unified Endpoint Management: UEM stands for Unified Endpoint Management, which is a strategy used by organizations to manage and secure endpoints such as laptops, mobile devices, and desktop computers. UEM tools provide centralized management of endpoints, allowing administrators to configure, secure, and monitor devices from a single console.
UPS – Uninterruptible Power Supply: UPS stands for Uninterruptible Power Supply, which is a backup power source used to provide continuous power to devices in the event of a power outage or other electrical disturbances. UPS units use batteries or other power storage devices to maintain power to connected devices for a short period.
URI – Uniform Resource Identifier: URI stands for Uniform Resource Identifier, which is a string of characters used to identify a resource on the internet. URIs include URLs and URNs, which are used to locate web pages and name resources, respectively.
URL – Universal Resource Locator: URL stands for Universal Resource Locator, which is a type of URI used to identify the location of a web resource such as a web page, file, or image. URLs include a protocol identifier (e.g., http, ftp), domain name, and path to the resource.
USB – Universal Serial Bus: USB stands for Universal Serial Bus, which is a standard interface used for connecting devices such as keyboards, mice, printers, and storage devices to a computer. USB allows for the transfer of data and provides power to connected devices.
USB OTG – USB On-The-Go: USB OTG stands for USB On-The-Go, which is a standard that allows USB devices to act as either a host or a peripheral device. This allows devices such as smartphones or tablets to act as a USB host, allowing other USB devices to be connected directly to them.
UTM – Unified Threat Management: UTM stands for Unified Threat Management, which is a security solution used by organizations to protect against a range of threats such as viruses, malware, and unauthorized access. UTM solutions combine multiple security functions such as firewalls, intrusion detection/prevention, antivirus, and content filtering in a single device.
UTP – Unshielded Twisted Pair: UTP stands for Unshielded Twisted Pair, which is a type of cable used for network communication. UTP cables consist of four pairs of wires twisted together, with no additional shielding. UTP is commonly used for Ethernet networks.
VBA – Visual Basic for Applications: A programming language developed by Microsoft that allows developers to create custom functions and automate tasks within Microsoft Office applications, such as Excel, Word, and Access.
VDE – Virtual Desktop Environment: A virtual desktop infrastructure that allows users to access a desktop environment running on a server, instead of a physical computer. It provides a centralized and secure way to manage and distribute desktops and applications to end-users.
VDI – Virtual Desktop Infrastructure: A desktop virtualization technology that enables users to access a virtual desktop running on a centralized server infrastructure from any device with an internet connection.
VLAN – Virtual Local Area Network: A logical grouping of network devices that are grouped together based on their function, department, or location. VLANs provide segmentation of network traffic, which enhances security, performance, and manageability.
VLSM – Variable-length Subnet Masking: A technique used to allocate IP addresses to subnets with varying sizes, allowing for more efficient use of IP addresses and reducing IP address wastage.
VM – Virtual Machine: A software emulation of a computer system that runs on a physical machine. Virtual machines allow multiple operating systems and applications to run on a single physical machine, providing cost savings and flexibility.
VoIP – Voice over IP: A technology that allows voice communication over the internet using IP-based networks. VoIP converts voice signals into digital packets that are transmitted over the internet, rather than traditional phone lines.
VPC – Virtual Private Cloud: A cloud computing model that provides a private, isolated section of a public cloud infrastructure to a specific organization. VPCs allow organizations to take advantage of the benefits of cloud computing, while maintaining control over their data and infrastructure.
VPN – Virtual Private Network: A network technology that allows remote users to securely connect to a private network over the internet. VPNs encrypt all network traffic, providing secure and private communication between remote users and the private network.
VTC – Video Teleconferencing: A communication technology that enables two or more participants to communicate via video and audio, allowing them to collaborate remotely. VTC is commonly used in business, education, and government to facilitate remote meetings and collaboration.
WAF – Web Application Firewall: A WAF is a security solution that is designed to protect web applications from common web exploits, such as SQL injection, cross-site scripting (XSS), and other attacks. It sits in front of the web application and analyzes incoming traffic, blocking any malicious requests.
WAP – Wireless Access Point: A WAP is a networking device that allows wireless devices to connect to a wired network. It acts as a bridge between wireless devices and a wired network.
WEP – Wired Equivalent Privacy: WEP is an older wireless security protocol that was designed to provide encryption for wireless networks. However, it has been found to be vulnerable to attacks, and is no longer considered a secure option.
WIDS – Wireless Intrusion Detection System: A WIDS is a security solution that is designed to detect and alert on any unauthorized wireless network activity. It monitors wireless traffic for any suspicious activity, and can alert network administrators to potential threats.
WIPS – Wireless Intrusion Prevention System: A WIPS is similar to a WIDS, but instead of just detecting potential threats, it actively prevents unauthorized wireless network access. It can block suspicious devices and traffic from accessing the network, and can also isolate compromised devices.
WORM – Write Once Read Many: A WORM is a type of storage media that can only be written to once, but can be read many times. This is useful for archival purposes, as the data cannot be altered once it is written.
WPA – WiFi Protected Access: WPA is a wireless security protocol that is designed to provide encryption for wireless networks. It is more secure than WEP, and is still in use today.
WPS – WiFi Protected Setup: WPS is a feature that allows users to easily connect devices to a wireless network without having to manually enter the network password. However, it has been found to be vulnerable to attacks, and is no longer considered a secure option.
XaaS – Anything as a Service: XaaS refers to the concept of delivering any type of service over the internet, as a service. This includes software, platforms, and infrastructure, among others.
XML – Extensible Markup Language: XML is a markup language that is used to encode documents in a format that is both human-readable and machine-readable.
XOR – Exclusive OR: XOR is a logical operation that is used in cryptography and digital circuitry. It outputs a true value only when the input values are different.
XSRF – Cross-site Request Forgery: XSRF is a type of web attack where an attacker can trick a user into performing an action on a website without their knowledge or consent. This is done by exploiting the user’s existing session on the website.
XSS – Cross-site Scripting: XSS is a type of web attack where an attacker can inject malicious code into a web page that is viewed by other users. This code can then be used to steal user data or perform other malicious actions.