Even at the general level, you need to know many acronyms to work in IT. Transitioning into security is no different. You’ll most likely come across these security acronyms in news articles and whatever studies you may be engaged in.

Acronym Meaning
3DES Triple Digital Encryption Standard
802.1x Port-based authentication protocol
AAA Authentication, Authorization, and Accounting
ACE Access Control Entity
ACK Acknowledge
ACL Access Control List
AES Advanced Encryption Standard
AES-256 Advanced Encryption Standards 256-bit
AH Authentication Header
ALE Annualized Loss Expectancy
AP Access Point
API Application Programming Interface
APT Advanced Persistent Threat
ARO Annualized Rate of Occurrence
ARP Address Resolution Protocol
ASCII American Standard Code for Information Interchange
ASP Application Service Provider
AUP Acceptable Use Policy
BAC Business Availability Center
BCP Business Continuity Planning
BIA Business Impact Analysis
BIND Berkeley Internet Name Domain
BIOS Basic Input / Output System
BPA Business Partners Agreement
BPDU Bridge Protocol Data Unit
BYOD Bring Your Own Device
CA Certificate Authority
CAC Common Access Card
CAN Controller Area Network
CAPTCHA Completely Automated Public Turing Test to Tell Computers and Humans Apart
CAR Corrective Action Report
CCMP Counter-Mode / CBC-Mac Protocol
CCTV Closed-Circuit Television
CERT Computer Emergency Response Team
CFB Cipher Feedback
CHAP Challenge Handshake Authentication Protocol
CIA Confidentiality, Integrity, and Availability
CIO Chief Information Officer
CIRT Computer Incident Response Team
CMS Content Management System
COOP Continuity of Operation Planning
CP Contingency Planning
CRC Cyclical Redundancy Check
CRL Certificate Revocation List
CSP Cloud Service Provider
CSR Certificate Signing Request
CSR Control Status Register
CSRF Cross-Site Request Forgery
CSU Channel Service Unit
CTO Chief Technology Officer
CVE Common Vulnerabilities and Exposures
DAC Discretionary Access Control
DACL Discretionary Access Control List
DBA Database Administrator
dBd Decibels-dipole
dBi Decibels-isotropic
dBm Decibels-milliwatt
DDOS Distributed Denial of Service
DEP Data Execution Prevention
DES Digital Encryption Standard
DHCP Dynamic Host Configuration Protocol
DHE Data-Handling Electronics
DHE Diffie-Hellman Ephemeral
DLL Dynamic Link Library
DLP Data Loss Prevention
DMZ Demilitarized Zone
DNAT Destination Network Address Transaction
DNAT Dynamic Network Address Translation
DNS Domain Name Service (Server)
DNSSEC Domain Name System Security Extensions
DOS Denial of Service
DRP Disaster Recovery Plan
DSA Digital Signature Algorithm
DSL Digital Subscriber line
DSU Data Service Unit
EAP Extensible Authentication Protocol
EAP-TLS Extensible Authentication Protocol – Transport Layer Security
EAP-TTLS Extensible Authentication Protocol – Tunneled Transport Layer Security
ECC Elliptic Curve Cryptography
ECDHE Elliptic Curve Diffie-Hellman Exchange
ECDSA Elliptic Curve Digital Signature Algorithm
EFS Encrypted File System
EMI Electromagnetic Interference
ESD Electrostatic Discharge
ESN Electronic Serial Number
ESP Encapsulated Security Payload
FACL File System Access Control List
FCoE Fibre Channel over Ethernet
FDE Full Disk Encryption
FTP File Transfer Protocol
FTPS File Transfer Protocol Secured (over SSL)
GCM Galois Counter Mode
GPG Gnu Privacy Guard
GPO Group Policy Object
GPS Global Positioning System
GPU Graphic Processing Unit
GRE Generic Routing Encapsulation
GUI Graphical User Interface
HDD Hard Disk Drive
HIDS Host Based Intrusion Detection System
HIPS Host Based Intrusion Prevention System
HMAC Hashed Message Authentication Code
HOTP HMAC based One Time Password
HSM Hardware Security Module
HTML HyperText Markup Language
HTTP Hypertext Transfer Protocol
HTTPS Hypertext Transfer Protocol Secure (over SSL)
HVAC Heating, Ventilation Air Conditioning
IaaS Infrastructure as a Service
ICMP Internet Control Message Protocol
ICS Industrial Control Systems
ID Identification
IDF Intermediate Distribution Frame
IdP Identity Provider
IDS Intrusion Detection System
IEEE Institute of Electrical and Electronics Engineers
IGMP Internet Group Management Protocol
IIS Internet Information Services
IKE Internet Key Exchange
IM Instant Messaging
IMAP4 Internet Message Access Protocol v4
IP Internet Protocol
IPS Intrusion Prevention System
IPSEC Internet Protocol Security
IPv4 Internet Protocol version 4
IPv6 Internet Protocol version 6
IR Incident Response
IRC Internet Relay Chat
IRP Incident Response Procedure
IRT Incident Response Team
ISA Interconnection Security Agreement
iSCSI Internet Small Computer System Interface
ISP Internet Service Provider
ISSO Information Systems Security Officer
ITCP IT Contingency Plan
IV Initialization Vector
JBOD Just a Bunch of Disks
KDC Key Distribution Center
KEK Key Encryption Key
L2TP Layer 2 Tunneling Protocol
LAN Local Area Network
LDAP Lightweight Directory Access Protocol
LEAP Lightweight Extensible Authentication Protocol
LSO Local Shared Objects
MaaS Monitoring as a Service
MAC Mandatory Access Control
MAC Media Access Control
MAC Message Authentication Code
MAN Metropolitan Area Network
MBR Master Boot Record
MD5 Message Digest 5
MDF Main Distribution Frame
MITM Man-in-the-Middle
MOU Memorandum of Understanding
MPLS Multi-Protocol Layer Switch
MSCHAP Microsoft Challenge Handshake Authentication Protocol
MTBF Mean Time Between Failures
MTTF Mean Time to Failure
MTTR Mean Time to Recover
MTU Maximum Transmission Unit
NAC Network Access Control
NAT Network Address Translation
NDA Non-Disclosure Agreement
NDP Network Discovery Protocol
NFC Near Field Communication
NIC Network Interface Card
NIDS Network Based Intrusion Detection System
NIPS Network Based Intrusion Prevention System
NIST National Institute of Standards & Technology
NOP No operation
NOS Network Operating System
NoSQL Not only Structured Query Language
NTFS New Technology File System
NTLM New Technology LANMAN
NTP Network Time Protocol
OAUTH Open Authorization
OCSP Online Certificate Status Protocol
OLA Open License Agreement
OS Operating System
OSI Open Systems Interconnection
OVAL Open Vulnerability Assessment Language
P2P Peer to Peer
PaaS Platform as a Service
PAC Proxy Auto Configuration
PAM Pluggable Authentication Modules
PAN Personal Area Network
PAP Password Authentication Protocol
PAT Port Address Translation
PBKDF2 Password Based Key Derivation Function 2
PBX Private Branch Exchange
PCAP Packet Capture
PEAP Protected Extensible Authentication Protocol
PED Personal Electronic Device
PFS Perfect Forward Secrecy
PGP Pretty Good Privacy
PII Personally Identifiable Information
PIV Personal Identity Verification
PKI Public Key Infrastructure
POP3 Post Office protocol version 3
POTS Plain Old Telephone Service
PPP Point-to-point Protocol
PPTP Point to Point Tunneling Protocol
PSK Pre-Shared Key
PTZ Pan-Tilt-Zoom
RA Recovery Agent
RA Registration Authrity
RAD Rapid Application Development
RADIUS Remote Authentication Dial-in User Server
RAID Redundant Array of Inexpensive Disks
RAID-0 Disk striping
RAID-1 Disk mirroring
RAID-5 Disk striping with parity, 3 or more disks
RAID-6 Disk striping with parity, 4 or more disks
RAM Random Access Memory
RAS Remote Access Server
RAT Remote Access Tool
RBAC Role Based Access Control
RBAC Rule Based Access Control
RC4 Rivest Cipher 4 (Ron’s Code)
RDP Remote Desktop Protocol
RFI Radio Frequency Interference
RFID Radio Frequency Identification
RIPEMD RACE Integrity Primitives Evaluation Message Digest
ROI Return of Investment
RPO Recovery Point Objective
RSA Rivest, Shamir, & Adleman
RTO Recovery Time Objective
RTP Real-Time Transport Protocol
S/MIME Secure / Multipurpose Internet Mail Extensions
SaaS Software as a Service
SAML Security Assertions Markup Language
SAN Storage Area Network
SCADA System Control and Data Acquisition
SCAP Security Content Automation Protocol
SCEP Simple Certificate Enrollment Protocol
SCSI Small Computer System Interface
SDLC Software Development Life Cycle
SDLM Software Development Life Cycle Methodology
SEH Structured Exception Handler
SELinux Security Enhanced Linux
SHA Secure Hashing Algorithm
SFTP Secure File Transfer Protocol
SHTTP Secure Hypertext Transfer Protocol
SID Security Identifier
SIEM Security Information and Event Management
SIM Subscriber Identity Module
SIRT Security Incident Response Team
SLA Service Level Agreement
SLE Single Loss Expectancy
SMS Short Message Service
SMTP Simple Mail Transfer Protocol
SMTPS Simple Mail Transfer Protocol Secure
SNMP Simple Network Management Protocol
SOAP Simple Object Access Protocol
SONET Synchronous Optical Network Technologies
SPIM Spam over Internet Messaging
SPOF Single Point of Failure
SQL Structured Query Language
SSD Solid State Drive
SSH Secure Shell
SSID Service Set Identifier
SSL Secure Sockets Layer
SSO Single Sign On
SSTP Secure Socket Tunneling Protocol
STP Shielded Twisted Pair
STP Spanning Tree Protocol
SYN Synchronize
TACACS+ Terminal Access Controller Access Control System
TCO Total Cost of Ownership
TCP/IP Transmission Control Protocol / Internet Protocol
TFTP Trivial File Transfer Protocol
TGT Ticket Granting Ticket
TKIP Temporal Key Integrity Protocol
TLS Transport Layer Security
TOTP Time-Based One-Time Password
TPM Trusted Platform Module
TSIG Transaction Signature
UAT User Acceptance Testing
UEFI Unified Extensible Firmware Interface
UDP User Datagram Protocol
UPS Uninterruptable Power Supply
URI Uniform Resource Identifier
URL Universal Resource Locator
USB Universal Serial Bus
UTM Unified Threat Management
UTP Unshielded Twisted Pair
VDI Virtualization Desktop Infrastructure
VLAN Virtual Local Area Network
VLSM Variable Length Subnet Masking
VM Virtual Machine
VoIP Voice over IP
VPN Virtual Private Network
VSAN Virtual Storage Area Network
VTC Video Teleconferencing
WAF Web Application Firewall
WAP Wireless Access Point
WEP Wired Equivalent Privacy
WIDS Wireless Intrusion Detection System
WIPS Wireless Intrusion Prevention System
WPA Wireless Protected Access
WPA2 WiFi Protected Access 2
WPS WiFi Protected Setup
WTLS Wireless TLS
XML Extensible Markup Language
XSRF Cross-Site Request Forgery
XSS Cross-Site Scripting
XTACACS Extended Terminal Access Controller Access-Control System


Don’t expect to pass any certification exams without knowing your security acronyms. I may look into adding an acronyms page but this is a good primer for now.

Have a great day!

Pin It on Pinterest