Even at the general level, you need to know many acronyms to work in IT. Transitioning into security is no different. You’ll most likely come across these security acronyms in news articles and whatever studies you may be engaged in.
Acronym | Meaning |
---|---|
3DES | Triple Digital Encryption Standard |
802.1x | Port-based authentication protocol |
AAA | Authentication, Authorization, and Accounting |
ACE | Access Control Entity |
ACK | Acknowledge |
ACL | Access Control List |
AES | Advanced Encryption Standard |
AES-256 | Advanced Encryption Standards 256-bit |
AH | Authentication Header |
ALE | Annualized Loss Expectancy |
AP | Access Point |
API | Application Programming Interface |
APT | Advanced Persistent Threat |
ARO | Annualized Rate of Occurrence |
ARP | Address Resolution Protocol |
ASCII | American Standard Code for Information Interchange |
ASP | Application Service Provider |
AUP | Acceptable Use Policy |
BAC | Business Availability Center |
BCP | Business Continuity Planning |
BIA | Business Impact Analysis |
BIND | Berkeley Internet Name Domain |
BIOS | Basic Input / Output System |
BPA | Business Partners Agreement |
BPDU | Bridge Protocol Data Unit |
BYOD | Bring Your Own Device |
CA | Certificate Authority |
CAC | Common Access Card |
CAN | Controller Area Network |
CAPTCHA | Completely Automated Public Turing Test to Tell Computers and Humans Apart |
CAR | Corrective Action Report |
CCMP | Counter-Mode / CBC-Mac Protocol |
CCTV | Closed-Circuit Television |
CERT | Computer Emergency Response Team |
CFB | Cipher Feedback |
CHAP | Challenge Handshake Authentication Protocol |
CIA | Confidentiality, Integrity, and Availability |
CIO | Chief Information Officer |
CIRT | Computer Incident Response Team |
CMS | Content Management System |
COOP | Continuity of Operation Planning |
CP | Contingency Planning |
CRC | Cyclical Redundancy Check |
CRL | Certificate Revocation List |
CSP | Cloud Service Provider |
CSR | Certificate Signing Request |
CSR | Control Status Register |
CSRF | Cross-Site Request Forgery |
CSU | Channel Service Unit |
CTO | Chief Technology Officer |
CVE | Common Vulnerabilities and Exposures |
DAC | Discretionary Access Control |
DACL | Discretionary Access Control List |
DBA | Database Administrator |
dBd | Decibels-dipole |
dBi | Decibels-isotropic |
dBm | Decibels-milliwatt |
DDOS | Distributed Denial of Service |
DEP | Data Execution Prevention |
DES | Digital Encryption Standard |
DHCP | Dynamic Host Configuration Protocol |
DHE | Data-Handling Electronics |
DHE | Diffie-Hellman Ephemeral |
DLL | Dynamic Link Library |
DLP | Data Loss Prevention |
DMZ | Demilitarized Zone |
DNAT | Destination Network Address Transaction |
DNAT | Dynamic Network Address Translation |
DNS | Domain Name Service (Server) |
DNSSEC | Domain Name System Security Extensions |
DOS | Denial of Service |
DRP | Disaster Recovery Plan |
DSA | Digital Signature Algorithm |
DSL | Digital Subscriber line |
DSU | Data Service Unit |
EAP | Extensible Authentication Protocol |
EAP-TLS | Extensible Authentication Protocol – Transport Layer Security |
EAP-TTLS | Extensible Authentication Protocol – Tunneled Transport Layer Security |
ECC | Elliptic Curve Cryptography |
ECDHE | Elliptic Curve Diffie-Hellman Exchange |
ECDSA | Elliptic Curve Digital Signature Algorithm |
EFS | Encrypted File System |
EMI | Electromagnetic Interference |
ESD | Electrostatic Discharge |
ESN | Electronic Serial Number |
ESP | Encapsulated Security Payload |
FACL | File System Access Control List |
FCoE | Fibre Channel over Ethernet |
FDE | Full Disk Encryption |
FTP | File Transfer Protocol |
FTPS | File Transfer Protocol Secured (over SSL) |
GCM | Galois Counter Mode |
GPG | Gnu Privacy Guard |
GPO | Group Policy Object |
GPS | Global Positioning System |
GPU | Graphic Processing Unit |
GRE | Generic Routing Encapsulation |
GUI | Graphical User Interface |
HDD | Hard Disk Drive |
HIDS | Host Based Intrusion Detection System |
HIPS | Host Based Intrusion Prevention System |
HMAC | Hashed Message Authentication Code |
HOTP | HMAC based One Time Password |
HSM | Hardware Security Module |
HTML | HyperText Markup Language |
HTTP | Hypertext Transfer Protocol |
HTTPS | Hypertext Transfer Protocol Secure (over SSL) |
HVAC | Heating, Ventilation Air Conditioning |
IaaS | Infrastructure as a Service |
ICMP | Internet Control Message Protocol |
ICS | Industrial Control Systems |
ID | Identification |
IDF | Intermediate Distribution Frame |
IdP | Identity Provider |
IDS | Intrusion Detection System |
IEEE | Institute of Electrical and Electronics Engineers |
IGMP | Internet Group Management Protocol |
IIS | Internet Information Services |
IKE | Internet Key Exchange |
IM | Instant Messaging |
IMAP4 | Internet Message Access Protocol v4 |
IP | Internet Protocol |
IPS | Intrusion Prevention System |
IPSEC | Internet Protocol Security |
IPv4 | Internet Protocol version 4 |
IPv6 | Internet Protocol version 6 |
IR | Incident Response |
IRC | Internet Relay Chat |
IRP | Incident Response Procedure |
IRT | Incident Response Team |
ISA | Interconnection Security Agreement |
iSCSI | Internet Small Computer System Interface |
ISP | Internet Service Provider |
ISSO | Information Systems Security Officer |
ITCP | IT Contingency Plan |
IV | Initialization Vector |
JBOD | Just a Bunch of Disks |
KDC | Key Distribution Center |
KEK | Key Encryption Key |
L2TP | Layer 2 Tunneling Protocol |
LAN | Local Area Network |
LDAP | Lightweight Directory Access Protocol |
LEAP | Lightweight Extensible Authentication Protocol |
LSO | Local Shared Objects |
MaaS | Monitoring as a Service |
MAC | Mandatory Access Control |
MAC | Media Access Control |
MAC | Message Authentication Code |
MAN | Metropolitan Area Network |
MBR | Master Boot Record |
MD5 | Message Digest 5 |
MDF | Main Distribution Frame |
MITM | Man-in-the-Middle |
MOU | Memorandum of Understanding |
MPLS | Multi-Protocol Layer Switch |
MSCHAP | Microsoft Challenge Handshake Authentication Protocol |
MTBF | Mean Time Between Failures |
MTTF | Mean Time to Failure |
MTTR | Mean Time to Recover |
MTU | Maximum Transmission Unit |
NAC | Network Access Control |
NAT | Network Address Translation |
NDA | Non-Disclosure Agreement |
NDP | Network Discovery Protocol |
NFC | Near Field Communication |
NIC | Network Interface Card |
NIDS | Network Based Intrusion Detection System |
NIPS | Network Based Intrusion Prevention System |
NIST | National Institute of Standards & Technology |
NOP | No operation |
NOS | Network Operating System |
NoSQL | Not only Structured Query Language |
NTFS | New Technology File System |
NTLM | New Technology LANMAN |
NTP | Network Time Protocol |
OAUTH | Open Authorization |
OCSP | Online Certificate Status Protocol |
OLA | Open License Agreement |
OS | Operating System |
OSI | Open Systems Interconnection |
OVAL | Open Vulnerability Assessment Language |
P2P | Peer to Peer |
PaaS | Platform as a Service |
PAC | Proxy Auto Configuration |
PAM | Pluggable Authentication Modules |
PAN | Personal Area Network |
PAP | Password Authentication Protocol |
PAT | Port Address Translation |
PBKDF2 | Password Based Key Derivation Function 2 |
PBX | Private Branch Exchange |
PCAP | Packet Capture |
PEAP | Protected Extensible Authentication Protocol |
PED | Personal Electronic Device |
PFS | Perfect Forward Secrecy |
PGP | Pretty Good Privacy |
PII | Personally Identifiable Information |
PIV | Personal Identity Verification |
PKI | Public Key Infrastructure |
POP3 | Post Office protocol version 3 |
POTS | Plain Old Telephone Service |
PPP | Point-to-point Protocol |
PPTP | Point to Point Tunneling Protocol |
PSK | Pre-Shared Key |
PTZ | Pan-Tilt-Zoom |
RA | Recovery Agent |
RA | Registration Authrity |
RAD | Rapid Application Development |
RADIUS | Remote Authentication Dial-in User Server |
RAID | Redundant Array of Inexpensive Disks |
RAID-0 | Disk striping |
RAID-1 | Disk mirroring |
RAID-5 | Disk striping with parity, 3 or more disks |
RAID-6 | Disk striping with parity, 4 or more disks |
RAM | Random Access Memory |
RAS | Remote Access Server |
RAT | Remote Access Tool |
RBAC | Role Based Access Control |
RBAC | Rule Based Access Control |
RC4 | Rivest Cipher 4 (Ron’s Code) |
RDP | Remote Desktop Protocol |
RFI | Radio Frequency Interference |
RFID | Radio Frequency Identification |
RIPEMD | RACE Integrity Primitives Evaluation Message Digest |
ROI | Return of Investment |
RPO | Recovery Point Objective |
RSA | Rivest, Shamir, & Adleman |
RTO | Recovery Time Objective |
RTP | Real-Time Transport Protocol |
S/MIME | Secure / Multipurpose Internet Mail Extensions |
SaaS | Software as a Service |
SAML | Security Assertions Markup Language |
SAN | Storage Area Network |
SCADA | System Control and Data Acquisition |
SCAP | Security Content Automation Protocol |
SCEP | Simple Certificate Enrollment Protocol |
SCSI | Small Computer System Interface |
SDLC | Software Development Life Cycle |
SDLM | Software Development Life Cycle Methodology |
SEH | Structured Exception Handler |
SELinux | Security Enhanced Linux |
SHA | Secure Hashing Algorithm |
SFTP | Secure File Transfer Protocol |
SHTTP | Secure Hypertext Transfer Protocol |
SID | Security Identifier |
SIEM | Security Information and Event Management |
SIM | Subscriber Identity Module |
SIRT | Security Incident Response Team |
SLA | Service Level Agreement |
SLE | Single Loss Expectancy |
SMS | Short Message Service |
SMTP | Simple Mail Transfer Protocol |
SMTPS | Simple Mail Transfer Protocol Secure |
SNMP | Simple Network Management Protocol |
SOAP | Simple Object Access Protocol |
SONET | Synchronous Optical Network Technologies |
SPIM | Spam over Internet Messaging |
SPOF | Single Point of Failure |
SQL | Structured Query Language |
SSD | Solid State Drive |
SSH | Secure Shell |
SSID | Service Set Identifier |
SSL | Secure Sockets Layer |
SSO | Single Sign On |
SSTP | Secure Socket Tunneling Protocol |
STP | Shielded Twisted Pair |
STP | Spanning Tree Protocol |
SYN | Synchronize |
TACACS+ | Terminal Access Controller Access Control System |
TCO | Total Cost of Ownership |
TCP/IP | Transmission Control Protocol / Internet Protocol |
TFTP | Trivial File Transfer Protocol |
TGT | Ticket Granting Ticket |
TKIP | Temporal Key Integrity Protocol |
TLS | Transport Layer Security |
TOTP | Time-Based One-Time Password |
TPM | Trusted Platform Module |
TSIG | Transaction Signature |
UAT | User Acceptance Testing |
UEFI | Unified Extensible Firmware Interface |
UDP | User Datagram Protocol |
UPS | Uninterruptable Power Supply |
URI | Uniform Resource Identifier |
URL | Universal Resource Locator |
USB | Universal Serial Bus |
UTM | Unified Threat Management |
UTP | Unshielded Twisted Pair |
VDI | Virtualization Desktop Infrastructure |
VLAN | Virtual Local Area Network |
VLSM | Variable Length Subnet Masking |
VM | Virtual Machine |
VoIP | Voice over IP |
VPN | Virtual Private Network |
VSAN | Virtual Storage Area Network |
VTC | Video Teleconferencing |
WAF | Web Application Firewall |
WAP | Wireless Access Point |
WEP | Wired Equivalent Privacy |
WIDS | Wireless Intrusion Detection System |
WIPS | Wireless Intrusion Prevention System |
WPA | Wireless Protected Access |
WPA2 | WiFi Protected Access 2 |
WPS | WiFi Protected Setup |
WTLS | Wireless TLS |
XML | Extensible Markup Language |
XSRF | Cross-Site Request Forgery |
XSS | Cross-Site Scripting |
XTACACS | Extended Terminal Access Controller Access-Control System |
Don’t expect to pass any certification exams without knowing your security acronyms. I may look into adding an acronyms page but this is a good primer for now.
Have a great day!