Curated list of acronyms related to the modern cyber security landscape and industry (cloud, applications, assets, services, kubernetes and containers). Terms and buzzwords classified and explained to make sure that they are understandable.
3DES - Triple Data Encryption Algorithm (Also TDEA or Triple DEA)
AES - Advanced Encryption Standard
DES - Data Encryption Standard
MD5 - Message-digest Algorithm
RSA - Rivest–Shamir–Adleman open cryptosystem
SHA - Secure Haching Algorithm
CSRF - Cross Site Request Forgery
DC - Differential cryptanalytics
LC - Linear cryptanalytics
DA - Davies Attack
DoS - Denial of Service
DDoS - Distributed Denial of Service
Malware - Malicios Software
MITM - Man in the middle (also Person in the middle)
RaaS - Ransomware as a Service
RAT - Remote Access Trojan
RCE - Remote Code Execution
SQLi - SQL Injection
SSRF - Server Side Request Forgery
XFS - Cross Frame Scripting
XSS - Cross Site Scripting
AMSI - Anti-Malware Scan Interface
ASPM - Application Security Posture Management
AST - Application Security Testing
AV - Anti-Virus
CAASM - Cyber Asset Attack Surface Management (inventory management)
CASB - Cloud Access Security Broker
CDR - Cloud Detection and Response
CIEM - Cloud Infrastructure Entitlement Management
CIAM - Cloud Identity Access Management
CNAPP - Cloud Native Application Protection Platform
C-SCRM - Cyber Supplly Chain Risk Management Link
CSPM - Cloud Security Posture Management
CWP - Cloud Workload Protection
CWPP - Cloud Workload Protection Platform
DAST - Dynamic Application Security Testing
DDR - Data Detection & Response
DLP - Data Loss Prevention
DSPM - Data Security Posture Management
EDR - Endpoint Detection and Response, sometimes known as Endpoint Threat Detection and Response (ETDR)
ETDR - See EDR
HIDS - Host Intrusion Detection System (also NIDS for Network)
HIPS - Host Intrusion Prevention System
IAST - Interactive Application Security Testing
IDTR - Identity Detection & Response
MDFT - Mobile Device Forensic Tool
MSSP - Managed Security Services Provider
NDR - Network Detection & Response
NIDS - Network Intrustion Detection System
NTA - Network Traffic Analysis
RASP - Runtime Application Self-Protection
SAST - Static Application Security Testing
SCA - Source Composition Analysis
SCAP - Security Content Automation Protocol
SIEM - Security Incident & Event Management
SOAR - Security Orchestration & Response
SOC - Security Operations Center
SSPM - SaaS Security Posture Management
TIP - Threat Intelligence Platform
UBA / UEBA - User and entity behavior analytics
VM - Vulnerability Management (also Virtual Machine outside of infosec)
WAF - Web Application Firewall
XDR - eXtended Detection and Response
APRA - Australian Prudential Regulation Authority
ASLR - Address Space Layout Randomisation
ASVS - (OWASP) Application Security Verification Standard
ATT&CK - (MITRE) Adversarial Tactics, Techniques, and Common Knowledge
BGDPL - Brazilian General Data Protection Law (Brazil)
DSS - Data Security Standard (See PCI)
CAPEC - Common Attack Pattern Enumeration and Classification
CSAF - Common Security Advisory Framework (2.0)
CIS - Center for Internet Security Link
CVRF - Common Vulnerability Reporting Framework (now CSAF)
GDPR - General Data Protection Regulation (Europe)
HIPAA - Health Insurance Portability and Accountability Act
ISO - International Organization for Standardization
MITRE - Not an acronym - “a name that was meaningless and without connotations, but with an attractive feel.”
NVD - National Vulnerability Database (USA)
NIST - National Institute of Standards and Technology (US)
OWASP - Open Web Application Security Project
PCI DSS - Payment Card Industry Data Security Standard
PCI SSC - Payment Card Industry Security Standards Council
PIPEDA - Personal Information Protection and Electronic Documents Act (Canada)
TARA - Threat Agent Risk Assessment (Methodology)
SAMM - Software Assurance Maturity Model (OWASP) Link
SLSA - Supply-chain Levels for Software Artifact - Link
SOC (1,2,3) - System and Organization Controls
2FA - Two Factor Authentication; see also MFA
ABAC - Attribute Based Access Control
ACL - Access Control List
CA - Certificate Authority
CORS - Cross Origin Resource Sharing
DoH - DNS over HTTPS
DOM - Document Object Model
FTPS - FTP-SSL or FTP Secure
IR - Incident Response
JIT - Just in Time (SAML)
JWT - JSON Web Token
MFA - Multi Factor Authentication
mTLS - Mutual Transport Layer Security
OASIS - Organisation for the Advancement of Structured Information Standards
OAuth - Open Authorization
PaC - Policy as Code
SAML - Security Assertion Markup Language
SARIF - Static Analysis Results Interchange Format
SFTP - SSH File Transfer Protocol
SSH - Secure Shell
SSL - Secure Sockets Layer
SSO - Single Sign-on
TLP - Traffic Light Protocol
TLS - Transport Layer Security
U2F - Universal Two Factor
WEP - Wired Equivalent Privacy (Protocol)
WPA - Wi-Fi Protected Access (Protocol)
WPS - Wi-Fi Protected Setup (Standard)
A&A - Assessment and Authorization
APT - Advanced Persistent Threat
Authn - Authentication
Authz - Authorization
BAS - Breach & Attack Simulation
BCP - Business Continuity Plan
BEC - Business Email Compromise
BGH - Big Game Hunting
BIA - Business Impact Analysis
BSIMM - Building Security In Maturity Model
C2 - Command & Control
CAPTCHA - Completely Automated Public Turing Test to Tell Computers And Humans Apart
CCSP - Certified Cloud Security Professional (ISC2)
CISA - Cybersecurity and Infrastructure Security Agency | Certified Information Systems Auditor
CoA - Course of Action
CVE - Common Vulnerabilities and Exposures
CVS - Common Vulnerability Score
CVSS - Common Vulnerability Scoring System
CISO - Chief Information Security Officer
CSO - Chief Security Officer (role / persona)
IAM - Identity Access Management
IOA - Indicators of Attack
IOC - Indicators of Compromise
MALOPS - Malicious Operations
MTTR - Mean Time to Resolution
PAM - Privileged Access Management
RBAC - Role Based Access Control
SDLC - Software Development Lifecycle (Also sometimes System Development Lifecycle)
SD-WAN - Software Defined Wide Area Network
SKU - Stock Keeping Unit (Unique identificaiton that definees an element)
SRA - Security Response Automation
SWOT - Strengths, Weaknesses, Opportunities, and Threats (SWOT Analysis)
TI - Threat Intelligence
TTP - Tactics, Techniques, and Procedures
UAC - User Access Control
VAP - Very Attacked Person
VPN - Virtual Private Network
CAPP - Controlled Access Protection Profile
CC - Common Criteria
CCM - Cloud Controls Matrix
CERT - Computer Emergency Response Team
CIA - Confidentiality; Integrity; Availability
CISSP - Certified Information Systems Security Professional (ISC2)
CMF - Collection Management Framework
CMM - Capability Maturity Model
CSA - (1) Cloud Security Alliance (2) Continuous Security Assessment
CSP - Content Security Policy
CTF - Capture the Flag
CTI - Cyber Threat Intelligence
CWE - Common Weakness Enumeration
DEP - Data Execution Prevention
DFIR - Digital Forensics and Incident Response
DKIM - DomainKeys Identified Mail
DLS - Dedicated Leak Site
DMARC - Domain-based Message Authentication, Reporting & Conformance
DNSSEC - Domain Name System Security Extensions
DREAD - Damage; Reproducability; Exploitability; Affected Users; Discoverability
EASM - Externam Attack Surface Management
EICAR - European Institute for Computer Antivirus Research
EPP - Endpoint Protection Platform
EPSS - Exploit Prediction Scoring System
FAIR - Factor Analysis of Information Risk
FiDO - Fast IDentity Online
FIM - File Integrity Monitoring
FIRST - Forum of Incident Response and Security Teams
FPC - Full Packet Capture
GCM - Galois/Counter Mode
GPG - GnuPG
GRC - Governance, Risk & Compliance
HSM - Hardware Security Module
HSTS - HTTP Strict Transfer Protocol
IDAM - Identity & Access Management
IDOR - Insecure Direct Object Reference
IdP - Identity Provider
IDS - Intrusion Detection System
IETF - Internet Engineering Task Force
IPE - Intelligence Preperation of the Environment
IPS - Intrusion Protection System
IPSec - Internet Protocol Security
IRM - Integrated Risk Management
IRP - Incident Response Playbook
ISC2 - International Information System Security Certification Consortium
ISMS - Information Security Management System
ISS - Information System Security
KCM - Kill Chain Model
LANGSEC - Language Security
LFI - Local File Inclusion
LOLBin - Living off the Land Binary (also LOLScripts, LOLBAS)
NAC - Network Access Control / also NACL (Network Access Control List)
NDB - Notifiable Data Breache(s)
NGCI - Next Generation Cyber Infrastructure
NGES - Next Generation Endpoint Security
NGFW - Next Generation Firewall
NMS - Network Management System
NX - No-Execute
ODoH - Oblivious DNS over HTTPS
OIDC - OpenID Connect
OPSec - Operational Security
OSCAL - Open Security Controls Assessment Language
OSCP - Offensive Security Certified Professional
OSINT - Open Source Intelligence
OTP - One Time Pad ( sometimes One Time Password)
PASTA - Process for Attack Simulation & Threat Analysis
PCD - Payment Card Data
PGP - Pretty Good Privacy. See also GPG
PFS - Perfect Forward Secrecy
PTES - Penetration Testing Execution Standard
PUP - Potentially Unwanted Program
RFC - Request For Comments
ROP - Return-oriented programming
RP - Return Pointer
RTR - Rapid Threat Response
SABSA - Sherwood Applied Business Security Architecture
SANS - SysAdmin, Audit, Network, and Security
SAQ - Self-Assessment Questionnaire
SASE - Secure Access Service Edge
SCIM - System for Cross-domain Identity Management
SSDLC - Secure Software Development Lifecycle
SSE - Security Services Edge (A subset of SASE)
SECCOMP - Secure Computing
SET - Social Engineering Toolkit
SFP - Saved Frame Pointer
SOA - Statemenet of Applicability
SOX - Sarbanes-Oxley Act
SPF - Sender Policy Framework
SRI - Sub-resource Integrity
SSS - Stack Smashing Protector
SSVC - Stakeholder-Specific Vulnerability Categorization
STIG - Security Technical Implementation Guide
STIX - Structured Threat Information Expression
STRIDE - Spoofing; Tampering; Repudiation; Information disclosure; Denial of service; Elevation of Privilege
TAXII - Trusted Automated Exchange of Intelligence Information
TOGAF - The Open Group Architecture Framework
TPM - Transport Platform Module
TPRM - Third Party Risk Management
XACML - eXtensible Access Control Markup Language
XXE - XML External Entity
Original list extracted from Ghostinashell Blog
Enriched with terms learned from Sysdig
Added some terms from SecureWorldExpo
Curated list of security resources Awesome-sceurity