Question: What are some common terms and acronyms used in the field of cybersecurity? Glossary of Common Cybersecurity Terms, Abbreviations, Acronyms, and Initialisms
Updated: January 11, 2023
Cybersecurity, like many technical fields, has its own nomenclature, filled with terms, abbreviations, acronyms, and initialisms that reference the various agencies and organizations, titles and certifications, methods and strategies, and tools and technologies that are familiar to cybersecurity professionals. This glossary is designed to provide those who are not familiar with cyber terminology with a convenient guide to the field’s most commonly used terms, and to assist students who are considering a cybersecurity degree program with an overview of many of the terms they may encounter while researching programs and careers in the field.
| Abbreviation, Acronym, or Initialism | Meaning |
|---|---|
| 2FA | Two-Factor Authentication |
| aaS | as a Service |
| ACL | Access Control List |
| AES | Advanced Encryption Standard |
| AI | Artificial Intelligence |
| API | Application Programming Interface |
| AP | Access Point |
| APT | Advanced Persistent Threat |
| APWG | Anti-Phishing Working Group |
| ATT&CK | Adversarial Tactics, Techniques and Common Knowledge |
| AV | Anti-Virus |
| BAS | Breach, Attack and Simulation Tools |
| BCP | Business Continuity Plan |
| BGP | Border Gateway Protocol |
| C2 | Command and Control |
| CARO | Computer Antivirus Research Organization |
| CEH | Certified Ethical Hacker |
| CERT | Computer Emergency Response Team |
| CIS | Center for Internet Security |
| CISA | Certified Information Systems Auditor |
| CISM | Certified Information Security Manager |
| CISO | Chief Information Security Officer |
| CISSP | Certified Information Systems Security Professional |
| CMDB | Configuration Management Database |
| CNA | Computer Network Attack |
| CND | Computer Network Defense |
| CNE | Computer Network Exploitation |
| CRISC | Certified in Risk and Information Systems Control |
| CSA | Cloud Security Alliance |
| CSP | Cloud Service Provider |
| CREST | Council for Registered Ethical Security Testers |
| CTI | Cyber Threat Intelligence |
| CVVS | Common Vulnerability Scoring System |
| DDoS | Distribute Denial of Service |
| DHS | Department of Homeland Security |
| DLP | Data Loss Prevention |
| DNS | Domain Name Server |
| DoD | Department of Defense |
| EC-Council | International Council of Electronic Commerce Consultants |
| EDR | Endpoint Detection and Response |
| FISMA | Federal Information Security Modernization Act |
| FTP | File Transfer Protocol |
| FWaaS | Firewall as a Service |
| GDPR | General Data Protection Regulation |
| GIAC | Global Information Assurance Certification |
| GIS | Geospatial Information Systems |
| GRC | Governance, Risk Management and Compliance |
| HIPPA | Health Insurance Portability and Protection Act |
| HTTPS | Secure Hypertext Transfer Protocol |
| IA | Information Assurance |
| IaaS | Infrastructure as a Service |
| IAM | Identity and Access Management |
| IBE | Identity Based Encryption |
| IDS | Intrusion Detection System |
| IoT | Internet of Things |
| IPS | Intrusion Prevention System |
| IR | Incident Response |
| ISC² | Information Systems Security Certification Consortium |
| ISMS | Information Security Management System |
| ISP | Internet Service Provider |
| ISSA | Information Systems Security Association |
| ISSAF | Information System Security Assessment Framework |
| ISSO | Information Systems Security Officer |
| IT | Information Technology |
| LAN | Local Access Network |
| MDR | Managed Detection and Response |
| MFA | Multifactor Authentication |
| ML | Machine Learning |
| MSP | Managed Service Provider |
| MSSP | Managed Security Service Provider |
| NAC | Network Access Control |
| NGFW | Next-Generation Firewall |
| NICCS | National Initiative for Cybersecurity Careers and Studies |
| NICE | National Institute for Cybersecurity Education |
| NIST | National Institute of Standards and Technology |
| OISSG | Open Information Security Systems Group |
| OSI | Open Systems Interconnection |
| OWASP | Open Web Application Security Project |
| PaaS | Platform as a Service |
| PCI-DDS | Payment Card Industry Data Security Standard |
| PTES | Penetration Testing Execution Standard |
| SaaS | Software as a Service |
| SCF | Secure Controls Framework |
| SIEM | Security Information and Event Management |
| SOC | Security Operations Center |
| SQL | Structured Query Language |
| SWG | Secure Web Gateway |
| TCP/IP | Transmission Control Protocol/Internet Protocol |
| UTM | Unified Threat Management |
| VPN | Virtual Private Network |
| WAN | Wide Access Network |
| WAP | Wireless Application Protocol |
| WSTG | Web Security Testing Guide |
| ZTNA | Zero Trust Network Access |
General Cybersecurity FAQs:
Be Informed
For more information on our research methods, data sources, program classifications, and other important information to consider while visiting this site, please review our Sources and Disclaimers page.