# Cyber Security Acronyms and Terms

Curated list of acronyms and terms related to cyber security landscape including industry, open source and non-profit organizations (Basically any concept that has anything to do with security practices around the cloud, applications, assets, services, kubernetes and containers).

This glossary classifies and explains security terms to make them understandable beyond the 'buzzoword'.

Any contribution will be more than welcome.

## Algorithms
_Encryption algorithms and other protection methods_

3DES - Triple Data Encryption Algorithm (Also TDEA or Triple DEA)  
AES - Advanced Encryption Standard  
DES - Data Encryption Standard  
MD5 - Message-digest Algorithm  
RSA - Rivest–Shamir–Adleman open [cryptosystem](https://en.wikipedia.org/wiki/RSA_(cryptosystem))  
SHA - Secure Haching Algorithm  

## Attack patterns, Vulnerabilities, and Threats
_Malicious strategies from hackers or red-teams_

ACE - Arbitrary Code Execution  
AFR - Arbitrary File Read  
CSRF - Cross Site Request Forgery  
DC - Differential cryptanalytics  
LC - Linear cryptanalytics  
DA - Davies Attack  
DoS - Denial of Service  
DDoS - Distributed Denial of Service  
LFI - Local File Inclusion  
Malware - Malicious Software  
MITM - Man in the middle (also Person in the middle)  
RaaS - Ransomware as a Service  
RAT - Remote Access Trojan  
RCE - Remote Code Execution  
SET - Social Engineering Toolkit  
SQLi - SQL Injection  
SSRF - Server Side Request Forgery  
XFS - Cross Frame Scripting  
XSS - Cross Site Scripting  

## Protection approaches
_Security strategies, solutions, and protection patterns_

ADR - Application Detection and Response  
AIDA - Artificial Intelligence Defense Agent [Link](https://www.knowbe4.com/products/aida#:~:text=Your%20organization%20may%20struggle%20to,approach%20to%20human%20risk%20management.)   
AIPP (incubating*) - Artificial Intelligence Platform Protection [Link](https://www.sysdig.com/blog/ai-infrastructure-security-why-it-deserves-its-own-category)  
AMSI - Anti-Malware Scan Interface  
ASM - Attack Surface Management  
ASO - Autonomic Security Operations [Doc](https://services.google.com/fh/files/misc/googlecloud_autonomicsecurityoperations_soc10x.pdf)  
ASPM - Application Security Posture Management  
AST - Application Security Testing [Details](https://www.imperva.com/learn/application-security/application-security-testing)  
AV - Anti-Virus  
CADR - Cloud Application Detection and Response  
CAASM - Cyber Asset Attack Surface Management (inventory management)  
CASB - Cloud Access Security Broker  
CDR - Cloud Detection and Response  
CIEM - Cloud Infrastructure Entitlement Management  
CIAM - Cloud Identity Access Management  
CIRA - Cloud Investigation and Response Automation 
CNAPP - Cloud Native Application Protection Platform  
C-SCRM - Cyber Supplly Chain Risk Management [Link](https://csrc.nist.rip/scrm/#:~:text=Cyber%20Supply%20Chain%20Risk%20Management%20(C%2DSCRM)%20is%20the,product%20and%20service%20supply%20chains.)  
CSPM - Cloud Security Posture Management  
CTEM - Continuous Threat Exposure Management  
CWP - Cloud Workload Protection  
CWPP - Cloud Workload Protection Platform  
DAST - Dynamic Application Security Testing  
DDR - Data Detection & Response  
DLP - Data Loss Prevention  
DSPM - Data Security Posture Management  
EDR - Endpoint Detection and Response, sometimes known as Endpoint Threat Detection and Response (ETDR)  
ETDR - See EDR  
HIDS - [Host based Intrusion Detection System](https://en.wikipedia.org/wiki/Host-based_intrusion_detection_system) (also NIDS for Network)  
HIPS - Host Intrusion Prevention System  
IAST - Interactive Application Security Testing  
IDS - Intrusion Detection System  
IDTR - Identity Detection & Response  
IGA - Identity Governance and Administration  
IPS - Intrusion Protection System  
ISPM - Identity Security Posture Management  
ITDR - Identity Threat Detection & Response  
MDR - Managed Detection and Response  
MDFT - Mobile Device Forensic Tool  
MSSP - Managed Security Services Provider  
NDR - Network Detection & Response  
NGES - Next Generation Endpoint Security  
NGSWG - Next Generation Secure Web Gateway  
NIDS - Network Intrustion Detection System  
NTA - Network Traffic Analysis  
OTSPM - Operational Technology Security Posture Management [link](https://safetybits.io/blog/what-is-otspm/)  
RASP - Runtime Application Self-Protection  
SASE - Secure Access Service Edge  
SAST - Static Application Security Testing  
SCA - Software Composition Analysis  
SCAP - Security Content Automation Protocols  
SIEM - Security Incident & Event Management  
SOAR - Security Orchestration & Response  
SSE - Security Services Edge (A subset of SASE)  
SSPM - SaaS Security Posture Management  
SWG - Secure Web Gateway [link](https://www.netskope.com/security-defined/next-gen-secure-web-gateway)  
TIP - Threat Intelligence Platform  
TPRM - Third Party Risk Management  
UBA / UEBA - User and entity behavior analytics  
VM - Vulnerability Management (also Virtual Machine outside of infosec)  
WAF - Web Application Firewall  
WAAP - Web Application and API Protection [link](https://www.airlock.com/en/secure-access-hub/components/gateway)  
XDR - eXtended Detection and Response  
ZTNA - Zero Trust Network Access

## Security & Compliance frameworks & work groups

APRA - Australian Prudential Regulation Authority  
ASLR - Address Space Layout Randomisation  
ASVS - (OWASP) Application Security Verification Standard  
ATT&CK - (MITRE) Adversarial Tactics, Techniques, and Common Knowledge  
BGDPL - Brazilian General Data Protection Law (Brazil)  
CAPEC - Common Attack Pattern Enumeration and Classification  
CSAF - Common Security Advisory Framework [(2.0)](https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html)  
CIS - Center for Internet Security [Link](https://www.cisecurity.org/)  
CVE - Common Vulnerabilities and Exposures  
CVRF - Common Vulnerability Reporting Framework (now CSAF)  
CVS - Common Vulnerability Score  
CVSS - Common Vulnerability Scoring System  
DSS - Data Security Standard (See PCI)  
EPSS - Exploit Prediction Scoring System  
GDPR - General Data Protection Regulation (Europe)  
HIPAA - Health Insurance Portability and Accountability Act  
ISO - International Organization for Standardization  
MITRE - Not an acronym - “a name that was meaningless and without connotations, but with an attractive feel.”  
NVD - National Vulnerability Database (USA)  
NIST - National Institute of Standards and Technology (US)  
OWASP - Open Web Application Security Project  
PCI DSS - Payment Card Industry Data Security Standard  
PCI SSC - Payment Card Industry Security Standards Council  
PIPEDA - Personal Information Protection and Electronic Documents Act (Canada)  
TARA - Threat Agent Risk Assessment (Methodology)  
SAMM - Software Assurance Maturity Model (OWASP) [Link](https://owaspsamm.org/)  
SLSA - Supply-chain Levels for Software Artifact - [Link](https://slsa.dev/)  
SOC (1,2,3) - [System and Organization Controls](https://en.wikipedia.org/wiki/System_and_Organization_Controls). See also the *"Processes, Teams and roles"* section. 

## Patterns, Protocols & Implementation Standards

2FA - Two Factor Authentication; see also MFA  
ABAC - Attribute Based Access Control  
ACL - Access Control List  
CA - Certificate Authority  
CORS - Cross Origin Resource Sharing  
DoH - DNS over HTTPS  
DOM - Document Object Model  
FTPS - FTP-SSL or FTP Secure  
IR - Incident Response  
JIT - Just in Time (SAML)  
JWT - JSON Web Token  
MFA - Multi Factor Authentication  
mTLS - Mutual Transport Layer Security  
OASIS - Organisation for the Advancement of Structured Information Standards  
OAuth - Open Authorization  
OTP - One Time Password ( sometimes One Time Pad)  
PaC - Policy as Code  
SAML - Security Assertion Markup Language  
SARIF - Static Analysis Results Interchange Format  
SFTP - SSH File Transfer Protocol  
SPDX - Software Package Data Exchange [link](https://spdx.dev/)  
SSH - Secure Shell  
SSL - Secure Sockets Layer  
SSO - Single Sign-on  
TLP - Traffic Light Protocol  
TLS - Transport Layer Security  
U2F - Universal Two Factor  
WEP - Wired Equivalent Privacy (Protocol)  
WPA - Wi-Fi Protected Access (Protocol)  
WPS - Wi-Fi Protected Setup (Standard) 

## Processes, Teams and roles

A&A - Assessment and Authorization
CCSP - Certified Cloud Security Professional (ISC2)  
CDC - Cyber Defense Center  
CERT - Computer Emergency Response Team  
CISO - Chief Information Security Officer  
CISSP - Certified Information Systems Security Professional  
COC - Cybersecurity Operations Center  
CPP - Certified Protection Professional  
CSIRT - Computer Security Incident Response Team  
CSO - Chief Security Officer (role)  
ECES - Certified Encryption Specialist  
FIRST - Forum of Incident Response and Security Teams  
NICCS - National Initiative for Cybersecurity Careers and Studies  
NICE - [NICCS Workforce Framework for Cybersecurity](https://niccs.cisa.gov/workforce-development/nice-framework)  
OSCP - Offensive Security Certified Professional  
SOC - Security Operations Center  
SecOps - Organizational term. Collaboration between security and operations teams by sharing security responsibilities  

## Misc

APT - Advanced Persistent Threat  
Authn - Authentication  
Authz - Authorization  
BAS - Breach & Attack Simulation  
BCP - Business Continuity Plan  
BEC - Business Email Compromise  
BGH - Big Game Hunting  
BIA - Business Impact Analysis  
BSIMM - Building Security In Maturity Model  
C2 - Command & Control  
CAPTCHA - Completely Automated Public Turing Test to Tell Computers And Humans Apart  
CIA - Confidentiality; Integrity; Availability  
CISA - Cybersecurity and Infrastructure Security Agency | Certified Information Systems Auditor  
CoA - Course of Action  
CTA - Cyber Threat Intelligence
IAM - Identity & Access Management  
IOA - Indicators of Attack  
IOC - Indicators of Compromise  
MALOPS - Malicious Operations  
MTTR - Mean Time to Resolve  
PAM - Privileged Access Management  
RBAC - Role Based Access Control  
RBOM - Runtime Bill Of Materials ([Chronicle AKA SecOps](https://docs.sysdig.com/en/sysdig-secure/risk-spotlight/))  
SBOM - Software Bil Of Materials  
SDLC - Software Development Lifecycle (Also sometimes System Development Lifecycle)  
SD-WAN - Software Defined Wide Area Network  
SKU - Stock Keeping Unit (Unique identificaiton that definees an element)  
SRA - Security Response Automation  
SSS - Stack Smashing Protector (compilers)
SWOT - Strengths, Weaknesses, Opportunities, and Threats (SWOT Analysis)  
TI - Threat Intelligence   
TOCTOU - Time-of-check Time-of-use (Type of bug that can represent a vulnerability)  
TTP - Tactics, Techniques, and Procedures  
UAC - User Access Control   
VAP - Very Attacked Person  
VPN - Virtual Private Network  
YARA - Yet Another Ridiculous Acronym - Rule-based tool for malware analysis [Link](https://en.wikipedia.org/wiki/YARA)  
YARA-L - YARA for logs ([Chronicle AKA SecOps](https://cloud.google.com/chronicle/docs/detection/yara-l-2-0-overview))  

## Useful terms that are not specific to security
CCM - Cloud Controls Matrix  
NHI - Non Human Identity  
NMS - Network Management System   
NRT - Near Real Time  
TPP - Third Party Payment provider  

## Pending to be classified (Help welcome)  
_Community help will be welcome_

CAPP - Controlled Access Protection Profile  
CISSP - Certified Information Systems Security Professional (ISC2)  
CMF - Collection Management Framework  
CSA - (1) Cloud Security Alliance (2) Continuous Security Assessment  
CSP - Content Security Policy  
CTF - Capture the Flag  
CTI - Cyber Threat Intelligence  
CWE - Common Weakness Enumeration  
DEP - Data Execution Prevention  
DFIR - Digital Forensics and Incident Response  
DKIM - DomainKeys Identified Mail  
DLS - Dedicated Leak Site  
DMARC - Domain-based Message Authentication, Reporting & Conformance  
DNSSEC - Domain Name System Security Extensions  
DREAD - Damage; Reproducability; Exploitability; Affected Users; Discoverability  
EASM - Externam Attack Surface Management  
EICAR - European Institute for Computer Antivirus Research  
EPP - Endpoint Protection Platform  
FAIR - Factor Analysis of Information Risk  
FAM - File Access Monitoring  
FiDO - Fast IDentity Online  
FIM - File Integrity Monitoring  
FPC - Full Packet Capture  
GCM - Galois/Counter Mode  
GPG - GnuPG  
GRC - Governance, Risk & Compliance  
HSM - Hardware Security Module  
HSTS - HTTP Strict Transfer Protocol  
IDAM - Identity & Access Management  
IDOR - Insecure Direct Object Reference  
IdP - Identity Provider  
IETF - Internet Engineering Task Force  
IPE - Intelligence Preperation of the Environment  
IPSec - Internet Protocol Security  
IRM - Integrated Risk Management  
IRP - Incident Response Playbook  
ISC2 - International Information System Security Certification Consortium  
ISMS - Information Security Management System  
ISS - Information System Security  
KCM - Kill Chain Model  
LANGSEC - Language Security  
LOLBin - Living off the Land Binary (also LOLScripts, LOLBAS)  
NAC - Network Access Control / also NACL (Network Access Control List)    
NDB - Notifiable Data Breache(s)  
NGCI - Next Generation Cyber Infrastructure  
NGFW - Next Generation Firewall  
ODoH - Oblivious DNS over HTTPS  
OIDC - OpenID Connect  
OPSec - Operational Security  
OSCAL - Open Security Controls Assessment Language  
OSINT - Open Source Intelligence  
PASTA - Process for Attack Simulation & Threat Analysis  
PCD - Payment Card Data  
PGP - Pretty Good Privacy. See also GPG  
PFS - Perfect Forward Secrecy  
PTES - Penetration Testing Execution Standard  
PUP - Potentially Unwanted Program  
RFC - Request For Comments  
ROP - Return-oriented programming  
RP - Return Pointer  
RTR - Rapid Threat Response  
SABSA - Sherwood Applied Business Security Architecture  
SANS - SysAdmin, Audit, Network, and Security  
SAQ - Self-Assessment Questionnaire  
SCIM - System for Cross-domain Identity Management  
SSDLC - Secure Software Development Lifecycle  
SECCOMP - Secure Computing  
SFP - Saved Frame Pointer  
SOA - Statemenet of Applicability  
SOX - Sarbanes-Oxley Act  
SPF - Sender Policy Framework  
SRI - Sub-resource Integrity   
SSVC - Stakeholder-Specific Vulnerability Categorization  
STIG - Security Technical Implementation Guide  
STIX - Structured Threat Information Expression  
STRIDE - Spoofing; Tampering; Repudiation; Information disclosure; Denial of service; Elevation of Privilege  
TAXII - Trusted Automated Exchange of Intelligence Information  
TOGAF - The Open Group Architecture Framework  
XACML - eXtensible Access Control Markup Language  
XXE - XML External Entity

# Notes

\* Incubating : The term is not yet standardized

# Resources

Original list extracted from [Ghostinashell Blog](https://blog.ghostinashell.com/acronyms/)  
Enriched with terms learned from [Sysdig](https://sysdig.com)  
Added some terms from [SecureWorldExpo](https://info.secureworldexpo.com/hubfs/PDF_collateral/Acronyms_cybersecurity_SecureWorld_090419.pdf)  
Curated list of security resources [Awesome-sceurity](https://github.com/sbilly/awesome-security)  
List of products and vendors classified by security approach. [The Cloud Security List](https://list.latio.tech/)  
OWASP Open Web Application Security (nonprofit foundation). [OWASP website](https://owasp.org/)  

Public front page [Cloud Security Acronyms](https://cloudsecurelab.github.io/security-acronyms/)  
Contribute with [Cyber-Security List on Github](https://github.com/cloudsecurelab/security-acronyms/)