Background: While getting started in information security, I kept coming across acronyms I wasn't familiar with/ had forgotten. So I have started compiling a list, for future reference. I will keep this list updated, as I go along 😚
Common InfoSec Abbreviations
- AES: Advanced Encryption Standard
- C2: Command & Control (sometimes CC)
- CBSP: Cloud-Based Security Providers
- CSP: Content Security Policy
- CORS: Cross-Origin Resource Sharing
- CVSS: Common Vulnerability Scoring System
- DAST: Dynamic Application Security Testing
- DLP: Data-loss Prevention
- DDoS: Distributed Denial of Service
- DES: Data Encryption Standard
- DOS: Dinial of Service
- DSA: Digital Signature Algorithm
- EDR: Endpoint Detection & Response
- IPSec: Internet Protocol Security
- IIoT: (Industrial) Internet of Things
- MFA: Multi-Factor Authentication
- PAM: Privilege Access Management
- PIM: Privilege Identity Management
- RAT: Remote Adimistration Tool
- SAST: Static Application Security Testing
- SPF: Sender Policy Framework
- SSE: Server-Side Encryption
- STS: Security Token Service
- TLS: Transport Layer Security
- WAF: Web Application Firewall
- WAP: Web Application Protection
- XSS: Cross-Site Scripting
Of course, there are other, much more complete glossaries, but they can get overwhelming- these are the basics, and my personal resource. For some much more complete lists, see:
🡆 A lot of acronyms: via InfoSec Matter
🡆 Glossary of Terms: via NICCS (National Initiative for Cybersecurity Careers and Studies in the US)