New to navigating the world of cybersecurity? Well this cheat sheet of cybersecurity acronyms and definitions is a great place to start!
In the current online-text based era, acronyms and definitions comprise a large portion of our lingo. Whether socially or in business, modern communication reflects the immediacy and compactness born from this text-based way of communicating.
Technology has always been inundated with acronyms and cybersecurity is no different. Getting your head around the core components of Extended Detection and Response architecture can be challenging enough without having to first decipher what XDR bringing together solutions including EDR, NDR and SIEM under a single platform even means. The main thing to remember, there are too many acronyms in cybersecurity to remember!
Acronyms
2FA: Two-factor authentication – Used to manage devices – compliant or non-compliant – that contain minimal to moderately sensitive data.
AIWhat is AI? Artificial Intelligence (AI) refers to the simulation of human intelligence processes by computers in an aim to mimic or exceed human cognitive abilities across a range of domains.... More: Artificial Intelligence – is the intelligence of machines or software that simulates human intelligence processes.
AMP: Advanced MalwareWhat is Malware?Malware, a portmanteau of "malicious software," constitutes a broad category of software specifically designed to infiltrate, damage, or disrupt computer systems, networks, and devices without the user's consent... More Protection – software is designed to prevent, detect, and help remove threats from computer systems in an efficient manner. Threats can take the form of software viruses and other malware such as ransomwareWhat is Ransomware?Ransomware is a type of cyberattack in which the attacker infects a computer with malicious software that encrypts the victim's data. The computer usually becomes locked, presenting a... More, worms, Trojans, spyware, adware, and file-less malware.
APT: Advanced Persistent Threat – A sophisticated and prolonged cyberattackWhat is a Cyberattack?A cyberattack is a deliberate and malicious attempt to exploit vulnerabilities in computer systems, networks, or software applications to cause damage, steal information, disrupt services, or gain... More targeting specific entities.
AV: Antivirus – Software designed to detect and remove malicious software from computer systems.
BEC: Business Email Compromise – Fraudulent email schemes that compromise business communication.
BOTNET: Robot Network – A network of compromised computers controlled by attackers for malicious purposes.
CAPTCHA: Completely Automated Public Turing Test to Tell Computers and Humans Apart – A challenge-response test to distinguish humans from bots.
CASB: A Cloud Access Security Broker – is an on-premises or cloud-based security policy enforcement point that is placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as cloud-based resources are accessed.
CEH: Certified Ethical Hacker – An individual certified to ethically hack systems to identify vulnerabilities.
CERT: Computer Emergency Response Team – A group that responds to and resolves cybersecurity incidents.
CI/CD – Is a method for distributing to clients frequently using automation stages of application development. The main items that are attributed to the CI / CD are continuous integration, continuous distribution, and continuous implementation.
CIO: Chief Information Officer – Responsible for the overall technology strategy and implementation in an organization.
CIS: The Center for Internet Security – publishes the CIS Critical Security Controls (CSC) to help organizations better defend against known attacks by distilling key security concepts into actionable controls to achieve greater overall cybersecurity defense.
CMMC: Cybersecurity Maturity Model Certification – is a unifying standard for the implementation of cybersecurity across the Defense Industrial Base (DIB).
CSF: The Cybersecurity Framework – was created by The National Institute of Standards and Technology (NIST) as a voluntary cybersecurity framework based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk.
CSO: Chief Security Officer – Manages and oversees an organization’s security measures and policies.
CSP: Cloud Service Provider – Offers cloud computing services, including storage and processing power.
CTI: Cyber Threat Intelligence – Informs security decisions by analyzing and understanding cyber threats.
CUI: Controlled Unclassified Information – is an umbrella term that encompasses many different markings to identify information that is not classified but which should be protected.
CVE: Common Vulnerabilities and Exposure – Identifies and standardizes information about vulnerabilities in software.
CVSS: Common Vulnerability Scoring System – Assigns a severity score to vulnerabilities, aiding in prioritization.
DLP: Data Loss PreventionData Loss Prevention (DLP) is a comprehensive approach and set of technologies designed to prevent the unauthorized disclosure or leakage of sensitive and confidential information from an organization. More – is a comprehensive approach and set of technologies designed to prevent the unauthorized disclosure or leakage of sensitive and confidential information from an organization.
DPI: Deep packet inspection or packet sniffing – is an advanced method of examining and managing network traffic.
EDR: Endpoint Detection and Response is an integrated, layered approach to endpoint protection that combines real-time continuous monitoring and endpoint data analytics with a rule-based automated response.
FIM: File Integrity Monitoring is a technology that monitors and detects changes in files that may indicate a cyberattack. Otherwise known as change monitoring, file integrity monitoring involves examining files to see if and when they change, how they change, who changed them, and what can be done to restore those files if those modifications are unauthorized.
FISMA: The Federal Information Security Management Act is a United States federal law passed in 2002 that made it a requirement for federal agencies to develop, document, and implement an information security and protection program.
GDPRWhat is GDPR? The General Data Protection Regulation (GDPR) is widely regarded as the world's strictest security and privacy law, promulgated by the European Union (EU) to regulate any organization... More: General Data ProtectionWhat is Data Protection?Data protection refers to the practice of safeguarding sensitive information from unauthorized access, disclosure, alteration, or destruction. It involves implementing policies, procedures, and technologies to ensure that... More Regulation is widely regarded as the world’s strictest security and privacy law, promulgated by the European Union (EU) to regulate any organization that collects or processes the data of EU citizens. The European Parliament signed GDPR into law in 2016, requiring all organizations to comply by May, 2018.
GRC: Governance, Risk Management, and Compliance – Manages organizational policies, risks, and compliance requirements.
HIPAAWhat is HIPAA?The Health Insurance Portability and Accountability Act (HIPAA) is a comprehensive piece of legislation enacted by the United States Congress in 1996.It serves as a vital safeguard for... More: The Health Insurance Portability and Accountability Act sets the standard for sensitive patient data protection. Companies that deal with protected health information (PHI) must have physical, network, and process security measures in place and follow them to ensure HIPAA Compliance.
IAMWhat is IAM? Identity and Access Management (IAM) is a framework of business processes, policies, and technologies to manage electronic or digital identities. IAM frameworks allow Information Technology (IT) managers... More: Identity and Access ManagementWhat is Access Management? Typically delivered as part of an Identity and Access Management (IAM) solution, access management ensures that organizations allow users the necessary resources when needed, while restricting... More is a framework of business processes, policies, and technologies to manage electronic or digital identities. IAM frameworks allow Information Technology (IT) managers to control which users can access critical information within an organization, and when.
IDS: Intrusion Detection System is a monitoring system that detects suspicious activities and generates alerts when they are detected. Based upon these alerts, a security operations center (SOC) analyst or incident responder can investigate the issue and take the appropriate actions to remediate the threat.
IOC: Indicator of compromise is a forensic term that refers to the evidence of a potential security breach on a system or network.
IPS: An Intrusion Prevention System is a form of network security that works to detect and prevent identified threats. Intrusion prevention systems continuously monitor your network, looking for possible malicious incidents and capturing information about them.
IR: Incident Response – Refers to the process of detecting, containing, and recovering from a security event.
IT and OT: IT/OT convergence is the integration of information technology (IT) systems with operational technology (OT) systems. IT systems are used for data-centric computing; OT systems monitor events, processes and devices, and make adjustments in enterprise and industrial operations.
Kill Chain: The cyber kill chain is a series of steps that trace stages of a cyberattack from the early reconnaissance stages to the exfiltration of data. The kill chain helps us understand and combat ransomware, security breaches, and advanced persistent attacks (APTs).
MDR: Managed detection and response is a cybersecurity service that combines technology and human expertise to perform threat hunting, monitoring, and response. The main benefit of MDR is that it helps rapidly identify and limit the impact of threats without the need for additional staffing.
MFAWhat is Multi-Factor Authentication?Multi-Factor Authentication (MFA) is a robust security method that enhances digital identity verification by requiring users to provide multiple authentication mechanisms before gaining access to a system,... More: Multi-factor authenticationWhat is Authentication?Authentication is the process by which the identity of a user or system is verified. It ensures that the entity attempting to access a resource is who or... More is a robust security method that enhances digital identity verification by requiring users to provide multiple authentication mechanisms before gaining access to a system, account, or application. Unlike traditional single-factor authentication, which relies solely on passwords or PINs, MFA combines two or more authentication factors.
MITRE ATT&CK: MITRE Adversarial Tactics, Techniques, and Common Knowledge framework is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s attack lifecycle and the platforms they are known to target.
ML: Machine LearningWhat is Machine Learning? Machine learning is a subset of Artificial Intelligence (AI) that involves the development of algorithms and models that enable computers to make predictions or decisions based... More is a subset of Artificial Intelligence (AI) that involves the development of algorithms and models that enable computers to make predictions or decisions based on data without being explicitly programmed.
MSP and MSSP: A Managed Service Provider ensures that the IT infrastructure of a company is operational. They are the professionals to turn to provide an enterprise with basic network requirements. A Managed Security Services Provider is a type of IT service provider whose primary focus is cybersecurity. Because of their specialized nature, MSSPs can provide a much higher level of security than MSPs and help organizations implement complex security procedures and institute appropriate practices.
MTTR & MTTD: While there are dozens of metrics available to determine success, here are two key cybersecurity performance indicators every organization should monitor:
- Mean Time to Detect (MTTD): MTTD is the average time it takes to discover a security threat or incident.
- Mean Time to Respond (MTTR): MTTR measures the average time it takes to control and remediate a threat.
NDR: Network Detection and Response enables organizations to monitor network traffic for malicious actors and suspicious behavior, and react and respond to the detection of cyber threats to the network.
NERC CIP: North American Electric Reliability Corporation Critical InfrastructureWhat is Critical Infrastructure?Critical infrastructure refers to the fundamental systems, assets, and facilities that are essential for the functioning of a society and its economy. These are the foundational elements... More Protection is a set of requirements designed to secure the assets required for operating North America’s bulk electric system.
NGIPS: Next-Generation Intrusion Prevention System is a system for enhancing network security, that comes in physical and virtual forms. It allows you to see the network’s contextual data to spot vulnerabilities, integrate with existing networks, and keep security updated with new signatures and rules.
NIST: The National Institute of Standards and Technology plays an important role in the FISMA Implementation Project launched in January 2003, which produced the key security standards and guidelines required by FISMA.
OSINT: Open-source Intelligence is the collection, analysis, and dissemination of information that is publicly available and legally accessible.
OT and ICS: Operational Technology refers to computing systems that are used to manage industrial operations as opposed to administrative operations. Industrial control systems (ICS) is a major segment within the operational technology sector. It comprises systems that are used to monitor and control industrial processes.
(PAM): Privileged access management – This typically involves the use of repository, logging, and administrative account protection. It works by having administrators go through the PAM system and check out the account which will then be authenticated and logged. When the account is checked back into, the credential will be reset, so the administrator will be forced to check the account again in order to use it.
PCI DSSPCI DSS stands for Payment Card Industry Data Security Standard. It is a set of security best practices developed to ensure the secure handling of credit and payment card data. More: The Payment Card Industry Data Security Standard is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.
RaaS: Ransomware as a Service is a business model used by ransomware developers, in which they lease ransomware variants in the same way that legitimate software developers lease SaaS products. RaaS gives everyone, even people without much technical knowledge, the ability to launch ransomware attacks just by signing up for a service.
SASE: Secure Access Service Edge combine network and security functionality in a single, cloud-native service to help secure access wherever users and applications reside.
SIEM: Security Information and Event Management is a set of tools and services offering a holistic view of an organization’s information security. SIEM tools provide real-time visibility across an organization’s information security systems. Event log management that consolidates data from numerous sources.
SOX: The United States Congress passed the Sarbanes-Oxley Act in 2002 and established rules to protect the public from fraudulent or erroneous practices by corporations and other business entities.
SSDF: The Secure Software Development Framework is a set of fundamental, sound, and secure software development practices based on established secure software development practices.
SSO: Single Sign-On – Enables users to access multiple systems with a single set of credentials.
XDR: Extended (or Cross Platform) Detection and Response brings together threat detection and response solutions, including EDR, NDR, and SIEM, under a single platform.
ZTNA: Zero TrustWhat is Zero Trust?Security measures and tools have historically been focused on fortifying defenses in an effort to keep outsiders from gaining access to an organization’s network, but this is... More Network Access – Implements a security model that verifies every user and device, minimizing trust assumptions.
Now that you have been briefly acquainted with the essentials, you can keep them handy for the next time you will encounter a vaguely familiar three-letter acronym! And if you are looking for further assistance with the endless amounts of cybersecurity terms and definitions, you will be happy to find that’s not all from us – refer to our Cybersecurity Glossary here. Be sure to subscribe to our monthly newsletter for more tips, news and insights.
