Below you’ll see a (long) list of acronyms that I’ve encountered during my last couple of years breaking into the Cybersecurity realm. A lot of them are mainly for reference, and many relate to each other, but some require some extra elaboration in order to understand how they fit into Cybersecurity, so I do my best to provide information in how they’re related to the overarching themes in Cybersecurity.
If there’s any you think I’m missing, please let me know in the comments and I will add it ASAP! Thanks for reading and Godspeed on your journey!
AAA – Authentication, Authorization, and Accounting is a security framework that controls access to computer resources, enforces policies, and audits usage
ACL – Access Control Lists
AH – Authentication Header – IPsec protocol that offers authentication and integrity
(Related: ESP – Encapsulating Security Payload)
AITM – Adversary in the Middle
ANSSI – Agence nationale de la sécurité des systèmes d’information
(France’s National Cybersecurity Agency)
APP – Authorized Push Payments
APT – Advanced Persistent Threat
ASR – Application Security Rationale (related: PASR)
ASPI – Australian Strategic Policy Institute
ASRM – Attack Surface Risk Management
ATT&CK – Adversarial Tactics, Techniques, and Common Knowledge
AWS – Amazon Web Services
BAS – Breach and Attack Simulation
BEC – Business Email Compromise
(related: EAC – Email Account Compromise)
BYOD – Bring Your Own Device
BYOVD – Bring Your Own Vulnerable Driver
BMC – baseboard management controller
CA – Certificate Authorities
CALEA – Communications Assistance for Law Enforcement Act
C&C traffic – Command and Control traffic
(example: techradar)
CI/CD – continuous integration, continuous deployment
CIDR – Classless Inter-Domain Routing
CDN – Content Delivery Network
CHAOSS – Community Health Analytics in Open Source Software
CIRCIA – Cyber Incident Reporting for Critical Infrastructure Act
CIS – Center for Internet Security
CISA – US Cybersecurity and Infrastructure Security Agency
CMA – Computer Misuse Act
CMMC – Cybersecurity Maturity Model Certification
CNAs – CVE Numbering Authorities
CNI – Critical National Infrastructure
CSA – Cyber Security Advisory
CSIRT – Computer Security Incident Response Team
CSRB – Cyber Safety Review Board
CRA – (EU) Cyber Resilience Act
CRI – Cyber Risk Index
CRQC – Cryptanalytically Relevant Quantum Computer
CUI – Controlled Unclassified Information
CVE – Common Vulnerabilities & Exposures
DCMA – Digital Millennium Copyright Act
DEI – Diversity, Equity, Inclusion
DFARS – Defense Federal Acquisition Regulation Supplement
DHS – Department of Homeland Security
DICT – Department of Information and Communications Technology
DoD – Department of Defense
DTCC – Depository Trust and Clearing Corporation
EAC – Email Account Compromise
EC3 – Europol’s European Cybercrime Centre
ECPA – Electronic Communications Privacy Act
EDR – Endpoint Detection and Response
(related: NDR – Network Detection and Response)
EDTR – Endpoint Detection and Threat Response
EHR – Electronic Health Record
EI-SIG – Elections Industry Special Interest Group
ESP – Encapsulating Security Payload
(Related: Authentication Header)
IPsec protocol that offers authentication, integrity, and encryption
ETSI – European Telecommunications Standards Institute // http://www.etsi.org
FCEB – Federal Civilian Executive Branch
FCRA – Federal Credit Reporting Act
FCI – Federal Contract Information
FedRAMP – Federal Risk and Authorization Management Program
Global CAPE – Global Cooperation Arrangement for Privacy Enforcement
GEPF – Africa’s Government Employees Pension Fund
GPAA – South African Government Pensions Administration Agency
GSP – Google Search Partners
HASC – (London) House of Commons Home Affairs Select Committee
Related link, The Record
HC3 – Health Sector Cybersecurity Coordinator Center
HHS – (US Dept of) Health and Human Services
HSCC – Health Sector Coordinating Council
HMI – Human Management Interfaces
IAB – Initial Access Brokers
IAM – Identity and Access Management
IANA – Internet Assigned Numbers Authority
ICBC – Industrial & Commercial Bank of China
ICC – International Criminal Court
ICMP – Internet Control Message Protocol
ICO – Information Commissioners Office
ICS – industrial control systems
IFEO – Image File Execution Options
IKE – Internet Key Exchange
IICSWG – Interagency International Cybersecurity Standardization Working Group
IT-ISAC – Information Technology Information Sharing Analysis Center
IOC – Indicators of Compromise
IPMI – Intelligent Platform Management Interface LP
ISP – Internet Service Provider
JRC – Joint Research Centre
KISA – Korea Internet & Security Agency
KDC – Key Distribution Center
MFA – Multi-factor authentication
MFT – Manage File Transfer
MLAT – Mutual Legal Assistance Treaty
MoD – Ministry of Defence (UK)
MUA – Mail User Agent
MSP – Managed Service Provider
MS-ISAC – Multi state, Information Sharing and Analysis Center
NAT – Network Address Translation
NAS – Network Attached Storage
NCA – UK National Crime Agency
NCSC – National Cyber Security Center
NDAA – National Defense Authorization Act
NDR – Network Detection and Response
(related: EDR)
NTP – Network Time Protocol
NSA – National Security Agency
NSCC – National Securities Clearing Corporation
OCG – Organized Cyber Gang
ODNI – Office of the Director of National Intelligence
OFSI – UK Office of Financial Sanctions Implementation
ONCD – Office of the National Cyber Director
OSINT – Open Source Intelligence
OSS – Open Source Software
OT – Operational Technology
ONCD – Office of the National Cyber Director
PASR – Prediction Application Security Rationale
PERF – Police Executive Research Forum
PGP – Pretty Good Privacy
PIN – Private Industry Notification
PKI – Public Key Infrastructure
PLC – Programmable Logic Controllers
POP – Property Oriented Programming
PPA – Privacy Protection Act
PQC – Post Quantum Cryptography
PSR – Payment Systems Regulator
RASP – Runtime Application Self-Protection
RAT – Remote Access Tool
(example: Abaddon RAT-techradar)
RCE – Remote Code Execution
RFI – Request for Information
RUSI – Royal United Services Institute
SAML – Security Assertion Markup Language
SBAT – Secure Boot Advanced Targeting
SBOM – Software Bill of Materials
SCRM – Supply Chain Risk Management
SEC – Securities and Exchange Commission
SEO – Search Engine Optimization (poisoning?)
SIRT – Security Intelligence Response Team
SIEM – Security Information and Event Management
SLTT – State Local Tribal Territorial
SMB – Small/Midsize Business
SMB – Server Message Block
SMTP – Simple Mail Transport Protocol
SNAP – Social Network Analysis and Propensities
SOP – Standard Operating Procedures
SPN – Service Principal Names
SRMA – Sector Risk Management Agency
SSDP – Simple Service Discovery Protocol
STP – Straight Through Processing
TAC – Technical Assistance Center
TAG – (usually Google’s) Threat Analysis Group
TETRA – Terrestrial Trunked Radio Protocol
TDS – Traffic Distribution System
TLD – Top Level Domains
TLS/SSL – Transport Layer Security, Secure Sockets Layer
– Review of Famous TLS/SSL attacks
TPRM – Third-Party Risk Management
TTP – Tactics, Techniques, and Procedures
UEFI – Unified Extensible Firmware Interface
UTC – Coordinates Universal Time
VPS – Virtual Private Servers
WAF – Web Application Firewalls
WWS – Water and Wastewater Systems
(Aspiring) Cybersecurity Savant 