2FA: 2-factor Authentication
AAA: Authentication, Authorization, and Accounting
ABAC: Attribute Based Access Control
ABI: Application Binary Interface
ACE: AccessData Certified Examiner
ACE: Access Control Entry
ACE: Arbitrary Code Execution
ACL: Access Control Lists
ADB: Android Debug Bridge
ADFS: Active Directory Federation Services
AD: Active Directory
AES: Advanced Encryption Standard
AFAIK: As Far As I Know
AFK: Away from Keyboard
AI: Artificial Intelligence
AJAX: Asynchronous JavaScript And XML
ALE: Annualized Loss Expectancy
AMS: Asset Management System
ANSI: American National Standards Institute
API: Application Programming Interface
APK: Android Package
APT: Advanced Persistent Threat
APT: Application Penetration Testing
AP: Access Point
ARO: Annualised Rate of Occurrence
ASCII: American Standard Code for Information Interchange
ASLR: Address Space Layout Randomization
ASN: Autonomous System Number
ASV: Approved Scanning Vendors
AS: Application Server
AS: Autonomous System (networking)
ATM: At the moment
ATM: Automated Teller Machine
ATP: Advanced Threat Protection (Microsoft Defender)
AUP: Acceptable Use Policy
AV: Antivirus
AV: Asset Value
AWS: Amazon Web Services
AXFR: Authoritative Zone Transfer (DNS)
BAU: Business As Usual
BBS: Bulletin Board System
BCC: Blind Carbon Copy
BCRs: Binding Corporate Rules (for intra group data transfers)
BER: Bit Error Rate
BGP: Border Gateway Protocol
BIA: Burned-in Address
BIA: Business Impact Analysis
BLOB: Binary Large Object
BMP: Bitmap Image format
BoF: Buffer Overflow
BPDU: Bridge Protocol Data Unit
BSD: Berkeley Software Distribution (UNIX)
BSOD: Blue Screen of Death (Windows crash)
BSSID: Basic Service Set Identifier
BSS: Block Started by Symbol
BTW: By the way
BYOD: Bring Your Own Device
C2: Command and Control
CACE: Excida IEC 62443 Certified Automation Cybersecurity Expert
CACS: Excida IEC 62443 Certified Automation Cybersecurity Specialist
CAMS: IMI Certfied Access Management Specialist
CAM: Computer-aided Manufacturing
CAPTCHA: Completely Automated Public Turing test to tell Computers and Humans Apart
CAP: (ISC)2 Certified Authorization Professional
CASE: EC Council Certified Application Security Engineer (.NET or Java)
CASM: GAQM Certified Agile Scrum Master
CASST: GAQM Certified Advanced Software Security Tester
CAWFE: IACIS Certified Advanced Windows Forensic Examiner
CA: Certification Authority
CBC: Cipher Block Chaining
CBSP: Cloud-based Security Providers
CCAr: Cisco Certified Architect
CCDE: Cisco Certified Design Expert
CCE: ISFCE Certified Computer Examiner
CCFE: IACRB Certified Computer Forensics Examiner
CCIE Ent: Cisco Certified Internetwork Expert - Enterprise Infrastructure
CCISO: EC Council Certified Information Security Officer
CCNA: Cisco Certified Network Associate
CCNP Ent: Cisco Certified Network Professional - Enterprise
CCNP Sec: Cisco Certified Network Professional - Security
CCPA: California’s Consumer Privacy Act
CCRMP: IBITGQ Certified in Managing Cyber Security Risk
CCSA: Checkpoint Certified Security Administrator
CCSC: CertNexus Cyber Secure Coder
CCSE: Checkpoint Certified Security Expert
CCSM: Checkpoint Certified Security Master
CCSP: (ISC)2 Certified Cloud Security Professional
CCTHP: IACRB Certified Cyber Threat Hunting Professional
CCTV: Closed Circuit Television
CCT: Cisco Certified Technician
CC: Carbon Copy
CC: Credit Cards (Carding fraud)
CDE: Cardholder Data Environemnt (network segment containing credit cards)
CDMA: Code Division Multiple Access
CDN: Content Delivery Network
CDPSE: ISACA Certified Data Privacy Solutions Engineer
CDP: Cisco Discovery Protocol
CDP: Clean Desk Policy
CDP: IMI Certified in Data Protection
CDRP: IACRB Certified Data Recovery Professional
CECS: Lunarline Certified Expert in Cloud Security
CEH: EC Council Certified Ethical Hacker
CEIA: Lunarline Certified Expert Independent Assessor
CEIM: Lunarline Certified Expert Incident Manager
CEO: Chief Executive Officer
CEPM: Lunarline Certified Expert Program Manager
CEPP: Lunarline Certified Expert Privacy Professional
CEPT: IACRB Certified Expert Penetration Tester
CEREA: IACRB Certified Expert Reserve Engineering Analyst
CERP: Lunarline Certified Expert RMF Professional
CESA: Lunarline Certified Expert Security Analyst
CESE: Lunarline Certified Expert Security Executive
CESO: Lunarline Certified Expert Security Officer
CFAA: Computer Fraud and Abuse Act
CFA: GAQM Certified Forensic Analyst
CFCE: IACIS Certified Forensic Computer Examiner
CFO: Chief Financial Officer
CFR: CertNexus CyberSec First Responder
CFSR: OpenText Certified Forensic Security Responder
CGEIT: ISACA Certified in the Governance of Enterprise IT
CGI: Common Gateway Interface
CHAT: ISECOM Certified Hacker Analyst Trainer
CHA: ISECOM Certified Hacker Analyst
CHFI: EC Council Computer Hacking Forensics Investigator
CIAM: Identify Management Institute Certified Identify and Access Manager
CIA: Confidentiality, Integrity, Availability
CIC: Cyber Intelligence Center
CIDR: Classless Inter-Domain Routing
CIFS: Common Internet File System
CIGE: IMI Certified Identity Governance Expert
CIISec: ICSF CIISec Information and Cybersecurity Fundamentals
CIISec: Chartered Institute of Information Security
CIMP: IMI Certified Identity Management Professional
CIOTSP: CertNexus Certified Internet of Things Security Practitioner
CIO: Chief Information Officer
CIPA: IMI Certified Identity Protection comptia-advanced-security-practitioner
CIPP: IAPP Certified Information Privacy Professional
CIPT: IAPP Certified Information Privacy Technologist
CIRM Fdn: IBITGQ Cyber Incident Response Management Foundation
CIRT: Computer Incident Response Team
CISA: ISACA Certified Information Systems Auditor
CISM: ISACA Certified Information Security Manager
CISO: Chief Information Security Officer
CISP: GAQM Certified Information Security Professional
CISRM: IBITGQ Certified ISO 27005 Information Security Management Specialist Risk Management
CISSM: GAQM Certified Information Systems Security Manager
CISSP: (ISC)2 Certified Information Systems Security Professional
CISST: GAQM Certified Information systems Security Tester
CIST: IMI Certfied Identity and Security Technologist
CIS F: IBITGQ Certified ISO 27001 Information Security Management Specialist Foundation
CIS IA: IBITGQ Certified ISO 27001 Information Security Management Specialist Internal Auditor
CIS LA: IBITGQ Certified ISO 27001 Information Security Management Specialist Lead Auditor
CIS LI: IBITGQ Certified ISO 27001 Information Security Management Specialist Lead Implementer
CIS RM: IBITGQ Certified ISO 27005 Information Security Management Specialist Risk Management
CIS: Center for Internet Security
CITGP: IBITGQ Certified in Implementing IT Governance - Foundation & Principles
CI/CD: Continuous Integration and either Continuous Delivery or Continuous Deployment
CI: Critical Infrastructure
CLI: Command-line Interface
CMDB: Configuration Management Database
CMDB: Content Management Database
CMFE: IACRB Certified Mobile Forensics Examiner
CMO: Chief Marketing Officer
CMS: Content Management System
CMWAPT: IACRB Certified Mobile and Web App Penetration Tester
CNA: Certification and Accreditation
CNDA: EC Council Certified Network Defense Architect
CND: EC Council Certified Network Defender
COO: Chief Operating Officer
CORS: Cross-Origin Resource Sharing
CPC: Core Protection System
CPD: GAQM Certified Project Director
CPE: Common Platform Enumeration
CPT: IACRB Certified Penetration Tester
CRC: Cyclical Redundancy Check
CREA: IACRB Certified Reverse Engineering Analyst
CREST CCSAS: CREST Certified Simulated Attack Specialist
CREST CCT: CREST Certified Infrastructure Tester
CREST CHIA: CREST Certified Host intrustion Analyst
CREST CMRE: CREST Certified Malware Reverse Engineer
CREST CNIA: CREST Certified Network Intrusion Analyst
CREST CPIA: CREST Practitioner Intrusion Analyst
CREST CPSA: CREST Practitioner Security Analyst
CREST CPTIA: CREST Practitioner Threat Intelligence Analyst
CREST CRIA: CREST Registered Intrusion Analyst
CREST CRTSA: CREST Registered Technical Security Architect
CREST CRT: CREST Registered Penetration Tester
CREST CSAM: CREST Certified Simulated Attack Manager
CREST CSAS: CREST Certified Simulated Attack Specialist
CREST CTIM: CREST Certified Threat Intelligence Manager
CREST CWAT: CREST Certified Web Application Tester
CREST CWS: CREST Certified Wireless Specialist
CREST RTIA: CREST Registered Threat Intelligence Analyst
CREST: Council for Registered Ethical Security Testers
CRFS: IMI Certified Red Flag Specialist
CRISC: ISACA Certified in Risk and Information Systems Control
CRM: Customer Relations Management
CRO: Chief Revenue Officer
CRTOP: IACRB Certified Red Team Operations Professional
CRUD: Create, Read, Update, Destroy
CSAE: Cyber Struggle AEGIS
CSAP: IACRB Certified Security Awareness Practitioner
CSA CCSK: Cloud Security Alliance Certificate of Cloud Security Knowledge
CSA CGC: Cloud Security Alliance Cloud Governance & Compliance
CSA: Consultant Service Agreement
CSA: EC Council Certified SOC Analyst
CSBA: QAI Certified Software Business Analyst
CSCU: EC Council Certified Secure Computer User
CSFA: CSIAC CyberSecurity Forensic Analyst
CSIRT: Computer Security Incident Response Team
CSMA/CD: Carrier Sense Multiple Access with Collision Detection
CSM: GAQM Certified Scrum Master
CSPRNG: Cryptographically Secure Pseudo-Random Number Generator
CSP: Content Security Policy
CSP: GAQM Certified SAFe Practitioner
CSRF: Cross-Site Request Forgery
CSR: Cyber Struggle Ranger
CSSA: IACRB Certified SCADA Security Architect
CSSLP: (ISC)2 Certified Secure Software Lifecycle Professional
CSST: GAQM Certified Software Security Tester
CSS: Cascading Style Sheets
CSV: Comma-separated Values
CSWSH: Cross-Site WebSocket Hijacking
CSX-F: IBITGQ Cyber Incident Response Management Foundation
CSX-PA: ISACA Cybersecurity Packet Analysis Certificate
CSX-P: ISACA Cybersecurity Practitioner
CSX-T: ISACA Cybersecurity Technical Foundation
CTF: Capture the Flag
CTIA: EC Council Certified Threat intelligence Analyst
CTI: Cyber Threat Intelligence
CTOps: Cyber Threat Operations
CTO: Chief Technology Officer
CTR: Click-through Rate
CUCM: Cisco Unified Communications Manager
CVE: Common Vulnerabilities and Exposures
CVSS: Common Vulnerability Scoring System
CWE: Common Weakness Enumeration
CW: Content Warning
CySA+: CompTIA Cybersecurity Analyst+
C CS F: IBITGQ Certified Cyber Security Foundation
C&A: Certification and Accreditation
C&C: Command and Control
C)CSO: Mile2 Certified Cloud Security Officer
C)DFE: Mile2 Certified Digital Forensics Examiner
C)ISCAP: Mile2 Information Systems Certification and Accredidation Professional
C)ISMS-LA: Mile2 Certified Information security Management Systems Lead Auditor
C)ISSA: Mile2 Certified Information Systems Security Auditor
C)ISSM: Mile2 Certified Information Systems Security Manager
C)ISSO: Mile2 Certified Information Systems Security Officer
C)NFE: Mile2 Certified Network Forensics Examiner
C)PEH: Mile2 Certified Professional Ethical Hacker
C)PSH: Mile2 Certified Powershell Hacker
C)PTC: Mile2 Certified Penetration Testing Expert
C)PTE: Mile2 Certified Penetration Testing Engineer
C)SLO: Mile2 Certified Security Leadership Officer
C)SP: Mile2 Certified Security Principles
C)VA: Mile2 Certified Vulnerability Assessor
C)VCP: Mile2 Certified Virtualization & Cloud Principles
C)VE: Mile2 Certified Virtualization Engineer
C)VFE: Mile2 Certified Virtualization Forensics Examiner
DACL: Discretionary Access Control List
DACRP: DRI Associate Cyber Resilience Professional
DAO: Direct Access Object
DAST: Dynamic Application Security Testing
DBA: Database Administrator
DCBCA: DRI Certified Business Continuity Auditor
DCBCLA: DRI Certified Business Continuity Lead Auditor
DCCRP: DRI Certified Cyber Resilience Professional
DCOM: Distributed Component Object Model
DCPP: DSCI Certified Privacy Professional
DCRMP: DRI Certified Risk Management Professional
DCSA: Defense Counterintelligence and Security Agency
DCS: Data Communication Systems
DCS: Distributed Control System
DC: Data Center
DC: Domain Controller (Active Directory)
DDE: Dynamic Data Exchange
DDoS: Distributed Denial of Service
DES: Data Encryption Standard
DevNet A: Cisco DevNet Associate
DevNet Pro: Cisco DevNet Professional
DFIR: Digital Forensics Incident Response
DH: Diffie-Hellman key exchange
DISA: Defense Information Systems Agency
DKIM: Domain Keys Identified Mail
DLL: Dynamic-link Library
DLP: Data Loss Prevention
DMARC: Domain-based Message Authentication, Reporting & Conformance
DMA: Direct Memory Access
DMZ: Demilitarized Zone
DM: Direct Message
DNS: Deferred Net Settlement (banking)
DNS: Domain Name System
DN: Distinguished Name (LDAP)
DOB: Date of Birth
DOM: Document Object Model
DoS: Denial of Service
DPAPI: Data Protection API
DPA: Data Processing Agreement
DPA: Data Protection Act (UK law)
DPIA: Data Protection Impact Assessment
DPP: Data and Privacy Protection
DRAC: Dell Remote Access Control
DRI: Disaster Recovery Institute
DRM: Digital Rights Management
DRP: Disaster Recovery Planning
DR: Disaster Recovery
DSA: Digital Signature Algorithm
DSCI: Data Security Council of India
DTP: Dynamic Trunking Protocol (Cisco)
EBS: Amazon Elastic Block Store
eCDFP: eLearnSecurity Certified Digital Forensics Professional
ECES: EC Council Certified Encryption Specialist
ECIH: EC Council Certified Incident Handler
eCIR: eLearnSecurity Certified Incident Responder
eCMAP: eLearnSecurity Certified Malware Analysis Professional
eCPPT: eLearnSecurity Certified Professional Penetration Tester
eCPTX: eLearnSecurity Certified Penetration Tester eXtreme
eCRE: eLearnSecurity Certified Reverse Engineer
ECSA: EC Council Certified Security Analyst
ECSS: EC Council Certified Security Specialist
eCTHP: eLearnSecurity Certified Threat Hunting Professional
eCXD: eLearnSecurity Certified eXploit Developer
EDRP: EC Council Disaster Recovery Professional
EDR: Endpoint Detection and Response
EEHF: EXIN Ethical Hacking Foundation
EEXIN ISM: EXIN Information Security Management Expert
EFF: Electronic Frontier Foundation
EF: Exposure Factor
EICAR: Antivirus test file
EIGRP: Enhanced Interior Gateway Routing Protocol
EISM: EC Council Information Security Manager
EITCA/IS: EITCA/IS Information Security Certificate
eJPT: eLearnSecurity Junior Penetration Tester
ELF: Executable and Linkable Format
EL: Engagement Letter
eMAPT: eLearnSecurity Mobile Application Penetration Tester
EMR: Electromagnetic Radiation
EnCE: OpenText EnCase Certified Examiner
eNDP: eLearnSecurity Network Defense Professional
EOL: End of Life
EOP: Elevation/Escalation of Privilege
EOR: Employer of Record
EPDPE: EXIN Privacy and Data Protection Essentials
EPDPF: EXIN Privacy and Data Protection Foundation
EPDPP: EXIN Privacy and Data Protection Practitioner
EPT: External Penetration Testing
ERP: Enterprise Resource Planning
ES: Enterprise Security
ETA: Evil Twin Attack (Wi-Fi)
EVP: Executive Vice President
eWDP: eLearnSecurity Web Defense Professional
eWPTX: eLearnSecurity Web Application Penetration Tester eXtreme
eWPT: eLearnSecurity Web Application Penetration Tester
EXIN CIT: EXIN Cyber & IT Security
EXIN PCA: EXIN Professional Cloud Administrator
EXIN PCSA: EXIN Professional Cloud Solution Architect
EXIN PCSerM: EXIN Professional Cloud Service Manager
EXIN PCSM: EXIN Professional Cloud Security Manager
F5 CA: F5 Big-IP Certified Administrator
F5 CSE Sec: F5 Big-IP Certified Solution Expert - Security
F5 CTS APM: F5 Big-IP Certified Technical Specialist - Access Policy Manager
F5 CTS DNS: F5 Big-IP Certified Technical Specialist - Domain Name Services
FDE: Full Disk Encryption
FERPA: Family Educational Rights and Privacy Act
FEXIN: EXIN Information Secourity Foundation
FIM: File Integrity Monitoring
FQDN: Fully Qualified Domain Name
FTC: Full Time Contract
FTE: Full Time Employee
FTP: File Transfer Protocol
FUD: Fear, Uncertainty and Doubt
FW: Firewall
FYI: For Your Information
FYSA: For Your Situational Awareness
GAQM: Global Association for Quality Management
GASF: GIAC Advanced Smartphone Forensics
GAWN: GIAC Assessing Wireless Networks
GBFA: GIAC Battlefield Forensics and Acquisition
GCCC: GIAC Critical Controls Certification
GCDA: GIAC Certified Detection Analyst
GCED: GIAC Certified Enterprise Defender
GCFA: GIAC Certified Forensic Analyst
GCFE: GIAC Cerified Forensics Examiner
GCIA: GIAC Certified Intrusion Analyst
GCIH: GIAC Certified Incident Handler
GCIP: GIAC Critical Infrastructure Protection
GCPEH: GAQM Certified Professional Ethical Hacker
GCPM: GIAC Certified Project Manager
GCPT: GAQM Certified Penetration Tester
GCSA: GIAC Cloud Security Automation
GCTI: GIAC Cyber Threat Intelligence
GCWN: GIAC Certified Windows Security Administrator
GC: Garbage Collection
GDAT: GIAC Defending Advanced Threats
GDPR: General Data Protection Regulation
GDSA: GIAC Defensible Security Architecture
GEOINT: Geospatial Intelligence
GEVA: GIAC Enterprise Vulnerability Assessor
GIAC: Global Information Assurance Certification
GICSP: GIAC Global Industrial Security Professional
GISF: GIAC Information Security Fundamentals
GISP: GIAC Information Security Professional
GLEG: GIAC Law of Data Security & Investigations
GMOB: GIAC Mobile Device Security Analyst
GMON: GIAC Continuous Monitoring
GNFA: GIAC Network Forensic Analyst
Google ACE: Google Associate Cloud Engineer
Google PCSA: Google Professional Cloud Architect
Google PCSE: Google Professional Cloud Security Engineer
GOSI: GIAC Open Source Intelligence
GPEN: GIAC Certified Penetration Tester
GPG: GNU Privacy Guard
GPO: Group Policy Object
GPPA: GIAC Certified Perimeter Protection Analyst
GPP: Group Policy Preferences (Active Directory)
GPYC: GIAC Python Coder
GRC: Governance, Risk and Compliance
GREM: GIAC Reverse Engineering Malware
GRE: Generic Routing Encapsulation
GRID: GIAC Response and Industrial Defense
GSEC: GIAC Security Essentials Certification
GSE: GIAC Security Expert
GSLC: GIAC Security Leadership Certification
GSM: Global System for Mobile (communications)
GSNA: GIAC Systems and Network Auditor
GSSP: GIAC Secure Software Programmer JAVA or .NET
GSTRT: GIAC Strategic Planning, Policy and Leadership
GUID: Globally Unique Identifier
GUI: Graphical User Interface
GWAPT: GIAC Web Application Penetration Tester
GWEB: GIAC Certified Web Application Defender
GWT: Google Web Toolkit
GXPN: GIAC Exploit Researcher and Advanced Penetration Tester
HIDS: Host IDS (Intrusion Detection System)
HIPAA: Health Insurance Portability Accountability Act
HIPS: Host IPS (Intrusion Prevention System)
HKCC: HKEY_CURRENT_CONFIG Windows registry hive
HKCR: HKEY_CLASSES_ROOT Windows registry hive
HKCU: HKEY_CURRENT_USER Windows registry hive
HKLM: HKEY_LOCAL_MACHINE Windows registry hive
HKU: HKEY_USERS Windows registry hive
HMAC: Hash-based Message Authentication Code
HOF: Hall of Fame
HPP: HTTP Parameter Pollution
HSTS: HTTP Strict Transport Security
I2P: Invisible Internet Project
IaaS: Infrastructure as a Service
IACIS: International Association of Computer Investigative Specialists
IACRB: Information Assurance Certification Review Board
IAM: Identity Access Management
IANAL: I am not a lawyer
IAPP: International Association of Privacy Professionals
IAR: Information Asset Register
IAST: Interactive Application Security Testing
IAVA: Information Assurance Vulnerability Alert
IAVM: Information Assurance Vulnerability Management
IBITGQ: International Board for IT Governance Qualifications
ICE: Intrusion Countermeasures Electronics
ICMP: Internet Control Message Protocol
ICS: Incident Command System
ICS: Industrial Control System
IDE: Integrated Development Environment
IDM: Identity Management
IDOR: Insecure Direct Object Reference
IDS: Intrusion Detection System
ID: Information Disclosure
IEC: International Electrotechnical Commission
IEEE: Institute of Electrical and Electronics Engineers
IETF: Internet Engineering Task Force
IG: Information Governance
IIA CIA: Institute of Internal Auditors Certified Internal Auditor
IIA: Institute of Internal Auditors
IIBA CCA: IIBA Certification in Cybersecurity Analysis
IIBA: International Institute of Business Analysis
IIoT: Industrial Internet of Things
IIRC: If I recall correctly
IKE: Internet Key Exchange
iLO: HP Integrated Lights Out
IMI: Identity Management Institute
IMMA: Isolate, Minimize, Monitor, Active Defense (IR)
IMPS: Immediate Payment Service (banking)
IM: Instant Messaging
IOC: Indicator of Compromise
IoT: Internet of Things
IPMI: Intelligent Platform Management Interface
IPP: Internet Printing Protocol
IPsec: Internet Protocol Security
IPS: Intrusion Prevention System
IPT: Internal Penetration Testing
IP: Intellectual Property
IP: Internet Protocol
IRC: Internet Relay Chat
IRL: In real life
IRM: Information Rights Management
IRP: Incident Response Plan or Policy
IR: Incident Response
ISACA: Information Systems Audit and Control Association
ISAC: Information Sharing and Analysis Center
ISAKMP: Internet Security Association Key Management Protocol
ISA CE: ISA Cybersecurity Expert
ISA CFS: ISA Certified Fundamentals Specialist
ISA CRAS: ISA Certified Risk Assesment Specialist
ISA: International Society of Automation
ISECOM: Institute for Security and Open Methodologies
ISMS: Information Security Management System
ISM: Information Security Manual
ISO: Information System Owner (in RMF - Risk Management Framework)
ISO: International Organization for Standardization
ISP: Internet Service Provider
ISSAF: Information Systems Security Assessment Framework
ITIL Fdn: ITIL Foundation
ITIL Master: ITIL Master
ITIL MP ITIL: Managing Professional
ITIL SL ITIL: Strategic Leader
ITIL: Information Technology Infrastructure Library
IT: Information Technology
I&C: Instrumentation and Control
JCE: Java Cryptography Extension
JMX: Java Management Extensions
JNCIA Sec: Juniper Networks Certified Internet Associate, Security
JNCIE Sec: Juniper Networks Certified Internet Expert, Security
JNCIP Sec: Juniper Networks Certified Internet Professional, Security
JNCIS Sec: Juniper Networks Certified Internet Specialist, Security
JPEG: Joint Photographic Experts Group
JSON: JavaScript Object Notation
JSP: Jakarta Server Pages
JSP: Java Servlet Pages
JS: JavaScript
JVM: Java Virtual Machine
JWT: JSON Web Token
K8S: Kubernetes
KC: Kill Chain
KLCP: Kali Linux Certified Professional
KMaaS: Key Management as a Service
KMS: Key Management Service
LAMP: Linux, Apache, MySQL, and PHP
LAN: Local Area Network
LDAP: Lightweight Directory Access Protocol
LE: Let's Encrypt
LFCA: Linux Foundation Certified IT Associate
LFCE: Linux Foundation Certified Engineer
LFCS: Linux Foundation Certified System Administrator
LFI: Local File Inclusion
LKM: Loadable Kernel Modules
LLMNR: Link-Local Multicast Name Resolution protocol
LM: LAN Manager (Windows)
LOIC: Low Orbit Ion Cannon
LPA: Least Privilege Access
LPE: Local Privilege Escalation
LPIC-1: Linux Professional Institute Certified: Linux Administrator
LPIC-2: Linux Professional Institute Certified: Linux Engineer
LPIC-3: Linux Professional Institute Certified: 303 Security
LPT: EC Council Licensed Penetration Tester
LSASS: Local Security Authority Subsystem Service
LTE: Long-Term Evolution
LTS: Long-Term Support
M365 EAE: Microsoft 365 Certified Enterprise Administrator Expert
MAC: Mandatory Access Control
MAC: Media Access Control (MAC address)
MAC: Message Authentication Code
MAC: Milestone Acceptance Certificate
MD5: Message Digest 5 (hash)
MDR: Managed Detection and Response
MFA: Multi-factor Authentication
MIME: Multipurpose Internet Mail Extensions
MISP: Malware Information Sharing Platform
MitM: Man-in-the-Middle
MMC: Microsoft Management Console
MOTD: Message of the day banner
MPLS: Multi-Protocol Label Switching
MQ: Message Queue
MRA: Mobile and Remote Access
MSA: Master Service Agreement
MSCT: Microsoft Security Compliance Toolkit
MSSP: Managed Security Services Provider
MS: Member Server (Active Directory)
MS: Microsoft
MTA: Microsoft Technology Associate
MVP: Mimimum Viable Product (the smallest, simplest thing that meets the criteria)
NAC: Network Access Control
NAT: Network Address Translation
NBNS: NetBIOS Name Service
NCSC CCPLP: NCSC Certified Cybersecurity Professional - Lead Practitioner
NCSC CCPP: NCSC Certified Cybersecurity Professional - Practitioner
NCSC CCPSP: NCSC Certified Cybersecurity Professional - Senior Practitioner
NCSC: National Cyber Security Centre
NCS: National Cybersecurity Strategy
NDA: Non-disclosure agreement
NEFT: National Electronic Funds Transfer (banking)
Net+: CompTIA Network+
NFS: Network File System
NGFW: Next Generation Firewall
NIDS: Network IDS (Intrusion Detection System)
NIPS: Network IPS (Intrusion Prevention System)
NIST: National Institute of Science & Technology
NLA: Network Level Authentication
NOC: Network Operations Centre
NOP: No Operation
NPE: Null Pointer Exception
NSE 4: FortiNET Network Security Professional
NSE 7: FortiNET Network Security Architect
NSE 8: Fortinet Network Security Expert
NTLM: New Technology LAN Manager (Windows)
NVD: National Vulnerability Database
OBOE: Off-by-one Error
OCR: Optical Character Recognition
OEM: Original Equipment Manufacturer
OOB: Out-of-band
OOP: Object-oriented Programming
OPSA: ISECOM OSSTMM Professional Security Analyst
OPSEC: Operations Security
OPSE: ISECOM OSSTMM Professional Security Expert
OPST: ISECOM OSSTMM Professional Security Tester
OSCE: Offensive Security Certified Expert
OSCP: Offensive Security Certified Professional
OSEE: Offensive Security Exploitation Expert
OSEP: Offensive Security Experienced Penetration Tester
OSGI: Open Services Gateway Initiative
OSINT: Open Source Intelligence
OSPF: Open Shortest Path First
OSSTMM: Open Source Security Testing Methodology Manual
OSWE: Offensive Security Web Expert
OSWP: Offensive Security Wireless Professional
OTA: Over-the-air programming
OTP: One-time Password
OTX: Open Threat Exchange
OT: Operational Technology
OWASP: Open Web Application Security Project
OWA: Outlook Web Access
OWSE: ISECOM OSSTMM Wireless Security Expert
P2P: Peer to Peer
PaaS: Platform as a service
PACES: Pentester Academy Certified Enterprise Security Specialist
PAM: Post-Accident Monitoring
PAN: Personal Area Network
PAN: Primary Account Number
PASTA: Process for Attack Simulation and Threat Analysis
PA CRTE: Pentester Academy Certified Red Teaming Expert
PA CRTP: Pentester Academy Certified Red Team Professional
PCAP: Packet Capture
PCCSA: Palo Alto Networks Certified Cybersecurity Associate
PCIDSS: Payment Card Industry Data Security Standards
PCI: Payment Card Industry
PCNSA: Palo Alto Networks Certified Network Security Administrator
PCNSE: Palo Alto Networks Certified Network Security Engineer
PCRE: Perl-compatible Regular Expressions
PDF: Portable Document Format
PEBCAK: Problem Exists Between Chair and Keyboard
PEBKAC: Problem Exists Between Keyboard And Chair.
PEB: Process Environment Block
Pentest+: CompTIA Pentest+
PERSEC: Personal Security (military)
PEXIN ISM: EXIN Information Security Management Professional
PE: Portable Executable (Windows executable)
PE: Privilege Escalation
PFS: Perfect Forward Secrecy
PGP: Pretty Good Privacy
PHI: Protected Health Information
PHR: Personal Health Record
PIC: Position Independent Code
PID: Process Identifier
PII: Personally Identifiable Infomation
PIN: Personal Identification Number
PKI: Public Key Infrastructure
PLC: Programmable Logic Controller
PLC: Programmable Logic Controllers
PLD: Payload
PMI: Project Management Institute
PMP: Project Management Professional certification
PM: Product Manager
PM: Program Manager
PNG: Portable Network Graphics
POA&M: Plan of Action & Mitigation
PoC: Proof of Concept
PoE: Power over Ethernet
POP: Post Office Protocol
POP: Procedure-oriented Programming
PO: Purchase Order
PPPoEoA: PPPoE over ATM
PPPoE: Point-to-Point Protocol over Ethernet
PPP: Point-to-Point Protocol
PPP: Public Private Partnership
PPS: Plant Protection System
PRNG: Pseudo-Random Number Generator
PSH: Powershell
PSK: Pre-shared Key
PTES: Penetration Testing Execution Standard
PTO: Personal Time Off
PTRF: Penetration Test Request Form
PTR: DNS pointer record (hostname -> IP)
PTR: Penetration Test Request
PT: Penetration Test
QR: Quick Response code
QSA: Quality Security Assessor
RASP: Runtime Application Self-Protection
RAT: Remote Access Tool
RAT: Remote Administration Tool
RBAC: Role Based Access Control
RBA: Risk-based Assessment
RCA: Root Cause Analysis
RCE: Remote Code Execution
RCP: Remote Copy
RDP: Remote Desktop Protocol
REST: Representational State Transfer (web services)
REXEC: Remote Execute
RE: Reverse Engineering
RFID: Radio Frequency Identification (card)
RFI: Remote File Inclusion
RFI: Request For Information
RFP: Request For Proposal
RFQ: Request for Quotation
RHCA: Red Hat Certified Architect
RHCE: Red Hat Certified Engineer
RHCSA: Red Hat Certified System Administrator
RMF: Risk Management Framework
RMI: Remote Method Invocation
RM: Records Management
RoE: Rules of Engagement
ROM: Read-Only Medium
ROM: Read-Only Memory
ROPA: Record of Processing Activity (GDPR article 30)
ROP: Return Oriented Programming
RPC: Remote Procedure Call
RPO: Recovery Point Objective
RSA: Rivest-Shamir-Adleman (encryption)
RSH: Remote Shell
RTFM: Read The Fucking Manual
RTGS: Real-Time Gross Settlement (banking)
RTO: Recovery Time Objective
RTP: Real-time Transport Protocol
SaaS: Security as a Service
SaaS: Software as a Service
SABSA SCF: SABSA Chartered Security Architect - Foundation Certificate
SABSA SCM: SABSA Chartered Security Architect - Master Certificate
SABSA SCP: SABSA Chartered Security Architect - Practitioner Certificate
SAML: Security Assertion Markup Language
SANS: SysAdmin Audit Network Security institute
SASL: Simple Authentication and Security Layer
SAST: Static Application Security Testing
SA: Security Association (VPN)
SA: Situational Awareness
SBC: Session Border Controller
SBC: Single Board Computer
SCADA: Supervisory Control And Data Acquisition
SCA: Software Composition Analysis
SCA: SUSE Certified Administrator
SCCM: System Center Configuration Manager
SCCs: Standard Contractual Clauses
SCD: Source Code Disclosure
SCE: SUSE Certified Engineer
SDA: Sensitive Digital Assets
SDK: Software Development Kit
SDLC: Software Development Lifecycle
SDN: Software-defined Networking
SECaaS: Security as a Service
SECO: Security & Continuity Institute
SEH: Structured Exception Handling
SFCCCC: SalesForce Certified Community Cloud Consultant
SFCIAMD: SalesForce Certified Identity and Access Management Designer
SFCTA: Salesforce Certified Technical Architect
SFSA: SalesForce System Architect
SHA: Secure Hash Algorithm
SID: Security Identifier (Windows)
SIEM: Security Information and Event Management
SIP: Session Initiation Protocol
SIR: Security Incident Response (plan)
SLAAC: Stateless Address Autoconfiguration (attack)
SLA: Service-level Agreement
SLD: Second-level Domain
SLE: Single Loss Expentancy
SMB: Server Message Block
SME: Subject Matter Expert
SMTP: Simple Mail Transfer Protocol
SNMP: Simple Network Management Protocol
SOAP: Simple Object Access Protocol
SOAR: Security Orchestration, Automation and Response
SOA: Service-oriented Architecture
SOA: Start of authority record (DNS)
SOCaaS: Security Operations Center as a Service
SOCKS: Socket Secure protocol
SOCMINT: Social Media Intelligence
SOC: Security Operations Center
SOC: System On a Chip
SOHO: Small Office, Home Office
SOP: Same-origin Policy
SOP: Standard Operating Procedure
SOW: Statement of Work
SPF: Sender Policy Framework
SPI: Security Parameter Index
Splunk ECSA: Splunk Enterprise Security Certified Administrator
SPN: Service Principal Name
SQLi: SQL Injection
SRE: Site Reliability Engineering
SRI: Security Risk Intelligence
SRP: Software Restriction Policies (Windows)
SSCP: (ISC)2 Systems Security Certified Practitioner
SSDLC: Secure Software Development Lifecycle
SSE: Server Side Encryption
SSH: Secure Shell
SSID: Service Set Identifier
SSI: Server Side Includes
SSL: Secure Sockets Layer
SSN: Social Security number
SSO: Single Sign-on
SSP: Security Support Provider
SSRF: Server-side Request Forgery
STEM: Science, Technology, Engineering, and Math
STIG: Security Technical Implementation Guides
STIX: Structured Threat Information Expression
STP: Spanning Tree Protocol
STS: Security Token Service
STUN: Session Traversal Utilities for NAT
SVP: Senior Vice President
SWRE: Software Reverse Engineering
S-CEHL: SECO Certified Etheical Hacker Leader
S-CISO: SECO Certified Information Security Officer
S-EHE: SECO Ethical Hacker Expert
S-EHF: SECO Ethical Hacking Foundation
S-EHP: SECO Ethical Hacking Practitioner
S-ISF: SECO Information Security Foundation
S-ISME: SECO Information Security Management Expert
S-ISP: SECO Information Security Practitioner
S-SPF: SECO Secure Programming Foundation
TBD: To Be Discussed
TBD: To Be Done
TCO: Total Cost of Ownership
TCP: Transmission Control Protocol
TEB: Thread Environment Block
TGT: Ticket Granting Ticket (Kerberos)
TI: Threat Intelligence
TKIP: Temporal Key Integrity Protocol
TLDR: Too long, didn't read
TLD: Top-level Domain
TLS: Transport Layer Security
TOCTOU: Time-of-check to time-of-use (race condition)
ToE: Target of Evaluation
TOGAF: Fdn OpenGroup TOGAF Certified
TOGAF: The Open Group Architecture Framework
TOR: The Onion Router
TOTP: Time-based One-time Password
TPM: Technical Product Manager
TPM: Technical Program Manager
TPM: Trusted Platform Module
TPoC: Technical Point of Contact
TTD: Time to Detection
TTL: Time to live (IP, DNS, HTTP protocols)
TTP: Tactics, Techniques, and Procedures
UAC: User Account Control
UAT: User Acceptance Testing
UBA: User Behaviour Analytics
UC: Unified Communications
UC: Unintended Consequences
UDP: User Datagram Protocol
UEBA: User and Entity Behaviour Analytics
UPI: Unified Payments Interface (banking)
UPS: Uninterruptible Power Supply
URI: Uniform Resource Identifier
URL: Uniform Resource Locator
URN: Uniform / Universal Resource Name
UTMS: Universal Mobile Telecommunications Service
UUID: Universally Unique Identifier
VAPT: Vulnerability Assessment and Penetration Test
VA: Vulnerability Assessment
VCDX DCV: VMware Certified Design Expert in Datacenter Virtualization
VCIX DCV: VMware Certified Implementation Expert in Datacenter Virtualization
VCIX NV: VMware Certified Implementation Expert in Network Virtualization
VCP DCV: VMware Certified Professional in Datacenter Virtualization
VCP NV: VMware Certified Professional in Network Virtualization
VCS: Cisco TelePresence Video Communication Server (SIP trunk)
VDI: Virtual Desktop Infrastructure
VDP: Vulnerability Disclosure Program
VLAN: Virtual Local Area Network
VLOM: Vulnerability Lifecycle Management
VMP: Vulnerability Management Program
VM: Virtual Machine
VM: Vulnerability Management
VNC: Virtual Network Computing
VoIP: Voice over Internet Protocol
VPC: Virtual Private Cloud
VPLS: Virtual Private LAN Service
VPN: Virtual Private Network
VPRN: Virtual Private Routed Network
VPR: Vulnerability Priority Rating
VPS: Virtual Private Server
VP: Vice President
VR: Vulnerability Research
VSA: Vendor Security Assessment
WAF: Web Application Firewall
WAMP: Windows, Apache, MySQL, and PHP
WAN: Wide Area Network
WAPT: Web Application Penetration Test
WAP: Web Application Protection
WAP: Wireless Access Point
WCE: Windows Credentials Editor
WCNA: Protocol Analysis Institute Wireshark Certified Network Analyst
WebDAV: Web Distributed Authoring and Versioning
WEP: Wired Equivalent Privacy
WIDS: Wireless Intrusion Detection System
WIPS: Wireless Intrusion Prevention System
WIP: Work in Progress
WMI: Windows Management Instrumentation
WPA: Wi-Fi Protected Access
WUI: Web User Interface
XHR: XMLHttpRequest
XMPP: Extensible Messaging and Presence Protocol
XOR: Exclusive Or (encryption)
XSLT: Extensible Stylesheet Language Transformations
XSL: Extensible Stylesheet Language
XSRF: Cross Site Request Forgery
XSS: Cross Site Scripting
XXE: XML External Entity
YARA: Yet Another Recursive Acronym
Zach EAA: Zachman Enterprise Architect Associate (Level 1)
Zach EAPro: Zachman Enterprise Architect Professional (Level 3)
Zach EAP: Zachman Enterprise Architect Practitioner (Level 2)
ZT: Zero Trust