Acronyms in Cybersecurity

Familiarise with all the commonly used acronyms in cybersecurity world.

The following set of acronyms are the more commonly used definitions which you will find it useful in understanding the various terms. We will continue to update this list, do drop us a mail at This email address is being protected from spambots. You need JavaScript enabled to view it. if you would like to add to this list!


  • Access control list (ACL). An internal computerized table of access rules regarding the levels of computer access permitted to logon IDs and computer terminals.
  • Access rights. The permission or privileges granted to users, programs or workstations to create, change, delete or view data and files within a system, as defined by rules established by data owners and the information security policy.
  • Advanced Encryption Standard (AES). A public algorithm that supports keys from 128 bits to 256 bits in size.
  • Advanced Persistent Threat (APT). An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives using multiple attack vectors (NIST SP800-61).
  • Adware. A software package that automatically plays, displays or downloads advertising material to a computer after the software is installed on it or while the application is being used.
  • Antivirus software. An application software deployed at multiple points in an IT architecture. It is designed to detect and potentially eliminate virus code before damage is done and repair or quarantine files that have already been infected.
  • Application layer. In the Open Systems Interconnection (OSI) communications model, the application layer provides services for an application program to ensure that effective communication with another application program in a network is possible.
  • Asymmetric key (public key). A cipher technique in which different cryptographic keys are used to encrypt and decrypt a message.
  • Attack vector. A path or route used by the adversary to gain access to the target (asset).
  • Audit trail. A visible trail of evidence enabling one to trace information contained in statements or reports back to the original input source.
  • Availability. Ensuring timely and reliable access to and use of information.


  • Back door. A means of regaining access to a compromised system by installing software or configuring existing software to enable remote access under attacker-defined conditions.
  • Block cipher. A public algorithm that operates on plaintext in blocks (strings or groups) of bits
  • Bring your own device (BYOD). An enterprise policy used to permit partial or full integration of user-owned mobile devices for business purposes
  • Brute force attack. Repeatedly trying all possible combinations of passwords or encryption keys until the correct one is found
  • Business continuity plan (BCP). A plan used by an enterprise to respond to disruption of critical business processes. Depends on the contingency plan for restoration of critical systems


  • Certificate (Certification) authority (CA). A trusted third party that serves authentication infrastructures or enterprises and registers entities and issues them certificates
  • Cipher. An algorithm to perform encryption
  • Cleartext. Data that is not encrypted. Also known as plaintext.
  • Computer forensics. The application of the scientific method to digital media to establish factual information for judicial review
  • Confidentiality. Preserving authorized restrictions on access and disclosure, including means for protecting privacy and proprietary information
  • Critical infrastructure. Systems whose incapacity or destruction would have a debilitating effect on the economic security of an enterprise, community or nation.
  • Cross-site scripting (XSS). A type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites
  • Cryptography. The art of designing, analyzing and attacking cryptographic schemes


  • Data Encryption Standard (DES). An algorithm for encoding binary data
  • Data leakage. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes
  • Database. A stored collection of related data needed by enterprises and individuals to meet their information processing and retrieval requirements
  • Decryption. A technique used to recover the original plaintext from the ciphertext so that it is intelligible to the reader
  • Demilitarized zone (DMZ). A screened (firewalled) network segment that acts as a buffer zone between a trusted and untrusted network
  • Denial-of-service attack (DoS). An assault on a service from a single source that floods it with so many requests that it becomes overwhelmed and is either stopped completely or operates at a significantly reduced rate
  • Digital certificate. A piece of information, a digitized form of signature, that provides sender authenticity, message integrity and non-repudiation. A digital signature is generated using the sender’s private key or applying a one-way hash function.
  • Disaster recovery plan (DRP). A set of human, physical, technical and procedural resources to recover, within a defined time and cost, an activity interrupted by an emergency or disaster
  • Domain name system (DNS). A hierarchical database that is distributed across the Internet that allows names to be resolved into IP addresses (and vice versa) to locate services such as web and e-mail servers


  • Encryption. The process of taking an unencrypted message (plaintext), applying a mathematical function to it (encryption algorithm with a key) and producing an encrypted message (ciphertext)
  • Encryption key. A piece of information, in a digitized form, used by an encryption algorithm to convert the plaintext to the ciphertext


  • Firewall. A system or combination of systems that enforces a boundary between two or more networks, typically forming a barrier between a secure and an open environment such as the Internet
  • Forensic examination. The process of collecting, assessing, classifying and documenting digital evidence to assist in the identification of an offender and the method of compromise


  • Governance. Ensures that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and decision making; and monitoring performance and compliance against agreed-on direction and objectives
  • Governance, Risk Management and Compliance (GRC). A business term used to group the three close-related disciplines responsible for the protection of assets, and operations


  • Hacker. An individual who attempts to gain unauthorized access to a computer system
  • Hashing. Using a hash function (algorithm) to create hash valued or checksums that validate message integrity
  • Hijacking. An exploitation of a valid network session for unauthorized purposes
  • Honeypot. A specially configured server, also known as a decoy server, designed to attract and monitor intruders in a manner such that their actions do not affect production systems
  • Hypertext Transfer Protocol Secure (HTTPS). A protocol for accessing a secure web server, whereby all data transferred are encrypted.


  • IEEE 802.11. A family of specifications developed by the Institute of Electrical and Electronics Engineers (IEEE) for wireless local area network (WLAN) echnology. 802.11 specifies an over-the-air interface between a wireless client and a base station or between two wireless clients.
  • Impact analysis. A study to prioritize the criticality of information resources for the enterprise based on costs (or consequences) of adverse events
  • Incident response. The response of an enterprise to a disaster or other significant event that may significantly affect the enterprise, its people, or its ability to function productively
  • Inherent risk. The risk level or exposure without taking into account the actions that management has taken or might take (e.g., implementing controls)
  • Integrity. The guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity
  • Internet Control Message Protocol (ICMP). A set of protocols that allow systems to communicate information about the state of services on other systems
  • Internet protocol (IP). Specifies the format of packets and the addressing scheme
  • Internet service provider (ISP). A third party that provides individuals and enterprises with access to the Internet and a variety of other Internet-related services
  • Intrusion detection system (IDS). Inspects network and host security activity to identify suspicious patterns that may indicate a network or system attack
  • Intrusion prevention system (IPS). A system designed to not only detect attacks, but also to prevent the intended victim hosts from being affected by the attacks
  • IT governance. The responsibility of executives and the board of directors; consists of the leadership, organizational structures and processes that ensure that the enterprise’s IT sustains and extends the enterprise's strategies and objectives


  • Job control language (JCL). Used to control run routines in connection with performing tasks on a computer
  • Judgment sampling. Any sample that is selected subjectively or in such a manner that the sample selection process is not random or the sampling results are not evaluated mathematically


  • Key risk indicator (KRI). A subset of risk indicators that are highly relevant and possess a high probability of predicting or indicating important risk
  • Keylogger. Software used to record all keystrokes on a computer


  • Layer 2 switches. Data link level devices that can divide and interconnect network segments and help to reduce collision domains in Ethernet-based networks
  • Layer 3 and 4 switches. Switches with operating capabilities at layer 3 and layer 4 of the open systems interconnect (OSI) model. These switches look at the incoming packet’s networking protocol, e.g., IP, and then compare the destination IP address to the list of addresses in their tables, to actively calculate the best way to send a packet to its destination.
  • Layer 4-7 switches. Used for load balancing among groups of servers
  • Local area network (LAN). Communication network that serves several users within a specified geographic area
  • Logical access controls. The policies, procedures, organizational structure and electronic access controls designed to restrict access to computer software and data files


  • Mainframe. A large high-speed computer, especially one supporting numerous workstations or peripherals
  • Malware. Short for malicious software. Designed to infiltrate, damage or obtain information from a computer system without the owner’s consent
  • Mandatory access control (MAC). A means of restricting access to data based on varying degrees of security requirements for information contained in the objects and the corresponding security clearance of users or programs acting on their behalf
  • Man-in-the-middle attack. An attack strategy in which the attacker intercepts the communication stream between two parts of the victim system and then replaces the traffic between the two components with the intruder’s own, eventually assuming control of the communication
  • Masking. A computerized technique of blocking out the display of sensitive information, such as passwords, on a computer terminal or report
  • Media access control (MAC) address. A unique identifier assigned to network interfaces for communications on the physical network segment
  • Message digest. A smaller extrapolated version of the original message created using a message digest algorithm
  • Multifactor authentication. A combination of more than one authentication method, such as token and password (or personal identification number [PIN] or token and biometric device).


  • Network address translation (NAT). A methodology of modifying network address information in IP datagram packet headers while they are in transit across a traffic routing device for the purpose of remapping one IP address space into another
  • Network basic input/output system (NetBIOS). A program that allows applications on different computers to communicate within a local area network (LAN).
  • Network news transfer protocol (NNTP). Used for the distribution, inquiry, retrieval, and posting of Netnews articles using a reliable stream-based mechanism. For news-reading clients, NNTP enables retrieval of news articles that are stored in a central database, giving subscribers the ability to select only those articles they wish to read. (RFC 3977)
  • Nonrepudiation. The assurance that a party cannot later deny originating data; provision of proof of the integrity and origin of the data and that can be verified by a third party


  • Open Systems Interconnect (OSI) model. A model for the design of a network. The open systems interconnect (OSI) model defines groups of functionality required to network computers into layers. Each layer implements a standard protocol to implement its functionality. There are seven layers in the OSI model.
  • Open Web Application Security Project (OWASP). An open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted
  • Operating system (OS). A master control program that runs the computer and acts as a scheduler and traffic controller


  • Packet. Data unit that is routed from source to destination in a packet-switched network
  • Password. A protected, generally computer-encrypted string of characters that authenticate a computer user to the computer system
  • Password cracker. A tool that tests the strength of user passwords by searching for passwords that are easy to guess It repeatedly tries words from specially crafted dictionaries and often also generates thousands (and in some cases, even millions) of permutations of characters, numbers and symbols.
  • Patch management. An area of systems management that involves acquiring, testing and installing multiple patches (code changes) to an administered computer system in order to maintain up-to-date software and often to address security risk
  • Penetration testing. A live test of the effectiveness of security defenses through mimicking the actions of real-life attackers
  • Phishing. This is a type of electronic mail (e-mail) attack that attempts to convince a user that the originator is genuine, but with the intention of obtaining information for use in social engineering
  • Port scanning. The act of probing a system to identify open ports
  • Public key infrastructure (PKI). A series of processes and technologies for the association of cryptographic keys with the entity to whom those keys were issued


  • Quality assurance (QA). A planned and systematic pattern of all actions necessary to provide adequate confidence that an item or product conforms to established technical requirements.
  • Quality management system (QMS). A system that outlines the policies and procedures necessary to improve and control the various processes that will ultimately lead to improved enterprise performance


  • Recovery. The phase in the incident response plan that ensures that affected systems or services are restored to a condition specified in the service delivery objectives (SDOs) or business continuity plan (BCP)
  • Recovery point objective (RPO). Determined based on the acceptable data loss in case of a disruption of operations It indicates the earliest point in time that is acceptable to recover the data. The RPO effectively quantifies the permissible amount of data loss in case of interruption.
  • Recovery time objective (RTO). The amount of time allowed for the recovery of a business function or resource after a disaster occurs
  • Remediation. After vulnerabilities are identified and assessed, appropriate remediation can take place to mitigate or eliminate the vulnerability
  • Residual risk. The remaining risk after management has implemented a risk response
  • Risk acceptance. If the risk is within the enterprise's risk tolerance or if the cost of otherwise mitigating the risk is higher than the potential loss, the enterprise can assume the risk and absorb any losses
  • Risk assessment. A process used to identify and evaluate risk and its potential effects
  • Risk management. The coordinated activities to direct and control an enterprise with regard to risk
  • Risk mitigation. The management of risk through the use of countermeasures and controls
  • Risk treatment. The process of selection and implementation of measures to modify risk
  • Root cause analysis. A process of diagnosis to establish the origins of events, which can be used for learning from consequences, typically from errors and problems
  • Rootkit. A software suite designed to aid an intruder in gaining unauthorized administrative access to a computer system
  • RSA. A public key cryptosystem developed by R. Rivest, A. Shamir and L. Adleman used for both encryption and digital signatures


  • Secure Shell (SSH). Network protocol that uses cryptography to secure communication, remote command line login and remote command execution between two networked computers
  • Secure Sockets Layer (SSL). A protocol that is used to transmit private documents through the Internet
  • Segregation/separation of duties (SoD). A basic internal control that prevents or detects errors and irregularities by assigning to separate individuals the responsibility for initiating and recording transactions and for the custody of assets
  • Service level agreement (SLA). An agreement, preferably documented, between a service provider and the customer(s)/user(s) that defines minimum performance targets for a service and how they will be measured
  • Simple Mail Transfer Protocol (SMTP). The standard electronic mail (e-mail) protocol on the Internet
  • Sniffing. The process by which data traversing a network are captured or monitored
  • Social engineering. An attack based on deceiving users or administrators at the target site into revealing confidential or sensitive information
  • Spoofing. Faking the sending address of a transmission in order to gain illegal entry into a secure system
  • Spyware. Software whose purpose is to monitor a computer user’s actions (e.g., web sites visited) and report these actions to a third party, without the informed consent of that machine’s owner or legitimate user
  • SQL injection. Results from failure of the application to appropriately validate input. When specially crafted user-controlled input consisting of SQL syntax is used without proper validation as part of SQL queries, it is possible to glean information from the database in ways not envisaged during application design.
  • System development life cycle (SDLC). The phases deployed in the development or acquisition of a software system
  • System hardening. A process to eliminate as many security risks as possible by removing all nonessential software programs, protocols, services and utilities from the system


  • Threat analysis. An evaluation of the type, scope and nature of events or actions that can result in adverse consequences; identification of the threats that exist against enterprise assets
  • Threat vector. The path or route used by the adversary to gain access to the target
  • Transmission Control Protocol/Internet Protocol (TCP/IP). Provides the basis for the Internet; a set of communication protocols that encompass media access, packet transport, session communication, file transfer, electronic mail (e-mail), terminal emulation, remote file access and network management
  • Triple DES (3DES). A block cipher created from the Data Encryption Standard (DES) cipher by using it three times
  • Trojan horse. Purposefully hidden malicious or damaging code within an authorized computer program
  • Two-factor authentication. The use of two independent mechanisms for authentication, (e.g., requiring a smart card and a password) typically the combination of something you know, are or have


  • User Datagram Protocol (UDP). A connectionless Internet protocol that is designed for network efficiency and speed at the expense of reliability
  • Universal Serial BUS (USB). An external bus standard that provides capabilities to transfer data at a rate of 12 Mbps
  • UNIX. A multi‐user, multitasking operating system that is used widely as the master control program in workstations and especially servers
  • Utility programs. Specialized system software used to perform particular computerized functions and routines that are frequently required during normal processing


  • Virtual local area network (VLAN). Logical segmentation of a LAN into different broadcast domains
  • Virtual private network (VPN). A secure private network that uses the public telecommunications infrastructure to transmit data
  • Virtualization. The process of adding a "guest application" and data onto a "virtual server," recognizing that the guest application will ultimately part company from this physical server
  • Virus. A program with the ability to reproduce by modifying other programs to include a copy of itself
  • Voice-over Internet Protocol (VoIP). Also called IP Telephony, Internet Telephony and Broadband Phone, a technology that makes it possible to have a voice conversation over the Internet or over any dedicated Internet Protocol (IP) network instead of over dedicated voice transmission lines
  • Vulnerability. A weakness in the design, implementation, operation or internal control of a process that could expose the system to adverse threats from threat events
  • Vulnerability scanning. An automated process to proactively identify security weaknesses in a network or individual system


  • Web server. Using the client-server model and the World Wide Web's HyperText Transfer Protocol (HTTP), Web Server is a software program that serves web pages to users.
  • Wide area network (WAN). A computer network connecting different remote locations that may range from short distances, such as a floor or building, to extremely long transmissions that encompass a large region or several countries
  • Wi-Fi protected access (WAP). A class of systems used to secure wireless (Wi-Fi) computer networks.
  • Wi-Fi protected access II (WPA2). Wireless security protocol that supports 802.11i encryption standards to provide greater security. This protocol uses Advanced Encryption Standards (AES) and Temporal Key Integrity Protocol (TKIP) for stronger encryption.
  • Wired Equivalent Privacy (WEP). A scheme that is part of the IEEE 802.11 wireless networking standard to secure IEEE 802.11 wireless networks (also known as Wi-Fi networks)
  • Wireless local area network (WLAN). Two or more systems networked using a wireless distribution method
  • Worm. A programmed network attack in which a self-replicating program does not attach itself to programs, but rather spreads independently of users’ action


  • X.25 Interface. An interface between data terminal equipment (DTE) and data circuit‐terminating equipment (DCE) for terminals operating in the packet mode on some public data networks




  • Zero-day-exploit. A vulnerability that is exploited before the software creator/vendor is even aware of it's existence
  • Zombie. A computer that has been infected with a bot and is being used by an attacker to mount a DDoS attack. Also called a drone.