© SidorArt/Shutterstock.
ACD | automatic call distributor |
AES | Advanced Encryption Standard |
ALE | annual loss expectancy |
ANSI | American National Standards Institute |
AO | authorizing official |
AP | access point |
API | application programming interface |
APT | advanced persistent threat |
ARO | annual rate of occurrence |
ATM | asynchronous transfer mode |
AUP | acceptable use policy |
AV | antivirus |
B2B | business to business |
B2C | business to consumer |
BBB | Better Business Bureau |
BC | business continuity |
BCP | business continuity plan |
BGP4 | Border Gateway Protocol 4 for IPv4 |
BIA | business impact analysis |
BYOD | Bring Your Own Device |
C2C | consumer to consumer |
CA | certificate authority |
CAC | Common Access Card |
CAN-SPAM | Controlling the Assault of Non-Solicited Pornography and Marketing Act |
CAP | Certification and Accreditation Professional |
CAUCE | Coalition Against Unsolicited Commercial Email |
CBA | cost-benefit analysis |
CBF | critical business function |
CBK | common body of knowledge |
CCC | CERT Coordination Center |
CCNA | Cisco Certified Network Associate |
CDR | call-detail recording |
CERT | Computer Emergency Response Team |
CFE | Certified Fraud Examiner |
C-I-A | confidentiality, integrity, availability |
CIPA | Children’s Internet Protection Act |
CIR | committed information rate |
CIRT | computer incident response team |
CISA | Certified Information Systems Auditor |
CISM | Certified Information Security Manager |
CISSP | Certified Information System Security Professional |
CMIP | Common Management Information Protocol |
CMMI | Capability Maturity Model Integration |
CNA | computer network attack |
CND | computer network defense |
CNE | computer network exploitation |
COPPA | Children’s Online Privacy Protection Act |
COS | class of service |
CRC | cyclic redundancy check |
CSA | Cloud Security Alliance |
CSF | critical success factor |
CSI | Computer Security Institute |
CSP | cloud service provider |
CTI | Computer Telephony Integration |
CVE | Common Vulnerabilities and Exposures |
DAC | discretionary access control |
DBMS | database management system |
DCS | distributed control system |
DDoS | distributed denial of service |
DEP | data execution prevention |
DES | Data Encryption Standard |
DHCPv6 | Dynamic Host Configuration Protocol v6 for IPv6 |
DHS | Department of Homeland Security |
DIA | Defense Intelligence Agency |
DISA | direct inward system access |
DMZ | demilitarized zone |
DNS | Domain Name Service OR Domain Name System |
DoD | Department of Defense |
DoS | denial of service |
DPI | deep packet inspection |
DR | disaster recovery |
DRP | disaster recovery plan |
DSL | digital subscriber line |
DSS | Digital Signature Standard |
DSU | data service unit |
EDI | Electronic Data Interchange |
EIDE | Enhanced IDE |
ELINT | electronic intelligence |
EPHI | electronic protected health information |
EULA | End-User License Agreement |
FACTA | Fair and Accurate Credit Transactions Act |
FAR | false acceptance rate |
FCC | Federal Communications Commission |
FDIC | Federal Deposit Insurance Corporation |
FEP | front-end processor |
FERPA | Family Educational Rights and Privacy Act |
FIPS | Federal Information Processing Standard |
FISMA | Federal Information Security Management Act |
FRCP | Federal Rules of Civil Procedure |
FRR | false rejection rate |
FTC | Federal Trade Commission |
FTP | File Transfer Protocol |
GAAP | generally accepted accounting principles |
GIAC | Global Information Assurance Certification |
GigE | Gigibit Ethernet LAN |
GLBA | Gramm-Leach-Bliley Act |
HIDS | host-based intrusion detection system |
HIPAA | Health Insurance Portability and Accountability Act |
HIPS | host-based intrusion prevention system |
HTML | Hypertext Markup Language |
HTTP | Hypertext Transfer Protocol |
HTTPS | Hypertext Transfer Protocol Secure |
HUMINT | human intelligence |
IaaS | Infrastructure as a Service |
IAB | Internet Activities Board |
ICMP | Internet Control Message Protocol |
IDEA | International Data Encryption Algorithm |
IDPS | intrusion detection and prevention |
IDS | intrusion detection system |
IEEE | Institute of Electrical and Electronics Engineers |
IETF | Internet Engineering Task Force |
IGP | Interior Gateway Protocol |
IMINT | imagery intelligence |
InfoSec | information security |
IP | intellectual property OR Internet Protocol |
IPS | intrusion prevention system |
IPSec | Internet Protocol Security |
IPv4 | Internet Protocol version 4 |
IPv6 | Internet Protocol version 6 |
IS-IS | intermediate system-to-intermediate system |
(ISC)2 | International Information System Security Certification Consortium |
ISO | International Organization for Standardization |
ISP | Internet service provider |
ISS | Internet security systems |
ITIL | Information Technology Infrastructure Library |
ITRC | Identity Theft Resource Center |
IVR | interactive voice response |
L2TP | Layer 2 Tunneling Protocol |
LAN | local area network |
MAC | mandatory access control |
MAN | metropolitan area network |
MAO | maximum acceptable outage |
MASINT | measurement and signals intelligence |
MD5 | Message Digest 5 |
modem | modulator demodulator |
MP-BGP | Multiprotocol Border Gateway Protocol |
MPLS | multiprotocol label switching |
MSTI | Multiple spanning tree instance |
MSTP | Multiple Spanning Tree Protocol |
NAC | network access control |
NAT | network address translation |
NFIC | National Fraud Information Center |
NIC | network interface card |
NIDS | network intrusion detection system |
NIPS | network intrusion prevention system |
NIST | National Institute of Standards and Technology |
NMS | network management system |
NOC | network operations center |
NSA | National Security Agency |
NVD | national vulnerability database |
OPSEC | operations security |
OS | operating system |
OSI | Open Systems Interconnection |
OSINT | open source intelligence |
OSPFv2 | Open Shortest Path First v2 for IPv4 |
OSPFv3 | Open Shortest Path First v3 for IPv6 |
PaaS | Platform as a Service |
PBX | private branch exchange |
PCI | Payment Card Industry |
PCI DSS | Payment Card Industry Data Security Standard |
PGP | Pretty Good Privacy |
PII | personally identifiable information |
PIN | personal identification number |
PKI | public key infrastructure |
PLC | programmable logic controller |
POAM | plan of action and milestones access tool |
PoE | power over Ethernet |
POS | point-of-sale |
PPTP | Point-to-Point Tunneling Protocol |
PSYOPs | psychological operations |
RA | registration authority OR risk assessment |
RAID | redundant array of independent disks |
RAT | remote access Trojan OR remote for IPv6 |
RFC | Request for Comments |
RIPng | Routing Information Protocol next generation for IPv6 |
ROI | return on investment |
RPO | recovery point objective |
RSA | Rivest, Shamir, and Adleman (algorithm) |
RSTP | Rapid Spanning Tree Protocol |
RTO | recovery time objective |
SA | security association |
SaaS | Software as a Service |
SAN | storage area network |
SANCP | Security Analyst Network Connection Profiler |
SANS | SysAdmin, Audit, Network, Security |
SAP | service access point |
SCADA | supervisory control and data acquisition |
SCSI | small computer system interface |
SDSL | symmetric digital subscriber line |
SET | secure electronic transaction |
SGC | server-gated cryptography |
SHA | secure hash algorithm |
S-HTTP | secure HTTP |
SIEM | Security Information and Event Management system |
SIGINT | signals intelligence |
SIP | Session Initiation Protocol |
SLA | service level agreement |
SLE | single loss expectancy |
SMFA | specific management functional area |
SNMP | Simple Network Management Protocol |
SOX | Sarbanes-Oxley Act of 2002 (also Sarbox) |
SPOF | single point of failure |
SQL | Structured Query Language |
SSA | Social Security Administration |
SSCP | Systems Security Certified Practitioner |
SSID | service set identifier (name assigned to a Wi-Fi network) |
SSL | Secure Sockets Layer |
SSL-VPN | Secure Sockets Layer virtual private network |
SSO | single system sign-on |
STP | shielded twisted pair OR Spanning Tree Protocol |
TCP/IP | Transmission Control Protocol/ Internet Protocol |
TCSEC | Trusted Computer System Evaluation Criteria |
TFA | two-factor authentication |
TFTP | Trivial File Transfer Protocol |
TGAR | trunk group access restriction |
TNI | Trusted Network Interpretation |
TPM | technology protection measure OR trusted platform module |
UC | unified communications |
UDP | User Datagram Protocol |
UPS | uninterruptible power supply |
USB | universal serial bus |
UTP | unshielded twisted pair |
VA | vulnerability assessment |
VBAC | view-based access control |
VLAN | virtual local area network |
VoIP | Voice over Internet Protocol |
VPN | virtual private network |
W3C | World Wide Web Consortium |
WAN | wide area network |
WAP | wireless access point |
WEP | Wired Equivalent Privacy |
Wi-Fi | Wireless Fidelity |
WLAN | wireless local area network |
WNIC | wireless network interface card |
WPA | Wi-Fi Protected Access |
WPA2 | Wi-Fi Protected Access 2 |
XML | Extensible Markup Language |
XSS | cross-site scripting |