{"id":13776755,"url":"https://github.com/cloudsecurelab/security-acronyms","last_synced_at":"2025-05-11T10:31:13.806Z","repository":{"id":57928113,"uuid":"482885697","full_name":"cloudsecurelab/security-acronyms","owner":"cloudsecurelab","description":"Curated list of Cyber Security acronyms \u0026 abbreviations","archived":false,"fork":false,"pushed_at":"2025-04-24T11:29:32.000Z","size":240,"stargazers_count":34,"open_issues_count":0,"forks_count":5,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-24T12:28:19.567Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cloudsecurelab.png","metadata":{"files":{"readme":"readme.MD","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-04-18T14:53:54.000Z","updated_at":"2025-04-24T11:29:36.000Z","dependencies_parsed_at":"2023-12-05T18:25:10.355Z","dependency_job_id":"c82ef9a0-aea7-4d91-a8a9-81af5b8d8cf0","html_url":"https://github.com/cloudsecurelab/security-acronyms","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudsecurelab%2Fsecurity-acronyms","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudsecurelab%2Fsecurity-acronyms/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudsecurelab%2Fsecurity-acronyms/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudsecurelab%2Fsecurity-acronyms/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cloudsecurelab","download_url":"https://codeload.github.com/cloudsecurelab/security-acronyms/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253551671,"owners_count":21926333,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T18:00:32.643Z","updated_at":"2025-05-11T10:31:13.790Z","avatar_url":"https://github.com/cloudsecurelab.png","language":"HTML","readme":"# Cyber Security Acronyms and Terms\n\nCurated list of acronyms and terms related to cyber security landscape including industry, open source and non-profit organizations (Basically any concept that has anything to do with security practices around the cloud, applications, assets, services, kubernetes and containers).\n\nThis glossary classifies and explains security terms to make them understandable beyond the 'buzzoword'.\n\nAny contribution will be more than welcome.\n\n## Algorithms\n_Encryption algorithms and other protection methods_\n\n3DES - Triple Data Encryption Algorithm (Also TDEA or Triple DEA) \nAES - Advanced Encryption Standard \nDES - Data Encryption Standard \nMD5 - Message-digest Algorithm \nRSA - Rivest–Shamir–Adleman open [cryptosystem](https://en.wikipedia.org/wiki/RSA_(cryptosystem)) \nSHA - Secure Haching Algorithm \n\n## Attacks, Vulnerabilities, and Threats\n_Malicious strategies from hackers or red-teams_\n\nCSRF - Cross Site Request Forgery \nDC - Differential cryptanalytics \nLC - Linear cryptanalytics \nDA - Davies Attack \nDoS - Denial of Service \nDDoS - Distributed Denial of Service \nMalware - Malicious Software \nMITM - Man in the middle (also Person in the middle) \nRaaS - Ransomware as a Service \nRAT - Remote Access Trojan \nRCE - Remote Code Execution \nSET - Social Engineering Toolkit \nSQLi - SQL Injection \nSSRF - Server Side Request Forgery \nXFS - Cross Frame Scripting \nXSS - Cross Site Scripting \n\n## Protection approaches\n_Security strategies, solutions, and patterns_\n\nADR - Application Detection and Response \nAMSI - Anti-Malware Scan Interface \nASO - Autonomic Security Operations [Doc](https://services.google.com/fh/files/misc/googlecloud_autonomicsecurityoperations_soc10x.pdf) \nASPM - Application Security Posture Management \nAST - Application Security Testing [Details](https://www.imperva.com/learn/application-security/application-security-testing) \nAV - Anti-Virus \nCADR - Cloud Application Detection and Response \nCAASM - Cyber Asset Attack Surface Management (inventory management) \nCASB - Cloud Access Security Broker \nCDR - Cloud Detection and Response \nCIEM - Cloud Infrastructure Entitlement Management \nCIAM - Cloud Identity Access Management \nCIRA - Cloud Investigation and Response Automation \nCNAPP - Cloud Native Application Protection Platform \nC-SCRM - Cyber Supplly Chain Risk Management [Link](https://csrc.nist.rip/scrm/#:~:text=Cyber%20Supply%20Chain%20Risk%20Management%20(C%2DSCRM)%20is%20the,product%20and%20service%20supply%20chains.) \nCSPM - Cloud Security Posture Management \nCTEM - Cloud Threat Exposure Management \nCWP - Cloud Workload Protection \nCWPP - Cloud Workload Protection Platform \nDAST - Dynamic Application Security Testing \nDDR - Data Detection \u0026 Response \nDLP - Data Loss Prevention \nDSPM - Data Security Posture Management \nEDR - Endpoint Detection and Response, sometimes known as Endpoint Threat Detection and Response (ETDR) \nETDR - See EDR \nHIDS - [Host based Intrusion Detection System](https://en.wikipedia.org/wiki/Host-based_intrusion_detection_system) (also NIDS for Network) \nHIPS - Host Intrusion Prevention System \nIAST - Interactive Application Security Testing \nIDS - Intrusion Detection System \nIDTR - Identity Detection \u0026 Response \nIGA - Identity Governance and Administration \nIPS - Intrusion Protection System \nISPM - Identity Security Posture Management \nITDR - Identity Threat Detection \u0026 Response \nMDR - Managed Detection and Response \nMDFT - Mobile Device Forensic Tool \nMSSP - Managed Security Services Provider \nNDR - Network Detection \u0026 Response \nNGES - Next Generation Endpoint Security \nNGSWG - Next Generation Secure Web Gateway \nNIDS - Network Intrustion Detection System \nNTA - Network Traffic Analysis \nOTSPM - Operational Technology Security Posture Management [link](https://safetybits.io/blog/what-is-otspm/) \nRASP - Runtime Application Self-Protection \nSASE - Secure Access Service Edge \nSAST - Static Application Security Testing \nSCA - Software Composition Analysis \nSCAP - Security Content Automation Protocols \nSIEM - Security Incident \u0026 Event Management \nSOAR - Security Orchestration \u0026 Response \nSSE - Security Services Edge (A subset of SASE) \nSSPM - SaaS Security Posture Management \nSWG - Secure Web Gateway [link](https://www.netskope.com/security-defined/next-gen-secure-web-gateway) \nTIP - Threat Intelligence Platform \nTPRM - Third Party Risk Management \nUBA / UEBA - User and entity behavior analytics \nVM - Vulnerability Management (also Virtual Machine outside of infosec) \nWAF - Web Application Firewall \nXDR - eXtended Detection and Response \nZTNA - Zero Trust Network Access\n\n## Security \u0026 Compliance frameworks \u0026 work groups\n\nAPRA - Australian Prudential Regulation Authority \nASLR - Address Space Layout Randomisation \nASVS - (OWASP) Application Security Verification Standard \nATT\u0026CK - (MITRE) Adversarial Tactics, Techniques, and Common Knowledge \nBGDPL - Brazilian General Data Protection Law (Brazil) \nCAPEC - Common Attack Pattern Enumeration and Classification \nCSAF - Common Security Advisory Framework [(2.0)](https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html) \nCIS - Center for Internet Security [Link](https://www.cisecurity.org/) \nCVE - Common Vulnerabilities and Exposures \nCVRF - Common Vulnerability Reporting Framework (now CSAF) \nCVS - Common Vulnerability Score \nCVSS - Common Vulnerability Scoring System \nDSS - Data Security Standard (See PCI) \nEPSS - Exploit Prediction Scoring System \nGDPR - General Data Protection Regulation (Europe) \nHIPAA - Health Insurance Portability and Accountability Act \nISO - International Organization for Standardization \nMITRE - Not an acronym - “a name that was meaningless and without connotations, but with an attractive feel.” \nNVD - National Vulnerability Database (USA) \nNIST - National Institute of Standards and Technology (US) \nOWASP - Open Web Application Security Project \nPCI DSS - Payment Card Industry Data Security Standard \nPCI SSC - Payment Card Industry Security Standards Council \nPIPEDA - Personal Information Protection and Electronic Documents Act (Canada) \nTARA - Threat Agent Risk Assessment (Methodology) \nSAMM - Software Assurance Maturity Model (OWASP) [Link](https://owaspsamm.org/) \nSLSA - Supply-chain Levels for Software Artifact - [Link](https://slsa.dev/) \nSOC (1,2,3) - [System and Organization Controls](https://en.wikipedia.org/wiki/System_and_Organization_Controls). See also the *\"Processes, Teams and roles\"* section. \n\n## Patterns, Protocols \u0026 Implementation Standards\n\n2FA - Two Factor Authentication; see also MFA \nABAC - Attribute Based Access Control \nACL - Access Control List \nCA - Certificate Authority \nCORS - Cross Origin Resource Sharing \nDoH - DNS over HTTPS \nDOM - Document Object Model \nFTPS - FTP-SSL or FTP Secure \nIR - Incident Response \nJIT - Just in Time (SAML) \nJWT - JSON Web Token \nMFA - Multi Factor Authentication \nmTLS - Mutual Transport Layer Security \nOASIS - Organisation for the Advancement of Structured Information Standards \nOAuth - Open Authorization \nOTP - One Time Password ( sometimes One Time Pad) \nPaC - Policy as Code \nSAML - Security Assertion Markup Language \nSARIF - Static Analysis Results Interchange Format \nSFTP - SSH File Transfer Protocol \nSPDX - Software Package Data Exchange [link](https://spdx.dev/) \nSSH - Secure Shell \nSSL - Secure Sockets Layer \nSSO - Single Sign-on \nTLP - Traffic Light Protocol \nTLS - Transport Layer Security \nU2F - Universal Two Factor \nWEP - Wired Equivalent Privacy (Protocol) \nWPA - Wi-Fi Protected Access (Protocol) \nWPS - Wi-Fi Protected Setup (Standard) \n\n## Processes, Teams and roles\n\nA\u0026A - Assessment and Authorization\nCCSP - Certified Cloud Security Professional (ISC2) \nCDC - Cyber Defense Center \nCERT - Computer Emergency Response Team \nCISO - Chief Information Security Officer \nCISSP - Certified Information Systems Security Professional \nCOC - Cybersecurity Operations Center \nCPP - Certified Protection Professional \nCSO - Chief Security Officer (role) \nECES - Certified Encryption Specialist \nFIRST - Forum of Incident Response and Security Teams \nNICCS - National Initiative for Cybersecurity Careers and Studies \nNICE - [NICCS Workforce Framework for Cybersecurity](https://niccs.cisa.gov/workforce-development/nice-framework) \nOSCP - Offensive Security Certified Professional \nSOC - Security Operations Center \nSecOps - Organizational term. Collaboration between security and operations teams by sharing security responsibilities \n\n## Misc\n\nAPT - Advanced Persistent Threat \nAuthn - Authentication \nAuthz - Authorization \nBAS - Breach \u0026 Attack Simulation \nBCP - Business Continuity Plan \nBEC - Business Email Compromise \nBGH - Big Game Hunting \nBIA - Business Impact Analysis \nBSIMM - Building Security In Maturity Model \nC2 - Command \u0026 Control \nCAPTCHA - Completely Automated Public Turing Test to Tell Computers And Humans Apart \nCIA - Confidentiality; Integrity; Availability \nCISA - Cybersecurity and Infrastructure Security Agency | Certified Information Systems Auditor \nCoA - Course of Action \nCTA - Cyber Threat Intelligence\nIAM - Identity \u0026 Access Management \nIOA - Indicators of Attack \nIOC - Indicators of Compromise \nMALOPS - Malicious Operations \nMTTR - Mean Time to Resolve \nPAM - Privileged Access Management \nRBAC - Role Based Access Control \nSDLC - Software Development Lifecycle (Also sometimes System Development Lifecycle) \nSD-WAN - Software Defined Wide Area Network \nSKU - Stock Keeping Unit (Unique identificaiton that definees an element) \nSRA - Security Response Automation \nSSS - Stack Smashing Protector (compilers)\nSWOT - Strengths, Weaknesses, Opportunities, and Threats (SWOT Analysis) \nTI - Threat Intelligence \nTTP - Tactics, Techniques, and Procedures \nUAC - User Access Control \nVAP - Very Attacked Person \nVPN - Virtual Private Network \nYARA - Yet Another Ridiculous Acronym - Rule-based tool for malware analysis [Link](https://en.wikipedia.org/wiki/YARA) \nYARA-L - YARA for logs ([Chronicle AKA SecOps](https://cloud.google.com/chronicle/docs/detection/yara-l-2-0-overview)) \n\n## Useful terms that are not specific to security\nCCM - Cloud Controls Matrix \nNHI - Non Human Identity \nNMS - Network Management System \nNRT - Near Real Time \nTPP - Third Party Payment provider \n\n## Pending to be classified (Help welcome) \n_Community help will be welcome_\n\nCAPP - Controlled Access Protection Profile \nCISSP - Certified Information Systems Security Professional (ISC2) \nCMF - Collection Management Framework \nCSA - (1) Cloud Security Alliance (2) Continuous Security Assessment \nCSP - Content Security Policy \nCTF - Capture the Flag \nCTI - Cyber Threat Intelligence \nCWE - Common Weakness Enumeration \nDEP - Data Execution Prevention \nDFIR - Digital Forensics and Incident Response \nDKIM - DomainKeys Identified Mail \nDLS - Dedicated Leak Site \nDMARC - Domain-based Message Authentication, Reporting \u0026 Conformance \nDNSSEC - Domain Name System Security Extensions \nDREAD - Damage; Reproducability; Exploitability; Affected Users; Discoverability \nEASM - Externam Attack Surface Management \nEICAR - European Institute for Computer Antivirus Research \nEPP - Endpoint Protection Platform \nFAIR - Factor Analysis of Information Risk \nFAM - File Access Monitoring \nFiDO - Fast IDentity Online \nFIM - File Integrity Monitoring \nFPC - Full Packet Capture \nGCM - Galois/Counter Mode \nGPG - GnuPG \nGRC - Governance, Risk \u0026 Compliance \nHSM - Hardware Security Module \nHSTS - HTTP Strict Transfer Protocol \nIDAM - Identity \u0026 Access Management \nIDOR - Insecure Direct Object Reference \nIdP - Identity Provider \nIETF - Internet Engineering Task Force \nIPE - Intelligence Preperation of the Environment \nIPSec - Internet Protocol Security \nIRM - Integrated Risk Management \nIRP - Incident Response Playbook \nISC2 - International Information System Security Certification Consortium \nISMS - Information Security Management System \nISS - Information System Security \nKCM - Kill Chain Model \nLANGSEC - Language Security \nLFI - Local File Inclusion \nLOLBin - Living off the Land Binary (also LOLScripts, LOLBAS) \nNAC - Network Access Control / also NACL (Network Access Control List) \nNDB - Notifiable Data Breache(s) \nNGCI - Next Generation Cyber Infrastructure \nNGFW - Next Generation Firewall \nODoH - Oblivious DNS over HTTPS \nOIDC - OpenID Connect \nOPSec - Operational Security \nOSCAL - Open Security Controls Assessment Language \nOSINT - Open Source Intelligence \nPASTA - Process for Attack Simulation \u0026 Threat Analysis \nPCD - Payment Card Data \nPGP - Pretty Good Privacy. See also GPG \nPFS - Perfect Forward Secrecy \nPTES - Penetration Testing Execution Standard \nPUP - Potentially Unwanted Program \nRFC - Request For Comments \nROP - Return-oriented programming \nRP - Return Pointer \nRTR - Rapid Threat Response \nSABSA - Sherwood Applied Business Security Architecture \nSANS - SysAdmin, Audit, Network, and Security \nSAQ - Self-Assessment Questionnaire \nSCIM - System for Cross-domain Identity Management \nSSDLC - Secure Software Development Lifecycle \nSECCOMP - Secure Computing \nSFP - Saved Frame Pointer \nSOA - Statemenet of Applicability \nSOX - Sarbanes-Oxley Act \nSPF - Sender Policy Framework \nSRI - Sub-resource Integrity \nSSVC - Stakeholder-Specific Vulnerability Categorization \nSTIG - Security Technical Implementation Guide \nSTIX - Structured Threat Information Expression \nSTRIDE - Spoofing; Tampering; Repudiation; Information disclosure; Denial of service; Elevation of Privilege \nTAXII - Trusted Automated Exchange of Intelligence Information \nTOGAF - The Open Group Architecture Framework \nXACML - eXtensible Access Control Markup Language \nXXE - XML External Entity\n\n# Resources\n\nOriginal list extracted from [Ghostinashell Blog](https://blog.ghostinashell.com/acronyms/) \nEnriched with terms learned from [Sysdig](https://sysdig.com) \nAdded some terms from [SecureWorldExpo](https://info.secureworldexpo.com/hubfs/PDF_collateral/Acronyms_cybersecurity_SecureWorld_090419.pdf) \nCurated list of security resources [Awesome-sceurity](https://github.com/sbilly/awesome-security) \nList of products and vendors classified by security approach. [The Cloud Security List](https://list.latio.tech/) \nOWASP Open Web Application Security (nonprofit foundation). [OWASP website](https://owasp.org/) \n\nPublic front page [Cloud Security Acronyms](https://cloudsecurelab.github.io/security-acronyms/) \nContribute with [Cyber-Security List on Github](https://github.com/cloudsecurelab/security-acronyms/) \n","funding_links":[],"categories":["Other Awesome Lists","Useful Resources","Lists of cyber security resources"],"sub_categories":["Other Security Awesome Lists","Security Awesome Lists"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudsecurelab%2Fsecurity-acronyms","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcloudsecurelab%2Fsecurity-acronyms","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudsecurelab%2Fsecurity-acronyms/lists"}