Abbreviations
Abbreviations
I am following Udemy Jason Dion’s course for Security +
Abbreviations
AAA | Authentication, Authorization, and Accounting | ||
ACL | Access Control List | ||
AES | Advanced Encryption Standard | ||
AES-256 | Advanced Encryption Standard 256-bit | ||
AH | Authentication Header | ||
AI | Artificial Intelligence | ||
AIS | Automated Indicator Sharing | ||
ALE | Annualized Loss Expectancy | ||
AP | Access Point | ||
API | Application Programming Interface | ||
APT | Advanced Persistent Threat | ||
ARO | Annualized Rate of Occurrence | ||
ARP | Address Resolution Protocol | ||
ASLR | Address Space Layout Randomization | ||
ATT&CK | Adversarial Tactics, Techniques, and Common Knowledge | ||
AUP | Acceptable Use Policy | ||
AV | Antivirus | ||
BASH | Bourne Again Shell | ||
BCP | Business Continuity Planning | ||
BGP | Border Gateway Protocol | ||
BIA | Business Impact Analysis | ||
BIOS | Basic Input/Output System | ||
BPA | Business Partners Agreement | ||
BPDU | Bridge Protocol Data Unit | ||
BYOD | Bring Your Own Device | ||
CA | Certificate Authority | ||
CAPTCHA | Completely Automated Public Turing Test to Tell Computers and Humans Apart | ||
CAR | Corrective Action Report | ||
CASB | Cloud Access Security Broker | ||
CBC | Cipher Block Chaining | ||
CCMP | Counter Mode/CBC-MAC Protocol | ||
CCTV | Closed-circuit Television | ||
CERT | Computer Emergency Response Team | ||
CFB | Cipher Feedback | ||
CHAP | Challenge Handshake Authentication Protocol | ||
CIA | Confidentiality, Integrity, Availability | ||
CIO | Chief Information Officer | ||
CIRT | Computer Incident Response Team | ||
CMS | Content Management System | ||
COOP | Continuity of Operation Planning | ||
COPE | Corporate Owned, Personally Enabled | ||
CP | Contingency Planning | ||
CRC | Cyclical Redundancy Check | ||
CRL | Certificate Revocation List | ||
CSO | Chief Security Officer | ||
CSP | Cloud Service Provider | ||
CSR | Certificate Signing Request | ||
CSRF | Cross-Site Request Forgery | ||
CSU | Channel Service Unit | ||
CTM | Counter Mode | ||
CTO | Chief Technology Officer | ||
CVE | Common Vulnerability Enumeration | ||
CVSS | Common Vulnerability Scoring System | ||
CYOD | Choose Your Own Device | ||
DAC | Discretionary Access Control | ||
DBA | Database Administrator | ||
DDoS | Distributed Denial of Service | ||
DEP | Data Execution Prevention | ||
DES | Digital Encryption Standard | ||
DHCP | Dynamic Host Configuration Protocol | ||
DHE | Diffie-Hellman Ephemeral | ||
DKIM | DomainKeys Identified Mail | ||
DLL | Dynamic Link Library | ||
DLP | Data Loss Prevention | ||
DMARC | Domain Message Authentication Reporting and Conformance | ||
DNAT | Destination Network Address Translation | ||
DNS | Domain Name System | ||
DoS | Denial of Service | ||
DPO | Data Privacy Officer | ||
DRP | Disaster Recovery Plan | ||
DSA | Digital Signature Algorithm | ||
DSL | Digital Subscriber Line | ||
EAP | Extensible Authentication Protocol | ||
ECB | Electronic Code Book | ||
ECC | Elliptic Curve Cryptography | ||
ECDHE | Elliptic Curve Diffie-Hellman Ephemeral | ||
ECDSA | Elliptic Curve Digital Signature Algorithm | ||
EDR | Endpoint Detection and Response | ||
EFS | Encrypted File System | ||
ERP | Enterprise Resource Planning | ||
ESN | Electronic Serial Number | ||
ESP | Encapsulated Security Payload | ||
FACL | File System Access Control List | ||
FDE | Full Disk Encryption | ||
FIM | File Integrity Monitoring | ||
FPGA | Field Programmable Gate Array | ||
FRR | False Rejection Rate | ||
FTP | File Transfer Protocol | ||
FTPS | Secured File Transfer Protocol | ||
GCM | Galois Counter Mode | ||
GDPR | General Data Protection Regulation | ||
GPG | GNU Privacy Guard | ||
GPO | Group Policy Object | ||
GPS | Global Positioning System | ||
GPU | Graphics Processing Unit | ||
GRE | Generic Routing Encapsulation | ||
HA | High Availability | ||
HDD | Hard Disk Drive | ||
HIDS | Host-based Intrusion Detection System | ||
HIPS | Host-based Intrusion Prevention System | ||
HMAC | Hashed Message Authentication Code | ||
HOTP | HMAC-based One-time Password | ||
HSM | Hardware Security Module | ||
HTML | Hypertext Markup Language | ||
HTTP | Hypertext Transfer Protocol | ||
HTTPS | Hypertext Transfer Protocol Secure | ||
HVAC | Heating, Ventilation, Air Conditioning | ||
IaaS | Infrastructure as a Service | ||
IaC | Infrastructure as Code | ||
IAM | Identity and Access Management | ||
ICMP | Internet Control Message Protocol | ||
ICS | Industrial Control Systems | ||
IDEA | International Data Encryption Algorithm | ||
IDF | Intermediate Distribution Frame | ||
IdP | Identity Provider | ||
IDS | Intrusion Detection System | ||
IEEE | Institute of Electrical and Electronics Engineers | ||
IKE | Internet Key Exchange | ||
IM | Instant Messaging | ||
IMAP | Internet Message Access Protocol | ||
IoC | Indicators of Compromise | ||
IoT | Internet of Things | ||
IP | Internet Protocol | ||
IPS | Intrusion Prevention System | ||
IPSec | Internet Protocol Security | ||
IR | Incident Response | ||
IRC | Internet Relay Chat | ||
IRP | Incident Response Plan | ||
ISO | International Organization for Standardization | ||
ISP | Internet Service Provider | ||
ISSO | Information Systems Security Officer | ||
IV | Initialization Vector | ||
KDC | Key Distribution Center | ||
KEK | Key Encryption Key | ||
L2TP | Layer 2 Tunneling Protocol | ||
LAN | Local Area Network | ||
LDAP | Lightweight Directory Access Protocol | ||
LEAP | Lightweight Extensible Authentication Protocol | ||
MaaS | Monitoring as a Service | ||
MAC | Mandatory Access Control / Media Access Control / Message Authentication Code | ||
MAN | Metropolitan Area Network | ||
MBR | Master Boot Record | ||
MD5 | Message Digest 5 | ||
MDF | Main Distribution Frame | ||
MDM | Mobile Device Management | ||
MFA | Multi-Factor Authentication | ||
MFD | Multifunction Device | ||
MFP | Multifunction Printer | ||
ML | Machine Learning | ||
MMS | Multimedia Message Service | ||
MOA | Memorandum of Agreement | ||
MOU | Memorandum of Understanding | ||
MPLS | Multiprotocol Label Switching | ||
MSA | Master Service Agreement | ||
MSCHAP | Microsoft Challenge Handshake Authentication Protocol | ||
MSP | Managed Service Provider | ||
MSSP | Managed Security Service Provider | ||
MTBF | Mean Time Between Failures | ||
MTTF | Mean Time to Failure | ||
MTTR | Mean Time to Recover | Critical for disaster recovery planning | |
MTU | Maximum Transmission Unit | Network packet size limit | |
NAC | Network Access Control | Ensures endpoint compliance (e.g., 802.1X) | |
NAT | Network Address Translation | Masks private IPs (e.g., home routers) | |
NDA | Non-disclosure Agreement | Legal confidentiality requirement | |
NFC | Near Field Communication | Contactless payments (range: ~4cm) | |
NGFW | Next-generation Firewall | Includes IPS, SSL inspection | |
NIDS | Network-based Intrusion Detection System | Passive monitoring (e.g., Snort) | |
NIPS | Network-based Intrusion Prevention System | Active blocking of threats | |
NIST | National Institute of Standards & Technology | Publishes cybersecurity frameworks | |
NTFS | New Technology File System | Windows file system with ACL support | |
NTLM | New Technology LAN Manager | Legacy Windows auth protocol | |
NTP | Network Time Protocol | Critical for log synchronization | |
OAUTH | Open Authorization | API authorization framework | |
OCSP | Online Certificate Status Protocol | Real-time cert revocation checks | |
OID | Object Identifier | Unique identifier in PKI | |
OS | Operating System | Windows, Linux, macOS security | |
OSINT | Open-source Intelligence | Threat intelligence from public sources | |
OSPF | Open Shortest Path First | Dynamic routing protocol | |
OT | Operational Technology | Industrial systems (SCADA, ICS) | |
OTA | Over the Air | Wireless updates (e.g., IoT devices) | |
OVAL | Open Vulnerability Assessment Language | Standard for vulnerability checks | |
P12 | PKCS #12 | Certificate container format | |
P2P | Peer to Peer | Decentralized networks (risk: malware) | |
PaaS | Platform as a Service | Cloud dev environment (e.g., Heroku) | |
PAC | Proxy Auto Configuration | Automated proxy settings | |
PAM | Privileged Access Management | Controls admin access | |
PAM | Pluggable Authentication Modules | Linux authentication framework | |
PAP | Password Authentication Protocol | Unencrypted credential transmission | |
PAT | Port Address Translation | NAT variant mapping multiple devices | |
PBKDF2 | Password-based Key Derivation Function 2 | Key stretching algorithm | |
PBX | Private Branch Exchange | Business phone systems (VoIP risks) | |
PCAP | Packet Capture | Network traffic analysis (Wireshark) | |
PCI DSS | Payment Card Industry Data Security Standard | Credit card security compliance | |
PDU | Power Distribution Unit | Data center power management | |
PEAP | Protected Extensible Authentication Protocol | WPA2-Enterprise authentication | |
PED | Personal Electronic Device | BYOD security considerations | |
PEM | Privacy Enhanced Mail | Base64-encoded cert format | |
PFS | Perfect Forward Secrecy | Ephemeral keys for session security | |
PGP | Pretty Good Privacy | Email/file encryption standard | |
PHI | Personal Health Information | HIPAA-regulated data | |
PII | Personally Identifiable Information | GDPR/CCPA protected data | |
PIV | Personal Identity Verification | US govt smart card standard | |
PKCS | Public Key Cryptography Standards | RSA-developed crypto standards | |
PKI | Public Key Infrastructure | Digital certificate framework | |
POP | Post Office Protocol | Legacy email retrieval protocol | |
POTS | Plain Old Telephone Service | Analog phone security risks | |
PPP | Point-to-Point Protocol | Direct device connections | |
PPTP | Point-to-Point Tunneling Protocol | Insecure VPN protocol (avoid) | |
PSK | Pre-shared Key | WPA2-Personal authentication | |
PTZ | Pan-tilt-zoom | Security camera controls | |
PUP | Potentially Unwanted Program | Grayware (adware, spyware) | |
RA | Recovery Agent | Key escrow access for encrypted data | |
RA | Registration Authority | PKI entity that verifies identities | |
RADIUS | Remote Authentication Dial-in User Service | Centralized network authentication | |
RAID | Redundant Array of Inexpensive Disks | Data redundancy (RAID 1/5/6) | |
RAS | Remote Access Server | Legacy dial-up access systems | |
RAT | Remote Access Trojan | Malware for persistent access | |
RBAC | Role-based Access Control | Permissions tied to job functions | |
RC4 | Rivest Cipher version 4 | Insecure stream cipher (deprecated) | |
RDP | Remote Desktop Protocol | Common attack vector (secure with NLA) | |
RFID | Radio Frequency Identifier | Physical access cards/cloning risks | |
RSA | Rivest, Shamir, & Adleman | Asymmetric encryption algorithm | |
RTBH | Remotely Triggered Black Hole | DDoS mitigation technique | |
RTO | Recovery Time Objective | Max acceptable downtime | |
RPO | Recovery Point Objective | Max data loss tolerance | |
S/MIME | Secure/Multipurpose Internet Mail Extensions | Encrypted email standard | |
SaaS | Software as a Service | Cloud apps (e.g., Office 365) | |
SAML | Security Assertions Markup Language | XML-based SSO standard | |
SAN | Storage Area Network | High-speed storage network | |
SAN | Subject Alternative Name | Multi-domain SSL certificates | |
SCADA | Supervisory Control and Data Acquisition | Industrial control systems | |
SD-WAN | Software-defined Wide Area Network | Dynamic traffic routing | |
SDLC | Software Development Lifecycle | Secure development practices | |
SDN | Software-defined Networking | Decouples control plane from data plane | Attack surface for DDoS (e.g., ONOS controller exploits) |
SELinux | Security-enhanced Linux | Mandatory Access Control (MAC) for Linux | Enforces least privilege policies |
SED | Self-encrypting Drives | Hardware-based full-disk encryption | Complies with FIPS 140-2, protects data-at-rest |
SEH | Structured Exception Handler | Windows memory management feature | Buffer overflow exploitation target |
SFTP | Secured File Transfer Protocol | SSH-encrypted file transfer (port 22) | Secure alternative to FTP |
SHA | Secure Hashing Algorithm | SHA-256 (NIST standard), SHA-1 deprecated | Integrity verification (e.g., file checksums) |
SIEM | Security Information and Event Management | Log aggregation/analysis (e.g., Splunk) | Detects multi-vector attacks via correlation |
SIM | Subscriber Identity Module | Mobile auth (e.g., 3G/4G/5G) | SIM swapping attacks bypass 2FA |
SLA | Service-level Agreement | Uptime guarantees (e.g., 99.9%) | Cloud security responsibility matrix |
SLE | Single Loss Expectancy | Asset Value × Exposure Factor | Part of risk calculation (ALE = SLE × ARO ) |
SMTP | Simple Mail Transfer Protocol | Email delivery (port 25) | SPF/DKIM/DMARC combat spoofing |
SNMP | Simple Network Management Protocol | Device monitoring (v3 encrypts traffic) | Default community strings are a risk |
SOAR | Security Orchestration, Automation, Response | Automates incident response (e.g., Phantom) | Reduces MTTR for breaches |
SOC | Security Operations Center | 24/7 threat monitoring team | Tiered analysts (T1-T3) workflow |
SPF | Sender Policy Framework | DNS TXT records to prevent email spoofing | Part of email authentication triad |
SQLi | SQL Injection | ' OR 1=1-- bypasses authentication | OWASP Top 10 #1 risk |
SSH | Secure Shell | Encrypted remote access (port 22) | Key-based auth > passwords |
SSL/TLS | Secure Sockets Layer / Transport Layer Security | TLS 1.2/1.3 are current standards | Heartbleed (CVE-2014-0160) exploited SSL |
SSO | Single Sign-on | Centralized auth (e.g., Okta, ADFS) | Risk: Compromise gives broad access |
STIX/TAXII | Structured Threat Information eXchange / Trusted Automated eXchange of Indicator Information | Threat intelligence sharing formats | Used in MISP threat platforms |
TACACS+ | Terminal Access Controller Access Control System | Cisco auth protocol (TCP/49) | Encrypts entire payload (vs RADIUS) |
TCP/IP | Transmission Control Protocol/Internet Protocol | Internet protocol suite | SYN floods attack TCP handshake |
TGT | Ticket Granting Ticket | Kerberos authentication component | Golden Ticket attacks forge TGTs |
TKIP | Temporal Key Integrity Protocol | WPA encryption (deprecated) | Vulnerable to WPA2 attacks |
TLS | Transport Layer Security | Replaced SSL (e.g., TLS 1.3) | Downgrade attacks (e.g., POODLE) |
TOTP | Time-based One-time Password | Google Authenticator algorithm | More secure than SMS 2FA |
TPM | Trusted Platform Module | Hardware crypto processor | Stores BitLocker/RSA keys |
TTPs | Tactics, Techniques, Procedures | MITRE ATT&CK framework structure | Defenders use to profile threat actors |
UDP | User Datagram Protocol | Connectionless (port 53 for DNS) | DNS amplification attacks |
UEFI | Unified Extensible Firmware Interface | Replaces legacy BIOS | Secure Boot prevents rootkits |
UPS | Uninterruptable Power Supply | Battery backup for graceful shutdown | Prevents data corruption |
URL | Uniform Resource Locator | https:// vs http:// | IDN homograph attacks |
USB OTG | USB On the Go | Direct device connections | BadUSB exploits firmware |
UTM | Unified Threat Management | All-in-one security appliance | Includes FW/IPS/AV/web filtering |
VDI | Virtual Desktop Infrastructure | Centralized desktop hosting | Reduces endpoint attack surface |
VLAN | Virtual Local Area Network | Network segmentation (802.1Q) | VLAN hopping via double-tagging |
VoIP | Voice over IP | SIP/RTP protocols (port 5060) | Vishing/SIP brute-force risks |
VPN | Virtual Private Network | IPsec (IKEv2) or SSL VPNs | Split tunneling risks |
WAF | Web Application Firewall | Blocks OWASP Top 10 (e.g., ModSecurity) | Bypasses via 0-days |
WEP | Wired Equivalent Privacy | Broken RC4 encryption (2001) | Crackable in <1 minute |
WPA | Wi-Fi Protected Access | WPA3 uses SAE (Dragonfly) | KRACK attacks target WPA2 |
XDR | Extended Detection and Response | Cross-layer threat detection | Evolved from EDR/MDR |
XSS | Cross-site Scripting | <script>alert(1)</script> | Stored vs reflected XSS |
To get in touch with me or for general discussion please visit ZeroDayMindset Discussion
This post is licensed under CC BY 4.0 by the author.