Abbreviations
Abbreviations
Abbreviations
| AAA | Authentication, Authorization, and Accounting | ||
| ACL | Access Control List | ||
| AES | Advanced Encryption Standard | ||
| AES-256 | Advanced Encryption Standard 256-bit | ||
| AH | Authentication Header | ||
| AI | Artificial Intelligence | ||
| AIS | Automated Indicator Sharing | ||
| ALE | Annualized Loss Expectancy | ||
| AP | Access Point | ||
| API | Application Programming Interface | ||
| APT | Advanced Persistent Threat | ||
| ARO | Annualized Rate of Occurrence | ||
| ARP | Address Resolution Protocol | ||
| ASLR | Address Space Layout Randomization | ||
| ATT&CK | Adversarial Tactics, Techniques, and Common Knowledge | ||
| AUP | Acceptable Use Policy | ||
| AV | Antivirus | ||
| BASH | Bourne Again Shell | ||
| BCP | Business Continuity Planning | ||
| BGP | Border Gateway Protocol | ||
| BIA | Business Impact Analysis | ||
| BIOS | Basic Input/Output System | ||
| BPA | Business Partners Agreement | ||
| BPDU | Bridge Protocol Data Unit | ||
| BYOD | Bring Your Own Device | ||
| CA | Certificate Authority | ||
| CAPTCHA | Completely Automated Public Turing Test to Tell Computers and Humans Apart | ||
| CAR | Corrective Action Report | ||
| CASB | Cloud Access Security Broker | ||
| CBC | Cipher Block Chaining | ||
| CCMP | Counter Mode/CBC-MAC Protocol | ||
| CCTV | Closed-circuit Television | ||
| CERT | Computer Emergency Response Team | ||
| CFB | Cipher Feedback | ||
| CHAP | Challenge Handshake Authentication Protocol | ||
| CIA | Confidentiality, Integrity, Availability | ||
| CIO | Chief Information Officer | ||
| CIRT | Computer Incident Response Team | ||
| CMS | Content Management System | ||
| COOP | Continuity of Operation Planning | ||
| COPE | Corporate Owned, Personally Enabled | ||
| CP | Contingency Planning | ||
| CRC | Cyclical Redundancy Check | ||
| CRL | Certificate Revocation List | ||
| CSO | Chief Security Officer | ||
| CSP | Cloud Service Provider | ||
| CSR | Certificate Signing Request | ||
| CSRF | Cross-Site Request Forgery | ||
| CSU | Channel Service Unit | ||
| CTM | Counter Mode | ||
| CTO | Chief Technology Officer | ||
| CVE | Common Vulnerability Enumeration | ||
| CVSS | Common Vulnerability Scoring System | ||
| CYOD | Choose Your Own Device | ||
| DAC | Discretionary Access Control | ||
| DBA | Database Administrator | ||
| DDoS | Distributed Denial of Service | ||
| DEP | Data Execution Prevention | ||
| DES | Digital Encryption Standard | ||
| DHCP | Dynamic Host Configuration Protocol | ||
| DHE | Diffie-Hellman Ephemeral | ||
| DKIM | DomainKeys Identified Mail | ||
| DLL | Dynamic Link Library | ||
| DLP | Data Loss Prevention | ||
| DMARC | Domain Message Authentication Reporting and Conformance | ||
| DNAT | Destination Network Address Translation | ||
| DNS | Domain Name System | ||
| DoS | Denial of Service | ||
| DPO | Data Privacy Officer | ||
| DRP | Disaster Recovery Plan | ||
| DSA | Digital Signature Algorithm | ||
| DSL | Digital Subscriber Line | ||
| EAP | Extensible Authentication Protocol | ||
| ECB | Electronic Code Book | ||
| ECC | Elliptic Curve Cryptography | ||
| ECDHE | Elliptic Curve Diffie-Hellman Ephemeral | ||
| ECDSA | Elliptic Curve Digital Signature Algorithm | ||
| EDR | Endpoint Detection and Response | ||
| EFS | Encrypted File System | ||
| ERP | Enterprise Resource Planning | ||
| ESN | Electronic Serial Number | ||
| ESP | Encapsulated Security Payload | ||
| FACL | File System Access Control List | ||
| FDE | Full Disk Encryption | ||
| FIM | File Integrity Monitoring | ||
| FPGA | Field Programmable Gate Array | ||
| FRR | False Rejection Rate | ||
| FTP | File Transfer Protocol | ||
| FTPS | Secured File Transfer Protocol | ||
| GCM | Galois Counter Mode | ||
| GDPR | General Data Protection Regulation | ||
| GPG | GNU Privacy Guard | ||
| GPO | Group Policy Object | ||
| GPS | Global Positioning System | ||
| GPU | Graphics Processing Unit | ||
| GRE | Generic Routing Encapsulation | ||
| HA | High Availability | ||
| HDD | Hard Disk Drive | ||
| HIDS | Host-based Intrusion Detection System | ||
| HIPS | Host-based Intrusion Prevention System | ||
| HMAC | Hashed Message Authentication Code | ||
| HOTP | HMAC-based One-time Password | ||
| HSM | Hardware Security Module | ||
| HTML | Hypertext Markup Language | ||
| HTTP | Hypertext Transfer Protocol | ||
| HTTPS | Hypertext Transfer Protocol Secure | ||
| HVAC | Heating, Ventilation, Air Conditioning | ||
| IaaS | Infrastructure as a Service | ||
| IaC | Infrastructure as Code | ||
| IAM | Identity and Access Management | ||
| ICMP | Internet Control Message Protocol | ||
| ICS | Industrial Control Systems | ||
| IDEA | International Data Encryption Algorithm | ||
| IDF | Intermediate Distribution Frame | ||
| IdP | Identity Provider | ||
| IDS | Intrusion Detection System | ||
| IEEE | Institute of Electrical and Electronics Engineers | ||
| IKE | Internet Key Exchange | ||
| IM | Instant Messaging | ||
| IMAP | Internet Message Access Protocol | ||
| IoC | Indicators of Compromise | ||
| IoT | Internet of Things | ||
| IP | Internet Protocol | ||
| IPS | Intrusion Prevention System | ||
| IPSec | Internet Protocol Security | ||
| IR | Incident Response | ||
| IRC | Internet Relay Chat | ||
| IRP | Incident Response Plan | ||
| ISO | International Organization for Standardization | ||
| ISP | Internet Service Provider | ||
| ISSO | Information Systems Security Officer | ||
| IV | Initialization Vector | ||
| KDC | Key Distribution Center | ||
| KEK | Key Encryption Key | ||
| L2TP | Layer 2 Tunneling Protocol | ||
| LAN | Local Area Network | ||
| LDAP | Lightweight Directory Access Protocol | ||
| LEAP | Lightweight Extensible Authentication Protocol | ||
| MaaS | Monitoring as a Service | ||
| MAC | Mandatory Access Control / Media Access Control / Message Authentication Code | ||
| MAN | Metropolitan Area Network | ||
| MBR | Master Boot Record | ||
| MD5 | Message Digest 5 | ||
| MDF | Main Distribution Frame | ||
| MDM | Mobile Device Management | ||
| MFA | Multi-Factor Authentication | ||
| MFD | Multifunction Device | ||
| MFP | Multifunction Printer | ||
| ML | Machine Learning | ||
| MMS | Multimedia Message Service | ||
| MOA | Memorandum of Agreement | ||
| MOU | Memorandum of Understanding | ||
| MPLS | Multiprotocol Label Switching | ||
| MSA | Master Service Agreement | ||
| MSCHAP | Microsoft Challenge Handshake Authentication Protocol | ||
| MSP | Managed Service Provider | ||
| MSSP | Managed Security Service Provider | ||
| MTBF | Mean Time Between Failures | ||
| MTTF | Mean Time to Failure | ||
| MTTR | Mean Time to Recover | Critical for disaster recovery planning | |
| MTU | Maximum Transmission Unit | Network packet size limit | |
| NAC | Network Access Control | Ensures endpoint compliance (e.g., 802.1X) | |
| NAT | Network Address Translation | Masks private IPs (e.g., home routers) | |
| NDA | Non-disclosure Agreement | Legal confidentiality requirement | |
| NFC | Near Field Communication | Contactless payments (range: ~4cm) | |
| NGFW | Next-generation Firewall | Includes IPS, SSL inspection | |
| NIDS | Network-based Intrusion Detection System | Passive monitoring (e.g., Snort) | |
| NIPS | Network-based Intrusion Prevention System | Active blocking of threats | |
| NIST | National Institute of Standards & Technology | Publishes cybersecurity frameworks | |
| NTFS | New Technology File System | Windows file system with ACL support | |
| NTLM | New Technology LAN Manager | Legacy Windows auth protocol | |
| NTP | Network Time Protocol | Critical for log synchronization | |
| OAUTH | Open Authorization | API authorization framework | |
| OCSP | Online Certificate Status Protocol | Real-time cert revocation checks | |
| OID | Object Identifier | Unique identifier in PKI | |
| OS | Operating System | Windows, Linux, macOS security | |
| OSINT | Open-source Intelligence | Threat intelligence from public sources | |
| OSPF | Open Shortest Path First | Dynamic routing protocol | |
| OT | Operational Technology | Industrial systems (SCADA, ICS) | |
| OTA | Over the Air | Wireless updates (e.g., IoT devices) | |
| OVAL | Open Vulnerability Assessment Language | Standard for vulnerability checks | |
| P12 | PKCS #12 | Certificate container format | |
| P2P | Peer to Peer | Decentralized networks (risk: malware) | |
| PaaS | Platform as a Service | Cloud dev environment (e.g., Heroku) | |
| PAC | Proxy Auto Configuration | Automated proxy settings | |
| PAM | Privileged Access Management | Controls admin access | |
| PAM | Pluggable Authentication Modules | Linux authentication framework | |
| PAP | Password Authentication Protocol | Unencrypted credential transmission | |
| PAT | Port Address Translation | NAT variant mapping multiple devices | |
| PBKDF2 | Password-based Key Derivation Function 2 | Key stretching algorithm | |
| PBX | Private Branch Exchange | Business phone systems (VoIP risks) | |
| PCAP | Packet Capture | Network traffic analysis (Wireshark) | |
| PCI DSS | Payment Card Industry Data Security Standard | Credit card security compliance | |
| PDU | Power Distribution Unit | Data center power management | |
| PEAP | Protected Extensible Authentication Protocol | WPA2-Enterprise authentication | |
| PED | Personal Electronic Device | BYOD security considerations | |
| PEM | Privacy Enhanced Mail | Base64-encoded cert format | |
| PFS | Perfect Forward Secrecy | Ephemeral keys for session security | |
| PGP | Pretty Good Privacy | Email/file encryption standard | |
| PHI | Personal Health Information | HIPAA-regulated data | |
| PII | Personally Identifiable Information | GDPR/CCPA protected data | |
| PIV | Personal Identity Verification | US govt smart card standard | |
| PKCS | Public Key Cryptography Standards | RSA-developed crypto standards | |
| PKI | Public Key Infrastructure | Digital certificate framework | |
| POP | Post Office Protocol | Legacy email retrieval protocol | |
| POTS | Plain Old Telephone Service | Analog phone security risks | |
| PPP | Point-to-Point Protocol | Direct device connections | |
| PPTP | Point-to-Point Tunneling Protocol | Insecure VPN protocol (avoid) | |
| PSK | Pre-shared Key | WPA2-Personal authentication | |
| PTZ | Pan-tilt-zoom | Security camera controls | |
| PUP | Potentially Unwanted Program | Grayware (adware, spyware) | |
| RA | Recovery Agent | Key escrow access for encrypted data | |
| RA | Registration Authority | PKI entity that verifies identities | |
| RADIUS | Remote Authentication Dial-in User Service | Centralized network authentication | |
| RAID | Redundant Array of Inexpensive Disks | Data redundancy (RAID 1/5/6) | |
| RAS | Remote Access Server | Legacy dial-up access systems | |
| RAT | Remote Access Trojan | Malware for persistent access | |
| RBAC | Role-based Access Control | Permissions tied to job functions | |
| RC4 | Rivest Cipher version 4 | Insecure stream cipher (deprecated) | |
| RDP | Remote Desktop Protocol | Common attack vector (secure with NLA) | |
| RFID | Radio Frequency Identifier | Physical access cards/cloning risks | |
| RSA | Rivest, Shamir, & Adleman | Asymmetric encryption algorithm | |
| RTBH | Remotely Triggered Black Hole | DDoS mitigation technique | |
| RTO | Recovery Time Objective | Max acceptable downtime | |
| RPO | Recovery Point Objective | Max data loss tolerance | |
| S/MIME | Secure/Multipurpose Internet Mail Extensions | Encrypted email standard | |
| SaaS | Software as a Service | Cloud apps (e.g., Office 365) | |
| SAML | Security Assertions Markup Language | XML-based SSO standard | |
| SAN | Storage Area Network | High-speed storage network | |
| SAN | Subject Alternative Name | Multi-domain SSL certificates | |
| SCADA | Supervisory Control and Data Acquisition | Industrial control systems | |
| SD-WAN | Software-defined Wide Area Network | Dynamic traffic routing | |
| SDLC | Software Development Lifecycle | Secure development practices | |
| SDN | Software-defined Networking | Decouples control plane from data plane | Attack surface for DDoS (e.g., ONOS controller exploits) |
| SELinux | Security-enhanced Linux | Mandatory Access Control (MAC) for Linux | Enforces least privilege policies |
| SED | Self-encrypting Drives | Hardware-based full-disk encryption | Complies with FIPS 140-2, protects data-at-rest |
| SEH | Structured Exception Handler | Windows memory management feature | Buffer overflow exploitation target |
| SFTP | Secured File Transfer Protocol | SSH-encrypted file transfer (port 22) | Secure alternative to FTP |
| SHA | Secure Hashing Algorithm | SHA-256 (NIST standard), SHA-1 deprecated | Integrity verification (e.g., file checksums) |
| SIEM | Security Information and Event Management | Log aggregation/analysis (e.g., Splunk) | Detects multi-vector attacks via correlation |
| SIM | Subscriber Identity Module | Mobile auth (e.g., 3G/4G/5G) | SIM swapping attacks bypass 2FA |
| SLA | Service-level Agreement | Uptime guarantees (e.g., 99.9%) | Cloud security responsibility matrix |
| SLE | Single Loss Expectancy | Asset Value × Exposure Factor | Part of risk calculation (ALE = SLE × ARO) |
| SMTP | Simple Mail Transfer Protocol | Email delivery (port 25) | SPF/DKIM/DMARC combat spoofing |
| SNMP | Simple Network Management Protocol | Device monitoring (v3 encrypts traffic) | Default community strings are a risk |
| SOAR | Security Orchestration, Automation, Response | Automates incident response (e.g., Phantom) | Reduces MTTR for breaches |
| SOC | Security Operations Center | 24/7 threat monitoring team | Tiered analysts (T1-T3) workflow |
| SPF | Sender Policy Framework | DNS TXT records to prevent email spoofing | Part of email authentication triad |
| SQLi | SQL Injection | ' OR 1=1-- bypasses authentication | OWASP Top 10 #1 risk |
| SSH | Secure Shell | Encrypted remote access (port 22) | Key-based auth > passwords |
| SSL/TLS | Secure Sockets Layer / Transport Layer Security | TLS 1.2/1.3 are current standards | Heartbleed (CVE-2014-0160) exploited SSL |
| SSO | Single Sign-on | Centralized auth (e.g., Okta, ADFS) | Risk: Compromise gives broad access |
| STIX/TAXII | Structured Threat Information eXchange / Trusted Automated eXchange of Indicator Information | Threat intelligence sharing formats | Used in MISP threat platforms |
| TACACS+ | Terminal Access Controller Access Control System | Cisco auth protocol (TCP/49) | Encrypts entire payload (vs RADIUS) |
| TCP/IP | Transmission Control Protocol/Internet Protocol | Internet protocol suite | SYN floods attack TCP handshake |
| TGT | Ticket Granting Ticket | Kerberos authentication component | Golden Ticket attacks forge TGTs |
| TKIP | Temporal Key Integrity Protocol | WPA encryption (deprecated) | Vulnerable to WPA2 attacks |
| TLS | Transport Layer Security | Replaced SSL (e.g., TLS 1.3) | Downgrade attacks (e.g., POODLE) |
| TOTP | Time-based One-time Password | Google Authenticator algorithm | More secure than SMS 2FA |
| TPM | Trusted Platform Module | Hardware crypto processor | Stores BitLocker/RSA keys |
| TTPs | Tactics, Techniques, Procedures | MITRE ATT&CK framework structure | Defenders use to profile threat actors |
| UDP | User Datagram Protocol | Connectionless (port 53 for DNS) | DNS amplification attacks |
| UEFI | Unified Extensible Firmware Interface | Replaces legacy BIOS | Secure Boot prevents rootkits |
| UPS | Uninterruptable Power Supply | Battery backup for graceful shutdown | Prevents data corruption |
| URL | Uniform Resource Locator | https:// vs http:// | IDN homograph attacks |
| USB OTG | USB On the Go | Direct device connections | BadUSB exploits firmware |
| UTM | Unified Threat Management | All-in-one security appliance | Includes FW/IPS/AV/web filtering |
| VDI | Virtual Desktop Infrastructure | Centralized desktop hosting | Reduces endpoint attack surface |
| VLAN | Virtual Local Area Network | Network segmentation (802.1Q) | VLAN hopping via double-tagging |
| VoIP | Voice over IP | SIP/RTP protocols (port 5060) | Vishing/SIP brute-force risks |
| VPN | Virtual Private Network | IPsec (IKEv2) or SSL VPNs | Split tunneling risks |
| WAF | Web Application Firewall | Blocks OWASP Top 10 (e.g., ModSecurity) | Bypasses via 0-days |
| WEP | Wired Equivalent Privacy | Broken RC4 encryption (2001) | Crackable in <1 minute |
| WPA | Wi-Fi Protected Access | WPA3 uses SAE (Dragonfly) | KRACK attacks target WPA2 |
| XDR | Extended Detection and Response | Cross-layer threat detection | Evolved from EDR/MDR |
| XSS | Cross-site Scripting | <script>alert(1)</script> | Stored vs reflected XSS |
To get in touch with me or for general discussion please visit ZeroDayMindset Discussion
This post is licensed under CC BY 4.0 by the author.