Get a broad understanding
of the technical terms

Abbr Full Form / Phrase Definition
APT Advanced Persistent Threat A cyber-attack that continuously uses advanced techniques to conduct cyber espionage or crime
APWG Anti-Phishing Working Group An international consortium that brings together businesses affected by phishing attacks with security companies, law enforcement, government, trade associations, and others.
AV Antivirus A computer program used to prevent, detect, and remove malware.
AVIEN Anti-Virus Information Exchange Network A group of Antivirus and security specialists who share information regarding AV companies, products, malware and other threats.
CAPTCHA Completely Automated Public Turing Test to Tell Computers and Humans Apart A response test used in computing, especially on websites, to confirm that a user is human instead of a bot.
CARO Computer Antivirus Research Organization An organization established in 1990 to study malware.
CAVP Cryptographic Algorithm Validation Program This program provides validation testing of FIPS-approved and NIST-recommended cryptographic algorithms and individual components. Cryptographic algorithm validation is a necessary precursor to cryptographic module validation.
CBC Cipher Block Chaining Operation for a block cipher using an initialization vector and a chaining mechanism. This will cause the decryption of a block of cipher text to depend on preceding cipher text blocks.
CBC-MAC Cipher Block Chaining Message Authentication Code This constructs a message authentication code from a block cipher. The message is encrypted with some block cipher algorithm in CBC mode. This creates a chain of blocks with each block depending on the correct encryption of the previous block.
CERT Computer Emergency Response Team In this case, an expert group that handles computer security incidents and alerts organizations about them.
CHAP Challenge-Handshake Authentication Protocol A protocol for authentication that provides protection against replay attacks through the use of a changing identifier and a variable challenge-value.
CIRT Computer Incident Response Team A group that handles events involving computer security and data breaches.
CIS Center for Internet Security A 501 non-profit organization with a mission to "Identify, develop, validate, promote, and sustain best practice solutions for cyber defence and build and lead communities to enable an environment of trust in cyberspace."
CISA Certified Information Systems Auditor Professionals who monitor, audit, control, and assess information systems.
CISM Certified Information Systems Security Manager A certification offered by ISACA which "Demonstrates your understanding of the relationship between an information security program and broader business goals and objectives."
CISO Chief Information Security Officer The CISO is the executive responsible for an organization's information and data security. Increasingly, this person aligns security goals with business enablement or digital transformation. CISOs are also increasingly in a "coaching role" helping the business manage cyber risk. This is according to Ponemon Institute research.
CISSP Certified Information Systems Security Professional The CISSP is a security certification for security professionals, offered by (ISC)². CISSP considered to be the gold-standard information security certification that assures information security leaders possess the breadth and depth of knowledge to establish holistic security programs that protect against threats in an increasingly complex cyber world.
CND Computer Network Defence CND is defined by the US Department of Defence (DoD) as, "Actions taken through the use of computer networks to protect, monitor, analyse, detect, and respond to unauthorized activity within Department of Defence information systems and computer networks." This style of defence applies to the private sector as well.
COBIT Control Objectives for Information and Related Technologies An IT management including practices, tools and models for risk management and compliance.
CSEC Cyber Security Education Consortium The CSEC, also known as the CEC, partners with educators and the broader cybersecurity community to ensure students are prepared to lead and be change-makers in the cybersecurity workforce.
CSA Cloud Security Alliance The Cloud Security Alliance is the world's leading organization for defining best practices in cloud cybersecurity. It also provides a cloud security provider certification program, among other things.
CSO Chief Security Officer In some cases, the Chief Security Officer is in charge of an organization's entire security posture or strategy. This includes both physical security and cybersecurity. In other cases, this title belongs to the most senior role in charge of cybersecurity.
CSSIA Center for Systems Security and Information Assurance The CSSIA is a U.S. leader in training cybersecurity educators. It provides these teachers and professors with real-world learning experiences in information assurance and network security.
CVE Common Vulnerabilities and Exposures CVE® is a list of entries—each containing an identification number, a description, and at least one public reference—for publicly known cybersecurity vulnerabilities. CVE Entries are used in numerous cybersecurity products and services from around the world, including the U.S. National Vulnerability Database (NVD).
CVSS Common Vulnerability Scoring System An industry standard for rating the severity of security vulnerabilities. CVSS attempts to assign severity scores to vulnerabilities, allowing responders to prioritize responses and resources according to threat.
DDoS Distributed Denial of Service A distributed denial-of-service (DDoS) attack attempts to disrupt normal traffic of a targeted server, service or network to make a service such as a website unusable by “flooding” it with malicious traffic or data from multiple sources (often botnets).
DLP Data Loss Prevention An information security strategy to protect corporate data. DLP is a set of tools and processes used to ensure that sensitive data is not lost, misused, or accessed by unauthorized users, either inside or outside of an organization.
DNS attack Domain Name Server DNS uses the name of a website to redirect traffic to its owned IP address. should take you to Amazon's website, for example. During this type of attack, which is complex and appears in several ways, cybercriminals can redirect you to another site for their own purposes. This attack takes advantage of the communication back and forth between clients and servers.
EDR Endpoint Detection & Response Endpoint Detection & Response solutions are designed to detect and respond to endpoint anomalies. EDR solutions are not designed to replace IDPS solutions or firewalls but extend their functionality by providing in-depth endpoint visibility and analysis. EDR uses different datasets, which facilitates advanced correlations and detection.
FISMA Federal Information Security Management Act FISMA is United States legislation which requires each federal agency to develop, document, and implement an agency-wide program to provide information security for its information systems and data. The act recognized the importance of information security to the economic and national security interests of the United States.
FISMA Federal Information Security Modernization Act (2014) Law that assigns responsibilities within the U.S. federal government for setting and complying with policies to secure agencies' information systems. For example, Department of Homeland Security administers cybersecurity policies and the Office of Management and Budget provides oversight.
FISSEA Federal Information Systems Security Educators' Association An organization run by and for information systems security professionals to assist federal agencies in meeting their information systems security awareness, training, and education responsibilities.
GRC Governance, Risk Management, and Compliance Three parts of a strategy for managing an organization's overall governance, enterprise risk management and compliance with regulations. Cybersecurity people, practices and tools play a key part in GRC for many organizations.
HTTPS Secure Hypertext Transfer Protocol An extension of the Hypertext Transfer Protocol. It is used for secure communication over a computer network by encrypting the information you send from your computer to another website, for example. It is a means of ensuring privacy, security and also a way of authenticating that the site you’re on is the one you intended to visit.
IA Information Assurance Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation.
IAM Identity and access management IAM is a framework of policies and technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources. This helps organizations maintain “least privileged” or "zero trust" account access, where employees only have access to the minimum amount of data needed for their roles.
IBE Identity-Based Encryption A type of public-key encryption in which the public key of a user is some unique information about the identity of the user, like a user's email address, for example.
IDS/IPS Intrusion Detection and Prevention Intrusion Detection Systems (IDS) analyse network traffic for signatures that match known cyberattacks. Intrusion Prevention Systems (IPS) analyse packets as well, but can also stop the packet from being delivered based on what kind of attacks it detects, helping to stop the attack.
ISACA Information Systems Audit and Control Association ISACA provides certifications for IT security, audit and risk management professionals. ISACA also maintains the COBIT framework for IT management and governance. ISACA was incorporated in 1969 by a small group of individuals who recognized a need for a centralized source of information and guidance in the growing field of auditing controls for computer systems. Today, ISACA serves professionals in 180 countries.
ISAKMP Internet Security Association and Key Management Protocol A protocol for establishing Security Associations and cryptographic keys in an Internet environment. ISAKMP only provides a framework for authentication and key exchange and is designed to be key exchange independent.
ISAP Information Security Automation Program The ISAP is a U.S. government agency initiative to enable automation and standardization of technical security operations. Its standards based design may benefit those in the private sector as well.
(ISC)² International Information Systems Security Certification Consortium A non-profit organization which specializes in training and certification for cybersecurity professionals. Certifications include the CISSP.
ISO International Organization for Standardization An organization that develops international standards of many types, including two major information security management standards, ISO 27001 and ISO 27002.
ISSA Information Systems Security Association ISSA is a not-for-profit, international organization of information security professionals and practitioners.
ISSO Information Systems Security Officer Individual with assigned responsibility for maintaining the appropriate operational security posture for an information system or program.
ISSPM Information Systems Security Program Manager The ISSPM, sometimes called an IT Security Manager, coordinates and executes security policies and controls, as well as assesses vulnerabilities within a company. They are often responsible for data and network security processing, security systems management, and security violation investigation.
JSM Java Security Manager To use Java security to protect a Java application from performing potentially unsafe actions, you can enable a security manager for the JVM in which the application runs. The security manager enforces a security policy, which is a set of permissions (system access privileges) that are assigned to code sources.
MS-ISAC Multi-State Information Sharing and Analysis Centre The mission of the MS-ISAC is to improve the overall cybersecurity posture of the nation's state, local, tribal and territorial governments through focused cyber threat prevention, protection, response, and recovery.
MSSP Managed Security Services Provider Provides outsourced monitoring and management of security devices and systems. Common services include managed firewall, intrusion detection, virtual private network, vulnerability scanning and anti-viral services.
NCS National Cryptologic School A school within the National Security Agency. The NCS provides the NSA workforce and its Intelligence Community and Department of Defence partners highly-specialized cryptologic training, as well as courses in leadership, professional development, and over 40 foreign languages.
NCSA National CyberSecurity Alliance A non-profit working with the Department of Homeland Security, private sector sponsors, and non-profit collaborators to promote cyber security awareness for home users, small and medium size businesses, and primary and secondary education.
NCSAM National CyberSecurity Awareness Month NCSAM is a collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more secure online. It occurs each year in October. The security awareness month started with a joint effort by the National Cyber Security Division within the Department of Homeland Security and the non-profit National CyberSecurity Alliance.
NCSD National Cyber Security Division A division of the Office of Cyber Security & Communications with the mission of collaborating with the private sector, government, military, and intelligence stakeholders to conduct risk assessments and mitigate vulnerabilities and threats to information technology assets and activities affecting the operation of the civilian government and private sector critical cyber infrastructures.
NICCS National Initiative for Cybersecurity Careers and Studies An online resource for cybersecurity training that connects government employees, students, educators, and industry with cybersecurity training providers throughout the United States.
NICE National Initiative for Cybersecurity Education The mission of NICE is to energize and promote a robust network and an ecosystem of cybersecurity education, training, and workforce development.
NISPOM National Industrial Security Program Operating Manual The National Industrial Security Program Operating Manual establishes the standard procedures and requirements for all government contractors, with regards to classified information. It covers the entire field of government-industrial security related matters.
NIST National Institute of Standards and Technology In cybersecurity circles, NIST is a well known for the NIST Cybersecurity Framework, as well as the NIST Risk Management Framework (RMF), NIST 800-53 control guidance, NIST Digital Identity Guidelines and others. The overall NIST mission is to "promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life." NIST is part of the U.S. Department of Commerce.
OPSEC Operational Security OPSEC is a term derived from the U.S. military and is an analytical process used to deny an adversary information that could compromise the secrecy and/or the operational security of a mission. Performing OPSEC related techniques can play a significant role in both offensive and defensive cybersecurity strategies.
OSINT Open Source Intelligence OSINT is information drawn from publicly available data that is collected, exploited, and reported to address a specific intelligence requirement. In the intelligence community, the term "open" refers to overt, publicly available sources (as opposed to covert or clandestine sources).
PCI-DSS Payment Card Industry Data Security Standard The Payment Card Industry Data Security Standard (PCI-DSS) is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment.
SANS System Administration, Networking, and Security Institute A private company that specializes in information security training and security certification.
SIEM Security Information and Event Management Security Information and Event Management (SIEM) technology supports threat detection and security incident response through the real-time collection and historical analysis of security events from a wide variety of event and contextual sources.
SOC Security Operations Centre A central location or team within an organization that is responsible for monitoring, assessing and defending security issues.
SSO Single Sign-On A system which enables users to securely authenticate themselves with multiple applications and websites by logging in with a single set of credentials.
TTP Tactics, Techniques, and Procedures The behaviour of an actor. A tactic is the highest-level description of this behaviour, while techniques give a more detailed description of behaviour in the context of a tactic, and procedures an even lower-level, highly detailed description in the context of a technique.
UBA / UEBA User Behaviour Analytics UBA tracks a system's users, looking for unusual patterns of behaviour. In cybersecurity, the process helps detect insider threats, and other targeted attacks including financial fraud. User behaviour analytics solutions look at patterns of human behaviour, and then apply algorithms and statistical analysis to detect meaningful anomalies from those patterns. This guides efforts to correct unintentional behaviour that puts business at risk and risky and intentional deceit.
VPN Virtual Private Network By connecting through a VPN, all the data you send and receive travels through an encrypted "tunnel" so that no one can see what you are transmitting or decipher it if they do get a hold of it. VPNs also allow you to hide your physical location and IP address, often displaying the IP address of the VPN service, instead.

Contact Us and Request

Don't Hesitate To Contact Us
Say Hello......