Cybersecurity Acronyms Glossary

This Cybersecurity Acronyms Glossary provides a comprehensive reference for the complex terminology used across the security industry. From access control and data protection to incident response and compliance frameworks, these acronyms represent the essential concepts and tools that security professionals use to protect organizations and their data.

Table of Contents

Access Control & Identity Management

IAM – Identity and Access Management

Definition: A framework of policies and technologies to ensure that the right individuals have access to the appropriate resources.

RBAC – Role-Based Access Control

Definition: A security model that restricts access based on user roles and job functions.

ACL – Access Control List

Definition: A security mechanism that defines which users or system processes have access to specific resources and what operations they can perform.

MAC – Mandatory Access Control

Definition: A strict access control model that enforces security policies by limiting access based on classifications and security labels.

SSO – Single Sign-On

Definition: A user authentication process that allows users to access multiple systems with one set of credentials.

MFA – Multi-Factor Authentication

Definition: A security mechanism that requires users to provide multiple forms of identification to access a system.

KBA – Knowledge-Based Authentication

Definition: A security measure that verifies a user’s identity by asking security questions based on personal knowledge.

Data Protection & Privacy

DLP – Data Loss Prevention

Definition: A set of tools and processes used to prevent unauthorized access, use, or transmission of sensitive data.

PII – Personally Identifiable Information

Definition: Any data that can be used to identify a specific individual, such as name, Social Security number, or email address.

PHI – Protected Health Information

Definition: Any health-related information that can be linked to an individual, as defined under the Health Insurance Portability and Accountability Act (HIPAA).

GDPR – General Data Protection Regulation

Definition: A comprehensive data protection law in the European Union that governs the collection, processing, and storage of personal data.

CCPA – California Consumer Privacy Act

Definition: A state-level privacy law in California that grants consumers rights over their personal data and imposes obligations on businesses.

E2EE – End-to-End Encryption

Definition: A method of secure communication that prevents third parties from accessing data while it’s transferred.

AES – Advanced Encryption Standard

Definition: A widely used encryption standard for securing sensitive data.

PGP – Pretty Good Privacy

Definition: An encryption program used to secure emails, files, and messages.

Security Operations & Incident Response

SIEM – Security Information and Event Management

Definition: A security tool that aggregates, analyzes, and correlates log data to detect threats.

SOAR – Security Orchestration, Automation, and Response

Definition: A technology that automates and streamlines security operations.

IRP – Incident Response Plan

Definition: A documented process for responding to and managing a cybersecurity incident.

IDS – Intrusion Detection System

Definition: A security tool that monitors network traffic for suspicious activity.

APT – Advanced Persistent Threat

Definition: A prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected.

DDoS – Distributed Denial of Service

Definition: A cyberattack that overwhelms a system, server, or network with traffic to disrupt service.

Risk Management & Compliance

GRC – Governance, Risk, and Compliance

Definition: A framework that integrates risk management, regulatory compliance, and corporate governance into security operations.

TPRM – Third-Party Risk Management

Definition: The process of identifying, assessing, and mitigating risks associated with outsourcing services to third-party vendors or suppliers.

RMF – Risk Management Framework

Definition: A structured approach to managing cybersecurity risks, developed by NIST.

BIA – Business Impact Analysis

Definition: A process that identifies and evaluates the potential effects of disruptions to critical business operations.

BCP – Business Continuity Plan

Definition: A strategic framework that ensures an organization can continue operations during and after a cybersecurity incident or disaster.

CMMC – Cybersecurity Maturity Model Certification

Definition: A U.S. Department of Defense framework for assessing the cybersecurity posture of contractors.

Cloud & Network Security

CASB – Cloud Access Security Broker

Definition: A security policy enforcement tool that monitors and controls access to cloud services.

CSPM – Cloud Security Posture Management

Definition: A security solution that helps organizations monitor cloud configurations and enforce compliance.

WAF – Web Application Firewall

Definition: A security tool that protects web applications from cyber threats such as SQL injection and cross-site scripting (XSS).

ZTNA – Zero Trust Network Access

Definition: A security framework that enforces strict identity verification and least-privilege access to network resources.

VPC – Virtual Private Cloud

Definition: A secure cloud computing environment that isolates sensitive data from public networks.

SASE – Secure Access Service Edge

Definition: A cloud-based security model that integrates networking and security services.

Standards & Frameworks

ISO/IEC 27001

Definition: A globally recognized standard for establishing, implementing, and maintaining an information security management system (ISMS).

NIST – National Institute of Standards and Technology

Definition: A U.S. federal agency that develops cybersecurity frameworks and guidelines, such as NIST SP 800-53 and NIST CSF.

PCI DSS – Payment Card Industry Data Security Standard

Definition: A set of security standards designed to protect payment card data.

SOC – System and Organization Controls

Definition: A set of auditing standards developed by the AICPA to assess the controls of service organizations.

HIPAA – Health Insurance Portability and Accountability Act

Definition: A U.S. law that sets standards for protecting sensitive patient health information.

FISMA – Federal Information Security Management Act

Definition: A U.S. law that outlines the framework for securing federal government information systems.

Hardware & Endpoint Security

EPP – Endpoint Protection Platform

Definition: A security solution that detects and prevents threats at endpoint devices such as laptops and mobile devices.

HSM – Hardware Security Module

Definition: A physical device that securely manages cryptographic keys and performs encryption operations.

TPM – Trusted Platform Module

Definition: A secure hardware chip used for cryptographic operations.

UEM – Unified Endpoint Management

Definition: A security approach for managing and securing all endpoints in an organization.

BYOD – Bring Your Own Device

Definition: A policy that allows employees to use their personal devices for work purposes, often requiring security measures.

Monitoring & Analytics

UEBA – User and Entity Behavior Analytics

Definition: A security tool that analyzes user behavior to detect anomalies and insider threats.

VAPT – Vulnerability Assessment and Penetration Testing

Definition: A process of identifying and exploiting vulnerabilities in a system to assess its security.

DCAP – Data-Centric Audit and Protection

Definition: A security approach focused on auditing and protecting sensitive data regardless of where it resides.

KYC – Know Your Customer

Definition: A process used by businesses to verify the identity of their clients to prevent fraud.

Industrial & Operational Security

SCADA – Supervisory Control and Data Acquisition

Definition: A system used for industrial control, requiring robust cybersecurity protections.

OT – Operational Technology

Definition: Hardware and software systems used to control industrial processes, often targeted by cyber threats.

BES – Bulk Electric System

Definition: A term used in NERC CIP compliance to refer to key components of the power grid that require heightened security measures.

Create an account. Order Contacts. Plant your seeds. Check your Assumed inbox. It's that easy.

Register

Questions?

Get in touch, we will be happy to help!

Contact

Security, Risk & Compliance

Latest from our blog

Our mission is to assist companies in their fight against data leaks. We strive to provide a data leak monitoring and data partner vetting solution, giving businesses the tools and knowledge they need to monitor their most valuable asset: their data.

Solutions

Assumed Seeds

Data Leak Monitoring

Third-Party Vendor Risk Management

Sales Coaching

MSSP Tools

Honey Tokens

Resources

Blog

Case Study

Newsletter

Minimum Viable Secure Product

FAQ

Glossary

Changelog

Contact

Contact Us

Partners

Security

Assumed LLC

1731 N Marcey St., Suite 525
Chicago, IL, 60614