[REFERENCE] InfoSec Abbreviations 🔡

Background: While getting started in information security, I kept coming across acronyms I wasn't familiar with/ had forgotten. So I have started compiling a list, for future reference. I will keep this list updated, as I go along 😚

Common InfoSec Abbreviations

• AES: Advanced Encryption Standard
• C2: Command & Control (sometimes CC)
• CBSP: Cloud-Based Security Providers
• CSP: Content Security Policy
• CORS: Cross-Origin Resource Sharing
• CVSS: Common Vulnerability Scoring System
• DAST: Dynamic Application Security Testing
• DLP: Data-loss Prevention
• DDoS: Distributed Denial of Service
• DES: Data Encryption Standard
• DOS: Dinial of Service
• DSA: Digital Signature Algorithm
• EDR: Endpoint Detection & Response
• IPSec: Internet Protocol Security
• IIoT: (Industrial) Internet of Things
• MFA: Multi-Factor Authentication
• PAM: Privilege Access Management
• PIM: Privilege Identity Management
• RAT: Remote Adimistration Tool
• SAST: Static Application Security Testing
• SPF: Sender Policy Framework
• SSE: Server-Side Encryption
• STS: Security Token Service
• TLS: Transport Layer Security
• WAF: Web Application Firewall
• WAP: Web Application Protection
• XSS: Cross-Site Scripting

Of course, there are other, much more complete glossaries, but they can get overwhelming- these are the basics, and my personal resource. For some much more complete lists, see:

🡆 A lot of acronyms: via InfoSec Matter
🡆 Glossary of Terms: via NICCS (National Initiative for Cybersecurity Careers and Studies in the US)