Information and Cyber Security Lexicon
An extensive, but incredibly non-exhaustive, list of acronyms and initialisms[1] related to the cybersecurity industry specifically as well as some general items for working in corporate environments.
Acronym Key and Glossary Terms
| AAC | Adaptive Access Control |
|---|---|
| AM | Access Management |
| aPaaS | Application Platform as a Service |
| API | Application Programming Interface |
| AWS | Amazon Web Services |
| Azure AD | Microsoft Azure Active Directory |
| BYOD | Bring Your Own Device |
| BYOK | Bring Your Own Key |
| CAD | Cloud Access Discovery |
| CASB | Cloud Access Security Broker |
| CCSP | Certified Cloud Security Professional |
| CCSS | Certified Cloud Security Specialist |
| CI/CD | Continuous Integration/Continuous Deployment |
| CIEM | Cloud Infrastructure Entitlement Management |
| CIS | Center for Information Security |
| CISM | |
| CISSP | |
| CNAPP | Cloud-Native Application Platform Protection |
| COBIT | Control Objectives for Information and Related Technologies |
| CP | Cloud Provider |
| CSA | Cloud Security Alliance |
| CSMA | Cybersecurity Mesh Architecture |
| CSP | Cloud Service Provider |
| CSPM | Cloud Security Posture Management |
| CTI | Cyber Threat Intelligence |
| CWPP | Cloud Workload Protection Platform |
| DEM | Digital Experience Monitoring |
| DLP | Data Loss Prevention |
| EA | Enterprise Architecture |
| EDR | Endpoint Detection and Response |
| EDRM | Enterprise Digital Rights Management |
| EFW | Enterprise Firewall |
| ENFW | Enterprise Network Firewall |
| EPP | Endpoint Protection Platform |
| FIRST | Forum of Incident Response and Security Teams |
| FWaaS | Firewall as a Service |
| GCP | Google Cloud Platform |
| HIPAA | Health Insurance Portability and Accountability Act |
| HITRUST Alliance | Health Information Trust Alliance |
| HSM | Hardware Security Module |
| HTTP | Hypertext Transfer Protocol |
| I&O | Infrastructure and Operations |
| IaaS | Infrastructure as a Service |
| IAM | Identity and Access Management |
| IDPS | Intrusion Detection and Prevention System |
| IGA | Identity Governance and Administration |
| ISAE | International Standard for Assurance Engagement |
| ISO | International Standards Organization |
| ISSA | Information Systems Security Association |
| ITDR | Identity Threat Detection and Response |
| ITIL | Information Technology Infrastructure Library |
| KEK | Key Encryption Key |
| KMS | Key Management Service |
| KSPM | Kubernetes Security Posture Management |
| MFA | Multi-Factor Authentication |
| MTD | Mobile Threat Defense |
| NIST | National Institute of Standards and Technology |
| PaaS | Platform as a Service |
| PAC | Proxy Autoconfiguration |
| PAM | Privileged Access Management |
| PCI | Payment Card Industry |
| PCI DSS | Payment Card Industry Data Security Standard |
| RACI | Responsible, Accountable, Consulted, Informed Matrix |
| RBAC | Role-Based Access Control |
| RBI | Remote Browser Isolation |
| SaaS | Software as a Service |
| SABSA | Sherwood Applied Business Security Architecture |
| SASE | Secure Access Service Edge |
| SEG | Secure Email Gateway |
| SIEM | Security Information and Event Management |
| SMP | SaaS Management Platform |
| SSE | Security Service Edge (CASB + SWG + ZTNA) |
| SSL | Secure Sockets Layer |
| SSO | Single Sign-On |
| SSPM | SaaS Security Posture Management |
| STAR | Security Trust and Assurance Registry From CSA |
| SWG | Secure Web Gateway |
| TLS | Transport Layer Security |
| UEBA | User and Entity Behavior Analysis |
| UEM | Unified Endpoint Management |
| UES | Unified Endpoint Security |
| VPN | Virtual Private Network |
| WAAP | Web Application and API Protection |
| WAF | Web Application Firewall |
| XDR | Extended Detection and Response |
| ZTNA | Zero Trust Network Access (or Architecture) |
Technically, an acronym needs to be or become an actual word, like “FIRST”, and an initialism is a shortening of a phrase or title into the initial character of each word. I tend to think of an acronym as being pronounceable, such SIEM, whereas an initialism is like EDR where we pronounce each character separately. For brevity, I’ll use acronym to refer to both. ↩︎