Security Acronym Glossary

Security acronyms are shorthand terms used to represent complex cybersecurity concepts, technologies, standards, and practices. They are essential for communication in the fast-paced world of information security, where precision and speed are critical.

These acronyms are widely used by IT professionals, cybersecurity teams, compliance officers, and auditors to discuss risks, policies, tools, and incidents efficiently.

Whether in technical documentation, risk assessments, or vendor evaluations, security acronyms help teams quickly align on key topics, reducing misunderstanding and promoting a shared language across diverse roles.

Here you can find a list of key Security Acronyms:

‍

Acronym	Phrase	Definition
ACL	Access Control List	A set of rules that defines permissions attached to an object, specifying which users or system processes can access or modify it.
API	Application Programming Interface	A set of protocols and tools that allows different software applications to communicate with each other.
APT	Advanced Persistent Threat	A prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period to gather sensitive information.
BC/DR	Business Continuity and Disaster Recovery	Strategies and processes that help an organization recover from disasters and continue operations with minimal disruption.
BEC	Business Email Compromise	A type of cyberattack where attackers impersonate company executives or employees to fraudulently initiate wire transfers or gain access to sensitive information.
CAIQ	Consensus Assessments Initiative Questionnaire	A survey provided by the Cloud Security Alliance (CSA) to assess the security capabilities of cloud service providers.
CCPA	California Consumer Privacy Act	A state statute that enhances privacy rights and consumer protection for residents of California, granting them greater control over their personal data.
CISO	Chief Information Security Officer	A senior-level executive responsible for developing and implementing an information security program to protect enterprise communications and assets.
CMS	Credential Management System	Software used for issuing and managing digital credentials as part of a public key infrastructure (PKI).
CSA	Cloud Security Alliance	An organization that promotes best practices for providing security assurance within cloud computing.
CTI	Cyber Threat Intelligence	The collection and analysis of information about potential or current attacks that threaten an organization.
DDoS	Distributed Denial of Service	An attack that attempts to disrupt normal traffic of a targeted server, service, or network by overwhelming it with a flood of Internet traffic.
DLP	Data Loss Prevention	Tools and strategies used to prevent sensitive data from being lost, misused, or accessed by unauthorized users.
EDR	Endpoint Detection & Response	Solutions that monitor end-user devices to detect and respond to cyber threats like malware and ransomware.
HIPAA	Health Insurance Portability and Accountability Act	U.S. legislation that provides data privacy and security provisions for safeguarding medical information.
IAM	Identity Access Management	Frameworks and technologies for ensuring that the right individuals in an enterprise have access to the appropriate resources.
IDS/IPS	Intrusion Detection System/Intrusion Prevention System	Systems that monitor network or system activities for malicious activities or policy violations and can take action to prevent or block them.
ISO	International Organization for Standardization	An international standard-setting body that develops and publishes various standards, including those for information security (e.g., ISO 27001).
MDR	Managed Detection and Response	Services that provide organizations with threat detection and response capabilities, often delivered by third-party vendors.
MDM	Mobile Device Management	Software solutions that allow IT administrators to control, secure, and enforce policies on smartphones, tablets, and other endpoints.
NIST	National Institute of Standards and Technology	A U.S. federal agency that develops and promotes measurement standards, including cybersecurity frameworks.
OSINT	Open Source Intelligence	The collection and analysis of information gathered from public sources to produce actionable intelligence.
PCI DSS	Payment Card Industry Data Security Standard	A set of security standards designed to ensure that all companies processing, storing, or transmitting credit card information maintain a secure environment.
PHI	Protected Health Information	Any information in a medical record that can be used to identify an individual and that was created, used, or disclosed in the course of providing healthcare services.
PKI	Public Key Infrastructure	A framework that manages digital keys and certificates to enable secure data exchange over networks.
RBAC	Role-Based Access Control	An approach to restricting system access to authorized users based on their roles within an organization.
RTO/RPO	Recovery Time Objective/Recovery Point Objective	Metrics that define the acceptable amount of time to restore a system (RTO) and the acceptable amount of data loss measured in time (RPO) after a disaster.
SASE	Secure Access Service Edge	A network architecture that combines WAN capabilities with comprehensive security functions to support the dynamic secure access needs of organizations.
SIEM	Security Information and Event Management	A solution that aggregates and analyzes activity from various resources across an IT infrastructure to detect and respond to security threats.
SOC	Security Operations Center	A centralized unit within an organization responsible for monitoring, detecting, investigating, and responding to cyber threats.
SSO	Single Sign-On	An authentication process that allows a user to access multiple applications with one set of login credentials.
VPN	Virtual Private Network	A service that encrypts your internet connection and hides your IP address to provide secure and private online communication.
WAF	Web Application Firewall	A security solution that protects web applications by filtering and monitoring HTTP traffic between a web application and the Internet.
XSS	Cross-Site Scripting	A security vulnerability that allows attackers to inject malicious scripts into content viewed by other users.

‍

10 de abril de 2025

Glosario de acrónimos de seguridad

Glosario de acrónimos de seguridad

Puestos relacionados

Key Security Terms

Glosario de acrónimos de seguridad

¿Qué es la conformidad de la IA?

Entradas destacadas

SOC 1 frente a SOC 2

¿Qué es la RFx?

Coste de la certificación ISO 27001: Qué esperar y factores clave