InfoSec Abbreviations
ACL = Access Control List; list of access control entries that describe what type access is permitted from where, by who, and to what; term is often used in networking for firewall, router, and switch configurations (ACL)
AES = Advanced Encryption Standard; also known as Rinnsale; established by the United States National Institute of Standards & Technology in 2001; block cypher with 128 bits block size; key length is 128, 192, or 256 bits (AES)
APT = Advanced Persistent Threat; stealthy threat actor, typically a nation state; stays undetected in compromised networks for an extended amount of time (APT)
ASN = Autonomous System Number; used in Border Gateway Protocol (BGP) based routing; the Internet is based on it (ASN)
C2 = Command & Control; refers to infrastructure/servers that have the purpose of controlling infected/compromised systems; botnets use c2 infrastructure at its core (What is C2?)
EDR = Endpoint Detection & Response - an agent based tool that collects process-level information from your computers and alert you on potentially malicious activity (EDR)
EPP = Endpoint Protection Platform - aka next-gen AntiVirus; blocks know malware and programs that behaves like malware (EPP)
IOC = Indicator of Compromise; artifacts like domain names, IP addresses, email addresses, file hashes, file names, folder names, URLs (IOC)
MFA = Multi Factor Authentication; often used in the 2FA variant, were two out off three possible factors are being used; 3 possible factors are: something you know (password), something you have (smartphone), something you are (fingerprint); (MFA)
NIST CSF = NIST CyberSecurity Framework; maturity assessment tool for #cybersecurity programs; created and maintained by the National Institute of Standards & Technology in the United States (NIST CSF)
PAM = Privilege Account/Access Management; tools & processes that make sure that the right amount of privilege is used by the right individuals at the right time; privileges are usually administrative permissions on systems and networks (PAM)
ransom = amount of money paid to receive a decryption key for maliciously encrypted data (Ransom)
SOAR = Security Orchestration Automation Response; tool to (semi) automate security operations tasks and manage incidents (SOAR)
TI = Threat Intelligence; general term for any information about malicious actors and their activities (TI)
TIP = Threat Intelligence Platform; tool to gather, analyze, transform, and share threat intelligence (TIP)
TVM = Threat & Vulnerability Management; tools and processes to discover, evaluate, prioritize, remediate, track software vulnerabilities with the goal to minimize attack surface (TVM)
vuln = short for vulnerability; most often a software bug that allows misuse; sometimes a hardware design flaw (Vulnerability)