Infosec Terms
A glossary of Infosec terms and abbreviations.


  • 2FA: 2 Factor Authentication


  • AD: Active Directory
  • AES: Advanced Encryption Standard
  • AMSI: Anti-Malware Scan Interface
  • AP: Access Point
  • APT: Advanced Persistent Threat
  • AV: Antivirus


  • BoF: Buffer Overflow


  • C2 (CC): Command and Control
  • CBSP: Cloud-based Security Providers
  • CISA: Certified Information Systems Auditor
  • CISM: Certified Information Security
  • CISSP: Certified Information Systems Security Professional
  • CS: Cobalt Strike
  • CSP: Content Security Policy
  • CVE; Common Vulnerabilities and Exposures
  • CVSS: Common Vulnerability Scoring System


  • DDoS: Distributed Denial of Service
  • DES: Data Encryption Standard
  • DLP: Data-loss Prevention
  • DOS: Denial of Service
  • DSA: Digital Signature Algorithm


  • EDR: Endpoint Detection and Response
  • EPT: External Penetration Testing
  • ES: Enterprise Security


  • FDE: Full Disk Encryption
  • FW: Firewall


  • GPG: GNU Privacy Guard
  • GRE: Generic Routing Encapsulation
  • GSM: Global System for Mobile (communications)


  • HIPS: Host IPS (Intrusion Prevention System)
  • HMAC: Hash-based Message Authentication Code
  • HPP: HTTP Parameter Pollution
  • HSTS: HTTP Strict Transport Security


  • (I)IoT: (Industrial) Internet of Things
  • IAM: Identity Access Management
  • IAST: Interactive Application Security Testing
  • ICE: Intrusion Countermeasures Electronics
  • ICS: Incident Command System
  • ICS: Industrial Control System
  • ID: Information Disclosure
  • IDS: Intrusion Detection System
  • IPS: Intrusion Prevention System
  • IPT: Internal Penetration Testing
  • IPsec: Internet Protocol Security
  • IR: Incident Response
  • ISM: Information Security Manual
  • ISMS: Information Security Management System


  • JCE: Java Cryptography Extension


  • KC: Kill Chain
  • KLCP: Kali Linux Certified Professional


  • LE: Let's Encrypt
  • LOIC: Low Orbit Ion Cannon
  • LPA: Least Privilege Access
  • LPE: Local Privilege Escalation


  • MD5: Message Digest 5 (hash)
  • MDR: Managed Detection and Response
  • MFA: Multi-Factor Authentication
  • MISP: Malware Information Sharing Platform
  • MSCT: Microsoft Security Compliance Toolkit
  • MSSP: Managed Security Service Provider
  • MitM: Man-in-the-Middle


  • NCSC: CCPLP NCSC Certified Cybersecurity Professional - Lead Practitioner
  • NCSC: CCPP NCSC Certified Cybersecurity Professional - Practitioner
  • NCSC: CCPSP NCSC Certified Cybersecurity Professional - Senior Practitioner
  • NCSC: National Cyber Security Centre
  • NCS: National Cybersecurity Strategy
  • NGFW: Next Generation Firewall
  • NIDS: Network IDS (Intrusion Detection System)
  • NIPS: Network IPS (Intrusion Prevention System)
  • NSE: 4 NSE 4 - FortiNET Network Security Professional
  • NSE: 7 NSE 7 - FortiNET Network Security Architect
  • NSE: 8 NSE 8 - Fortinet Network Security Expert


  • OPSA: ISECOM OSSTMM Professional Security Analyst
  • OPSEC: Operations Security
  • OPSE: ISECOM OSSTMM Professional Security Expert
  • OPST: ISECOM OSSTMM Professional Security Tester
  • OSCE: Offensive Security Certified Expert
  • OSCP: Offensive Security Certified Professional
  • OSEE: Offensive Security Exploitation Expert
  • OSEP: Offensive Security Experienced Penetration Tester
  • OSINT: Open Source Intelligence
  • OSSTMM: Open Source Security Testing Methodology Manual
  • OSWP: Offensive Security Wireless Professional
  • OTP: One-time Password
  • OT: Operational Technology
  • OWASP: Open Web Application Security Project


  • PACES: Pentester Academy Certified Enterprise Security Specialist
  • PAM: Privilege Access Management
  • PCAP: Packet Capture
  • PCNSA: Palo Alto Networks Certified Network Security Administrator
  • PCNSE: Palo Alto Networks Certified Network Security Engineer
  • PE: Privilege Escalation
  • PEBCAK: Problem Exists Between Chair and Keyboard
  • PEBKAC: Problem Exists Between Keyboard And Chair
  • PERSEC: Personal Security (military)
  • PFS: Perfect Forward Secrecy
  • PGP: Pretty Good Privacy
  • PII: Personally Identifiable Information
  • PIM: Privilege Identity Management
  • PIN: Personal Identification Number
  • PKI: Public Key Infrastructure
  • PLC: Programmable Logic Controllers
  • PLD: Payload
  • POA&M: Plan of Action & Mitigation
  • PS: Powershell
  • PT: Penetration Test
  • PTR: Penetration Test Request
  • Pentest+: CompTIA Pentest+
  • PoC: Point of Concept
  • PrivEsc: Privilege Escalation


  • QSA: Quality Security Assessor


  • RAT: Remote (Administration/Access) Too
  • RBA: Risk-based Assessment
  • RCA: Root Cause Analysis
  • RCE: Remote Code Execution


  • SAST: Static Application Security Testing
  • SIEM: Security Information and EVent Management
  • SOC: Security Operations Centre
  • SPF: Sender Policy Framework
  • SQLi: SQL Injection
  • SSCP - Systems Security Certified Practitioner
  • SSE: Server-Side Encryption
  • SSH: Secure Shell
  • STS: Security Token Service


  • TI: Threat Intelligence
  • TLS: Transport Layer Security
  • TOR: The Onion Router
  • TPM: Trusted Platform Module



  • VA: Vulnerability Assessment
  • VAPT: Vulnerability Assessment and Penetration Test
  • VDP: Vulnerability Disclosure Program
  • VLOM: Vulnerability Lifecycle Management
  • VM: Vulnerability Management
  • VMP: Vulnerability Management Program
  • VR: Vulnerability Research
  • VSA: Vendor Security Assessment


  • WAF: Web Application Firewall
  • WAP: Web Application Protection
  • WAPT: Web Application Penetration Test
  • WCE: Windows Credentials Editor
  • WIDS: Wireless Intrusion Detection System
  • WIPS: Wireless Intrusion Prevention System
  • WPA: Wi-Fi Protected Access


  • XXE: XML External Entities
  • XSS: Cross-Site Scripting



  • ZT: Zero Trust