Infosec Terms

A glossary of Infosec terms and abbreviations.


  • 2FA: 2 Factor Authentication


  • AD: Active Directory

  • AES: Advanced Encryption Standard

  • AMSI: Anti-Malware Scan Interface

  • AP: Access Point

  • APT: Advanced Persistent Threat

  • AV: Antivirus


  • BoF: Buffer Overflow


  • C2 (CC): Command and Control

  • CBSP: Cloud-based Security Providers

  • CISA: Certified Information Systems Auditor

  • CISM: Certified Information Security

  • CISSP: Certified Information Systems Security Professional

  • CS: Cobalt Strike

  • CSP: Content Security Policy

  • CVE; Common Vulnerabilities and Exposures

  • CVSS: Common Vulnerability Scoring System


  • DDoS: Distributed Denial of Service

  • DES: Data Encryption Standard

  • DLP: Data-loss Prevention

  • DOS: Denial of Service

  • DSA: Digital Signature Algorithm


  • EDR: Endpoint Detection and Response

  • EPT: External Penetration Testing

  • ES: Enterprise Security


  • FDE: Full Disk Encryption

  • FW: Firewall


  • GPG: GNU Privacy Guard

  • GRE: Generic Routing Encapsulation

  • GSM: Global System for Mobile (communications)


  • HIPS: Host IPS (Intrusion Prevention System)

  • HMAC: Hash-based Message Authentication Code

  • HPP: HTTP Parameter Pollution

  • HSTS: HTTP Strict Transport Security


  • (I)IoT: (Industrial) Internet of Things

  • IAM: Identity Access Management

  • IAST: Interactive Application Security Testing

  • ICE: Intrusion Countermeasures Electronics

  • ICS: Incident Command System

  • ICS: Industrial Control System

  • ID: Information Disclosure

  • IDS: Intrusion Detection System

  • IPS: Intrusion Prevention System

  • IPT: Internal Penetration Testing

  • IPsec: Internet Protocol Security

  • IR: Incident Response

  • ISM: Information Security Manual

  • ISMS: Information Security Management System


  • JCE: Java Cryptography Extension


  • KC: Kill Chain

  • KLCP: Kali Linux Certified Professional


  • LE: Let's Encrypt

  • LOIC: Low Orbit Ion Cannon

  • LPA: Least Privilege Access

  • LPE: Local Privilege Escalation


  • MD5: Message Digest 5 (hash)

  • MDR: Managed Detection and Response

  • MFA: Multi-Factor Authentication

  • MISP: Malware Information Sharing Platform

  • MSCT: Microsoft Security Compliance Toolkit

  • MSSP: Managed Security Service Provider

  • MitM: Man-in-the-Middle


  • NCSC: CCPLP NCSC Certified Cybersecurity Professional - Lead Practitioner

  • NCSC: CCPP NCSC Certified Cybersecurity Professional - Practitioner

  • NCSC: CCPSP NCSC Certified Cybersecurity Professional - Senior Practitioner

  • NCSC: National Cyber Security Centre

  • NCS: National Cybersecurity Strategy

  • NGFW: Next Generation Firewall

  • NIDS: Network IDS (Intrusion Detection System)

  • NIPS: Network IPS (Intrusion Prevention System)

  • NSE: 4 NSE 4 - FortiNET Network Security Professional

  • NSE: 7 NSE 7 - FortiNET Network Security Architect

  • NSE: 8 NSE 8 - Fortinet Network Security Expert


  • OPSA: ISECOM OSSTMM Professional Security Analyst

  • OPSEC: Operations Security

  • OPSE: ISECOM OSSTMM Professional Security Expert

  • OPST: ISECOM OSSTMM Professional Security Tester

  • OSCE: Offensive Security Certified Expert

  • OSCP: Offensive Security Certified Professional

  • OSEE: Offensive Security Exploitation Expert

  • OSEP: Offensive Security Experienced Penetration Tester

  • OSINT: Open Source Intelligence

  • OSSTMM: Open Source Security Testing Methodology Manual

  • OSWP: Offensive Security Wireless Professional

  • OTP: One-time Password

  • OT: Operational Technology

  • OWASP: Open Web Application Security Project


  • PACES: Pentester Academy Certified Enterprise Security Specialist

  • PAM: Privilege Access Management

  • PCAP: Packet Capture

  • PCNSA: Palo Alto Networks Certified Network Security Administrator

  • PCNSE: Palo Alto Networks Certified Network Security Engineer

  • PE: Privilege Escalation

  • PEBCAK: Problem Exists Between Chair and Keyboard

  • PEBKAC: Problem Exists Between Keyboard And Chair

  • PERSEC: Personal Security (military)

  • PFS: Perfect Forward Secrecy

  • PGP: Pretty Good Privacy

  • PII: Personally Identifiable Information

  • PIM: Privilege Identity Management

  • PIN: Personal Identification Number

  • PKI: Public Key Infrastructure

  • PLC: Programmable Logic Controllers

  • PLD: Payload

  • POA&M: Plan of Action & Mitigation

  • PS: Powershell

  • PT: Penetration Test

  • PTR: Penetration Test Request

  • Pentest+: CompTIA Pentest+

  • PoC: Point of Concept

  • PrivEsc: Privilege Escalation


  • QSA: Quality Security Assessor


  • RAT: Remote (Administration/Access) Too

  • RBA: Risk-based Assessment

  • RCA: Root Cause Analysis

  • RCE: Remote Code Execution


  • SAST: Static Application Security Testing

  • SIEM: Security Information and EVent Management

  • SOC: Security Operations Centre

  • SPF: Sender Policy Framework

  • SQLi: SQL Injection

  • SSCP - Systems Security Certified Practitioner

  • SSE: Server-Side Encryption

  • SSH: Secure Shell

  • STS: Security Token Service


  • TI: Threat Intelligence

  • TLS: Transport Layer Security

  • TOR: The Onion Router

  • TPM: Trusted Platform Module



  • VA: Vulnerability Assessment

  • VAPT: Vulnerability Assessment and Penetration Test

  • VDP: Vulnerability Disclosure Program

  • VLOM: Vulnerability Lifecycle Management

  • VM: Vulnerability Management

  • VMP: Vulnerability Management Program

  • VR: Vulnerability Research

  • VSA: Vendor Security Assessment


  • WAF: Web Application Firewall

  • WAP: Web Application Protection

  • WAPT: Web Application Penetration Test

  • WCE: Windows Credentials Editor

  • WIDS: Wireless Intrusion Detection System

  • WIPS: Wireless Intrusion Prevention System

  • WPA: Wi-Fi Protected Access


  • XXE: XML External Entities

  • XSS: Cross-Site Scripting



  • ZT: Zero Trust

Last updated