# Infosec Terms A glossary of Infosec terms and abbreviations. ## \# * **2FA**: 2 Factor Authentication ## A * **AD**: Active Directory * **AES**: Advanced Encryption Standard * **AMSI**: Anti-Malware Scan Interface * **AP**: Access Point * **APT**: Advanced Persistent Threat * **AV**: Antivirus ## B * **BoF**: Buffer Overflow ## C * **C2 (CC)**: Command and Control * **CBSP**: Cloud-based Security Providers * **CISA**: Certified Information Systems Auditor * **CISM**: Certified Information Security * **CISSP**: Certified Information Systems Security Professional * **CS**: Cobalt Strike * **CSP**: Content Security Policy * **CVE**; Common Vulnerabilities and Exposures * **CVSS**: Common Vulnerability Scoring System ## D * **DDoS**: Distributed Denial of Service * **DES**: Data Encryption Standard * **DLP**: Data-loss Prevention * **DOS**: Denial of Service * **DSA**: Digital Signature Algorithm ## E * **EDR**: Endpoint Detection and Response * **EPT**: External Penetration Testing * **ES**: Enterprise Security ## F * **FDE**: Full Disk Encryption * **FW**: Firewall ## G * **GPG**: GNU Privacy Guard * **GRE**: Generic Routing Encapsulation * **GSM**: Global System for Mobile (communications) ## H * **HIPS**: Host IPS (Intrusion Prevention System) * **HMAC**: Hash-based Message Authentication Code * **HPP**: HTTP Parameter Pollution * **HSTS**: HTTP Strict Transport Security ## I * **(I)IoT**: (Industrial) Internet of Things * **IAM**: Identity Access Management * **IAST**: Interactive Application Security Testing * **ICE**: Intrusion Countermeasures Electronics * **ICS**: Incident Command System * **ICS**: Industrial Control System * **ID**: Information Disclosure * **IDS**: Intrusion Detection System * **IPS**: Intrusion Prevention System * **IPT**: Internal Penetration Testing * **IPsec**: Internet Protocol Security * **IR**: Incident Response * **ISM**: Information Security Manual * **ISMS**: Information Security Management System ## J * **JCE**: Java Cryptography Extension ## K * **KC**: Kill Chain * **KLCP**: Kali Linux Certified Professional ## L * **LE**: Let's Encrypt * **LOIC**: Low Orbit Ion Cannon * **LPA**: Least Privilege Access * **LPE**: Local Privilege Escalation ## M * **MD5**: Message Digest 5 (hash) * **MDR**: Managed Detection and Response * **MFA**: Multi-Factor Authentication * **MISP**: Malware Information Sharing Platform * **MSCT**: Microsoft Security Compliance Toolkit * **MSSP**: Managed Security Service Provider * **MitM**: Man-in-the-Middle ## N * **NCSC**: CCPLP NCSC Certified Cybersecurity Professional - Lead Practitioner * **NCSC**: CCPP NCSC Certified Cybersecurity Professional - Practitioner * **NCSC**: CCPSP NCSC Certified Cybersecurity Professional - Senior Practitioner * **NCSC**: National Cyber Security Centre * **NCS**: National Cybersecurity Strategy * **NGFW**: Next Generation Firewall * **NIDS**: Network IDS (Intrusion Detection System) * **NIPS**: Network IPS (Intrusion Prevention System) * **NSE**: 4 NSE 4 - FortiNET Network Security Professional * **NSE**: 7 NSE 7 - FortiNET Network Security Architect * **NSE**: 8 NSE 8 - Fortinet Network Security Expert ## O * **OPSA**: ISECOM OSSTMM Professional Security Analyst * **OPSEC**: Operations Security * **OPSE**: ISECOM OSSTMM Professional Security Expert * **OPST**: ISECOM OSSTMM Professional Security Tester * **OSCE**: Offensive Security Certified Expert * **OSCP**: Offensive Security Certified Professional * **OSEE**: Offensive Security Exploitation Expert * **OSEP**: Offensive Security Experienced Penetration Tester * **OSINT**: Open Source Intelligence * **OSSTMM**: Open Source Security Testing Methodology Manual * **OSWP**: Offensive Security Wireless Professional * **OTP**: One-time Password * **OT**: Operational Technology * **OWASP**: Open Web Application Security Project ## P * **PACES**: Pentester Academy Certified Enterprise Security Specialist * **PAM**: Privilege Access Management * **PCAP**: Packet Capture * **PCNSA**: Palo Alto Networks Certified Network Security Administrator * **PCNSE**: Palo Alto Networks Certified Network Security Engineer * **PE**: Privilege Escalation * **PEBCAK**: Problem Exists Between Chair and Keyboard * **PEBKAC**: Problem Exists Between Keyboard And Chair * **PERSEC**: Personal Security (military) * **PFS**: Perfect Forward Secrecy * **PGP**: Pretty Good Privacy * **PII**: Personally Identifiable Information * **PIM**: Privilege Identity Management * **PIN**: Personal Identification Number * **PKI**: Public Key Infrastructure * **PLC**: Programmable Logic Controllers * **PLD**: Payload * **POA\&M**: Plan of Action & Mitigation * **PS**: Powershell * **PT**: Penetration Test * **PTR**: Penetration Test Request * **Pentest+**: CompTIA Pentest+ * **PoC**: Point of Concept * **PrivEsc**: Privilege Escalation ## Q * **QSA**: Quality Security Assessor ## R * **RAT**: Remote (Administration/Access) Too * **RBA**: Risk-based Assessment * **RCA**: Root Cause Analysis * **RCE**: Remote Code Execution ## S * **SAST**: Static Application Security Testing * **SIEM**: Security Information and EVent Management * **SOC**: Security Operations Centre * **SPF**: Sender Policy Framework * **SQLi**: SQL Injection * **SSCP** - Systems Security Certified Practitioner * **SSE**: Server-Side Encryption * **SSH**: Secure Shell * **STS**: Security Token Service ## T * **TI**: Threat Intelligence * **TLS**: Transport Layer Security * **TOR**: The Onion Router * **TPM**: Trusted Platform Module ## U ## V * **VA**: Vulnerability Assessment * **VAPT**: Vulnerability Assessment and Penetration Test * **VDP**: Vulnerability Disclosure Program * **VLOM**: Vulnerability Lifecycle Management * **VM**: Vulnerability Management * **VMP**: Vulnerability Management Program * **VR**: Vulnerability Research * **VSA**: Vendor Security Assessment ## W * **WAF**: Web Application Firewall * **WAP**: Web Application Protection * **WAPT**: Web Application Penetration Test * **WCE**: Windows Credentials Editor * **WIDS**: Wireless Intrusion Detection System * **WIPS**: Wireless Intrusion Prevention System * **WPA**: Wi-Fi Protected Access ## X * **XXE**: XML External Entities * **XSS**: Cross-Site Scripting ## Y ## Z * **ZT**: Zero Trust