Cybersecurity loves it's acronyms to the point where an acronym can have other acronyms in it.
This might be a way of saving time if you are one of the industry's old guards but for newcomers this can be frustrating and alienating.
It's tough enough to wrap your brain around Cloud Security Posture Management
without first having to decrypt what CSPM stands for.
This is why I am sharing my cyber security acronym cheat sheet and dictionary with the world. It's work in progress so do flag up acronyms/terms I missed, if you disagree on the meaning do let me know - we are all still learning after all.
I will try to keep this in alphabetical order but I am dyslexic so it's more of a alphabetical-ish order.
A thing to flag up in many cases the only resources that explain these concepts are blog posts that belong to various cyber security companies. Often these blog posts consist of marketing or sales material if for some reason I link to some blog posts it's because I think it's good at explaining a concept not because I endorse the product. Also as disclosure I work in the industry.
The first part is the acronym cheat sheet, the second part is the dictionary of terms.
0day - Zero Day vulnerability
2FA - Two factor Authentication
AV - Antivirus
CVE - Common Vulnerabilities and Exposures
CVSS - Common Vulnerability Scoring System
CSPM - Cloud Security Posture Management
CSRF - Cross-site request forgery
CNA - CVE Numbering Authority
DDoS attack - Distributed denial-of-service attack
CTF - Capture the Flag
EDR - Endpoint Detection and Response
EPSS - Exploit Prediction Scoring System
EPP - Endpoint Protection Platform
FIM - File Integrity Manager
HOS - Head of Security
IOM - Indicator of Misconfiguration
IOA - Indicator of Attack
IOT - Internet of Things
InfoSec - Information Security
ItSecOps (SecOps or Dev SecOps) - IT Security Operations
IDS - Intrusion Detection System
IPS - Intrusion Prevention System
LDAP Injection - Lightweight Directory Access Protocol Injection
LFI - Local file inclusion
MFA - Multi-factor authentication
MSSP - Managed Security Service Provider
NGAV - Next-generation antivirus
SPOG - Single pane of glass aka single pane view
SSRF - Server-side request forgery
SSO - Single sign-on protocols
SNMP - Simple Network Management Protocol
SMB - Server Message Block
SOC - Security Operations Center
TCP - Transmission Control Protocol
TTP - Tactics, Techniques, and Procedures
RBAC - Rule-based Access Control
RTR - Real Time Response
RCE - Remote Code Execution
RFI - Request for information
WAPT - Web Application Penetration Testing
WoV - Window of Vulnerability
XSS - Cross-site scripting
XXE - XML external entity injection
AV software, anti-malware
A computer program that protects your computer from various computer threats. See also NGAV.
Cloud Security Posture Management
Concerns itself with correctly configuring public cloud IAAS (Infrastructure as a Service) and PAAS (Platform as a Service) to address cloud risk.
Common Vulnerabilities and Exposures
A reference-method for publicly known information-security vulnerabilities and exposures.
Capture the Flag
"Flags" are secrets hidden in purposefully-vulnerable programs or websites. Competitors steal flags either from other competitors (attack/defense-style CTFs) or from the organizers (jeopardy-style challenges). Several variations exist, including hiding flags in hardware devices.
Cross-site request forgery
An attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated.
CVE Numbering Authority
Organizations that are authorized to assign CVE IDs to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.
for more info
Multi factor authentication
A security method where a user is granted access only after they provide two or more pieces of evidence that they are in fact the real user. Possibly the most popular method is how banks use questions such as 'your mother's maiden name', 'your first pet's name' etc
The majority of online platforms have moved to 2FA or MFA, where after providing your name and password you receive a text/email with a number that you have to input to prove that you are you. Or using apps such as Google's Authenticator or duo.
If you ever rolled your eyes at 2FA its worth watching the leaked Iranian hacker training video and then enabling 2FA EVERYWHERE.
As the word next generation suggests this AV uses more advance techniques to protect your computer more specifically it uses AI. Usually behavior AI that learns the usual behavior on an endpoint aka your machine and is able to tell when behavior differs from an established pattern or if the user engages in risky behavior.
Please do not be sceptical and just assume that NGAV is the same as the good old antivirus that some marketing department decided to glue AI to. New Gen should be able to protect you from intrusions that do not change your environment and/or do not introduce new files to your system. For example threats such as a remote login using an existing vulnerability.
Unlike their predecessors NGAVs focus on events and analyze events and actions, they should be able to identify malicious intent behavior and activity not just files.
The aim of NGAV is to stop a breach before it occurs.
Window of Vulnerability
The time from when a software exploit first becomes active to the time when the number of vulnerable systems shrinks to insignificance.