1. Core Cybersecurity Acronyms & Concepts
| Acronym | Name | Description |
|---|---|---|
| SIEM | Security Information & Event Management | Centralized log collection, correlation, and alerting system. |
| EDR | Endpoint Detection & Response | Monitors endpoint behavior and provides tools for response. |
| XDR | Extended Detection & Response | Combines data from endpoints, networks, and cloud for unified threat detection. |
| NDR | Network Detection & Response | Detects and responds to network-based threats. |
| MDR | Managed Detection & Response | Outsourced threat detection and incident response services. |
| SOAR | Security Orchestration, Automation, and Response | Automates incident response and integrates security tools. |
| SOC | Security Operations Center | Dedicated team or facility for real-time threat monitoring and response. |
| UEBA | User and Entity Behavior Analytics | Uses machine learning to detect abnormal behavior patterns. |
| TIP | Threat Intelligence Platform | Manages and enriches threat intelligence data feeds. |
| CVE | Common Vulnerabilities and Exposures | Public identifiers for disclosed vulnerabilities (managed by MITRE; used across the industry). |
| MITRE | MITRE Corporation | Nonprofit that curates CVE and publishes ATT&CK and CWE knowledge bases. |
| NVD | National Vulnerability Database | NIST’s enrichment of CVEs (CVSS scores, CPE product mapping, references, JSON feeds). |
| CVSS | Common Vulnerability Scoring System | Standard severity scoring (v3/v4) for vulnerabilities (e.g., Base score/severity). |
| KEV | Known Exploited Vulnerabilities | CISA-maintained list of CVEs known to be actively exploited; patch prioritisation aid. |
| CISA | Cybersecurity & Infrastructure Security Agency | US agency publishing KEV and advisories/binding directives. |
| OSV | Open Source Vulnerabilities | Vuln database mapping issues to specific open-source package versions (osv.dev). |
| Vuln | Vulnerability | A weakness that can be exploited to compromise confidentiality, integrity, or availability. |
| CPE | Common Platform Enumeration | Standardised naming for vendor/product/version; used by NVD for affected products. |
| EPSS | Exploit Prediction Scoring System | Community model (FIRST.org) estimating the probability a CVE will be exploited. |
| CWE | Common Weakness Enumeration | Catalog of software/hardware weakness types (maintained by MITRE). |
| PSIRT | Product Security Incident Response Team | Vendor team that handles vulnerability disclosure and advisories (e.g., Cisco PSIRT, MSRC). |
| MSRC | Microsoft Security Response Center | Microsoft’s PSIRT responsible for security updates and advisories. |
2. Network & Infrastructure Protection
| Acronym | Name | Description |
|---|---|---|
| IDS | Intrusion Detection System | Monitors for known and unknown malicious activity. |
| IPS | Intrusion Prevention System | Detects and actively blocks suspicious activity. |
| UTM | Unified Threat Management | All-in-one security solution (firewall, AV, filtering). |
| NGFW | Next-Generation Firewall | Advanced firewall with application and threat awareness. |
| ZTNA | Zero Trust Network Access | Restricts access based on identity and context. |
| SD-WAN | Software-Defined Wide Area Network | Secure and efficient connectivity for distributed sites. |
3. Data & Endpoint Security
| Acronym | Name | Description |
|---|---|---|
| DLP | Data Loss Prevention | Prevents leakage of sensitive data via email, USB, etc. |
| FIM | File Integrity Monitoring | Detects changes to files and folders for signs of tampering. |
| AV | Antivirus | Detects and removes malware. |
| MFA | Multi-Factor Authentication | Verifies identity using two or more authentication methods. |
| IAM | Identity and Access Management | Controls user identities and access privileges. |
| PAM | Privileged Access Management | Secures and monitors administrator-level accounts. |
| HIDS | Host-based Intrusion Detection System | Monitors a local system for unauthorized activity. |
4. ☁️ Cloud Security
| Acronym | Name | Description |
|---|---|---|
| CASB | Cloud Access Security Broker | Enforces policies on cloud usage and data sharing. |
| CSPM | Cloud Security Posture Management | Identifies and corrects cloud misconfigurations. |
| CNAPP | Cloud-Native Application Protection Platform | Combines multiple tools to secure cloud-native environments. |
| CIEM | Cloud Infrastructure Entitlement Management | Manages permissions and identities in cloud environments. |
| CWPP | Cloud Workload Protection Platform | Protects cloud VMs, containers, and serverless workloads. |
5. Governance, Risk & Compliance (GRC)
| Acronym | Name | Description |
|---|---|---|
| GRC | Governance, Risk, and Compliance | Framework for aligning IT with business and regulatory goals. |
| ISO 27001 | Information Security Standard | International standard for implementing an ISMS. |
| SOC 2 | Service Organization Control 2 | Compliance standard for service providers’ security controls. |
| PCI-DSS | Payment Card Industry Data Security Standard | Security standard for handling cardholder data. |
| HIPAA | Health Insurance Portability and Accountability Act | U.S. regulation for protecting personal health data. |
| GDPR | General Data Protection Regulation | European privacy law governing data protection and user rights. |
| NIST | National Institute of Standards and Technology | Develops cybersecurity standards like NIST 800-53 and CSF. |
| CIS | Center for Internet Security | Publishes security benchmarks and implementation guides. |
| CSF | NIST Cybersecurity Framework | Framework of functions and outcomes for managing cybersecurity risk. |
| ACSC | Australian Cyber Security Centre | Publishes the Essential Eight (E8) and the Information Security Manual (ISM). |
| E8 | Essential Eight | ACSC’s baseline mitigation strategies against common cyber threats. |
| ISM | Information Security Manual | ACSC guidance for governance, physical, personnel, and technical security. |
| VPDSS | Victorian Protective Data Security Standards | Victorian Government standards for protecting public sector information. |
| OAIC | Office of the Australian Information Commissioner | Regulator for privacy and Notifiable Data Breaches in Australia. |
| NDB | Notifiable Data Breaches scheme | Australian scheme that mandates notification for eligible data breaches. |
6. ⚠️ Incident & Threat Response
| Acronym | Name | Description |
|---|---|---|
| IR | Incident Response | Process of detecting, responding to, and recovering from threats. |
| DFIR | Digital Forensics and Incident Response | Combines investigative forensics with incident response to analyze and contain threats while preserving evidence. |
| IOC | Indicator of Compromise | Artifacts (like IPs or hashes) used to identify an attack. |
| TTPs | Tactics, Techniques, and Procedures | Behavioral patterns used by threat actors. |
| MITRE ATT&CK | Adversarial Tactics, Techniques & Common Knowledge | Framework for classifying cyberattack behavior. |
| CTI | Cyber Threat Intelligence | Information about active threats and threat actors. |
7. Additional Acronyms (Modern & Emerging)
| Acronym | Name | Description |
|---|---|---|
| SSO | Single Sign-On | Allows users to log in once and access multiple applications without re-authenticating. |
| SAML | Security Assertion Markup Language | Standard for exchanging authentication data, often used in SSO setups. |
| OIDC | OpenID Connect | Modern identity layer built on OAuth 2.0, used in federated login systems. |
| DevSecOps | Development, Security, and Operations | Integrates security into the DevOps process from day one. |
| IaC | Infrastructure as Code | Manages and provisions infrastructure using code and automation. |
| SBOM | Software Bill of Materials | A list of components in software used to identify supply chain risk. |
| STIX | Structured Threat Information Expression | A standardized language for describing cyber threat information. |
| TAXII | Trusted Automated Exchange of Indicator Information | A transport protocol for sharing STIX-based threat intelligence. |
| YARA | Yet Another Recursive Acronym | Pattern-matching tool used in malware detection and classification. |
| EPP | Endpoint Protection Platform | Prevents known threats at endpoints using antivirus, firewall, and signatures. |
| UEFI | Unified Extensible Firmware Interface | Modern firmware interface replacing BIOS, also a security concern. |
| TLS | Transport Layer Security | Secures data in transit between systems; successor to SSL. |
| SSVC | Stakeholder-Specific Vulnerability Categorization | Decision model for prioritising vulnerability response by stakeholder impact. |
8. Other
| Description | Link |
|---|---|
| YouTube Website called MyDFIR – Getting started in Cybersecurity – Helpful material for those interested in this topic. | LINK |
| ACSC: Essential Eight overview; and Patching applications and operating systems (short exploitation windows). | LINK |
| NIST: CSF 2.0 Resource & Overview Guide (functions and Protect/Respond/Recover outcomes). | LINK |
| VPDSS v2.0, Implementation Guidance v2.3: Standards for Information Access (least privilege), ICT Security (crypto, mobility), and Physical Security. | — |
| OAIC: About the Notifiable Data Breaches scheme (notification duties & OAIC powers). | LINK |
| ACSC ISM Guidelines for Physical Security (layered controls for server rooms/communications rooms). | LINK |
| ACSC PROTECT: Implementing Application Control (prevent execution of unapproved/malicious code). | LINK |
| ACSC ISM Guidelines for Personnel Security (provide tailored cyber awareness training). | LINK |
| CVE & MITRE: cve.org (IDs) & MITRE ATT&CK. | LINK | LINK |
| NVD (NIST): CVSS, CPE, references. | LINK |
| KEV (CISA): Known Exploited Vulnerabilities Catalog. | LINK |
| OSV: Open Source Vulnerabilities (package-version mapping). | LINK |
Need more help with this?
© 2021–2025 XSTRA Group Pty Ltd (Australia). All rights reserved.