Security Key Features: Cyber Security acronyms valuable cheat sheet

Introduction

Cybersecurity acronyms are much important for professionals who’re regularly working with different security technology. These acronyms help in saving time for experienced professionals but for beginners, this can be a frustrating and time-wasting factor to find the meaning of acronyms. Also, Google’s new security tactics help users a lot in avoiding cyber attacks.

For instance, it's harsh enough to enfold your brain around the ‘Common Vulnerability Scoring System’ without first getting what CVSS refers to. That’s why we’re sharing our valuable Cyber Security acronym valuable cheat sheet with a dictionary with the public. Since the number of acronyms is increasing progressively so just suggest more acronyms/terms if you know more or suggest any correction.

These acronyms are arranged in alphabetical order and hope you could get the required acronyms easily as well as quickly.

The important things to consider in various cases the only resources that make clear these concepts are articles posted by numbers of reputed cybersecurity companies. Often these articles include marketing or sales stuff if for some the specific reason I link to some of my previous blog posts about TLS 1.3 it's because I think it's helpful in elaborating on a technical concept not because I promote the product. Also as a revelation, I have been working in the industry for a long time.

The first part includes the list of acronyms and the second part contains the dictionary of terms.

Part 1: Acronym Cheat Sheet 

0day - Zero-Day vulnerability
2FA - Two factor Authentication
AV - Antivirus
CVE - Common Vulnerabilities and Exposures
CVSS - Common Vulnerability Scoring System
CSPM - Cloud Security Posture Management
CSRF - Cross-site request forgery
CNA - CVE Numbering Authority
DDoS attack - Distributed denial-of-service attack
CTF - Capture the Flag
EDR - Endpoint Detection and Response
EPSS - Exploit Prediction Scoring System
EPP - Endpoint Protection Platform
FIM - File Integrity Manager
HOS - Head of Security
IOM - Indicator of Misconfiguration
IOA - Indicator of Attack
IOT - Internet of Things
InfoSec - Information Security
ItSecOps (SecOps or Dev SecOps) - IT Security Operations
IDS - Intrusion Detection System
IPS - Intrusion Prevention System
LDAP Injection - Lightweight Directory Access Protocol Injection
LFI - Local file inclusion
MFA - Multi-factor authentication
MSSP - Managed Security Service Provider
NGAV - Next-generation antivirus
SPOG - Single pane of glass aka single pane view
SSRF - Server-side request forgery
SSO - Single sign-on protocols
SNMP - Simple Network Management Protocol
SMB - Server Message Block
SOC - Security Operations Center
TCP - Transmission Control Protocol
TTP - Tactics, Techniques, and Procedures
RBAC - Rule-based Access Control
RTR - Real-Time Response
RCE - Remote Code Execution
RFI - Request for information
WAPT - Web Application Penetration Testing
WoV - Window of Vulnerability
XSS - Cross-site scripting
XXE - XML external entity injection

Part 2: CyberSecurity Dictionary

Some significant Cybersecurity acronyms are well explained as follows

Antiviruses (AV software, anti-malware)

An anti-malware software program that guards your PC against different computer threats.

NGAV (Next-generation antivirus)

As the word next-generation signifies this AV software uses more improved techniques to save your system from harm more particularly it integrates AI. Generally, AI understands the common behavior on an endpoint at your PC and is able to inform when behavior varies from a recognized pattern or if the user acts in unsafe behavior.

NGAV is near to the useful old antivirus that some marketing departments determined to implement AI. New Gen anti-virus should be able to defend you from interruptions that do not alter your environment and/or do not bring in new files to the system. For instance, threats like a remote login including a current vulnerability.

Unlike the predecessors (previous av), NGAVs concentrate on events and analyze events and take appropriate actions, they need to make out malicious intent behavior with activity, not just files. The sole target of NGA is to prevent a breach before it happens.

CSPM (Cloud Security Posture Management)

It refers to configuring public cloud Infrastructure as a Service (IAAS) and Cloud Platform as a Service (PAAS) correctly to reduce cloud risk.

CVE (Common Vulnerabilities and Exposures)

CVE is a reference-approach for publicly declared information-security attacks and exposures.

CTF (Capture the Flag)

"Flags" are secret programs in intentionally-vulnerable software programs or websites. Business competitors steal flags either from other business competitors (attack or defense type CTFs) or from the organizers (jeopardy type challenges). Several dissimilarities exist, including defeating flags in hardware devices.

CSRF (Cross-site request forgery)

The security attack which forces an end-user to carry out the ‘superfluous action’ on a web app in which area they are authenticated presently.

CAN (CVE Numbering Authority)

The authorized Organizations to assign CVE IDs to vulnerable software affecting products within their discrete, agreed-upon scope, for enclosure in a first-time public declaration of new vulnerable factors.

MFA (Multi-factor authentication)

The latest security approach where a user is approved access only after they make available two or more evidence that they are the real user. Probably the most preferable approach is how banks include questions like 'your mother's maiden name', ‘Your birthplace’, 'your first pet's name', and many more.

Most of the online platforms have enthused to 2FA or MFA methods, where after putting your name and password you receive a text on mobile/email with the secret number that you have to input to prove that you are working yourself. Or, some use the latest apps like Google's Authenticator or duo.

If you have researched at 2FA it's worth going through the leaked Iranian hacker training video and then definitely enable 2FA EVERYWHERE. Know more about content security policy and the difference between TLS 1.2 and 1.3 to know more about security features to protect yourself on the internet.