Here you can find abbreviations and explanations of common IT security terms
Dictionary
Dictionary
Two Factor Authentication
Identification using two independent components (e.g. card plus PIN or web login plus mobile phone TAN)
API Application Programming Interface
Application programming interface
Advanced Persistent Threat
Sophisticated, targeted way of attacking the IT / OT / ICS infrastructure of an organization or a company
Advanced Threat Protection
Defence against targeted, high-tech attacks
Bring Your Own Device
Use of private devices in the company environment (Internet access, access to contact data, etc.)
Command and Control
C&C servers are central computers that control botnets, collect data and send commands
Content Management System
Software for the provision and processing of content, e.g. for websites
Central Processing Unit
Central Processing Unit
Customer Relationship Management
Software for the management of customer data and relationships
Common Vulnerabilities and Exposures
List of publicly known vulnerabilities
(Distributed) Denial of Service
Attack targeting the unavailability of an Internet service
Domain Keys Identified Mail
Prevents changes to emails during transport
Domain-Based Message Authentication Reporting and Conformance
Combination from SPF and DKIM
Domain Name System
System for resolving computer names into IP addresses and vice versa
General Data Protection Regulation
Legal requirements for dealing with sensitive data
File Transfer Protocol
Network protocol for transferring files over IP networks
Hyper Text Transfer Protocol Secure
Communication protocol for the secure transmission of data over the Internet (secure HTTP connection)
Industrial automation and control systems
Industrial automation and control systems
Industrial Control Systems
Control systems for industrial processes
Identifier
Unique identification feature
Intrusion Detection System
A system for detecting attacks on computer systems or networks
International Electrotechnical Commission
International standardization commission for electrical engineering
Indicators of Compromise
Indicators of an infection, e.g. signatures or addresses of command & control servers
Internet of Things
Network of “intelligent” objects that communicate with each other via processors and sensors via an IP network
Internet protocol
Widely used network protocol for data packet switching
Information Security Management System
Describes all internal processes and rules that have the task – online or offline – of permanently defining, controlling, monitoring, maintaining and improving information security
Information Technology
Information and data processing based on provided technical services and functions
Managed Detection and Response
Managed (outsourced) detection and response services
Near Field Communication
Transmission standard for contactless data exchange
Operational Technology
Hardware and software for monitoring and controlling the performance of industrial devices or processes
Personal Identification Number
Secret code used for identification
Public Key Infrastruktur
System that can issue, distribute and verify digital certificates
Quick Response Code
2D codes that are read by QR Code scanners and may contain links, text or other data
Radio Frequency Identification
Technology for automatic and contactless identification and localization using radio waves
Security Information and Event Management
System that evaluates, summarizes and correlates the log files of the used IT security solutions
Service Level Agreement
Recurring Services Contract
Security Orchestration Automation and Response
Orchestration, control and collection of data from different programs about security threats
Security Operation Center
Managed security platform that centrally collects alerts and event data and whose team of experts evaluates them against up-to-date threat data
Sender Policy Framework
Defines allowed senders for email domains
Secure Sockets Layer
Network protocol for secure data transmission
Threat Intelligence
Data on threats (e.g. malware or groups of attackers)
Transport Layer Security
Upgraded version of SSL
Tactics, Tools and Procedures
Typical attackers’ approaches
Uniform Resource Locator
Internet address of a single page
Universal Serial Bus
System for connection (e.g. data transmission) between computer and external devices
Virtual Reality
Representation and perception of reality in a computer-generated interactive environment
Web Application Firewall
A service to protect against attacks via HTTP on web applications.
Wireless Local Area Network
Wireless local radio network
Abbreviation for “Wireless Fidelity”
Wireless local radio network for the 802.11 radio standard and compatible devices
WiFi Protected Access
Encryption type in the area of radio networks