Acronyms 1
Acronyms 2
Acronyms 3
Acronyms 4
Acronyms 5
100

Methods used by adversaries in cyber
attacks

Tactics, Techniques, and Procedures (TTP)

100

Controls user access and tracks their activities

Authentication, Authorization, and Accounting (AAA)

100

Expected monetary loss from a single security incident

Single Loss Expectancy (SLE)

100

Attack that tricks users into performing actions they didn’t intend

Cross-Site Request Forgery (CSRF)

100

Protocol for authorization and delegated access

Open Authorization (OAUTH)

200

Prevents unauthorized data transfers and leaks

Data Loss Prevention (DLP)

200

Protects web applications by filtering and monitoring HTTP traffic.




Web Application Firewall (WAF)

200

Offers cloud computing services

Cloud Service Provider (CSP)

200

Maximum acceptable time to restore operations

Recovery Time Objective (RTO)

200

Advanced firewall with added security features

Next-generation Firewall (NGFW)

300

Monitors and analyzes activities on a
single host

Host-based Intrusion Detection System (HIDS)

300

Core principles of information security

Confidentiality, Integrity, Availability (CIA)

300

Detects and prevents identified threats

Intrusion Protection System (IPS)

300

System for analyzing security data and events

 Security Information and Event Management (SIEM)

300

Cryptographic hash function for data integrity 

Secure Hashing Algorithm (SHA)

400

Estimates yearly losses from specific risks

Annualized Loss Expectancy (ALE)

400

Monitors and responds to threats on
endpoints

Endpoint Detection and Response (EDR)

400

Monitors network or system activities for malicious
activities

Intrusion Detection System (IDS)

400

Develops standards and guidelines for security

National Institute of Standards & Technology (NIST)

400

Devices owned by the company but used personally

Corporate Owned, Personally Enabled (COPE)

500

Frequency of a risk event happening per
year

Annualized Rate of Occurrence (ARO)

500

A symmetric encryption algorithm used to
secure data.

Advanced Encryption Standard (AES)

500

Email authentication method to prevent phishing

Domain-based Message Authentication, Reporting, and Conformance (DMARC)

500

Manages and provisions computing infrastructure using
code

Infrastructure as Code (IaC)

500

Security standards for handling payment card information.

Payment Card Industry Data Security Standard (PCI-DSS)

M
e
n
u