- AppSec: Application Security
- ACL: Access Control List
- AP: Access Point
- APT: Advanced Persistent Threat
- AV: Anti-Virus
- BCP: Business Continuity Plan
- BSIMM: Building Security In Maturity Model
- CASB: Cloud Access Security Broker
- CERT: Computer Emergency Response Team
- CIA: Confidentiality Integrity and Availability
- CIPP - Certified Information Privacy Professional
- CIO: Chief Information Officer
- CIRT: Cyber Incident Response Team
- CIS: Center for Internet Security
- CISO: Chief Information Security Officer
- CNAPP: Cloud Native Application Protection Platform
- CompTIA - Computing Technology Industry Association
- CSA: Cloud Security Alliance
- CSPM: Cloud Security Posture Management
- CVE: Common Vulnerabilities and Exposures
- CVSS: Common Vulnerability Scoring System
- CWPP: Cloud Workload Protection Platform
- CyberSETA: Cybersecurity Education Training and Awareness
- DAST: Dynamic Application Security Testing
- DDoS: Distributed Denial of Service
- DLP: Data Loss Prevention
- DNS: Domain Name Server
- DoS: Denial of Service
- DPO: Data Privacy Officers
- DR: Disaster Recovery
- EC-Council - International Council of Electronic Commerce Consultants
- EDR: Endpoint Detection and Response
- EULA: End-User License Agreement
- FedRAMP: Federal Risk and Authorization Management Program
- FISMA: Federal Information Security Management Act
- GDPR: General Data Protection Regulation
- GRC: Governance, Risk Management, and Compliance
- HIPAA: Health Insurance Portability and Accountability Act
- IAM: Identity and access management
- IAPP: International Association of Privacy Professionals
- IAST: Interactive Application Security Testing
- IDS: Intrusion Detection System
- IoT: Internet of Things
- IPS: Intrusion Prevention System
- IR: Incident Response
- ISACA - Information System Audit and Control Association
- (ISC)² - International Information System Security Certification Consortium
- ISO/IEC: International Organization for Standardization/International Electrotechnical Commission
- MTD: Maximum Tolerable Downtime (RTO + WRT)
- NIST: National Institute of Standards and Technology
- OSAMM: OWASP Software Assurance Maturity Model
- OWASP: Open Web Application Security Project
- PAM: Privilege Access Management
- PCI-DSS: Payment Card Industry Data Security Standard
- Pentest: Penetration Testing
- PII: Personally Identifiable Information
- PITR: Point in time Recovery
- RASP: Runtime Application Self-Protection
- RPO: Recovery Point Objective
- RTO: Recovery Time Objective
- SANS: System Administration, Networking, and Security Institute
- SAST: Static Application Security Testing
- SIEM: Security Information and Events Management (SIM + SEM)
- SOAR: Security Orchestration, Automation and Response
- SOC: System and Organisation Control
- SOX: Sarbanes–Oxley Act
- SRA: Security Risk Assessment
- SSL: Secure Socket Layer
- TLS: Transport Layer Security
- UEBA: User and Entity Behavior Analytics
- VAPT: Vulnerability Assessment and Penetration testing
- VPN: Virtual Private Network
- WRT: Work Recovery Time
- ISO/IEC 27001:2013 Information security management systems — Requirements
- ISO/IEC 27002:2013 Code of practice for information security controls
- ISO/IEC 27018:2019 Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
- ISO/IEC 27017:2015 Code of practice for information security controls based on ISO/IEC 27002 for cloud services