Subscribe to Our Blog

Essential cybersecurity acronyms and terms, and their definitions.

As companies step up their hiring of cybersecurity talent, many HR directors and recruiting professionals, and CIOs, have to get up to speed quickly on the terminology, and the certifications and experience required for CISO, CSO and other senior information security jobs. As with many other specialized positions, candidates’ resumes are filled with acronyms that you need to understand in order to screen applicants effectively. 

To help, we compiled 26 essential cybersecurity acronyms and their definitions. Our list comprises terms that Heller Search recruiters frequently encounter on the resumes of candidates we recommend to clients, or that are commonly included in information security job descriptions. These include military terms that are relevant to private companies because your top candidates for high-level IT security roles will often have military experience. In addition, you’ll find terms related to key information security concepts and practices.

(Listed alphabetically)


Advanced Persistent Threat
A cyber attack that uses sophisticated techniques to conduct cyber espionage or other malicious activity on an ongoing basis against targets such as governments and companies.


Certified Information Systems Auditor
A certification for professionals who monitor, audit, control and assess information systems.


Certified Information Systems Security Manager
A CISO certification.


Certified Information Systems Security Professional
A management certification for CISOs and other information security leaders.


Computer Network Defense
Cybersecurity measures for protecting networks against cyber attacks and intrusions.


Control Objectives for Information and Related Technologies
A framework of practices, tools and models for management and governance of information technology, including risk management and compliance.


Data Loss Prevention
An information security strategy and related software for ensuring that sensitive corporate data is not sent outside the company without authorization.


Electronic Warfare
In the military, using energy such as radio waves or lasers to disrupt or disable the enemy's electronics, for example jamming communications equipment.


Federal Information Security Management Act (2002) and Federal Information Security Modernization Act (2014)
Laws that assigns responsibilities within the U.S. federal government for setting and complying with policies to secure agencies’ information systems.


Governance, Risk Management and Compliance
Three aspects of management that, when well-coordinated, ensure a company and its people behave ethically, run the business effectively, mitigate risks appropriately and comply with internal policies and external regulations.


Health Insurance Portability and Accountability Act
A 1996 law that includes provisions to protect privacy of patient data.


Information Assurance
Practices for managing risks to information, including availability, authentication, confidentiality, integrity, and nonrepudiation.


Intrusion Detection/Intrusion Detection and Prevention
Devices or software designed to find and prevent malicious activity on corporate networks.


Information Systems Audit and Control Association
Known today by its acronym, the organization provides certifications for IT security, audit and risk management professionals. ISACA also maintains the COBIT framework for IT management and governance.


International Organization for Standardization
An independent group that develops voluntary industry standards, including two major information security management standards, ISO 27001 and ISO 27002.


Information Systems Security Association
An association of information security leaders and professionals that offers education, training, and networking opportunities.


National Industrial Security Program Operating Manual
The document that spells out rules and procedures for protecting classified U.S. government information.


National Institute of Standards and Technology
The U.S. federal agency responsible for developing and maintaining the “Framework for Improving Critical Infrastructure Cybersecurity,” a collection of voluntary guidelines to help organizations manage their information security risks.


Operations Security
In the military, the process of identifying and protecting unclassified information related to operations so adversaries can’t use it to inflict harm or gain advantage. When applied by private companies, the same process can help protect business information from industrial espionage or insider threats.


Payment Card Industry Data Security Standard
A set of information security practices by the global payment card industry. Merchants and service providers that accept debit and credit cards are required to comply with the standards.


Security Information and Event Management
Software used to monitor, log, provide alerts and analyze security events to support threat detection and incident response.


Security Operations Center
A central unit within an organization that is responsible for monitoring, assessing and defending security issues.


Sarbanes-Oxley Act of 2002
Law requiring companies to certify that they have controls in place to prevent financial/accounting fraud.


Single Scope Background Investigation
A security clearance investigation required to be granted a Top Secret clearance and access to sensitive compartmented information. A rigorous inquiry, it includes background checks and interviews.


Single Sign-On
A software process to enable computer users to access more than one application using a single set of credentials, such as a username and password.


Top Secret/Sensitive Compartmented Information
The U.S. government has multiple levels of security clearances (including Confidential, Secret and Top Secret). The requirements for obtaining a TS/SCI clearance are more rigorous than for a Top Secret clearance alone. It allows an individual access to information on a case-by-case, need to know basis.

 Cybersecurity acronyms

Add a Comment