Essential cybersecurity acronyms and terms, and their definitions.
As companies step up their hiring of cybersecurity talent, many HR directors and recruiting professionals, and CIOs, have to get up to speed quickly on the terminology, and the certifications and experience required for CISO, CSO and other senior information security jobs. As with many other specialized positions, candidates’ resumes are filled with acronyms that you need to understand in order to screen applicants effectively.
To help, we compiled 26 essential cybersecurity acronyms and their definitions. Our list comprises terms that Heller Search recruiters frequently encounter on the resumes of candidates we recommend to clients, or that are commonly included in information security job descriptions. These include military terms that are relevant to private companies because your top candidates for high-level IT security roles will often have military experience. In addition, you’ll find terms related to key information security concepts and practices.
(Listed alphabetically)
APT
Advanced Persistent Threat
A cyber attack that uses sophisticated techniques to conduct cyber espionage or other malicious activity on an ongoing basis against targets such as governments and companies.
CISA
Certified Information Systems Auditor
A certification for professionals who monitor, audit, control and assess information systems.
CISM
Certified Information Systems Security Manager
A CISO certification.
CISSP
Certified Information Systems Security Professional
A management certification for CISOs and other information security leaders.
CND
Computer Network Defense
Cybersecurity measures for protecting networks against cyber attacks and intrusions.
COBIT
Control Objectives for Information and Related Technologies
A framework of practices, tools and models for management and governance of information technology, including risk management and compliance.
DLP
Data Loss Prevention
An information security strategy and related software for ensuring that sensitive corporate data is not sent outside the company without authorization.
EW
Electronic Warfare
In the military, using energy such as radio waves or lasers to disrupt or disable the enemy's electronics, for example jamming communications equipment.
FISMA
Federal Information Security Management Act (2002) and Federal Information Security Modernization Act (2014)
Laws that assigns responsibilities within the U.S. federal government for setting and complying with policies to secure agencies’ information systems.
GRC
Governance, Risk Management and Compliance
Three aspects of management that, when well-coordinated, ensure a company and its people behave ethically, run the business effectively, mitigate risks appropriately and comply with internal policies and external regulations.
HIPAA
Health Insurance Portability and Accountability Act
A 1996 law that includes provisions to protect privacy of patient data.
IA
Information Assurance
Practices for managing risks to information, including availability, authentication, confidentiality, integrity, and nonrepudiation.
IDS/IDP
Intrusion Detection/Intrusion Detection and Prevention
Devices or software designed to find and prevent malicious activity on corporate networks.
ISACA
Information Systems Audit and Control Association
Known today by its acronym, the organization provides certifications for IT security, audit and risk management professionals. ISACA also maintains the COBIT framework for IT management and governance.
ISO
International Organization for Standardization
An independent group that develops voluntary industry standards, including two major information security management standards, ISO 27001 and ISO 27002.
ISSA
Information Systems Security Association
An association of information security leaders and professionals that offers education, training, and networking opportunities.
NISPOM
National Industrial Security Program Operating Manual
The document that spells out rules and procedures for protecting classified U.S. government information.
NIST
National Institute of Standards and Technology
The U.S. federal agency responsible for developing and maintaining the “Framework for Improving Critical Infrastructure Cybersecurity,” a collection of voluntary guidelines to help organizations manage their information security risks.
OPSEC
Operations Security
In the military, the process of identifying and protecting unclassified information related to operations so adversaries can’t use it to inflict harm or gain advantage. When applied by private companies, the same process can help protect business information from industrial espionage or insider threats.
PCI-DSS
Payment Card Industry Data Security Standard
A set of information security practices by the global payment card industry. Merchants and service providers that accept debit and credit cards are required to comply with the standards.
SIEM
Security Information and Event Management
Software used to monitor, log, provide alerts and analyze security events to support threat detection and incident response.
SOC
Security Operations Center
A central unit within an organization that is responsible for monitoring, assessing and defending security issues.
SOX
Sarbanes-Oxley Act of 2002
Law requiring companies to certify that they have controls in place to prevent financial/accounting fraud.
SSBI
Single Scope Background Investigation
A security clearance investigation required to be granted a Top Secret clearance and access to sensitive compartmented information. A rigorous inquiry, it includes background checks and interviews.
SSO
Single Sign-On
A software process to enable computer users to access more than one application using a single set of credentials, such as a username and password.
TS/SCI
Top Secret/Sensitive Compartmented Information
The U.S. government has multiple levels of security clearances (including Confidential, Secret and Top Secret). The requirements for obtaining a TS/SCI clearance are more rigorous than for a Top Secret clearance alone. It allows an individual access to information on a case-by-case, need to know basis.
Add a Comment