Master Glossary
Every acronym and term across the cert tracks, in plain English. Filter by certification or search. Each term shows which certification exams it appears on.
AAA — Authentication, Authorization, Accounting
Framework for controlling access: prove identity, decide what they can do, log what they did.
ABAC — Attribute-Based Access Control
Authorization model that evaluates attributes of the user, resource, action, and environment against policies.
AES — Advanced Encryption Standard
Symmetric block cipher (128-bit blocks, 128/192/256-bit keys) — the modern default. Replaces DES/3DES.
ALE — Annualized Loss Expectancy
Quantitative risk measure: ALE = SLE × ARO. Used to compare risks and justify control spend.
APT — Advanced Persistent Threat
Well-resourced, often state-sponsored adversary that compromises a target and maintains stealthy long-term access.
ARO — Annualized Rate of Occurrence
Expected number of times a risk occurs per year. Multiplied by SLE to compute ALE.
ARP — Address Resolution Protocol
Maps IP addresses to MAC addresses on a local network. Vulnerable to ARP spoofing / cache poisoning.
BCP — Business Continuity Plan
Plan for keeping critical business functions running during a disruption.
BGP — Border Gateway Protocol
The path-vector routing protocol of the public internet. Exchanges routes between autonomous systems.
BIA — Business Impact Analysis
Identifies critical business functions and the impact of disruption. Drives RTO/RPO targets.
BitLocker
Microsoft full-volume encryption. Pairs with TPM and optional PIN/USB key for unlock.
C2 — Command and Control
Infrastructure an attacker uses to control compromised systems. Often abbreviated CnC.
CASB — Cloud Access Security Broker
Policy-enforcement point between cloud users and providers. Provides visibility, DLP, and access controls.
CI/CD
Continuous Integration / Continuous Deployment. Automated pipelines that build, test, and deploy software.
CIA triad
Confidentiality, Integrity, Availability — the three foundational properties of information security.
CIDR — Classless Inter-Domain Routing
Notation that expresses subnet mask as a prefix length (e.g., /24). Replaced legacy class A/B/C addressing.
CSRF — Cross-Site Request Forgery
Attack that tricks an authenticated browser into submitting an unwanted request. Mitigated with anti-CSRF tokens and SameSite cookies.
CVE — Common Vulnerabilities and Exposures
Public catalog of disclosed security flaws. Each entry has a unique CVE-YYYY-NNNN identifier.
CVSS — Common Vulnerability Scoring System
Open standard for rating CVE severity 0-10 with base, temporal, and environmental metrics.
DAC — Discretionary Access Control
Access model where the resource owner decides who can access it. The default model in most general-purpose OSes.
DAST — Dynamic Application Security Testing
Tests a running application by sending crafted inputs and observing behavior. Finds runtime issues SAST misses.
DDoS — Distributed Denial of Service
Attack that overwhelms a target using many distributed sources (often a botnet) to exhaust resources.
DHCP — Dynamic Host Configuration Protocol
Automatically assigns IP addresses, subnet masks, gateways, and DNS servers to clients. UDP/67 (server) and UDP/68 (client).
Diffie-Hellman
Key-exchange protocol that lets two parties derive a shared secret over an insecure channel without ever transmitting it.
DNS — Domain Name System
Hierarchical naming system that resolves human-readable names to IP addresses. UDP/53 for queries, TCP/53 for zone transfers.
DRP — Disaster Recovery Plan
Plan for restoring IT services after a major outage. Subset of BCP.
EDR — Endpoint Detection and Response
Endpoint-resident agent that records process, network, and file activity for detection and IR. Successor to legacy AV.
EFS — Encrypting File System
Windows feature that encrypts individual files/folders on NTFS. Per-user key.
exFAT
Cross-platform file system (Windows + macOS read/write natively). No journaling; common on external storage.
Forward secrecy
Property where session keys cannot be derived from a long-term key compromise — past traffic stays confidential. Achieved via ephemeral DH.
GDPR — General Data Protection Regulation
EU regulation governing personal data of EU residents. Imposes consent, breach notification, and data-subject-rights requirements.
GPO — Group Policy Object
Active Directory mechanism for centrally configuring Windows settings, scripts, and security policies.
GPT — GUID Partition Table
Modern partitioning scheme that supports disks larger than 2 TB and more than 4 primary partitions. Required by UEFI.
HIPAA — Health Insurance Portability and Accountability Act
U.S. law protecting protected health information (PHI). Applies to covered entities and business associates.
HMAC — Hash-based Message Authentication Code
Keyed-hash that provides integrity and authenticity for a message using a shared secret.
Hypervisor
Software/firmware that creates and runs VMs. Type 1 runs on bare metal; Type 2 runs on a host OS.
IaaS — Infrastructure as a Service
Cloud model providing virtual servers, storage, and networking. Customer manages OS and above.
ICMP — Internet Control Message Protocol
Layer 3 control protocol used by ping and traceroute. Carries error and diagnostic messages.
IDS — Intrusion Detection System
Sensor that flags suspicious activity. Network-based (NIDS) inspects traffic; host-based (HIDS) inspects local events.
IOC — Indicator of Compromise
Forensic artifact (IP, hash, domain, registry key) that suggests a system has been breached.
IP — Internet Protocol
Layer 3 protocol for routing packets across networks. IPv4 uses 32-bit addresses; IPv6 uses 128-bit.
IPS — Intrusion Prevention System
Inline system that detects and actively blocks malicious traffic.
IPsec — Internet Protocol Security
Suite of protocols (AH, ESP, IKE) that provides authentication and encryption at Layer 3. Common in site-to-site VPNs.
ISO 27001
International standard for an Information Security Management System (ISMS). Specifies a risk-based approach to controls.
Kerberoasting
Attack that requests Kerberos service tickets and cracks them offline to recover service-account passwords.
Kerberos
Ticket-based authentication protocol. Uses a Key Distribution Center (KDC), TGTs, and service tickets. Default in Active Directory.
Lateral movement
Post-exploitation phase where the attacker moves from the initial foothold to additional systems.
LDAP — Lightweight Directory Access Protocol
Protocol for querying and modifying directory services like Active Directory. TCP/389 (or 636 for LDAPS).
M.2
Compact form factor for SSDs and Wi-Fi cards. Supports SATA or PCIe NVMe via different keying (B, M, B+M).
MAC — Mandatory Access Control
OS-enforced access model where labels determine allowed operations. Users cannot change permissions. SELinux is an example.
MAC address — Media Access Control address
48-bit Layer 2 hardware identifier burned into a NIC. First 24 bits identify the manufacturer (OUI).
MFA — Multi-Factor Authentication
Authentication using two or more factor types: something you know, have, or are.
MITM — Man-in-the-Middle
Attack where the adversary intercepts and possibly alters traffic between two parties who believe they communicate directly.
MITRE ATT&CK
Knowledge base of adversary tactics and techniques observed in the wild. Used for detection engineering and threat-hunting.
NAT — Network Address Translation
Maps private IP addresses to a smaller pool (often one) of public addresses. Most home routers use PAT (port address translation), a form of NAT.
NFC — Near-Field Communication
Short-range (~4 cm) wireless used for contactless payments and pairing.
NIST CSF — NIST Cybersecurity Framework
Voluntary framework with five core functions: Identify, Protect, Detect, Respond, Recover. (CSF 2.0 added Govern.)
Nonce
Number used once. Prevents replay attacks and ensures encryption uniqueness even when keys repeat.
NTFS — New Technology File System
Default Windows file system. Supports permissions, encryption (EFS), journaling, and large volumes.
NVMe — Non-Volatile Memory Express
Storage protocol designed for PCIe-attached SSDs. Replaces AHCI/SATA for high-performance flash.
OAuth 2.0
Authorization framework that lets a third-party app access a user's resources without sharing credentials. Often paired with OpenID Connect for authentication.
OIDC — OpenID Connect
Identity layer on top of OAuth 2.0. Returns an ID token (JWT) that authenticates the user.
OSI model — Open Systems Interconnection model
7-layer conceptual model: Physical, Data Link, Network, Transport, Session, Presentation, Application.
OSINT — Open-Source Intelligence
Reconnaissance from publicly available sources — search, social media, DNS records, GitHub, leaked breach data.
OSPF — Open Shortest Path First
Interior link-state routing protocol that uses Dijkstra's algorithm to compute shortest paths within an autonomous system.
OWASP Top 10
Periodically updated list of the most critical web application security risks. Used to drive secure-coding training and AppSec tooling.
PaaS — Platform as a Service
Cloud model providing a managed runtime/platform. Customer manages app and data.
PAM — Privileged Access Management
Set of controls and tools for securing, monitoring, and auditing accounts with elevated rights.
Pass-the-hash
Attack that authenticates with a captured NTLM hash without knowing the plaintext password.
PCI DSS — Payment Card Industry Data Security Standard
Mandatory standard for any entity that stores, processes, or transmits cardholder data. Twelve top-level requirements.
Phishing
Social-engineering attack delivered via email, SMS (smishing), or voice (vishing) to steal credentials or deliver malware.
PKI — Public Key Infrastructure
Framework of CAs, RAs, certificates, and CRLs/OCSP that supports asymmetric crypto at scale.
Privilege escalation
Process of moving from a low-privileged context to a higher-privileged one. Vertical (user→admin) or horizontal (user→another user).
RAID — Redundant Array of Independent Disks
Combines multiple disks for performance (0), redundancy (1, 5, 6), or both (10). RAID is not backup.
Ransomware
Malware that encrypts files and demands payment for the key. Modern variants also exfiltrate data and threaten leakage (double extortion).
RBAC — Role-Based Access Control
Authorization model where permissions are assigned to roles, and users are assigned to roles.
RCE — Remote Code Execution
Vulnerability that allows an attacker to run code on the target system. Highest-severity outcome.
RoE — Rules of Engagement
Document that defines pentest boundaries, allowed techniques, time windows, and emergency contacts.
RPO — Recovery Point Objective
Maximum acceptable data loss measured in time — drives backup frequency.
RSA — Rivest-Shamir-Adleman
Asymmetric algorithm based on the difficulty of factoring large primes. Used for key exchange and digital signatures.
RTO — Recovery Time Objective
Maximum acceptable downtime after an incident before unacceptable consequences occur.
SaaS — Software as a Service
Cloud model where the provider runs the application. Customer manages user-level configuration and data.
Salt
Random value combined with a password before hashing so identical passwords produce different hashes — defeats rainbow tables.
SAML — Security Assertion Markup Language
XML-based standard for federated identity. SP redirects user to IdP; IdP returns a signed assertion.
SAST — Static Application Security Testing
Analyzes source code or compiled binaries without executing them. Finds patterns matching known vuln classes.
SBOM — Software Bill of Materials
Inventory of all components and dependencies in a piece of software. Critical for supply-chain risk and CVE response.
SD-WAN — Software-Defined Wide Area Network
Centrally managed WAN architecture that uses software policy to route traffic across multiple transports (MPLS, broadband, LTE).
SHA-256 — Secure Hash Algorithm 256-bit
One-way cryptographic hash producing a 256-bit digest. Member of the SHA-2 family. Used in TLS certs, HMAC, and Bitcoin.
SIEM — Security Information and Event Management
Platform that ingests logs from many sources, correlates events, and produces alerts.
SLE — Single Loss Expectancy
Cost of one occurrence of a risk: SLE = Asset Value × Exposure Factor.
SOAR — Security Orchestration, Automation, and Response
Platform that automates incident-response workflows on top of (or alongside) a SIEM.
SOX — Sarbanes-Oxley Act
U.S. law mandating internal-controls reporting for publicly traded companies. IT-relevant for financial-system access controls.
Spear phishing
Targeted phishing aimed at a specific individual or organization, often using personal context to increase credibility.
SQLi — SQL Injection
Vulnerability where untrusted input alters an SQL query. Mitigated with parameterized queries.
SSO — Single Sign-On
Authentication scheme where a single credential set grants access to multiple applications.
SSRF — Server-Side Request Forgery
Attack where the attacker forces the server to fetch a URL the attacker chose, often to access internal services.
STIX/TAXII
Open standards for representing (STIX) and exchanging (TAXII) cyber threat intelligence.
TCP — Transmission Control Protocol
Connection-oriented Layer 4 transport providing reliable, ordered delivery via sequence numbers, ACKs, and retransmission.
TLS — Transport Layer Security
Cryptographic protocol that secures data in transit. Successor to SSL. TLS 1.2 and 1.3 are current.
TPM — Trusted Platform Module
Dedicated chip that stores cryptographic keys and supports integrity measurements. Required for BitLocker and Windows 11.
UDP — User Datagram Protocol
Connectionless Layer 4 transport with no delivery guarantees — used for DNS, VoIP, streaming where speed matters more than reliability.
UEFI — Unified Extensible Firmware Interface
Firmware standard that replaces legacy BIOS. Supports GPT, Secure Boot, and large boot disks.
VLAN — Virtual Local Area Network
Logical Layer 2 segmentation that groups switch ports into separate broadcast domains regardless of physical location.
VPN — Virtual Private Network
Encrypted tunnel that connects remote users or sites securely over a public network. IPsec and TLS-based variants are common.
Watering hole
Attack that compromises a website the target audience frequently visits, then waits for visitors.
Whaling
Phishing aimed at senior executives. High-value targets receive bespoke pretexts.
WPA3 — Wi-Fi Protected Access 3
Current Wi-Fi security standard. Uses SAE (Simultaneous Authentication of Equals) replacing pre-shared key with a dragonfly handshake.
XDR — Extended Detection and Response
EDR plus cross-domain telemetry (network, identity, cloud) for unified detection and response.
XSS — Cross-Site Scripting
Web flaw where attacker-controlled script executes in another user's browser. Reflected, stored, and DOM-based variants exist.
Zero-day
Vulnerability that is exploited before a patch exists. Defenders have zero days to prepare.
No terms match your search.