Terminology & Acronyms

Welcome to Terminology & Acronyms — the decoder ring of the cybersecurity world. In an industry defined by precision, every acronym carries weight, and every term tells a story. From AI-powered threat detection to the layers of the OSI model, from SOCs and SIEMs to APTs and DDoS attacks, this section breaks down the jargon that fuels the digital defense frontier. Whether you’re a curious newcomer trying to distinguish between IDS and IPS, or a veteran brushing up on evolving standards like NIST or MITRE ATT&CK, you’ll find clarity here. Each article transforms dense technical language into accessible insight — revealing not just what each term means, but why it matters in real-world cyber warfare, data protection, and risk management. On Cyber Security Street, knowledge is power, and understanding the language of cybersecurity is the first step toward mastering it. Ready to speak fluent cyber? Let’s unpack the code behind the code.

1. CIA Triad: Confidentiality, Integrity, Availability—the core security goals.

2. AAA: Authentication, Authorization, Accounting—prove, permit, and record use.

3. IAM: Identity & Access Management—users, roles, policies, lifecycle.

4. MFA / 2FA: Multiple factors (something you know/have/are) to reduce takeover risk.

5. SSO: Single Sign-On—one login to access many apps via trusted federation.

6. SOC: Security Operations Center—monitoring, detection, response hub.

7. SIEM: Security Information & Event Management—central log analytics.

8. SOAR: Security Orchestration, Automation & Response—playbooks at machine speed.

9. EDR/XDR: Endpoint/Cross-Domain Detection & Response—behavioral threat hunting.

10. IDS/IPS: Intrusion Detection/Prevention—alert vs. block suspicious traffic.

1. APT: Advanced Persistent Threat—stealthy, well-resourced adversary.

2. Botnet: Network of compromised devices controlled as one.

3. BEC: Business Email Compromise—socially engineered payment fraud.

4. Ransomware: Encrypts/data-steals to extort payment.

5. Phishing/Smishing/Quishing: Deceptive messages via email/SMS/QR codes.

6. Watering Hole: Compromise a site your targets frequent.

7. Supply-Chain Attack: Abuse third-party code, updates, or access.

8. Cryptojacking: Hijacking compute to mine cryptocurrency.

9. DDoS: Flood services to exhaust bandwidth or resources.

10. Living-off-the-Land (LotL): Abuse built-in tools to evade detection.

1. NIST CSF / SP 800-53: U.S. frameworks for controls and risk management.

2. ISO/IEC 27001: International ISMS certification standard.

3. MITRE ATT&CK: Global matrix of adversary tactics/techniques.

4. CVE/CVSS/EPSS: Vulnerability ID, severity scoring, and exploit likelihood.

5. SAST/DAST/IAST/RASP: AppSec testing at code, runtime, and in-app defense.

6. PKI/TLS: Keys, certs, and encryption for secure communications.

7. FIDO2/WebAuthn (Passkeys): Phishing-resistant authentication.

8. SASE/ZTNA: Cloud-delivered secure access + zero-trust connectivity.

9. DLP/CASB/UEBA: Data loss control, cloud broker, user/entity analytics.

10. PAM/Secrets Mgmt: Vaulted credentials, least privilege, rotation.

1. IDOR: Insecure Direct Object Reference—guessable IDs expose data.

2. CSRF: Cross-Site Request Forgery—trick browser into unwanted actions.

3. XSS: Cross-Site Scripting—inject script to hijack sessions or data.

4. SSRF: Server-Side Request Forgery—server coerced to call internal services.

5. XXE: XML External Entity—malicious entity expansion, potential data exfil.

6. Deserialization: Crafted objects execute code on load.

7. Path Traversal: “../” escapes directories to access sensitive files.

8. TOCTOU: Time-of-Check/Time-of-Use race condition exploitation.

9. DLL Hijacking/LD_PRELOAD: Load attacker-controlled libraries first.

10. Side-Channel: Timing/cache/power leaks reveal secrets.

1. Honeypot/Deception: Lures to study attacker behavior.

2. Sinkholing: Redirect botnet traffic to defender-controlled servers.

3. Canary Tokens: Tripwire URLs, docs, or keys that phone home.

4. Honeywords: Decoy passwords to detect credential theft.

5. Fuzzing: Randomized input to surface crash-prone bugs.

6. Purple Teaming: Red (attack) + Blue (defense) collaboration loop.

7. Chaos Engineering (Sec): Inject failure to test resilience.

8. ZKP: Zero-Knowledge Proofs—prove facts without revealing data.

9. Memory-Safe Languages: Rust/Go reduce entire vuln classes.

10. SBOM: Software Bill of Materials—know your components.

Q: Risk vs. Threat vs. Vulnerability?
A: Impact/likelihood vs. adversary/intent vs. weakness.

Q: RTO/RPO?
A: Recovery Time Objective / Recovery Point Objective for continuity.

Q: RBAC vs. ABAC?
A: Roles grant access vs. attribute-based policies (contextual).

Q: Zero Trust meaning?
A: Never trust; always verify, least privilege, assume breach.

Q: On-prem vs. Cloud controls?
A: Shared responsibility; identity and config become paramount.

Q: Pen Test vs. Red Team?
A: Scoped vuln finding vs. goal-oriented adversary simulation.

Q: Encryption at rest vs. in transit?
A: Stored data vs. data moving over networks.

Q: Hashing vs. Encryption?
A: One-way integrity vs. reversible confidentiality.

Q: Data classification?
A: Label sensitivity to drive handling and controls.

Q: Quick wins?
A: MFA everywhere, patch fast, backups tested, least privilege, logging on.

View Product Reviews

Cyber Security Streets

News Street Network

Powered by Redhawks Media

Social