Bitmuncher
Abbreviations in IT and Cybersecurity
In IT, and therefore also in information security, many different abbreviations are used. Here you can find an alphabetically sorted list of common abbreviations.
| Abbrev. | Meaning | Explanation |
|---|---|---|
| A | ||
| ACL | Access Control List | A list that regulates which users or systems have access to certain resources and what actions they are allowed to perform on them, based on defined rules. |
| AD | Active Directory | A directory service developed by Microsoft that is used in Windows networks to centrally manage users, computers, groups, resources, and policies to control access and security. |
| AES | Advanced Encryption Standard | A symmetric encryption method that protects data using strong and efficient algorithms and is recognized worldwide as the standard for secure data transmission. |
| AI | Artificial Intelligence | The ability of machines or computer systems to perform human-like tasks such as learning, problem solving, and decision making through the use of algorithms and data. |
| API | Application Programming Interface | An interface that enables different software applications to communicate with each other and exchange functions or data without revealing their internal logic. |
| APT | Advanced Persistent Threat | A targeted, long-term cyberattack method in which attackers use sophisticated techniques to infiltrate a network undetected and steal sensitive data or cause damage. |
| AV | Anti-Virus | Software that protects computer systems from harmful software such as viruses, Trojans, worms, and other malware by detecting, blocking, and, if necessary, removing them. |
| AWS | Amazon Web Services | A comprehensive cloud computing platform from Amazon that provides a wide range of services such as computing power, storage, databases, and machine learning for companies worldwide. |
| B | ||
| BCM | Business Continuity Management | A systematic approach to ensuring the operational capability of an organization during and after a crisis or disruption through preventive measures, contingency plans, and recovery strategies. |
| BO | Buffer Overflow | A security vulnerability in which a program writes more data to a memory buffer than it can hold, allowing adjacent memory to be overwritten and potentially allowing attackers to execute malicious code. |
| BYOD | Bring Your Own Device | A company policy that allows employees to use personal end user devices such as laptops, smartphones, or tablets for work purposes. This offers flexibility, but also requires special security measures to protect company data from unauthorized access or loss. |
| C | ||
| CA | Certificate Authority | A trusted organization or authority that issues digital certificates to verify the identity of websites, users, or organizations and ensure secure communication. |
| CDN | Content Delivery Network | A network of servers distributed worldwide that delivers content such as web pages, videos, and files quickly and reliably to users by providing data from geographically close servers. |
| CERT | Computer Emergency Response Team | A specialized group dedicated to analyzing, preventing, and responding to IT security incidents in order to minimize damage and restore system security. |
| CLI | Command-Line Interface | A text-based user interface through which commands can be entered directly to control an operating system or programs.. |
| CMDB | Configuration Management Database | A central database that stores and manages information about all IT assets and their relationships within an organization to support processes such as IT service management. |
| COBO | Corporate Owned, Business Only | An IT management model in which companies provide their employees with company-owned devices that may only be used for business purposes. This strict separation increases security and facilitates compliance with compliance guidelines, as private use is excluded. |
| COPE | Corporate Owned, Personally Enabled | An IT management model in which companies provide their employees with company-owned devices (e.g., smartphones or laptops) that can be used for both business and personal purposes. This allows companies to maintain control over security policies and data protection, while employees enjoy a certain degree of flexibility in how they use the devices. |
| CORS | Cross-Origin Resource Sharing | A security mechanism that determines whether and how web browsers can request resources from a domain that differs from the domain of the original request in order to prevent unauthorized access. |
| CPU | Central Processing Unit | The central processing unit of a computer, which executes commands, conducts calculations, and controls the flow of data between the various components of the system. |
| CSP | Content Security Policy | A security policy that allows web developers to specify which sources are allowed to provide content such as scripts, stylesheets, or media on a website in order to prevent attacks such as cross-site scripting (XSS). |
| CSP | Cloud Service Provider | A provider that offers IT services such as computing power, storage, networks, or software over the Internet. Well-known examples include Amazon Web Services (AWS), Microsoft Azure, and Google Cloud. |
| CVE | Common Vulnerabilities and Exposures | A publicly accessible database that provides standardized identifiers for known security vulnerabilities and weaknesses in IT systems to facilitate their management and remediation. |
| CVSS | Common Vulnerability Scoring System | A standardized rating system that quantifies and prioritizes the severity of security vulnerabilities in IT systems based on defined criteria. |
| D | ||
| DAST | Dynamic Application Security Testing | A security testing method in which applications are tested during runtime to uncover vulnerabilities in their interaction with the environment, such as injection or authentication problems. |
| DES | Data Encryption Standard | Ein veraltetes symmetrisches Verschlüsselungsverfahren, das früher zur sicheren Datenübertragung verwendet wurde, jedoch aufgrund seiner kurzen Schlüssellänge als unsicher gilt. |
| DKIM | DomainKeys Identified Mail | An email authentication method that adds a digital signature to outgoing emails to ensure that the message has not been tampered with during transmission and actually originates from the specified sender. |
| DNS | Domain Name System | A protocol that translates domain names such as www.beispiel.de into IP addresses to enable communication between computers on the Internet. |
| DoS | Denial of Service | An attack technique that aims to overload an IT system or a service running on it so that its use is restricted or completely impossible. |
| DDoS | Distributed Denial of Service | Like DoS, but a large number of attacking systems are used to flood the target with requests. |
| DPA | Data Processing Addendum | A contractual agreement between controllers and processors that regulates compliance with data protection laws such as the GDPR and specifies how personal data is processed and protected. |
| DPIA | Data Protection Impact Assessment | A procedure conducted in accordance with Article 35 of the GDPR to systematically assess the potential risks to the rights and freedoms of individuals when processing personal data and to implement appropriate safeguards. |
| DPMS | Data Protection Management System | A systematic approach to managing and ensuring compliance with data protection requirements by defining and monitoring processes, policies, and measures for handling personal data. |
| DPO | Data Protection Official | An independent person or body that assists companies or organizations in complying with data protection laws, monitors data protection policies, and serves as a point of contact for authorities and data subjects. |
| DSA | Digital Signature Algorithm | A cryptographic algorithm used to generate and verify digital signatures to ensure the authenticity and integrity of data. |
| E | ||
| E2E | End-to-End | An encryption method in which data is encrypted throughout the entire transmission from the sender to the recipient, so that third parties cannot access the content during transmission. |
| EOL | End of Life | The point in time at which a product, such as software or hardware, is no longer supported or developed by the manufacturer, which can often entail security risks. |
| F | ||
| FOSS | Free and Open Source Software | Software that can be freely used, modified, and distributed because its source code is openly accessible and published under a license that grants these freedoms. |
| FTP | File Transfer Protocol | A standardized network protocol that enables the transfer of files between a client and a server over a network, such as the Internet. |
| G | ||
| GCP | Google Cloud Platform | A cloud computing platform from Google that provides a variety of services such as computing power, storage, databases, and machine learning for businesses and developers. |
| GDPR | General Data Protection Regulation | Also EU-GDPR and EU GDPR. An EU-wide regulation that governs the protection of personal data and the rights of data subjects, and imposes binding requirements on companies and organizations for handling data. |
| GPU | Graphics Processing Unit | A specialized processor component optimized for parallel processing of graphics data and often used for computationally intensive tasks such as machine learning. |
| GUI | Graphical User Interface | An interface that allows users to operate computers and software through visual elements such as windows, icons, and menus, rather than by entering commands. |
| H | ||
| HTTP | Hypertext Transfer Protocol | A communication protocol that enables the transfer of data such as web pages between web browsers and servers on the Internet. |
| I | ||
| IaC | Infrastructure as Code | An approach to managing and provisioning IT infrastructure using machine-readable configuration files instead of conducting manual configurations, promoting automation and consistency. |
| IAM | Identity & Access Management | A framework of policies, processes, and technologies that ensures the right people in an organization have access to the right resources at the right time. |
| ICT | Information & Communication Technology | Refers to the combination of technologies and services used to process, store, transmit, and display information, as well as to communicate in digital and analog formats. Used primarily in official documents. |
| IDE | Integrated Development Environment | Software that supports developers with tools such as code editors, debuggers, and build automation in a unified interface to make software development more efficient. |
| IDS | Intrusion Detection System | A security solution that monitors networks or systems for suspicious activity and potential security breaches and issues appropriate alerts. |
| IOC | Indicators of Compromise | Signs or data indicating that an IT system may have been compromised, such as unusual network activity, malicious files, or suspicious changes to systems. |
| IoT | Internet of Things | A network of physical devices, vehicles, sensors, and other objects connected to the Internet to collect data, exchange information, and enable automated processes. |
| IP | Internet Protocol | A network address that uniquely identifies devices and enables communication between them on the Internet or local networks. |
| IPS | Intrusion Prevention System | A security solution that not only detects suspicious activities and attacks in networks or systems, but also actively blocks them to prevent damage. |
| ISMS | Information Security Management System | A systematic approach to managing and securing information through policies, processes, and technical measures to ensure confidentiality, integrity, and availability in accordance with standards such as ISO 27001. |
| ISO | Information Security Officer | A responsible person within an organization who oversees information security management, assesses risks, coordinates security measures, and ensures compliance with standards such as ISO 27001. |
| ISP | Internet Service Provider | A provider that provides access to the Internet and can offer additional services such as email, web hosting, or security solutions. |
| IT | Information Technology | Includes the use of computer and network systems for processing, storing, transmitting, and managing data, as well as for supporting business and communication processes. Colloquially often used as a synonym for ICT.d> |
| ITIL | Information Technology Infrastructure Library | A framework for IT service management (ITSM) that provides best practices for efficiently planning, delivering, and managing IT services to support business processes. |
| ITSM | IT Service Management | An approach to planning, delivering, managing, and optimizing IT services that aims to align IT with business needs and improve service quality. |
| J | ||
| JRE | Java Runtime Environment | A runtime environment required to run Java applications, as it provides the Java Virtual Machine (JVM) and basic libraries. |
| JS | Javascript | A programming language primarily used for developing interactive and dynamic web content by extending the functionality of web pages. |
| L | ||
| LLM | Large Language Model | An AI model trained on extensive text data to understand and generate human-like language and perform complex tasks such as translation, question answering, and text analysis. |
| M | ||
| MBR | Master Boot Record | A special area on a hard disk or other storage device that contains information about the partitioning of the hard disk and starts the boot loader to load the operating system. |
| MDM | Mobile Device Management | A security solution that enables companies to centrally manage, configure, and protect mobile devices such as smartphones and tablets to secure corporate data and policies. |
| MFA | Multi-Factor Authentication | A security method that uses at least two different factors, such as knowledge (password), possession (token), and biometrics (fingerprint), to verify a user's identity. |
| MS | Microsoft | A global technology leader that develops and provides software, hardware, cloud services, and solutions such as the Windows operating system, the Office suite, and the Azure cloud platform. |
| N | ||
| NAS | Network Attached Storage | A network-connected storage device that allows multiple devices to store, retrieve, and share centralized data via a (local) network. |
| NAT | Network Address Translation | A network technology that converts private IP addresses into public IP addresses to enable access to the Internet while reducing the number of public addresses required and providing security benefits. |
| NIST | National Institute of Standards and Technology | A US federal agency that develops standards and policies, including in the field of information security, to promote innovation and protect critical infrastructure. NIST guidelines are often applied internationally. |
| NLP | Natural Language Processing | A part of machine learning that deals with the processing, analysis, and generation of natural language by computers in order to understand and respond to human communication. |
| O | ||
| OCR | Optical Character Recognition | A technology that recognizes text in images or scanned documents and converts it into machine-readable formats for digital processing and searching. |
| OS | Operating System | The basic software of a computer that manages the hardware, runs applications, and provides a user interface to enable interaction with the system. |
| OSS | Open-Source Software | Software that can be freely used, modified, and distributed because its source code is openly accessible and published under a license that grants these freedoms. |
| P | ||
| PDCA | Plan-Do-Check-Act | A continuous improvement process structured in four steps to plan, implement, review, and adjust processes, especially in management systems such as ISMS. |
| PGP | Pretty Good Privacy | An encryption tool used to secure emails and files by combining cryptographic techniques such as public key encryption and digital signatures to ensure confidentiality and authenticity. |
| PII | Personally Identifiable Information | Refers to personal information that can be used to identify a person directly or indirectly, such as name, address, date of birth, or social security number. |
| PIN | Personal Identification Number | A numeric secret number used to authenticate a person when accessing systems or services, for example, bank cards or mobile devices. |
| PKI | Public Key Infrastructure | A system of policies, procedures, and technologies that enables the management and use of digital certificates and cryptographic keys to ensure secure communication and authentication. |
| R | ||
| RAM | Random Access Memory | A volatile memory in computer systems that stores data and programs that need to be accessed quickly by the processor during use and is deleted when the device is turned off. Also referred to as RAM. |
| RAT | Remote Access Trojan | Sometimes also called Remote Administration Tool. This is malware that allows attackers to gain undetected remote access to an infected system in order to spy on data, control systems, or install further malware. |
| RBAC | Role-Based Access Control | An access control model in which permissions are assigned based on the roles of users within an organization to efficiently and securely manage access to resources. |
| RDP | Remote Desktop Protocol | A network protocol developed by Microsoft that enables remote access to desktops or applications by allowing users to control a graphical user interface on a remote computer via a network connection. |
| ROM | Read-Only Memory | Non-volatile memory that permanently stores data that can only be read and not changed, such as basic firmware or startup programs on a computer. |
| RSA | Rivest, Shamir, Adleman | An asymmetric encryption method based on the mathematical difficulty of factoring large numbers, used for secure data transmission, digital signatures, and key exchange. The abbreviation RSA is derived from the initials of its developers, who developed the algorithm in 1977. |
| RTFM | Read the fine manual | Also "Read the fucking manual". A humorous request to read the documentation or instructions first before asking questions.. |
| S | ||
| SAST | Static Application Security Testing | A method for analyzing the source code of applications in order to identify and eliminate security vulnerabilities early in the development process. |
| SDK | Software Development Kit | A collection of tools, libraries, and documentation that help developers create applications or features for a specific platform, software, or hardware. |
| SEO | Search Engine Optimization | The process of optimizing websites and content to improve their visibility in organic search engine results and thereby generate more traffic. |
| SIEM | Security Information and Event Management | A software solution that centrally collects, analyzes, and correlates security-related events and data from IT systems to detect, monitor, and respond to security incidents. |
| SLA | Service Level Agreement | A contractual agreement between a service provider and a customer that defines the expected performance characteristics, availability, and responsibilities for a service. |
| SOC | Security Operations Center | A central organization where IT security experts continuously monitor networks, systems, and data for threats, analyze security incidents, and initiate coordinated response measures. |
| SoC | System on a Chip | An integrated circuit that combines all the essential components of a computer system, such as a processor, memory, and interfaces, on a single chip to enable compact and efficient devices. |
| SPF | Sender Policy Framework | An email authentication protocol that ensures that only authorized servers can send emails on behalf of a domain to prevent spoofing and phishing attacks. |
| SQLi | SQL injection | An attack technique in which malicious SQL code is injected into input fields in order to gain unauthorized access to a database or manipulate its contents. |
| SRE | Site Reliability Engineering | An approach to IT operations that combines software development and IT operations to ensure highly scalable and reliable systems through automation, monitoring, and continuous improvement. |
| SSD | Solid State Drive | A non-volatile storage media that stores data using flash memory chips and is faster, more robust, and more energy-efficient than traditional hard disk drives (HDDs). |
| SSL | Secure Sockets Layer | An outdated encryption protocol that enables secure communication over the Internet and has been replaced by its successor protocol, Transport Layer Security (TLS). |
| SSO | Single Sign-On | An authentication method in which users log in once and can then access multiple applications or systems without having to authenticate again. |
| T | ||
| TCP | Transmission Control Protocol | A reliable network protocol that controls data transmission in networks by ensuring that data packets arrive complete and in the correct order. |
| TISAX | Trusted Information Security Assessment Exchange | A verification and exchange mechanism developed specifically for the automotive industry to assess and demonstrate compliance with information security requirements based on ISO 27001 and the VDA-ISA catalog. |
| TLS | Transort Layer Security | A cryptographic protocol that ensures the secure transmission of data over the Internet through encryption, authentication, and integrity protection. |
| TOM | Technical & Organizational Measures | Technical and organizational measures are safeguards defined in data protection laws, such as the GDPR, that companies must implement to ensure the security and protection of personal data against unauthorized access, loss, or manipulation. |
| U | ||
| UDP | User Datagram Protocol | A lightweight network protocol that transmits data without establishing a connection or performing error checking, making it suitable for applications that prioritize speed over reliability, such as streaming or online gaming. |
| W | ||
| WAF | Web Application Firewall | A security solution that monitors, filters, and protects HTTP traffic to protect web applications from attacks such as SQL injections, cross-site scripting (XSS), and other vulnerabilities. |
| X | ||
| XSS | Cross-site Scripting | A security vulnerability that allows an attacker to inject malicious code, usually in the form of JavaScript, into a trusted website in order to steal user data, hijack sessions, or perform unwanted actions on behalf of the user. |