More and more we communicate in an increasingly abbreviated manner. Acronyms are a necessary part of all professions, IT security is no exception. They ease communication amongst practitioners. Take “IT” for example, imagine if we said “information technology” every time, how unnecessarily long-winded communication would be. Acronyms can also be over-used, and are irritating when used to impress. Remember, it’s not about quantity of acronyms used, it’s about the quality of communication that is important. Clear communication rather than attempting to impress, is the goal. In a rapidly changing field such IT security, acronyms come and go frequently as technology changes – it is important for practitioners to keep up their understanding.

However, keeping up with the hundreds of acronyms can be quite challenging. Below is a starter list of 55 acronyms that we frequently use. See how many you can identify without peeping at the full description.

AES                  Advanced Encryption Standard
API	                Application Programming Interface
APWG		Anti-Phishing Working Group
ASCII		American Standard Code for Information Interchange

BHO                  Browser Helper Object
BYOA                Bring Your Own Application
BYOD                Bring Your Own Device

CA                    Certificate Authority
CAPTCHA          Completely Automated Public Turing system to tell Computers and Humans Apart
CERT                 Computer Emergency Response Team
CISO                 Chief Information Security Officer
CSV                  Comma-Separated Values

DBMS                Database Management System
DDoS                Distributed Denial Of Service
DLL                  Dynamic Link Library
DNS                  Domain Name System
DRM                 Digital Rights Management
DRP                  Disaster Recovery Plan

FAT                  File Allocation Table
FDE                  Full Disk Encryption
FTP                  File Transfer Protocol

GINA                 Graphical Identification and Authentication
GPS                  Global Positioning System
GUI                  Graphical User Interface

HTML                 Hypertext Markup Language
HTTP                 Hypertext Transfer Protocol

IDS                  Intrusion Detection System
IMEI                 International Mobile Equipment Identity
IP                     Internet Protocol
ISP                  Internet Service Provider

JPEG                 Joint Photographic Experts Group

MITM                 Man In The Middle attack

NAC                  Network Access Control
NFC                  Near Field Communication

PCI DSS            Payment Card Industry Data Security Standard
PDF                  Portable Document Format
PGP                  Pretty Good Privacy
PII                  Personally Identifiable Information
PKCS                 Public Key Cryptography Standard
PKI                  Public Key Infrastructure

RBN                  Russian Business Network
RFID                 Radio Frequency Identification
RIA                  Rich Internet Application
RISC                 Reduced Instruction Set Computer

SDK                  Software Development Kit
SHA                  Secure Hash Algorithm
SQL                  Structured Query Language
SSL                  Secure Sockets Layer
SSO                  Single Sign-On

TAN                  Transaction Authentication Number

URL                  Uniform Resource Locator
USB                  Universal Serial Bus

VoIP                 Voice Over Internet Protocol

WAP                  Wireless Application Protocol

XSS                  Cross-Site Scripting

The list above is by no means exhaustive. I am sure there are many obvious acronyms which I have omitted.

Which acronyms do you use frequently that you would add to the list?