More and more we communicate in an increasingly abbreviated manner. Acronyms are a necessary part of all professions, IT security is no exception. They ease communication amongst practitioners. Take “IT” for example, imagine if we said “information technology” every time, how unnecessarily long-winded communication would be. Acronyms can also be over-used, and are irritating when used to impress. Remember, it’s not about quantity of acronyms used, it’s about the quality of communication that is important. Clear communication rather than attempting to impress, is the goal. In a rapidly changing field such IT security, acronyms come and go frequently as technology changes – it is important for practitioners to keep up their understanding.
However, keeping up with the hundreds of acronyms can be quite challenging. Below is a starter list of 55 acronyms that we frequently use. See how many you can identify without peeping at the full description.
AES Advanced Encryption Standard API Application Programming Interface APWG Anti-Phishing Working Group ASCII American Standard Code for Information Interchange BHO Browser Helper Object BYOA Bring Your Own Application BYOD Bring Your Own Device CA Certificate Authority CAPTCHA Completely Automated Public Turing system to tell Computers and Humans Apart CERT Computer Emergency Response Team CISO Chief Information Security Officer CSV Comma-Separated Values DBMS Database Management System DDoS Distributed Denial Of Service DLL Dynamic Link Library DNS Domain Name System DRM Digital Rights Management DRP Disaster Recovery Plan FAT File Allocation Table FDE Full Disk Encryption FTP File Transfer Protocol GINA Graphical Identification and Authentication GPS Global Positioning System GUI Graphical User Interface HTML Hypertext Markup Language HTTP Hypertext Transfer Protocol IDS Intrusion Detection System IMEI International Mobile Equipment Identity IP Internet Protocol ISP Internet Service Provider JPEG Joint Photographic Experts Group MITM Man In The Middle attack NAC Network Access Control NFC Near Field Communication PCI DSS Payment Card Industry Data Security Standard PDF Portable Document Format PGP Pretty Good Privacy PII Personally Identifiable Information PKCS Public Key Cryptography Standard PKI Public Key Infrastructure RBN Russian Business Network RFID Radio Frequency Identification RIA Rich Internet Application RISC Reduced Instruction Set Computer SDK Software Development Kit SHA Secure Hash Algorithm SQL Structured Query Language SSL Secure Sockets Layer SSO Single Sign-On TAN Transaction Authentication Number URL Uniform Resource Locator USB Universal Serial Bus VoIP Voice Over Internet Protocol WAP Wireless Application Protocol XSS Cross-Site Scripting
The list above is by no means exhaustive. I am sure there are many obvious acronyms which I have omitted.
Which acronyms do you use frequently that you would add to the list?