Hello, and welcome back to this next TomCast from GuardSight; we are a tactical cybersecurity-as-a-service organization dedicated to helping businesses protect their data, their assets, and their endpoints.

Today we are taking a step back and are going to attempt to provide some assistance to you all out there that may be new to the security industry or new to information technology by providing some clarification to what some common acronyms in the industry stand for. It is very easy to forget that perhaps not everyone knows what acronym stands for what, and this is a fast paced industry with language that speeds right along leaving some behind.

There is not enough time in a TomCast to go over every acronym out there, especially since new ones come out all the time. We could spend a week or more going over acronyms, so for the purpose of this TomCast we will attempt to hit some more common ones that are heard. So, let’s get started:

AES stands for Advanced Encryption Standard. You may encounter this when dealing with various types of encryption.

ANSI stands for American National Standards Institute.

ATO stands for Authorization to Operate, which is a common term used with federal, state, and local government contracting.

BIOS stands for Basic Input Output System, one of the older acronyms on this list.

CERT in this example stands for Computer Emergency Response Team. It is not an abbreviation of certificate or certification. When in all caps, remember it is the acronym, not the abbreviation.

CIA stands for, in the case of a cybersecurity-related acronym and not a federal agency acronym, Confidentiality, Integrity, and Availability. Also known as the CIA Triad.

CISO stands for Chief Information Security Officer.

COMSEC stands for Communications Security.

COTS stands for Commercial Off The Shelf, meaning something readily available you can buy from commercial sources.

DHCP stands for Dynamic Host Configuration Protocol, the dynamic method of providing IP addresses to internet-ready systems or devices.

DNS stands for Domain Name System.

EAL stands for Evaluation Assurance Level.

FERPA stands for Family Educational Rights and Privacy act, for those of you that work in compliance fields.

FISMA stands for Federal Information Security Management Act, which is important to know when dealing with federal contracts or federal information systems.

FOIA stands for Freedom Of Information Act.

FTP stands for File Transfer Protocol

GFAC stands for Go Forth And Conquer!

GRC stands for Governance, Risk, and Compliance.

HIPAA stands for Health Insurance Portability and Accountability Act, and this is a commonly misspelled acronym, but a very important one to understand if dealing with the medical industry.

HTTP stands for Hyper Text Transfer Protocol.

HTTPS stands for Hyper Text Transfer Protocol Secure.

IAM stands for Information Assurance Manager.

IDS stands for Intrusion Detection System.

INFOSEC stands for Information Security.

IP stands for Internet Protocol.

IPS stands for Intrusion Prevention System.

ISP stands for Internet Service Provider.

ISSO stands for Information System Security Officer.

MOA stands for Memorandum of Agreement.

MOU stands for Memorandum of Understanding.

MSP stands for Managed Services Provider

MSSP stands for Managed Security Services Provider

NIST stands for National Institute of Standards and Technology.

NSD stands for National Security Directive.

OPSEC stands for Operations Security.

OSINT stands for Open Source Intelligence.

PCI-DSS stands for Payment Card Industry Data Security Standard, typically involved with the retail industry and how they manage their payment methods.

PII stands for Personally Identifiable Information.

PKI stands for Public Key Infrastructure.

SIEM stands for Security Information and Event Management.

SOC stands for Security Operations Center.

SOX stands for Sarbanes-Oxley Act, which is useful to know when dealing with financial record-keeping and reporting.

TTP stands for Tips, Techniques, and Procedures.

TTX stands for Table Top Exercise.

VPN stands for Virtual Private Network.

So, that is a drop in the bucket of all the acronyms in use out in the vast realm of cyberspace. If you encounter an acronym you have never heard before, search for the meaning (and stay away from the urban dictionary meanings if the acronym is business-related). For those of you just getting started in the information technology field or the cybersecurity realm, use this as a reference often until you become familiar with the terms and uses.

We here at GuardSight thank you for taking the time to listen to this TomCast. Please share this if you believe it would be of assistance to anyone in your contact list, and please provide us some feedback in the comments so we can continue to improve. Thanks!