Technology is inundated with acronyms, and cybersecurity egregiously so. Here’s a quick cheatsheet you help you through your next certification, job interview, or day job. I’ve broken these down into categories here, but as always CTRL-F is your friend here.

技术被首字母缩写词所淹没,网络安全也是如此。 这是一份快速备忘单,可帮助您完成下一份认证,工作面试或日常工作。 我在这里将它们分为几类,但是像往常一样,CTRL-F是您的朋友。

I’ve purposely excluded protocols and crypto-related terminology from this list. Please feel free to share anything you think I should include in the comments or if you’d like to see a more complete extension of this list.

我故意从此列表中排除了协议和与加密相关的术语。 请随意分享您认为我应该在评论中添加的任何内容,或者您​​希望看到此列表的更完整扩展。

经典 (The Classics)

中央情报局 (CIA)

Also know as AIC, ICA, or the CIA Triad. This isn’t the US intelligence agency, but rather stands for Confidentiality, Integrity, and Availability, which are considered by many to be the primary pillars of Cybersecurity.

也称为AIC,ICA或CIA Triad。 它不是美国情报机构,而是代表机密性,完整性和可用性,许多人认为这是网络安全的主要Struts。


Common Vulnerabilities and Exposures. CVEs are commonly known software and system vulnerabilities and Exposures. The Mitre Corporation maintains and controls the list of CVEs.

常见漏洞和披露。 CVE是众所周知的软件和系统漏洞和披露。 Mitre公司维护并控制CVE的列表。


Common Weakness Enumeration. CWEs are a way to categorize software weaknesses and vulnerabilities based on similarities in effect or execution.

常见弱点枚举。 CWE是一种根据效果或执行的相似性对软件弱点和漏洞进行分类的方法。


Common Vulnerability Scoring System. CVSS scores are given to all or nearly all CVEs. Scoring is quite complex and the system is currently on version 3.1.

通用漏洞评分系统。 所有或几乎所有CVE均获得CVSS分数。 评分非常复杂 ,系统当前版本为3.1。


National Vulnerability Database. Created by the National Institute of Standards and Technology (NIST), the NVD is a database synchronized to the Mitre CVE list.

国家漏洞数据库。 NVD由美国国家标准技术研究院(NIST)创建,是与Mitre CVE列表同步的数据库。

工具类 (Tools)

虚拟机 (VM)

Vulnerability Management, but also potentially Virtual Machine. For the intentions of this list though, Vulnerability Management. Some common scanning tools include Nessus, Nmap, Qualys VM and Rapid7’s Nexpose.

漏洞管理,还有潜在的虚拟机 。 出于此列表的目的,漏洞管理。 一些常见的扫描工具包括NessusNmapQualys VMRapid7的Nexpose


They just added “Threat” to the beginning of the last item. For all intents and purposes, TVM and VM can be considered equal.

他们只是在最后一项的开头添加了“威胁”。 出于所有意图和目的,TVM和VM可以视为相等。


Endpoint Detection & Response. This class of tools includes endpoint agents which are installed on hosts as well as the infrastructure to manage them. Common examples are Crowdstrike, Microsoft Defender ATP, and Carbon Black.

端点检测和响应。 此类工具包括安装在主机上的端点代理以及用于管理它们的基础结构。 常见的示例是CrowdstrikeMicrosoft Defender ATPCarbon Black

西门子 (SIEM)

Security Information and Event Management. I’ve written about SIEM at length in the past. A SIEM’s primary function is to collect, normalize, correlate, aggregate, and detect anomalies across a variety of data sources. See Splunk, QRadar, and LogRythm for examples of SIEM.

安全信息和事件管理。 过去,我已经详细介绍了SIEM。 SIEM的主要功能是收集,规范化,关联,聚合和检测各种数据源中的异常。 有关SIEM的示例,请参见SplunkQRadarLogRythm

飙升 (SOAR)

Security Orchestration, Automation, and Response. The actual definition of SOAR is a bit loose, but generally refers to any technology, solution, or collections of preexisting tools that allow organizations to streamline the handling of security processes in three key domains; threat and vulnerability management, incident response, and security operations automation. I’ve also written about SOARs before. See Cortex XSOAR, Phantom, and Swimlane.

安全编排,自动化和响应。 SOAR的实际定义有些松散,但通常是指允许组织简化三个关键域中的安全流程处理的任何技术,解决方案或现有工具的集合。 威胁和漏洞管理,事件响应以及安全操作自动化。 我也写了腾飞之前 。 见皮质XSOAR幻影泳道


IT Service Management. This one gets bonus points because it’s an acronym inside an acronym. To the layman we would call these ticketing or task management systems. Think ServiceNow or Jira.

IT服务管理。 这是一个奖励积分,因为它是首字母缩写词内的首字母缩写。 对于外行,我们将其称为票务或任务管理系统。 想想ServiceNowJira


Another bonus entry, IPAM stands for IP Address Management. IPAMs handle the management of DHCP, DNS, and everything IP. Solarwinds and Bluecat are popular examples.

另一个奖励条目IPAM代表IP地址管理。 IPAM处理DHCP,DNS和所有IP的管理。 SolarWinds的的BlueCat是最典型的例子。


Not quite as commonly used as some of the above tools, and also a bit vague, WAS stands for Web Application Security and covers all the tooling needed to carry out security testing against web apps. Quite a bit of overlap with DAST which is defined below.

WAS不像上面的某些工具那样普遍使用,并且有点模糊,WAS代表Web应用程序安全性,涵盖了针对Web应用程序执行安全性测试所需的所有工具。 与以下定义的DAST有点重叠。


No, not Computer Science, CS stands for Container Security. A hot and growing subset of AppSec, Container Security deals with all things containers (generally scanning your docker images and layers to make sure you’re safe. See Sysdig and StackRox

不,不是计算机科学,CS代表容器安全性。 容器安全性是AppSec不断发展的一个热门子集,它处理所有容器(通常扫描docker映像和层以确保您的安全。请参阅SysdigStackRox

爱生雅 (SCA)

Software Composition Analysis. This family of tools is used to scan your software dependencies and ensure you aren’t inheriting any known vulnerabilities from open source libraries. See Snyk, Sonarqube, and Ochrona💙.

软件组成分析。 该工具家族用于扫描软件依赖关系,并确保您不会从开源库继承任何已知的漏洞。 见SnykSonarqubeOchrona 💙。


Static Application Security Testing. SAST would include any manner of static code analysis, pre/post compilation and could look for things like misconfigurations, logic errors, and any other issues that can be deduced without actually running any code. See Veracode, Checkmarx, and Bandit.

静态应用程序安全性测试。 SAST可以包括任何形式的静态代码分析,预编译/后期编译,并且可以查找诸如配置错误,逻辑错误以及无需实际运行任何代码即可推断出的其他任何问题。 请参见VeracodeCheckmarxBandit


Another AST, this time we’re looking at Dynamic Application Security Testing. DAST tools go beyond SAST in that they actively test running code. DAST is good for catching issues such as SQL injection, Cross Site Scripting, and more. Look for Nikto and Burp.

另一个AST,这次我们正在研究动态应用程序安全性测试。 DAST工具超越了SAST,因为它们可以主动测试正在运行的代码。 DAST非常适合捕获SQL注入,跨站点脚本等问题。 寻找NiktoBurp

国际航空运输协会 (IAST)

Jeez. Okay IAST stands for Interactive Application Security Testing and in my opinion is more marketing than a class of tooling. IAST generally means deploying some kind of agent within your applications which has some of the capabilities of both SAST and DAST. Synopsys has been pushing this hard.

真是的 好的,IAST代表“交互式应用程序安全性测试”,在我看来,这比一类工具更重要的是市场营销。 IAST通常意味着在您的应用程序中部署某种具有SAST和DAST功能的代理。 Synopsys一直在努力。


Last one, Run-time Application Security Protection. RASP tools are an agent or process embedded within an application which check for compromises in real time and can alert the application owner. See Imperva and Sqreen.

最后一个,运行时应用程序安全保护。 RASP工具是嵌入在应用程序中的代理或流程,可实时检查是否存在漏洞,并可以警告应用程序所有者。 参见ImpervaSqreen


Governance, Risk, and Compliance. GRC tools can span quite the gamut and are most often used by large public companies who have to navigate additional regulatory and compliance requirements that small companies can usually get away with skimping on. See ServiceNow GRC, Riskonnect, and IBM OpenPages.

治理,风险和合规性。 GRC工具的适用范围很广,大型上市公司经常使用GRC工具,大型公司不得不应对其他小型公司通常可以摆脱的法规和合规性要求。 请参阅ServiceNow GRCRiskonnectIBM OpenPages

我是 (IAM)

Identity and Access Management. This is a huge category that I won’t go too deep into. IAM covers the management of roles and access. This can also extend to include things like Single Sign-On (SSO). Look for vendors like Okta and Ping to be the leaders in this space.

身份和访问管理。 这是一个巨大的类别,我不会深入探讨。 IAM涵盖角色和访问的管理。 这也可以扩展到包括单点登录(SSO)之类的内容。 寻找像OktaPing这样的供应商来领导这个领域。


Cloud Access Security Broker. This is a service or application that acts as a shim between users and access to the cloud and monitors activity and enforces usage policies. Look at Netskope, Bitglass, and ForcePoint.

云访问安全代理。 这是一种服务或应用程序,充当用户与云访问之间的垫片,并监视活动并实施使用策略。 看一下NetskopeBitglassForcePoint

小费 (TIP)

Threat Intelligence Platform/Provider. A TIP is a service that manages threat intelligence and the entities associated with it such as actors, campaigns, incidents, signatures, and more. TIP leaders include Anomoli and Recorded Future.

威胁情报平台/提供商。 TIP是一项服务,用于管理威胁情报以及与其相关的实体,例如参与者,活动,事件,签名等。 TIP的领导人包括AnomoliRecorded Future

伊塔姆 (ITAM)

IT Asset Management. AM blurs the line between Cybersecurity and classic IT. With the old adage “you can’t protect what you don’t know”, it should be clear why AM is important and has its own category as well as some importance in other tool categories. See Axonius.

IT资产管理。 AM模糊了网络安全和传统IT之间的界线。 古老的格言是“您无法保护您所不知道的东西”,因此很清楚,AM为何重要,并拥有自己的类别以及在其他工具类别中的某些重要性。 请参阅Axonius

We can also go a step beyond ITAM and look at asset discovery. For sufficiently large organizations just figuring out what IP, domains, certificates, and services belong to them can be daunting. Expanse would be an example of this.

我们还可以超越ITAM,着眼于资产发现。 对于足够大的组织来说,仅弄清楚它们所属的IP,域,证书和服务可能是艰巨的。 扩展将是一个例子。

中国移动数据库 (CMDB)

Configuration Management Database. CMDBs are used to store information about hardware and software assets as well as their configuration details. Common CMDBs are ServiceNow and BMC Helix.

配置管理数据库。 CMDB用于存储有关硬件和软件资产及其配置详细信息的信息。 常见的CMDB是ServiceNowBMC Helix


A CSP is a Cloud Service Provider. This is definitely outside the scope of a cybersecurity tool, but still an acronym that gets used frequently. The big three CSPs are Amazon Web Services (AWS), Google Cloud Platform (GCP), and Azure.

CSP是云服务提供商。 这绝对不在网络安全工具的范围内,但仍然是经常使用的首字母缩写词。 三大CSP是Amazon Web Services(AWS),Google Cloud Platform(GCP)和Azure。

影音 (AV)

Antivirus. Antivirus tools are often deployed on hosts and are used to detect, protect, prevent, and report malware. McAfee, Norton, and Kaspersky⚠️ are the most well known.

防病毒软件。 防病毒工具通常部署在主机上,用于检测,保护,预防和报告恶意软件。 McAfeeNortonKaspersky⚠️是最著名的。

IDS /入侵防御系统 (IDS/IPS)

Intrusion Detection Systems and Intrusion Protection Systems. I’m also including their Host/Network in inclusive acronyms (HIDS/HIPS/NIDS/NIPS) here. These class of tool includes a sensor and an analysis engine to determine if an attack is taking place and then either alerts or attempts to prevent the attack. See Trend Micro TippingPoint and McAfee NSP.

入侵检测系统和入侵保护系统。 我还在此处用其首字母缩略词(HIDS / HIPS / NIDS / NIPS)包括其主机/网络。 此类工具包括传感器和分析引擎,用于确定是否正在发生攻击,然后发出警报或尝试阻止攻击。 请参阅趋势科技TippingPointMcAfee NSP


Web Application Firewall. WAFs act similarly to traditional firewalls, however instead of looking at network traffic, rules, or packets, they instead inspect HTTP requests to safeguard against attacks against web applications. Check out Cloudflare, Signal Sciences, and Imperva.

Web应用程序防火墙。 WAF的行为类似于传统防火墙,但是它们没有查看网络流量,规则或数据包,而是检查HTTP请求以防御针对Web应用程序的攻击。 查看CloudflareSignal SciencesImperva

法律政策 (Laws and Policies)


The General Data Protection Regulation is a 2016 EU law to protect EU citizen’s data and privacy. It goes beyond most previous legislation and violations can result in severe fines.

通用数据保护条例是2016年欧盟法律,旨在保护欧盟公民的数据和隐私。 它超出了以前的大多数立法,违反行为可能导致严厉的罚款。


DescriptionThe Health Insurance Portability and Accountability Act was introduced in 1996 and specifies how personal medical information must be safeguarded.


高技术 (HITECH)

Health Information Technology for Economic and Clinical Health Act expanded much of the legislation put forth in HIPAA as electronic health records became more common.



Computer Fraud and Abuse Act was enacted in 1986 that in many way redefined what it meant to “hack” by making it illegal to “having knowingly accessed a computer without authorization or exceeding authorized access”.


注册会计师 (CCPA)

California Consumer Privacy Act. New in 2020, and on the heels of GDPR, the CCPA grants California residents data privacy rights and control over their personal information, including the right to know, the right to delete, and the right to opt-out of the sale of personal information that businesses collect, as well as additional protections for minors.

加州消费者隐私法。 CCPA于2020年新增,紧随GDPR之后,授予加利福尼亚州居民数据隐私权,并控制其个人信息,包括知情权,删除权和选择退出出售个人信息的权利企业收取的费用,以及对未成年人的附加保护。

中国移动通信集团 (CMMC)

Cybersecurity Maturity Model Certification. The CMMC is a unified standard for implementing cybersecurity across the defense industrial base and includes all suppliers to the DOD. The CMMC is the DoD’s response to significant compromises of sensitive defense information located on contractors’ information systems.

网络安全成熟度模型认证 。 CMMC是用于在整个国防工业基地实施网络安全的统一标准,其中包括国防部的所有供应商。 CMMC是国防部对位于承包商信息系统上的敏感防御信息的重大妥协的回应。

工作 (Jobs)

首席信息官 (CIO)

Chief Information Officer. The CIOs job is to support all data, IT, and systems used to help a company achieve it’s goals. The CIO is typically the highest authority for data in a company and often plays a security role as well.

首席信息官。 CIO的工作是支持用于帮助公司实现其目标的所有数据,IT和系统。 CIO通常是公司中数据的最高权限,并且通常还扮演安全角色。

首席信息安全官 (CISO)

Chief Information Security Officer. The CISO is tasked with protecting all company assets. Usually reports to either the CIO or CEO.

首席信息安全官。 CISO的任务是保护公司的所有资产。 通常向CIO或CEO汇报。

公民社会组织 (CSO)

Chief Security Officer. Often is synonymous with CISO.

首席安全官。 通常是CISO的同义词。


Security Operation Center. A SOC is the business unit that handles the detection, analysis, and response to cybersecurity incidents in an organization.

安全运营中心。 SOC是处理组织中网络安全事件的检测,分析和响应的业务部门。

资质认证 (Certifications)


Certified Information Systems Security Professional. Created by (ISC)2, the CISSP is one of the more advanced cybersecurity certifications common today. It is often a requirement or highly desirable for senior positions.

信息系统安全认证专家。 CISSP由(ISC)2创建,是当今常见的更高级的网络安全认证之一。 这通常是高级职位的要求或非常理想的。


Certified Ethical Hacker. Offered by EC-Council, the CEH covers how to assess system security and perform penetration testing of systems and organizations.

认证的道德黑客。 CEH由EC-Council提供,涵盖了如何评估系统安全性以及如何对系统和组织进行渗透测试。


Offensive Security Certified Professional. Offered by Offensive Security, similar to the CEH, the OSCP is focused on penetration testing. It is consider by some to be more hands-on than the CEH.

进攻性安全认证的专业人员。 与CEH相似,由Offensive Security提供的OSCP专注于渗透测试。 一些人认为它比CEH更实际。

杂项 (Misc.)


Open-Source Intelligence. OSINT is data collected from publicly available sources to be used in an intelligence context. It has the advantage that its collection is typically passive in nature.

开源情报。 OSINT是从公开来源收集的数据,可用于情报环境。 它具有的优势是,其收集通常在本质上是被动的。


Attack Surface Reduction. Also know as Attack Surface Management (ASM), ASR is the continuous discovery, inventory, correlation, monitoring, and potentially prioritization of external digital assets with the goal of reducing the vulnerable external attack surface.

减少攻击面。 也称为攻击面管理(ASM),ASR是对外部数字资产的连续发现,清单,关联,监视以及潜在的优先级排序,目的是减少易受攻击的外部攻击面。

易于 (APT)

Advanced Persistent Threat. This type of adversary is typically a nation-state, or at least sponsored by one. They are remarkable in their persistence, skill, and resources.

高级持久威胁。 这种类型的对手通常是一个民族国家,或至少由一个国家赞助。 他们的毅力,技巧和资源都很出色。

国际奥委会 (IOC)

Indicator of Compromise. This would be any signal, signature, or other evidence that points to a security breach.

妥协指标。 这可能是任何表明安全漏洞的信号,签名或其他证据。


ATT&CK stands for Adversarial Tactics, Techniques, and Common Knowledge. It is a matrix of tactics and techniques used by threat hunters, pen testers, and blue teams to better classify attacks and gauge an organization’s risk.

ATT&CK代表对抗策略,技巧和常识。 它是威胁猎手,笔测试人员和蓝色团队使用的策略和技术的矩阵,可以更好地对攻击进行分类并衡量组织的风险。


Tactics, Techniques and Procedures. Related to MITRE ATT&CK above, TPP refers to the methods, tools, and patterns that malicious parties use to carry out attacks.

战术,技术和程序。 与上面的MITER ATT&CK相关,TPP是指恶意方用来进行攻击的方法,工具和模式。


Operational Technology. This vague terminology is used to represent the operation technologies used to control physical systems. These physical systems could be anything from manufacturing equipment to critical infrastructure, like water treatment, electricity, and traffic infrastructure.

运营技术。 这种模糊的术语用于表示用于控制物理系统的操作技术。 这些物理系统可以是从制造设备到关键基础设施的任何东西,例如水处理,电力和交通基础设施。

物联网 (IoT)

Internet of Things. While IoT isn’t purely a security focus, it is a relevant and growing concern. These small, cheap devices often come with tacked-on security controls, if they have any at all. They can pose a serious threat to companies as an exploitable weak-link in their attack surface.

物联网。 尽管物联网不仅仅是纯粹的安全重点,但它却是一个相关且不断增长的关注点。 这些小型,廉价的设备通常带有附加的安全控制(如果有的话)。 作为攻击面中的可利用的薄弱环节,它们可能对公司构成严重威胁。

权限 (Permissions)

数模转换器 (DAC)

Discretionary Access Control. Permissions in this system are discretionary in that the owner of an object can pass permissions for that object on to other users.

自由访问控制。 该系统中的权限是任意的,因为对象的所有者可以将该对象的权限传递给其他用户。

苹果电脑 (MAC)

Mandatory Access Control. In this system access policies are centrally controlled by an administrator rather than the object owner.

强制访问控制。 在此系统中,访问策略由管理员而不是对象所有者集中控制。


Role-based Access Control. In this system permissions are dictated by roles which are assigned to users, rather than permissions being directly assigned to users. This approach scales better than the previous models.

基于角色的访问控制。 在此系统中,权限是由分配给用户的角色决定的,而不是由权限直接分配给用户的。 这种方法的扩展性比以前的模型更好。

阿巴克 (ABAC)

Attribute-based Access Control. In this system permissions are refined through policies which combine attributes together. This model also supports Boolean logic making it more flexible than some of the preceding models.

基于属性的访问控制。 在此系统中,权限是通过将属性组合在一起的策略来完善的。 该模型还支持布尔逻辑,使其比前面的某些模型更灵活。

进攻 (Attacks)


Cross-site Scripting. This attack is most often found in web applications where either stored or reflected user input (containing Javascript) is presented to the browser in an unsanitized fashion, causing the browser to execute the code on the client’s behalf.

跨站脚本。 这种攻击最常出现在Web应用程序中,在该Web应用程序中,存储的或反映的用户输入(包含Javascript)以未经消毒的方式呈现给浏览器,从而导致浏览器代表客户端执行代码。


SQL Injection. This attack takes advantage of unsanitized user input which is sent to a SQL database and executed. Always keep Little Bobby Tables in mind.

SQL注入。 这种攻击利用了未经处理的用户输入,该用户输入被发送到SQL数据库并执行。 始终牢记小鲍比桌子

X射线荧光 (XSRF)

Cross-site Request Forgery. This type of attack takes advantage of exploiting a trusted user’s session to an application and makes a request on their behalf. Unlike XSS which exploits a users trust with a website, XSRF leverages a browser’s trust with a site.

跨站点请求伪造。 这种类型的攻击利用了利用受信任用户与应用程序的会话并代表他们发出请求的优势。 与利用用户对网站的信任的XSS不同,XSRF利用浏览器对网站的信任。


XML External Entities. In this attack the attacker sends an XML document with malicious links which the XML processor trustingly evaluates. This can lead to remote code execution, denial of service, or information disclosure.

XML外部实体。 在这种攻击中,攻击者发送带有恶意链接的XML文档,XML处理器信任地对其进行评估。 这可能导致远程执行代码,拒绝服务或信息泄露。


Remote Code Execution. This is more of an attack outcome than an attack itself. In this case an attacker is able to execute arbitrary code on a host remotely.

远程执行代码。 这更多是攻击结果而不是攻击本身。 在这种情况下,攻击者可以在主机上远程执行任意代码。


Denial of Service/Distributed Denial of Service. Again, these are more outcomes of an attack than necessarily a type of attack. There are many ways to go about doing a DOS style attack. Heavy traffic, targeting inefficient functions, or sending malicious payloads such as an XML bomb are all ways to go about causing DOS.

拒绝服务/分布式拒绝服务。 同样,这些攻击更多是攻击的结果,而不一定是某种攻击。 有很多方法可以进行DOS风格的攻击。 高流量,针对效率低下的功能或发送恶意负载(例如XML炸弹)都是导致DOS的所有方法。

翻译自: https://medium.com/ochrona/2020-top-cybersecurity-acronyms-88f2202abcf2


  • 0
  • 1
    觉得还不错? 一键收藏
  • 0


  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助




当前余额3.43前往充值 >
领取后你会自动成为博主和红包主的粉丝 规则
钱包余额 0