ACK acknowledge

ACL access control list

AES Advanced Encryption Standard

AG attorney general

AI artificial intelligence

ALE annual loss expectancy

APT advanced persistent threat

ARO annual rate of occurrence

ATM automated teller machine

ATO authorization to operate

AUP acceptable use policy

AV asset value

BC business continuity

BCP business continuity plan

BI business intelligence

BIA business impact analysis

BIOS basic input/output system

CA certificate authority

CAP Certification and Accreditation Professional

CBA cost-benefit analysis

CBF critical business function

CCB change control board

CCO chief compliance officer

CCTV closed circuit TV

CECO chief ethics compliance officer

CEO chief executive officer

CERT Computer Emergency Response Team

CFO chief financial officer

C-I-A confidentiality, integrity, availability

CIO chief information officer

CIPA Children’s Internet Protection Act

CIRT computer incident response team

CISO chief information security officer

CISQ Consortium for IT Software Quality

CISSP Certified Information Systems Security Professional

CMMI Capability Maturity Model Integration

COBIT Control Objectives for Information and Related Technologies

COPPA Children’s Online Privacy Protection Act

CSF critical success factor

CSIRT computer security incident response team

CSO chief security officer

CTO chief technology officer

CVE Common Vulnerabilities and Exposures

CVRF Common Vulnerability Reporting Framework

DAT damage assessment team

DC domain controller

DDoS distributed denial of service

DHCP Dynamic Host Configuration Protocol

DHS Department of Homeland Security

DIACAP Department of Defense Information Assurance Certification and Accreditation Process

DISA Defense Information Systems Agency

DLP data loss prevention

DMZ demilitarized zone

DNS Domain Name Service or Domain Name System

DoD Department of Defense

DOJ Department of Justice

DoS denial of service

DR disaster recovery

DRP disaster recovery plan

ECO ethics compliance officer

EEA European Economic Area

EF exposure factor

EMT emergency management team

ETL extract, transform, and load

FCC Federal Communications Commission

FCPA Foreign Corrupt Practices Act

FDIC Federal Deposit Insurance Corporation

FERPA Family Educational Rights and Privacy Act

FFRDC Federally Funded Research and Development Center

FISMA Federal Information Security Modernization Act

FTC Federal Trade Commission

FTP File Transfer Protocol

GAAP generally accepted accounting principles

GAISP Generally Accepted Information Security Principles

GASSP Generally Accepted System Security Principles

GB gigabyte

GDPR General Data Protection Regulation

GLBA Gramm-Leach-Bliley Act

HIDS host-based intrusion detection system

HIMSS Healthcare Information and Management Systems Society

HIPAA Health Insurance Portability and Accountability Act

HR human resources

HTTP Hypertext Transfer Protocol

HTTPS Hypertext Transfer Protocol Secure

HVAC heating and air-conditioning

IA information assurance

IANA Internet Assigned Numbers Authority

ICMP Internet Control Message Protocol

ICS-CERT Industrial Control Systems Cyber Emergency Response Team

IDPS intrusion detection and prevention system

IDS intrusion detection system

IEC International Electrotechnical Commission

IP intellectual property or Internet Protocol

IPS intrusion prevention system

IPSec Internet Protocol Security

IS information security

(ISC)² International Information System Security Certification Consortium

ISO International Organization for Standardization

ISP Internet service provider

ISSA Information Systems Security Association

IT information technology

ITG information technology governance

ITIL Information Technology Infrastructure Library

ITL Information Technology Laboratory

L2TP Layer 2 Tunneling Protocol

LAN local area network

LOB line of business

MAC media access control

MAO maximum acceptable outage

MBCO minimum business continuity objective

MTBF mean time between failures

MTD maximum tolerable downtime

MTO maximum tolerable outage

MTPD maximum tolerable period of disruption

MTPOD maximum tolerable period of disruption

NAC network access control

NCCIC National Cybersecurity and Communications Integration Center

NCUA National Credit Union Administration

NIC network interface card

NIDS network-based intrusion detection system

NIPS network intrusion prevention system

NIST National Institute of Standards and Technology

NNTP Network News Transfer Protocol

NSA National Security Agency

NVD National Vulnerability Database

OLTP online transaction processing

OMB Office of Management and Budget

OS operating system

P2P peer to peer

PBX phone branch exchange

PCI Payment Card Industry

PCI DSS Payment Card Industry Data Security Standard

PGP Pretty Good Privacy

PHI protected health information

PII personally identifiable information

PIN personal identification number

PKI public key infrastructure

PM project manager

POAM plan of action and milestones

POC point of contact

POS point of sale

PR public relations

PTZ pan, tilt, zoom

RAID redundant array of independent disks

RAM random access memory

RAT remote access tool

RMF Risk Management Framework

ROI return on investment

RPO recovery point objective

RSA Rivest, Shamir, and Adelman (algorithm)

RTO recovery time objective

SEC Securities and Exchange Commission

SID security identifier

SIEM security information and event management

SLA service level agreement

SLE single loss expectancy

SME subject matter expert

SMTP Simple Mail Transfer Protocol

SOX Sarbanes-Oxley Act of 2002 (also Sarbox)

SP service pack or special publication

SPOF single point of failure

SQL Structured Query Language

SSCP Systems Security Certified Practitioner

SWIFT Society for Worldwide Interbank Financial Telecommunications

SYN synchronize

TARP Troubled Asset Relief Program

TB terabyte

TCP Transmission Control Protocol

TPM technology protection measure or trusted platform module

TRT technical recovery team

UPS uninterruptible power supply

URL Universal Resource Locator

USB universal serial bus

US-CERT United States Computer Emergency Readiness Team

VoIP Voice over Internet Protocol

VP vice president

VPN virtual private network

WAN wide area network

WEP wired equivalent privacy

Wi-Fi wireless fidelity

WIPO World Intellectual Property Organization

WLAN wireless local area network

WPA Wi-Fi Protected Access

WPA2 Wi-Fi Protected Access 2

XSS cross-site scripting