API application programming interface
AUP acceptable use policy
BYOD bring your own device
CAPEC Common Attack Pattern Enumeration and Classification scheme
CD continuous delivery
CDE cardholder data environment
CI continuous integration
CIA confidentiality, integrity, availability
CIO chief information officer
CISO chief information security officer
CMDB configuration management database
COO chief operations officer
CREST Council for Registered Ethical Security Testers
CVE Common Vulnerabilities and Exposures
CVSS Common Vulnerability Scoring System
CWE Common Weakness Enumeration
DC data centre
DoS denial of service
FIM file integrity monitoring
GDPR General Data Protection Regulation
GRC governance, risk and compliance
HIPAA Health Insurance Portability and Accountability Act
HVAC heating, ventilation and air conditioning
ICO Information Commissioner’s Office
IEEE Institute of Electrical and Electronics Engineers
IP intellectual property
IPS intrusion prevention system
ISMS information security management system
ISO International Organization for Standardization
ITSM IT service management
NCSC National Cyber Security Centre
NOC network operations centre
OLA operational level agreement
ONR Office for Nuclear Regulation (UK)
OSSTMM Open Source Security Testing Methodology Manual
OWASP Open Web Application Security Project
PCI DSS Payment Card Industry Data Security Standard
PCI QSA Payment Card Industry Qualified Security Assessor
QSA qualified security assessors
RA risk assessment
RACI responsible, accountable, consulted and informed, in reference to stakeholders
RFID radio-frequency identification
RFP request for proposals
SaaS software as a service
SCADA supervisory control and data acquisition
SDLC software development lifecycle
SLA service level agreement
SOC security operations centre
SQL Structured Query Language
VM virtual machine
VOIP voice over internet protocol
VPN virtual private network
WAF web application firewall
3.16.22.161