ABBREVIATIONS

API application programming interface

AUP acceptable use policy

BYOD bring your own device

CAPEC Common Attack Pattern Enumeration and Classification scheme

CD continuous delivery

CDE cardholder data environment

CI continuous integration

CIA confidentiality, integrity, availability

CIO chief information officer

CISO chief information security officer

CMDB configuration management database

COO chief operations officer

CREST Council for Registered Ethical Security Testers

CVE Common Vulnerabilities and Exposures

CVSS Common Vulnerability Scoring System

CWE Common Weakness Enumeration

DC data centre

DoS denial of service

FIM file integrity monitoring

GDPR General Data Protection Regulation

GRC governance, risk and compliance

HIPAA Health Insurance Portability and Accountability Act

HVAC heating, ventilation and air conditioning

ICO Information Commissioner’s Office

IEEE Institute of Electrical and Electronics Engineers

IP intellectual property

IPS intrusion prevention system

ISMS information security management system

ISO International Organization for Standardization

ITSM IT service management

NCSC National Cyber Security Centre

NOC network operations centre

OLA operational level agreement

ONR Office for Nuclear Regulation (UK)

OSSTMM Open Source Security Testing Methodology Manual

OWASP Open Web Application Security Project

PCI DSS Payment Card Industry Data Security Standard

PCI QSA Payment Card Industry Qualified Security Assessor

QSA qualified security assessors

RA risk assessment

RACI responsible, accountable, consulted and informed, in reference to stakeholders

RFID radio-frequency identification

RFP request for proposals

SaaS software as a service

SCADA supervisory control and data acquisition

SDLC software development lifecycle

SLA service level agreement

SOC security operations centre

SQL Structured Query Language

VM virtual machine

VOIP voice over internet protocol

VPN virtual private network

WAF web application firewall