Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

8. Glossary

AAA — Authentication, Authorization, and Accounting. Framework for controlling access to resources. (§2.2.2)

ABAC — Attribute-Based Access Control. Access decisions based on multiple attributes of subject, object, and environment. (§5.6.3)

ACL — Access Control List. Rules defining permitted and denied traffic or resource access. (§3.5.1)

AES — Advanced Encryption Standard. Current symmetric encryption standard supporting 128/192/256-bit keys. (§2.4.2)

ALE — Annualized Loss Expectancy. SLE × ARO. Expected annual financial loss from a specific risk. (§6.2.2)

APT — Advanced Persistent Threat. Prolonged, targeted attack typically by nation-state actors. (§3.1.1)

ARO — Annualized Rate of Occurrence. Expected frequency of a threat event per year. (§6.2.2)

ABAC — Attribute-Based Access Control. Granular access model evaluating multiple attributes per decision. (§5.6.3)

BCP — Business Continuity Plan. Strategy for maintaining operations during disruptions. (§4.4.2)

BIA — Business Impact Analysis. Identifies critical functions and quantifies disruption impact. (§6.2.5)

BPA — Business Partners Agreement. Defines responsibilities between business partners. (§6.3.2)

BYOD — Bring Your Own Device. Policy allowing personal devices on corporate networks. (§5.1.3)

CA — Certificate Authority. Trusted entity that issues digital certificates. (§2.4.6)

CCPA — California Consumer Privacy Act. State privacy law giving consumers rights over personal data. (§6.1.2)

CIA Triad — Confidentiality, Integrity, Availability. Core security objectives. (§2.2.1)

CIS — Center for Internet Security. Produces security benchmarks and hardening guides. (§5.1.1)

CMDB — Configuration Management Database. Centralized database tracking assets, configurations, and relationships. (§5.2.1)

CRL — Certificate Revocation List. Published list of revoked certificates. (§2.4.6)

CSR — Certificate Signing Request. Request submitted to a CA containing public key and identity information. (§2.4.6)

CVSS — Common Vulnerability Scoring System. Standardized severity rating (0-10) for vulnerabilities. (§5.3.2)

DAC — Discretionary Access Control. Resource owner determines access permissions. (§5.6.3)

DDoS — Distributed Denial of Service. Attack from multiple sources overwhelming a target. (§3.4.2)

DKIM — DomainKeys Identified Mail. Email authentication adding digital signatures verified via DNS. (§5.5.3)

DLP — Data Loss Prevention. Technology preventing unauthorized data exfiltration. (§5.5.4)

DMARC — Domain-based Message Authentication, Reporting, and Conformance. Email policy framework building on SPF and DKIM. (§5.5.3)

DMZ — Demilitarized Zone. Network segment between public internet and internal network hosting public-facing services. (§4.1.2)

DNS — Domain Name System. Translates domain names to IP addresses. (§5.5.3)

DPO — Data Protection Officer. Role responsible for data protection compliance. (§6.4.3)

DRP — Disaster Recovery Plan. Procedures for restoring operations after catastrophic events. (§6.1.1)

ECC — Elliptic Curve Cryptography. Asymmetric encryption using smaller keys than RSA for equivalent security. (§2.4.2)

EDR — Endpoint Detection and Response. Continuous endpoint monitoring using behavioral analysis. (§5.5.4)

EF — Exposure Factor. Percentage of asset value lost in an incident. (§6.2.2)

FIDO2 — Fast Identity Online 2. Passwordless authentication standard using hardware keys. (§5.6.4)

GDPR — General Data Protection Regulation. EU regulation governing personal data processing and privacy. (§6.1.2)

HIPAA — Health Insurance Portability and Accountability Act. US law protecting health information. (§6.1.2)

HIDS/HIPS — Host-based Intrusion Detection/Prevention System. Monitors activity on individual hosts. (§5.5.1)

HSM — Hardware Security Module. Dedicated tamper-resistant device for cryptographic key management. (§2.4.3)

IaaS — Infrastructure as a Service. Cloud model where provider manages infrastructure; customer manages OS and above. (§4.1.1)

IaC — Infrastructure as Code. Defining infrastructure through code templates for repeatable deployments. (§4.1.1)

ICS — Industrial Control Systems. Systems controlling physical processes in manufacturing and utilities. (§4.1.3)

IdP — Identity Provider. Service that authenticates users and issues identity tokens. (§5.6.2)

IDS/IPS — Intrusion Detection/Prevention System. Monitors for and (IPS) blocks malicious network activity. (§4.2.2)

IoT — Internet of Things. Network-connected devices with sensors and limited compute capability. (§4.1.3)

IPSec — Internet Protocol Security. Protocol suite for encrypted network communication, commonly used in VPNs. (§4.2.3)

KRI — Key Risk Indicator. Metric signaling risk levels approaching tolerance thresholds. (§6.2.3)

MAC — Mandatory Access Control. System-enforced access based on security labels. (§5.6.3)

MDM — Mobile Device Management. Centralized control over mobile device security configurations. (§5.1.3)

MFA — Multifactor Authentication. Requiring two or more different authentication factor types. (§5.6.4)

MOA — Memorandum of Agreement. Formal mutual agreement, typically legally binding. (§6.3.2)

MOU — Memorandum of Understanding. Mutual understanding document, usually not strictly legally binding. (§6.3.2)

MSA — Master Service Agreement. Overarching contract governing a vendor relationship. (§6.3.2)

MTBF — Mean Time Between Failures. Average time between component failures. (§4.4.2)

MTTR — Mean Time to Repair. Average time to fix a failed component. (§4.4.2)

NAC — Network Access Control. Evaluates device compliance before granting network access. (§5.5.4)

NDA — Non-Disclosure Agreement. Legal agreement protecting confidential information. (§6.3.2)

NGFW — Next-Generation Firewall. Firewall with deep packet inspection, IPS, and application awareness. (§4.2.2)

NIDS/NIPS — Network-based Intrusion Detection/Prevention System. Monitors network traffic at strategic points. (§5.5.1)

NIST — National Institute of Standards and Technology. US agency producing cybersecurity frameworks and guidelines. (§5.1.1)

NVD — National Vulnerability Database. US government repository of vulnerability data. (§5.3.1)

OAuth — Open Authorization. Authorization framework for token-based access to resources. (§5.6.2)

OCSP — Online Certificate Status Protocol. Real-time certificate revocation checking. (§2.4.6)

OIDC — OpenID Connect. Authentication layer built on OAuth. (§5.6.2)

PaaS — Platform as a Service. Cloud model where provider manages through runtime; customer manages applications and data. (§4.1.1)

PAM — Privileged Access Management. Controls and monitors privileged account usage. (§5.6.5)

PBQ — Performance-Based Question. Exam question simulating real-world scenarios. (§7.1)

PCI DSS — Payment Card Industry Data Security Standard. Requirements for handling cardholder data. (§6.1.2)

PHI — Protected Health Information. PII combined with health data, protected under HIPAA. (§4.3.1)

PII — Personally Identifiable Information. Data that can identify a specific individual. (§4.3.1)

PKI — Public Key Infrastructure. Framework for managing digital certificates and encryption keys. (§2.4.1)

RBAC — Role-Based Access Control. Permissions assigned to roles; users assigned to roles. (§5.6.3)

RPO — Recovery Point Objective. Maximum acceptable data loss measured in time. (§4.4.2)

RSA — Rivest-Shamir-Adleman. Asymmetric encryption algorithm using large key pairs. (§2.4.2)

RTOS — Real-Time Operating System. OS designed for deterministic, time-critical operations. (§4.1.3)

RTO — Recovery Time Objective. Maximum acceptable downtime for a system. (§4.4.2)

SaaS — Software as a Service. Cloud model where provider manages everything; customer manages data and access. (§4.1.1)

SAML — Security Assertion Markup Language. XML-based standard for exchanging authentication data. (§5.6.2)

SCADA — Supervisory Control and Data Acquisition. Centralized monitoring/control for industrial processes. (§4.1.3)

SCAP — Security Content Automation Protocol. Framework for automated vulnerability management. (§5.4.3)

SELinux — Security-Enhanced Linux. Mandatory access control framework for Linux kernel. (§5.5.2)

SIEM — Security Information and Event Management. Platform aggregating logs, correlating events, and generating alerts. (§5.4.3)

SLA — Service Level Agreement. Contract defining measurable performance requirements. (§6.3.2)

SLE — Single Loss Expectancy. AV × EF. Financial loss from a single incident. (§6.2.2)

SOAR — Security Orchestration, Automation, and Response. Platform automating multi-step security workflows. (§5.7.1)

SOC — Security Operations Center. Team responsible for monitoring and responding to security events. (§5.4)

SOC 2 — Service Organization Control 2. Audit framework for service providers covering security, availability, and privacy. (§6.5.1)

SOW — Statement of Work. Document specifying work to be performed under a contract. (§6.3.2)

SPF — Sender Policy Framework. DNS record listing authorized email sending servers. (§5.5.3)

SSO — Single Sign-On. Centralized authentication granting access to multiple applications. (§5.6.2)

STP — Spanning Tree Protocol. Protocol preventing Layer 2 loops in switched networks. (§1.2)

TACACS+ — Terminal Access Controller Access-Control System Plus. Protocol for device administration AAA. (§7.2)

TLS — Transport Layer Security. Protocol for encrypted communication over networks. (§4.2.3)

TOTP — Time-Based One-Time Password. Authentication code generated from shared secret and current time. (§5.6.4)

TPM — Trusted Platform Module. Hardware chip storing cryptographic keys and certificates. (§2.4.3)

UEBA — User and Entity Behavior Analytics. Detects anomalies by establishing behavioral baselines. (§5.5.4)

UPS — Uninterruptible Power Supply. Battery backup providing short-term power during outages. (§4.4.4)

VPN — Virtual Private Network. Encrypted tunnel for secure communication over untrusted networks. (§4.2.3)

WAF — Web Application Firewall. Protects web applications against OWASP Top 10 attacks. (§4.2.2)

WPA3 — Wi-Fi Protected Access 3. Current wireless security standard using SAE. (§5.1.3)

XDR — Extended Detection and Response. Correlates threat detection across endpoints, network, cloud, and email. (§5.5.4)

XSS — Cross-Site Scripting. Injection attack executing scripts in a victim's browser. (§3.3.1)

Zero Trust — Security model assuming no implicit trust; all access requires verification. (§2.2.4)

Alvin Varughese
Written byAlvin Varughese
Founder15 professional certifications