Information Security Industry Acronyms

By Randy Pringle ·

Information Security is one of the fastest growing industries because of organizations' requirements to protect their data.  To help those individuals that want to learn about information security, one of the first steps is to understand the acronyms.  While there are literally thousands of industry acronyms, we created this short list to highlight some of the most common acronyms to help individuals get a head start.

AD Active Directory
API Application Program Interface
ASV Authorized Security Vendor
C&A Certification and Accreditation
CA Certification Authority
CISA Certified Information Security Auditor
CISO Chief Information Security Officer
CISSP Certified Information Systems Security Professional
ComSec Communications Security
CSA Cloud Security Alliance
CSTA Certified Security Testing Associate
CSTP Certified Security Testing Professional
DDOS Distributed Denial of Service (attack)
eDiscovery Short for Electronic Discovery
eSAS eLearning Security Awareness Solution
ESI Electronically Stored Information
FISMA Federal Information Security Management Act
FRCP Federal Rules of Civil Procedure
GIAC Global Information Assurance Certification
GLBA Gramm–Leach–Bliley Act (also known as the Financial Services Modernization Act of 1999)
GRC Governance Risk & Compliance
HIE Health Information Exchange
HIPAA Health Insurance Portability and Accountability Act
HITECH Health Information Technology for Economic and Clinical Health Act
HTTP  Hypertext Transmission Protocol
HTTPS Secured Hypertext Transmission Protocol
IA Information Assurance
IAG Identity & Access Governance
IAM Identity & Access Management
IDS Intrusion Detection System
IIS Internet Information Services
IM Incident Management
InfoSec Information Security  
IRRA Incident Response Risk Assessment
ISACA Information Systems Audit and Control Association
ISMS Information Security Management System
ISPM Information Security Program Model
ISSA Information Security Systems Association
IT Information Technology
LMS Learning Management System
MA Management Agent
MDM Mobile Device Management
MLS Multilevel Security
MSS Managed Security Services
MSSP Managed Security Services Program or Managed Security Services Provider
NSA National Security Agency
OPSec Operations Security
PCI  Payment Card Industry
PCI-DSS Payment Card Industry  Data Security Standards
Pen Test Penetration Test
QSA Qualified Security Assessor
RMF Risk Management Framework
SAS Statement on Auditing Standards (SAS 70)
SCORM Sharable Content Object Reference Model
SDLC Software Development Lifecycle
SEM Security Event Management
SIEM Security Information Event Management
SIM Security Information Management
SIM Subscriber Identity Module
SOX Sarbanes-Oxley Act
SSL Secure Socket Layer
SSO Single Sign-On
SSPM Self-Service Password Management
UTM Unified Threat Management


Randy Pringle

Solutions Marketing Manager

Randy Pringle brings more than 15 years of integrated marketing solutions experience in the information security and technology space. Experience includes partner marketing strategies, thought leadership, campaign program designs and execution, and education and awareness. As a marketing manager, Randy focuses on strengthening marketing programs to help clients and employees learn behavioral changing tactics to protect personal and corporate data.