Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Training & Awareness

The TLA World of Information Security

A Quick Lesson on Some Information Security Acronyms

A Quick Lesson on Some Information Security Acronyms

IT security acronymsWhile attending the RSA conference back in February, I started thinking about all of the TLAs (Three Letter Acronyms) that are used in the security industry – starting with RSA itself. The IT industry in general loves acronyms because it’s generally appealing to geeks, but the information security space might even be slightly more obsessed with acronyms.

Curiosity got the best of me and I wanted to share my findings on the various acronyms in security that you may have been curious about too, but never had the time to delve deeper. Below I have listed some of the key acronyms with some explanation. This is certainly not an exhaustive list, just some basics.

RSA – Let’s start with a company that has certainly become a benchmark in the security industry. Most people automatically use the term RSA without consciously thinking about what it means. The company certainly tries to stay away from explaining the acronym, so they can maintain a high level brand name, similar to IBM, which doesn’t go by International Business Machines because it no longer reflects today’s broad business. The “RSA” in RSA Security is not associated with the most commonly known definition for the acronym Russian Space Agency, but rather it stands for “Rivest Shamir Adleman”. Ron Rivest, Adi Shamir and Leonard Adleman developed the RSA encryption algorithm in 1977 and they founded RSA Data Security in 1982.

EMC – Since we are talking about RSA, we might as well mention its parent company EMC, which also stands for the initials for its founders Richard Egan and Roger Marino and a third individual who has remained nameless.

SSL – One of the most well-known terms is SSL which stands for Secure Sockets Layer. Many people are familiar with SSL certificates popularized by Verisign, GoDaddy, Microsoft and other vendors. SSL is a standard technology establishing an encrypted link between a Web server and a browser. This link ensures that all data passed between the Web server and browsers remain private and integral. To create an SSL connection, a Web server requires an SSL certificate which uses a Public and a Private cryptographic key. For consumers this process is seamless and is denoted by the lock icon.

PKI – PKI stands for Public Key Infrastructure, an architecture to proof the identities of people, Web sites, computer programs, etc. on the Internet. In a PKI, the Certificate Authority (CA) issues Digital Certificates to applicants. CA also verifies the identity of applicants, and publishes certificates on an on-line repository where people can lookup others’ certificates.

VPN – Virtual Private Network. A VPN is a secure connection over a public network. A VPN “endpoint” can either be a PC running a VPN client or server software.

DLP – While more popular in the digital world (where it stands for Digital Light Processing), in the security world, DLP stands for Data Loss Prevention. DLP solutions try to guard organizations from both intentional and unintentional leaks. It typically covers data in motion (data moving through the network), data at rest (in file systems, databases etc.), and data at the endpoint (USBs, external drives etc.).

Advertisement. Scroll to continue reading.

DMZ – In computer security, a DMZ, or Demilitarized Zone is a physical or logical sub-network that contains and exposes an organization’s external services to a larger untrusted network, usually the Internet.

DNS – A Domain Name Server is like directory-assistance for the internet. In the same way that the phone company provides directory-assistance so that you can find the number that enables you to connect to your friend’s telephone, a DNS provides your computer with the TCP/IP address of the web server that you are trying to connect to.

WAF – While WAF is used for various other terms like “Wife acceptance factor”, “Women Against Fundamentalism”, “With All Faults” etc., in information security WAF stands for Web Application Firewall. WAF is a device or software that sits between a Web-client and a Web server, analyzing OSI Layer-7 messages for violations in the programmed security policy. WAFs try and block incoming attacks .

DAST– Stands for Dynamic Application Security Testing. This term is used for Web application scanners that use black box testing methodology to test Web applications for security vulnerabilities (or defects) through the user interface versus scanning the raw code.

SAST – Stands for Static Application Security Testing and unlike DAST, it analyzes source code for vulnerabilities.

CYA – I don’t think I need to define this. All information security professionals should become proficient in this.

Now that you have these definitions, next time you are talking to a vendor who is trying to be BWC (Buzz Word Compliant) you can call them on some of these things.

I guess I should sign off as MSK.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Training & Awareness

Google has announced a new training program for cybersecurity analysts and those who graduate will get a professional certificate from Google.

Management & Strategy

750 cyber specialists have participated in Defence Cyber Marvel 2 (DCM2), the biggest military cyberwarfare exercise in Western Europe.

Phishing

Security awareness training isn’t working to the level it needs to. Social engineering, however, is getting better. Why doesn’t awareness training work, and how...

Management & Strategy

Addressing the people problem with effective approaches and tools for users and security practitioners will enable us to work smarter, and force attackers into...

Audits

The PCI Security Standards Council (SSC), the organization that oversees the Payment Card Industry Data Security Standard (PCI DSS), this week announced the release...

Management & Strategy

Tips for making a presentation that will help improve the state of security programs and reflect favorably on the presenters and their companies

Management & Strategy

UK-based cybersecurity training solutions provider Immersive Labs announced on Wednesday that it has raised $66 million in new capital.