Acronyms I have Learnt

Cover Image for Acronyms I have Learnt

So over the last few weeks in security I have had more than a few acronyms thrown my way. Since I have been sick the last week and I have not been working on CTFs or had the mental capacity to do much learning, I thought I would start listing and defining some of them. My goal is to list their definitions and explain them, so that I can remember them better for next time.

  • DAST - Dynamic Application Security Testing
    • The process of analysing and application from the outside of it, via the front end or mobile (sometimes referred to as Mobile Application Security Testing or MAST) and via public APIs. Often this can use Web Proxies to analyse traffic, however no matter the approach, a researcher is looking for vulnerabilities to exploit in order to have them fixed
  • SAST - Static Application Security Testing
    • The process of looking at your own code and infrastructure and checking for vulnerabilities. This could be from unsecured infrastructure, poor code security practices or vulnerabilities in external dependencies.
  • SBOM - Software Bill of Materials
    • A listing of all the software that is used to create a program, application or service. This includes any languages used and any dependencies imported
  • SOC - Security Operations Centre
    • This one I already knew but I wanted to make sure I captured it, a SOC is a centralised hub of information used to monitor, detect and respond to threats. The SOC works to detect threats and intrusions, monitor access to resources and much more depending on the requirements of the security team. The SOC then can facilitate in the investigation of any suspected breaches, vulnerabilities and threats then work on incident response. This can be an in house team or a third party depending on the security teams size and resourcing.
  • SIEM - Security Information and Event Management
    • A SIEM is designed to take in the wide range of information from a SOC and then apply analytics in order to help a security team prioritise alerts. This can use rule based alerting and/or machine learning depending on the chosen SIEM program
  • CSPM - Cloud Security Posture Management
    • The process of formulating processes in order to defend against and respond to security issues. This includes monitoring for threats, taking inventory of assets, monitoring for intrusions, incident response and review and improving of policies.
  • RBAC - Role Based Access Control
    • I knew this one but I wanted to note it done. RBAC is the process of ensuring that users are given access to data and functionality based on the role/s they are assigned.
  • RPO - Recovery Point Objective
    • This refers to when there is an incident or outage, it can refer the a point in time where an organisation is aiming to return to, for example if the RPO for an organisation is two hours, they are aiming to return to the state where the data was two hours ago as a maximum, ideally less.
  • RTO - Recovery Time Objective
    • Again referring to when things have gone wrong, this is the ideal time to restoration of services, e.g. an RTO of an hour specifies that an organisation wants to restore service in less than sixty minutes
  • ASM - Attack Surface Management
    • The process of taking inventory and control of the potential attack surface of an organisation.
  • CAASM Cyber Asset Attack Surface Management
    • Similar to ASM, taking inventory and monitoring the exposed assets for an organisation

While there have been many more acronyms that I should of written down, but I have unfortunately searched them quickly and forgot to note them, so unfortunately this short list will have to do for now.