This page contains a complete list of IT security abbreviations used throughout The Book on IT Security by Paul Rosenthal. These IT security abbreviations cover key terms from cybersecurity laws and standards (GDPR, NIS2, DORA, HIPAA), encryption protocols (SSL, TLS, AES, HTTPS), access control methods (RBAC, ABAC, MAC), and essential IT infrastructure concepts. Whether you are a business professional, IT specialist, or general reader, this glossary of IT security abbreviations will help you understand the terminology used in modern digital security.
ABAC – Attribute-Based Access Control (access control based on user attributes)
AES – Advanced Encryption Standard (widely used encryption algorithm)
AI – Artificial Intelligence (machine-simulated human intelligence)
APPI – Act on the Protection of Personal Information (Japanese privacy law)
BIOS – Basic Input/Output System (firmware interface for hardware initialization)
CAPTCHA – Completely Automated Public Turing test to tell Computers and Humans Apart (test to distinguish humans from bots)
CCPA – California Consumer Privacy Act (California data privacy law)
CD – Compact Disc (digital optical storage format)
CIA – Confidentiality, Integrity, Availability (fundamental information security principles)
CMS – Content Management System (software for managing digital content)
CPU – Central Processing Unit (main processor of a computer)
CSL – Cybersecurity Law (Chinese cybersecurity regulation)
DHCP – Dynamic Host Configuration Protocol (network protocol for assigning IP addresses)
DKIM – DomainKeys Identified Mail (email authentication using domain signatures)
DMARC – Domain-based Message Authentication, Reporting and Conformance (email authentication policy standard)
DNS – Domain Name System (translates domain names into IP addresses)
DORA – Digital Operational Resilience Act (EU regulation for digital resilience in finance)
DRP – Disaster Recovery Plan (strategy for recovering IT systems after a disruption)
DSL – Data Security Law (Chinese data protection regulation)
DSS – Decision Support System (computer system that aids decision making)
EU – European Union (political and economic union of European countries)
FAQ – Frequently Asked Questions (common questions and answers)
FOI – Faculty of Organization and Informatics in Varazdin (Croatian university faculty)
GDPR – General Data Protection Regulation (EU data protection law)
HIPAA – Health Insurance Portability and Accountability Act (US health privacy law)
HTTPS – HyperText Transfer Protocol Secure (secure version of HTTP)
IP – Internet Protocol (rules for addressing and routing data on the internet)
ISO – International Organization for Standardization (global standards organization)
IT – Information Technology (use of systems for storing and processing data)
JWT – JSON Web Token (compact token format for secure data transmission)
MAC – Media Access Control (network hardware address)
NIS2 – Network and Information Security Directive 2 (EU cybersecurity directive)
OTP – One-Time Password (temporary password valid for a single session)
PCI – Payment Card Industry (sector dealing with credit/debit card standards)
PHP – PHP: Hypertext Preprocessor (server-side scripting language)
PIN – Personal Identification Number (numeric code for authentication)
PIPL – Personal Information Protection Law (Chinese personal data protection law)
RAID – Redundant Array of Independent Disks (data storage virtualization technology)
RBAC – Role-Based Access Control (access control based on user roles)
RPO – Recovery Point Objective (maximum tolerable data loss interval)
RTO – Recovery Time Objective (maximum acceptable time to restore operations)
SMS – Short Message Service (text messaging service)
SPF – Sender Policy Framework (email validation system)
SQL – Structured Query Language (language for managing databases)
SSL – Secure Sockets Layer (cryptographic protocol for secure communications)
TLS – Transport Layer Security (protocol that ensures privacy between communicating apps)
USA – United States of America
USB – Universal Serial Bus (standard for connecting peripherals to computers)
VLAN – Virtual Local Area Network (logical subdivision of a physical network)
VPN – Virtual Private Network (encrypted connection over the internet)
XSS – Cross-Site Scripting (web security vulnerability)
For a deeper understanding of each term, refer to the corresponding chapters in The Book on IT Security. The book covers all major IT security abbreviations in context, explaining not just what each term means but how it applies to real-world cybersecurity scenarios, compliance requirements, and digital risk management.
