The industry can be littered with acronyms and abbreviations, which isn’t very helpful for those outside of it or coming in fresh.
Pull requests most welcome for enhancements to this page!
| Term | Definition | More info |
|---|---|---|
| AI Act | EU Act governing AI | |
| AV | Adult Verification | |
| AV | Anti-Virus | |
| BYOD | Bring Your Own Device | |
| CAF | UK NCSC’s Cyber Assessment Framework. Often used in the UK public sector. Less well-known than NIST/CIS/ISO 27k | |
| CIS | previously, the CIS controls A further framework for Cyber | |
| DORA | EU Digital Operational Resilience Act | |
| eIDAS | ||
| FCA | Financial Conduct Authority. One of the UK regulators for financial services (alongside the Prudential Regulatory Authority who mostly regulate banks) | |
| FCA Handbook | Handbook for FCA Regulated firms | fca |
| Fincrime | Money laundering, fraud, terrorist financing, money scams, operating without permissions etc | |
| GDPR | The General Data Protection Regulation from the EU. | |
| ISO 27000 family | An family of (paywalled) international standards around InfoSec. The main one is ISO 27001, but also 27017 and 27018. | wiki |
| ITIL | ||
| ITS | Implementing Technical Standard | |
| JML | Joiners, Movers, Leavers. Your workforce. | |
| MAS | Monetary Authority for Singapore. Financial services regulator | mas.sg |
| MITRE ATT&CK | ||
| NIS2 | Network Information Services Second Directive | |
| NIST AI RMF | US NIST’s Risk Management Framework on AI. A useful tool for adopting AI | |
| NIST CSF | US NIST’s Cyber Security Framework | |
| OWASP | ||
| PayUK | Trade body for UK payment schemes. Acts as an assurance body for UK Critical National Infrastructure / Payment schemes. | payuk |
| PCI-DSS | Payment Card Industry Data Security Standard | PCI Council |
| PECR | Privacy and e-communications Regulation. Goes hand in hand with GDPR and eIDAS as some of the body of privacy laws | |
| PSD2 | Second Payment Service Directive. Has an RTS (q.v.) on SCA | |
| RTS | Regulatory Technical Standard | |
| SCA | Strong Customer Authentication. Two of something you: know, are (inherent), have (possession) | |
| SOC2 | Registered service mark of AICPA… . Often a detailed assessment around the five pillars of Confidentiality, Availability, Integrity, Privacy, and Processing of assets. Assesses design effectiveness (e.g. is there a procedure) and in Type II audits, if there’s operating effectiveness (is it being followed, are there exceptions – typically over a sample period of six-nine months). | |
| TPRM | Third Party Risk Management | |
| TRM | Technology Risk Management | |
| UK DPA | Following Brexit, the UK’s take on GDPR. Mostly the same as GDPR but numbering for example is different and a few word changes. | |
| XDR | eXdetended Detection and Response. Anti-malware/ransomware/virus/trojans etc usually with a fancy dashboard. |