Compendio de terminología computacional / Compendium of Computational Terminology

1a versión: 22/julio/2023

Actualizado: 28/mayo/2026

2FA: Two-Factor Authentication
3DEA: Triple Data Encryption Algorithm
3DES: Triple DES
3PS: Third Person Shooter

AAM: Agentic Access Management

AC: Access Control
ACL: Access Control Lists
AES: Advanced Encryption Standard
AI: Artificial Intelligence

AIoT: Artificial Intelligence of Things

AitM: Adversary-in-the-Middle

AML: Anti-Money Laundering
AOC: Attestation Of Compliance
API: Application Programming Interface
APT: Advanced Persistent Threat
ASCII: American Standard Code for Information Interchange

ASM: Attack Surface Management

ASPM: Application Security Posture Management
ASV: Approved Scanning Vendor for PCI
ATM: Automated Teller Machine
ATT$CK: Adversarial Tactics, Techniques, and Common Knowledge
AV: Antivirus
AWS: Amazon Web Service

B2B: Business to Business
B2C: Business to Consumer

BAS: Breach and Attack Simulation
BAU: Business As Usual
BBP: Bug Bounty Program
BCM: Business Continuity Management
BCP: Business Continuity Plan

BEC: Business Email Compromise
BIA: Business Impact Analysis
BitM: Browser-in-the-Middle

BIOS: Basic Input Output System

BLE: Bluetooth Low Energy

BPA: Business Process Automation
BPM: Business Process Management

BPO: Business Process Outsourcing

BSOD: Blue Screen Of Death

BUDR: BackUp and Disaster Recovery
BYOD: Bring Your Own Device

BYOVD: Bring Your Own Vulnerable Driver

CA: Certification Authority

CaaS: Card as a Service

CAASM: Cyber Asset Attack Surface Management
CAD: Computer Aided Design
CAPEC: Common Attack Pattern Enumeration and Classification
CAPTCHA: Completely Automated Public Turing test to tell Computers and Humans Apart
CASB: Cloud Access Security Broker

CATO: Corporate Account Takeover

CCM: Continuous control monitoring
CCNA: Cisco Certified Network Associate
CCNP: Cisco Certified Network Professional
CCTV: Closed-Circuit Television
CDE: Cardholder Data Environment

CDR: Content Disarm and Reconstruction

CEH: Certified Ethical Hacker
CERT: Computer Emergency Response Team
CI/CD: Continuous Integration/Continuous Delivery
CIA: Confidentiality, Integrity, Availability
CIAM: Customer Identity and Access Management

CIEM: Cloud Infrastructure Entitlement Manage
CIO: Chief Information Officer
CIRT: Computer Incident Response Team
CIS: Center for Internet Security
CISA: Cybersecurity and Infrastructure Security Agency
CISA: Certified Information Systems Auditor by ISACA
CISM: Certified Information Security Manager by ISACA
CISO: Chief Information Security Officer
CISSP: Certified Information Systems Security Professional by ISC2

CLFS: Common Log File System

CNAPP: Cloud Native Application Protection Platforms
COBIT: Control Objectives for Information and Related Technologies

CoT: Chain of Thought

CPTED: Crime Prevention Through Environmental Design

CRED: Create, Read, Edit, Delete
CRISC: Certified in Risk and Information Systems Control by ISACA
CRT: Cathode-ray Tube
CSF: Cybersecurity Framework
CSIRT: Computer Security Incident Response Team

CSOC: Cyber Security Operations Center

CSP: Cloud Service Provider

CSPM: Cloud Security Posture Management
CSRF: Cross Site Request Forgery

CSRMC: Cybersecurity Risk Management Construct

CTEM: Continuous Threat Exposure Management
CTO: Chief Technology Officer
CTPAT: Customs Trade Partnership Against Terrorism
CVC: Card Validation Code
CVE: Common Vulnerabilities and Exposures
CVSS: Common Vulnerability Scoring System
CVV: Card Validation Value

CWE: Common Weakness Enumeration

CWPP: Cloud Workload Protection Platform
CyBOK: Cybersecurity Book Of Knowledge

DaaS: Desktop as a Service

DAST: Dynamic Application Security Testing
DBF: Database Firewall
DCOM: Distributed Component Object Model

DDI: DNS, DHCP, IP address management

DDoS: Distributed Denial of Service
DDS: Data Distribution Service

DEC: Digital Equipment Corporation
DES: Data Encryption Standard

DFIR: Digital Forensics & Incident Response

DGA: Domain Generation Algorithm

DIKW pyramid: Data, Information, Knowledge and Wisdom pyramid

DLP: Data Loss Prevention
DLT: Digital Line Tape
DMZ: Demilitarized Zone
DNS: Domain Name Service
DNSSEC: Domain Name System Security Extensions

DoCRA: Duty of Care Risk Analysis

DORA: Digital Operational Resilience Act
DoS: Denial of Service

DPA: Dynamic Privileged Access
DREAD: Damage, Reproducibility, Exploitability, Affected, Discoverability

DRM: Digital Rights Management

DRP: Disaster Recovery Plan
DSPM: Data Security Posture Management
DSS: Data Security Standard
DVR: Digital Video Recorder

EASM: External Attack Surface Management

EC3: European Ciber Crime Center

ECC: Elliptic Curve Cryptography

EDI: Electronic Data Interchange

EDL: External Dynamic List
EDR: Endpoint Detection and Response

EMM: Enterprise Mobility Management
EOF: End Of File
EOL: End Of Line
EOL: End Of Life
ERM: Enterprise Risk Management
ESG: Environmental, Social and Governance

FAQ: Frequently Asked Questions
FDE: Full Disk Encryption

FIM: File Integrity Monitoring
FOSS: Free and Open Source Software

FPS: Frames Per Second
FTP: File Transfer Protocol
FWaaS: Firewall as a Service

GCP: Google Cloud Platform
GDPR: General Data Protection Regulation
GNU: GNU's Not Unix!
GPRS: General Packet Radio Service.
GRC: Governance, Risk, and Compliance
GSM: Global System for Mobile Communications
GUI: Graphical User Interface
GUID: Globally Unique IDentifier

HDMI: High Definition Multimedia Interface
HCI: Hyperconverged Infrastructure

HEAT: Highly Evasive Adaptive Threats

HID: Human Interface Device

HIPAA: Health Insurance Portability and Accountability Act

HITL: Human In The Loop
HMI: Human Machine Interface

HNDL: Harvest Now, Decrypt Later

HRM: Human Risk Management
HSM: Hardware Security Module
HTTP: Hypertext Transfer Protocol
HTTPS: Hypertext Transfer Protocol Secure

IaaS: Infrastructure as a Service

IAB: Initial Access Brokers

IaC: Infrastructure as Code
IAM: Identity and Access Management

IAST: Interactive Application Security Testing
ICANN: Internet Corporation for Assigned Names and Numbers
ICMP: Internet Control Message Protocol

ICREA: International Computer Room Experts Association

ICS: Industrial Control Systems

IDF: Intermediate Distribution Frame
IdM: Identity management
IDS: Intrusion Detection System
IEEE: Institute for Electrical and Electronics Engineers
IIot: Industrial Internet of Things

IGA: Identity Governance and Administration
IMAP: Internet Message Access Protocol
INCIBE: Instituto Nacional de Ciberseguridad
IoC: Indicators of Compromise

IOCTA: Internet Organised Crime Threat Assessment
IoT: Internet of Things
IP: Internet Protocol

IPAM: Internet Protocol Address Management
IPS: Intrusion Prevention System
IPSEC: Internet Protocol Security

IRM: Insider Risk Management

IRP: Incident Response Plan
ISA: Internal Security Assessor
ISACA: Information System Audit and Control Association
ISMS: Information Security Management System
ISP: Internet Service Provider
ISRM: Information Security Risk Management

ISSO: Information Systems Security Officer
IT: Information Technology

ITAC: IT Application Controls

ITDR: Identity Threat Detection and Response

ITGC: IT General Controls
ITIL: Information Technology Infrastructure Library
ITSM: IT Service Management

JAR: Java archive
JDBC: Java Database Connectivity
JDK: Java Development Kit

JPA: Java Persistence API

JPQL: Java Persistence Query Language
JRE: Java Runtime Environment
JSON: JavaScript Object Notation
JVM: Java Virtual Machine

KPI: Key Performance Indicators
KRI: Key Risk Indicators
KVM: Keyboard, Video, and Mouse

KYB: Know Your Business 

KYC: Know Your Customer 

LAN: Local Area Network
LCD: Liquid Crystal Display
LCMS: Learning Management Content System
LDAP: Lightweight Directory Access Protocol

LED: Light-emitting Diode
LFPDPPP: Ley Federal de Protección de Datos Personales en Posesión de los Particulares
LGPDPPSO: Ley General de Protección de Datos Personales en Posesión de Sujetos Obligados

LLM: Large Language Model
LMS: Learning Management System

LotC: Living Off The Cloud attacks

LotL: Living Off The Land attacks

LSASS: Local Security Authority Subsystem Service

M2M: Machine-to-Machine

MAC: Media Access Control
MAM: Mobile Application Management

MCP: Model Context Protocol

MDF: Main Distribution Frame
MDM: Mobile Device Management
MDR: Managed Detection and Response
MAEC: Malware atribute enumeration and characterization
MFA: Multi-Factor Authentication
MitM: Man-in-the-Middle
MTBM: Mean Time Between Failures

MTTA: Mean Time To Acknowledge

MTBF: Mean Time Before Failure

MMTD: Mean Time To Detect
MTTF: Mean Time To Failure
MTTR: Medium Time To Repair, Medium Time To Recover, Medium Time To Respond
MVP: Minimum Viable Product
MVP: Most Valuable Professional

MXDR: Managed eXtended Detection and Response

NAC: Network Access Control
NAS: Network Attached Storage
NAT: Network Address Translation

NDR: Network Detection and Response
NFC: Near Field Communication
NFT: Non-Fungible Tokens
NGFW: New Generation Firewall

NHI: Non-human identities
NICE: National Institute for Cybersecurity Education

NIPS: Network Intrusion Prevention System
NIST: National Institute of Standards and Technology
NOC: Network Operating Centers
NSA: National Security Agency
NTP: Network Time Protocol
NVD: National Vulnerability Database
NVR: Network Video Recorder

OCIL: Open Checklist Interactive Language

OLA: Operational Level Agreement

ONT: Optical Node Terminal

OOB: Out-of-Band
OSCP: Offensive Security Certified Professional by Offensive Security
OSINT: Open Source Intelligence

OSSTMM: Open Source Security Testing Methodology Manual
OT: Operational Technology

OTG: On The Go
OTP: One-Time Password

OVA: Open Virtual Appliance
OWASP: Open Worldwide Application Security Project

P2P: Peer-to-Peer
PA DSS: Payment Application Data Security Standard
PaaS: Platform as a Service

PAB: Policy Approval Board
PAM: Privileged Access Management
PAN: Primary Account Number

PAN-OS: Palo Alto Networks - Operating System

PAP: Password Authentication Protocol

PASM: Privileged Account and Session Management
PCI DSS: Payment Card Industry Data Security Standard
PDCA: Plan-Do-Check-Act

PESTLE: Political, Economic, Social, Technological, Legal, and Environmental
PGP: Pretty Good Privacy

PhaaS: Phishing as a Service

PII: Personally Identifiable Information

PIM: Privileged Identity Management
PIN: Personal Identification Number

PIR: Post Incident Review
PKI: Public Key Infrastructure
PLC: Programmable Logic Controller
PMBOK: Project Management Body of Knowledge
PMI: Project Management Institute
PMP: Project Management Professional
POC: Proof of Concept
POI: Point of Interaction

PoLP: Principle of Least Privilege
POP3: Post Office Protocol 3
POS: Point Of Sale

PQC: Post-Quantum Cryptography 

Q&A: Questions and Answers
QA: Quality Assurance
QoS: Quality of Service
QSA: Qualified Security Assessor

RACF: Resource Access Control Facility

RADIUS: Remote Authentication Dial-In User Service
RAT: Remote Administration Tool
RBAC: Role-based Access Control
RCE: Remote Code Execution

RDAP: Registration Data Access Protocol
RDP: Remote Desktop Protocol
REST: Representational State Transfer RFID: Radio Frequency Identification
RGB: Red, Green, Blue

RIA: Rich Internet Applications
ROC: Report on Compliance

RoT: Ransomware of Things
RPO: Recovery Point Objective
RSA: Rivest, Shamir, Adleman (public key encryption algorithm)
RTO: Recovery Time Objective

SaaS: Software as a Service

SAM: Security Account Manager

SAML: Security Assertion Markup Language
SAN: Storage Area Network
SANS: SysAdmin, Audit, Network, and Security
SAQ: Self-Assessment Questionnaire
SASE: Secure Access Service Edge
SAST: Static Application Security Testing

SAT: Security Awareness Training

SBOM: Software Bill Of Materials

SCA: Software Composition Analysis
SCADA: Supervisory Control And Data Acquisition

SCAP: Security Content Automation Protocol

SCF: Secure Controls Framework
SDLC: System Development Life Cycle
SDK: Software Development Kits
SDP: Software-Defined Perimeter
SD-WAN: Software Defined Wide Area Network

SEG: Secure Email Gateway
SEO: Search Engine Optimization
SFTP: Secure File Transfer Protocol
SHA: Secure Hash Algorithm
SIEM: Security Information and Event Management
SLA: Service Level Agreement
SMART: Specific, Measurable, Achievable, Relevant, Time-bound (or timely)
SMS: Short Message Service
SMTP: Simple Mail Transfer Protocol
SNMP: Simple Network Monitoring Protocol
SOA: Statement of Applicability
SOAP: Simple Object Access Protocol
SOAR: Security orchestration, automation and response
SOC: Security Operations Center

SoD: Segregation of Duties
SOX: Sarbanes-Oxley Act
SPAM: Sending and Posting Advertisement in Mass
SPEI: Sistema de Pagos Electrónicos Interbancarios
SPID: Sistema de Pagos Interbancarios en Dólares
SQA: Software Auality Assurance

SQL: Structured Query Language

SQS: Simple Queue Service
S-SDLC: Secure System Development Life Cycle

SSD: Solid State Drive

SSE: Security Service Edge
SSH: Secure Shell

SSI: Self-Sovereign Identity

SSID: Service Set Identifier
SSL: Secure Sockets Layer
SSO: Single sign-on
STRIDE: Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege
su: Substitute User
sudo: SuperUser DO

SWG: Secure Web Gateway
SWIFT: Society for Worldwide Interbank Financial Telecommunication

TACACS+: Terminal Access Controller Access Control System Plus
TCP: Transfer Control Protocol
TDEA: Triple Data Encryption Algorithm

TIA: Transfer Impact Assessment

TIP: Threat Intelligence Platform

TISAX: Trusted Information Security Assessment Exchange
TLS: Transport Layer Security

TMS: Talent Management Systems
TOCTOU: Time-of-check to time-of-use
TOR: The Onion Router

TOTP: Time-Based One-Time Password

TPM: Trusted Plataform Module

TPRM: Third-Party Risk Management

TSP: Token Service Providers
TTP: Tactics, Techniques and Procedures

U2F: Universal 2nd Factor

UAC: User Acount Control
UAT: User Acceptance Testing
UBA: User Behavior Analytics

UCaaS: Unified communications as a service
UEBA: User Entity Behavior Analytics
UEFI: Unified Extensible Firmware Interface

UEM: Unified Endpoint Management
URL: Uniform Resource Locator

USB: Universal Serial Bus
UTM: Unified Threat Management
UX: end-User eXperience

VAPT: Vulnerability Assessment and Penetration Testing

VDI: Virtual Desktop Infrastructure

VHD: Virtual Hard Disk
VIP: Very Important Person
VLAN: Virtual Local Area Network
VLE: Virtual Learning Environment
VoIP: Voice over IP
VM: Virtual Machine

VMDK: Virtual Machine Disk

VPI: Virtual Private Infrastructure
VPN: Virtual Private Network

W3C: World Wide Web Consortium
WAF: Web Application Firewall
WEP: Wired Equivalent Privacy
WLAN: Wireless Local Area Network
WMI: Windows Management Instrumentation
WPA: Wi-Fi Protected Access

WPAN: Wireless Personal Area Network
WPS: Wifi Protected Setup
WWW: World Wide Web

XAM: Extended Access Management

XDR: eXtended Detection Response

XEM: Converged Endpoint Management
XML: eXtensible Markup Language

XSIAM: eXtended Security Intelligence & Automation Management
XSS: Cross-site Scripting

Y2K: Year 2000

YARA: Yet Another Recursive Acronym

ZTN: Zero Trust Network
ZTNA: Zero Trust Network Access

---

Fuentes:

• Glosario de términos de ciberseguridad
• Cybersecurity Acronyms
• Diferencias entre LMS, LCMS y EVA: qué necesita su centro de idiomas
• Cybersecurity Acronyms – A Practical Glossary
  
• PCI SSC Glossary
  
• Cybersecurity Glossary of Terms
  
• Investigación propia