Siglas e acrônimos de cibersegurança

Mais de 100 siglas essenciais para profissionais de cibersegurança. As traduções aprovadas aparecem aqui; as demais redirecionam para a versão em inglês.

SIEMSecurity Information and Event Management SOARSecurity Orchestration, Automation, and Response EDREndpoint Detection and Response XDRExtended Detection and Response MDRManaged Detection and Response SOCSecurity Operations Center NOCNetwork Operations Center IDSIntrusion Detection System IPSIntrusion Prevention System WAFWeb Application Firewall DLPData Loss Prevention NDRNetwork Detection and Response NTANetwork Traffic Analysis NGFWNext-Generation Firewall EPPEndpoint Protection Platform PCAPPacket Capture IOCIndicator of Compromise IOAIndicator of Attack TTPTactics, Techniques, and Procedures APTAdvanced Persistent Threat CTICyber Threat Intelligence TIPThreat Intelligence Platform OSINTOpen-Source Intelligence MSSPManaged Security Service Provider MSPManaged Service Provider DDoSDistributed Denial of Service BASBreach and Attack Simulation ASMAttack Surface Management EASMExternal Attack Surface Management CASBCloud Access Security Broker CSPMCloud Security Posture Management CNAPPCloud-Native Application Protection Platform CWPPCloud Workload Protection Platform IAMIdentity and Access Management PAMPrivileged Access Management MFAMulti-Factor Authentication SSOSingle Sign-On RBACRole-Based Access Control ABACAttribute-Based Access Control PKIPublic Key Infrastructure CACertificate Authority ZTNAZero Trust Network Access SDPSoftware-Defined Perimeter SASESecure Access Service Edge SD-WANSoftware-Defined Wide Area Network SAMLSecurity Assertion Markup Language OIDCOpenID Connect OAuthOpen Authorization JWTJSON Web Token NACNetwork Access Control K8sKubernetes OPAOpen Policy Agent IaCInfrastructure as Code GRCGovernance, Risk, and Compliance ERMEnterprise Risk Management BIABusiness Impact Analysis BCPBusiness Continuity Plan DRPDisaster Recovery Plan RPORecovery Point Objective RTORecovery Time Objective MTTRMean Time to Recover MTTDMean Time to Detect KPIKey Performance Indicator KRIKey Risk Indicator SLAService Level Agreement SLOService Level Objective NISTNational Institute of Standards and Technology ISOInternational Organization for Standardization PCIPayment Card Industry HIPAAHealth Insurance Portability and Accountability Act GDPRGeneral Data Protection Regulation CCPACalifornia Consumer Privacy Act CMMCCybersecurity Maturity Model Certification FedRAMPFederal Risk and Authorization Management Program FISMAFederal Information Security Modernization Act STIGSecurity Technical Implementation Guide OWASPOpen Worldwide Application Security Project STRIDESpoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege DREADDamage, Reproducibility, Exploitability, Affected Users, Discoverability NICENational Initiative for Cybersecurity Education SOXSarbanes-Oxley Act FERPAFamily Educational Rights and Privacy Act NFPANational Fire Protection Association RCERemote Code Execution XSSCross-Site Scripting SQLiSQL Injection CSRFCross-Site Request Forgery SSRFServer-Side Request Forgery BOFBuffer Overflow ROPReturn-Oriented Programming ASLRAddress Space Layout Randomization DEPData Execution Prevention RATRemote Access Trojan C2Command and Control VMVulnerability Management PTPenetration Testing SBOMSoftware Bill of Materials SCASoftware Composition Analysis SASTStatic Application Security Testing DASTDynamic Application Security Testing

As definições são explicações originais escritas para fins de desenvolvimento profissional. Para definições técnicas autoritativas, consulte NIST, ISO ou o órgão de normalização correspondente.