Glossario de Acronimos de TI e Seguranca da Informacao

Referencia rapida com os principais acronimos e siglas utilizados nas areas de Tecnologia da Informacao (TI) e Seguranca da Informacao (SI). Consulte este glossario sempre que encontrar uma sigla desconhecida em documentos, normas ou conversas tecnicas.

A

• AAA — Authentication, Authorization and Accounting
• ACL — Access Control List
• AD — Active Directory
• AES — Advanced Encryption Standard
• AI — Artificial Intelligence
• AMSI — Antimalware Scan Interface
• ANPD — Autoridade Nacional de Protecao de Dados
• AP — Access Point
• API — Application Programming Interface
• APT — Advanced Persistent Threat
• ARP — Address Resolution Protocol
• ASM — Attack Surface Management
• AV — Antivirus
• AWS — Amazon Web Services

B

• BAS — Breach and Attack Simulation
• BCP — Business Continuity Planning
• BEC — Business Email Compromise
• BGP — Border Gateway Protocol
• BIA — Business Impact Analysis
• BIOS — Basic Input/Output System
• BLE — Bluetooth Low Energy
• BOF — Buffer Overflow
• BYOD — Bring Your Own Device

C

• CA — Certificate Authority
• CAPTCHA — Completely Automated Public Turing test to tell Computers and Humans Apart
• CASB — Cloud Access Security Broker
• CCPA — California Consumer Privacy Act
• CDN — Content Delivery Network
• CERT — Computer Emergency Response Team
• CIA — Confidentiality, Integrity and Availability
• CIAM — Customer Identity and Access Management
• CIRT — Computer Incident Response Team
• CISA — Cybersecurity and Infrastructure Security Agency
• CISO — Chief Information Security Officer
• CMDB — Configuration Management Database
• CMS — Content Management System
• CNAPP — Cloud-Native Application Protection Platform
• COBIT — Control Objectives for Information and Related Technologies
• CORS — Cross-Origin Resource Sharing
• CPE — Common Platform Enumeration
• CSRF — Cross-Site Request Forgery
• CSIRT — Computer Security Incident Response Team
• CSP — Content Security Policy
• CTF — Capture The Flag
• CTI — Cyber Threat Intelligence
• CVE — Common Vulnerabilities and Exposures
• CVSS — Common Vulnerability Scoring System
• CWE — Common Weakness Enumeration
• CWPP — Cloud Workload Protection Platform

D

• DAST — Dynamic Application Security Testing
• DBA — Database Administrator
• DDoS — Distributed Denial of Service
• DevOps — Development and Operations
• DevSecOps — Development, Security and Operations
• DHCP — Dynamic Host Configuration Protocol
• DKIM — DomainKeys Identified Mail
• DLC — Data Loss Classification
• DLP — Data Loss Prevention
• DMARC — Domain-based Message Authentication, Reporting and Conformance
• DMZ — Demilitarized Zone
• DNS — Domain Name System
• DoS — Denial of Service
• DPO — Data Protection Officer
• DR — Disaster Recovery
• DRP — Disaster Recovery Plan

E

• EAP — Extensible Authentication Protocol
• EDR — Endpoint Detection and Response
• EFS — Encrypting File System
• EPP — Endpoint Protection Platform
• ERP — Enterprise Resource Planning
• EASM — External Attack Surface Management

F

• FIDO — Fast Identity Online
• FIM — File Integrity Monitoring
• FISMA — Federal Information Security Modernization Act
• FTP — File Transfer Protocol
• FW — Firewall
• FWaaS — Firewall as a Service

G

• GDPR — General Data Protection Regulation
• GPO — Group Policy Object
• GRC — Governance, Risk and Compliance
• GUI — Graphical User Interface

H

• HIDS — Host-based Intrusion Detection System
• HIPAA — Health Insurance Portability and Accountability Act
• HIPS — Host-based Intrusion Prevention System
• HMAC — Hash-based Message Authentication Code
• HSM — Hardware Security Module
• HTTP — HyperText Transfer Protocol
• HTTPS — HyperText Transfer Protocol Secure

I

• IaaS — Infrastructure as a Service
• IAM — Identity and Access Management
• IAST — Interactive Application Security Testing
• ICS — Industrial Control System
• IDS — Intrusion Detection System
• IEC — International Electrotechnical Commission
• IoC — Indicator of Compromise
• IoT — Internet of Things
• IP — Internet Protocol
• IPS — Intrusion Prevention System
• IPSec — Internet Protocol Security
• IR — Incident Response
• ISMS — Information Security Management System
• ISO — International Organization for Standardization
• ISP — Internet Service Provider
• IT — Information Technology
• ITIL — Information Technology Infrastructure Library
• ITSM — IT Service Management

J

• JSON — JavaScript Object Notation
• JWT — JSON Web Token

K

• KMS — Key Management Service
• KPI — Key Performance Indicator
• KRI — Key Risk Indicator

L

• LAN — Local Area Network
• LDAP — Lightweight Directory Access Protocol
• LGPD — Lei Geral de Protecao de Dados
• LOA — Level of Assurance

M

• MAC — Media Access Control / Mandatory Access Control
• MaaS — Malware as a Service
• MAN — Metropolitan Area Network
• MDM — Mobile Device Management
• MDR — Managed Detection and Response
• MFA — Multi-Factor Authentication
• MITM — Man-in-the-Middle
• MITRE ATT&CK — MITRE Adversarial Tactics, Techniques and Common Knowledge
• ML — Machine Learning
• MPA — Master Patient Agreement
• MSSP — Managed Security Service Provider
• MTTR — Mean Time to Respond / Mean Time to Recover
• MTTD — Mean Time to Detect

N

• NAC — Network Access Control
• NAS — Network Attached Storage
• NAT — Network Address Translation
• NBA — Network Behavior Analysis
• NDA — Non-Disclosure Agreement
• NDR — Network Detection and Response
• NGFW — Next-Generation Firewall
• NHT — Non-Human Traffic
• NIDS — Network Intrusion Detection System
• NIST — National Institute of Standards and Technology
• NOC — Network Operations Center
• NTP — Network Time Protocol

O

• OAuth — Open Authorization
• OIDC — OpenID Connect
• OS — Operating System
• OSI — Open Systems Interconnection
• OSINT — Open Source Intelligence
• OT — Operational Technology
• OTP — One-Time Password
• OWASP — Open Worldwide Application Security Project

P

• PaaS — Platform as a Service
• PAM — Privileged Access Management
• PCI DSS — Payment Card Industry Data Security Standard
• PDCA — Plan, Do, Check, Act
• PEN — Penetration (Test)
• PGP — Pretty Good Privacy
• PII — Personally Identifiable Information
• PIN — Personal Identification Number
• PKI — Public Key Infrastructure
• PLC — Programmable Logic Controller
• PNSI — Politica Nacional de Seguranca da Informacao
• POC — Proof of Concept
• PUP — Potentially Unwanted Program

Q

• QoS — Quality of Service
• QR — Quick Response (Code)

R

• RaaS — Ransomware as a Service
• RADIUS — Remote Authentication Dial-In User Service
• RAID — Redundant Array of Independent Disks
• RAM — Random Access Memory
• RAT — Remote Access Trojan
• RBAC — Role-Based Access Control
• RDP — Remote Desktop Protocol
• REST — Representational State Transfer
• RFC — Request for Comments
• ROSI — Return on Security Investment
• RPO — Recovery Point Objective
• RSA — Rivest-Shamir-Adleman
• RTO — Recovery Time Objective

S

• SaaS — Software as a Service
• SAML — Security Assertion Markup Language
• SAN — Storage Area Network
• SASE — Secure Access Service Edge
• SAST — Static Application Security Testing
• SBOM — Software Bill of Materials
• SCA — Software Composition Analysis
• SCADA — Supervisory Control and Data Acquisition
• SD-WAN — Software-Defined Wide Area Network
• SDLC — Software Development Life Cycle
• SFTP — Secure File Transfer Protocol
• SGSI — Sistema de Gestao de Seguranca da Informacao
• SHA — Secure Hash Algorithm
• SI — Seguranca da Informacao
• SIEM — Security Information and Event Management
• SLA — Service Level Agreement
• SMTP — Simple Mail Transfer Protocol
• SNMP — Simple Network Management Protocol
• SOC — Security Operations Center
• SOAR — Security Orchestration, Automation and Response
• SOC 2 — System and Organization Controls 2
• SOX — Sarbanes-Oxley Act
• SPF — Sender Policy Framework
• SQL — Structured Query Language
• SQLi — SQL Injection
• SSH — Secure Shell
• SSID — Service Set Identifier
• SSL — Secure Sockets Layer
• SSO — Single Sign-On
• SSRF — Server-Side Request Forgery
• SWG — Secure Web Gateway

T

• TACACS — Terminal Access Controller Access-Control System
• TCP — Transmission Control Protocol
• TI — Tecnologia da Informacao
• TIP — Threat Intelligence Platform
• TLS — Transport Layer Security
• TOTP — Time-based One-Time Password
• TPM — Trusted Platform Module
• TTP — Tactics, Techniques and Procedures

U

• UAC — User Account Control
• UEBA — User and Entity Behavior Analytics
• UEFI — Unified Extensible Firmware Interface
• UEM — Unified Endpoint Management
• UPS — Uninterruptible Power Supply
• URL — Uniform Resource Locator
• USB — Universal Serial Bus
• UTM — Unified Threat Management

V

• VLAN — Virtual Local Area Network
• VM — Virtual Machine
• VPN — Virtual Private Network
• VSOC — Virtual Security Operations Center

W

• WAF — Web Application Firewall
• WAN — Wide Area Network
• WPA — Wi-Fi Protected Access
• WSDL — Web Services Description Language

X

• XDR — Extended Detection and Response
• XML — Extensible Markup Language
• XSS — Cross-Site Scripting

Y

• YARA — Yet Another Recursive Acronym (regras de deteccao de malware)

Z

• ZTA — Zero Trust Architecture
• ZTNA — Zero Trust Network Access