Term 1
ABAC
ABAC (Attribute-Based Access Control) is a method of controlling access to resources by evaluating a set of attributes (such as user role, time, location, and device) against policy rules, rather than using static roles or identities.
Acronym study
Terms 1–30 of 295 CISSP acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.
Term 1
ABAC (Attribute-Based Access Control) is a method of controlling access to resources by evaluating a set of attributes (such as user role, time, location, and device) against policy rules, rather than using static roles or identities.
Term 2
An acceptable use policy is a set of rules that an organization creates to define how employees and other users may use its computer systems, networks, and data.
Term 3
Access control is the security practice of determining who or what is allowed to view, use, or enter a resource, and under what conditions.
Term 4
An access key is a unique identifier and secret code pair used to authenticate requests to cloud storage services, ensuring only authorized users or applications can access data.
Term 5
An access port is a switch port that connects to a single end device, like a computer or printer, and carries traffic for only one VLAN.
Term 6
An access review is a periodic audit process where administrators check and confirm which users have permissions to what resources, ensuring only authorized people retain access.
Term 7
A digital key that a computer system gives you to prove your identity and grant you permission to access specific resources or perform actions.
Term 8
Accountability is the security principle that ensures actions and identity are linked so that a person or system can be held responsible for their activities.
Term 9
An administrative control is a policy, procedure, or guideline designed to manage and reduce security risk through people and processes rather than technology alone.
Term 10
ALE (Annualized Loss Expectancy) is a risk management formula that estimates the yearly monetary loss from a specific threat to an asset.
Term 11
An alerting policy is a set of rules that defines when to send notifications about a system condition that needs attention.
Term 12
Anonymization is the process of removing or altering personally identifiable information so that an individual cannot be identified, directly or indirectly, from the remaining data.
Term 13
Anti-malware is software that detects, prevents, and removes malicious software from computers, networks, and devices.
Term 14
An anti-malware policy is a set of rules and procedures that an organization enforces to prevent, detect, and remove malicious software from its computers and networks.
Term 15
An anti-phishing policy is a set of rules and technical controls that organizations use to detect, block, and respond to email or message-based attacks that trick users into revealing sensitive information.
Term 16
An anti-spam policy is a set of rules and filters used by email systems to automatically detect and block unwanted, unsolicited, or harmful messages before they reach a user's inbox.
Term 17
API security is the practice of protecting application programming interfaces from attacks by ensuring only authorized users and applications can access data and functions.
Term 18
An app protection policy is a set of rules that controls how data is handled and secured within mobile applications, ensuring corporate information stays safe even on personal devices.
Term 19
An Application Security Group (ASG) is a cloud networking feature that groups virtual machines logically and allows you to apply security rules based on the application workload, rather than individual IP addresses.
Term 20
ARO stands for Annualized Rate of Occurrence, a number that estimates how often a specific threat or risk event is expected to happen in a single year.
Term 21
In IT and cybersecurity, an asset is anything valuable that an organization owns or controls, including data, hardware, software, people, and intellectual property.
Term 22
Asset valuation is the process of determining the financial worth of an organization's information assets, often used to prioritize security controls and allocate protection resources effectively.
Term 23
Asymmetric encryption is a cryptographic method that uses a pair of keys—a public key for encryption and a private key for decryption—to securely exchange data without sharing a secret.
Term 24
An audit is a systematic, independent review of IT systems, processes, and controls to verify compliance with policies, standards, and regulations.
Term 25
An audit log is a chronological record of security-relevant events and user activities within a system, used for monitoring, compliance, and forensic analysis.
Term 26
An audit trail is a chronological record of events, changes, or activities in a system that provides evidence of who did what, when, and from where.
Term 27
Authentication is the process of verifying that someone or something is who or what it claims to be before granting access to a system or resource.
Term 28
Authorization determines what an authenticated user is allowed to do within a system, such as accessing files, running programs, or changing settings.
Term 29
Azure Firewall is a cloud-based network security service that protects your virtual networks in Microsoft Azure by filtering traffic based on rules you define.
Term 30
Azure Policy is a service in Microsoft Azure that lets you create, assign, and manage rules to ensure your resources stay compliant with your company standards and service-level agreements.