| access control decision function | 访问控制判决功能 | ADF |
| access control decision information | 访问控制判决信息 | ADI |
| access control enforcement function | 访问控制实施功能 | AEF |
| access control entries | 访问控制入口 | ACE |
| access control information | 访问控制信息 |
|
| access control list | 访问控制列表 | ACL |
| account security | 账户安全 |
|
| advance persistent threat | 高级持续性威胁 | APT |
| agile development | 敏捷开发 |
|
| anti-phishing project | 反钓鱼项目 |
|
| api security | 接口安全 |
|
| application programming interface | 应用编程接口 | API |
| artificial intelligent | 人工智能 | AI |
| assets management | 资产管理 |
|
| asynchronous transfer mode | 异步传输模式 |
|
| attribute-based access control | 基于属性的访问控制模型 | ABAC |
| authentication authorization accounting | 认证、授权、计帐 | 3A |
| authentication authorization accounting audit | 统一安全管理平台解决方案 | 4A |
| back-end system | 后端系统 |
|
| border gateway protocol | 边界网关协议 | BGP |
| bring your own device | 携带自己的办公设备 | BYOD |
| business assessment | 业务评估 | BA |
| business continuity institute | 业务持续性协会 | BCI |
| business continuity management | 业务连续性管理 | BCM |
| business continuity planning | 业务连续性计划 | BCP |
| business email compromise | 商业邮件失陷 |
|
| business impact assessment | 业务影响评估 | BIA |
| business security | 业务安全 |
|
| captcha security | 验证码安全 |
|
| capture the flag | 夺旗赛 | CTF |
| certificate | 证书 | CA |
| chain of blocks | 区块链 |
|
| cloud access security broker | 云访问安全代理 | CASB |
| cloud security | 云安全 |
|
| cloud security posture management | 云安全配置管理 | CSPM |
| cloud workload protection platforms | 云工作负载保护平台 | CWPP |
| code audit | 代码审计 |
|
| common body of knowledge | 通用知识协议 | CBK |
| complex event process | 复杂事件驱动 | CEP |
| confidentiality integrity availability | 保密性 完整性 可用性 | CIA |
| container security | 容器安全 |
|
| content disarm and reconstruction | 内容拆解与重建 |
|
| continuous delivery or development | 持续交付或部署 | CD |
| continuous integration | 持续集成 | CI |
| cryptography | 密码学 |
|
| cyber security | 网络空间安全 |
|
| data encryption standard | 数据加密标准 | DES |
| data lifecycle management | 数据生命周期管理 | DLM |
| data loss prevention | 数据丢失保护 | DLP |
| data mining | 数据挖掘 |
|
| data security | 数据安全 |
|
| denial of service | 拒绝服务 | DoS |
| deception | 欺骗技术 |
|
| development security operations | DevSecOps |
|
| disaster recovery planning | 灾难恢复计划 | DRP |
| discretionary access control | 自主访问控制 | DAC |
| distributed denial of service | 分布式拒绝服务 | DDoS |
| domain name system | 域名服务 | DNS |
| elastic and scalable | 弹性可伸缩 |
|
| elastic computing | 弹性计算 |
|
| endpoint detection and response | 终端检测与响应 | EDR |
| endpoint protection platform | 终端防护平台 | EPP |
| endpoint security | 终端安全 |
|
| enterprise mobility management | 企业移动管理 | EMM |
| enterprise resource planning | 企业资源计划 | ERP |
| enterprise risk management | 企业风险管理 | ERM |
| extraction transformation loading | 提取 转化 加载 | ETL |
| file transfer protocol | 文件传输协议 | FTP |
| firewall | 防火墙 |
|
| free computing | 自由计算 |
|
| front-end system | 前端系统 |
|
| general data protection regulation | 一般数据保护条例 | GDPR |
| governance risk and compliance | 治理风险与合规性 |
|
| high availability | 高可用性 | HA |
| human computer interaction | 人机交互 | HCI |
| human machine interface | 人机界面 | HMI |
| identify access management | 身份识别与访问控制 | IAM |
| incident response | 事件响应 |
|
| industrial control system | 工业控制系统 | ICS |
| information technology infrastructural library | IT基础结构 | ITIL |
| infrastructure security | 基础设施安全 |
|
| internet of things | 物联网 | IOT |
| intrusion detection system | 入侵检测系统 | IDS |
| intrusion prevention system | 入侵防御系统 | IPS |
| load balancing | 负载均衡 |
|
| log analysis | 日志分析 |
|
| managed detection and response | 可管理检测与响应 | MDR |
| mandatory access control | 强制访问控制 | MAC |
| maximum tolerable downtime | 最长停机时间 | MTD |
| maximum tolerable period disruption | 最长中断时间 | MTPD |
| mean time between failure | 平均故障时间间隔 | MTBF |
| mean time to repair | 平均修复时间 | MTTR |
| mobile application management | 移动应用管理 | MAM |
| mobile content management | 移动内容管理 | MCM |
| mobile device management | 移动设备管理 | MDM |
| monitoring | 监控 |
|
| multi factor authentication | 多因素认证 | MFA |
| network access control | 网络准入控制 | NAC |
| network security | 网络安全 |
|
| network traffic analysis | 网络流量分析 | NTA |
| one-time password | 一次性密码 | OTP |
| open source security information management | 开源安全信息管理 | OSSIM |
| open web application security project | Web应用程序安全项目 | OWASP |
| optical character recognition | 文字识别 | OCR |
| penetration testing | 渗透测试 |
|
| personal identifiable information | 个人身份信息 | PII |
| personal identification number | 个人识别号 | PIN |
| privileged account management | 特权账户管理 | PAM |
| proof of concept | 概念验证 | POC |
| proxies | 代理 |
|
| public key infrastructure | 公钥基础设施 | PKI |
| recovery point objective | 恢复点目标 | RPO |
| recovery time objective | 恢复时间目标 | RTO |
| return on investment | 投资回报率 | ROI |
| risk assessment | 风险评估 |
|
| risk and vulnerability assessment | 风险与漏洞评估 |
|
| risk management | 风险管理 |
|
| risk management framework | 风险管理框架 | RMF |
| role-based access control | 基于角色的访问控制 | RBAC |
| routers | 路由器 |
|
| runtime application self protection | 程序运行自我保护 | RASP |
| search processing language | 搜索处理语言 | SPL |
| security domain | 安全域 |
|
| secure email gateway | 安全邮件网关 | SEG |
| security awareness | 态势感知 | SA |
| security development lifecycle | 安全开发生命周期 | SDL |
| security event management | 安全事件管理 | SEM |
| security incident | 安全事故 |
|
| security information and event management | 安全信息与事件管理 | SIEM |
| security information management | 安全信息管理 | SIM |
| security isolation | 安全隔离 |
|
| security operation center | 安全运营中心 | SOC |
| security orchestration automation and response | 安全编排和自动化响应 | SOAR |
| security response center | 安全响应中心 | SRC |
| security testing | 安全测试 |
|
| service leve agreement | 服务界别协议 | SLA |
| service oriented architecture | 面向服务的体系结构 | SOA |
| single sign on | 单点登录 | SSO |
| software composition analysis | 软件成分分析 | SCA |
| software defined network | 软件定义网络 | SDN |
| software defined perimeter | 软件定义边界 | SDP |
| software defined security | 软件定义安全 | SDS |
| switches | 交换机 |
|
| threat intelligence | 威胁情报 | TI |
| total cost of ownship | 总拥有成本 | TCO |
| trojan horse | 特洛伊木马 |
|
| trusted computing base | 可信计算基 |
|
| trusted third stamp | 可信第三方 |
|
| two factor authentication | 双因素认证 |
|
| unified endpoint management | 统一端点管理 | UEM |
| unified identity management | 统一身份管理 | UIM |
| unified threat management | 统一威胁管理 | UTM |
| user and entity behavior analytics | 用户和事件行为分析 | UEBA |
| virtual private network | 虚拟专用网络 | VPN |
| wireless access point | 无线访问接入点 | WAP |
| work recovery time | 工作恢复时间 | WRT |
| zero trust | 零信任 |
|
