You are on page 1of 4

CISM Acronyms

The CISM candidate should be familiar with the following list of acronyms. These acronyms are
the only standalone abbreviations used in examination questions.
CD
CD-ROM
DMZ
HTML
ID
IP
IPS
IPSec
IS
ISP
IT
OS
URL
XML

Compact Disk
Compact Disk Read Only Memory
Demilitarized zone
Hypertext Markup Language
Identification
Internet Protocol
Intrusion prevention system
Internet Protocol Security
Information systems
Internet service provider
Information technology
Operating system
Uniform resource locator
Extensible Markup Language

In addition to the aforementioned acronyms, candidates may also wish to become familiar with
the following additional acronyms. Should any of these abbreviations be used in examination
questions, their meanings would be included when the acronym appears.
AESRM
AIW
ALE
API
AS/NZS
ASCII
ASIC
ASP
ATM
AV
BCI
BCM
BCP
BGP
BI
BIA
BIMS
BIOS
BITS
BLP
BLP
BS
CA
CASPR
CEO
CERT
CFO
CIM
CIO
CIRT

Alliance for Enterprise Security Risk Management


Acceptable interruption window
Annual loss expectancy
Application programming interface
Australian Standard/New Zealand Standard
American Standard Code for Information Interchange
Application-specific integrated circuit
Application service provider
Asynchronous Transfer Mode
Asset value
Business Continuity Institute
Business continuity management
Business continuity planning
Border Gateway Protocol
Business intelligence
Business impact analysis
Biometric information management and security
Basic input/output system
Banking Information Technology Standards
Bell-LaPadula
Bypass label process
British Standard
Certificate authority
Commonly accepted security practices and recommendations
Chief executive officer
Computer emergency response team
Chief financial officer
Computer-integrated manufacturing
Chief information officer
Computer incident response team

CISM Acronyms Page 2

CISO
CMM
COO
COOP
CORBA
COSO
CPO
CPU
CRM
CSA
CSF
CSIRT
CSO
CSRC
CTO
CVE
DAC
DBMS
DCE
DCE
DCE
DCL
DDoS
DES
DHCP
DNS
DNSSEC
DoS
DOSD
DR
DRII
DRP
EDI
EER
EF
EFT
EGRP
EIGRP
EU
FAIR
FAR
FCPA
FIPS
FISMA
FSA
GLBA
GMI
HD-DVD
HIDS
HIPAA
HIPO
HR
HTTP
I/O
ICT
IDEFIX

Chief information security officer


Capability Maturity Model
Chief operating officer
Continuity of operations plan
Common Object Request Broker Architecture
Committee of Sponsoring Organizations of the Treadway Commission
Chief privacy officer
Central processing unit
Customer relationship management
Control self-assessment
Critical success factor
Computer security incident response team
Chief security officer
Computer Security Resources Center (USA)
Chief technology officer
Common vulnerabilities and exposures
Discretionary access controls
Database management system
Distributed control environment
Data communications equipment
Distributed computing environment
Digital command language
Distributed denial of service
Data Encryption Standard
Dynamic Host Configuration Protocol
Domain name system
Domain Name Service Secure
Denial of service
Data-oriented system development
Disaster recovery
Disaster Recovery Institute International
Disaster recovery planning
Electronic data interchange
Equal error rate
Exposure factor
Electronic funds transfer
External Gateway Routing Protocol
Enhanced Interior Gateway Routing Protocol
European Union
Factor analysis of information risk
False-acceptance rate
Foreign Corrupt Practices Act
Federal Information Processing Standards (USA)
Federal Information Security Management Act (USA)
Financial Security Authority (USA)
Gramm-Leach-Bliley Act (USA)
Governance Metrics International
High definition/high density-digital video disc
Host-based intrusion detection system
Health Insurance Portability and Accountability Act (USA)
Hierarchy Input-Process-Output
Human resources
Hypertext Transfer Protocol
Input/output
Information and communication technologies
Integration Definition for Information Modeling

CISM Acronyms Page 3

IDS
IEC
IETF
IFAC
IIA
IMT
IPF
IPL
IPMA
IPRs
IPS
IRP
IRT
ISF
ISO
ISSA
ISSEA
ITGI
JCL
KGI
KLOC
KPI
KRI
L2TP
LAN
LCP
M&A
MAC
MAO
MIME
MIS
MitM
MTD
MTO
NAT
NCP
NDA
NIC
NIDS
NIST
NPV
OCSP
OCTAVE
OECD
OEP
OSI
OSPF
PAN
PCI DSS
PDCA
PKI
PMBOK
POS
PPPoE
PRA
PSTN

Intrusion detection system


International Electrotechnical Commission
Internet engineering task force
International Federation of Accountants
Institute of Internal Auditors
Incident management team
Information processing facility
Initial program load
International Project Management Association
Intellectual property rights
Intrusion-prevention system
Incident response plan
Incident response team
Information Security Forum
International Organization for Standardization
Information System Security Association
International System Security Engineering Association
IT Governance Institute
Job control language
Key goal indicator
Kilo lines of code
Key performance indicator
Key risk indicator
Layer 2 Tunneling Protocol
Local area network
Link Control Protocol
Mergers and Acquisition
Mandatory access control
Maximum allowable outage
Multipurpose Internet mail extensions
Management information system
Man-in-the-middle
Maximum tolerable downtime
Maximum tolerable outage
Network address translation
Network Control Protocol
Nondisclosure agreement
Network interface card
Network intrusion detection system
National Institute of Standards and Technology (USA)
Net present value
Online Certificate Status Protocol
Operationally Critical Threat, Asset and Vulnerability Evaluation
Organization for Economic Co-operation and Development
Occupant emergency plan
Open systems interconnection
Open Shortest Path First
Personal area network
Payment Card Industry Data Security Standard
Plan-do-check-act
Public key infrastructure
Project Management Body of Knowledge
Point-of-sale
Point-to-point Protocol over Ethernet
Probabilistic risk assessment
Public switched telephone network

CISM Acronyms Page 4

PVC
QA
RAID
ROI
ROSI
RPO
RRT
RSA
RTO
S/HTTP
SABSA
SCADA
SDLC
SDO
SEC
SIEM
SIM
SLA
SMART
SMF
SOP
SPI
SPICE
SPOC
SPOOL
SQL
SSH
SSL
SSO
TCO
TCP
TLS
UDP
USB
VAR
VoIP
VPN
XBRL

Permanent virtual circuit


Quality assurance
Redundant array of inexpensive disks
Return on investment
Return on security investment
Recovery point objective
Risk Reward Theorem/Tradeoff
Rivest, Shamir and Adleman (RSA stands for the initials of the developers
last names)
Recovery time objective
Secure Hypertext Transfer Protocol
Sherwood Applied Business Security Architecture
Supervisory Control and Data Acquisition
System development life cycle
Service delivery objective
Securities and Exchange Commission (USA)
Security information and event management
Security information management
Service level agreement
Specific, measurable, achievable, relevant, time-bound
System management facility
Standard operating procedure
Security Parameter Index
Software process improvement and capability determination
Single point of contact
Simultaneous peripheral operations online
Structured Query Language
Secure Shell
Secure Sockets Layer
Single sign-on
Total cost of ownership
Transmission Control Protocol
Transport layer security
User Datagram Protocol
Universal Serial Bus
Value at risk
Voice-over IP
Virtual private network
Extensible Business Reporting Language

You might also like