AO - Asset Owners
APEC - Asia-Pacific Economic Cooperation
ASIS - American Society for Industrial Security
ATO - Authorization To Operate
BAC - Board Audit Committee
BC - Business Continuity
BCR - Binding Corporate Rules
BLE - Business Line Executive
BM - Business Managers
BRC - Board Risk Committee
BSI - British Standards Institute
C&A - Certification & Accreditation
CA - Certification Agent
CAI - Confidentiality, Availability, Integrity
CC - Crisis Communication
CEO - Chief Executive Officer 
CFO - Chief Financial Officer
CGTF - Corporate Governance Task Force
CIO - Chief Information Officer
CISO - Chief Information Security Officer
CobIT - Control Objectives for Information and related Technology
CoE - Council of Europe
COO - Chief Operating Officer
CPO - Chief Privacy Officer
CRO - Chief Risk Officer
CSO - Chief Security Officer
DHS - Department of Homeland Security
DP - Data Protection
DR - Disaster Recovery
EA - External Audit
ECPA - Electronic Communications Privacy Act
EEA - Economic Espionage Act
ERM - Enterprise Risk Management
ESP - Enterprise Security Program
ESS - Enterprise Security Strategy
EU - European Union
FIPS - Federal Information Processing Standard
FISMA - Federal Information Security Management Act
FTC - Federal Trade Commission
GC - General Counsel
GLBA - Gramm-Leach-Bliley Act
HIPAA - Health Insurance Portability and Accountability Act
HR - Human Resources
IA - Internal Audit
IATO - Interim Authorization To Operate
IFAC - International Federation of Accountants
IIA - Institute of Internal Auditors
IR - Incident Response
ISACA - Information Systems Audit and Control Association
ISO - International Organization for Standardization
ISSA - Information Systems Security Association
IT - Information Technology
ITGI - IT Governance Institute
KPI - Key Performance Indicator
MLAT - Mutual Legal Assistance Treaty
NIST - National Institute of Standards and Technology
OCTAVE - Operationally Critical Threat, Asset, and Vulnerability Evaluation
OP - Operational Personnel
P6STNI - People, Products, Plants, Processes, Policies, Procedures, Systems, Technologies, Networks, and Information
PDA - Personal Digital Assistant
PIPEDA - Personal Information Protection and Electronics Document Act
PIA - Privacy Impact Assessment
PII - Personally Identifiable Information
PIV - Personal Identify Verification
POAM - Plans Of Action and Milestones
PR - Public Relations
RFID - Radio Frequency Identification
RMP - Risk Management Plan
ROI - Return On Investment
RTO - Recovery Time Objectives
SCADA - Supervisory Control And Data Acquisition
SDLC - System Development Life Cycle
SEC - Securities & Exchange Commission
SOD - Segregation Of Duties
SRMP - Security Risk Management Plan
USCCU - U.S. Cyber Consequences Unit
VOIP - Voice Over Internet Protocol
X-team - Cross organizational ESP team