List of common cybersecurity terms

A prolonged, stealthy cyberattack in which an intruder gains access to a network and remains undetected for an extended period to steal sensitive data or disrupt critical operations.

A security measure that physically isolates critical systems or networks from unsecured networks to prevent unauthorized access or cyber attacks.

The identification of unusual patterns or behaviors in network traffic, system operations, or user activities that may indicate security threats or operational issues.

A physical security mechanism that provides evidence of unauthorized access or manipulation of critical equipment, enabling detection of compromise attempts.

The process of identifying and cataloging all devices, systems, and applications connected to a network, including previously unknown or shadow IT assets.

The normal operating patterns and network traffic characteristics established for systems and devices, used as a reference to identify deviations and anomalies.

A formal group responsible for reviewing, approving, and documenting changes to systems and configurations in accordance with organizational policy to maintain security and stability.

A documented set of specifications for a system or device that serves as a reference point for monitoring unauthorized changes and ensuring configuration management.

An integrated system combining computational elements with physical processes, where embedded computers monitor and control physical operations with feedback loops.

A hardware device that permits data to flow in only one direction, providing absolute physical isolation for critical systems while allowing unidirectional data transfer.

A network traffic analysis method that examines the data and header portions of packets to detect protocol non-compliance, malware, or policy violations.

Pre-configured credentials shipped with devices that pose significant security risks if unchanged, commonly exploited in OT environments and IoT devices.

A cybersecurity strategy that applies multiple layers of protective measures to ensure redundancy in case one control fails, essential for protecting critical infrastructure.

The ability to monitor, understand, and analyze all network activity, device communications, and data flows within an organization's IT and OT environments.

A control system used in industrial processes where control elements are distributed throughout the system rather than centralized, commonly found in manufacturing and critical infrastructure.

Network communications between servers, devices, or systems within a data center or network, as opposed to north-south traffic entering or leaving the network perimeter.

The examination of embedded software in devices to identify vulnerabilities, backdoors, or malicious code that could compromise industrial control systems.

A storage container meeting General Services Administration security standards for protecting sensitive materials, backup media, and cryptographic keys.

The user interface that connects operators to industrial control systems, allowing them to monitor processes and control equipment in OT environments.

Computer-based systems used to monitor and control industrial processes in critical infrastructure sectors including energy, water, manufacturing, and transportation.

A network buffer zone between IT and OT environments that provides controlled access and monitoring while protecting critical operational systems from direct exposure.

Specialized communication protocols designed for industrial automation and control systems, including Modbus, DNP3, Profinet, and EtherNet/IP.

A monitoring system that analyzes network traffic and system activities to detect potential security breaches, policy violations, or malicious activities.

The integration of Information Technology (IT) systems with Operational Technology (OT) systems, creating new security challenges and requiring unified visibility and protection.

A hardened intermediate system used to access and manage devices in secure network zones, providing a controlled entry point with logging and monitoring.

The technique attackers use to progressively move through a network, searching for critical assets and data after gaining initial access to a system.

A security principle of configuring systems to provide only essential capabilities, disabling unnecessary services, ports, and protocols to reduce attack surface.

A security technique that creates granular security zones within networks, allowing organizations to isolate workloads and apply tailored security policies to individual assets.

A security mechanism requiring two or more verification factors to grant access, combining something you know (password), something you have (token), or something you are (biometric).

A security solution that enforces policies to control which devices and users can access network resources, ensuring only authorized and compliant endpoints connect.

A documented understanding of normal network behavior, traffic patterns, and device communications used to identify deviations that may indicate security incidents.

The practice of dividing a network into smaller, isolated segments to contain potential breaches and limit unauthorized lateral movement between systems.

Hardware and software that monitors and controls physical devices, processes, and infrastructure in industrial environments, distinct from traditional IT systems.

A dedicated network channel separate from production traffic used for administrative access and management of critical infrastructure systems.

A surveillance camera allowing remote directional and zoom control for comprehensive monitoring coverage of critical infrastructure facilities and perimeters.

Non-intrusive observation of network traffic without actively sending packets, ideal for OT environments where network stability is critical.

Elevated permissions granted to users or accounts that allow administrative control over critical systems and data, requiring enhanced security controls and monitoring.

A specialized network dedicated to industrial automation and control systems, isolated from corporate IT networks to ensure operational reliability and security.

An industrial digital computer used to control manufacturing processes, machinery, and other automated systems in critical infrastructure environments.

The examination of industrial protocols and network communications to detect anomalies, unauthorized commands, or malicious activity in OT environments.

A reference architecture for industrial control system networks that defines hierarchical levels from physical processes to enterprise systems, guiding network segmentation strategies.

A microprocessor-controlled device that interfaces sensors and control equipment to a distributed control system, commonly used in SCADA systems.

Portable storage devices such as USB drives and external hard drives that can transfer data between systems and pose security risks including malware introduction and data exfiltration.

An approach to prioritizing security vulnerabilities based on potential business impact, exploitability, and asset criticality rather than severity scores alone.

An autonomous system designed to prevent or mitigate hazardous events by monitoring process conditions and taking corrective action to maintain safe operations.

Supervisory Control and Data Acquisition systems used to monitor and control geographically dispersed industrial processes in critical infrastructure sectors.

A comprehensive solution that aggregates and analyzes security data from multiple sources to detect threats, investigate incidents, and demonstrate compliance.

A secure area designed to prevent electronic eavesdropping and unauthorized access to classified information, meeting strict physical and technical security requirements.

Unauthorized or unknown devices, applications, and systems operating on networks without IT or OT teams' knowledge, creating security blind spots.

Authentication accounts used by multiple individuals, violating accountability principles and creating audit trail gaps that hinder incident investigation.

The individual responsible for the procurement, development, integration, modification, operation, and maintenance of a system and its security posture.

A discussion-based training session where team members walk through incident response procedures without activating actual systems, testing plans and coordination.

The process of identifying malicious activities, anomalies, or potential security incidents through continuous monitoring and analysis of network behavior.

The examination of network communication patterns, protocols, and data flows to identify normal behavior, detect anomalies, and uncover security threats.

A hardware-enforced data diode that allows information to flow in only one direction, protecting critical systems from external attacks while enabling monitoring.

A logical network segment that groups devices regardless of physical location, enabling network segmentation and isolation without additional hardware.

A systematic process of identifying, quantifying, and prioritizing security weaknesses in systems, applications, and network infrastructure.

A security approach that explicitly allows only approved applications, processes, or network connections to execute or communicate, blocking all others by default.

A previously unknown security flaw that attackers can exploit before vendors develop and release patches, posing significant risks to critical infrastructure.

A security model that assumes no user or device should be trusted by default, regardless of whether they reside inside or outside the network perimeter, requiring continuous verification.

A network architecture strategy that groups assets into zones based on function and criticality, with conduits controlling communications between zones according to IEC 62443 standards.