Cybersecurity Glossary

A prolonged and targeted cyber attack in which an intruder gains access to a network and remains undetected for an extended period to steal data.

The total number of points (attack vectors) where an unauthorised user can try to enter or extract data from a system.

The process of verifying the identity of a user, device, or system before granting access to resources.

The process of determining what permissions an authenticated user has and what resources they can access.

A group of security professionals responsible for defending an organisation's information systems against cyber attacks.

A team of experts that handles computer security incidents. Luxembourg has CIRCL (Computer Incident Response Center Luxembourg).

The three pillars of information security: Confidentiality (data is private), Integrity (data is accurate), and Availability (data is accessible when needed).

Computer Incident Response Center Luxembourg — the national CERT providing incident response, threat intelligence, and security services.

A team providing services and support to prevent, handle, and respond to computer security incidents.

A standardised list of publicly disclosed cybersecurity vulnerabilities, each identified by a unique ID (e.g. CVE-2024-1234).

An LCF engine that provides shared cybersecurity services and resources for the Luxembourg ecosystem.

An organisation's ability to continuously deliver intended outcomes despite adverse cyber events. Goes beyond prevention to include detection, response, and recovery.

An incident in which sensitive, protected, or confidential data is accessed, disclosed, or stolen by an unauthorised individual.

An LCF engine providing a secure, governed environment for sharing cybersecurity-relevant data sets among trusted participants.

An attack that overwhelms a target system with traffic from multiple sources, making it unavailable to legitimate users.

The collection, preservation, analysis, and presentation of digital evidence related to cyber incidents or crimes.

An EU regulation that establishes ICT risk management, incident reporting, and resilience testing requirements for financial entities.

The process of converting plaintext data into an unreadable format (ciphertext) using an algorithm and key, ensuring only authorised parties can read it.

Security solutions that monitor endpoint devices (laptops, servers) for suspicious activity and provide automated response capabilities.

European Union Agency for Cybersecurity — provides expertise and guidance on cybersecurity across EU member states.

A network security device or software that monitors and filters incoming and outgoing network traffic based on predefined security rules.

EU regulation on data protection and privacy that governs how personal data of individuals within the EU is collected, stored, and processed.

A mathematical function that converts input data into a fixed-size string of characters. Used for password storage, data integrity verification, and digital signatures.

The systematic approach to addressing and managing the aftermath of a security breach or cyber attack, with the goal of limiting damage and reducing recovery time.

Forensic artefacts that indicate a system has been breached, such as unusual network traffic, suspicious files, or unexpected system changes.

An international standard for information security management systems (ISMS), providing a framework for establishing, implementing, and continually improving information security.

A collaborative platform by the Luxembourg House of Cybersecurity (LHC) that provides shared services, data spaces, and innovation labs for the cybersecurity ecosystem.

The national agency driving cybersecurity development in Luxembourg through awareness, competence building, and ecosystem support.

Malicious software designed to damage, disrupt, or gain unauthorised access to computer systems. Includes viruses, worms, trojans, ransomware, and spyware.

A security method requiring two or more verification factors (something you know, have, or are) to access a resource.

Malware Information Sharing Platform — an open-source threat intelligence platform developed by CIRCL for sharing, storing, and correlating IoCs and threat data.

A knowledge base of adversary tactics, techniques, and procedures (TTPs) based on real-world observations, used for threat modelling and security assessments.

Luxembourg's national centre for cybersecurity competence, coordinating research, innovation, and capacity building.

EU directive establishing cybersecurity risk management and reporting obligations for essential and important entities across member states.

A set of guidelines and best practices published by the US National Institute of Standards and Technology to help organisations manage cybersecurity risk.

Intelligence gathered from publicly available sources such as websites, social media, public records, and news outlets for security analysis.

Authorised simulated attacks on a computer system to evaluate its security posture and identify vulnerabilities before malicious actors can exploit them.

A social engineering attack that uses deceptive emails, messages, or websites to trick users into revealing sensitive information or installing malware.

Cryptographic algorithms designed to be secure against attacks by both classical and quantum computers. A key research area of the LCF Quantum Lab.

A method of secure communication that uses quantum mechanics principles to create and distribute encryption keys, ensuring any eavesdropping is detectable.

An LCF engine dedicated to post-quantum cryptography research and quantum-safe security experimentation.

Malware that encrypts a victim's files and demands payment (ransom) for the decryption key to restore access.

Security professionals who simulate real-world adversaries to test an organisation's detection and response capabilities.

The process of identifying, analysing, and evaluating cybersecurity risks to determine their likelihood and potential impact on an organisation.

A system that aggregates and analyses security data from across an organisation's IT infrastructure to detect threats and support incident response.

A centralised facility where a team of security analysts monitors, detects, analyses, and responds to cybersecurity incidents around the clock.

Psychological manipulation techniques used to deceive people into divulging confidential information or performing actions that compromise security.

An attack that targets less-secure elements in a supply chain (e.g. third-party software, hardware components) to compromise a primary target.

Evidence-based knowledge about existing or emerging threats that can inform decisions about an organisation's response to those threats.

A set of labels (RED, AMBER+STRICT, AMBER, GREEN, CLEAR) used to indicate sharing boundaries for sensitive information within the cybersecurity community.

A weakness in a system, application, or process that could be exploited by a threat actor to gain unauthorised access or cause harm.

A previously unknown vulnerability that is exploited before the vendor has released a patch or fix. Called "zero-day" because the developer has had zero days to address it.

A security model based on the principle "never trust, always verify" — every access request is fully authenticated, authorised, and encrypted regardless of network location.