Glossary
IT security, clearly explained.
The key terms around NIS2, cybersecurity and managed IT, short and without jargon.
- Backup & Disaster Recovery
- Regular, tested backups plus a plan to restore operations within a defined time after an outage or attack.
- DORA
- Digital Operational Resilience Act. EU regulation for digital operational resilience in the financial sector, including ICT risk management and third-party oversight.
- DSGVO
- The EU General Data Protection Regulation (GDPR). Governs the processing of personal data; violations can lead to substantial fines.
- EDR
- Endpoint Detection and Response. Monitors endpoints for suspicious behavior, detects attacks and enables a fast response right on the device.
- ISO 27001
- International standard for information security management systems (ISMS). It defines requirements to manage information security systematically.
- Managed IT
- The outsourced operation of IT by a provider: monitoring, maintenance, support and protection as an ongoing service.
- MFA
- Multi-factor authentication. Requires a second proof in addition to the password (e.g. app or token), stopping most account takeovers.
- NIS2
- EU directive on network and information security. It obliges affected companies to risk management, reporting duties and evidence; directors are personally liable.
- Patch-Management
- The controlled process of applying security updates to systems and software promptly and completely to close known gaps.
- Phishing
- An attempt to obtain credentials or smuggle in malware via faked messages. The most common entry point for attacks.
- Ransomware
- Malware that encrypts data and demands a ransom to release it. The most common existential cyber threat for small and mid-sized companies.
- SIEM
- Security Information and Event Management. Collects and correlates log and security data from many sources to surface attacks.
- SOC
- Security Operations Center. The team and technology that monitor an IT environment around the clock, detect threats and respond to incidents.
- Vulnerability Management
- The ongoing identification, assessment and remediation of vulnerabilities in the IT environment, prioritized by risk.
- XDR
- Extended Detection and Response. Extends EDR beyond endpoints to network, identity and cloud for joined-up detection.
- Zero Trust
- Security model following the principle of never trust, always verify. Every access is checked, regardless of whether it comes from the internal network.